summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2003-02-25 21:39:53 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2003-02-25 21:39:53 +0000
commit9459f247cb80debfdecc12675d8e21c3c9c4e508 (patch)
tree1c6d86907113e09cc58a7ec36c4ab345f1dfa719
parentea38531beb3463b4df19af58ee484ca2f2a6c1c9 (diff)
downloadgnutls-9459f247cb80debfdecc12675d8e21c3c9c4e508.tar.gz
Added option to disable all TLS 1.0 extensions.
-rw-r--r--src/cli-gaa.c129
-rw-r--r--src/cli-gaa.h54
-rw-r--r--src/cli.c10
-rw-r--r--src/cli.gaa5
-rw-r--r--src/tests.c2
-rw-r--r--src/tls_test.c4
6 files changed, 113 insertions, 91 deletions
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 81ab6de58f..05257dc33c 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -132,6 +132,7 @@ void gaa_help(void)
__gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF.");
__gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates");
__gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key.");
+ __gaa_helpsingle(0, "disable-extensions", "", "Disable all the TLS extensions.");
__gaa_helpsingle(0, "xml", "", "Print the certificate information in XML format.");
__gaa_helpsingle('p', "port", "integer ", "The port to connect to.");
__gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize.");
@@ -169,58 +170,60 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 100 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 90 "cli.gaa"
+#line 93 "cli.gaa"
char *srp_passwd;
-#line 87 "cli.gaa"
+#line 90 "cli.gaa"
char *srp_username;
-#line 84 "cli.gaa"
+#line 87 "cli.gaa"
char *x509_certfile;
-#line 81 "cli.gaa"
+#line 84 "cli.gaa"
char *x509_keyfile;
-#line 78 "cli.gaa"
+#line 81 "cli.gaa"
char *pgp_certfile;
-#line 75 "cli.gaa"
+#line 78 "cli.gaa"
char *pgp_trustdb;
-#line 72 "cli.gaa"
+#line 75 "cli.gaa"
char *pgp_keyring;
-#line 69 "cli.gaa"
+#line 72 "cli.gaa"
char *pgp_keyfile;
-#line 66 "cli.gaa"
+#line 69 "cli.gaa"
char *x509_crlfile;
-#line 63 "cli.gaa"
+#line 66 "cli.gaa"
char *x509_cafile;
-#line 60 "cli.gaa"
+#line 63 "cli.gaa"
char **ctype;
-#line 59 "cli.gaa"
+#line 62 "cli.gaa"
int nctype;
-#line 56 "cli.gaa"
+#line 59 "cli.gaa"
char **kx;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
int nkx;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
char **macs;
-#line 51 "cli.gaa"
+#line 54 "cli.gaa"
int nmacs;
-#line 48 "cli.gaa"
+#line 51 "cli.gaa"
char **comp;
-#line 47 "cli.gaa"
+#line 50 "cli.gaa"
int ncomp;
-#line 44 "cli.gaa"
+#line 47 "cli.gaa"
char **proto;
-#line 43 "cli.gaa"
+#line 46 "cli.gaa"
int nproto;
-#line 40 "cli.gaa"
+#line 43 "cli.gaa"
char **ciphers;
-#line 39 "cli.gaa"
+#line 42 "cli.gaa"
int nciphers;
-#line 35 "cli.gaa"
+#line 38 "cli.gaa"
int record_size;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
int port;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
int xml;
+#line 29 "cli.gaa"
+ int disable_extensions;
#line 26 "cli.gaa"
int fingerprint;
#line 23 "cli.gaa"
@@ -285,7 +288,7 @@ int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 28
+#define GAA_NB_OPTION 29
#define GAAOPTID_copyright 1
#define GAAOPTID_version 2
#define GAAOPTID_help 3
@@ -309,11 +312,12 @@ int gaa_error = 0;
#define GAAOPTID_recordsize 21
#define GAAOPTID_port 22
#define GAAOPTID_xml 23
-#define GAAOPTID_fingerprint 24
-#define GAAOPTID_x509fmtder 25
-#define GAAOPTID_crlf 26
-#define GAAOPTID_starttls 27
-#define GAAOPTID_resume 28
+#define GAAOPTID_disable_extensions 24
+#define GAAOPTID_fingerprint 25
+#define GAAOPTID_x509fmtder 26
+#define GAAOPTID_crlf 27
+#define GAAOPTID_starttls 28
+#define GAAOPTID_resume 29
#line 168 "gaa.skel"
@@ -669,6 +673,7 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("h", GAAOPTID_help);
GAA_CHECK1STR("l", GAAOPTID_list);
GAA_CHECK1STR("", GAAOPTID_xml);
+ GAA_CHECK1STR("", GAAOPTID_disable_extensions);
GAA_CHECK1STR("f", GAAOPTID_fingerprint);
GAA_CHECK1STR("", GAAOPTID_x509fmtder);
GAA_CHECK1STR("", GAAOPTID_crlf);
