unsigned have_ecc_sign_cert;
unsigned have_ed25519_sign_cert;
unsigned have_rsa_decrypt_cert;
+ unsigned have_gost12_256_cert;
+ unsigned have_gost12_512_cert;
unsigned not_on_fips;
unsigned exp_version;
const char *client_prio;
assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_sign_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0);
}
+ if (test->have_gost12_256_cert) {
+ assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, GNUTLS_X509_FMT_PEM) >= 0);
+ }
+
+ if (test->have_gost12_512_cert) {
+ assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, GNUTLS_X509_FMT_PEM) >= 0);
+ }
+
/* client does everything */
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anon_cred);
gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_cert_cred);
.have_srp_cred = 1,
.server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2",
.client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2"
- }
+ },
+
+#ifdef ENABLE_GOST
+ {
+ .name = "TLS 1.2 VKO-GOST-12 without cred",
+ .client_ret = GNUTLS_E_AGAIN,
+ .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+ {
+ .name = "TLS 1.2 VKO-GOST-12 with cred but no cert",
+ .client_ret = GNUTLS_E_AGAIN,
+ .server_ret = GNUTLS_E_NO_CIPHER_SUITES,
+ .have_cert_cred = 1,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+ {
+ .name = "TLS 1.2 VKO-GOST-12 with cred but no GOST cert",
+ .client_ret = GNUTLS_E_AGAIN,
+ .server_ret = GNUTLS_E_NO_CIPHER_SUITES,
+ .have_cert_cred = 1,
+ .have_rsa_sign_cert = 1,
+ .have_rsa_decrypt_cert = 1,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+ {
+ .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert",
+ .server_ret = 0,
+ .client_ret = 0,
+ .have_cert_cred = 1,
+ .have_gost12_256_cert = 1,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+ {
+ .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert",
+ .server_ret = 0,
+ .client_ret = 0,
+ .have_cert_cred = 1,
+ .have_gost12_512_cert = 1,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+ {
+ .name = "TLS 1.2 VKO-GOST-12 with cred and multiple certs",
+ .server_ret = 0,
+ .client_ret = 0,
+ .have_cert_cred = 1,
+ .have_ecc_sign_cert = 1,
+ .have_rsa_sign_cert = 1,
+ .have_rsa_decrypt_cert = 1,
+ .have_gost12_256_cert = 1,
+ .have_gost12_512_cert = 1,
+ .not_on_fips = 1,
+ .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2",
+ .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:-VERS-ALL:+VERS-TLS1.2"
+ },
+#endif
};
void doit(void)
projects / thirdparty / gnutls.git / commitdiff
