diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-13 09:16:29 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-13 09:19:31 +0100 |
| commit | 8679fc11fee10a41b12e465ffd415514c2e9286b (patch) | |
| tree | f225943a336a07ded3679fdd7758624f2274419b /src | |
| parent | b7c3ea2927cc506ff234bc7c710b23acbae6f20a (diff) | |
| download | gnutls-8679fc11fee10a41b12e465ffd415514c2e9286b.tar.gz | |
added check for servers that disallow the SSL 3.0 record version
Diffstat (limited to 'src')
| -rw-r--r-- | src/cli-debug.c | 1 | ||||
| -rw-r--r-- | src/tests.c | 26 | ||||
| -rw-r--r-- | src/tests.h | 1 |
3 files changed, 27 insertions, 1 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index 44b7c10028..d811870703 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -85,6 +85,7 @@ static const TLS_TEST tls_tests[] = { {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"}, {"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"}, + {"for TLS 1.0 (RFC2246) support with TLS 1.0 record version", test_tls1_nossl3, "yes", "no", "dunno"}, {"for TLS 1.1 (RFC4346) support", test_tls1_1, "yes", "no", "dunno"}, {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed", diff --git a/src/tests.c b/src/tests.c index 4b11c48c64..bc654a08f4 100644 --- a/src/tests.c +++ b/src/tests.c @@ -664,7 +664,7 @@ test_code_t test_tls1(gnutls_session_t session) sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest); + ":+VERS-TLS1.0:%%SSL3_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct(session, prio_str); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -677,6 +677,30 @@ test_code_t test_tls1(gnutls_session_t session) } +test_code_t test_tls1_nossl3(gnutls_session_t session) +{ + int ret; + + if (tls1_ok != 0) + return TEST_IGNORE; + + sprintf(prio_str, + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.0:%%LATEST_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest); + _gnutls_priority_set_direct(session, prio_str); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + ret = do_handshake(session); + if (ret == TEST_SUCCEED) { + strcat(rest, ":%LATEST_RECORD_VERSION"); + tls1_ok = 1; + } + + return ret; + +} + test_code_t test_record_padding(gnutls_session_t session) { int ret; diff --git a/src/tests.h b/src/tests.h index 34dd7d7c7c..63c60a54c6 100644 --- a/src/tests.h +++ b/src/tests.h @@ -38,6 +38,7 @@ test_code_t test_sha(gnutls_session_t state); test_code_t test_3des(gnutls_session_t state); test_code_t test_arcfour(gnutls_session_t state); test_code_t test_tls1(gnutls_session_t state); +test_code_t test_tls1_nossl3(gnutls_session_t session); test_code_t test_safe_renegotiation(gnutls_session_t state); test_code_t test_ext_master_secret(gnutls_session_t state); test_code_t test_etm(gnutls_session_t state); |