Verbose messages can be obtained with --verbose.
nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
nw="$nw -Wunsafe-loop-optimizations"
nw="$nw -Wstrict-overflow"
+ nw="$nw -Wmissing-noreturn"
gl_MANYWARN_ALL_GCC([ws])
gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
PKCS12FILE_2=$(srcdir)/pkcs12-decode/pkcs12_2certs.p12 \
PKCS12PASSWORD_2="" \
EXEEXT=$(EXEEXT) \
- $(VALGRIND)
+ $(VALGRIND) -q
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
- success ("client: TLS version is: %s\n",
+ if (debug) success ("client: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ if (debug)
{
- fputc (buffer[ii], stdout);
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
gnutls_anon_allocate_server_credentials (&anoncred);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
- success ("server: TLS version is: %s\n",
+ if (debug) success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
void
if (ret != GNUTLS_E_ASN1_DER_ERROR)
fail ("crt3_import %d\n", ret);
- success ("done\n");
+ if (debug) success ("done\n");
gnutls_x509_crt_deinit (cert);
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include "utils.h"
+
/* GnuTLS internally calls time() to find out the current time when
verifying certificates. To avoid a time bomb, we hard code the
current time. This should work fine on systems where the library
fprintf (stderr, "|<%d>| %s", level, str);
}
-int
-main (int argc, char *argv[])
+void doit (void)
{
int exit_val = 0;
size_t i;
ret = gnutls_global_init ();
if (ret != 0)
{
- printf ("%d: %s\n", ret, gnutls_strerror (ret));
- return EXIT_FAILURE;
+ fail ("%d: %s\n", ret, gnutls_strerror (ret));
+ exit(EXIT_FAILURE);
}
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (4711);
+ if (debug)
+ gnutls_global_set_log_level (4711);
for (i = 0; chains[i].chain; i++)
{
gnutls_datum_t tmp;
size_t j;
- printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i);
+ if (debug) printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i);
for (j = 0; chains[i].chain[j]; j++)
{
- printf ("\tAdding certificate %d...", (int) j);
+ if (debug) printf ("\tAdding certificate %d...", (int) j);
ret = gnutls_x509_crt_init (&certs[j]);
if (ret < 0)
tmp.size = strlen (chains[i].chain[j]);
ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM);
- printf ("done\n");
+ if (debug) printf ("done\n");
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s",
(int) i, (int) j, gnutls_strerror (ret));
gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp);
- printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data);
+ if (debug) printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data);
gnutls_free (tmp.data);
}
- printf ("\tAdding CA certificate...");
+ if (debug) printf ("\tAdding CA certificate...");
ret = gnutls_x509_crt_init (&ca);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s",
gnutls_strerror (ret));
- printf ("done\n");
+ if (debug) printf ("done\n");
gnutls_x509_crt_print (ca, GNUTLS_CRT_PRINT_ONELINE, &tmp);
- printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data);
+ if (debug) printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data);
gnutls_free (tmp.data);
- printf ("\tVerifying...");
+ if (debug) printf ("\tVerifying...");
ret = gnutls_x509_crt_list_verify (certs, j,
&ca, 1, NULL, 0,
if (verify_status != chains[i].expected_verify_result)
{
- error (0, 0, "verify_status: %d expected: %d",
+ fail("verify_status: %d expected: %d",
verify_status, chains[i].expected_verify_result);
- exit_val = 1;
- if (argc > 1)
- {
- printf ("Exiting early with status...%d\n", exit_val);
- return exit_val;
- }
+
+ if (debug) exit(1);
}
- else
+ else if (debug)
printf ("done\n");
- printf ("\tCleanup...");
+ if (debug) printf ("\tCleanup...");
gnutls_x509_crt_deinit (ca);
for (j = 0; chains[i].chain[j]; j++)
gnutls_x509_crt_deinit (certs[j]);
- printf ("done\n");
+ if (debug) printf ("done\n");
}
gnutls_global_deinit ();
- printf ("Exit status...%d\n", exit_val);
+ if (debug) printf ("Exit status...%d\n", exit_val);
- return exit_val;
+ exit(exit_val);
}
fail ("gnutls_global_init\n");
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (4711);
+ if (debug)
+ gnutls_global_set_log_level (4711);
ret = gnutls_x509_crq_init (&crq);
if (ret != 0)
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crq_print\n");
- printf ("crq: %.*s\n", out.size, out.data);
+ if (debug) printf ("crq: %.*s\n", out.size, out.data);
gnutls_free (out.data);
ret = gnutls_x509_crt_set_version (crt, 3);
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crt_print\n");
- printf ("crt: %.*s\n", out.size, out.data);
+ if (debug) printf ("crt: %.*s\n", out.size, out.data);
gnutls_free (out.data);
gnutls_x509_crq_deinit (crq);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (4711);
+ if (debug)
+ gnutls_global_set_log_level (4711);
for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA; algorithm++)
{
{
fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret);
