2 * Copyright (C) 2004, 2006, 2007 Free Software Foundation
3 * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
5 * This file is part of GNUTLS.
7 * GNUTLS is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
23 #include <gnutls/gnutls.h>
24 #include <gnutls/extra.h>
25 #include <gnutls/x509.h>
40 extern gnutls_srp_client_credentials_t srp_cred
;
41 extern gnutls_anon_client_credentials_t anon_cred
;
42 extern gnutls_certificate_credentials_t xcred
;
50 /* keep session info */
51 static char *session_data
= NULL
;
52 static char session_id
[32];
53 static int session_data_size
= 0, session_id_size
= 0;
55 static int handshake_output
= 0;
58 do_handshake (gnutls_session_t session
)
64 ret
= gnutls_handshake (session
);
66 while (ret
== GNUTLS_E_INTERRUPTED
|| ret
== GNUTLS_E_AGAIN
);
68 handshake_output
= ret
;
70 if (ret
< 0 && verbose
> 1)
72 if (ret
== GNUTLS_E_WARNING_ALERT_RECEIVED
73 || ret
== GNUTLS_E_FATAL_ALERT_RECEIVED
)
75 alert
= gnutls_alert_get (session
);
77 printf ("*** Received alert [%d]: %s\n",
78 alert
, gnutls_alert_get_name (alert
));
85 gnutls_session_get_data (session
, NULL
, &session_data_size
);
92 session_data
= malloc (session_data_size
);
94 if (session_data
== NULL
)
96 fprintf (stderr
, "Memory error\n");
99 gnutls_session_get_data (session
, session_data
, &session_data_size
);
101 session_id_size
= sizeof (session_id
);
102 gnutls_session_get_id (session
, session_id
, &session_id_size
);
107 static int protocol_priority
[16] = { GNUTLS_TLS1
, GNUTLS_SSL3
, 0 };
108 static const int kx_priority
[16] =
109 { GNUTLS_KX_RSA
, GNUTLS_KX_DHE_DSS
, GNUTLS_KX_DHE_RSA
,
111 GNUTLS_KX_RSA_EXPORT
, 0
113 static const int cipher_priority
[16] =
114 { GNUTLS_CIPHER_3DES_CBC
, GNUTLS_CIPHER_ARCFOUR_128
,
115 GNUTLS_CIPHER_ARCFOUR_40
, 0
117 static const int comp_priority
[16] = { GNUTLS_COMP_NULL
, 0 };
118 static const int mac_priority
[16] = { GNUTLS_MAC_SHA1
, GNUTLS_MAC_MD5
, 0 };
119 static const int cert_type_priority
[16] = { GNUTLS_CRT_X509
, 0 };
121 #define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
122 #define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
123 #define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
124 #define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
125 #define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
126 #define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
129 ADD_KX (gnutls_session_t session
, int kx
)
131 static int _kx_priority
[] = { 0, 0 };
132 _kx_priority
[0] = kx
;
134 gnutls_kx_set_priority (session
, _kx_priority
);
138 ADD_KX2 (gnutls_session_t session
, int kx1
, int kx2
)
140 static int _kx_priority
[] = { 0, 0, 0 };
141 _kx_priority
[0] = kx1
;
142 _kx_priority
[1] = kx2
;
144 gnutls_kx_set_priority (session
, _kx_priority
);
148 ADD_CIPHER (gnutls_session_t session
, int cipher
)
150 static int _cipher_priority
[] = { 0, 0 };
151 _cipher_priority
[0] = cipher
;
153 gnutls_cipher_set_priority (session
, _cipher_priority
);
157 ADD_CIPHER4 (gnutls_session_t session
, int cipher1
, int cipher2
, int cipher3
,
160 static int _cipher_priority
[] = { 0, 0, 0, 0, 0 };
161 _cipher_priority
[0] = cipher1
;
162 _cipher_priority
[1] = cipher2
;
163 _cipher_priority
[2] = cipher3
;
164 _cipher_priority
