From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 13 Jul 2018 05:08:42 +0000 (+0200)
Subject: gnutls-cli-debug: fix EtM and extended master secret discovery
X-Git-Tag: gnutls_3_6_3~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f33ffcfcb615ce9d5e7bcc4a1903601b4c45edd;p=thirdparty%2Fgnutls.git

gnutls-cli-debug: fix EtM and extended master secret discovery

In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
and only enable block ciphers for the EtM check.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---

diff --git a/src/cli-debug.c b/src/cli-debug.c
index 26937269b7..a23fb9a189 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -190,7 +190,7 @@ const char *ip;
 gnutls_session_t init_tls_session(const char *host)
 {
 	gnutls_session_t state = NULL;
-	gnutls_init(&state, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
+	gnutls_init(&state, GNUTLS_CLIENT);
 
 	set_read_funcs(state);
 	if (host && is_ip(host) == 0)
diff --git a/src/tests.c b/src/tests.c
index b51045f365..a38ec41789 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -87,7 +87,6 @@ static int do_handshake(gnutls_session_t session)
 
 	if (ret < 0)
 		return TEST_FAILED;
-
 	gnutls_session_get_data(session, NULL, &session_data_size);
 
 	if (sfree != 0) {
@@ -412,7 +411,7 @@ test_code_t test_etm(gnutls_session_t session)
 		return TEST_IGNORE;
 
 	sprintf(prio_str, INIT_STR
-		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
+		"+AES-128-CBC:+AES-256-CBC:" ALL_COMP ":%s:" ALL_MACS
 		":%s:" ALL_KX, rest, protocol_str);
 	_gnutls_priority_set_direct(session, prio_str);