search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
We reverted the ABI bump.
[gnutls.git] / src / tls_test.c
blobfc2efcca08878906b54fe6c2b8fd950389e16e10
1 /*
2 * Copyright (C) 2000,2001,2002,2003,2006,2007 Nikos Mavrogiannopoulos
3 * Copyright (C) 2004,2005, 2008 Free Software Foundation
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <errno.h>
24 #include <stdlib.h>
25 #include <sys/types.h>
26 #include <string.h>
27 #include <gnutls/gnutls.h>
28 #include <gnutls/extra.h>
29 #include <sys/time.h>
30 #include <sys/socket.h>
31 #include <tests.h>
32 #include <common.h>
33 #include <tls_test-gaa.h>
34
35 #define SA struct sockaddr
36 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
37 #define MAX_BUF 4096
38
39 /* global stuff here */
40 int resume;
41 char *hostname = NULL;
42 int port;
43 int record_max_size;
44 int fingerprint;
45 static int debug;
46
47 gnutls_srp_client_credentials_t srp_cred;
48 gnutls_anon_client_credentials_t anon_cred;
49 gnutls_certificate_credentials_t xcred;
50
51 /* end of global stuff */
52
53
54 int verbose = 0;
55
56 extern int tls1_ok;
57 extern int tls1_1_ok;
58 extern int ssl3_ok;
59
60 static void
61 tls_log_func (int level, const char *str)
62 {
63 fprintf (stderr, "|<%d>| %s", level, str);
64 }
65
66 typedef test_code_t (*TEST_FUNC) (gnutls_session_t);
67
68 typedef struct
69 {
70 char *test_name;
71 TEST_FUNC func;
72 char *suc_str;
73 char *fail_str;
74 char *unsure_str;
75 } TLS_TEST;
76
77 static const TLS_TEST tls_tests[] = {
78 {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
79 {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
80 "SSL 3.0"},
81 {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
82 {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
83 {"for HTTPS server name", test_server, "", "failed", "not checked"},
84 {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
85 "dunno"},
86 {"for version rollback bug in Client Hello", test_version_rollback,
87 "no", "yes", "dunno"},
88
89 /* this test will disable TLS 1.0 if the server is
90 * buggy */
91 {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
92 "dunno"},
93
94 {"whether the server ignores the RSA PMS version",
95 test_rsa_pms_version_check, "yes", "no", "dunno"},
96 {"whether the server can accept Hello Extensions",
97 test_hello_extension, "yes", "no", "dunno"},
98 {"whether the server can accept cipher suites not in SSL 3.0 spec",
99 test_unknown_ciphersuites, "yes", "no", "dunno"},
100 {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
101 {"for certificate information", test_certificate, "", "", ""},
102 {"for trusted CAs", test_server_cas, "", "", ""},
103 {"whether the server understands TLS closure alerts", test_bye, "yes",
104 "no", "partially"},
105 /* the fact that is after the closure alert test does matter.
106 */
107 {"whether the server supports session resumption",
108 test_session_resume2, "yes", "no", "dunno"},
109 {"for export-grade ciphersuite support", test_export, "yes", "no",
110 "dunno"},
111 {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"},
112 #ifdef ENABLE_ANON
113 {"for anonymous authentication support", test_anonymous, "yes", "no",
114 "dunno"},
115 {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A",
116 "N/A"},
117 #endif
118 {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no",
119 "dunno"},
120 {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A",
121 "N/A"},
122 {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
123 "dunno"},
124 #ifdef ENABLE_CAMELLIA
125 {"for CAMELLIA cipher support (TLS extension)", test_camellia, "yes", "no",
126 "dunno"},
127 #endif
128 {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
129 {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
130 {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
131 "dunno"},
132 {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
133 {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
134 #ifdef HAVE_LIBZ
135 {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
136 "no", "dunno"},
137 #endif
138 {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
139 "no", "dunno"},
140 {"for max record size (TLS extension)", test_max_record_size, "yes",
141 "no", "dunno"},
142 #ifdef ENABLE_SRP
143 {"for SRP authentication support (TLS extension)", test_srp, "yes",
144 "no", "dunno"},
145 #endif