[3] = cipher4
;
166 gnutls_cipher_set_priority (session
, _cipher_priority
);
170 ADD_MAC (gnutls_session_t session
, int mac
)
172 static int _mac_priority
[] = { 0, 0 };
173 _mac_priority
[0] = mac
;
175 gnutls_mac_set_priority (session
, _mac_priority
);
179 ADD_COMP (gnutls_session_t session
, int c
)
181 static int _comp_priority
[] = { 0, 0 };
182 _comp_priority
[0] = c
;
184 gnutls_compression_set_priority (session
, _comp_priority
);
188 ADD_CERTTYPE (gnutls_session_t session
, int ctype
)
190 static int _ct_priority
[] = { 0, 0 };
191 _ct_priority
[0] = ctype
;
193 gnutls_certificate_type_set_priority (session
, _ct_priority
);
197 ADD_PROTOCOL (gnutls_session_t session
, int protocol
)
199 static int _proto_priority
[] = { 0, 0 };
200 _proto_priority
[0] = protocol
;
202 gnutls_protocol_set_priority (session
, _proto_priority
);
206 ADD_PROTOCOL3 (gnutls_session_t session
, int p1
, int p2
, int p3
)
208 static int _proto_priority
[] = { 0, 0, 0, 0 };
209 _proto_priority
[0] = p1
;
210 _proto_priority
[1] = p2
;
211 _proto_priority
[2] = p3
;
213 gnutls_protocol_set_priority (session
, _proto_priority
);
217 static int srp_detected
;
220 _test_srp_username_callback (gnutls_session_t session
, unsigned int times
,
221 char **username
, char **password
)
232 test_srp (gnutls_session_t session
)
236 ADD_ALL_CIPHERS (session
);
237 ADD_ALL_COMP (session
);
238 ADD_ALL_CERTTYPES (session
);
239 ADD_ALL_PROTOCOLS (session
);
240 ADD_ALL_MACS (session
);
242 ADD_KX (session
, GNUTLS_KX_SRP
);
245 gnutls_srp_set_client_credentials_function (srp_cred
,
246 _test_srp_username_callback
);
248 gnutls_credentials_set (session
, GNUTLS_CRD_SRP
, srp_cred
);
250 ret
= do_handshake (session
);
252 gnutls_srp_set_client_credentials_function (srp_cred
, NULL
);
254 if (srp_detected
!= 0)
262 test_server (gnutls_session_t session
)
267 const char snd_buf
[] = "GET / HTTP/1.0\n\n";
272 buf
[sizeof (buf
) - 1] = 0;
274 ADD_ALL_CIPHERS (session
);
275 ADD_ALL_COMP (session
);
276 ADD_ALL_CERTTYPES (session
);
277 ADD_ALL_PROTOCOLS (session
);
278 ADD_ALL_MACS (session
);
279 ADD_ALL_KX (session
);
281 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
283 ret
= do_handshake (session
);
284 if (ret
!= TEST_SUCCEED
)
287 gnutls_record_send (session
, snd_buf
, sizeof (snd_buf
) - 1);
288 ret
= gnutls_record_recv (session
, buf
, sizeof (buf
) - 1);
292 p
= strstr (buf
, "Server:");
298 while (*p
!= 0 && *p
!= '\r' && *p
!= '\n')
312 static int export_true
= 0;
313 static gnutls_datum_t exp
= { NULL
, 0 }, mod
=
319 test_export (gnutls_session_t session
)
323 ADD_ALL_COMP (session
);
324 ADD_ALL_CERTTYPES (session
);
325 ADD_ALL_PROTOCOLS (session
);
326 ADD_ALL_MACS (session
);
328 ADD_KX (session
, GNUTLS_KX_RSA_EXPORT
);
329 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
330 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
332 ret
= do_handshake (session
);
334 if (ret
== TEST_SUCCEED
)
337 gnutls_rsa_export_get_pubkey (session
, &exp
, &mod
);
344 test_export_info (gnutls_session_t session
)
347 gnutls_datum_t exp2
, mod2
;
350 if (verbose
== 0 || export_true
== 0)
353 ADD_ALL_COMP (session
);
354 ADD_ALL_CERTTYPES (session
);
355 ADD_ALL_PROTOCOLS (session
);
356 ADD_ALL_MACS (session
);