}
- else
+ else if (debug)
{
success ("Key[%s] generation ok: %d\n",
gnutls_pk_algorithm_get_name (algorithm), ret);
ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len);
if (ret == 0)
{
- success ("Key ids are identical. OK.\n");
+ if (debug) success ("Key ids are identical. OK.\n");
}
else
{
if (ret < 0)
return 1;
- printf ("success!\n");
+ //printf ("success!\n");
gnutls_x509_crt_deinit (crt);
gnutls_global_deinit ();
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
-// gnutls_global_set_log_level (99);
+// if (debug)
+// gnutls_global_set_log_level (99);
gnutls_psk_allocate_client_credentials (&pskcred);
gnutls_psk_set_client_credentials (pskcred, "test", &key,
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- fputc (buffer[ii], stdout);
- fputs ("\n", stdout);
+ if (debug)
+ {
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ fputc (buffer[ii], stdout);
+ fputs ("\n", stdout);
+ }
gnutls_bye (session, GNUTLS_SHUT_RDWR);
static int
pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
{
- printf ("psk callback to get %s's password\n", username);
+ if (debug) printf ("psk callback to get %s's password\n", username);
key->data = gnutls_malloc (4);
key->data[0] = 0xDE;
key->data[1] = 0xAD;
static void
server_start (void)
{
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
/* Socket operations
*/
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
void
}
if (ret < 0)
fail ("get_rdn_ava %d\n", ret);
- printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j,
+ if (debug)
+ printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j,
ava.oid.size, ava.oid.data, ava.value.size, ava.value.data);
}
}
if (ret < 0)
fail ("get_issuer %d\n", ret);
- printf ("Issuer:\n");
- print_dn (xdn);
+ if (debug)
+ {
+ printf ("Issuer:\n");
+ print_dn (xdn);
+ }
ret = gnutls_x509_crt_get_subject (cert, &xdn);
if (ret < 0)
fail ("get_subject %d\n", ret);
- printf ("Subject:\n");
- print_dn (xdn);
+ if (debug)
+ {
+ printf ("Subject:\n");
+ print_dn (xdn);
+ }
- success ("done\n");
+ if (debug) success ("done\n");
gnutls_x509_crt_deinit (cert);
gnutls_global_deinit ();
if (ret < 0)
fail ("x509_crt_print %d\n", ret);
- if (out.size == strlen (info) && strcmp (out.data, info) == 0)
- success ("comparison ok\n");
- else
+ if (out.size != strlen (info) || strcmp (out.data, info) != 0)
fail ("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n",
out.size, (int)strlen (info), info, out.size, out.data);
gnutls_global_deinit ();
gnutls_free (out.data);
- success ("done\n");
+ if (debug) success ("done\n");
}
static ssize_t
client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
{
- success ("client_pull len %d has %d\n", (int)len, (int)to_client_len);
+ if (debug) success ("client_pull len %d has %d\n", (int)len, (int)to_client_len);
if (to_client_len < len)
{
size_t newlen = to_server_len + len;
char *tmp;
- success ("client_push len %d has %d\n", (int)len, (int)to_server_len);
- hexprint (data, len);
+ if (debug)
+ {
+ success ("client_push len %d has %d\n", (int)len, (int)to_server_len);
+ hexprint (data, len);
+ }
tmp = realloc (to_server, newlen);
if (!tmp)
static ssize_t
server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
{
- success ("server_pull len %d has %d\n", (int)len, (int)to_server_len);
+ if (debug) success ("server_pull len %d has %d\n", (int)len, (int)to_server_len);
if (to_server_len < len)
{
size_t newlen = to_client_len + len;
char *tmp;
- success ("server_push len %d has %d\n", (int)len, (int)to_client_len);
-
- hexprint (data, len);
+ if (debug)
+ {
+ success ("server_push len %d has %d\n", (int)len, (int)to_client_len);
+ hexprint (data, len);
+ }
tmp = realloc (to_client, newlen);
if (!tmp)
client_finished_callback (gnutls_session_t session,
const void *finished, size_t len)
{
- success ("client finished (length %d)\n", (int)len);
- hexprint (finished, len);
+ if (debug)
+ {
+ success ("client finished (length %d)\n", (int)len);
+ hexprint (finished, len);
+ }
}
static void
server_finished_callback (gnutls_session_t session,
const void *finished, size_t len)
{
- success ("server finished (length %d)\n", (int)len);
- hexprint (finished, len);
+ if (debug)
+ {
+ success ("server finished (length %d)\n", (int)len);
+ hexprint (finished, len);
+ }
}
#define MAX_BUF 1024
{
if (cret == GNUTLS_E_AGAIN)
{
- success ("loop invoking client:\n");
+ if (debug) success ("loop invoking client:\n");
cret = gnutls_handshake (client);
- success ("client %d: %s\n", cret, gnutls_strerror (cret));
+ if (debug) success ("client %d: %s\n", cret, gnutls_strerror (cret));
}
if (sret == GNUTLS_E_AGAIN)
{
- success ("loop invoking server:\n");
+ if (debug) success ("loop invoking server:\n");
sret = gnutls_handshake (server);
- success ("server %d: %s\n", sret, gnutls_strerror (sret));
+ if (debug) success ("server %d: %s\n", sret, gnutls_strerror (sret));
}
}
