2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
22 #include <gnutls/gnutls.h>
23 #include <gnutls/x509.h>
38 extern gnutls_srp_client_credentials_t srp_cred
;
39 extern gnutls_anon_client_credentials_t anon_cred
;
40 extern gnutls_certificate_credentials_t xcred
;
49 /* keep session info */
50 static char *session_data
= NULL
;
51 static char session_id
[32];
52 static size_t session_data_size
= 0, session_id_size
= 0;
54 static int handshake_output
= 0;
57 do_handshake (gnutls_session_t session
)
63 ret
= gnutls_handshake (session
);
65 while (ret
== GNUTLS_E_INTERRUPTED
|| ret
== GNUTLS_E_AGAIN
);
67 handshake_output
= ret
;
69 if (ret
< 0 && verbose
> 1)
71 if (ret
== GNUTLS_E_WARNING_ALERT_RECEIVED
72 || ret
== GNUTLS_E_FATAL_ALERT_RECEIVED
)
74 alert
= gnutls_alert_get (session
);
76 printf ("*** Received alert [%d]: %s\n",
77 alert
, gnutls_alert_get_name (alert
));
84 gnutls_session_get_data (session
, NULL
, &session_data_size
);
91 session_data
= malloc (session_data_size
);
93 if (session_data
== NULL
)
95 fprintf (stderr
, "Memory error\n");
98 gnutls_session_get_data (session
, session_data
, &session_data_size
);
100 session_id_size
= sizeof (session_id
);
101 gnutls_session_get_id (session
, session_id
, &session_id_size
);
106 char protocol_str
[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
107 char protocol_all_str
[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
108 char prio_str
[512] = "";
110 #define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
111 #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC"
112 #define ALL_COMP "+COMP-NULL"
113 #define ALL_MACS "+SHA1:+MD5"
114 #define ALL_CERTTYPES "+CTYPE-X509"
115 #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH"
116 #define INIT_STR "NONE:"
117 char rest
[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+CURVE-ALL";
120 _gnutls_priority_set_direct (gnutls_session_t session
, const char *str
)
123 int ret
= gnutls_priority_set_direct (session
, str
, &err
);
127 fprintf (stderr
, "Error with string %s\n", str
);
128 fprintf (stderr
, "Error at %s: %s\n", err
, gnutls_strerror (ret
));
134 test_server (gnutls_session_t session
)
139 const char snd_buf
[] = "GET / HTTP/1.0\n\n";
144 buf
[sizeof (buf
) - 1] = 0;
146 sprintf (prio_str
, INIT_STR
147 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
":"
148 ALL_KX
":" "%s", protocol_str
, rest
);
149 _gnutls_priority_set_direct (session
, prio_str
);
151 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
153 ret
= do_handshake (session
);
154 if (ret
!= TEST_SUCCEED
)
157 gnutls_record_send (session
, snd_buf
, sizeof (snd_buf
) - 1);
158 ret
= gnutls_record_recv (session
, buf
, sizeof (buf
) - 1);
162 p
= strstr (buf
, "Server:");
168 while (*p
!= 0 && *p
!= '\r' && *p
!= '\n')
182 static int export_true
= 0;
183 static gnutls_datum_t exp
= { NULL
, 0 }, mod
=
189 test_export (gnutls_session_t session
)
193 sprintf (prio_str
, INIT_STR
194 "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP
":" ALL_CERTTYPES
":%s:"
195 ALL_MACS
":" ALL_KX
":%s", protocol_str
, rest
);
196 _gnutls_priority_set_direct (session
, prio_str
);
198 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
200 ret
= do_handshake (session
);
202 if (ret
== TEST_SUCCEED
)
205 gnutls_rsa_export_get_pubkey (session
, &exp
, &mod
);
212 test_export_info (gnutls_session_t session
)
215 gnutls_datum_t exp2
, mod2
;
218 if (verbose
== 0 || export_true
== 0)
221 sprintf (prio_str
, INIT_STR
222 "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP
":" ALL_CERTTYPES
":%s:"
223 ALL_MACS
":" ALL_KX
":%s", protocol_str
, rest
);
224 _gnutls_priority_set_direct (session
, prio_str
);
226 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
228 ret
= do_handshake (session
);
230 if (ret
== TEST_SUCCEED
)
232 ret2
= gnutls_rsa_export_get_pubkey (session
, &exp2
, &mod2
);
237 print
= raw_to_string (exp2
.data
, exp2
.size
);
239 printf (" Exponent [%d bits]: %s\n", exp2
.size
* 8, print
);
241 print
= raw_to_string (mod2
