[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-63-g1e425
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-63-g1e42526 |
Date: |
Mon, 07 Jun 2010 12:45:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1e42526790e54d883c59a60b12956780bf040dee
The branch, gnutls_2_10_x has been updated
via 1e42526790e54d883c59a60b12956780bf040dee (commit)
from 36693266659a6d3e16f01e2763c922d95298e033 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e42526790e54d883c59a60b12956780bf040dee
Author: Simon Josefsson <address@hidden>
Date: Mon Jun 7 14:45:38 2010 +0200
Rewrite srn2.c self-test.
-----------------------------------------------------------------------
Summary of changes:
tests/safe-renegotiation/README | 6 ++
tests/safe-renegotiation/srn2.c | 149 +++++----------------------------------
2 files changed, 23 insertions(+), 132 deletions(-)
diff --git a/tests/safe-renegotiation/README b/tests/safe-renegotiation/README
index 4132a98..c5e6413 100644
--- a/tests/safe-renegotiation/README
+++ b/tests/safe-renegotiation/README
@@ -14,6 +14,12 @@ srn1.c:
able to handshake against servers with support, but not able to
rehandshake (server will refuse rehandshake).
+srn2.c:
+
+ This tests that clients with support for safe renegotiation is able
+ to handshake against servers without support, but not able to
+ rehandshake (client will refuse rehandshake).
+
srn4.c:
This tests that clients without support for safe renegotiation is
diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c
index 726ca1b..05b83d0 100644
--- a/tests/safe-renegotiation/srn2.c
+++ b/tests/safe-renegotiation/srn2.c
@@ -20,9 +20,11 @@
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
-/* Code based on ../mini-x509-rehandshake.c.
+/* Code based on ./srn1.c.
*
- * Check that new APIs are behaving properly.
+ * This tests that clients with support for safe renegotiation is able
+ * to handshake against servers without support, but not able to
+ * rehandshake (client will refuse rehandshake).
*/
#ifdef HAVE_CONFIG_H
@@ -182,7 +184,8 @@ main (int argc, char *argv[])
GNUTLS_X509_FMT_PEM);
gnutls_init (&server, GNUTLS_SERVER);
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
- gnutls_priority_set_direct (server, "NORMAL", NULL);
+ gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
gnutls_transport_set_push_function (server, server_push);
gnutls_transport_set_pull_function (server, server_pull);
@@ -239,12 +242,11 @@ main (int argc, char *argv[])
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
exit_code = EXIT_FAILURE;
- /* Check that both sessions use the extension. */
- if (!gnutls_safe_renegotiation_status (server)
- || !gnutls_safe_renegotiation_status (client))
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
{
- puts ("Client or server not using safe renegotiation extension?");
- abort ();
+ tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n");
+ exit_code = EXIT_FAILURE;
}
sret = gnutls_rehandshake (server);
@@ -293,74 +295,9 @@ main (int argc, char *argv[])
tls_log_func (0, "\n");
}
}
- }
- while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
-
- if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
- exit_code = 1;
-
- /* Check that session still use the extension. */
- if (!gnutls_safe_renegotiation_status (server)
- || !gnutls_safe_renegotiation_status (client))
- {
- puts ("Client or server not using safe renegotiation extension?");
- abort ();
- }
-
- /* Check that this API does not affect anything after first
- handshake.
- gnutls_safe_negotiation_set_initial (server, 0); */
-
- sret = gnutls_rehandshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- cret = GNUTLS_E_AGAIN;
- sret = GNUTLS_E_AGAIN;
-
- do
- {
- static int max_iter = 0;
- if (max_iter++ > 10)
- abort ();
-
- if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
- if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ if (cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ break;
}
while (
/* Not done: */
@@ -368,67 +305,15 @@ main (int argc, char *argv[])
/* No error: */
&& (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
- if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ if (cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED && sret != GNUTLS_E_SUCCESS)
exit_code = 1;
- /* Check that disabling the extension will break rehandshakes.
- gnutls_safe_renegotiation_set (client, 0); */
-
- sret = gnutls_rehandshake (server);
- if (debug_level > 0)
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
{
- tls_log_func (0, "gnutls_rehandshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
-
- {
- ssize_t n;
- char b[1];
- n = gnutls_record_recv (client, b, 1);
- if (n != GNUTLS_E_REHANDSHAKE)
- abort ();
- }
-
- cret = GNUTLS_E_AGAIN;
- sret = GNUTLS_E_AGAIN;
-
- do
- {
- static int max_iter = 0;
- if (max_iter++ > 10)
- abort ();
-
- if (cret == GNUTLS_E_AGAIN)
- {
- cret = gnutls_handshake (client);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (client)...\n");
- tls_log_func (0, gnutls_strerror (cret));
- tls_log_func (0, "\n");
- }
- }
-
- if (sret == GNUTLS_E_AGAIN)
- {
- sret = gnutls_handshake (server);
- if (debug_level > 0)
- {
- tls_log_func (0, "second gnutls_handshake (server)...\n");
- tls_log_func (0, gnutls_strerror (sret));
- tls_log_func (0, "\n");
- }
- }
+ tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n");
+ exit_code = EXIT_FAILURE;
}
- while (
- /* Not done: */
- !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
- /* No error: */
- && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
-
- if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
- exit_code = 1;
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_bye (server, GNUTLS_SHUT_RDWR);
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-63-g1e42526,
Simon Josefsson <=