diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/cert_verify_inv_utf8.c | 2 | ||||
| -rw-r--r-- | tests/mini-server-name.c | 86 | ||||
| -rw-r--r-- | tests/set_key_utf8.c | 5 | ||||
| -rw-r--r-- | tests/set_x509_key_utf8.c | 3 | ||||
| m--------- | tests/suite/tls-fuzzer/tlsfuzzer | 0 | ||||
| m--------- | tests/suite/tls-fuzzer/tlslite-ng | 0 | ||||
| -rw-r--r-- | tests/utils-adv.c | 1 |
7 files changed, 31 insertions, 66 deletions
diff --git a/tests/cert_verify_inv_utf8.c b/tests/cert_verify_inv_utf8.c index a424e51075..4afd52311d 100644 --- a/tests/cert_verify_inv_utf8.c +++ b/tests/cert_verify_inv_utf8.c @@ -137,7 +137,7 @@ static void auto_parse(void) test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", 0, 0); test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκοσ.com"); test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκος.com"); - test_cli_serv_vf(x509_cred, clicred, "NORMAL", "raw:www.νίκος.com"); + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:www.νίκος.com", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, GNUTLS_E_AGAIN); gnutls_certificate_free_credentials(x509_cred); gnutls_certificate_free_credentials(clicred); diff --git a/tests/mini-server-name.c b/tests/mini-server-name.c index 05b9136a67..eba6f58110 100644 --- a/tests/mini-server-name.c +++ b/tests/mini-server-name.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2012 Free Software Foundation, Inc. - * + * Copyright (C) 2017 Red Hat, Inc. + * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. @@ -15,9 +16,8 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> */ #ifdef HAVE_CONFIG_H @@ -26,6 +26,7 @@ #include <stdio.h> #include <stdlib.h> +#include "cert-common.h" #ifdef _WIN32 @@ -65,53 +66,12 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -static unsigned char server_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" - "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" - "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" - "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" - "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" - "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" - "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" - "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" - "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" - "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" - "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" - "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; - /* internal function */ int _gnutls_server_name_set_raw(gnutls_session_t session, gnutls_server_name_type_t type, const void *name, size_t name_length); -static void client(const char *test_name, int fd, unsigned raw, const char *name, unsigned name_len) +static void client(const char *test_name, int fd, unsigned raw, const char *name, unsigned name_len, int server_err) { int ret; gnutls_anon_client_credentials_t anoncred; @@ -155,9 +115,10 @@ static void client(const char *test_name, int fd, unsigned raw, const char *name while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { + if (server_err < 0) + goto cleanup; test_fail("Handshake failed\n"); - gnutls_perror(ret); - exit(1); + goto cleanup; } else { if (debug) test_success("Handshake was completed\n"); @@ -170,6 +131,7 @@ static void client(const char *test_name, int fd, unsigned raw, const char *name gnutls_bye(session, GNUTLS_SHUT_WR); + cleanup: close(fd); gnutls_deinit(session); @@ -190,7 +152,7 @@ static void terminate(void) exit(1); } -static void server(const char *test_name, int fd, const char *name, unsigned name_len) +static void server(const char *test_name, int fd, const char *name, unsigned name_len, int exp_err) { int ret; char buffer[MAX_BUF + 1]; @@ -234,6 +196,8 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { + if (exp_err == ret) + goto cleanup; close(fd); gnutls_deinit(session); test_fail("Handshake has failed (%s)\n\n", @@ -259,7 +223,7 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam test_fail("server_name: %s/%d\n", gnutls_strerror(ret), ret); } else { if (name == NULL || name[0] == 0) { - test_fail("did not received expected name\n"); + test_fail("did not receive the expected name: got: %s\n", buffer); exit(1); } if (buffer_size != strlen(buffer)) { @@ -278,7 +242,7 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam /* do not wait for the peer to close the connection. */ gnutls_bye(session, GNUTLS_SHUT_WR); - + cleanup: close(fd); gnutls_deinit(session); @@ -294,7 +258,7 @@ static void server(const char *test_name, int fd, const char *name, unsigned nam /* name: the name sent by client * server_exp: the name which should be expected by the server to see */ -static void start(const char *test_name, unsigned raw, const char *name, unsigned len, const char *server_exp, unsigned server_exp_len) +static void start(const char *test_name, unsigned raw, const char *name, unsigned len, const char *server_exp, unsigned server_exp_len, int server_error) { int fd[2]; int ret; @@ -315,11 +279,11 @@ static void start(const char *test_name, unsigned raw, const char *name, unsigne if (child) { /* parent */ close(fd[1]); - server(test_name, fd[0], server_exp, server_exp_len); + server(test_name, fd[0], server_exp, server_exp_len, server_error); kill(child, SIGTERM); } else { close(fd[0]); - client(test_name, fd[1], raw, name, len); + client(test_name, fd[1], raw, name, len, server_error); exit(0); } } @@ -337,16 +301,12 @@ void doit(void) signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); - start("NULL", 0, NULL, 0, NULL, 0); - start("empty", 0, "", 0, "", 0); - start("test.example.com", 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com")); - start("longtest.example.com", 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com")); -#if defined(HAVE_LIBIDN2) - /* test invalid UTF8 */ - start("invalid-utf8", 1, "invalid\xff.example.com.", sizeof("invalid\xff.example.com")-1, NULL, 0); -#endif + start("NULL", 0, NULL, 0, NULL, 0, 0); + start("empty", 0, "", 0, "", 0, 0); + start("test.example.com", 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("longtest.example.com", 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); /* test embedded NULL */ - start("embedded-NULL", 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0); + start("embedded-NULL", 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } #endif /* _WIN32 */ diff --git a/tests/set_key_utf8.c b/tests/set_key_utf8.c index 55788671e0..7a02e45618 100644 --- a/tests/set_key_utf8.c +++ b/tests/set_key_utf8.c @@ -136,9 +136,12 @@ static void auto_parse(void) test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ - test_cli_serv(x509_cred, clicred, "NORMAL", "raw:简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ + /* the raw DNS should result to verification failure as the advertized name should + * not be considered and the first cert should be provided */ + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτρα.com", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, GNUTLS_E_AGAIN); + gnutls_certificate_free_credentials(x509_cred); gnutls_certificate_free_credentials(clicred); diff --git a/tests/set_x509_key_utf8.c b/tests/set_x509_key_utf8.c index fc1ba38b23..7cc5b99ea8 100644 --- a/tests/set_x509_key_utf8.c +++ b/tests/set_x509_key_utf8.c @@ -175,9 +175,10 @@ void doit(void) test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */ test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ - test_cli_serv(x509_cred, clicred, "NORMAL", "raw:简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */ test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτρα.com", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, GNUTLS_E_AGAIN); + gnutls_certificate_free_credentials(x509_cred); gnutls_certificate_free_credentials(clicred); diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject fdfa2525c0b33383037004d8130093801fbaaf4 +Subproject 744a2c8dc3b0c8ce36c4956d2713a3757b83213 diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng -Subproject f450a90b6a29ef9d3e0742240220c3995a4497e +Subproject 26a323a8beb51a8696f578769295db98121570b diff --git a/tests/utils-adv.c b/tests/utils-adv.c index 0947cd0160..0615a88c84 100644 --- a/tests/utils-adv.c +++ b/tests/utils-adv.c @@ -104,6 +104,7 @@ _test_cli_serv(gnutls_certificate_credentials_t server_cred, HANDSHAKE(client, server); } else { HANDSHAKE_EXPECT(client, server, cli_err, serv_err); + goto cleanup; } /* check the number of certificates received and verify */ |