358 ADD_KX (session
, GNUTLS_KX_RSA_EXPORT
);
359 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
360 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
362 ret
= do_handshake (session
);
364 if (ret
== TEST_SUCCEED
)
366 ret2
= gnutls_rsa_export_get_pubkey (session
, &exp2
, &mod2
);
371 print
= raw_to_string (exp2
.data
, exp2
.size
);
373 printf (" Exponent [%d bits]: %s\n", exp2
.size
* 8, print
);
375 print
= raw_to_string (mod2
.data
, mod2
.size
);
377 printf (" Modulus [%d bits]: %s\n", mod2
.size
* 8, print
);
379 if (mod2
.size
!= mod
.size
|| exp2
.size
!= exp
.size
||
380 memcmp (mod2
.data
, mod
.data
, mod
.size
) != 0 ||
381 memcmp (exp2
.data
, exp
.data
, exp
.size
) != 0)
384 (" (server uses different public keys per connection)\n");
393 static gnutls_datum_t pubkey
= { NULL
, 0 };
396 test_dhe (gnutls_session_t session
)
400 ADD_ALL_CIPHERS (session
);
401 ADD_ALL_COMP (session
);
402 ADD_ALL_CERTTYPES (session
);
403 ADD_ALL_PROTOCOLS (session
);
404 ADD_ALL_MACS (session
);
406 ADD_KX2 (session
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_DHE_DSS
);
407 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
409 ret
= do_handshake (session
);
411 gnutls_dh_get_pubkey (session
, &pubkey
);
417 test_dhe_group (gnutls_session_t session
)
420 gnutls_datum_t gen
, prime
, pubkey2
;
423 if (verbose
== 0 || pubkey
.data
== NULL
)
426 ADD_ALL_CIPHERS (session
);
427 ADD_ALL_COMP (session
);
428 ADD_ALL_CERTTYPES (session
);
429 ADD_ALL_PROTOCOLS (session
);
430 ADD_ALL_MACS (session
);
432 ADD_KX2 (session
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_DHE_DSS
);
433 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
435 ret
= do_handshake (session
);
437 ret2
= gnutls_dh_get_group (session
, &gen
, &prime
);
442 print
= raw_to_string (gen
.data
, gen
.size
);
444 printf (" Generator [%d bits]: %s\n", gen
.size
* 8, print
);
446 print
= raw_to_string (prime
.data
, prime
.size
);
448 printf (" Prime [%d bits]: %s\n", prime
.size
* 8, print
);
450 gnutls_dh_get_pubkey (session
, &pubkey2
);
451 print
= raw_to_string (pubkey2
.data
, pubkey2
.size
);
453 printf (" Pubkey [%d bits]: %s\n", pubkey2
.size
* 8, print
);
455 if (pubkey2
.data
&& pubkey2
.size
== pubkey
.size
&&
456 memcmp (pubkey
.data
, pubkey2
.data
, pubkey
.size
) == 0)
458 printf (" (public key seems to be static among sessions)\n");
465 test_ssl3 (gnutls_session_t session
)
468 ADD_ALL_CIPHERS (session
);
469 ADD_ALL_COMP (session
);
470 ADD_ALL_CERTTYPES (session
);
471 ADD_PROTOCOL (session
, GNUTLS_SSL3
);
472 ADD_ALL_MACS (session
);
473 ADD_ALL_KX (session
);
474 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
476 ret
= do_handshake (session
);
477 if (ret
== TEST_SUCCEED
)
491 test_bye (gnutls_session_t session
)
498 signal (SIGALRM
, got_alarm
);
501 ADD_ALL_CIPHERS (session
);
502 ADD_ALL_COMP (session
);
503 ADD_ALL_CERTTYPES (session
);
504 ADD_ALL_PROTOCOLS (session
);
505 ADD_ALL_MACS (session
);
506 ADD_ALL_KX (session
);
507 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
509 ret
= do_handshake (session
);
510 if (ret
== TEST_FAILED
)
513 ret
= gnutls_bye (session
, GNUTLS_SHUT_WR
);
518 old
= siginterrupt (SIGALRM
, 1);
521 setsockopt (gnutls_transport_get_ptr (session
), SOL_SOCKET
