diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-01-22 17:42:12 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-01-22 17:42:12 +0000 |
commit | 207eddade48a93f73eb01298b7d3667a589aa2a7 (patch) | |
tree | db4c11c38de93e338a0a652d73337b7bfb030762 /src/tests.c | |
parent | 065f1d588dca3295501e271578f117e5326c008b (diff) | |
download | gnutls-207eddade48a93f73eb01298b7d3667a589aa2a7.tar.gz |
Improved the SRP support, to prevent attackers guessing the
available usernames by brute force. The g,n values sent are now
obtained by the password conf file. (they were static ones)
Diffstat (limited to 'src/tests.c')
-rw-r--r-- | src/tests.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/tests.c b/src/tests.c index 7d16393126..8b3e590a28 100644 --- a/src/tests.c +++ b/src/tests.c @@ -32,6 +32,7 @@ extern gnutls_anon_client_credentials anon_cred; extern gnutls_certificate_credentials xcred; extern int more_info; +static int srp = 0; extern int tls1_ok; extern int ssl3_ok; @@ -62,6 +63,11 @@ int ret, alert; GERR(ret); } + if (srp) { + if (ret == GNUTLS_E_DECRYPTION_FAILED) + return SUCCEED; /* SRP was detected */ + } + if (ret < 0) return FAILED; gnutls_session_get_data(session, NULL, &session_data_size); @@ -152,6 +158,8 @@ static void ADD_PROTOCOL(gnutls_session session, int protocol) { int test_srp( gnutls_session session) { +int ret; + ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); ADD_ALL_CERTTYPES(session); @@ -159,10 +167,14 @@ int test_srp( gnutls_session session) { ADD_ALL_MACS(session); ADD_KX(session, GNUTLS_KX_SRP); + srp = 1; gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); - return do_handshake( session); + ret = do_handshake( session); + srp = 0; + + return ret; } int test_export( gnutls_session session) { |