add additional tests of SSL 3.0 (with extensions, and with cipher suites not in SSL...

See #958

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/src/cli-debug.c b/src/cli-debug.c
index 06e47fd55efa5008e9be1baebe0e6a689a8e701a..ece03a2729bff431e9d75e99b8cdf4355a47697d 100644 (file)
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -85,15 +85,20 @@ static const TLS_TEST tls_tests[] = {
         test_send_record_with_allow_small_records, "yes", "no", "dunno"},
 #ifdef ENABLE_SSL3
        {"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"},
+       {"for SSL 3.0 with extensions", test_ssl3_with_extensions, "yes", "no", "dunno"},
+       {"for SSL 3.0 with cipher suites not in SSL 3.0 spec",
+        test_ssl3_unknown_ciphersuites, "yes", "no", "dunno"},
+#endif
        /* The following tests will disable TLS 1.x if the server is
         * buggy */
-#endif
        {"whether we need to disable TLS 1.2", test_tls_disable2, "no",
         "yes", "dunno"},
        {"whether we need to disable TLS 1.1", test_tls_disable1, "no",
         "yes", "dunno"},
        {"whether we need to disable TLS 1.0", test_tls_disable0, "no",
         "yes", "dunno"},
+       /* The following test will disable extensions if the server
+        * is buggy */
        {"whether %NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
         "dunno"},
        {"whether %COMPAT is required", test_record_padding, "no", "yes",

diff --git a/src/tests.c b/src/tests.c
index 1062b3c1684129f34a43115d4a66a8c9eaf95580..8cc06347c12874526efffbb041912eb3a8291ab7 100644 (file)
--- a/src/tests.c
+++ b/src/tests.c
@@ -624,6 +624,40 @@ test_code_t test_ssl3(gnutls_session_t session)
        return ret;
 }
 
+test_code_t test_ssl3_with_extensions(gnutls_session_t session)
+{
+       int ret;
+       sprintf(prio_str, INIT_STR
+               SSL3_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:"
+               SSL3_MACS ":" SSL3_KX ":%s", rest);
+       _gnutls_priority_set_direct(session, prio_str);
+
+       gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+       ret = test_do_handshake(session);
+       if (ret == TEST_SUCCEED)
+               ssl3_ok = 1;
+
+       return ret;
+}
+
+test_code_t test_ssl3_unknown_ciphersuites(gnutls_session_t session)
+{
+       int ret;
+       sprintf(prio_str, INIT_STR
+               ALL_CIPHERS ":" ALL_COMP ":+VERS-SSL3.0:%%NO_EXTENSIONS:"
+               ALL_MACS ":" ALL_KX ":%s", rest);
+       _gnutls_priority_set_direct(session, prio_str);
+
+       gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+       ret = test_do_handshake(session);
+       if (ret == TEST_SUCCEED)
+               ssl3_ok = 1;
+
+       return ret;
+}
+
 static int alrm = 0;
 static void got_alarm(int k)
 {

diff --git a/src/tests.h b/src/tests.h
index a8326019ca18a92b4c49f9b0071177dcd9490376..d9721a70e286cccbb78b228d4c992125c2f6d433 100644 (file)
--- a/src/tests.h
+++ b/src/tests.h
@@ -36,6 +36,8 @@ test_code_t test_dhe(gnutls_session_t state);
 test_code_t test_rfc7919(gnutls_session_t state);
 test_code_t test_dhe_group(gnutls_session_t state);
 test_code_t test_ssl3(gnutls_session_t state);
+test_code_t test_ssl3_with_extensions(gnutls_session_t state);
+test_code_t test_ssl3_unknown_ciphersuites(gnutls_session_t state);
 test_code_t test_aes(gnutls_session_t state);
 test_code_t test_camellia_cbc(gnutls_session_t state);
 test_code_t test_camellia_gcm(gnutls_session_t state);