#include "tls13/ext-parse.h"
#include "utils.h"
-/* This program tests the Post Handshake Auth extension present
- * in the client hello, and whether it is missing from server
- * hello.
+/* This program tests whether the Post Handshake Auth extension is
+ * present in the client hello, and whether it is missing from server
+ * hello. In addition it contains basic functionality test for
+ * post handshake authentication.
*/
static void server_log_func(int level, const char *str)
int ret;
gnutls_certificate_credentials_t x509_cred;
gnutls_session_t session;
+ char buf[64];
global_init();
/* Initialize TLS session
*/
- gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH);
gnutls_handshake_set_timeout(session, 20 * 1000);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret != 0)
+ fail("handshake failed: %s\n", gnutls_strerror(ret));
+ success("client handshake completed\n");
+
+ do {
+ ret = gnutls_record_recv(session, buf, sizeof(buf));
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != GNUTLS_E_REAUTH_REQUEST) {
+ fail("recv: unexpected error: %s\n", gnutls_strerror(ret));
+ }
+
+ success("received reauth request\n");
+ do {
+ ret = gnutls_reauth(session, 0);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != 0)
+ fail("client: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);
&server_key,
GNUTLS_X509_FMT_PEM);
- gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH);
gnutls_handshake_set_timeout(session, 20 * 1000);
gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY,
do {
ret = gnutls_handshake(session);
- if (ret == GNUTLS_E_INTERRUPTED) { /* expected */
- break;
- }
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ if (ret != 0)
+ fail("handshake failed: %s\n", gnutls_strerror(ret));
if (client_hello_ok == 0) {
fail("server: did not verify the client hello\n");
if (server_hello_ok == 0) {
fail("server: did not verify the server hello contents\n");
}
+ success("server handshake completed\n");
+
+ gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
+ /* ask peer for re-authentication */
+ do {
+ ret = gnutls_reauth(session, 0);
+ } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret != 0)
+ fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret));
close(fd);
gnutls_deinit(session);
int ret;
pid_t child;
- /* re-enable when post-handshake authentication is available */
- exit(77);
-
signal(SIGCHLD, ch_handler);
ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
#include <gnutls/gnutls.h>
#include <gnutls/dtls.h>
#include <signal.h>
+#include <assert.h>
#include "cert-common.h"
#include "tls13/ext-parse.h"
#include "utils.h"
-/* This program tests the Post Handshake Auth extension present
- * in the client hello, and whether it is missing from server
- * hello.
+/* This program tests whether the Post Handshake Auth extension is missing
+ * from both hellos, when not enabled by client.
*/
static void server_log_func(int level, const char *str)
gnutls_certificate_allocate_credentials(&x509_cred);
+ assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert,
+ &cli_ca3_key,
+ GNUTLS_X509_FMT_PEM) >= 0);
+
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+ /* try if gnutls_reauth() would fail as expected */
+ ret = gnutls_reauth(session, 0);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);
fail("server: did not verify the server hello contents\n");
}
+ /* try if gnutls_reauth() would fail as expected */
+ ret = gnutls_reauth(session, 0);
+ if (ret != GNUTLS_E_INVALID_REQUEST)
+ fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret));
+
close(fd);
gnutls_deinit(session);
projects / thirdparty / gnutls.git / commitdiff
