search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
minor update to the fix.
[gnutls.git] / src / tls_test.c
blob46f5561e3cea626736e5700a3daa5ff427f67868
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 * 2009, 2010 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuTLS.
6 *
7 * GnuTLS is free software: you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see
19 * <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <errno.h>
25 #include <stdlib.h>
26 #include <sys/types.h>
27 #include <string.h>
28 #include <gnutls/gnutls.h>
29 #include <gnutls/extra.h>
30 #include <sys/time.h>
31 #include <sys/socket.h>
32 #include <tests.h>
33 #include <common.h>
34 #include <tls_test-gaa.h>
35
36 /* Gnulib portability files. */
37 #include <progname.h>
38 #include <version-etc.h>
39 #include "sockets.h"
40
41 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
42 #define MAX_BUF 4096
43
44 /* global stuff here */
45 int resume;
46 const char *hostname = NULL;
47 int port;
48 int record_max_size;
49 int fingerprint;
50 static int debug;
51
52 gnutls_srp_client_credentials_t srp_cred;
53 gnutls_anon_client_credentials_t anon_cred;
54 gnutls_certificate_credentials_t xcred;
55
56 /* end of global stuff */
57
58
59 int verbose = 0;
60
61 extern int tls1_ok;
62 extern int tls1_1_ok;
63 extern int ssl3_ok;
64
65 static void
66 tls_log_func (int level, const char *str)
67 {
68 fprintf (stderr, "|<%d>| %s", level, str);
69 }
70
71 typedef test_code_t (*TEST_FUNC) (gnutls_session_t);
72
73 typedef struct
74 {
75 const char *test_name;
76 TEST_FUNC func;
77 const char *suc_str;
78 const char *fail_str;
79 const char *unsure_str;
80 } TLS_TEST;
81
82 static const TLS_TEST tls_tests[] = {
83 {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
84 {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"},
85 {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
86 {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
87 {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
88 "SSL 3.0"},
89 {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
90 /* this test will disable TLS 1.0 if the server is
91 * buggy */
92 {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
93 "dunno"},
94 {"for Safe renegotiation support", test_safe_renegotiation, "yes", "no",
95 "dunno"},
96 {"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv,
97 "yes", "no", "dunno"},
98 {"for HTTPS server name", test_server, "", "failed", "not checked"},
99 {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
100 "dunno"},
101 {"for version rollback bug in Client Hello", test_version_rollback,
102 "no", "yes", "dunno"},
103
104
105 {"whether the server ignores the RSA PMS version",
106 test_rsa_pms_version_check, "yes", "no", "dunno"},
107 {"whether the server can accept Hello Extensions",
108 test_hello_extension, "yes", "no", "dunno"},
109 {"whether the server can accept cipher suites not in SSL 3.0 spec",
110 test_unknown_ciphersuites, "yes", "no", "dunno"},
111 {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
112 {"for certificate information", test_certificate, "", "", ""},
113 {"for trusted CAs", test_server_cas, "", "", ""},
114 {"whether the server understands TLS closure alerts", test_bye, "yes",
115 "no", "partially"},
116 /* the fact that is after the closure alert test does matter.
117 */
118 {"whether the server supports session resumption",
119 test_session_resume2, "yes", "no", "dunno"},
120 {"for export-grade ciphersuite support", test_export, "yes", "no",
121 "dunno"},
122 {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"},
123 #ifdef ENABLE_ANON
124 {"for anonymous authentication support", test_anonymous, "yes", "no",
125 "dunno"},
126 {"anonymous Diffie-Hellman group info", test_dhe_group, "", "N/A",
127 "N/A"},
128 #endif
129 {"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
130 "dunno"},
131 {"ephemeral Diffie-Hellman group info", test_dhe_group, "", "N/A",
132 "N/A"},
133 {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
134 "dunno"},
135 #ifdef ENABLE_CAMELLIA
136 {"for CAMELLIA cipher support (TLS extension)", test_camellia, "yes", "no",
137 "dunno"},
138 #endif
139 {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
140 {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
141 {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
142 "dunno"},
143 {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
144 {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
145 #ifdef HAVE_LIBZ
146 {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
147 "no", "dunno"},
148 #endif
