diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-25 11:47:56 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-28 10:39:46 +0100 |
| commit | fc27486d4c50c54baf539b30ce2ea82102e57763 (patch) | |
| tree | 733d3520febce971e523ff7a5798ea46ce94ce28 | |
| parent | 9265a6b5d709b20d4b555af90b108dc0b81e0559 (diff) | |
| download | gnutls-fc27486d4c50c54baf539b30ce2ea82102e57763.tar.gz | |
gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required
| -rw-r--r-- | src/cli-debug.c | 4 | ||||
| -rw-r--r-- | src/tests.c | 56 | ||||
| -rw-r--r-- | src/tests.h | 2 |
3 files changed, 42 insertions, 20 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index a60fec8108..5f9eb00dc9 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -82,6 +82,8 @@ typedef struct { static const TLS_TEST tls_tests[] = { {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"}, + {"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes", + "dunno"}, {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"}, {"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"}, @@ -103,8 +105,6 @@ static const TLS_TEST tls_tests[] = { {"for certificate information", test_certificate, NULL, "", ""}, {"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"}, {"for trusted CAs", test_server_cas, NULL, "", ""}, - {"whether Hello Extensions are accepted", - test_hello_extension, "yes", "no", "dunno"}, {"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes", "no", "dunno"}, {"for Safe renegotiation support (SCSV)", diff --git a/src/tests.c b/src/tests.c index b0545d73b5..6cb251d879 100644 --- a/src/tests.c +++ b/src/tests.c @@ -51,6 +51,7 @@ extern gnutls_certificate_credentials_t xcred; extern unsigned int verbose; const char *ext_text = ""; +int tls_ext_ok = 1; int tls1_ok = 0; int ssl3_ok = 0; int tls1_1_ok = 0; @@ -204,6 +205,9 @@ test_code_t test_ecdhe(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, @@ -227,6 +231,9 @@ test_code_t test_safe_renegotiation(gnutls_session_t session) { int ret; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s:%%SAFE_RENEGOTIATION", rest, protocol_str); @@ -244,6 +251,9 @@ test_code_t test_ocsp_status(gnutls_session_t session) int ret; gnutls_datum_t resp; + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX":%s", protocol_str, rest); @@ -707,6 +717,28 @@ test_code_t test_record_padding(gnutls_session_t session) return ret; } +test_code_t test_no_extensions(gnutls_session_t session) +{ + int ret; + + sprintf(prio_str, + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + _gnutls_priority_set_direct(session, prio_str); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_record_set_max_size(session, 4096); + + ret = do_handshake(session); + if (ret == TEST_SUCCEED) { + tls_ext_ok = 1; + } else { + tls_ext_ok = 0; + strcat(rest, ":%NO_EXTENSIONS"); + } + + return ret; +} + test_code_t test_tls1_2(gnutls_session_t session) { int ret; @@ -895,6 +927,10 @@ test_code_t test_rsa_pms(gnutls_session_t session) test_code_t test_max_record_size(gnutls_session_t session) { int ret; + + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); @@ -913,25 +949,11 @@ test_code_t test_max_record_size(gnutls_session_t session) return TEST_FAILED; } -test_code_t test_hello_extension(gnutls_session_t session) -{ - int ret; - - sprintf(prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); - _gnutls_priority_set_direct(session, prio_str); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_record_set_max_size(session, 4096); - - ret = do_handshake(session); - - - return ret; -} - test_code_t test_heartbeat_extension(gnutls_session_t session) { + if (tls_ext_ok == 0) + return TEST_IGNORE; + sprintf(prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); diff --git a/src/tests.h b/src/tests.h index 33b623a571..600e422f4e 100644 --- a/src/tests.h +++ b/src/tests.h @@ -25,7 +25,7 @@ typedef enum { test_code_t test_chain_order(gnutls_session_t session); test_code_t test_server(gnutls_session_t state); test_code_t test_record_padding(gnutls_session_t state); -test_code_t test_hello_extension(gnutls_session_t state); +test_code_t test_no_extensions(gnutls_session_t state); test_code_t test_heartbeat_extension(gnutls_session_t state); test_code_t test_small_records(gnutls_session_t state); test_code_t test_dhe(gnutls_session_t state); |