diff options
Diffstat (limited to 'src/tls_test.c')
-rw-r--r-- | src/tls_test.c | 337 |
1 files changed, 177 insertions, 160 deletions
diff --git a/src/tls_test.c b/src/tls_test.c index 26c611d879..2d7ab46aba 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -65,91 +65,93 @@ extern int tls1_ok; extern int tls1_1_ok; extern int ssl3_ok; -static void tls_log_func(int level, const char *str) +static void +tls_log_func (int level, const char *str) { - fprintf(stderr, "|<%d>| %s", level, str); + fprintf (stderr, "|<%d>| %s", level, str); } -typedef test_code_t(*TEST_FUNC) (gnutls_session); +typedef test_code_t (*TEST_FUNC) (gnutls_session); -typedef struct { - char *test_name; - TEST_FUNC func; - char *suc_str; - char *fail_str; - char *unsure_str; +typedef struct +{ + char *test_name; + TEST_FUNC func; + char *suc_str; + char *fail_str; + char *unsure_str; } TLS_TEST; static const TLS_TEST tls_tests[] = { - {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"}, - {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed", - "SSL 3.0"}, - {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"}, - {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"}, - {"for HTTPS server name", test_server, "", "failed", "not checked"}, - {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", - "dunno"}, - {"for version rollback bug in Client Hello", test_version_rollback, - "no", "yes", "dunno"}, - - /* this test will disable TLS 1.0 if the server is - * buggy */ - {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes", - "dunno"}, - - {"whether the server ignores the RSA PMS version", - test_rsa_pms_version_check, "yes", "no", "dunno"}, - {"whether the server can accept Hello Extensions", - test_hello_extension, "yes", "no", "dunno"}, - {"whether the server can accept cipher suites not in SSL 3.0 spec", - test_unknown_ciphersuites, "yes", "no", "dunno"}, - {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"}, - {"for certificate information", test_certificate, "", "", ""}, - {"for trusted CAs", test_server_cas, "", "", ""}, - {"whether the server understands TLS closure alerts", test_bye, "yes", - "no", "partially"}, - /* the fact that is after the closure alert test does matter. - */ - {"whether the server supports session resumption", - test_session_resume2, "yes", "no", "dunno"}, - {"for export-grade ciphersuite support", test_export, "yes", "no", - "dunno"}, - {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"}, + {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"}, + {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed", + "SSL 3.0"}, + {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"}, + {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"}, + {"for HTTPS server name", test_server, "", "failed", "not checked"}, + {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", + "dunno"}, + {"for version rollback bug in Client Hello", test_version_rollback, + "no", "yes", "dunno"}, + + /* this test will disable TLS 1.0 if the server is + * buggy */ + {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes", + "dunno"}, + + {"whether the server ignores the RSA PMS version", + test_rsa_pms_version_check, "yes", "no", "dunno"}, + {"whether the server can accept Hello Extensions", + test_hello_extension, "yes", "no", "dunno"}, + {"whether the server can accept cipher suites not in SSL 3.0 spec", + test_unknown_ciphersuites, "yes", "no", "dunno"}, + {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"}, + {"for certificate information", test_certificate, "", "", ""}, + {"for trusted CAs", test_server_cas, "", "", ""}, + {"whether the server understands TLS closure alerts", test_bye, "yes", + "no", "partially"}, + /* the fact that is after the closure alert test does matter. + */ + {"whether the server supports session resumption", + test_session_resume2, "yes", "no", "dunno"}, + {"for export-grade ciphersuite support", test_export, "yes", "no", + "dunno"}, + {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"}, #ifdef ENABLE_ANON - {"for anonymous authentication