diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-12 16:17:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-13 08:52:22 +0200 |
| commit | 2d211c1d1da172c5c5806d97c98291432d400422 (patch) | |
| tree | af2d8ff37e2488b04663f64ef70e403cfa337f86 | |
| parent | 9faa012bc07aeef2147f4b4224aaee4cfe02256a (diff) | |
| download | gnutls-2d211c1d1da172c5c5806d97c98291432d400422.tar.gz | |
gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | src/cli-debug.c | 2 | ||||
| -rw-r--r-- | src/tests.c | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index a23fb9a189..9312da7346 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -83,9 +83,11 @@ typedef struct { } TLS_TEST; static const TLS_TEST tls_tests[] = { +#ifdef ENABLE_SSL3 {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"}, /* The following tests will disable TLS 1.x if the server is * buggy */ +#endif {"whether we need to disable TLS 1.2", test_tls_disable2, "no", "yes", "dunno"}, {"whether we need to disable TLS 1.1", test_tls_disable1, "no", diff --git a/src/tests.c b/src/tests.c index a38ec41789..ffa772553a 100644 --- a/src/tests.c +++ b/src/tests.c @@ -121,14 +121,16 @@ char prio_str[512] = ""; #define INIT_STR "NONE:" char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; +#define _gnutls_priority_set_direct(s, str) __gnutls_priority_set_direct(s, str, __LINE__) + static inline void -_gnutls_priority_set_direct(gnutls_session_t session, const char *str) +__gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line) { const char *err; int ret = gnutls_priority_set_direct(session, str, &err); if (ret < 0) { - fprintf(stderr, "Error with string %s\n", str); + fprintf(stderr, "Error at %d with string %s\n", line, str); fprintf(stderr, "Error at %s: %s\n", err, gnutls_strerror(ret)); exit(1); @@ -303,8 +305,10 @@ test_code_t test_rfc7507(gnutls_session_t session) pstr = "-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV"; else if (tls1_1_ok && tls1_ok) pstr = "-VERS-TLS-ALL:+VERS-TLS1.0:%FALLBACK_SCSV"; +#ifdef ENABLE_SSL3 else if (tls1_ok && ssl3_ok) pstr = "-VERS-TLS-ALL:+VERS-SSL3.0:%FALLBACK_SCSV"; +#endif else return TEST_IGNORE; @@ -436,7 +440,7 @@ test_code_t test_safe_renegotiation_scsv(gnutls_session_t session) return TEST_IGNORE; sprintf(prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:" + ALL_CIPHERS ":" ALL_COMP ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION"); _gnutls_priority_set_direct(session, prio_str); |