.data
, mod2
.size
);
243 printf (" Modulus [%d bits]: %s\n", mod2
.size
* 8, print
);
245 if (mod2
.size
!= mod
.size
|| exp2
.size
!= exp
.size
||
246 memcmp (mod2
.data
, mod
.data
, mod
.size
) != 0 ||
247 memcmp (exp2
.data
, exp
.data
, exp
.size
) != 0)
250 (" (server uses different public keys per connection)\n");
259 static gnutls_datum_t pubkey
= { NULL
, 0 };
260 static gnutls_ecc_curve_t curve
= GNUTLS_ECC_CURVE_INVALID
;
263 test_dhe (gnutls_session_t session
)
267 sprintf (prio_str
, INIT_STR
268 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
269 ":+DHE-RSA:+DHE-DSS:%s", protocol_str
, rest
);
270 _gnutls_priority_set_direct (session
, prio_str
);
272 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
274 ret
= do_handshake (session
);
276 gnutls_dh_get_pubkey (session
, &pubkey
);
281 test_code_t
test_ecdhe (gnutls_session_t session
)
285 sprintf (prio_str
, INIT_STR
286 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
287 ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str
, rest
);
288 _gnutls_priority_set_direct (session
, prio_str
);
290 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
292 ret
= do_handshake (session
);
294 curve
= gnutls_ecc_curve_get(session
);
301 test_safe_renegotiation (gnutls_session_t session
)
305 sprintf (prio_str
, INIT_STR
306 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
":"
307 ALL_KX
":%%SAFE_RENEGOTIATION", protocol_str
);
308 _gnutls_priority_set_direct (session
, prio_str
);
310 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
312 ret
= do_handshake (session
);
318 test_safe_renegotiation_scsv (gnutls_session_t session
)
322 sprintf (prio_str
, INIT_STR
323 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":+VERS-SSL3.0:"
324 ALL_MACS
":" ALL_KX
":%%SAFE_RENEGOTIATION");
325 _gnutls_priority_set_direct (session
, prio_str
);
327 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
329 ret
= do_handshake (session
);
335 test_dhe_group (gnutls_session_t session
)
338 gnutls_datum_t gen
, prime
, pubkey2
;
341 if (verbose
== 0 || pubkey
.data
== NULL
)
344 sprintf (prio_str
, INIT_STR
345 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
346 ":+DHE-RSA:+DHE-DSS:%s", protocol_str
, rest
);
348 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
350 ret
= do_handshake (session
);
352 ret2
= gnutls_dh_get_group (session
, &gen
, &prime
);
357 print
= raw_to_string (gen
.data
, gen
.size
);
359 printf (" Generator [%d bits]: %s\n", gen
.size
* 8, print
);
361 print
= raw_to_string (prime
.data
, prime
.size
);
363 printf (" Prime [%d bits]: %s\n", prime
.size
* 8, print
);
365 gnutls_dh_get_pubkey (session
, &pubkey2
);
366 print
= raw_to_string (pubkey2
.data
, pubkey2
.size
);
368 printf (" Pubkey [%d bits]: %s\n", pubkey2
.size
* 8, print
);
370 if (pubkey2
.data
&& pubkey2
.size
== pubkey
.size
&&
371 memcmp (pubkey
.data
, pubkey2
.data
, pubkey
.size
) == 0)
373 printf (" (public key seems to be static among sessions)\n");
380 test_ecdhe_curve (gnutls_session_t session
)
382 if (curve
== GNUTLS_ECC_CURVE_INVALID
)
385 printf ("\n Curve %s", gnutls_ecc_curve_get_name(curve
));
391 test_ssl3 (gnutls_session_t session
)
394 sprintf (prio_str
, INIT_STR
395 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":+VERS-SSL3.0:"
396 ALL_MACS
":" ALL_KX
":%s", rest
);
397 _gnutls_priority_set_direct (session
, prio_str
);
399 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
401 ret
= do_handshake (session
);
402 if (ret
== TEST_SUCCEED
)
416 test_bye (gnutls_session_t session
)
424 signal (SIGALRM
, got_alarm
);
427 sprintf (prio_str
, INIT_STR
428 ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
":"
429 ALL_KX
":%s", protocol_str
, rest
);
430 _gnutls_priority_set_direct (session
, prio_str
);
432 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
434 ret
= do_handshake (session
);
435 if (ret
== TEST_FAILED
)
438 ret
= gnutls_bye (session
, GNUTLS_SHUT_WR
);
443 old
= siginterrupt (SIGALRM
, 1);
446 setsockopt ((int) gnutls_transport_get_ptr (session
