{"anonymous Diffie-Hellman group info", test_dhe_group, NULL, "N/A",
"N/A"},
#endif
+ {"for RSA key exchange support", test_rsa, "yes",
+ "no",
+ "dunno"},
{"for ephemeral Diffie-Hellman support", test_dhe, "yes", "no",
"dunno"},
{"for RFC7919 Diffie-Hellman support", test_rfc7919, "yes", "no",
return ret;
}
+test_code_t test_rsa(gnutls_session_t session)
+{
+ int ret;
+
+ if (tls_ext_ok == 0)
+ return TEST_IGNORE;
+
+ sprintf(prio_str, INIT_STR
+ ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
+ ":+RSA:%s", protocol_all_str,
+ rest);
+ _gnutls_priority_set_direct(session, prio_str);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = test_do_handshake(session);
+
+ if (ret < 0)
+ return TEST_FAILED;
+
+ return ret;
+}
+
static
test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsigned id)
{
int _test_srp_username_callback(gnutls_session_t session,
char **username, char **password);
+test_code_t test_rsa(gnutls_session_t session);
test_code_t test_ecdhe_x25519(gnutls_session_t session);
test_code_t test_ecdhe_secp521r1(gnutls_session_t session);
test_code_t test_ecdhe_secp384r1(gnutls_session_t session);
check_text "for encrypt-then-MAC (RFC7366) support... yes"
check_text "for ext master secret (RFC7627) support... yes"
check_text "for RFC7919 Diffie-Hellman support... yes"
+check_text "for RSA key exchange support... yes"
check_text "for curve SECP256r1 (RFC4492)... yes"
check_text "for AES-GCM cipher (RFC5288) support... yes"
check_text "for SHA1 MAC support... yes"
check_text "for RFC7919 Diffie-Hellman support... yes"
check_text "for curve SECP256r1 (RFC4492)... yes"
check_text "for AES-GCM cipher (RFC5288) support... yes"
+check_text "for RSA key exchange support... yes"
check_text "for SHA1 MAC support... yes"
check_text "whether the server accepts default record size (512 bytes)... yes"
check_text "whether %ALLOW_SMALL_RECORDS is required... no"
# Small records test
echo ""
-echo "Checking output of gnutls-cli-debug for small records"
+echo "Checking output of gnutls-cli-debug for small records and no RSA"
eval "${GETPORT}"
-launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
+launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
--x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} --recordsize=64 >/dev/null 2>&1
PID=$!
wait_server ${PID}
check_text "whether the server accepts default record size (512 bytes)... no"
check_text "whether %ALLOW_SMALL_RECORDS is required... yes"
+check_text "for RSA key exchange support... no"
rm -f ${OUTFILE}
projects / thirdparty / gnutls.git / commitdiff
