From: Nikos Mavrogiannopoulos Date: Fri, 17 Oct 2014 11:46:10 +0000 (+0200) Subject: gnutls-cli-debug: added test that checks the fallback from TLS 1.6 X-Git-Tag: gnutls_3_4_0~771 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4926fffcf47229ed80795990fd1d531c6d64cff;p=thirdparty%2Fgnutls.git gnutls-cli-debug: added test that checks the fallback from TLS 1.6 --- diff --git a/src/cli-debug.c b/src/cli-debug.c index c12d3ab06b..9a360d94e9 100644 --- a/src/cli-debug.c +++ b/src/cli-debug.c @@ -62,6 +62,7 @@ extern int tls1_ok; extern int tls1_1_ok; extern int tls1_2_ok; extern int ssl3_ok; +extern const char *ext_text; static void tls_log_func(int level, const char *str) { @@ -88,6 +89,8 @@ static const TLS_TEST tls_tests[] = { "failed", "SSL 3.0"}, {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"}, + {"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL, + "failed", "dunno"}, /* The following tests will disable TLS 1.x if the server is * buggy */ {"whether we need to disable TLS 1.2", test_tls_disable2, "no", @@ -271,9 +274,12 @@ int main(int argc, char **argv) ret = tls_tests[i].func(state); - if (ret == TEST_SUCCEED) - printf(" %s\n", tls_tests[i].suc_str); - else if (ret == TEST_FAILED) + if (ret == TEST_SUCCEED) { + if (tls_tests[i].suc_str == NULL) + printf(" %s\n", ext_text); + else + printf(" %s\n", tls_tests[i].suc_str); + } else if (ret == TEST_FAILED) printf(" %s\n", tls_tests[i].fail_str); else if (ret == TEST_UNSURE) printf(" %s\n", tls_tests[i].unsure_str); diff --git a/src/tests.c b/src/tests.c index 477871a8a0..06612f8dee 100644 --- a/src/tests.c +++ b/src/tests.c @@ -35,12 +35,22 @@ #include #include +void _gnutls_record_set_default_version(gnutls_session_t session, + unsigned char major, + unsigned char minor); + +void _gnutls_hello_set_default_version(gnutls_session_t session, + unsigned char major, + unsigned char minor); + + extern gnutls_srp_client_credentials_t srp_cred; extern gnutls_anon_client_credentials_t anon_cred; extern gnutls_certificate_credentials_t xcred; extern unsigned int verbose; +const char *ext_text = ""; int tls1_ok = 0; int ssl3_ok = 0; int tls1_1_ok = 0; @@ -674,6 +684,27 @@ test_code_t test_tls1_1_fallback(gnutls_session_t session) } +test_code_t test_tls1_6_fallback(gnutls_session_t session) +{ + int ret; + + sprintf(prio_str, + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" + ALL_KX ":%s", rest); + _gnutls_priority_set_direct(session, prio_str); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + _gnutls_hello_set_default_version(session, 3, 7); + + ret = do_handshake(session); + if (ret != TEST_SUCCEED) + return TEST_FAILED; + + ext_text = gnutls_protocol_get_name(gnutls_protocol_get_version(session)); + return TEST_SUCCEED; +} + /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails, * but the previous SSL 3.0 test succeeded then disable TLS 1.0. */ @@ -869,10 +900,6 @@ test_code_t test_small_records(gnutls_session_t session) return ret; } -void _gnutls_record_set_default_version(gnutls_session_t session, - unsigned char major, - unsigned char minor); - test_code_t test_version_rollback(gnutls_session_t session) { int ret; diff --git a/src/tests.h b/src/tests.h index def0eaa182..2ecf8bfc81 100644 --- a/src/tests.h +++ b/src/tests.h @@ -43,6 +43,7 @@ test_code_t test_safe_renegotiation_scsv(gnutls_session_t state); test_code_t test_tls1_1(gnutls_session_t state); test_code_t test_tls1_2(gnutls_session_t state); test_code_t test_tls1_1_fallback(gnutls_session_t state); +test_code_t test_tls1_6_fallback(gnutls_session_t state); test_code_t test_tls_disable0(gnutls_session_t state); test_code_t test_tls_disable1(gnutls_session_t state); test_code_t test_tls_disable2(gnutls_session_t state);