while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
- success ("Handshake established\n");
+ if (debug) success ("Handshake established\n");
ns = gnutls_record_send (client, MSG, strlen (MSG));
- success ("client: sent %d\n", (int)ns);
+ if (debug) success ("client: sent %d\n", (int)ns);
ret = gnutls_record_recv (server, buffer, MAX_BUF);
if (ret == 0)
fail ("server: didn't receive any data\n");
else if (ret < 0)
fail ("server: error: %s\n", gnutls_strerror (ret));
- else
+ else if (debug)
{
printf ("server: received %d: ", ret);
for (n = 0; n < ret; n++)
}
ns = gnutls_record_send (server, MSG, strlen (MSG));
- success ("server: sent %d\n", (int)ns);
+ if (debug) success ("server: sent %d\n", (int)ns);
ret = gnutls_record_recv (client, buffer, MAX_BUF);
if (ret == 0)
{
fail ("client: Error: %s\n", gnutls_strerror (ret));
}
- else
+ else if (debug)
{
printf ("client: received %d: ", ret);
for (n = 0; n < ret; n++)
{
if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
"\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
- success ("_gnutls_hmac_fast(MD5) OK\n");
+ {
+ if (debug) success ("_gnutls_hmac_fast(MD5) OK\n");
+ }
else
{
hexprint (digest, 16);
if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
"\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
20) == 0)
- success ("_gnutls_hmac_fast(SHA1) OK\n");
+ {
+ if (debug) success ("_gnutls_hmac_fast(SHA1) OK\n");
+ }
else
{
hexprint (digest, 20);
{
if (memcmp (digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
"\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0)
- success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
+ {
+ if (debug) success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
+ }
else
{
hexprint (digest, 16);
fail ("gnutls_openpgp_crt_init: %d\n", ret);
#endif
- success ("Testing pem1...\n");
+ if (debug) success ("Testing pem1...\n");
data.data = pem1;
data.size = strlen (pem1);
ret = gnutls_x509_crt_check_hostname (x509, "foo");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem2...\n");
+ if (debug) success ("Testing pem2...\n");
data.data = pem2;
data.size = strlen (pem2);
ret = gnutls_x509_crt_check_hostname (x509, "foo");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem3...\n");
+ if (debug) success ("Testing pem3...\n");
data.data = pem3;
data.size = strlen (pem3);
ret = gnutls_x509_crt_check_hostname (x509, "foo");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "*.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem4...\n");
+ if (debug) success ("Testing pem4...\n");
data.data = pem4;
data.size = strlen (pem4);
ret = gnutls_x509_crt_check_hostname (x509, "foo");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "foo.example.com");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem5...\n");
+ if (debug) success ("Testing pem5...\n");
data.data = pem5;
data.size = strlen (pem5);
ret = gnutls_x509_crt_check_hostname (x509, "foo");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "1.2.3.4");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem6...\n");
+ if (debug) success ("Testing pem6...\n");
data.data = pem6;
data.size = strlen (pem6);
ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "bar.foo.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
- success ("Testing pem7...\n");
+ if (debug) success ("Testing pem7...\n");
data.data = pem7;
data.size = strlen (pem7);
ret = gnutls_x509_crt_check_hostname (x509, "foo.bar.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "foobar.bar.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "foobar.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "foobazbar.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
- success ("Testing pem8...\n");
+ if (debug) success ("Testing pem8...\n");
data.data = pem8;
data.size = strlen (pem8);
fail ("gnutls_x509_crt_import: %d\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.com");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "www.example.foo.com");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
- success ("Testing pem9...\n");
+ if (debug) success ("Testing pem9...\n");
data.data = pem9;
data.size = strlen (pem9);
ret = gnutls_x509_crt_check_hostname (x509, "foo.example.org");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
ret = gnutls_x509_crt_check_hostname (x509, "bar.example.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
- success ("Testing pem10...\n");
+ if (debug) success ("Testing pem10...\n");
data.data = pem10;
data.size = strlen (pem10);
ret = gnutls_x509_crt_check_hostname (x509, "localhost");
if (ret)
fail ("Hostname incorrectly matches (%d)\n", ret);
- else
- success ("Hostname correctly does not match (%d)\n", ret);
#ifdef ENABLE_OPENPGP
- success ("Testing pem11...\n");
+ if (debug) success ("Testing pem11...\n");
data.data = pem11;
data.size = strlen (pem11);
fail ("gnutls_openpgp_crt_import: %d\n", ret);
ret = gnutls_openpgp_crt_check_hostname (pgp, "test.gnutls.org");
