summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/priority.c2
-rw-r--r--m4/hooks.m415
-rw-r--r--tests/mini-x509-default-prio.c14
-rw-r--r--tests/mini-x509.c4
-rw-r--r--tests/priorities.c16
-rw-r--r--tests/psk-file.c5
-rw-r--r--tests/pskself.c6
-rw-r--r--tests/session-tickets-missing.c4
8 files changed, 4 insertions, 62 deletions
diff --git a/lib/priority.c b/lib/priority.c
index 6a4ccc2f46..53c0d552dd 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -179,9 +179,7 @@ static const int _supported_groups_secure192[] = {
static const int* supported_groups_secure192 = _supported_groups_secure192;
static const int protocol_priority[] = {
-#ifdef ENABLE_TLS13
GNUTLS_TLS1_3,
-#endif
GNUTLS_TLS1_2,
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 1cc442d2d2..f25fca1247 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -173,21 +173,6 @@ LIBTASN1_MINIMUM=4.9
AM_CONDITIONAL(ENABLE_SSL3, test "$ac_enable_ssl3" != "no")
- ac_enable_tls13=no
- AC_MSG_CHECKING([whether to enable the TLS 1.3 draft protocol])
- AC_ARG_ENABLE(tls13-support,
- AS_HELP_STRING([--enable-tls13-support],
- [enable the TLS1.3 draft protocol by default]),
- ac_enable_tls13=$enableval)
- if test x$ac_enable_tls13 != xno; then
- AC_MSG_RESULT(yes)
- AC_DEFINE([ENABLE_TLS13], 1, [enable TLS1.3 support])
- else
- ac_full=0
- AC_MSG_RESULT(no)
- fi
- AM_CONDITIONAL(ENABLE_TLS13, test "$ac_enable_tls13" != "no")
-
ac_enable_ssl2=yes
AC_MSG_CHECKING([whether to disable the SSL 2.0 client hello])
AC_ARG_ENABLE(ssl2-support,
diff --git a/tests/mini-x509-default-prio.c b/tests/mini-x509-default-prio.c
index a01caf7e43..81f2611c8b 100644
--- a/tests/mini-x509-default-prio.c
+++ b/tests/mini-x509-default-prio.c
@@ -260,20 +260,6 @@ void doit(void)
}
}
-#ifndef ENABLE_TLS13
- ret = gnutls_session_ext_master_secret_status(client);
- if (ret != 1) {
- fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret);
- exit(1);
- }
-
- ret = gnutls_session_ext_master_secret_status(server);
- if (ret != 1) {
- fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret);
- exit(1);
- }
-#endif
-
gnutls_bye(client, GNUTLS_SHUT_RDWR);
gnutls_bye(server, GNUTLS_SHUT_RDWR);
diff --git a/tests/mini-x509.c b/tests/mini-x509.c
index 9b6bbcc006..52c650aa7f 100644
--- a/tests/mini-x509.c
+++ b/tests/mini-x509.c
@@ -258,9 +258,5 @@ void doit(void)
{
start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0);
start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0);
-#ifndef ENABLE_TLS13
- start("NORMAL", 0);
-#else
start("NORMAL", 1);
-#endif
}
diff --git a/tests/priorities.c b/tests/priorities.c
index c5d44ea339..6daef59ab6 100644
--- a/tests/priorities.c
+++ b/tests/priorities.c
@@ -114,27 +114,19 @@ try_prio_err(const char *prio, int err)
void doit(void)
{
const int null = 3;
-#ifdef ENABLE_TLS13
int sec128_cs = 29;
int sec256_cs = 12;
int normal_cs = 29;
int pfs_cs = 23;
int null_normal_cs = 28; /* disables TLS1.3 CS */
-#else
- int sec128_cs = 25;
- int sec256_cs = 10;
- int pfs_cs = 19;
- int normal_cs = 25;
- int null_normal_cs = normal_cs + null;
-#endif
int normal_ciphers = 7;
if (gnutls_fips140_mode_enabled()) {
- normal_cs = 22;
+ normal_cs = 25;
normal_ciphers = 6;
- pfs_cs = 22;
- sec256_cs = 7;
- sec128_cs = 22;
+ pfs_cs = 25;
+ sec256_cs = 8;
+ sec128_cs = 25;
}
try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__);
diff --git a/tests/psk-file.c b/tests/psk-file.c
index 28d45560b1..2512086e0f 100644
--- a/tests/psk-file.c
+++ b/tests/psk-file.c
@@ -377,13 +377,8 @@ void doit(void)
run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", "jas", &key, 1, 0);
run_test_ok("NORMAL:-KX-ALL:+PSK", "jas", &key, 0, 0);
-#ifdef ENABLE_TLS13
run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
-#else
- run_test2("NORMAL:+PSK", NULL, "unknown", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED);
- run_test2("NORMAL:+PSK", NULL, "jas", &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED);
-#endif
run_test2("NORMAL:-KX-ALL:+PSK", NULL, "non-hex", &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR);
run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", "jas", &key, 0, 0);
diff --git a/tests/pskself.c b/tests/pskself.c
index 65aceb2522..f3cc882174 100644
--- a/tests/pskself.c
+++ b/tests/pskself.c
@@ -326,15 +326,9 @@ void doit(void)
/* the following should work once we support PSK without DH */
run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+PSK", 0);
-#ifdef ENABLE_TLS13
run_test("NORMAL:-KX-ALL:+PSK", 0);
run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 0);
run_test("NORMAL:-KX-ALL:+DHE-PSK", 0);
-#else
- run_test("NORMAL:-KX-ALL:+PSK", 1);
- run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 1);
- run_test("NORMAL:-KX-ALL:+DHE-PSK", 1);
-#endif
gnutls_dh_params_deinit(dh_params);
}
diff --git a/tests/session-tickets-missing.c b/tests/session-tickets-missing.c
index 69f16cf643..35c9045b46 100644
--- a/tests/session-tickets-missing.c
+++ b/tests/session-tickets-missing.c
@@ -316,11 +316,7 @@ void doit(void)
start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NO_TICKETS);
/* ...or there is no overlap between PSK key exchange modes */
start2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-DHE-PSK", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, 0);
-#ifdef ENABLE_TLS13
start("NORMAL", GNUTLS_NO_TICKETS);
-#else
- start("NORMAL", 0);
-#endif
}
#endif /* _WIN32 */