, SO_RCVTIMEO
,
522 (char *) &secs
, sizeof (int));
527 ret
= gnutls_record_recv (session
, data
, sizeof (data
));
532 siginterrupt (SIGALRM
, old
);
534 if (WSAGetLastError () == WSAETIMEDOUT
||
535 WSAGetLastError () == WSAECONNABORTED
)
550 test_aes (gnutls_session_t session
)
553 ADD_CIPHER (session
, GNUTLS_CIPHER_AES_128_CBC
);
554 ADD_ALL_COMP (session
);
555 ADD_ALL_CERTTYPES (session
);
556 ADD_ALL_PROTOCOLS (session
);
557 ADD_ALL_MACS (session
);
558 ADD_ALL_KX (session
);
559 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
561 ret
= do_handshake (session
);
565 #ifdef ENABLE_CAMELLIA
567 test_camellia (gnutls_session_t session
)
570 ADD_CIPHER (session
, GNUTLS_CIPHER_CAMELLIA_128_CBC
);
571 ADD_ALL_COMP (session
);
572 ADD_ALL_CERTTYPES (session
);
573 ADD_ALL_PROTOCOLS (session
);
574 ADD_ALL_MACS (session
);
575 ADD_ALL_KX (session
);
576 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
578 ret
= do_handshake (session
);
584 test_openpgp1 (gnutls_session_t session
)
587 ADD_ALL_CIPHERS (session
);
588 ADD_ALL_COMP (session
);
589 ADD_CERTTYPE (session
, GNUTLS_CRT_OPENPGP
);
590 ADD_ALL_PROTOCOLS (session
);
591 ADD_ALL_MACS (session
);
592 ADD_ALL_KX (session
);
593 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
595 ret
= do_handshake (session
);
596 if (ret
== TEST_FAILED
)
599 if (gnutls_certificate_type_get (session
) == GNUTLS_CRT_OPENPGP
)
606 test_unknown_ciphersuites (gnutls_session_t session
)
609 #ifdef ENABLE_CAMELLIA
610 ADD_CIPHER4 (session
, GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_CIPHER_3DES_CBC
,
611 GNUTLS_CIPHER_CAMELLIA_128_CBC
, GNUTLS_CIPHER_ARCFOUR_128
);
613 ADD_CIPHER4 (session
, GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_CIPHER_3DES_CBC
,
614 GNUTLS_CIPHER_ARCFOUR_128
, 0);
616 ADD_ALL_COMP (session
);
617 ADD_ALL_CERTTYPES (session
);
618 ADD_ALL_PROTOCOLS (session
);
619 ADD_ALL_MACS (session
);
620 ADD_ALL_KX (session
);
621 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
623 ret
= do_handshake (session
);
628 test_md5 (gnutls_session_t session
)
631 ADD_ALL_CIPHERS (session
);
632 ADD_ALL_COMP (session
);
633 ADD_ALL_CERTTYPES (session
);
634 ADD_ALL_PROTOCOLS (session
);
635 ADD_MAC (session
, GNUTLS_MAC_MD5
);
636 ADD_ALL_KX (session
);
637 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
639 ret
= do_handshake (session
);
645 test_zlib (gnutls_session_t session
)
648 ADD_ALL_CIPHERS (session
);
649 ADD_COMP (session
, GNUTLS_COMP_ZLIB
);
650 ADD_ALL_CERTTYPES (session
);
651 ADD_ALL_PROTOCOLS (session
);
652 ADD_ALL_MACS (session
);
653 ADD_ALL_KX (session
);
654 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
656 ret
= do_handshake (session
);
662 test_lzo (gnutls_session_t session
)
665 gnutls_handshake_set_private_extensions (session
, 1);
667 ADD_ALL_CIPHERS (session
);
668 ADD_COMP (session
, GNUTLS_COMP_LZO
);
669 ADD_ALL_CERTTYPES (session
);
670 ADD_ALL_PROTOCOLS (session
);
671 ADD_ALL_MACS (session
);
672 ADD_ALL_KX (session
);
673 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
675 ret
= do_handshake (session
);
681 test_sha (gnutls_session_t session
)
684 ADD_ALL_CIPHERS (session
);
685 ADD_ALL_COMP (session
);
686 ADD_ALL_CERTTYPES (session
);
687 ADD_ALL_PROTOCOLS (session
);