), SOL_SOCKET
,
447 SO_RCVTIMEO
, (char *) &secs
, sizeof (int));
452 ret
= gnutls_record_recv (session
, data
, sizeof (data
));
457 siginterrupt (SIGALRM
, old
);
459 if (WSAGetLastError () == WSAETIMEDOUT
||
460 WSAGetLastError () == WSAECONNABORTED
)
475 test_aes (gnutls_session_t session
)
479 sprintf (prio_str
, INIT_STR
480 "+AES-128-CBC:" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
481 ":" ALL_KX
":%s", protocol_str
, rest
);
482 _gnutls_priority_set_direct (session
, prio_str
);
484 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
486 ret
= do_handshake (session
);
490 test_code_t
test_aes_gcm (gnutls_session_t session
)
494 sprintf (prio_str
, INIT_STR
495 "+AES-128-GCM:+AES-256-GCM:+AEAD:" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
496 ":" ALL_KX
":%s", protocol_all_str
, rest
);
497 _gnutls_priority_set_direct (session
, prio_str
);
499 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
501 ret
= do_handshake (session
);
506 test_camellia (gnutls_session_t session
)
511 INIT_STR
"+CAMELLIA-128-CBC:" ALL_COMP
":" ALL_CERTTYPES
":%s:"
512 ALL_MACS
":" ALL_KX
":%s", protocol_str
, rest
);
513 _gnutls_priority_set_direct (session
, prio_str
);
515 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
517 ret
= do_handshake (session
);
522 test_openpgp1 (gnutls_session_t session
)
527 INIT_STR ALL_CIPHERS
":" ALL_COMP
":+CTYPE-OPENPGP:%s:" ALL_MACS
528 ":" ALL_KX
":%s", protocol_str
, rest
);
529 _gnutls_priority_set_direct (session
, prio_str
);
531 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
533 ret
= do_handshake (session
);
534 if (ret
== TEST_FAILED
)
537 if (gnutls_certificate_type_get (session
) == GNUTLS_CRT_OPENPGP
)
544 test_unknown_ciphersuites (gnutls_session_t session
)
549 INIT_STR
"+AES-128-CBC:" ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
550 ":%s:" ALL_MACS
":" ALL_KX
":%s", protocol_str
, rest
);
551 _gnutls_priority_set_direct (session
, prio_str
);
553 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
555 ret
= do_handshake (session
);
560 test_md5 (gnutls_session_t session
)
565 INIT_STR
"+AES-128-CBC:" ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
566 ":%s:+MD5:" ALL_KX
":%s", protocol_str
, rest
);
567 _gnutls_priority_set_direct (session
, prio_str
);
569 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
571 ret
= do_handshake (session
);
577 test_zlib (gnutls_session_t session
)
582 INIT_STR ALL_CIPHERS
":+COMP-DEFLATE:" ALL_CERTTYPES
":%s:" ALL_MACS
583 ":" ALL_KX
":%s", protocol_str
, rest
);
584 _gnutls_priority_set_direct (session
, prio_str
);
586 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
588 ret
= do_handshake (session
);
594 test_sha (gnutls_session_t session
)
599 INIT_STR
"+AES-128-CBC:" ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
600 ":%s:+SHA1:" ALL_KX
":%s", protocol_str
, rest
);
601 _gnutls_priority_set_direct (session
, prio_str
);
602 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
604 ret
= do_handshake (session
);
609 test_sha256 (gnutls_session_t session
)
614 INIT_STR
"+AES-128-CBC:" ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
615 ":%s:+SHA256:" ALL_KX
":%s", protocol_all_str
, rest
);
616 _gnutls_priority_set_direct (session
, prio_str
);
617 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
619 ret
= do_handshake (session
);
624 test_3des (gnutls_session_t session
)
629 INIT_STR
"+3DES-CBC:" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
630 ":" ALL_KX
":%s", protocol_str
, rest
);
631 _gnutls_priority_set_direct (session
, prio_str
);
632 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
634 ret
= do_handshake (session
);
639 test_arcfour (gnutls_session_t session
)
644 INIT_STR
"+ARCFOUR-128:" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
645 ":" ALL_KX
":%s", protocol_str
, rest
);
646 _gnutls_priority_set_direct (session
, prio_str
);
647 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
649 ret
= do_handshake (session
);