146 {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
147 "yes", "no", "dunno"},
148 {NULL, NULL, NULL, NULL, NULL}
149 };
150
151 static int tt = 0;
152 const char *ip;
153
154 static void gaa_parser (int argc, char **argv);
155
156 int
157 main (int argc, char **argv)
158 {
159 int err, ret;
160 int sd, i;
161 gnutls_session_t state;
162 char buffer[MAX_BUF + 1];
163 char portname[6];
164 struct addrinfo hints, *res, *ptr;
165
166 gaa_parser (argc, argv);
167
168 #ifndef _WIN32
169 signal (SIGPIPE, SIG_IGN);
170 #endif
171
172 sockets_init ();
173
174 if (gnutls_global_init () < 0)
175 {
176 fprintf (stderr, "global state initialization error\n");
177 exit (1);
178 }
179
180 gnutls_global_set_log_function (tls_log_func);
181 gnutls_global_set_log_level (debug);
182
183 printf ("Resolving '%s'...\n", hostname);
184 /* get server name */
185 memset (&hints, 0, sizeof (hints));
186 hints.ai_socktype = SOCK_STREAM;
187 hints.ai_flags = 0;
188 snprintf (portname, sizeof (portname), "%d", port);
189 if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
190 {
191 fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
192 gai_strerror (err));
193 exit (1);
194 }
195
196 /* X509 stuff */
197 if (gnutls_certificate_allocate_credentials (&xcred) < 0)
198 { /* space for 2 certificates */
199 fprintf (stderr, "memory error\n");
200 exit (1);
201 }
202
203 /* SRP stuff */
204 #ifdef ENABLE_SRP
205 if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
206 {
207 fprintf (stderr, "memory error\n");
208 exit (1);
209 }
210 #endif
211
212 #ifdef ENABLE_ANON
213 /* ANON stuff */
214 if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
215 {
216 fprintf (stderr, "memory error\n");
217 exit (1);
218 }
219 #endif
220
221 i = 0;
222
223 do
224 {
225
226 if (tls_tests[i].test_name == NULL)
227 break; /* finished */
228
229 /* if neither of SSL3 and TLSv1 are supported, exit
230 */
231 if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
232 {
233 fprintf (stderr,
234 "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
235 break;
236 }
237
238 sd = -1;
239 for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
240 {
241 sd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
242 if (sd == -1)
243 {
244 continue;
245 }
246
247 getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
248 NULL, 0, NI_NUMERICHOST);
249 if (tt++ == 0) printf("Connecting to '%s:%d'...\n", buffer, port);
250 if ((err = connect(sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
251 {
252 close (sd);
253 sd = -1;
254 continue;
255 }
256 }
257 ERR(err, "connect")
258
259 gnutls_init (&state, GNUTLS_CLIENT);
260 gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t) sd);
261
262 do
263 {
264 printf ("Checking %s...", tls_tests[i].test_name);
265
266 ret = tls_tests[i].func (state);
267
268 if (ret == TEST_SUCCEED)
269 printf (" %s\n", tls_tests[i].suc_str);
270 else if (ret == TEST_FAILED)
271 printf (" %s\n", tls_tests[i].fail_str);
272 else if (ret == TEST_UNSURE)
273 printf (" %s\n", tls_tests[i].unsure_str);
274 else if (ret == TEST_IGNORE)
275 {
276 printf (" N/A\n");
277 i++;
278 }
279 }
280 while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
281
282 gnutls_deinit (state);
283
284 shutdown (sd, SHUT_RDWR); /* no more receptions */
285 close (sd);
286
287 i++;
288 }
289 while (1);
290
291 freeaddrinfo (res);
292
293 #ifdef ENABLE_SRP
294 gnutls_srp_free_client_credentials (srp_cred);
295 #endif
296 gnutls_certificate_free_credentials (xcred);
297 #ifdef ENABLE_ANON
298 gnutls_anon_free_client_credentials (anon_cred);
299 #endif
300 gnutls_global_deinit ();
301
302 return 0;
303 }
304
305 static gaainfo info;
306 void
307 gaa_parser (int argc, char **argv)
308 {
309 if (gaa (argc, argv, &info) != -1)
310 {
311 fprintf (stderr,
312 "Error in the arguments. Use the -h or --help parameters to get more info.\n");
313 exit (1);
314 }
315
316 port = info.pp;
317 if (info.rest_args == NULL)
318 hostname = "localhost";
319 else
320 hostname = info.rest_args;
321
322 debug = info.debug;
323
324 verbose = info.more_info;
325
326 }
327
328 void
329 tls_test_version (void)
330 {
331 const char *v = gnutls_check_version (NULL);
332
333 printf ("gnutls-cli-debug (GnuTLS) %s\n", LIBGNUTLS_VERSION);
334 if (strcmp (v, LIBGNUTLS_VERSION) != 0)
335 printf ("libgnutls %s\n", v);
336 }
Implementation of the SSL/TLS protocol