From 9de6741877f3156f7ad66d709fa8a84ceb3c50fd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 3 Jan 2004 10:27:22 +0000 Subject: *** empty log message *** --- src/tests.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++--------- src/tests.h | 1 + src/tls_test.c | 13 +++++++----- 3 files changed, 63 insertions(+), 14 deletions(-) diff --git a/src/tests.c b/src/tests.c index 9f62fa3f5a..220094a87b 100644 --- a/src/tests.c +++ b/src/tests.c @@ -44,8 +44,9 @@ extern gnutls_certificate_credentials xcred; extern int more_info; static int dh_bits; -extern int tls1_ok; -extern int ssl3_ok; +int tls1_ok = 0; +int ssl3_ok = 0; +int tls1_1_ok = 0; /* keep session info */ static char *session_data = NULL; @@ -86,7 +87,10 @@ int ret, alert; } session_data = malloc(session_data_size); sfree = 1; - if (session_data==NULL) exit(1); + if (session_data==NULL) { + fprintf(stderr, "Memory error\n"); + exit(1); + } gnutls_session_get_data(session, session_data, &session_data_size); session_id_size = sizeof( session_id); @@ -164,13 +168,24 @@ static void ADD_CERTTYPE(gnutls_session session, int ctype) { gnutls_certificate_type_set_priority(session, _ct_priority); } -static void ADD_PROTOCOL(gnutls_session session, int protocol) { +static void ADD_PROTOCOL(gnutls_session session, int protocol) +{ static int _proto_priority[] = { 0, 0 }; _proto_priority[0] = protocol; gnutls_protocol_set_priority(session, _proto_priority); } +static void ADD_PROTOCOL3(gnutls_session session, int p1, int p2, int p3) +{ + static int _proto_priority[] = { 0, 0, 0, 0 }; + _proto_priority[0] = p1; + _proto_priority[1] = p2; + _proto_priority[2] = p3; + + gnutls_protocol_set_priority(session, _proto_priority); +} + #ifdef ENABLE_SRP static int srp_detected; @@ -245,7 +260,8 @@ int test_dhe_bits( gnutls_session session) { return SUCCEED; } -int test_ssl3( gnutls_session session) { +int test_ssl3( gnutls_session session) +{ int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -260,8 +276,10 @@ int ret; return ret; } + static int alrm=0; -void got_alarm(int k) { +void got_alarm(int k) +{ alrm = 1; } @@ -483,7 +501,8 @@ int ret; return ret; } -int test_tls1( gnutls_session session) { +int test_tls1( gnutls_session session) +{ int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -500,7 +519,8 @@ int ret; } -int test_tls1_1( gnutls_session session) { +int test_tls1_1( gnutls_session session) +{ int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -511,12 +531,37 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==SUCCEED) tls1_ok = 1; + if (ret==SUCCEED) tls1_1_ok = 1; return ret; } +int test_tls1_1_fallback( gnutls_session session) +{ +int ret; + ADD_ALL_CIPHERS(session); + ADD_ALL_COMP(session); + ADD_ALL_CERTTYPES(session); + ADD_PROTOCOL3(session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3); + ADD_ALL_MACS(session); + ADD_ALL_KX(session); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + if (tls1_1_ok) return UNSURE; + + ret = do_handshake( session); + if (ret!=SUCCEED) return GFAILED; + + if (gnutls_protocol_get_version( session)==GNUTLS_TLS1) + return SUCCEED; + else if (gnutls_protocol_get_version( session)==GNUTLS_SSL3) + return UNSURE; + + return GFAILED; + +} + /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails, * but the previous SSL 3.0 test succeeded then disable TLS 1.0. */ diff --git a/src/tests.h b/src/tests.h index 2ed83cd8d7..6a4125a9a3 100644 --- a/src/tests.h +++ b/src/tests.h @@ -17,6 +17,7 @@ int test_arcfour( gnutls_session state); int test_arcfour_40( gnutls_session state); int test_tls1( gnutls_session state); int test_tls1_1( gnutls_session state); +int test_tls1_1_fallback( gnutls_session state); int test_tls_disable( gnutls_session state); int test_rsa_pms( gnutls_session state); int test_max_record_size( gnutls_session state); diff --git a/src/tls_test.c b/src/tls_test.c index e7c1c6a825..0ace0f064c 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -61,8 +61,9 @@ gnutls_certificate_credentials xcred; int more_info = 0; -int tls1_ok = 0; -int ssl3_ok = 0; +extern int tls1_ok; +extern int tls1_1_ok; +extern int ssl3_ok; static void tls_log_func( int level, const char* str) { @@ -81,6 +82,7 @@ typedef struct { static const TLS_TEST tls_tests[] = { { "for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno" }, + { "fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "", "SSL 3.0" }, { "for TLS 1.0 support", test_tls1, "yes", "no", "dunno" }, { "for SSL 3.0 support", test_ssl3, "yes", "no", "dunno" }, { "for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes", "dunno" }, @@ -151,8 +153,6 @@ int main(int argc, char **argv) gnutls_session state; char buffer[MAX_BUF + 1]; struct hostent *server_host; - int ssl3_ok = 0; - int tls1_ok = 0; gaa_parser(argc, argv); @@ -215,7 +215,10 @@ int main(int argc, char **argv) /* if neither of SSL3 and TLSv1 are supported, exit */ - if (i > 1 && tls1_ok == 0 && ssl3_ok == 0) break; + if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0) { + fprintf(stderr, "%d %d %d\n", tls1_1_ok,tls1_ok,ssl3_ok); + break; + } CONNECT(); gnutls_init(&state, GNUTLS_CLIENT); -- cgit v1.2.1