summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/suite/tls-fuzzer/gnutls-nocert.json19
m---------tests/suite/tls-fuzzer/tlsfuzzer0
-rw-r--r--tests/tls-neg-ext4-key.c2
-rw-r--r--tests/tls12-ffdhe.c2
4 files changed, 17 insertions, 6 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index e25b6b3613..9a734fef57 100644
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -93,7 +93,8 @@
{"name" : "test-ffdhe-negotiation.py" ,
"comment" : ["we don't prefer DHE over RSA if RSA is preferred by peer"],
"arguments" : ["-p", "@PORT@",
- "-e", "Check if DHE preferred"]},
+ "-e", "Check if DHE preferred",
+ "--alert", "handshake_failure"]},
{"name" : "test-cve-2016-2107.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-dhe-key-share-random.py",
@@ -273,7 +274,10 @@
"-e", "Protocol (3, 2) with x448 group",
"-n", "4"]},
{"name" : "test-sig-algs.py",
- "arguments" : ["-p", "@PORT@"] },
+ "arguments" : ["-p", "@PORT@",
+ "-e", "rsa_pss_pss_sha256 only",
+ "-e", "rsa_pss_pss_sha384 only",
+ "-e", "rsa_pss_pss_sha512 only"] },
{"name" : "test-signature-algorithms.py",
"comment" : "gnutls doesn't handle well duplicated sign algorithms; this is not an issue in practice",
"arguments" : ["-p", "@PORT@",
@@ -295,11 +299,18 @@
{"name" : "test-sslv2-force-export-cipher.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-sslv2hello-protocol.py",
- "arguments" : ["-p", "@PORT@"] },
+ "comment" : "https://gitlab.com/gnutls/gnutls/issues/771",
+ "arguments" : ["-p", "@PORT@", "--no-ssl2",
+ "-e", "Empty SSLv2 record - type 0",
+ "-e", "Empty SSLv2 record - type 1",
+ "-e", "Just version in SSLv2 hello",
+ "-e", "SSLv2 Client Hello"] },
{"name" : "test-TLSv1_2-rejected-without-TLSv1_2.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-truncating-of-client-hello.py",
- "arguments" : ["-p", "@PORT@"] },
+ "comment" : "https://gitlab.com/gnutls/gnutls/issues/771",
+ "arguments" : ["-p", "@PORT@",
+ "-e", "max pad: 16777167 of \"0\" byte padding"] },
{"name" : "test-truncating-of-finished.py",
"arguments" : ["-p", "@PORT@"] },
{"name" : "test-truncating-of-kRSA-client-key-exchange.py",
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
-Subproject 13479e5a44bc10e3577fc28b921c5b999a363ce
+Subproject 79936b86187ca48ced7c40b9b1a3872386c3f56
diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c
index 1adc65b93a..3d9db855ba 100644
--- a/tests/tls-neg-ext4-key.c
+++ b/tests/tls-neg-ext4-key.c
@@ -451,7 +451,7 @@ static const test_st tests[] = {
.key = &server_ca3_rsa_pss_key,
.sig = GNUTLS_SIGN_RSA_SHA256,
.exp_kx = GNUTLS_KX_ECDHE_RSA,
- .exp_serv_err = GNUTLS_E_INSUFFICIENT_SECURITY
+ .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES
},
{.name = "tls1.3 rsa-pss cert, rsa-sign key, downgrade to tls1.2", /* we expect the server to downgrade to TLS 1.2 and refuse negotiating */
.pk = GNUTLS_PK_RSA,
diff --git a/tests/tls12-ffdhe.c b/tests/tls12-ffdhe.c
index d68452147a..8a0555dcb3 100644
--- a/tests/tls12-ffdhe.c
+++ b/tests/tls12-ffdhe.c
@@ -344,7 +344,7 @@ test_case_st tests[] = {
{
.name = "TLS 1.2 DHE-RSA (incompatible options)",
.client_ret = GNUTLS_E_AGAIN,
- .server_ret = GNUTLS_E_INSUFFICIENT_SECURITY,
+ .server_ret = GNUTLS_E_NO_CIPHER_SUITES,
.have_cert_cred = 1,
.have_rsa_sign_cert = 1,
.server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192",
View Lorry Controller Status