gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

safe renegotiation self checks

From: Simon Josefsson
Subject: safe renegotiation self checks
Date: Mon, 07 Jun 2010 15:15:57 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) 
On the gnutls_2_10_x branch I have fixed so that we have the self-tests
for safe renegotiation described below.  Are there more cases that we
want to test?  Review welcome, it is easy to go code blind with this
complexity.  Code is available from:

http://git.savannah.gnu.org/cgit/gnutls.git/tree/tests/safe-renegotiation?h=gnutls_2_10_x

/Simon

Testing safe renegotiation is relatively complex, here is a summary of
what we test and what how we believe it should work.

        Client setting
                        Server setting
                                        Initial handshake outcome
                                                        Rehandshake outcome
srn0.c

 This tests that the safe renegotiation extension is negotiated
 properly by default on initial connections and on rehandshaked
 connections.  Consequently, it also verifies that rehandshaked
 connections work with the extension enabled.

        NORMAL
                        NORMAL
                                        OK
                                                        OK

srn1.c

 This tests that clients without support for safe renegotiation is
 able to handshake against servers with support, but not able to
 rehandshake (server will refuse rehandshake).

        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                        NORMAL
                                        OK
                                                        Server refuses

srn2.c

 This tests that clients with support for safe renegotiation is able
 to handshake against servers without support, but not able to
 rehandshake (client will refuse rehandshake).

        NORMAL
                        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                                        OK
                                                        Client refuses

srn3.c

 This tests that a %SAFE_RENEGOTIATION client will reject handshakes
 against servers that do not support the extension (server uses
 %DISABLE_SAFE_RENEGOTIATION).

        NORMAL:%SAFE_RENEGOTIATION
                        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                                        Client refuses
                                                        N/A

srn4.c

 This tests that a %SAFE_RENEGOTIATION server will reject handshakes
 against clients that do not support the extension.

        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                        NORMAL:%SAFE_RENEGOTIATION
                                        Server refuses
                                                        N/A

srn5.c

 This tests that a client with a permissive policy
 (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
 server with no support for the extension.

        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                        NORMAL:%UNSAFE_RENEGOTIATION
                                        OK
                                                        OK

srn6.c

 This tests that a server with a permissive policy
 (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
 client with no support for the extension.

        NORMAL:%UNSAFE_RENEGOTIATION
                        NORMAL:%DISABLE_SAFE_RENEGOTIATION
                                        OK
                                                        OK

srn7.c

 This tests that clients and servers in %SAFE_RENEGOTIATION mode are
 able to handshake and rehandshake.

        NORMAL:%SAFE_RENEGOTIATION
                        NORMAL:%SAFE_RENEGOTIATION
                                        OK
                                                        OK
reply via email to
[Prev in Thread] Current Thread [Next in Thread]