search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update.
[gnutls.git] / src / tls_test.c
blob7c2d53d73a86c1ea8e0c81cfe32b85b5f8249385
1 /*
2 * Copyright (C) 2000,2001,2002,2003,2006 Nikos Mavroyanopoulos
3 * Copyright (C) 2004,2005 Free Software Foundation
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <errno.h>
25 #include <stdlib.h>
26 #include <sys/types.h>
27 #include <string.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/extra.h>
30 #include <sys/time.h>
31 #include <tests.h>
32 #include <common.h>
33 #include <tls_test-gaa.h>
34
35 #ifndef SHUT_WR
36 # define SHUT_WR 1
37 #endif
38
39 #ifndef SHUT_RDWR
40 # define SHUT_RDWR 2
41 #endif
42
43 #define SA struct sockaddr
44 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
45 #define MAX_BUF 4096
46
47 /* global stuff here */
48 int resume;
49 char *hostname = NULL;
50 int port;
51 int record_max_size;
52 int fingerprint;
53 static int debug;
54
55 gnutls_srp_client_credentials srp_cred;
56 gnutls_anon_client_credentials anon_cred;
57 gnutls_certificate_credentials xcred;
58
59 /* end of global stuff */
60
61
62 int verbose = 0;
63
64 extern int tls1_ok;
65 extern int tls1_1_ok;
66 extern int ssl3_ok;
67
68 static void
69 tls_log_func (int level, const char *str)
70 {
71 fprintf (stderr, "|<%d>| %s", level, str);
72 }
73
74 typedef test_code_t (*TEST_FUNC) (gnutls_session);
75
76 typedef struct
77 {
78 char *test_name;
79 TEST_FUNC func;
80 char *suc_str;
81 char *fail_str;
82 char *unsure_str;
83 } TLS_TEST;
84
85 static const TLS_TEST tls_tests[] = {
86 {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
87 {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
88 "SSL 3.0"},
89 {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
90 {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
91 {"for HTTPS server name", test_server, "", "failed", "not checked"},
92 {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
93 "dunno"},
94 {"for version rollback bug in Client Hello", test_version_rollback,
95 "no", "yes", "dunno"},
96
97 /* this test will disable TLS 1.0 if the server is
98 * buggy */
99 {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
100 "dunno"},
101
102 {"whether the server ignores the RSA PMS version",
103 test_rsa_pms_version_check, "yes", "no", "dunno"},
104 {"whether the server can accept Hello Extensions",
105 test_hello_extension, "yes", "no", "dunno"},
106 {"whether the server can accept cipher suites not in SSL 3.0 spec",
107 test_unknown_ciphersuites, "yes", "no", "dunno"},
108 {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
109 {"for certificate information", test_certificate, "", "", ""},
110 {"for trusted CAs", test_server_cas, "", "", ""},
111 {"whether the server understands TLS closure alerts", test_bye, "yes",
112 "no", "partially"},
113 /* the fact that is after the closure alert test does matter.
114 */
115 {"whether the server supports session resumption",
116 test_session_resume2, "yes", "no", "dunno"},
117 {"for export-grade ciphersuite support", test_export, "yes", "no",
118 "dunno"},
119 {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"},
120 #ifdef ENABLE_ANON
121 {"for anonymous authentication support", test_anonymous, "yes", "no",
122 "dunno"},
123 {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A",
124 "N/A"},
125 #endif
126 {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no",
127 "dunno"},
128 {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A",
129 "N/A"},
130 {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
131 "dunno"},
132 {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
133 {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
134 {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
135 "dunno"},
136 {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
137 {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
138 #ifdef HAVE_LIBZ
139 {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
140 "no", "dunno"},
141 #endif
142 {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
143 "no", "dunno"},
144 {"for max record size (TLS extension)", test_max_record_size, "yes",
145 "no", "dunno"},
146 #ifdef ENABLE_SRP
147 {"for SRP authentication support (TLS extension)", test_srp, "yes",
148 "no", "dunno"},
149 #endif
150 {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
151 "yes", "no", "dunno"},
152 {NULL, NULL, NULL, NULL, NULL}
