gnutls-cli-debug: fix EtM and extended master secret discovery

In particular do not set the GNUTLS_NO_EXTENSIONS flag by default,
and only enable block ciphers for the EtM check.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/src/cli-debug.c b/src/cli-debug.c
index 26937269b79109a189762b429e2ad15e18594a8e..a23fb9a1894cd05e64a7cf5c3d7561b14b7f29eb 100644 (file)
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -190,7 +190,7 @@ const char *ip;
 gnutls_session_t init_tls_session(const char *host)
 {
        gnutls_session_t state = NULL;
-       gnutls_init(&state, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
+       gnutls_init(&state, GNUTLS_CLIENT);
 
        set_read_funcs(state);
        if (host && is_ip(host) == 0)

diff --git a/src/tests.c b/src/tests.c
index b51045f365f4273998d67cecc023d5035470800a..a38ec41789e6b91cf249987ae036ca52b9fe9a4c 100644 (file)
--- a/src/tests.c
+++ b/src/tests.c
@@ -87,7 +87,6 @@ static int do_handshake(gnutls_session_t session)
 
        if (ret < 0)
                return TEST_FAILED;
-
        gnutls_session_get_data(session, NULL, &session_data_size);
 
        if (sfree != 0) {
@@ -412,7 +411,7 @@ test_code_t test_etm(gnutls_session_t session)
                return TEST_IGNORE;
 
        sprintf(prio_str, INIT_STR
-               ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
+               "+AES-128-CBC:+AES-256-CBC:" ALL_COMP ":%s:" ALL_MACS
                ":%s:" ALL_KX, rest, protocol_str);
        _gnutls_priority_set_direct(session, prio_str);