654 test_arcfour_40 (gnutls_session_t session
)
659 INIT_STR
"+ARCFOUR-40:" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
660 ":" "+RSA-EXPORT" ":%s", protocol_str
, rest
);
661 _gnutls_priority_set_direct (session
, prio_str
);
663 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
665 ret
= do_handshake (session
);
670 test_tls1 (gnutls_session_t session
)
675 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
676 ":+VERS-TLS1.0:" ALL_MACS
":" ALL_KX
":%s", rest
);
677 _gnutls_priority_set_direct (session
, prio_str
);
679 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
681 ret
= do_handshake (session
);
682 if (ret
== TEST_SUCCEED
)
690 test_record_padding (gnutls_session_t session
)
695 INIT_STR BLOCK_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
696 ":+VERS-TLS1.0:" ALL_MACS
":" ALL_KX
":%s", rest
);
697 _gnutls_priority_set_direct (session
, prio_str
);
699 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
700 ret
= do_handshake (session
);
701 if (ret
== TEST_SUCCEED
)
707 strcat (rest
, ":%COMPAT");
714 test_tls1_2 (gnutls_session_t session
)
719 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
720 ":+VERS-TLS1.2:" ALL_MACS
":" ALL_KX
":%s", rest
);
721 _gnutls_priority_set_direct (session
, prio_str
);
723 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
725 ret
= do_handshake (session
);
726 if (ret
== TEST_SUCCEED
)
734 test_tls1_1 (gnutls_session_t session
)
739 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
740 ":+VERS-TLS1.1:" ALL_MACS
":" ALL_KX
":%s", rest
);
741 _gnutls_priority_set_direct (session
, prio_str
);
743 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
745 ret
= do_handshake (session
);
746 if (ret
== TEST_SUCCEED
)
754 test_tls1_1_fallback (gnutls_session_t session
)
761 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
762 ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS
":" ALL_KX
764 _gnutls_priority_set_direct (session
, prio_str
);
766 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
768 ret
= do_handshake (session
);
769 if (ret
!= TEST_SUCCEED
)
772 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
774 else if (gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
781 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
782 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
785 test_tls_disable0 (gnutls_session_t session
)
792 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
793 ":" ALL_KX
":%s", protocol_str
, rest
);
794 _gnutls_priority_set_direct (session
, prio_str
);
796 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
798 ret
= do_handshake (session
);
799 if (ret
== TEST_FAILED
)
801 /* disable TLS 1.0 */
804 strcpy (protocol_str
, "+VERS-SSL3.0");
812 test_tls_disable1 (gnutls_session_t session
)
820 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
821 ":" ALL_KX
":%s", protocol_str
, rest
);
822 _gnutls_priority_set_direct (session
, prio_str
);
824 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
826 ret
= do_handshake (session
);
827 if (ret
== TEST_FAILED
)
830 /* disable TLS 1.1 */
833 strcat (protocol_str
, "+VERS-TLS1.0");
837 if (protocol_str
[0] != 0)
838 strcat (protocol_str
, ":+VERS-SSL3.0");
840 strcat (protocol_str
, "+VERS-SSL3.0");
847 test_tls_disable2 (gnutls_session_t session
)
855 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
856 ":" ALL_KX
":%s", protocol_str
, rest
);
857 _gnutls_priority_set_direct (session
, prio_str
);
859 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
861 ret
= do_handshake (session
);
862 if (ret
== TEST_FAILED
)
864 /* disable TLS 1.2 */
868 strcat (protocol_str
, "+VERS-TLS1.1");
872 if (protocol_str
[0] != 0)
873 strcat (protocol_str
, ":+VERS-TLS1.0");
875 strcat (protocol_str
, "+VERS-TLS1.0");
879 if (protocol_str
[0] != 0)
880 strcat (protocol_str
, ":+VERS-SSL3.0");
882 strcat (protocol_str
, "+VERS-SSL3.0");
890 test_rsa_pms (gnutls_session_t session
)
894 /* here we enable both SSL 3.0 and TLS 1.0
895 * and try to connect and use rsa authentication.