support", test_anonymous, "yes", "no", - "dunno"}, - {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A", - "N/A"}, + {"for anonymous authentication support", test_anonymous, "yes", "no", + "dunno"}, + {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A", + "N/A"}, #endif - {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no", - "dunno"}, - {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A", - "N/A"}, - {"for AES cipher support (TLS extension)", test_aes, "yes", "no", - "dunno"}, - {"for 3DES cipher support", test_3des, "yes", "no", "dunno"}, - {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"}, - {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no", - "dunno"}, - {"for MD5 MAC support", test_md5, "yes", "no", "dunno"}, - {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"}, - {"for RIPEMD160 MAC support (TLS extension)", test_rmd, "yes", "no", - "dunno"}, + {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no", + "dunno"}, + {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A", + "N/A"}, + {"for AES cipher support (TLS extension)", test_aes, "yes", "no", + "dunno"}, + {"for 3DES cipher support", test_3des, "yes", "no", "dunno"}, + {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"}, + {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no", + "dunno"}, + {"for MD5 MAC support", test_md5, "yes", "no", "dunno"}, + {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"}, + {"for RIPEMD160 MAC support (TLS extension)", test_rmd, "yes", "no", + "dunno"}, #ifdef HAVE_LIBZ - {"for ZLIB compression support (TLS extension)", test_zlib, "yes", - "no", "dunno"}, + {"for ZLIB compression support (TLS extension)", test_zlib, "yes", + "no", "dunno"}, #endif - {"for LZO compression support (GnuTLS extension)", test_lzo, "yes", - "no", "dunno"}, - {"for max record size (TLS extension)", test_max_record_size, "yes", - "no", "dunno"}, + {"for LZO compression support (GnuTLS extension)", test_lzo, "yes", + "no", "dunno"}, + {"for max record size (TLS extension)", test_max_record_size, "yes", + "no", "dunno"}, #ifdef ENABLE_SRP - {"for SRP authentication support (TLS extension)", test_srp, "yes", - "no", "dunno"}, + {"for SRP authentication support (TLS extension)", test_srp, "yes", + "no", "dunno"}, #endif - {"for OpenPGP authentication support (TLS extension)", test_openpgp1, - "yes", "no", "dunno"}, - {NULL, NULL, NULL, NULL, NULL} + {"for OpenPGP authentication support (TLS extension)", test_openpgp1, + "yes", "no", "dunno"}, + {NULL, NULL, NULL, NULL, NULL} }; static int tt = 0; @@ -167,141 +169,156 @@ const char *ip; err = connect(sd, (SA *) & sa, sizeof(sa)); \ ERR(err, "connect") -static void gaa_parser(int argc, char **argv); +static void gaa_parser (int argc, char **argv); -int main(int argc, char **argv) +int +main (int argc, char **argv) { - int err, ret; - int sd, i; - struct sockaddr_in sa; - gnutls_session state; - char buffer[MAX_BUF + 1]; - struct hostent *server_host; + int err, ret; + int sd, i; + struct sockaddr_in sa; + gnutls_session state; + char buffer[MAX_BUF + 1]; + struct hostent *server_host; - gaa_parser(argc, argv); + gaa_parser (argc, argv); #ifndef _WIN32 - signal(SIGPIPE, SIG_IGN); + signal (SIGPIPE, SIG_IGN); #endif - sockets_init(); + sockets_init (); - if (gnutls_global_init() < 0) { - fprintf(stderr, "global state initialization error\n"); - exit(1); + if (gnutls_global_init () < 0) + { + fprintf (stderr, "global state initialization error\n"); + exit (1); } - gnutls_global_set_log_function(tls_log_func); - gnutls_global_set_log_level(debug); + gnutls_global_set_log_function (tls_log_func); + gnutls_global_set_log_level (debug); - if (gnutls_global_init_extra() < 0) { - fprintf(stderr, "global state initialization error\n"); - exit(1); + if (gnutls_global_init_extra () < 0) + { + fprintf (stderr, "global state initialization error\n"); + exit (1); } - printf("Resolving '%s'...\n", hostname); - /* get server name */ - server_host = gethostbyname(hostname); - if (server_host == NULL) { - fprintf(stderr, "Cannot resolve %s\n", hostname); - exit(1); + printf ("Resolving '%s'...