diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-01 16:54:12 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-01 17:28:24 +0100 |
| commit | e83a184c54c9c705306ba4941f5600620cd3b597 (patch) | |
| tree | ad1b81e90b02f83e0f3615dd579c36722c1a0523 /tests | |
| parent | 754daa7f4fe9dc125c9de24e60e16b7c9c431131 (diff) | |
| download | gnutls-e83a184c54c9c705306ba4941f5600620cd3b597.tar.gz | |
Added verify flags for DANE to enforce verification and restrict it to a field.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/suite/Makefile.am | 4 | ||||
| -rwxr-xr-x | tests/suite/testdane | 71 |
2 files changed, 75 insertions, 0 deletions
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index 1ba8d5bf35..cb151e9b46 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -86,6 +86,10 @@ nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom TESTS = eagain testsrn testcompat chain invalid-cert +if ENABLE_DANE +TESTS += testdane +endif + if !MACOSX noinst_LTLIBRARIES = libecore.la diff --git a/tests/suite/testdane b/tests/suite/testdane new file mode 100755 index 0000000000..243ff612d3 --- /dev/null +++ b/tests/suite/testdane @@ -0,0 +1,71 @@ +#!/bin/sh + +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +srcdir="${srcdir:-.}" +CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" +DANETOOL="${DANETOOL:-../../src/danetool$EXEEXT}" +unset RETCODE + +if test "${WINDIR}" != "";then + exit 77 +fi + +. $srcdir/../scripts/common.sh + +# Not ok +HOSTS="bad-hash.dane.verisignlabs.com dane-broken.rd.nic.fr bad-params.dane.verisignlabs.com" +HOSTS="$HOSTS bad-sig.dane.verisignlabs.com" +for i in $HOSTS;do +rm -f tmp +$CLI $i -p 443 --print-cert --insecure >tmp 2>&1 </dev/null +if [ $? != 0 ];then + echo "Error connecting to $i" + exit 1 +fi + +$DANETOOL --load-certificate tmp --check $i >/dev/null 2>&1 +if [ $? = 0 ];then + echo "Checking $i should have failed" + exit 1 +fi +done + +# Fine hosts + +HOSTS="torproject.org jhcloos.com good.dane.verisignlabs.com \ +www.kumari.net" +HOSTS="$HOSTS nohats.ca dane.nox.su" +for i in $HOSTS;do +rm -f tmp +$CLI $i -p 443 --print-cert --insecure >tmp 2>&1 </dev/null +if [ $? != 0 ];then + echo "Error connecting to $i" + exit 1 +fi + +$DANETOOL --load-certificate tmp --check $i >/dev/null 2>&1 +if [ $? != 0 ];then + echo "Error checking $i" + exit 1 +fi +done + + +exit 0 |