- if (ret)
- success ("Hostname correctly matches (%d)\n", ret);
- else
+ if (!ret)
fail ("Hostname incorrectly does not match (%d)\n", ret);
gnutls_openpgp_crt_deinit (pgp);
gnutls_global_deinit ();
- success ("init-deinit round-trip success\n");
+ if (debug) success ("init-deinit round-trip success\n");
}
}
while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
handshake = 0;
- success ("Handshake established\n");
+ if (debug) success ("Handshake established\n");
ns = gnutls_record_send (client, MSG, strlen (MSG));
//success ("client: sent %d\n", ns);
else
{
transferred += ret;
- fputs ("*", stdout);
+ if (debug) fputs ("*", stdout);
}
ns = gnutls_record_send (server, MSG, strlen (MSG));
else
{
transferred += ret;
- fputs (".", stdout);
+ if (debug) fputs (".", stdout);
}
}
while (transferred < 7000);
- fputs ("\n", stdout);
+ if (debug) fputs ("\n", stdout);
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_bye (server, GNUTLS_SHUT_RDWR);
static ssize_t
client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
{
- success ("client_pull len %d has %d\n", (int)len, (int)to_client_len);
+ if (debug)
+ success ("client_pull len %d has %d\n", (int)len, (int)to_client_len);
if (to_client_len < len)
{
size_t newlen = to_server_len + len;
char *tmp;
- success ("client_push len %d has %d\n", (int)len, (int)to_server_len);
- hexprint (data, len);
+ if (debug)
+ {
+ success ("client_push len %d has %d\n", (int)len, (int)to_server_len);
+ hexprint (data, len);
+ }
tmp = realloc (to_server, newlen);
if (!tmp)
static ssize_t
server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
{
- success ("server_pull len %d has %d\n", (int)len, (int)to_server_len);
+ if (debug)
+ success ("server_pull len %d has %d\n", (int)len, (int)to_server_len);
if (to_server_len < len)
{
size_t newlen = to_client_len + len;
char *tmp;
- success ("server_push len %d has %d\n", (int)len, (int)to_client_len);
-
- hexprint (data, len);
+ if (debug)
+ {
+ success ("server_push len %d has %d\n", (int)len, (int)to_client_len);
+ hexprint (data, len);
+ }
tmp = realloc (to_client, newlen);
if (!tmp)
{
if (cret == GNUTLS_E_AGAIN)
{
- success ("loop invoking client:\n");
+ if (debug)
+ success ("loop invoking client:\n");
cret = gnutls_handshake (client);
- success ("client %d: %s\n", cret, gnutls_strerror (cret));
+ if (debug) success ("client %d: %s\n", cret, gnutls_strerror (cret));
}
if (sret == GNUTLS_E_AGAIN)
{
- success ("loop invoking server:\n");
+ if (debug) success ("loop invoking server:\n");
sret = gnutls_handshake (server);
- success ("server %d: %s\n", sret, gnutls_strerror (sret));
+ if (debug) success ("server %d: %s\n", sret, gnutls_strerror (sret));
}
}
while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN);
- success ("Handshake established\n");
+ if (debug) success ("Handshake established\n");
ns = gnutls_record_send (client, MSG, strlen (MSG));
- success ("client: sent %d\n", (int)ns);
+ if (debug) success ("client: sent %d\n", (int)ns);
ret = gnutls_record_recv (server, buffer, MAX_BUF);
if (ret == 0)
fail ("server: error: %s\n", gnutls_strerror (ret));
else
{
- printf ("server: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
+ if (debug)
+ {
+ printf ("server: received %d: ", ret);
+ for (n = 0; n < ret; n++)
+ fputc (buffer[n], stdout);
+ fputs ("\n", stdout);
+ }
}
ns = gnutls_record_send (server, MSG, strlen (MSG));
- success ("server: sent %d\n", (int)ns);
+ if (debug) success ("server: sent %d\n", (int)ns);
ret = gnutls_record_recv (client, buffer, MAX_BUF);
if (ret == 0)
}
else
{
- printf ("client: received %d: ", ret);
- for (n = 0; n < ret; n++)
- fputc (buffer[n], stdout);
- fputs ("\n", stdout);
+ if (debug)
+ {
+ printf ("client: received %d: ", ret);
+ for (n = 0; n < ret; n++)
+ fputc (buffer[n], stdout);
+ fputs ("\n", stdout);
+ }
}
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_global_init ();
- if (gnutls_x509_crt_init (&cert) == 0)
- success ("success: cert init\n");
- else
+ if (gnutls_x509_crt_init (&cert) != 0)
fail ("cert init failure\n");
- if (gnutls_x509_crt_import (cert, &cert_datum, GNUTLS_X509_FMT_PEM) == 0)
- success ("success: imported PEM cert\n");
- else
+ if (gnutls_x509_crt_import (cert, &cert_datum, GNUTLS_X509_FMT_PEM) != 0)
fail ("FAIL: could not import PEM cert\n");
- if (gnutls_x509_crt_get_subject (cert, &sdn) == 0)
- success ("success: got subject DN.\n");
- else
+ if (gnutls_x509_crt_get_subject (cert, &sdn) != 0)
fail ("FAIL: could not get subject DN.\n");
buflen = sizeof buf;
rv = gnutls_x509_dn_export (sdn, GNUTLS_X509_FMT_DER, buf, &buflen);
- if (rv == 0)
- success ("success: exported subject DN.\n");
- else
+ if (rv != 0)
fail ("FAIL: could not export subject DN: %s\n", gnutls_strerror (rv));
- if (gnutls_x509_dn_init (&dn2) == 0)
- success ("success: init DN.\n");
- else
+ if (gnutls_x509_dn_init (&dn2) != 0)
fail ("FAIL: DN init.\n");
datum.data = buf;
datum.size = buflen;
