diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-13 09:04:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-13 11:09:13 +0200 |
commit | 16939ac38c98befa94d6dd6d78130bab5cbb1167 (patch) | |
tree | e0607163e0f367d37de2260584186c621cde6d75 | |
parent | 2d211c1d1da172c5c5806d97c98291432d400422 (diff) | |
download | gnutls-16939ac38c98befa94d6dd6d78130bab5cbb1167.tar.gz |
tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | tests/suite/Makefile.am | 1 | ||||
-rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json | 28 | ||||
-rw-r--r-- | tests/suite/tls-fuzzer/gnutls-nocert.json | 18 |
3 files changed, 37 insertions, 10 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 97757e0f00..fdc878bf73 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -107,6 +107,7 @@ TESTS_ENVIRONMENT += ENABLE_NON_SUITEB_CURVES=1 endif if ENABLE_SSL3 +scripts_to_test += tls-fuzzer/tls-fuzzer-nocert-ssl3.sh TESTS_ENVIRONMENT += ENABLE_SSL3=1 endif diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json new file mode 100644 index 0000000000..9bf3fa20f1 --- /dev/null +++ b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json @@ -0,0 +1,28 @@ +[ + {"server_command": ["@SERVER@", "--http", + "--x509keyfile", "tests/serverX509Key.pem", + "--x509certfile", "tests/serverX509Cert.pem", + "--x509keyfile", "../../../certs/ecc256.pem", + "--x509certfile", "../../../certs/cert-ecc256.pem", + "--debug=3", + "--noticket", + "--priority=@PRIORITY@", + "--disable-client-cert", "--port=@PORT@"], + "server_hostname": "localhost", + "server_port": @PORT@, + "tests" : [ + {"name" : "test-SSLv3-padding.py", + "comment" : "we accept zero filled padding in SSLv3", + "exp_pass" : false, + "arguments": ["-p", "@PORT@"] + }, + {"name" : "test-export-ciphers-rejected.py", + "comment" : "we negotiate AES even in SSL3.0", + "arguments" : ["--ssl3", "-p", "@PORT@"] }, + {"name" : "test-client-compatibility.py", + "arguments" : ["-p", "@PORT@", "18: IE 6 on XP", + "52: YandexBot 3.0 on unknown", + "100: IE 6 on XP"]} + ] + } +] diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index 8019db5af1..c69ecfaf7e 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -20,9 +20,9 @@ "ext padding, 65367 bytes"]}, {"name" : "test-large-hello.py", "arguments" : - ["multiple extensions 9212", - "multiple extensions 1", - "multiple extensions 16353"]}, + ["multiple extensions 9212", + "multiple extensions 1", + "multiple extensions 16353"]}, {"name" : "test-large-hello.py", "comment" : "These tests rely on fragmenting the first bytes of the handshake header. Gnutls is limited on that, and doesn't accept handshake header fragmentation.", "arguments" : @@ -66,7 +66,10 @@ "arguments" : ["-n", "20"] }, {"name" : "test-clienthello-md5.py"}, - {"name" : "test-client-compatibility.py"}, + {"name" : "test-client-compatibility.py", + "arguments" : ["-e", "18: IE 6 on XP", + "-e", "52: YandexBot 3.0 on unknown", + "-e", "100: IE 6 on XP"]}, {"name" : "test-conversation.py"}, {"name" : "test-client-hello-max-size.py", "comment" : "FIXME: we fail with: Handshake buffer length is 131400 (max: 131072)", @@ -94,9 +97,7 @@ {"name" : "test-ecdhe-rsa-key-exchange.py"}, {"name" : "test-ecdhe-rsa-key-exchange-with-bad-messages.py"}, {"name" : "test-empty-extensions.py"}, - {"name" : "test-export-ciphers-rejected.py", - "comment" : "we negotiate AES even in SSL3.0", - "arguments" : ["--ssl3"] }, + {"name" : "test-export-ciphers-rejected.py"}, {"name" : "test-extensions.py"}, {"name" : "test-extended-master-secret-extension.py", "comment" : "gnutls does not allow switching from EMS to no EMS, and w/ECDHE test is incomplete", @@ -150,9 +151,6 @@ {"name" : "test-sslv2-force-cipher.py"}, {"name" : "test-sslv2-force-export-cipher.py"}, {"name" : "test-sslv2hello-protocol.py"}, - {"name" : "test-SSLv3-padding.py", - "comment" : "we accept zero filled padding in SSLv3", - "exp_pass" : false}, {"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py"}, {"name" : "test-truncating-of-client-hello.py" }, {"name" : "test-truncating-of-finished.py"}, |