diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-25 11:47:56 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-28 10:39:58 +0100 |
| commit | e2e686e91ca3d39c37a2c3c56aba8efc0eb328e9 (patch) | |
| tree | fa5e87ba225121b521fbe4c19f68a692a4426427 | |
| parent | b7b69d763985a2a29d6e9a92354cf9a5513e02a8 (diff) | |
| download | gnutls-e2e686e91ca3d39c37a2c3c56aba8efc0eb328e9.tar.gz | |
gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required
| -rw-r--r-- | src/cli-debug.c | 4 | ||||
| -rw-r--r-- | src/tests.c | 65 | ||||
| -rw-r--r-- | src/tests.h | 2 |
3 files changed, 51 insertions, 20 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index 5bc55241ee..fa0c087c5e 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -82,6 +82,8 @@ typedef struct { static const TLS_TEST tls_tests[] = { {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"}, + {"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes", + "dunno"}, {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"}, {"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"}, @@ -105,8 +107,6 @@ static const TLS_TEST tls_tests[] = { {"for certificate information", test_certificate, NULL, "", ""}, {"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"}, {"for trusted CAs", test_server_cas, NULL, "", ""}, - {"whether Hello Extensions are accepted", - test_hello_extension, "yes", "no", "dunno"}, {"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes", "no", "dunno"}, {"for Safe renegotiation support (SCSV)", diff --git a/src/tests.c b/src/tests.c index 886f9decdf..e6b3834ea7 100644 --- a/src/tests.c +++ b/src/tests.c @@ -51,6 +51,7 @@ extern gnutls_certificate_credentials_t xcred; extern unsigned int verbose; const char *ext_text = ""; +int tls_ext_ok = 1; int tls1_ok = 0; int ssl3_ok = 0; int tls1_1_ok = 0; @@ -204,6 +205,9 @@ test_code_t test_ecdhe(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, @@ -227,6 +231,9 @@ test_code_t test_safe_renegotiation(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s:%%SAFE_RENEGOTIATION", rest, protocol_str); @@ -244,6 +251,9 @@ test_code_t test_ocsp_status(gnutls_session_t session) int ret; gnutls_datum_t resp; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX":%s", protocol_str, rest); @@ -270,6 +280,9 @@ test_code_t test_etm(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":%s:" ALL_KX, rest, protocol_str); @@ -292,6 +305,9 @@ test_code_t test_ext_master_secret(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":%s:" ALL_KX, rest, protocol_str); @@ -564,6 +580,9 @@ test_code_t test_openpgp1(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); @@ -751,6 +770,28 @@ test_code_t test_record_padding(gnutls_session_t session) return ret; } +test_code_t test_no_extensions(gnutls_session_t session) +{ + int ret; + + sprintf(prio_str, + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + _gnutls_priority_set_direct(session, prio_str); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_record_set_max_size(session, 4096); + + ret = do_handshake(session); + if (ret == TEST_SUCCEED) { + tls_ext_ok = 1; + } else { + tls_ext_ok = 0; + strcat(rest, ":%NO_EXTENSIONS"); + } + + return ret; +} + test_code_t test_tls1_2(gnutls_session_t session) { int ret; @@ -960,6 +1001,10 @@ test_code_t test_rsa_pms(gnutls_session_t session) test_code_t test_max_record_size(gnutls_session_t session) { int ret; + + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); @@ -978,25 +1023,11 @@ test_code_t test_max_record_size(gnutls_session_t session) return TEST_FAILED; } -test_code_t test_hello_extension(gnutls_session_t session) -{ - int ret; - - sprintf(prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); - _gnutls_priority_set_direct(session, prio_str); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_record_set_max_size(session, 4096); - - ret = do_handshake(session); - - - return ret; -} - test_code_t test_heartbeat_extension(gnutls_session_t session) { + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); diff --git a/src/tests.h b/src/tests.h index a232c146b8..335292957b 100644 --- a/src/tests.h +++ b/src/tests.h @@ -25,7 +25,7 @@ typedef enum { test_code_t test_chain_order(gnutls_session_t session); test_code_t test_server(gnutls_session_t state); test_code_t test_record_padding(gnutls_session_t state); -test_code_t test_hello_extension(gnutls_session_t state); +test_code_t test_no_extensions(gnutls_session_t state); test_code_t test_heartbeat_extension(gnutls_session_t state); test_code_t test_small_records(gnutls_session_t state); test_code_t test_dhe(gnutls_session_t state); |