@@ -701,6 +706,7 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("recordsize", GAAOPTID_recordsize);
GAA_CHECKSTR("port", GAAOPTID_port);
GAA_CHECKSTR("xml", GAAOPTID_xml);
+ GAA_CHECKSTR("disable-extensions", GAAOPTID_disable_extensions);
GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint);
GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
GAA_CHECKSTR("crlf", GAAOPTID_crlf);
@@ -758,28 +764,28 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
{
case GAAOPTID_copyright:
OK = 0;
-#line 98 "cli.gaa"
+#line 101 "cli.gaa"
{ print_license(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_version:
OK = 0;
-#line 97 "cli.gaa"
+#line 100 "cli.gaa"
{ cli_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 95 "cli.gaa"
+#line 98 "cli.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 94 "cli.gaa"
+#line 97 "cli.gaa"
{ print_list(); exit(0); ;};
return GAA_OK;
@@ -789,7 +795,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1);
gaa_index++;
-#line 91 "cli.gaa"
+#line 94 "cli.gaa"
{ gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
return GAA_OK;
@@ -799,7 +805,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1);
gaa_index++;
-#line 88 "cli.gaa"
+#line 91 "cli.gaa"
{ gaaval->srp_username = GAATMP_srpusername.arg1 ;};
return GAA_OK;
@@ -809,7 +815,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1);
gaa_index++;
-#line 85 "cli.gaa"
+#line 88 "cli.gaa"
{ gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
return GAA_OK;
@@ -819,7 +825,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1);
gaa_index++;
-#line 82 "cli.gaa"
+#line 85 "cli.gaa"
{ gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
return GAA_OK;
@@ -829,7 +835,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1);
gaa_index++;
-#line 79 "cli.gaa"
+#line 82 "cli.gaa"
{ gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
return GAA_OK;
@@ -839,7 +845,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1);
gaa_index++;
-#line 76 "cli.gaa"
+#line 79 "cli.gaa"
{ gaaval->pgp_trustdb = GAATMP_pgptrustdb.arg1 ;};
return GAA_OK;
@@ -849,7 +855,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1);
gaa_index++;
-#line 73 "cli.gaa"
+#line 76 "cli.gaa"
{ gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
return GAA_OK;
@@ -859,7 +865,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1);
gaa_index++;
-#line 70 "cli.gaa"
+#line 73 "cli.gaa"
{ gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
return GAA_OK;
@@ -869,7 +875,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1);
gaa_index++;
-#line 67 "cli.gaa"
+#line 70 "cli.gaa"
{ gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;};
return GAA_OK;
@@ -879,7 +885,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1);
gaa_index++;
-#line 64 "cli.gaa"
+#line 67 "cli.gaa"
{ gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
return GAA_OK;
@@ -887,7 +893,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_ctypes:
OK = 0;
GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 61 "cli.gaa"
+#line 64 "cli.gaa"
{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
return GAA_OK;
@@ -895,7 +901,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_kx:
OK = 0;
GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 57 "cli.gaa"
+#line 60 "cli.gaa"
{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
return GAA_OK;
@@ -903,7 +909,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_macs:
OK = 0;
GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 53 "cli.gaa"
+#line 56 "cli.gaa"
{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
return GAA_OK;
@@ -911,7 +917,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_comp:
OK = 0;
GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 49 "cli.gaa"
+#line 52 "cli.gaa"
{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
return GAA_OK;
@@ -919,7 +925,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_protocols:
OK = 0;
GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 45 "cli.gaa"
+#line 48 "cli.gaa"