\n", hostname); + /* get server name */ + server_host = gethostbyname (hostname); + if (server_host == NULL) + { + fprintf (stderr, "Cannot resolve %s\n", hostname); + exit (1); } - /* X509 stuff */ - if (gnutls_certificate_allocate_credentials(&xcred) < 0) { /* space for 2 certificates */ - fprintf(stderr, "memory error\n"); - exit(1); + /* X509 stuff */ + if (gnutls_certificate_allocate_credentials (&xcred) < 0) + { /* space for 2 certificates */ + fprintf (stderr, "memory error\n"); + exit (1); } - /* SRP stuff */ + /* SRP stuff */ #ifdef ENABLE_SRP - if (gnutls_srp_allocate_client_credentials(&srp_cred) < 0) { - fprintf(stderr, "memory error\n"); - exit(1); + if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) + { + fprintf (stderr, "memory error\n"); + exit (1); } #endif #ifdef ENABLE_ANON - /* ANON stuff */ - if (gnutls_anon_allocate_client_credentials(&anon_cred) < 0) { - fprintf(stderr, "memory error\n"); - exit(1); + /* ANON stuff */ + if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0) + { + fprintf (stderr, "memory error\n"); + exit (1); } #endif - i = 0; + i = 0; - do { + do + { - if (tls_tests[i].test_name == NULL) - break; /* finished */ + if (tls_tests[i].test_name == NULL) + break; /* finished */ - /* if neither of SSL3 and TLSv1 are supported, exit - */ - if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0) { - fprintf(stderr, - "\nServer does not support none of SSL 3.0, TLS 1.0 and TLS 1.1\n"); - break; + /* if neither of SSL3 and TLSv1 are supported, exit + */ + if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0) + { + fprintf (stderr, + "\nServer does not support none of SSL 3.0, TLS 1.0 and TLS 1.1\n"); + break; } - CONNECT(); - gnutls_init(&state, GNUTLS_CLIENT); - gnutls_transport_set_ptr(state, (gnutls_transport_ptr) sd); - - do { - printf("Checking %s...", tls_tests[i].test_name); - - ret = tls_tests[i].func(state); - - if (ret == TEST_SUCCEED) - printf(" %s\n", tls_tests[i].suc_str); - else if (ret == TEST_FAILED) - printf(" %s\n", tls_tests[i].fail_str); - else if (ret == TEST_UNSURE) - printf(" %s\n", tls_tests[i].unsure_str); - else if (ret == TEST_IGNORE) { - printf(" N/A\n"); - i++; + CONNECT (); + gnutls_init (&state, GNUTLS_CLIENT); + gnutls_transport_set_ptr (state, (gnutls_transport_ptr) sd); + + do + { + printf ("Checking %s...", tls_tests[i].test_name); + + ret = tls_tests[i].func (state); + + if (ret == TEST_SUCCEED) + printf (" %s\n", tls_tests[i].suc_str); + else if (ret == TEST_FAILED) + printf (" %s\n", tls_tests[i].fail_str); + else if (ret == TEST_UNSURE) + printf (" %s\n", tls_tests[i].unsure_str); + else if (ret == TEST_IGNORE) + { + printf (" N/A\n"); + i++; } - } while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL); + } + while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL); - gnutls_deinit(state); + gnutls_deinit (state); - shutdown(sd, SHUT_RDWR); /* no more receptions */ - close(sd); + shutdown (sd, SHUT_RDWR); /* no more receptions */ + close (sd); - i++; - } while (1); + i++; + } + while (1); #ifdef ENABLE_SRP - gnutls_srp_free_client_credentials(srp_cred); + gnutls_srp_free_client_credentials (srp_cred); #endif - gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials (xcred); #ifdef ENABLE_ANON - gnutls_anon_free_client_credentials(anon_cred); + gnutls_anon_free_client_credentials (anon_cred); #endif - gnutls_global_deinit(); + gnutls_global_deinit (); - return 0; + return 0; } static gaainfo info; -void gaa_parser(int argc, char **argv) +void +gaa_parser (int argc, char **argv) { - if (gaa(argc, argv, &info) != -1) { - fprintf(stderr, - "Error in the arguments. Use the -h or --help parameters to get more info.\n"); - exit(1); + if (gaa (argc, argv, &info) != -1) + { + fprintf (stderr, + "Error in the arguments. Use the -h or --help parameters to get more info.\n"); + exit (1); } - port = info.pp; - if (info.rest_args == NULL) - hostname = "localhost"; - else - hostname = info.rest_args; + port = info.pp; + if (info.rest_args == NULL) + hostname = "localhost"; + else + hostname = info.rest_args; - debug = info.debug; + debug = info.debug; - verbose = info.more_info; + verbose = info.more_info; } |