diff options
| author | Simon Josefsson <simon@josefsson.org> | 2010-06-07 14:51:48 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2010-06-07 14:51:48 +0200 |
| commit | ed8a5c018ea46dc1d44785ae0545e60d5c907d84 (patch) | |
| tree | 52728d3b33cc9447533d4531de2360113db06d8b | |
| parent | 530fa2957535bebe5ef1f6796f08a93441efcb67 (diff) | |
| download | gnutls-ed8a5c018ea46dc1d44785ae0545e60d5c907d84.tar.gz | |
Rewrite srn4.c self test.
| -rw-r--r-- | tests/safe-renegotiation/README | 5 | ||||
| -rw-r--r-- | tests/safe-renegotiation/srn4.c | 97 |
2 files changed, 17 insertions, 85 deletions
diff --git a/tests/safe-renegotiation/README b/tests/safe-renegotiation/README index 48dae5460a..49867f629b 100644 --- a/tests/safe-renegotiation/README +++ b/tests/safe-renegotiation/README @@ -28,9 +28,8 @@ srn3.c: srn4.c: - This tests that clients without support for safe renegotiation is - able to handshake properly against a default GnuTLS server, but - that rehandshake will be refused by the server. + This tests that a %SAFE_RENEGOTIATION server will reject handshakes + against clients that do not support the extension. srn5.c: This tests that clients with support for safe renegotiation is able diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c index a0d8c62c19..80d50a5fe6 100644 --- a/tests/safe-renegotiation/srn4.c +++ b/tests/safe-renegotiation/srn4.c @@ -20,11 +20,10 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* Code based on srn0.c. +/* Code based on ../mini-x509.c. * - * This tests that clients without support for safe renegotiation is - * able to handshake properly against a default GnuTLS server, but - * that rehandshake will be refused by the server. + * This tests that a %SAFE_RENEGOTIATION server will reject handshakes + * against clients that do not support the extension. */ #ifdef HAVE_CONFIG_H @@ -184,7 +183,7 @@ main (int argc, char *argv[]) GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); - gnutls_priority_set_direct (server, "NORMAL", NULL); + gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL); gnutls_transport_set_push_function (server, server_push); gnutls_transport_set_pull_function (server, server_pull); @@ -197,6 +196,14 @@ main (int argc, char *argv[]) gnutls_transport_set_push_function (client, client_push); gnutls_transport_set_pull_function (client, client_pull); + /* Check that initially no session use the extension. */ + if (gnutls_safe_renegotiation_status (server) + || gnutls_safe_renegotiation_status (client)) + { + puts ("Client or server using extension before handshake?"); + abort (); + } + do { static int max_iter = 0; @@ -225,86 +232,12 @@ main (int argc, char *argv[]) } } } - while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS) + && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); - if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) + if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED) exit_code = EXIT_FAILURE; - if (gnutls_safe_renegotiation_status (client) || - gnutls_safe_renegotiation_status (server)) - { - tls_log_func (0, "Session using safe renegotiation but shouldn't!\n"); - exit_code = EXIT_FAILURE; - } - - sret = gnutls_rehandshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_rehandshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - - { - ssize_t n; - char b[1]; - n = gnutls_record_recv (client, b, 1); - if (n != GNUTLS_E_REHANDSHAKE) - abort (); - } - - cret = GNUTLS_E_AGAIN; - sret = GNUTLS_E_AGAIN; - - do - { - static int max_iter = 0; - if (max_iter++ > 10) - abort (); - - if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } - - if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } - } - while ( - /* Not done: */ - !(cret == GNUTLS_E_AGAIN - && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); - - if (cret != GNUTLS_E_AGAIN && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - exit_code = 1; - - if (gnutls_safe_renegotiation_status (client) || - gnutls_safe_renegotiation_status (server)) - { - tls_log_func (0, "Rehandshaked session not using safe renegotiation!\n"); - exit_code = EXIT_FAILURE; - } - gnutls_bye (client, GNUTLS_SHUT_RDWR); gnutls_bye (server, GNUTLS_SHUT_RDWR); |