diff options
Diffstat (limited to 'tests/tls13/post-handshake-with-cert.c')
-rw-r--r-- | tests/tls13/post-handshake-with-cert.c | 68 |
1 files changed, 61 insertions, 7 deletions
diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c index 39565de6d2..d24e06db70 100644 --- a/tests/tls13/post-handshake-with-cert.c +++ b/tests/tls13/post-handshake-with-cert.c @@ -70,6 +70,7 @@ static void client_log_func(int level, const char *str) } #define MAX_BUF 1024 +#define MAX_APP_DATA 3 static void client(int fd, unsigned send_cert, unsigned max_auths) { @@ -77,7 +78,7 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; char buf[64]; - unsigned i; + unsigned i, j; global_init(); @@ -105,8 +106,6 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) GNUTLS_X509_FMT_PEM)>=0); } - /* put the anonymous credentials to the current session - */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); @@ -124,7 +123,12 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) if (debug) success("client handshake completed\n"); + gnutls_record_set_timeout(session, 20 * 1000); + for (i=0;i<max_auths;i++) { + if (debug) + success("waiting for auth nr %d\n", i); + do { ret = gnutls_record_recv(session, buf, sizeof(buf)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); @@ -133,6 +137,17 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) fail("recv: unexpected error: %s\n", gnutls_strerror(ret)); } + /* send application data to check if server tolerates them */ + if (i==0) { + for (j=0;j<MAX_APP_DATA;j++) { + memset(buf, j, sizeof(buf)); + do { + ret = gnutls_record_send(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + assert(ret>=0); + } + } + if (debug) success("received reauth request\n"); do { @@ -194,7 +209,7 @@ static void server(int fd, int err, int type, unsigned max_auths) char buffer[MAX_BUF + 1]; gnutls_session_t session; gnutls_certificate_credentials_t x509_cred; - unsigned i; + unsigned i, retries; /* this must be called once in the program */ @@ -203,7 +218,7 @@ static void server(int fd, int err, int type, unsigned max_auths) if (debug) { gnutls_global_set_log_function(server_log_func); - gnutls_global_set_log_level(4711); + gnutls_global_set_log_level(6); } gnutls_certificate_allocate_credentials(&x509_cred); @@ -234,6 +249,11 @@ static void server(int fd, int err, int type, unsigned max_auths) if (ret != 0) fail("handshake failed: %s\n", gnutls_strerror(ret)); + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + if (client_hello_ok == 0) { fail("server: did not verify the client hello\n"); } @@ -247,7 +267,40 @@ static void server(int fd, int err, int type, unsigned max_auths) gnutls_certificate_server_set_request(session, type); - for (i=0;i<max_auths;i++) { + /* i = 0 */ + /* ask peer for re-authentication */ + retries = 0; + do { + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == GNUTLS_E_GOT_APPLICATION_DATA) { + int ret2; + do { + ret2 = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret2 == GNUTLS_E_AGAIN || ret2 == GNUTLS_E_INTERRUPTED); + + if (ret2 < 0) + fail("error receiving app data: %s\n", gnutls_strerror(ret2)); + + /* sender memsets the message with the retry attempt */ + assert((uint8_t)buffer[0] == retries); + assert(retries < MAX_APP_DATA); + } + + retries++; + } while (ret == GNUTLS_E_GOT_APPLICATION_DATA); + + if (err) { + if (ret != err) + fail("server: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + + for (i=1;i<max_auths;i++) { /* ask peer for re-authentication */ do { ret = gnutls_reauth(session, 0); @@ -274,7 +327,7 @@ static void server(int fd, int err, int type, unsigned max_auths) static void ch_handler(int sig) { - int status; + int status = 0; wait(&status); check_wait_status(status); return; @@ -293,6 +346,7 @@ void start(const char *name, int err, int type, unsigned max_auths, unsigned sen server_hello_ok = 0; signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { |