]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4481a56)
tlsfuzzer: update to the latest upstream for downgrade protection tests
authorDaiki Ueno <dueno@redhat.com>
Tue, 19 Feb 2019 12:56:35 +0000 (13:56 +0100)
committerDaiki Ueno <dueno@redhat.com>
Fri, 22 Feb 2019 09:52:27 +0000 (10:52 +0100)
Signed-off-by: Daiki Ueno <dueno@redhat.com>
tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json patch | blob | blame | history
tests/suite/tls-fuzzer/gnutls-nocert-tls13.json patch | blob | blame | history
tests/suite/tls-fuzzer/gnutls-nocert.json patch | blob | blame | history
tests/suite/tls-fuzzer/tlsfuzzer patch | blob | blame | history

diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
index 9bf3fa20f176f3b5b5f132f5c9a87d84d7b0a15d..a2973922553f6110a00f21920f0b25c31ffe74a4 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-ssl3.json
@@ -18,7 +18,7 @@
          },
          {"name" : "test-export-ciphers-rejected.py",
           "comment" : "we negotiate AES even in SSL3.0",
-          "arguments" : ["--ssl3", "-p", "@PORT@"] },
+          "arguments" : ["-p", "@PORT@"] },
          {"name" : "test-client-compatibility.py",
           "arguments" : ["-p", "@PORT@", "18: IE 6 on XP",
                          "52: YandexBot 3.0 on unknown",
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
index c76413030611668fd425ad60e6f26b664e4f3293..47fcf878a403f4ec7deeb93cdafaf6862fb6b1dd 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json
@@ -33,7 +33,12 @@
                          "-e", "drop extension in TLS 1.3 session resumption",
                          "-e", "modified extension in 2nd CH in HRR handshake",
                          "-e", "renegotiation with changed limit",
-                         "-e", "renegotiation with dropped extension"] },
+                         "-e", "renegotiation with dropped extension",
+                         "-e", "added extension in 2nd CH in HRR handshake",
+                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.1 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.2 with max_fragment_length",
+                         "-e", "removed extension in 2nd CH in HRR handshake"] },
          {"name" : "test-record-size-limit.py",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "672",
                          "--minimal-size", "512",
@@ -108,7 +113,11 @@
         {"name" : "test-tls13-version-negotiation.py",
          "arguments": ["-p", "@PORT@"]},
         {"name" : "test-tls13-zero-length-data.py",
-         "arguments": ["-p", "@PORT@"]}
+         "arguments": ["-p", "@PORT@"]},
+        {"name" : "test-downgrade-protection.py",
+         "comment" : "1/n-1 splitting in TLS 1.0 is not supported",
+         "arguments": ["-p", "@PORT@", "--server-max-protocol", "TLSv1.3",
+                       "-e", "TLS 1.3 downgrade check for Protocol (3, 1)"]}
      ]
     }
 ]
diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json
index fe7a6fff17ab535dde920eed67213b6ed6a37f88..e25b6b3613269e72da4130c2e4bf489960ef6e83 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-nocert.json
+++ b/tests/suite/tls-fuzzer/gnutls-nocert.json
@@ -248,7 +248,11 @@
                          "-e", "too large record payload in TLS 1.3",
                          "-e", "change size in TLS 1.3 session resumption",
                          "-e", "drop extension in TLS 1.3 session resumption",
-                         "-e", "modified extension in 2nd CH in HRR handshake"] },
+                         "-e", "modified extension in 2nd CH in HRR handshake",
+                         "-e", "added extension in 2nd CH in HRR handshake",
+                         "-e", "check server sent size in TLS 1.0 with max_fragment_length",
+                         "-e", "check server sent size in TLS 1.3 with max_fragment_length",
+                         "-e", "removed extension in 2nd CH in HRR handshake"] },
          {"name" : "test-record-size-limit.py",
           "comment" : "The reply includes PRF algorithm and affects the AD size",
           "arguments" : ["-p", "@PORT@", "--reply-AD-size", "827",
diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer
index a520d50cf84aba0126d1e09b12fd0038af0944b0..13479e5a44bc10e3577fc28b921c5b999a363ce9 160000 (submodule)
--- a/tests/suite/tls-fuzzer/tlsfuzzer
+++ b/tests/suite/tls-fuzzer/tlsfuzzer
@@ -1 +1 @@
-Subproject commit a520d50cf84aba0126d1e09b12fd0038af0944b0
+Subproject commit 13479e5a44bc10e3577fc28b921c5b999a363ce9
Mirror of https://gitlab.com/gnutls/gnutls.git