- if (gnutls_x509_dn_import (dn2, &datum) == 0)
- success ("success: re-import subject DN.\n");
- else
+ if (gnutls_x509_dn_import (dn2, &datum) != 0)
fail ("FAIL: re-import subject DN.\n");
buf2len = sizeof buf2;
rv = gnutls_x509_dn_export (dn2, GNUTLS_X509_FMT_DER, buf2, &buf2len);
- if (rv == 0)
- success ("success: exported subject DN.\n");
- else
+ if (rv != 0)
fail ("FAIL: could not export subject DN: %s\n", gnutls_strerror (rv));
- if (buflen == buf2len && memcmp (buf, buf2, buflen) == 0)
- success ("success: export/import/export match.\n");
- else
+ if (buflen == buf2len && memcmp (buf, buf2, buflen) != 0)
fail ("FAIL: export/import/export differ.\n");
gnutls_x509_dn_deinit (dn2);
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (99);
+ if (debug)
+ gnutls_global_set_log_level (99);
n1 = _gnutls_mpi_new (1000);
if (n1 == NULL)
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
+ if (debug)
+ gnutls_global_set_log_level (2);
if (gnutls_psk_netconf_derive_key ("password", "psk_identity",
"psk_identity_hint", &key) == 0)
- success ("success: gnutls_psk_netconf_derive_key\n");
+ {
+ if (debug) success ("success: gnutls_psk_netconf_derive_key\n");
+ }
else
fail ("gnutls_psk_netconf_derive_key failure\n");
hexprint (key.data, key.size);
if (key.size == 20 && memcmp (key.data, known, 20) == 0)
- success ("success: match.\n");
+ {
+ if (debug) success ("success: match.\n");
+ }
else
fail ("FAIL: key differ.\n");
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include "utils.h"
+
/* Thanks to Tomas Hoger <thoger@redhat.com> for generating the two
certs that trigger this bug. */
badguy_nul_san_data, sizeof (badguy_nul_san_data)
};
-int
-main (void)
+void doit(void)
{
gnutls_x509_crt_t crt;
int ret;
- int exit_code = 0;
ret = gnutls_global_init ();
if (ret < 0)
{
- puts ("gnutls_global_init");
- return 1;
+ fail ("gnutls_global_init");
+ exit(1);
}
ret = gnutls_x509_crt_init (&crt);
if (ret != 0)
{
- puts ("gnutls_x509_crt_init");
- return 1;
+ fail("gnutls_x509_crt_init");
+ exit(1);
}
ret = gnutls_x509_crt_import (crt, &badguy_nul_cn, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
- puts ("gnutls_x509_crt_import");
- return 1;
+ fail("gnutls_x509_crt_import");
+ exit(1);
}
ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com");
if (ret == 0)
{
- puts ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
+ if (debug) success("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)");
}
else
{
- puts ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)");
- exit_code = 1;
+ fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)");
}
ret = gnutls_x509_crt_import (crt, &badguy_nul_san, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
- puts ("gnutls_x509_crt_import");
- return 1;
+ fail ("gnutls_x509_crt_import");
+ exit(1);
}
ret = gnutls_x509_crt_check_hostname (crt, "www.bank.com");
if (ret == 0)
{
- puts ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
+ if (debug) success("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)");
}
else
{
- puts ("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)");
- exit_code = 1;
+ fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)");
}
gnutls_x509_crt_deinit (crt);
gnutls_global_deinit ();
- return exit_code;
}
fail ("init %d\n", ret);
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
+ if (debug)
+ gnutls_global_set_log_level (2);
ret = gnutls_global_init_extra ();
if (ret < 0)
if (ret != 0)
fail ("keyring-check-id second key %d\n", ret);
- success ("done\n");
+ if (debug) success ("done\n");
gnutls_openpgp_keyring_deinit (keyring);
gnutls_global_deinit ();
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (2);
+ if (debug)
+ gnutls_global_set_log_level (2);
gnutls_certificate_allocate_credentials (&xcred);
/* sets the trusted cas file
*/
- success ("Setting key files...\n");
+ if (debug) success ("Setting key files...\n");
ret = gnutls_certificate_set_openpgp_key_mem (xcred, &cert, &key,
GNUTLS_OPENPGP_FMT_BASE64);
/* connect to the peer
*/
- success ("Connecting...\n");
+ if (debug) success ("Connecting...\n");
sd = tcp_connect ();
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
gnutls_perror (ret);
goto end;
}
- else
+ else if (debug)
{
success ("client: Handshake was completed\n");
}
- success ("client: TLS version is: %s\n",
+ if (debug) success ("client: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ if (debug)
{
- fputc (buffer[ii], stdout);
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
fail ("Could not set server key files...\n");
}
- success ("Launched, setting DH parameters...\n");
+ if (debug) success ("Launched, setting DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
- success ("server: TLS version is: %s\n",
+ if (debug) success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
i = 0;
for (;;)
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
hexprint (md, sizeof (md));
fail ("MD5 failure\n");