688 ADD_MAC (session
, GNUTLS_MAC_SHA1
);
689 ADD_ALL_KX (session
);
690 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
692 ret
= do_handshake (session
);
697 test_3des (gnutls_session_t session
)
700 ADD_CIPHER (session
, GNUTLS_CIPHER_3DES_CBC
);
701 ADD_ALL_COMP (session
);
702 ADD_ALL_CERTTYPES (session
);
703 ADD_ALL_PROTOCOLS (session
);
704 ADD_ALL_MACS (session
);
705 ADD_ALL_KX (session
);
706 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
708 ret
= do_handshake (session
);
713 test_arcfour (gnutls_session_t session
)
716 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_128
);
717 ADD_ALL_COMP (session
);
718 ADD_ALL_CERTTYPES (session
);
719 ADD_ALL_PROTOCOLS (session
);
720 ADD_ALL_MACS (session
);
721 ADD_ALL_KX (session
);
722 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
724 ret
= do_handshake (session
);
729 test_arcfour_40 (gnutls_session_t session
)
732 ADD_CIPHER (session
, GNUTLS_CIPHER_ARCFOUR_40
);
733 ADD_ALL_COMP (session
);
734 ADD_ALL_CERTTYPES (session
);
735 ADD_ALL_PROTOCOLS (session
);
736 ADD_ALL_MACS (session
);
737 ADD_ALL_KX (session
);
738 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
740 ret
= do_handshake (session
);
745 test_tls1 (gnutls_session_t session
)
748 ADD_ALL_CIPHERS (session
);
749 ADD_ALL_COMP (session
);
750 ADD_ALL_CERTTYPES (session
);
751 ADD_PROTOCOL (session
, GNUTLS_TLS1
);
752 ADD_ALL_MACS (session
);
753 ADD_ALL_KX (session
);
754 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
756 ret
= do_handshake (session
);
757 if (ret
== TEST_SUCCEED
)
765 test_tls1_1 (gnutls_session_t session
)
768 ADD_ALL_CIPHERS (session
);
769 ADD_ALL_COMP (session
);
770 ADD_ALL_CERTTYPES (session
);
771 ADD_PROTOCOL (session
, GNUTLS_TLS1_1
);
772 ADD_ALL_MACS (session
);
773 ADD_ALL_KX (session
);
774 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
776 ret
= do_handshake (session
);
777 if (ret
== TEST_SUCCEED
)
785 test_tls1_1_fallback (gnutls_session_t session
)
791 ADD_ALL_CIPHERS (session
);
792 ADD_ALL_COMP (session
);
793 ADD_ALL_CERTTYPES (session
);
794 ADD_PROTOCOL3 (session
, GNUTLS_TLS1_1
, GNUTLS_TLS1
, GNUTLS_SSL3
);
795 ADD_ALL_MACS (session
);
796 ADD_ALL_KX (session
);
797 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
799 ret
= do_handshake (session
);
800 if (ret
!= TEST_SUCCEED
)
803 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
805 else if (gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
812 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
813 * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
816 test_tls_disable (gnutls_session_t session
)
822 ADD_ALL_CIPHERS (session
);
823 ADD_ALL_COMP (session
);
824 ADD_ALL_CERTTYPES (session
);
825 ADD_ALL_PROTOCOLS (session
);
826 ADD_ALL_MACS (session
);
827 ADD_ALL_KX (session
);
828 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
830 ret
= do_handshake (session
);
831 if (ret
== TEST_FAILED
)
833 /* disable TLS 1.0 */
836 protocol_priority
[0] = GNUTLS_SSL3
;
837 protocol_priority
[1] = 0;
845 test_rsa_pms (gnutls_session_t session
)
849 /* here we enable both SSL 3.0 and TLS 1.0
850 * and try to connect and use rsa authentication.
851 * If the server is old, buggy and only supports
852 * SSL 3.0 then the handshake will fail.
