]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
gnutls-cli-debug: added test that checks the fallback from TLS 1.6
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 17 Oct 2014 11:46:10 +0000 (13:46 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 17 Oct 2014 11:46:10 +0000 (13:46 +0200)
src/cli-debug.c
src/tests.c
src/tests.h

index c12d3ab06b8dc5fcb5e54a564d5b2ac0aee6db2f..9a360d94e9212ddf14f4fe86379491d23aa01e61 100644 (file)
@@ -62,6 +62,7 @@ extern int tls1_ok;
 extern int tls1_1_ok;
 extern int tls1_2_ok;
 extern int ssl3_ok;
+extern const char *ext_text;
 
 static void tls_log_func(int level, const char *str)
 {
@@ -88,6 +89,8 @@ static const TLS_TEST tls_tests[] = {
         "failed",
         "SSL 3.0"},
        {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
+       {"fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
+        "failed", "dunno"},
        /* The following tests will disable TLS 1.x if the server is
         * buggy */
        {"whether we need to disable TLS 1.2", test_tls_disable2, "no",
@@ -271,9 +274,12 @@ int main(int argc, char **argv)
 
                        ret = tls_tests[i].func(state);
 
-                       if (ret == TEST_SUCCEED)
-                               printf(" %s\n", tls_tests[i].suc_str);
-                       else if (ret == TEST_FAILED)
+                       if (ret == TEST_SUCCEED) {
+                               if (tls_tests[i].suc_str == NULL)
+                                       printf(" %s\n", ext_text);
+                               else
+                                       printf(" %s\n", tls_tests[i].suc_str);
+                       } else if (ret == TEST_FAILED)
                                printf(" %s\n", tls_tests[i].fail_str);
                        else if (ret == TEST_UNSURE)
                                printf(" %s\n", tls_tests[i].unsure_str);
index 477871a8a04cf92daf01a9efb1eecd8604337337..06612f8deefbb22406633f90d1e6d07469da583b 100644 (file)
 #include <common.h>
 #include <tests.h>
 
+void _gnutls_record_set_default_version(gnutls_session_t session,
+                                       unsigned char major,
+                                       unsigned char minor);
+
+void _gnutls_hello_set_default_version(gnutls_session_t session,
+                                       unsigned char major,
+                                       unsigned char minor);
+
+
 extern gnutls_srp_client_credentials_t srp_cred;
 extern gnutls_anon_client_credentials_t anon_cred;
 extern gnutls_certificate_credentials_t xcred;
 
 extern unsigned int verbose;
 
+const char *ext_text = "";
 int tls1_ok = 0;
 int ssl3_ok = 0;
 int tls1_1_ok = 0;
@@ -674,6 +684,27 @@ test_code_t test_tls1_1_fallback(gnutls_session_t session)
 
 }
 
+test_code_t test_tls1_6_fallback(gnutls_session_t session)
+{
+       int ret;
+
+       sprintf(prio_str,
+               INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+               ":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
+               ALL_KX ":%s", rest);
+       _gnutls_priority_set_direct(session, prio_str);
+
+       gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+       _gnutls_hello_set_default_version(session, 3, 7);
+
+       ret = do_handshake(session);
+       if (ret != TEST_SUCCEED)
+               return TEST_FAILED;
+
+       ext_text = gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+       return TEST_SUCCEED;
+}
+
 /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
  * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
  */
@@ -869,10 +900,6 @@ test_code_t test_small_records(gnutls_session_t session)
        return ret;
 }
 
-void _gnutls_record_set_default_version(gnutls_session_t session,
-                                       unsigned char major,
-                                       unsigned char minor);
-
 test_code_t test_version_rollback(gnutls_session_t session)
 {
        int ret;
index def0eaa18271fe4e42b531c0050424e75e70ec4e..2ecf8bfc817fed5652a8f73bf0b3d4751648b975 100644 (file)
@@ -43,6 +43,7 @@ test_code_t test_safe_renegotiation_scsv(gnutls_session_t state);
 test_code_t test_tls1_1(gnutls_session_t state);
 test_code_t test_tls1_2(gnutls_session_t state);
 test_code_t test_tls1_1_fallback(gnutls_session_t state);
+test_code_t test_tls1_6_fallback(gnutls_session_t state);
 test_code_t test_tls_disable0(gnutls_session_t state);
 test_code_t test_tls_disable1(gnutls_session_t state);
 test_code_t test_tls_disable2(gnutls_session_t state);