char prio_str[256] = "";
#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
+#define BLOCK_CIPHERS "+3DES-CBC"
#define ALL_COMP "+COMP-NULL"
#define ALL_MACS "+SHA1:+MD5"
#define ALL_CERTTYPES "+CTYPE-X509"
-#define REST "%%UNSAFE_RENEGOTIATION"
#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT"
#define INIT_STR "NONE:"
+char rest[128] = "%UNSAFE_RENEGOTIATION";
static inline void
_gnutls_priority_set_direct (gnutls_session_t session, const char *str)
if (ret < 0)
{
- fprintf (stderr, "Error in %s\n", err);
+ fprintf (stderr, "Error with string %s\n", str);
+ fprintf (stderr, "Error at %s: %s\n", err, gnutls_strerror(ret));
exit (1);
}
}
sprintf (prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":" REST, protocol_str);
+ ALL_KX ":" "%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str, INIT_STR
"+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":" REST, protocol_str);
+ ALL_MACS ":" ALL_KX ":%s" , protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str, INIT_STR
"+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":" REST, protocol_str);
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:" REST, protocol_str);
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+DHE-RSA:+DHE-DSS:" REST, protocol_str);
+ ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:"
- ALL_MACS ":" ALL_KX ":" REST);
+ ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":"
- ALL_KX ":" REST, protocol_str);
+ ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str, INIT_STR
- INIT_STR "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":" REST, protocol_str);
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
#ifdef ENABLE_CAMELLIA
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
#else
sprintf (prio_str,
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:" ALL_MACS ":" ALL_KX ":" REST, protocol_str);
+ ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
#endif
sprintf (prio_str,
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+MD5:" ALL_KX ":" REST, protocol_str);
+ ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":+COMP-ZLIB:" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":%s:+SHA1:" ALL_KX ":" REST, protocol_str);
+ ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" "+RSA-EXPORT" ":" REST, protocol_str);
+ ":" "+RSA-EXPORT" ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":" REST);
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
}
+test_code_t
+test_record_padding (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf (prio_str,
+ INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+ ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+ if (ret == TEST_SUCCEED)
+ tls1_ok = 1;
+ else
+ strcat(rest, ":%COMPAT");
+
+ return ret;
+
+}
+
test_code_t
test_tls1_2 (gnutls_session_t session)
{
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":" REST);
+ ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":" REST);
+ ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
- ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":"
- REST);
+ ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s",
+ rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
*/
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+RSA:" REST, protocol_str);
+ ":+RSA:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
int ret;
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
*/
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 3, 0);
*/
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 5, 5);
*/
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":+ANON-DH:" REST, protocol_str);
+ ":+ANON-DH:%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
sprintf (prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
- ":" ALL_KX ":" REST, protocol_str);
+ ":" ALL_KX ":%s", protocol_str, rest);
_gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
} TLS_TEST;
static const TLS_TEST tls_tests[] = {
+ {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
+ {"whether \%COMPAT is required", test_record_padding, "no", "yes", "dunno"},
+ {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
+ {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
+ {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
+ "SSL 3.0"},
+ {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
+ /* this test will disable TLS 1.0 if the server is
+ * buggy */
+ {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
+ "dunno"},
{"for Safe renegotiation support", test_safe_renegotiation, "yes", "no",
"dunno"},
{"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv,
"yes", "no", "dunno"},
- {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
- {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
- {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
- "SSL 3.0"},
- {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
- {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
{"for HTTPS server name", test_server, "", "failed", "not checked"},
{"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
"dunno"},
{"for version rollback bug in Client Hello", test_version_rollback,
"no", "yes", "dunno"},
- /* this test will disable TLS 1.0 if the server is
- * buggy */
- {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
- "dunno"},
{"whether the server ignores the RSA PMS version",
test_rsa_pms_version_check, "yes", "no", "dunno"},