}
- else
+ else if (debug)
success ("MD5 OK\n");
}
gnutls_global_deinit ();
- success ("import ok\n");
+ if (debug) success ("import ok\n");
}
#include <gnutls/x509.h>
#include <gnutls/pkcs12.h>
+#include "utils.h"
+
#include <error.h>
#include <stdio.h>
#include <stdlib.h>
"PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t ca_dat = { ca_pem, sizeof (ca_pem) };
-int
-main (void)
+void doit(void)
{
gnutls_pkcs12_t pkcs12;
gnutls_x509_crt_t client;
if (ret < 0)
error (EXIT_FAILURE, 0, "pkcs12_export: %d", ret);
- fwrite (outbuf, size, 1, stdout);
+ if (debug) fwrite (outbuf, size, 1, stdout);
/* Cleanup. */
gnutls_pkcs12_deinit (pkcs12);
gnutls_x509_crt_deinit (ca);
gnutls_global_deinit ();
- return 0;
}
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (99);
+ if (debug)
+ gnutls_global_set_log_level (99);
x = 0;
for (i = 1; i < 4; i++)
tmp, sizeof (tmp)), values[x]) != 0)
fail ("_gnutls_pkcs12_string_to_key failed[1]\n");
- printf ("ij: %d.%d: %s\n", i, j,
+ if (debug)
+ printf ("ij: %d.%d: %s\n", i, j,
_gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp)));
x++;
}
}
- printf ("\n");
+ if (debug) printf ("\n");
for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
{
tv[i].key, tv[i].keylen) != 0)
fail ("_gnutls_pkcs12_string_to_key failed[3]\n");
- printf ("tv[%d]: %s\n", i,
+ if (debug)
+ printf ("tv[%d]: %s\n", i,
_gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp)));
}
- printf ("\n");
+ if (debug) printf ("\n");
gnutls_global_deinit ();
- success ("_gnutls_pkcs12_string_to_key ok\n");
+ if (debug) success ("_gnutls_pkcs12_string_to_key ok\n");
}
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
static int
pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
{
- printf ("psk: username %s\n", username);
+ if (debug) printf ("psk: username %s\n", username);
key->data = gnutls_malloc (4);
key->data[0] = 0xDE;
key->data[1] = 0xAD;
static void
server_start (void)
{
- success ("Launched...\n");
+ if (debug) success ("Launched...\n");
/* Socket operations
*/
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
void
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
if (t == 0)
if (gnutls_session_is_resumed (session) != 0)
{
if (params->expect_resume)
- success ("- Previous session was resumed\n");
+ {
+ if (debug) success ("- Previous session was resumed\n");
+ }
else
fail ("- Previous session was resumed\n");
}
if (params->expect_resume)
fail ("*** Previous session was NOT resumed\n");
else
- success ("*** Previous session was NOT resumed (expected)\n");
+ {
+ if (debug) success ("*** Previous session was NOT resumed (expected)\n");
+ }
}
}
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
global_stop (void)
{
- success ("global stop\n");
+ if (debug) success ("global stop\n");
gnutls_anon_free_server_credentials (anoncred);
gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&anoncred);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_free (session_ticket_key.data);
session_ticket_key.data = NULL;
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
void
for (i = 0; resume_tests[i].desc; i++)
{
- printf ("%s\n", resume_tests[i].desc);
+ if (debug) printf ("%s\n", resume_tests[i].desc);
global_start ();
if (error_count)
static int
wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
{
- success ("resume db storing... (%d-%d)\n", key.size, data.size);
+ if (debug) success ("resume db storing... (%d-%d)\n", key.size, data.size);
if (debug)
{
gnutls_datum_t res = { NULL, 0 };
int i;
- success ("resume db fetch... (%d)\n", key.size);
+ if (debug) success ("resume db fetch... (%d)\n", key.size);
if (debug)
{
unsigned int i;
if (key.size == cache_db[i].session_id_size &&
memcmp (key.data, cache_db[i].session_id, key.size) == 0)
{
- success ("resume db fetch... return info\n");
+ if (debug) success ("resume db fetch... return info\n");
res.size = cache_db[i].session_data_size;
if (!password)
password = "foobar";
- success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ if (debug) success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
file, password);
ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
file,
if (ret < 0)
fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
- success ("Read file OK\n");
+ if (debug) success ("Read file OK\n");
gnutls_certificate_free_credentials (x509cred);
if (!password)
password = "";
- success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ if (debug) success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
file, password);
ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred,
file,
if (ret < 0)
fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret));
- success ("Read file OK\n");
+ if (debug) success ("Read file OK\n");
gnutls_certificate_free_credentials (x509cred);
$CERTTOOL --generate-self-signed --template template \
--load-privkey $srcdir/key-ca.pem \
--outfile new-ca.pem \
- --hash sha512
+ --hash sha512 >/dev/null 2>&1