854 ADD_ALL_CIPHERS (session
);
855 ADD_ALL_COMP (session
);
856 ADD_ALL_CERTTYPES (session
);
857 ADD_ALL_PROTOCOLS (session
);
858 ADD_ALL_MACS (session
);
859 ADD_KX (session
, GNUTLS_KX_RSA
);
860 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
862 ret
= do_handshake (session
);
863 if (ret
== TEST_FAILED
)
866 if (gnutls_protocol_get_version (session
) == GNUTLS_TLS1
)
872 test_max_record_size (gnutls_session_t session
)
875 ADD_ALL_CIPHERS (session
);
876 ADD_ALL_COMP (session
);
877 ADD_ALL_CERTTYPES (session
);
878 ADD_ALL_PROTOCOLS (session
);
879 ADD_ALL_MACS (session
);
880 ADD_ALL_KX (session
);
881 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
882 gnutls_record_set_max_size (session
, 512);
884 ret
= do_handshake (session
);
885 if (ret
== TEST_FAILED
)
888 ret
= gnutls_record_get_max_size (session
);
896 test_hello_extension (gnutls_session_t session
)
899 ADD_ALL_CIPHERS (session
);
900 ADD_ALL_COMP (session
);
901 ADD_ALL_CERTTYPES (session
);
902 ADD_ALL_PROTOCOLS (session
);
903 ADD_ALL_MACS (session
);
904 ADD_ALL_KX (session
);
905 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
906 gnutls_record_set_max_size (session
, 512);
908 ret
= do_handshake (session
);
912 void _gnutls_record_set_default_version (gnutls_session_t session
,
914 unsigned char minor
);
917 test_version_rollback (gnutls_session_t session
)
923 /* here we enable both SSL 3.0 and TLS 1.0
924 * and we connect using a 3.1 client hello version,
925 * and a 3.0 record version. Some implementations
926 * are buggy (and vulnerable to man in the middle
927 * attacks which allow a version downgrade) and this
928 * connection will fail.
930 ADD_ALL_CIPHERS (session
);
931 ADD_ALL_COMP (session
);
932 ADD_ALL_CERTTYPES (session
);
933 ADD_ALL_PROTOCOLS (session
);
934 ADD_ALL_MACS (session
);
935 ADD_ALL_KX (session
);
936 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
937 _gnutls_record_set_default_version (session
, 3, 0);
939 ret
= do_handshake (session
);
940 if (ret
!= TEST_SUCCEED
)
943 if (tls1_ok
!= 0 && gnutls_protocol_get_version (session
) == GNUTLS_SSL3
)
949 /* See if the server tolerates out of bounds
950 * record layer versions in the first client hello
954 test_version_oob (gnutls_session_t session
)
957 /* here we enable both SSL 3.0 and TLS 1.0
958 * and we connect using a 5.5 record version.
960 ADD_ALL_CIPHERS (session
);
961 ADD_ALL_COMP (session
);
962 ADD_ALL_CERTTYPES (session
);
963 ADD_ALL_PROTOCOLS (session
);
964 ADD_ALL_MACS (session
);
965 ADD_ALL_KX (session
);
966 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
967 _gnutls_record_set_default_version (session
, 5, 5);
969 ret
= do_handshake (session
);
973 void _gnutls_rsa_pms_set_version (gnutls_session_t session
,
974 unsigned char major
, unsigned char minor
);
977 test_rsa_pms_version_check (gnutls_session_t session
)
980 /* here we use an arbitary version in the RSA PMS
981 * to see whether to server will check this version.
983 * A normal server would abort this handshake.
