diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-13 15:46:16 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-19 17:19:18 +0100 |
| commit | 80f182e8c205d3b25fedbc629d71abcd2483739e (patch) | |
| tree | 4958e8376546928ee63f8181fcf8a0342b399927 /tests/x509self.c | |
| parent | 671826acc0893f05712266a49dac4851c6523bb7 (diff) | |
| download | gnutls-80f182e8c205d3b25fedbc629d71abcd2483739e.tar.gz | |
tests: updated for TLS1.3 inclusion
This moves the test to use a specific version or test multiple
TLS versions if applicable.
Resolves #413
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/x509self.c')
| -rw-r--r-- | tests/x509self.c | 116 |
1 files changed, 49 insertions, 67 deletions
diff --git a/tests/x509self.c b/tests/x509self.c index 00ff480588..f1c674a8e5 100644 --- a/tests/x509self.c +++ b/tests/x509self.c @@ -29,6 +29,7 @@ #include <stdio.h> #include <stdlib.h> +#include <assert.h> #include "cert-common.h" #if defined(_WIN32) @@ -63,15 +64,11 @@ static void tls_log_func(int level, const char *str) str); } -/* A very basic TLS client, with anonymous authentication. - */ - - #define MAX_BUF 1024 #define MSG "Hello TLS" -static void client(int sd) +static void client(int sd, const char *prio) { int ret, ii; gnutls_session_t session; @@ -98,8 +95,7 @@ static void client(int sd) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set_direct(session, "NORMAL", NULL); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); /* put the x509 credentials to the current session */ @@ -147,7 +143,9 @@ static void client(int sd) goto end; } - ret = gnutls_record_recv(session, buffer, MAX_BUF); + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (debug) success("client: recv returned %d.\n", ret); @@ -203,58 +201,16 @@ static void client(int sd) #define MAX_BUF 1024 #define DH_BITS 1024 -/* These are global */ -gnutls_certificate_credentials_t x509_cred; -static gnutls_session_t initialize_tls_session(void) +static void server(int sd, const char *prio) { + int err, ret; + char topbuf[512]; gnutls_session_t session; + char buffer[MAX_BUF + 1]; + int optval = 1; + gnutls_certificate_credentials_t x509_cred; - gnutls_init(&session, GNUTLS_SERVER); - - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, "NORMAL", NULL); - - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - /* request client certificate if any. - Moved to later on to be able to test re-handshakes. - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - */ - - gnutls_dh_set_prime_bits(session, DH_BITS); - - return session; -} - -static gnutls_dh_params_t dh_params; - -static int generate_dh_params(void) -{ - const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init(&dh_params); - return gnutls_dh_params_import_pkcs3(dh_params, &p3, - GNUTLS_X509_FMT_PEM); -} - -int err, ret; -char topbuf[512]; -gnutls_session_t session; -char buffer[MAX_BUF + 1]; -int optval = 1; - - -static void server(int sd) -{ - /* this must be called once in the program - */ global_init(); gnutls_global_set_log_function(tls_log_func); @@ -273,11 +229,19 @@ static void server(int sd) if (debug) success("Launched, generating DH parameters...\n"); - generate_dh_params(); + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); - gnutls_certificate_set_dh_params(x509_cred, dh_params); + /* request client certificate if any. + Moved to later on to be able to test re-handshakes. + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + */ + + gnutls_dh_set_prime_bits(session, DH_BITS); - session = initialize_tls_session(); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); @@ -301,7 +265,9 @@ static void server(int sd) for (;;) { memset(buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv(session, buffer, MAX_BUF); + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret == 0) { if (debug) @@ -309,7 +275,7 @@ static void server(int sd) ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { - fail("server: Received corrupted data(%d). Closing...\n", ret); + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); break; } else if (ret > 0) { gnutls_certificate_server_set_request(session, @@ -351,8 +317,6 @@ static void server(int sd) gnutls_certificate_free_credentials(x509_cred); - gnutls_dh_params_deinit(dh_params); - gnutls_global_deinit(); if (debug) @@ -360,9 +324,15 @@ static void server(int sd) } -void doit(void) +static +void start(const char *prio) { int sockets[2]; + int err; + + success("trying %s\n", prio); + + signal(SIGPIPE, SIG_IGN); err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); if (err == -1) { @@ -381,10 +351,22 @@ void doit(void) if (child) { int status; - server(sockets[0]); + close(sockets[1]); + server(sockets[0], prio); wait(&status); - } else - client(sockets[1]); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL"); } #endif /* _WIN32 */ |