From 0ae82294ca86e42b33368a94f1b3c5b91694729f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 14 Dec 2019 15:41:17 +0100 Subject: Provide flag to identify sessions that an OCSP response was requested That adds the flag GNUTLS_SFLAGS_CLI_REQUESTED_OCSP which can be checked by a server application to determine whether the client has requested stapled OCSP responses. This includes minor cleanups in the status request handling code. Resolves: #829 Signed-off-by: Nikos Mavrogiannopoulos --- tests/mini-x509.c | 3 +++ tests/status-request.c | 6 +++++- tests/x509-cert-callback-ocsp.c | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/mini-x509.c b/tests/mini-x509.c index c26b13f716..a4fb56e991 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -113,6 +113,9 @@ void start(const char *prio, unsigned expect_max) HANDSHAKE(client, server); + assert((gnutls_session_get_flags(server) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + assert((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + /* check gnutls_certificate_get_ours() - client side */ { const gnutls_datum_t *mcert; diff --git a/tests/status-request.c b/tests/status-request.c index 0e62969ba9..07c7918524 100644 --- a/tests/status-request.c +++ b/tests/status-request.c @@ -107,7 +107,7 @@ static void client(int fd, const char *prio) /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS); + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS)>=0); assert(gnutls_priority_set_direct(session, prio, NULL)>=0); @@ -136,6 +136,8 @@ static void client(int fd, const char *prio) success("client: Handshake was completed\n"); } + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) == 0); + if (debug) success("client: TLS version is: %s\n", gnutls_protocol_get_name @@ -215,6 +217,8 @@ static void server(int fd, const char *prio) goto end; } + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) == 0); + if (debug) { success("server: Handshake was completed\n"); } diff --git a/tests/x509-cert-callback-ocsp.c b/tests/x509-cert-callback-ocsp.c index 036c047af6..b0a6c87620 100644 --- a/tests/x509-cert-callback-ocsp.c +++ b/tests/x509-cert-callback-ocsp.c @@ -187,6 +187,9 @@ static void start(const char *prio) HANDSHAKE(client, server); + assert((gnutls_session_get_flags(server) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + assert((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + ret = gnutls_ocsp_status_request_get(client, &response); if (ret != 0) fail("no response was found: %s\n", gnutls_strerror(ret)); -- cgit v1.2.1