149 {"for max record size (TLS extension)", test_max_record_size, "yes",
150 "no", "dunno"},
151 {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
152 "yes", "no", "dunno"},
153 {NULL, NULL, NULL, NULL, NULL}
154 };
155
156 static int tt = 0;
157 const char *ip;
158
159 static void gaa_parser (int argc, char **argv);
160
161 int
162 main (int argc, char **argv)
163 {
164 int err, ret;
165 int sd, i;
166 gnutls_session_t state;
167 char buffer[MAX_BUF + 1];
168 char portname[6];
169 struct addrinfo hints, *res, *ptr;
170
171 set_program_name (argv[0]);
172 gaa_parser (argc, argv);
173
174 #ifndef _WIN32
175 signal (SIGPIPE, SIG_IGN);
176 #endif
177
178 sockets_init ();
179
180 if (gnutls_global_init () < 0)
181 {
182 fprintf (stderr, "global state initialization error\n");
183 exit (1);
184 }
185
186 gnutls_global_set_log_function (tls_log_func);
187 gnutls_global_set_log_level (debug);
188
189 printf ("Resolving '%s'...\n", hostname);
190 /* get server name */
191 memset (&hints, 0, sizeof (hints));
192 hints.ai_socktype = SOCK_STREAM;
193 hints.ai_flags = 0;
194 snprintf (portname, sizeof (portname), "%d", port);
195 if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
196 {
197 fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
198 gai_strerror (err));
199 exit (1);
200 }
201
202 /* X509 stuff */
203 if (gnutls_certificate_allocate_credentials (&xcred) < 0)
204 { /* space for 2 certificates */
205 fprintf (stderr, "memory error\n");
206 exit (1);
207 }
208
209 /* SRP stuff */
210 #ifdef ENABLE_SRP
211 if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
212 {
213 fprintf (stderr, "memory error\n");
214 exit (1);
215 }
216 #endif
217
218 #ifdef ENABLE_ANON
219 /* ANON stuff */
220 if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
221 {
222 fprintf (stderr, "memory error\n");
223 exit (1);
224 }
225 #endif
226
227 i = 0;
228
229 do
230 {
231
232 if (tls_tests[i].test_name == NULL)
233 break; /* finished */
234
235 /* if neither of SSL3 and TLSv1 are supported, exit
236 */
237 if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
238 {
239 fprintf (stderr,
240 "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
241 break;
242 }
243
244 sd = -1;
245 for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
246 {
247 sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
248 if (sd == -1)
249 {
250 continue;
251 }
252
253 getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
254 NULL, 0, NI_NUMERICHOST);
255 if (tt++ == 0)
256 printf ("Connecting to '%s:%d'...\n", buffer, port);
257 if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
258 {
259 close (sd);
260 sd = -1;
261 continue;
262 }
263 }
264 ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT);
265 gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t)
266 gl_fd_to_handle (sd));
267
268 do
269 {
270 printf ("Checking %s...", tls_tests[i].test_name);
271
272 ret = tls_tests[i].func (state);
273
274 if (ret == TEST_SUCCEED)
275 printf (" %s\n", tls_tests[i].suc_str);
276 else if (ret == TEST_FAILED)
277 printf (" %s\n", tls_tests[i].fail_str);
278 else if (ret == TEST_UNSURE)
279 printf (" %s\n", tls_tests[i].unsure_str);
280 else if (ret == TEST_IGNORE)
281 {
282 printf (" N/A\n");
283 i++;
284 }
285 }
286 while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
287
288 gnutls_deinit (state);
289
290 shutdown (sd, SHUT_RDWR); /* no more receptions */
291 close (sd);
292
293 i++;
294 }
295 while (1);
296
297 freeaddrinfo (res);
298
299 #ifdef ENABLE_SRP
300 gnutls_srp_free_client_credentials (srp_cred);
301 #endif
302 gnutls_certificate_free_credentials (xcred);
303 #ifdef ENABLE_ANON
304 gnutls_anon_free_client_credentials (anon_cred);
305 #endif
306 gnutls_global_deinit ();
307
308 return 0;
309 }
310
311 static gaainfo info;
312 void
313 gaa_parser (int argc, char **argv)
314 {
315 if (gaa (argc, argv, &info) != -1)
316 {
317 fprintf (stderr,
318 "Error in the arguments. Use the -h or --help parameters to get more info.\n");
319 exit (1);
320 }
321
322 port = info.pp;
323 if (info.rest_args == NULL)
324 hostname = "localhost";
325 else
326 hostname = info.rest_args;
327
328 debug = info.debug;
329
330 verbose = info.more_info;
331
332 }
333
334 void tls_test_version (void);
335
336 void
337 tls_test_version (void)
338 {
339 const char *p = PACKAGE_NAME;
340 if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
341 p = PACKAGE_STRING;
342 version_etc (stdout, "gnutls-cli-debug", p, gnutls_check_version (NULL),
343 "Nikos Mavrogiannopoulos", (char *) NULL);
344 }
Implementation of the SSL/TLS protocol