echo ca > template
echo cn = "SHA 384 sub-CA" >> template
--load-ca-certificate new-ca.pem \
--load-privkey $srcdir/key-subca.pem \
--outfile new-subca.pem \
- --hash sha384
+ --hash sha384 >/dev/null 2>&1
echo ca > template
echo cn = "SHA 256 sub-sub-CA" >> template
--load-ca-certificate new-subca.pem \
--load-privkey $srcdir/key-subsubca.pem \
--outfile new-subsubca.pem \
- --hash sha256
+ --hash sha256 >/dev/null 2>&1
echo ca > template
echo cn = "End-user" >> template
--load-ca-privkey $srcdir/key-subsubca.pem \
--load-ca-certificate new-subsubca.pem \
--load-privkey $srcdir/key-user.pem \
- --outfile new-user.pem
+ --outfile new-user.pem >/dev/null 2>&1
num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | $CERTTOOL --verify-chain | tee verify | grep -c Verified`
-cat verify
+#cat verify
if test "$num" != "5"; then
echo Verification failure
exit 1
-else
- echo Test OK
fi
rm -f verify new-user.pem new-subsubca.pem new-subca.pem new-ca.pem template
void
doit (void)
{
- printf ("GnuTLS header version %s.\n", GNUTLS_VERSION);
- printf ("GnuTLS library version %s.\n", gnutls_check_version (NULL));
+ if (debug)
+ {
+ printf ("GnuTLS header version %s.\n", GNUTLS_VERSION);
+ printf ("GnuTLS library version %s.\n", gnutls_check_version (NULL));
+ }
- if (gnutls_check_version (GNUTLS_VERSION))
- success ("gnutls_check_version OK\n");
- else
+ if (!gnutls_check_version (GNUTLS_VERSION))
fail ("gnutls_check_version ERROR\n");
{
for (i = 0; algs[i]; i++)
{
- printf ("pk_list[%d] = %d = %s = %d\n", (int)i, algs[i],
+ if (debug) printf ("pk_list[%d] = %d = %s = %d\n", (int)i, algs[i],
gnutls_pk_algorithm_get_name (algs[i]),
gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])));
if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))
if (pk != GNUTLS_PK_UNKNOWN)
fail ("gnutls_pk unknown test failed (%d)\n", pk);
- success ("gnutls_pk_list ok\n");
+ if (debug) success ("gnutls_pk_list ok\n");
}
{
for (i = 0; algs[i]; i++)
{
- printf ("sign_list[%d] = %d = %s = %d\n", (int)i, algs[i],
+ if (debug)
+ printf ("sign_list[%d] = %d = %s = %d\n", (int)i, algs[i],
gnutls_sign_algorithm_get_name (algs[i]),
gnutls_sign_get_id (gnutls_sign_algorithm_get_name
(algs[i])));
if (pk != GNUTLS_PK_UNKNOWN)
fail ("gnutls_sign unknown test failed (%d)\n", pk);
- success ("gnutls_sign_list ok\n");
+ if (debug) success ("gnutls_sign_list ok\n");
}
}
static int iter = 0;
const char *p;
- if (last)
- printf ("client: received %d bytes AVP: `%.*s'\n",
+ if (debug)
+ {
+ if (last)
+ printf ("client: received %d bytes AVP: `%.*s'\n",
(int)lastlen, (int) lastlen, last);
- else
- printf ("client: new application phase\n");
+ else
+ printf ("client: new application phase\n");
+ }
switch (iter)
{
return -1;
*newlen = strlen (*new);
- printf ("client: sending %d bytes AVP: `%s'\n", (int)*newlen, *new);
+ if (debug) printf ("client: sending %d bytes AVP: `%s'\n", (int)*newlen, *new);
gnutls_ia_permute_inner_secret (session, 3, "foo");
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
/*
fail ("client: No TLS/IA negotiation\n");
else
{
- success ("client: TLS/IA handshake\n");
+ if (debug) success ("client: TLS/IA handshake\n");
ret = gnutls_ia_handshake (session);
}
else
{
- success ("client: TLS/IA Handshake was completed\n");
+ if (debug) success ("client: TLS/IA Handshake was completed\n");
}
}
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
static int iter = 0;
const char *p;
- if (last)
+ if (last && debug)
printf ("server: received %d bytes AVP: `%.*s'\n",
(int)lastlen, (int) lastlen, last);
if (strcmp (p, "1") == 0)
{
- success ("server: Sending IntermediatePhaseFinished...\n");
+ if (debug) success ("server: Sending IntermediatePhaseFinished...\n");
return 1;
}
if (strcmp (p, "2") == 0)
{
- success ("server: Sending FinalPhaseFinished...\n");
+ if (debug) success ("server: Sending FinalPhaseFinished...\n");
return 2;
}
return -1;
*newlen = strlen (*new);
- printf ("server: sending %d bytes AVP: `%s'\n", (int)*newlen, *new);
+ if (debug) printf ("server: sending %d bytes AVP: `%s'\n", (int)*newlen, *new);
return 0;
}
return;
}
- success ("server: ready. Listening to port '%d'\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'\n", PORT);
}
static void
gnutls_anon_allocate_server_credentials (&anoncred);
gnutls_ia_allocate_server_credentials (&iacred);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
if (!gnutls_ia_handshake_p (session))
fail ("server: No TLS/IA negotiation\n");
else
{
- success ("server: TLS/IA handshake\n");
+ if (debug) success ("server: TLS/IA handshake\n");
ret = gnutls_ia_handshake (session);
}
else
{
- success ("server: TLS/IA Handshake was completed\n");
+ if (debug) success ("server: TLS/IA Handshake was completed\n");
}
}
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
void
fail ("unexpected number of alt names: %i\n", alt_name_count);
}
- success ("done\n");
+ if (debug) success ("done\n");
