From d4d8f4ae0638351412936c38ba684dd07b8b0668 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 4 Jul 2017 16:12:26 +0200 Subject: tlsfuzzer: enabled ALPN tests Signed-off-by: Nikos Mavrogiannopoulos --- tests/suite/Makefile.am | 2 +- tests/suite/tls-fuzzer/gnutls-alpn.json | 20 +++++++++ tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh | 71 +++++++++++++++++++++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 tests/suite/tls-fuzzer/gnutls-alpn.json create mode 100755 tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 233e6545ff..3a03f95215 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -92,7 +92,7 @@ EXTRA_DIST += testcompat-main-polarssl testcompat-main-openssl testcompat-common nodist_check_SCRIPTS = testsrn.sh chain.sh invalid-cert.sh \ testrng.sh testcompat-polarssl.sh testcompat-openssl.sh \ testrandom.sh pkcs7-cat certtool-pkcs11.sh tls-fuzzer/tls-fuzzer-nocert.sh \ - tls-fuzzer/tls-fuzzer-cert.sh + tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh if ENABLE_PKCS11 nodist_check_SCRIPTS += testpkcs11.sh crl-test diff --git a/tests/suite/tls-fuzzer/gnutls-alpn.json b/tests/suite/tls-fuzzer/gnutls-alpn.json new file mode 100644 index 0000000000..e6da53d51e --- /dev/null +++ b/tests/suite/tls-fuzzer/gnutls-alpn.json @@ -0,0 +1,20 @@ +[ + {"server_command": ["@SERVER@", "--http", + "--x509keyfile", "tests/serverX509Key.pem", + "--x509certfile", "tests/serverX509Cert.pem", + "--debug=3", + "--alpn=http/1.1", + "--alpn=http/2", + "--alpn-fatal", + "--priority=@PRIORITY@", + "--disable-client-cert", "--port=@PORT@"], + "tests" : [ + {"name" : "test-alpn-negotiation.py", + "comment" : "we do not not fail when ALPN name changes on resumption", + "comment" : "we do not not parse all objects when a match is found", + "arguments" : ["-e", "overflow length of last item", + "-e", "resumption with alpn change", + "-e", "underflow length of protocol_name_list"]} + ] + } +] diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh new file mode 100755 index 0000000000..ba4a529c8f --- /dev/null +++ b/tests/suite/tls-fuzzer/tls-fuzzer-alpn.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Copyright (C) 2016-2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +SERV="../../../../src/gnutls-serv${EXEEXT}" +CLI="../../../../src/gnutls-cli${EXEEXT}" + +OUTFILE=tls-fuzzer.debug.log +TMPFILE=tls-fuzzer.$$.tmp + +. "${srcdir}/../scripts/common.sh" + +#eval "${GETPORT}" +PORT=4433 + +$LOCKFILE + +pushd tls-fuzzer + +if ! test -d tlsfuzzer;then + exit 77 +fi + +rm -f "$OUTFILE" + +pushd tlsfuzzer +test -L ecdsa || ln -s ../python-ecdsa/src/ecdsa ecdsa +test -L tlslite || ln -s ../tlslite-ng/tlslite tlslite 2>/dev/null + +wait_for_free_port $PORT + +retval=0 + +PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" +${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 +if test $? != 0;then + PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" +fi + +TLS_PY=./tlslite-ng/scripts/tls.py +#TLS_PY=$(which tls.py) + +sed -e "s|@SERVER@|$SERV|g" -e "s/@PORT@/$PORT/g" -e "s/@PRIORITY@/$PRIORITY/g" ../gnutls-alpn.json >${TMPFILE} + +PYTHONPATH=. python tests/scripts_retention.py ${TMPFILE} ${SERV} +retval=$? + +rm -f ${TMPFILE} + +popd +popd + +$UNLOCKFILE +exit $retval -- cgit v1.2.1