153 };
154
155 static int tt = 0;
156 const char *ip;
157
158 static void gaa_parser (int argc, char **argv);
159
160 int
161 main (int argc, char **argv)
162 {
163 int err, ret;
164 int sd, i;
165 gnutls_session state;
166 char buffer[MAX_BUF + 1];
167 char portname[6];
168 struct addrinfo hints, *res, *ptr;
169
170 gaa_parser (argc, argv);
171
172 #ifndef _WIN32
173 signal (SIGPIPE, SIG_IGN);
174 #endif
175
176 sockets_init ();
177
178 if (gnutls_global_init () < 0)
179 {
180 fprintf (stderr, "global state initialization error\n");
181 exit (1);
182 }
183
184 gnutls_global_set_log_function (tls_log_func);
185 gnutls_global_set_log_level (debug);
186
187 if (gnutls_global_init_extra () < 0)
188 {
189 fprintf (stderr, "global state initialization error\n");
190 exit (1);
191 }
192
193 printf ("Resolving '%s'...\n", hostname);
194 /* get server name */
195 memset (&hints, 0, sizeof (hints));
196 hints.ai_socktype = SOCK_STREAM;
197 hints.ai_flags = 0;
198 snprintf (portname, sizeof (portname), "%d", port);
199 if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
200 {
201 fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
202 gai_strerror (err));
203 exit (1);
204 }
205
206 /* X509 stuff */
207 if (gnutls_certificate_allocate_credentials (&xcred) < 0)
208 { /* space for 2 certificates */
209 fprintf (stderr, "memory error\n");
210 exit (1);
211 }
212
213 /* SRP stuff */
214 #ifdef ENABLE_SRP
215 if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
216 {
217 fprintf (stderr, "memory error\n");
218 exit (1);
219 }
220 #endif
221
222 #ifdef ENABLE_ANON
223 /* ANON stuff */
224 if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
225 {
226 fprintf (stderr, "memory error\n");
227 exit (1);
228 }
229 #endif
230
231 i = 0;
232
233 do
234 {
235
236 if (tls_tests[i].test_name == NULL)
237 break; /* finished */
238
239 /* if neither of SSL3 and TLSv1 are supported, exit
240 */
241 if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
242 {
243 fprintf (stderr,
244 "\nServer does not support none of SSL 3.0, TLS 1.0 and TLS 1.1\n");
245 break;
246 }
247
248 sd = -1;
249 for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
250 {
251 sd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
252 if (sd == -1)
253 {
254 continue;
255 }
256
257 getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
258 NULL, 0, NI_NUMERICHOST);
259 if (tt++ == 0) printf("Connecting to '%s:%d'...\n", buffer, port);
260 if ((err = connect(sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
261 {
262 close (sd);
263 sd = -1;
264 continue;
265 }
266 }
267 ERR(err, "connect")
268
269 gnutls_init (&state, GNUTLS_CLIENT);
270 gnutls_transport_set_ptr (state, (gnutls_transport_ptr) sd);
271
272 do
273 {
274 printf ("Checking %s...", tls_tests[i].test_name);
275
276 ret = tls_tests[i].func (state);
277
278 if (ret == TEST_SUCCEED)
279 printf (" %s\n", tls_tests[i].suc_str);
280 else if (ret == TEST_FAILED)
281 printf (" %s\n", tls_tests[i].fail_str);
282 else if (ret == TEST_UNSURE)
283 printf (" %s\n", tls_tests[i].unsure_str);
284 else if (ret == TEST_IGNORE)
285 {
286 printf (" N/A\n");
287 i++;
288 }
289 }
290 while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
291
292 gnutls_deinit (state);
293
294 shutdown (sd, SHUT_RDWR); /* no more receptions */
295 close (sd);
296
297 i++;
298 }
299 while (1);
300
301 freeaddrinfo (res);
302
303 #ifdef ENABLE_SRP
304 gnutls_srp_free_client_credentials (srp_cred);
305 #endif
306 gnutls_certificate_free_credentials (xcred);
307 #ifdef ENABLE_ANON
308 gnutls_anon_free_client_credentials (anon_cred);
309 #endif
310 gnutls_global_deinit ();
311
312 return 0;
313 }
314
315 static gaainfo info;
316 void
317 gaa_parser (int argc, char **argv)
318 {
319 if (gaa (argc, argv, &info) != -1)
320 {
321 fprintf (stderr,
322 "Error in the arguments. Use the -h or --help parameters to get more info.\n");
323 exit (1);
324 }
325
326 port = info.pp;
327 if (info.rest_args == NULL)
328 hostname = "localhost";
329 else
330 hostname = info.rest_args;
331
332 debug = info.debug;
333
334 verbose = info.more_info;
335
336 }
337
338 void
339 tls_test_version (void)
340 {
341 const char *v = gnutls_check_version (NULL);
342
343 printf ("gnutls-cli-debug (GnuTLS) %s\n", LIBGNUTLS_VERSION);
344 if (strcmp (v, LIBGNUTLS_VERSION) != 0)
345 printf ("libgnutls %s\n", v);
346 }
Implementation of the SSL/TLS protocol