static const TLS_TEST tls_tests[] = {
{"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"},
+ {"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
+ "dunno"},
{"whether \%COMPAT is required", test_record_padding, "no", "yes",
"dunno"},
{"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
{"for certificate information", test_certificate, NULL, "", ""},
{"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"},
{"for trusted CAs", test_server_cas, NULL, "", ""},
- {"whether Hello Extensions are accepted",
- test_hello_extension, "yes", "no", "dunno"},
{"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes",
"no", "dunno"},
{"for Safe renegotiation support (SCSV)",
extern unsigned int verbose;
const char *ext_text = "";
+int tls_ext_ok = 1;
int tls1_ok = 0;
int ssl3_ok = 0;
int tls1_1_ok = 0;
{
int ret;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str,
{
int ret;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
":" ALL_KX ":%s:%%SAFE_RENEGOTIATION", rest, protocol_str);
int ret;
gnutls_datum_t resp;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
":" ALL_KX":%s", protocol_str, rest);
{
int ret;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
":%s:" ALL_KX, rest, protocol_str);
{
int ret;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str, INIT_STR
ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
":%s:" ALL_KX, rest, protocol_str);
{
int ret;
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:"
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
return ret;
}
+test_code_t test_no_extensions(gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_record_set_max_size(session, 4096);
+
+ ret = do_handshake(session);
+ if (ret == TEST_SUCCEED) {
+ tls_ext_ok = 1;
+ } else {
+ tls_ext_ok = 0;
+ strcat(rest, ":%NO_EXTENSIONS");
+ }
+
+ return ret;
+}
+
test_code_t test_tls1_2(gnutls_session_t session)
{
int ret;
test_code_t test_max_record_size(gnutls_session_t session)
{
int ret;
+
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
return TEST_FAILED;
}
-test_code_t test_hello_extension(gnutls_session_t session)
-{
- int ret;
-
- sprintf(prio_str,
- INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
- ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
- _gnutls_priority_set_direct(session, prio_str);
- gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_record_set_max_size(session, 4096);
-
- ret = do_handshake(session);
-
-
- return ret;
-}
-
test_code_t test_heartbeat_extension(gnutls_session_t session)
{
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
sprintf(prio_str,
INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:"
ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);