896 * If the server is old, buggy and only supports
897 * SSL 3.0 then the handshake will fail.
900 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
901 ":+RSA:%s", protocol_str
, rest
);
902 _gnutls_priority_set_direct (session
, prio_str
);
903 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
905 ret
= do_handshake (session
);
906 if (ret
== TEST_FAILED
)
909 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
915 test_max_record_size (gnutls_session_t session
)
919 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
920 ":" ALL_KX
":%s", protocol_str
, rest
);
921 _gnutls_priority_set_direct (session
, prio_str
);
922 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
923 gnutls_record_set_max_size (session
, 512);
925 ret
= do_handshake (session
);
926 if (ret
== TEST_FAILED
)
929 ret
= gnutls_record_get_max_size (session
);
937 test_hello_extension (gnutls_session_t session
)
942 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
943 ":" ALL_KX
":%s", protocol_str
, rest
);
944 _gnutls_priority_set_direct (session
, prio_str
);
945 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
946 gnutls_record_set_max_size (session
, 4096);
948 ret
= do_handshake (session
);
953 test_small_records (gnutls_session_t session
)
958 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
959 ":" ALL_KX
":%s", protocol_str
, rest
);
960 _gnutls_priority_set_direct (session
, prio_str
);
961 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
962 gnutls_record_set_max_size (session
, 512);
964 ret
= do_handshake (session
);
968 void _gnutls_record_set_default_version (gnutls_session_t session
,
970 unsigned char minor
);
973 test_version_rollback (gnutls_session_t session
)
979 /* here we enable both SSL 3.0 and TLS 1.0
980 * and we connect using a 3.1 client hello version,
981 * and a 3.0 record version. Some implementations
982 * are buggy (and vulnerable to man in the middle
983 * attacks which allow a version downgrade) and this
984 * connection will fail.
987 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
988 ":" ALL_KX
":%s", protocol_str
, rest
);
989 _gnutls_priority_set_direct (session
, prio_str
);
990 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
991 _gnutls_record_set_default_version (session
, 3, 0);
993 ret
= do_handshake (session
);
994 if (ret
!= TEST_SUCCEED
)
997 if (tls1_ok
!= 0 && gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
1000 return TEST_SUCCEED
;
1003 /* See if the server tolerates out of bounds
1004 * record layer versions in the first client hello
1008 test_version_oob (gnutls_session_t session
)
1011 /* here we enable both SSL 3.0 and TLS 1.0
1012 * and we connect using a 5.5 record version.
1015 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1016 ":" ALL_KX
":%s", protocol_str
, rest
);
1017 _gnutls_priority_set_direct (session
, prio_str
);
1018 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1019 _gnutls_record_set_default_version (session
, 5, 5);
1021 ret
= do_handshake (session
);
1025 void _gnutls_rsa_pms_set_version (gnutls_session_t session
,
1026 unsigned char major
, unsigned char minor
);
1029 test_rsa_pms_version_check (gnutls_session_t session
)
1032 /* here we use an arbitary version in the RSA PMS
1033 * to see whether to server will check this version.
