[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-211-ga256451
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-211-ga256451 |
|
Date: |
Sat, 11 Feb 2012 10:15:00 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a2564518939e7982926302da42b8e9973fa6f2d3
The branch, master has been updated
via a2564518939e7982926302da42b8e9973fa6f2d3 (commit)
from 3ab363c4b1093513189d1563796a3a088e7f1cd0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a2564518939e7982926302da42b8e9973fa6f2d3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Feb 11 11:07:25 2012 +0100
Added more tests to check whether various TLS versions need to be disabled.
-----------------------------------------------------------------------
Summary of changes:
src/tests.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
src/tests.h | 4 ++-
src/tls_test.c | 9 +++++-
3 files changed, 90 insertions(+), 5 deletions(-)
diff --git a/src/tests.c b/src/tests.c
index 0a327fe..a3c5383 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -103,7 +103,7 @@ do_handshake (gnutls_session_t session)
return TEST_SUCCEED;
}
-char protocol_str[] = "+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
char protocol_all_str[] =
"+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
char prio_str[512] = "";
@@ -782,7 +782,7 @@ test_tls1_1_fallback (gnutls_session_t session)
* but the previous SSL 3.0 test succeeded then disable TLS 1.0.
*/
test_code_t
-test_tls_disable (gnutls_session_t session)
+test_tls_disable0 (gnutls_session_t session)
{
int ret;
if (tls1_ok != 0)
@@ -809,6 +809,84 @@ test_tls_disable (gnutls_session_t session)
}
test_code_t
+test_tls_disable1 (gnutls_session_t session)
+{
+ int ret;
+
+ if (tls1_1_ok != 0)
+ return TEST_IGNORE;
+
+ sprintf (prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+ if (ret == TEST_FAILED)
+ {
+ protocol_str[0] = 0;
+ /* disable TLS 1.1 */
+ if (tls1_ok != 0)
+ {
+ strcat (protocol_str, "+VERS-TLS1.0");
+ }
+ if (ssl3_ok != 0)
+ {
+ if (protocol_str[0] != 0)
+ strcat (protocol_str, ":+VERS-SSL3.0");
+ else
+ strcat (protocol_str, "+VERS-SSL3.0");
+ }
+ }
+ return ret;
+}
+
+test_code_t
+test_tls_disable2 (gnutls_session_t session)
+{
+ int ret;
+
+ if (tls1_2_ok != 0)
+ return TEST_IGNORE;
+
+ sprintf (prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS
+ ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+ if (ret == TEST_FAILED)
+ {
+ /* disable TLS 1.2 */
+ protocol_str[0] = 0;
+ if (tls1_1_ok != 0)
+ {
+ strcat (protocol_str, "+VERS-TLS1.1");
+ }
+ if (tls1_ok != 0)
+ {
+ if (protocol_str[0] != 0)
+ strcat (protocol_str, ":+VERS-TLS1.0");
+ else
+ strcat (protocol_str, "+VERS-TLS1.0");
+ }
+ if (ssl3_ok != 0)
+ {
+ if (protocol_str[0] != 0)
+ strcat (protocol_str, ":+VERS-SSL3.0");
+ else
+ strcat (protocol_str, "+VERS-SSL3.0");
+ }
+ }
+ return ret;
+}
+
+
+test_code_t
test_rsa_pms (gnutls_session_t session)
{
int ret;
diff --git a/src/tests.h b/src/tests.h
index 60703e8..53dda0c 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -45,7 +45,9 @@ test_code_t test_safe_renegotiation_scsv (gnutls_session_t
state);
test_code_t test_tls1_1 (gnutls_session_t state);
test_code_t test_tls1_2 (gnutls_session_t state);
test_code_t test_tls1_1_fallback (gnutls_session_t state);
-test_code_t test_tls_disable (gnutls_session_t state);
+test_code_t test_tls_disable0 (gnutls_session_t state);
+test_code_t test_tls_disable1 (gnutls_session_t state);
+test_code_t test_tls_disable2 (gnutls_session_t state);
test_code_t test_rsa_pms (gnutls_session_t state);
test_code_t test_max_record_size (gnutls_session_t state);
test_code_t test_version_rollback (gnutls_session_t state);
diff --git a/src/tls_test.c b/src/tls_test.c
index 2ba714d..46a1718 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -91,9 +91,13 @@ static const TLS_TEST tls_tests[] = {
{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
"SSL 3.0"},
{"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
- /* this test will disable TLS 1.0 if the server is
+ /* The following tests will disable TLS 1.x if the server is
* buggy */
- {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
+ {"whether we need to disable TLS 1.2", test_tls_disable2, "no", "yes",
+ "dunno"},
+ {"whether we need to disable TLS 1.1", test_tls_disable1, "no", "yes",
+ "dunno"},
+ {"whether we need to disable TLS 1.0", test_tls_disable0, "no", "yes",
"dunno"},
{"for Safe renegotiation support", test_safe_renegotiation, "yes", "no",
"dunno"},
@@ -277,6 +281,7 @@ main (int argc, char **argv)
do
{
printf ("Checking %s...", tls_tests[i].test_name);
+ fflush(stdout);
ret = tls_tests[i].func (state);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-211-ga256451,
Nikos Mavrogiannopoulos <=