{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
return GAA_OK;
@@ -927,7 +933,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
case GAAOPTID_ciphers:
OK = 0;
GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
return GAA_OK;
@@ -937,7 +943,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1);
gaa_index++;
-#line 36 "cli.gaa"
+#line 39 "cli.gaa"
{ gaaval->record_size = GAATMP_recordsize.arg1 ;};
return GAA_OK;
@@ -947,18 +953,25 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_port.arg1, gaa_getint, GAATMP_port.size1);
gaa_index++;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
{ gaaval->port = GAATMP_port.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_xml:
OK = 0;
-#line 30 "cli.gaa"
+#line 33 "cli.gaa"
{ gaaval->xml = 1 ;};
return GAA_OK;
break;
+ case GAAOPTID_disable_extensions:
+ OK = 0;
+#line 30 "cli.gaa"
+{ gaaval->disable_extensions = 1 ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_fingerprint:
OK = 0;
#line 27 "cli.gaa"
@@ -998,7 +1011,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1);
gaa_index++;
-#line 101 "cli.gaa"
+#line 104 "cli.gaa"
{ gaaval->rest_args = GAAREST_tmp.arg1; ;};
return GAA_OK;
@@ -1027,12 +1040,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 103 "cli.gaa"
+#line 106 "cli.gaa"
{ gaaval->resume=0; gaaval->port=443; gaaval->rest_args=NULL; gaaval->ciphers=NULL;
gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0;
gaaval->fingerprint=0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL;
- gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL;
+ gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0;
gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->xml = 0;
gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; ;};
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index 128804cd4b..66d0714f6d 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,58 +8,60 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 100 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 90 "cli.gaa"
+#line 93 "cli.gaa"
char *srp_passwd;
-#line 87 "cli.gaa"
+#line 90 "cli.gaa"
char *srp_username;
-#line 84 "cli.gaa"
+#line 87 "cli.gaa"
char *x509_certfile;
-#line 81 "cli.gaa"
+#line 84 "cli.gaa"
char *x509_keyfile;
-#line 78 "cli.gaa"
+#line 81 "cli.gaa"
char *pgp_certfile;
-#line 75 "cli.gaa"
+#line 78 "cli.gaa"
char *pgp_trustdb;
-#line 72 "cli.gaa"
+#line 75 "cli.gaa"
char *pgp_keyring;
-#line 69 "cli.gaa"
+#line 72 "cli.gaa"
char *pgp_keyfile;
-#line 66 "cli.gaa"
+#line 69 "cli.gaa"
char *x509_crlfile;
-#line 63 "cli.gaa"
+#line 66 "cli.gaa"
char *x509_cafile;
-#line 60 "cli.gaa"
+#line 63 "cli.gaa"
char **ctype;
-#line 59 "cli.gaa"
+#line 62 "cli.gaa"
int nctype;
-#line 56 "cli.gaa"
+#line 59 "cli.gaa"
char **kx;
-#line 55 "cli.gaa"
+#line 58 "cli.gaa"
int nkx;
-#line 52 "cli.gaa"
+#line 55 "cli.gaa"
char **macs;
-#line 51 "cli.gaa"
+#line 54 "cli.gaa"
int nmacs;
-#line 48 "cli.gaa"
+#line 51 "cli.gaa"
char **comp;
-#line 47 "cli.gaa"
+#line 50 "cli.gaa"
int ncomp;
-#line 44 "cli.gaa"
+#line 47 "cli.gaa"
char **proto;
-#line 43 "cli.gaa"
+#line 46 "cli.gaa"
int nproto;
-#line 40 "cli.gaa"
+#line 43 "cli.gaa"
char **ciphers;
-#line 39 "cli.gaa"
+#line 42 "cli.gaa"
int nciphers;
-#line 35 "cli.gaa"
+#line 38 "cli.gaa"
int record_size;
-#line 32 "cli.gaa"
+#line 35 "cli.gaa"
int port;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
int xml;
+#line 29 "cli.gaa"
+ int disable_extensions;
#line 26 "cli.gaa"
int fingerprint;
#line 23 "cli.gaa"
diff --git a/src/cli.c b/src/cli.c
index 585c59b086..878cb30c4b 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -70,6 +70,7 @@ char *x509_certfile;
char *x509_cafile;
char *x509_crlfile = NULL;
static int x509ctype;
+static int disable_extensions;
static gnutls_srp_client_credentials srp_cred;
static gnutls_anon_client_credentials anon_cred;
@@ -150,9 +151,11 @@ static gnutls_session init_tls_session( const char* hostname)
/* allow the use of private ciphersuites.