1035 * A normal server would abort this handshake.
1038 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1039 ":" ALL_KX
":%s", protocol_str
, rest
);
1040 _gnutls_priority_set_direct (session
, prio_str
);
1041 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1042 _gnutls_rsa_pms_set_version (session
, 5, 5); /* use SSL 5.5 version */
1044 ret
= do_handshake (session
);
1051 test_anonymous (gnutls_session_t session
)
1056 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1057 ":+ANON-DH:+ANON-ECDH:+CURVE-ALL:%s", protocol_str
, rest
);
1058 _gnutls_priority_set_direct (session
, prio_str
);
1059 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1061 ret
= do_handshake (session
);
1063 if (ret
== TEST_SUCCEED
)
1064 gnutls_dh_get_pubkey (session
, &pubkey
);
1071 test_session_resume2 (gnutls_session_t session
)
1074 char tmp_session_id
[32];
1075 size_t tmp_session_id_size
;
1077 if (session
== NULL
)
1081 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1082 ":" ALL_KX
":%s", protocol_str
, rest
);
1083 _gnutls_priority_set_direct (session
, prio_str
);
1085 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1086 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1088 gnutls_session_set_data (session
, session_data
, session_data_size
);
1090 memcpy (tmp_session_id
, session_id
, session_id_size
);
1091 tmp_session_id_size
= session_id_size
;
1093 ret
= do_handshake (session
);
1094 if (ret
== TEST_FAILED
)
1097 /* check if we actually resumed the previous session */
1099 session_id_size
= sizeof (session_id
);
1100 gnutls_session_get_id (session
, session_id
, &session_id_size
);
1102 if (session_id_size
== 0)
1105 if (gnutls_session_is_resumed (session
))
1106 return TEST_SUCCEED
;
1108 if (tmp_session_id_size
== session_id_size
&&
1109 memcmp (tmp_session_id
, session_id
, tmp_session_id_size
) == 0)
1110 return TEST_SUCCEED
;
1115 extern char *hostname
;
1118 test_certificate (gnutls_session_t session
)
1126 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1127 ":" ALL_KX
":%s", protocol_str
, rest
);
1128 _gnutls_priority_set_direct (session
, prio_str
);
1130 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1132 ret
= do_handshake (session
);
1133 if (ret
== TEST_FAILED
)
1137 print_cert_info (session
, GNUTLS_CRT_PRINT_FULL
, verbose
);
1139 return TEST_SUCCEED
;
1142 /* A callback function to be used at the certificate selection time.
1145 cert_callback (gnutls_session_t session
,
1146 const gnutls_datum_t
* req_ca_rdn
, int nreqs
,
1147 const gnutls_pk_algorithm_t
* sign_algos
,
1148 int sign_algos_length
, gnutls_retr2_st
* st
)
1150 char issuer_dn
[256];
1157 /* Print the server's trusted CAs
1161 printf ("- Server's trusted authorities:\n");
1163 printf ("- Server did not send us any trusted authorities names.\n");
1165 /* print the names (if any) */
1166 for (i
= 0; i
< nreqs
; i
++)
1168 len
= sizeof (issuer_dn
);
1169 ret
= gnutls_x509_rdn_get (&req_ca_rdn
[i
], issuer_dn
, &len
);
1172 printf (" [%d]: ", i
);
1173 printf ("%s\n", issuer_dn
);
1181 /* Prints the trusted server's CAs. This is only
1182 * if the server sends a certificate request packet.
1185 test_server_cas (gnutls_session_t session
)
1193 INIT_STR ALL_CIPHERS
":" ALL_COMP
":" ALL_CERTTYPES
":%s:" ALL_MACS
1194 ":" ALL_KX
":%s", protocol_str
, rest
);
1195 _gnutls_priority_set_direct (session
, prio_str
);
1197 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1198 gnutls_certificate_set_retrieve_function (xcred
, cert_callback
);
1200 ret
= do_handshake (session
);
1201 gnutls_certificate_set_retrieve_function (xcred
, NULL
);
1203 if (ret
== TEST_FAILED
)
1205 return TEST_SUCCEED
;