From 846b05e80b642f1a37a8a4d7e17b4a533c3654d5 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 22 Sep 2016 09:54:12 +0200 Subject: tests: added check for client-side DSA key This checks whether a client can use and send a DSA key, even if DSA is not enabled (which should prohibit the server from providing a DSA certificate). --- tests/client_dsa_key.c | 109 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 tests/client_dsa_key.c (limited to 'tests/client_dsa_key.c') diff --git a/tests/client_dsa_key.c b/tests/client_dsa_key.c new file mode 100644 index 0000000000..a1bfb85f3e --- /dev/null +++ b/tests/client_dsa_key.c @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for correct operation when a client uses a DSA key when the server + * has DSA signatures enabled but not the client. + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t serv_cred; + gnutls_certificate_credentials_t cli_cred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&cli_cred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(cli_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_certificate_set_x509_key_mem(cli_cred, &clidsa_ca3_cert, + &clidsa_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* test gnutls_certificate_flags() */ + gnutls_certificate_allocate_credentials(&serv_cred); + gnutls_certificate_set_flags(serv_cred, GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH); + + ret = gnutls_certificate_set_x509_trust_mem(serv_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem(serv_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + test_cli_serv_cert(serv_cred, cli_cred, "NORMAL:+DHE-DSS:+SIGN-DSA-SHA1", "NORMAL:-DHE-DSS:-SIGN-DSA-SHA1", "localhost"); + + gnutls_certificate_free_credentials(serv_cred); + gnutls_certificate_free_credentials(cli_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} -- cgit v1.2.1