From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 13 Nov 2014 08:16:29 +0000 (+0100)
Subject: added check for servers that disallow the SSL 3.0 record version
X-Git-Tag: gnutls_3_4_0~640
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8679fc11fee10a41b12e465ffd415514c2e9286b;p=thirdparty%2Fgnutls.git

added check for servers that disallow the SSL 3.0 record version
---

diff --git a/src/cli-debug.c b/src/cli-debug.c
index 44b7c10028..d811870703 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -85,6 +85,7 @@ static const TLS_TEST tls_tests[] = {
 	{"whether \%COMPAT is required", test_record_padding, "no", "yes",
 	 "dunno"},
 	{"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
+	{"for TLS 1.0 (RFC2246) support with TLS 1.0 record version", test_tls1_nossl3, "yes", "no", "dunno"},
 	{"for TLS 1.1 (RFC4346) support", test_tls1_1, "yes", "no", "dunno"},
 	{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0",
 	 "failed",
diff --git a/src/tests.c b/src/tests.c
index 4b11c48c64..bc654a08f4 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -664,7 +664,7 @@ test_code_t test_tls1(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
-		":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+		":+VERS-TLS1.0:%%SSL3_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -677,6 +677,30 @@ test_code_t test_tls1(gnutls_session_t session)
 
 }
 
+test_code_t test_tls1_nossl3(gnutls_session_t session)
+{
+	int ret;
+
+	if (tls1_ok != 0)
+		return TEST_IGNORE;
+
+	sprintf(prio_str,
+		INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES
+		":+VERS-TLS1.0:%%LATEST_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
+	_gnutls_priority_set_direct(session, prio_str);
+
+	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+	ret = do_handshake(session);
+	if (ret == TEST_SUCCEED) {
+		strcat(rest, ":%LATEST_RECORD_VERSION");
+		tls1_ok = 1;
+	}
+
+	return ret;
+
+}
+
 test_code_t test_record_padding(gnutls_session_t session)
 {
 	int ret;
diff --git a/src/tests.h b/src/tests.h
index 34dd7d7c7c..63c60a54c6 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -38,6 +38,7 @@ test_code_t test_sha(gnutls_session_t state);
 test_code_t test_3des(gnutls_session_t state);
 test_code_t test_arcfour(gnutls_session_t state);
 test_code_t test_tls1(gnutls_session_t state);
+test_code_t test_tls1_nossl3(gnutls_session_t session);
 test_code_t test_safe_renegotiation(gnutls_session_t state);
 test_code_t test_ext_master_secret(gnutls_session_t state);
 test_code_t test_etm(gnutls_session_t state);