diff options
| author | Daniel Lenski <dlenski@gmail.com> | 2020-03-22 19:01:55 -0700 |
|---|---|---|
| committer | Daniel Lenski <dlenski@gmail.com> | 2020-03-22 19:08:16 -0700 |
| commit | f64a95e0ffa2e10b6e1eafcd4e76f934fd785ce7 (patch) | |
| tree | 3cf02c1f1cbba5c857c937bca0c9657747807a7d | |
| parent | 2fad80f5ac10e4d70a8caf31c6e935cab25a146c (diff) | |
| download | gnutls-f64a95e0ffa2e10b6e1eafcd4e76f934fd785ce7.tar.gz | |
add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL 3.0)
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
| -rw-r--r-- | src/cli-debug.c | 7 | ||||
| -rw-r--r-- | src/tests.c | 34 | ||||
| -rw-r--r-- | src/tests.h | 2 |
3 files changed, 42 insertions, 1 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index 06e47fd55e..ece03a2729 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -85,15 +85,20 @@ static const TLS_TEST tls_tests[] = { test_send_record_with_allow_small_records, "yes", "no", "dunno"}, #ifdef ENABLE_SSL3 {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"}, + {"for SSL 3.0 with extensions", test_ssl3_with_extensions, "yes", "no", "dunno"}, + {"for SSL 3.0 with cipher suites not in SSL 3.0 spec", + test_ssl3_unknown_ciphersuites, "yes", "no", "dunno"}, +#endif /* The following tests will disable TLS 1.x if the server is * buggy */ -#endif {"whether we need to disable TLS 1.2", test_tls_disable2, "no", "yes", "dunno"}, {"whether we need to disable TLS 1.1", test_tls_disable1, "no", "yes", "dunno"}, {"whether we need to disable TLS 1.0", test_tls_disable0, "no", "yes", "dunno"}, + /* The following test will disable extensions if the server + * is buggy */ {"whether %NO_EXTENSIONS is required", test_no_extensions, "no", "yes", "dunno"}, {"whether %COMPAT is required", test_record_padding, "no", "yes", diff --git a/src/tests.c b/src/tests.c index 1062b3c168..8cc06347c1 100644 --- a/src/tests.c +++ b/src/tests.c @@ -624,6 +624,40 @@ test_code_t test_ssl3(gnutls_session_t session) return ret; } +test_code_t test_ssl3_with_extensions(gnutls_session_t session) +{ + int ret; + sprintf(prio_str, INIT_STR + SSL3_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:" + SSL3_MACS ":" SSL3_KX ":%s", rest); + _gnutls_priority_set_direct(session, prio_str); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = test_do_handshake(session); + if (ret == TEST_SUCCEED) + ssl3_ok = 1; + + return ret; +} + +test_code_t test_ssl3_unknown_ciphersuites(gnutls_session_t session) +{ + int ret; + sprintf(prio_str, INIT_STR + ALL_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:%%NO_EXTENSIONS:" + ALL_MACS ":" ALL_KX ":%s", rest); + _gnutls_priority_set_direct(session, prio_str); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = test_do_handshake(session); + if (ret == TEST_SUCCEED) + ssl3_ok = 1; + + return ret; +} + static int alrm = 0; static void got_alarm(int k) { diff --git a/src/tests.h b/src/tests.h index a8326019ca..d9721a70e2 100644 --- a/src/tests.h +++ b/src/tests.h @@ -36,6 +36,8 @@ test_code_t test_dhe(gnutls_session_t state); test_code_t test_rfc7919(gnutls_session_t state); test_code_t test_dhe_group(gnutls_session_t state); test_code_t test_ssl3(gnutls_session_t state); +test_code_t test_ssl3_with_extensions(gnutls_session_t state); +test_code_t test_ssl3_unknown_ciphersuites(gnutls_session_t state); test_code_t test_aes(gnutls_session_t state); test_code_t test_camellia_cbc(gnutls_session_t state); test_code_t test_camellia_gcm(gnutls_session_t state); |