gnutls-cli-debug: ignore tests when algorithms are unavailable

When gnutls-cli-debug is run on systems where a particular algorithm
is disabled, ensure that we don't stop the testing; in that case
we ignore the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/src/tests.c b/src/tests.c
index 9b608119f56ad265f02cee6f41ab5bcbac388c5e..82474b0995989fc261b0340b265fd3bade1d1778 100644 (file)
--- a/src/tests.c
+++ b/src/tests.c
@@ -134,20 +134,31 @@ char prio_str[768] = "";
 #define INIT_STR "NONE:"
 char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST;
 
-#define _gnutls_priority_set_direct(s, str) __gnutls_priority_set_direct(s, str, __LINE__)
+#define _gnutls_priority_set_direct(s, str) { \
+               int _ret; \
+               if ((_ret=__gnutls_priority_set_direct(s, str, __LINE__)) != TEST_SUCCEED) { \
+                       return _ret; \
+               } \
+       }
 
-static inline void
+static inline int
 __gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line)
 {
        const char *err;
        int ret = gnutls_priority_set_direct(session, str, &err);
 
        if (ret < 0) {
+               /* this can happen when some cipher is disabled system-wide */
+               if (ret == GNUTLS_E_NO_PRIORITIES_WERE_SET)
+                       return TEST_IGNORE;
+
                fprintf(stderr, "Error at %d with string %s\n", line, str);
                fprintf(stderr, "Error at %s: %s\n", err,
                        gnutls_strerror(ret));
                exit(1);
        }
+
+       return TEST_SUCCEED;
 }
 
 test_code_t test_server(gnutls_session_t session)

diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh
index 51f77bb565c87c47d1857a4901133843a7aa88f0..0ab6069b8fe78fd49e28bd09d796a4b8dbc6322c 100755 (executable)
--- a/tests/gnutls-cli-debug.sh
+++ b/tests/gnutls-cli-debug.sh
@@ -24,6 +24,7 @@ srcdir="${srcdir:-.}"
 SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
 DCLI="${DCLI:-../src/gnutls-cli-debug${EXEEXT}}"
 OUTFILE=cli-debug.$$.tmp
+TMPFILE=config.$$.tmp
 unset RETCODE
 
 if ! test -x "${SERV}"; then
@@ -169,7 +170,36 @@ check_text "whether the server accepts default record size (512 bytes)... no"
 check_text "whether %ALLOW_SMALL_RECORDS is required... yes"
 check_text "for RSA key exchange support... no"
 
+echo ""
+echo "Checking output of gnutls-cli-debug when algorithms are disabled"
+eval "${GETPORT}"
+launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
+       --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1
+PID=$!
+wait_server ${PID}
+
+cat <<_EOF_ > ${TMPFILE}
+[overrides]
+
+tls-disabled-cipher = CAMELLIA-128-CBC
+tls-disabled-cipher = CAMELLIA-256-CBC
+_EOF_
+export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}"
+
+timeout 1800 datefudge "2017-08-9" \
+"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
+
+unset GNUTLS_SYSTEM_PRIORITY_FILE
+
+kill ${PID}
+wait
+
+check_text "for AES-GCM cipher (RFC5288) support... yes"
+check_text "for RSA key exchange support... yes"
+check_text "for SHA1 MAC support... yes"
+
 rm -f ${OUTFILE}
+rm -f ${TMPFILE}
 
 if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then
        # GOST_CNT test