gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Tue, 25 Nov 2014 10:47:56 +0000 (11:47 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Fri, 28 Nov 2014 09:39:58 +0000 (10:39 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 25 Nov 2014 10:47:56 +0000 (11:47 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 28 Nov 2014 09:39:58 +0000 (10:39 +0100)
diff --git a/src/cli-debug.c b/src/cli-debug.c

index 5bc55241ee29f976d0131b2243d10dac9453af3d..fa0c087c5ecac5e217a6c42102bd1d6c7ddcbe84 100644 (file)
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -82,6 +82,8 @@ typedef struct {
  
  static const TLS_TEST tls_tests[] = {
         {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"},
+       {"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
+        "dunno"},
         {"whether \%COMPAT is required", test_record_padding, "no", "yes",
          "dunno"},
         {"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
@@ -105,8 +107,6 @@ static const TLS_TEST tls_tests[] = {
         {"for certificate information", test_certificate, NULL, "", ""},
         {"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"},
         {"for trusted CAs", test_server_cas, NULL, "", ""},
-       {"whether Hello Extensions are accepted",
-        test_hello_extension, "yes", "no", "dunno"},
         {"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes",
          "no", "dunno"},
         {"for Safe renegotiation support (SCSV)",
diff --git a/src/tests.c b/src/tests.c

index 886f9decdfd0659ab548b555645223973620a06b..e6b3834ea7a4775a13aae396fb09050122921b0b 100644 (file)
--- a/src/tests.c
+++ b/src/tests.c
@@ -51,6 +51,7 @@ extern gnutls_certificate_credentials_t xcred;
  extern unsigned int verbose;
  
  const char *ext_text = "";
+int tls_ext_ok = 1;
  int tls1_ok = 0;
  int ssl3_ok = 0;
  int tls1_1_ok = 0;
@@ -204,6 +205,9 @@ test_code_t test_ecdhe(gnutls_session_t session)
  {
         int ret;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str, INIT_STR
                 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
                 ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str,
@@ -227,6 +231,9 @@ test_code_t test_safe_renegotiation(gnutls_session_t session)
  {
         int ret;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str, INIT_STR
                 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
                 ":" ALL_KX ":%s:%%SAFE_RENEGOTIATION", rest, protocol_str);
@@ -244,6 +251,9 @@ test_code_t test_ocsp_status(gnutls_session_t session)
         int ret;
         gnutls_datum_t resp;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str, INIT_STR
                 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
                 ":" ALL_KX":%s", protocol_str, rest);
@@ -270,6 +280,9 @@ test_code_t test_etm(gnutls_session_t session)
  {
         int ret;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str, INIT_STR
                 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
                 ":%s:" ALL_KX, rest, protocol_str);
@@ -292,6 +305,9 @@ test_code_t test_ext_master_secret(gnutls_session_t session)
  {
         int ret;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str, INIT_STR
                 ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
                 ":%s:" ALL_KX, rest, protocol_str);
@@ -564,6 +580,9 @@ test_code_t test_openpgp1(gnutls_session_t session)
  {
         int ret;
  
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str,
                 INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:"
                 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
@@ -751,6 +770,28 @@ test_code_t test_record_padding(gnutls_session_t session)
         return ret;
  }
  
+test_code_t test_no_extensions(gnutls_session_t session)
+{
+       int ret;
+
+       sprintf(prio_str,
+               INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+               ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+       _gnutls_priority_set_direct(session, prio_str);
+       gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+       gnutls_record_set_max_size(session, 4096);
+
+       ret = do_handshake(session);
+       if (ret == TEST_SUCCEED) {
+               tls_ext_ok = 1;
+       } else {
+               tls_ext_ok = 0;
+               strcat(rest, ":%NO_EXTENSIONS");
+       }
+
+       return ret;
+}
+
  test_code_t test_tls1_2(gnutls_session_t session)
  {
         int ret;
@@ -960,6 +1001,10 @@ test_code_t test_rsa_pms(gnutls_session_t session)
  test_code_t test_max_record_size(gnutls_session_t session)
  {
         int ret;
+
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str,
                 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
                 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
@@ -978,25 +1023,11 @@ test_code_t test_max_record_size(gnutls_session_t session)
         return TEST_FAILED;
  }
  
-test_code_t test_hello_extension(gnutls_session_t session)
-{
-       int ret;
-
-       sprintf(prio_str,
-               INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
-               ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
-       _gnutls_priority_set_direct(session, prio_str);
-       gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
-       gnutls_record_set_max_size(session, 4096);
-
-       ret = do_handshake(session);
-
-
-       return ret;
-}
-
  test_code_t test_heartbeat_extension(gnutls_session_t session)
  {
+       if (tls_ext_ok == 0)
+               return TEST_IGNORE;
+
         sprintf(prio_str,
                 INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
                 ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
diff --git a/src/tests.h b/src/tests.h

index a232c146b8be8bdc7116c281ad94bc8ed1496a21..335292957bfd80266dda2d1cf63bb44629e7554f 100644 (file)
--- a/src/tests.h
+++ b/src/tests.h
@@ -25,7 +25,7 @@ typedef enum {
  test_code_t test_chain_order(gnutls_session_t session);
  test_code_t test_server(gnutls_session_t state);
  test_code_t test_record_padding(gnutls_session_t state);
-test_code_t test_hello_extension(gnutls_session_t state);
+test_code_t test_no_extensions(gnutls_session_t state);
  test_code_t test_heartbeat_extension(gnutls_session_t state);
  test_code_t test_small_records(gnutls_session_t state);
  test_code_t test_dhe(gnutls_session_t state);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Tue, 25 Nov 2014 10:47:56 +0000 (11:47 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Fri, 28 Nov 2014 09:39:58 +0000 (10:39 +0100)
src/cli-debug.c		patch \| blob \| blame \| history
src/tests.c		patch \| blob \| blame \| history
src/tests.h		patch \| blob \| blame \| history