985 ADD_ALL_CIPHERS (session
);
986 ADD_ALL_COMP (session
);
987 ADD_ALL_CERTTYPES (session
);
988 ADD_ALL_PROTOCOLS (session
);
989 ADD_ALL_MACS (session
);
990 ADD_ALL_KX (session
);
991 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
992 _gnutls_rsa_pms_set_version (session
, 5, 5); /* use SSL 5.5 version */
994 ret
= do_handshake (session
);
1001 test_anonymous (gnutls_session_t session
)
1005 ADD_ALL_CIPHERS (session
);
1006 ADD_ALL_COMP (session
);
1007 ADD_ALL_CERTTYPES (session
);
1008 ADD_ALL_PROTOCOLS (session
);
1009 ADD_ALL_MACS (session
);
1010 ADD_KX (session
, GNUTLS_KX_ANON_DH
);
1011 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1013 ret
= do_handshake (session
);
1015 if (ret
== TEST_SUCCEED
)
1016 gnutls_dh_get_pubkey (session
, &pubkey
);
1023 test_session_resume2 (gnutls_session_t session
)
1026 char tmp_session_id
[32];
1027 int tmp_session_id_size
;
1029 if (session
== NULL
)
1032 ADD_ALL_CIPHERS (session
);
1033 ADD_ALL_COMP (session
);
1034 ADD_ALL_CERTTYPES (session
);
1035 ADD_ALL_PROTOCOLS (session
);
1036 ADD_ALL_MACS (session
);
1037 ADD_ALL_KX (session
);
1039 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1040 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anon_cred
);
1042 gnutls_session_set_data (session
, session_data
, session_data_size
);
1044 memcpy (tmp_session_id
, session_id
, session_id_size
);
1045 tmp_session_id_size
= session_id_size
;
1047 ret
= do_handshake (session
);
1048 if (ret
== TEST_FAILED
)
1051 /* check if we actually resumed the previous session */
1053 session_id_size
= sizeof (session_id
);
1054 gnutls_session_get_id (session
, session_id
, &session_id_size
);
1056 if (session_id_size
== 0)
1059 if (gnutls_session_is_resumed (session
))
1060 return TEST_SUCCEED
;
1062 if (tmp_session_id_size
== session_id_size
&&
1063 memcmp (tmp_session_id
, session_id
, tmp_session_id_size
) == 0)
1064 return TEST_SUCCEED
;
1069 extern char *hostname
;
1072 test_certificate (gnutls_session_t session
)
1079 ADD_ALL_CIPHERS (session
);
1080 ADD_ALL_COMP (session
);
1081 ADD_ALL_CERTTYPES (session
);
1082 ADD_ALL_PROTOCOLS (session
);
1083 ADD_ALL_MACS (session
);
1084 ADD_ALL_KX (session
);
1086 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1088 ret
= do_handshake (session
);
1089 if (ret
== TEST_FAILED
)
1093 print_cert_info (session
, hostname
);
1095 return TEST_SUCCEED
;
1098 /* A callback function to be used at the certificate selection time.
1101 cert_callback (gnutls_session_t session
,
1102 const gnutls_datum_t
* req_ca_rdn
, int nreqs
,
1103 const gnutls_pk_algorithm_t
* sign_algos
,
1104 int sign_algos_length
, gnutls_retr_st
* st
)
1106 char issuer_dn
[256];
1113 /* Print the server's trusted CAs
1117 printf ("- Server's trusted authorities:\n");
1119 printf ("- Server did not send us any trusted authorities names.\n");
1121 /* print the names (if any) */
1122 for (i
= 0; i
< nreqs
; i
++)
1124 len
= sizeof (issuer_dn
);
1125 ret
= gnutls_x509_rdn_get (&req_ca_rdn
[i
], issuer_dn
, &len
);
1128 printf (" [%d]: ", i
);
1129 printf ("%s\n", issuer_dn
);
1137 /* Prints the trusted server's CAs. This is only
1138 * if the server sends a certificate request packet.
1141 test_server_cas (gnutls_session_t session
)
1148 ADD_ALL_CIPHERS (session
);
1149 ADD_ALL_COMP (session
);
1150 ADD_ALL_CERTTYPES (session
);
1151 ADD_ALL_PROTOCOLS (session
);
1152 ADD_ALL_MACS (session
);
1153 ADD_ALL_KX (session
);
1155 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, xcred
);
1156 gnutls_certificate_client_set_retrieve_function (xcred
, cert_callback
);
1158 ret
= do_handshake (session
);
1159 gnutls_certificate_client_set_retrieve_function (xcred
, NULL
);
1161 if (ret
== TEST_FAILED
)
1163 return TEST_SUCCEED
;