diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2014-01-08 15:57:59 -0500 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-01-09 08:36:54 +0100 |
commit | 706953a5e2aec74b2cbbde6835a79dafdbbb7791 (patch) | |
tree | ff4de0709923025f561bf866d6baeb8339e23eb2 /src | |
parent | bf62812c362ae3cb1b7b524e11e83464b6aa9879 (diff) | |
download | gnutls-706953a5e2aec74b2cbbde6835a79dafdbbb7791.tar.gz |
gnutls-cli-debug should accept TLS 1.2-only servers
Without this patch, a TLS 1.2-only server will not be properly
investigated by gnutls-cli-debug.
e.g. a server like:
gnutls-serv --x509keyfile=server/secret.key --x509certfile=server/x509.pem --priority 'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2'
gets this failed analysis:
0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556 localhost
Resolving 'localhost'...
Connecting to '::1:5556'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... yes
Checking for TLS 1.0 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... yes
Checking whether we need to disable TLS 1.2... N/A
Checking whether we need to disable TLS 1.1... no
Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1
0 dkg@alice:~$
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/cli-debug.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/cli-debug.c b/src/cli-debug.c index 6110184bf2..f6e4c16480 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -63,6 +63,7 @@ unsigned int verbose = 0; extern int tls1_ok; extern int tls1_1_ok; +extern int tls1_2_ok; extern int ssl3_ok; static void tls_log_func(int level, const char *str) @@ -248,10 +249,10 @@ int main(int argc, char **argv) /* if neither of SSL3 and TLSv1 are supported, exit */ - if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 + if (i > 6 && tls1_2_ok == 0 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0) { fprintf(stderr, - "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n"); + "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS 1.2\n"); break; } |