gnutls_x509_crt_deinit (cert);
gnutls_global_deinit ();
return -1;
}
- success ("client: invoked to provide client cert.\n");
+ if (debug) success ("client: invoked to provide client cert.\n");
result = gnutls_x509_dn_init (&dn);
if (result < 0)
{
gnutls_x509_ava_st val;
- success ("client: imported DN.\n");
+ if (debug) success ("client: imported DN.\n");
if (gnutls_x509_dn_get_rdn_ava (dn, 0, 0, &val) == 0)
{
- success ("client: got RDN 0.\n");
+ if (debug) success ("client: got RDN 0.\n");
if (val.value.size == strlen (EXPECT_RDN0)
&& strncmp (val.value.data, EXPECT_RDN0, val.value.size) == 0)
{
- success ("client: RND 0 correct.\n");
+ if (debug) success ("client: RND 0 correct.\n");
}
else
{
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
- success ("client: TLS version is: %s\n",
+ if (debug) success ("client: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ if (debug)
{
- fputc (buffer[ii], stdout);
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
- success ("server: TLS version is: %s\n",
+ if (debug) success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
i = 0;
for (;;)
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
gnutls_perror (ret);
goto end;
}
- else
+ else if (debug)
{
success ("client: Handshake was completed\n");
}
- success ("client: TLS version is: %s\n",
+ if (debug) success ("client: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
ret = gnutls_record_send (session, MSG, strlen (MSG));
if (ret == strlen (MSG))
{
- success ("client: sent record.\n");
+ if (debug) success ("client: sent record.\n");
}
else
{
ret = gnutls_record_recv (session, buffer, MAX_BUF);
- success ("client: recv returned %d.\n", ret);
+ if (debug) success ("client: recv returned %d.\n", ret);
if (ret == GNUTLS_E_REHANDSHAKE)
{
- success ("client: doing handshake!\n");
+ if (debug) success ("client: doing handshake!\n");
ret = gnutls_handshake (session);
if (ret == 0)
{
- success ("client: handshake complete, reading again.\n");
+ if (debug) success ("client: handshake complete, reading again.\n");
ret = gnutls_record_recv (session, buffer, MAX_BUF);
}
else
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ if (debug)
{
- fputc (buffer[ii], stdout);
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
-
- success ("server: TLS version is: %s\n",
+ if (debug)
+ {
+ success ("server: Handshake was completed\n");
+ success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
+ }
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
i = 0;
for (;;)
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_certificate_server_set_request (session,
GNUTLS_CERT_REQUEST);
- success ("server: got data, forcing rehandshake.\n");
+ if (debug) success ("server: got data, forcing rehandshake.\n");
ret = gnutls_rehandshake (session);
if (ret < 0)
break;
}
- success ("server: rehandshake complete.\n");
+ if (debug) success ("server: rehandshake complete.\n");
/* echo data back to the client
*/
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}
for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
{
- success ("loop %d\n", (int)i);
+ if (debug) success ("loop %d\n", (int)i);
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
}
else
{
- success ("client: Handshake was completed\n");
+ if (debug) success ("client: Handshake was completed\n");
}
- success ("client: TLS version is: %s\n",
+ if (debug) success ("client: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
- success ("client: Peer has closed the TLS connection\n");
+ if (debug) success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
goto end;
}
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ if (debug)
{
- fputc (buffer[ii], stdout);
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
return;
}
- success ("server: ready. Listening to port '%d'.\n", PORT);
+ if (debug) success ("server: ready. Listening to port '%d'.\n", PORT);
}
static void
gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
GNUTLS_X509_FMT_PEM);
- success ("Launched, generating DH parameters...\n");
+ if (debug) success ("Launched, generating DH parameters...\n");
generate_dh_params ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- success ("server: connection from %s, port %d\n",
+ if (debug) success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
- success ("server: Handshake was completed\n");
+ if (debug) success ("server: Handshake was completed\n");
- success ("server: TLS version is: %s\n",
+ if (debug) success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
/* see the Getting peer's information example */
- print_info (session);
+ if (debug) print_info (session);
i = 0;
for (;;)
if (ret == 0)
{
- success ("server: Peer has closed the GNUTLS connection\n");
+ if (debug) success ("server: Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
gnutls_global_deinit ();
- success ("server: finished\n");
+ if (debug) success ("server: finished\n");
}