diff options
Diffstat (limited to 'tests/tls13/compress-cert-neg.c')
-rw-r--r-- | tests/tls13/compress-cert-neg.c | 95 |
1 files changed, 59 insertions, 36 deletions
diff --git a/tests/tls13/compress-cert-neg.c b/tests/tls13/compress-cert-neg.c index 5364e88132..9f3a28070f 100644 --- a/tests/tls13/compress-cert-neg.c +++ b/tests/tls13/compress-cert-neg.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -#include <config.h> +# include <config.h> #endif #include <stdio.h> @@ -36,19 +36,19 @@ int main(int argc, char **argv) #else -#include <sys/socket.h> -#include <sys/wait.h> -#include <unistd.h> -#include <gnutls/gnutls.h> +# include <sys/socket.h> +# include <sys/wait.h> +# include <unistd.h> +# include <gnutls/gnutls.h> -#include "cert-common.h" -#include "utils.h" +# include "cert-common.h" +# include "utils.h" /* This program tests whether the compress_certificate extensions is disabled * when client and server have incompatible compression methods set */ -#define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" -#define CHECK(X) assert((X)>=0) +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" +# define CHECK(X) assert((X)>=0) static pid_t child; int client_bad; @@ -76,14 +76,16 @@ static void server_log_func(int level, const char *str) } static int client_callback(gnutls_session_t session, unsigned htype, - unsigned post, unsigned incoming, const gnutls_datum_t *msg) + unsigned post, unsigned incoming, + const gnutls_datum_t * msg) { client_bad = 1; return 0; } static int server_callback(gnutls_session_t session, unsigned htype, - unsigned post, unsigned incoming, const gnutls_datum_t *msg) + unsigned post, unsigned incoming, + const gnutls_datum_t * msg) { server_bad = 1; return 0; @@ -96,8 +98,10 @@ static void client(int fd) gnutls_session_t session; gnutls_certificate_credentials_t x509_cred; gnutls_compression_method_t method; - gnutls_compression_method_t methods[] = { GNUTLS_COMP_BROTLI, GNUTLS_COMP_ZSTD }; - size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + gnutls_compression_method_t methods[] = + { GNUTLS_COMP_BROTLI, GNUTLS_COMP_ZSTD }; + size_t methods_len = + sizeof(methods) / sizeof(gnutls_compression_method_t); global_init(); @@ -107,20 +111,27 @@ static void client(int fd) } CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); - CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); - CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert_chain, - &cli_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_trust_mem + (x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem + (x509_cred, &cli_ca3_cert_chain, &cli_ca3_key, + GNUTLS_X509_FMT_PEM)); CHECK(gnutls_init(&session, GNUTLS_CLIENT)); - CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_credentials_set + (session, GNUTLS_CRD_CERTIFICATE, x509_cred)); CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); - ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + ret = + gnutls_compress_certificate_set_methods(session, methods, + methods_len); if (ret < 0) { - fail("client: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + fail("client: setting compression method failed (%s)\n\n", + gnutls_strerror(ret)); terminate(); } - gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + gnutls_handshake_set_hook_function(session, + GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, GNUTLS_HOOK_PRE, client_callback); gnutls_transport_set_int(session, fd); @@ -148,7 +159,8 @@ static void client(int fd) ret = gnutls_certificate_verify_peers2(session, &status); if (ret < 0) - fail("client: could not verify server certificate: %s\n", gnutls_strerror(ret)); + fail("client: could not verify server certificate: %s\n", + gnutls_strerror(ret)); if (status) fail("client: certificate verification failed\n"); @@ -157,7 +169,7 @@ static void client(int fd) if (debug) success("client: finished\n"); -cleanup: + cleanup: close(fd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); @@ -172,7 +184,8 @@ static void server(int fd) gnutls_certificate_credentials_t x509_cred; gnutls_compression_method_t method; gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZLIB }; - size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + size_t methods_len = + sizeof(methods) / sizeof(gnutls_compression_method_t); global_init(); @@ -182,20 +195,27 @@ static void server(int fd) } CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); - CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); - CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, - &server_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_trust_mem + (x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem + (x509_cred, &server_ca3_localhost_cert_chain, &server_ca3_key, + GNUTLS_X509_FMT_PEM)); CHECK(gnutls_init(&session, GNUTLS_SERVER)); - CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_credentials_set + (session, GNUTLS_CRD_CERTIFICATE, x509_cred)); CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); - ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + ret = + gnutls_compress_certificate_set_methods(session, methods, + methods_len); if (ret < 0) { - fail("server: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + fail("server: setting compression method failed (%s)\n\n", + gnutls_strerror(ret)); terminate(); } - gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + gnutls_handshake_set_hook_function(session, + GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, GNUTLS_HOOK_PRE, server_callback); gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); gnutls_transport_set_int(session, fd); @@ -205,14 +225,16 @@ static void server(int fd) } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { - fail("server: Handshake has failed (%s)\n\n", gnutls_strerror(ret)); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); goto cleanup; } if (debug) success("server: Handshake was completed\n"); if (debug) - success("server: TLS version is: %s\n", gnutls_protocol_get_name( - gnutls_protocol_get_version(session))); + success("server: TLS version is: %s\n", + gnutls_protocol_get_name(gnutls_protocol_get_version + (session))); method = gnutls_compress_certificate_get_selected_method(session); if (method != GNUTLS_COMP_UNKNOWN) @@ -223,7 +245,8 @@ static void server(int fd) ret = gnutls_certificate_verify_peers2(session, &status); if (ret < 0) - fail("server: could not verify client certificate: %s\n", gnutls_strerror(ret)); + fail("server: could not verify client certificate: %s\n", + gnutls_strerror(ret)); if (status) fail("server: certificate verification failed\n"); @@ -232,7 +255,7 @@ static void server(int fd) if (debug) success("server: finished\n"); -cleanup: + cleanup: close(fd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); @@ -272,4 +295,4 @@ void doit(void) } } -#endif /* _WIN32 */ +#endif /* _WIN32 */ |