*/
- gnutls_handshake_set_private_extensions(session, 1);
+ if (disable_extensions == 0)
+ gnutls_handshake_set_private_extensions(session, 1);
- gnutls_set_server_name( session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
+ if (disable_extensions == 0)
+ gnutls_set_server_name( session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
gnutls_cipher_set_priority(session, cipher_priority);
gnutls_compression_set_priority(session, comp_priority);
@@ -174,7 +177,7 @@ static gnutls_session init_tls_session( const char* hostname)
gnutls_openpgp_send_key(session, GNUTLS_OPENPGP_KEY_FINGERPRINT);
/* use the max record size extension */
- if (record_max_size > 0) {
+ if (record_max_size > 0 && disable_extensions == 0) {
if (gnutls_record_set_max_size(session, record_max_size) < 0) {
fprintf(stderr,
"Cannot set the maximum record size to %d.\n",
@@ -402,6 +405,7 @@ void gaa_parser(int argc, char **argv)
exit(1);
}
+ disable_extensions = info.disable_extensions;
xml = info.xml;
starttls = info.starttls;
resume = info.resume;
diff --git a/src/cli.gaa b/src/cli.gaa
index 3b21543cff..acc583cb98 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -26,6 +26,9 @@ option (x509fmtder) { $fmtder = 1 } "Use DER format for certificates"
#int fingerprint;
option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, instead of the key."
+#int disable_extensions;
+option ( disable-extensions) { $disable_extensions = 1 } "Disable all the TLS extensions."
+
#int xml;
option (xml) { $xml = 1 } "Print the certificate information in XML format."
@@ -104,7 +107,7 @@ init { $resume=0; $port=443; $rest_args=NULL; $ciphers=NULL;
$kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
$nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0;
$fingerprint=0; $pgp_trustdb=NULL; $pgp_keyring=NULL; $x509_crlfile = NULL;
- $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
+ $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0;
$x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $xml = 0;
$srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; }
diff --git a/src/tests.c b/src/tests.c
index 21cb10d641..8b3b5036a2 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -446,7 +446,7 @@ int ret;
ret = do_handshake( session);
if (ret < 0) return FAILED;
-
+
if (gnutls_protocol_get_version(session)==GNUTLS_TLS1) return SUCCEED;
return UNSURE;
}
diff --git a/src/tls_test.c b/src/tls_test.c
index 9c4b3b2768..4e6c00eb9c 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -79,11 +79,11 @@ typedef struct {
static const TLS_TEST tls_tests[] = {
{ "for TLS 1.0 support", test_tls1, "yes", "no", "dunno" },
{ "for SSL 3.0 support", test_ssl3, "yes", "no", "dunno" },
+ { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" },
+ { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" },
{ "whether we need to disable TLS 1.0", test_tls1_2, "no", "yes", "dunno" },
{ "for certificate information", test_certificate, "", "", "" },
{ "for trusted CAs", test_server_cas, "", "", "" },
- { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" },
- { "for version rollback bug in Client Hello", test_version_rollback, "no", "yes", "dunno" },
/* this test will disable TLS 1.0 if the server is
* buggy */
{ "whether the server can accept Hello Extensions", test_hello_extension, "yes", "no", "dunno"},