diff options
-rw-r--r-- | lib/priority.c | 2 | ||||
-rw-r--r-- | m4/hooks.m4 | 15 | ||||
-rw-r--r-- | tests/mini-x509-default-prio.c | 14 | ||||
-rw-r--r-- | tests/mini-x509.c | 4 | ||||
-rw-r--r-- | tests/priorities.c | 16 | ||||
-rw-r--r-- | tests/psk-file.c | 5 | ||||
-rw-r--r-- | tests/pskself.c | 6 | ||||
-rw-r--r-- | tests/session-tickets-missing.c | 4 |
8 files changed, 4 insertions, 62 deletions
diff --git a/lib/priority.c b/lib/priority.c index 6a4ccc2f46..53c0d552dd 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -179,9 +179,7 @@ static const int _supported_groups_secure192[] = { static const int* supported_groups_secure192 = _supported_groups_secure192; static const int protocol_priority[] = { -#ifdef ENABLE_TLS13 GNUTLS_TLS1_3, -#endif GNUTLS_TLS1_2, GNUTLS_TLS1_1, GNUTLS_TLS1_0, diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 1cc442d2d2..f25fca1247 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -173,21 +173,6 @@ LIBTASN1_MINIMUM=4.9 AM_CONDITIONAL(ENABLE_SSL3, test "$ac_enable_ssl3" != "no") - ac_enable_tls13=no - AC_MSG_CHECKING([whether to enable the TLS 1.3 draft protocol]) - AC_ARG_ENABLE(tls13-support, - AS_HELP_STRING([--enable-tls13-support], - [enable the TLS1.3 draft protocol by default]), - ac_enable_tls13=$enableval) - if test x$ac_enable_tls13 != xno; then - AC_MSG_RESULT(yes) - AC_DEFINE([ENABLE_TLS13], 1, [enable TLS1.3 support]) - else - ac_full=0 - AC_MSG_RESULT(no) - fi - AM_CONDITIONAL(ENABLE_TLS13, test "$ac_enable_tls13" != "no") - ac_enable_ssl2=yes AC_MSG_CHECKING([whether to disable the SSL 2.0 client hello]) AC_ARG_ENABLE(ssl2-support, diff --git a/tests/mini-x509-default-prio.c b/tests/mini-x509-default-prio.c index a01caf7e43..81f2611c8b 100644 --- a/tests/mini-x509-default-prio.c +++ b/tests/mini-x509-default-prio.c @@ -260,20 +260,6 @@ void doit(void) } } -#ifndef ENABLE_TLS13 - ret = gnutls_session_ext_master_secret_status(client); - if (ret != 1) { - fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); - exit(1); - } - - ret = gnutls_session_ext_master_secret_status(server); - if (ret != 1) { - fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); - exit(1); - } -#endif - gnutls_bye(client, GNUTLS_SHUT_RDWR); gnutls_bye(server, GNUTLS_SHUT_RDWR); diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 9b6bbcc006..52c650aa7f 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -258,9 +258,5 @@ void doit(void) { start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); -#ifndef ENABLE_TLS13 - start("NORMAL", 0); -#else start("NORMAL", 1); -#endif } diff --git a/tests/priorities.c b/tests/priorities.c index c5d44ea339..6daef59ab6 100644 --- a/tests/priorities.c +++ b/tests/priorities.c @@ -114,27 +114,19 @@ try_prio_err(const char *prio, int err) void doit(void) { const int null = 3; -#ifdef ENABLE_TLS13 int sec128_cs = 29; int sec256_cs = 12; int normal_cs = 29; int pfs_cs = 23; int null_normal_cs = 28; /* disables TLS1.3 CS */ -#else - int sec128_cs = 25; - int sec256_cs = 10; - int pfs_cs = 19; - int normal_cs = 25; - int null_normal_cs = normal_cs + null; -#endif int normal_ciphers = 7; if (gnutls_fips140_mode_enabled()) { - normal_cs = 22; + normal_cs = 25; normal_ciphers = 6; - pfs_cs = 22; - sec256_cs = 7; - sec128_cs = 22; + pfs_cs = 25; + sec256_cs = 8; + sec128_cs = 25; } try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__); diff --git a/tests/psk-file.c b/tests/psk-file.c index 28d45560b1..2512086e0f 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -377,13 +377,8 @@ void doit(void) run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", "jas", &key, 1, 0); run_test_ok("NORMAL:-KX-ALL:+PSK", "jas", &key, 0, 0); -#ifdef ENABLE_TLS13 run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); -#else - run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED); - run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED); -#endif run_test2("NORMAL:-KX-ALL:+PSK", NULL, "non-hex", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR); run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", "jas", &key, 0, 0); diff --git a/tests/pskself.c b/tests/pskself.c index 65aceb2522..f3cc882174 100644 --- a/tests/pskself.c +++ b/tests/pskself.c @@ -326,15 +326,9 @@ void doit(void) /* the following should work once we support PSK without DH */ run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+PSK", 0); -#ifdef ENABLE_TLS13 run_test("NORMAL:-KX-ALL:+PSK", 0); run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 0); run_test("NORMAL:-KX-ALL:+DHE-PSK", 0); -#else - run_test("NORMAL:-KX-ALL:+PSK", 1); - run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 1); - run_test("NORMAL:-KX-ALL:+DHE-PSK", 1); -#endif gnutls_dh_params_deinit(dh_params); } diff --git a/tests/session-tickets-missing.c b/tests/session-tickets-missing.c index 69f16cf643..35c9045b46 100644 --- a/tests/session-tickets-missing.c +++ b/tests/session-tickets-missing.c @@ -316,11 +316,7 @@ void doit(void) start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NO_TICKETS); /* ...or there is no overlap between PSK key exchange modes */ start2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-DHE-PSK", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, 0); -#ifdef ENABLE_TLS13 start("NORMAL", GNUTLS_NO_TICKETS); -#else - start("NORMAL", 0); -#endif } #endif /* _WIN32 */ |