[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_0-46-g8f9563b
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_0-46-g8f9563b |
Date: |
Fri, 15 Apr 2011 07:50:36 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8f9563bdf918ba7d9b6680248d0e9de66211b565
The branch, master has been updated
via 8f9563bdf918ba7d9b6680248d0e9de66211b565 (commit)
via f8615a0e215346adb53a529642beadfacb68dd75 (commit)
via 5ec2c7d456483f147727d7e6e710cb285371b10e (commit)
via cf5b7a4ada6f71b27956c2d5b1cf7c88a4e1ac79 (commit)
via b95274952c74d55074698ce7ca1066eae58ecffe (commit)
via cdf5754fffccdc59c405ff1103828a404c5ff190 (commit)
via df4c9ab17ad01888e9529fe3374c223ade6e8628 (commit)
from 4426c4935ce5e45e30ffa4c55a2595b9563799d2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8f9563bdf918ba7d9b6680248d0e9de66211b565
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 15 09:49:39 2011 +0200
Added missing headers.
commit f8615a0e215346adb53a529642beadfacb68dd75
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 15 09:47:09 2011 +0200
x509paths tests moved to suite/.
commit 5ec2c7d456483f147727d7e6e710cb285371b10e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 15 09:27:55 2011 +0200
Added interoperability tests with openssl.
commit cf5b7a4ada6f71b27956c2d5b1cf7c88a4e1ac79
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 15 09:27:10 2011 +0200
Corrected SSLv2 header parsing.
commit b95274952c74d55074698ce7ca1066eae58ecffe
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Apr 15 09:26:28 2011 +0200
corrected illegal DSA key.
commit cdf5754fffccdc59c405ff1103828a404c5ff190
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Apr 14 22:01:43 2011 +0200
Enabled the extra safe renegotiation tests.
commit df4c9ab17ad01888e9529fe3374c223ade6e8628
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Apr 14 21:37:56 2011 +0200
removed opaque PRF from m4.
-----------------------------------------------------------------------
Summary of changes:
doc/credentials/x509-server-dsa.pem | 45 ++---
doc/credentials/x509-server-key-dsa.pem | 28 +--
lib/gnutls_buffers.c | 2 +-
m4/hooks.m4 | 23 ---
tests/certs/cert-rsa-2432.pem | 22 +++
tests/certs/rsa-2432.pem | 32 ++++
tests/cve-2009-1416.c | 1 +
tests/pkcs12_s2k_pem.c | 1 +
tests/scripts/common.sh | 16 ++
tests/suite/Makefile.am | 5 +-
tests/{x509paths => suite}/chain | 26 ++-
tests/{userid/userid => suite/testcompat} | 19 +--
tests/suite/testcompat-main | 244 ++++++++++++++++++++++++++
tests/suite/testsrn | 41 ++---
tests/suite/x509paths/.gitignore | 1 +
tests/{ => suite}/x509paths/README | 5 +-
tests/{ => suite}/x509paths/certpath1.07.zip | Bin 318729 -> 318729 bytes
tests/{ => suite}/x509paths/x509tests.tgz | Bin 632408 -> 632408 bytes
18 files changed, 392 insertions(+), 119 deletions(-)
create mode 100644 tests/certs/cert-rsa-2432.pem
create mode 100644 tests/certs/rsa-2432.pem
rename tests/{x509paths => suite}/chain (77%)
copy tests/{userid/userid => suite/testcompat} (70%)
create mode 100755 tests/suite/testcompat-main
create mode 100644 tests/suite/x509paths/.gitignore
rename tests/{ => suite}/x509paths/README (88%)
rename tests/{ => suite}/x509paths/certpath1.07.zip (100%)
rename tests/{ => suite}/x509paths/x509tests.tgz (100%)
diff --git a/doc/credentials/x509-server-dsa.pem
b/doc/credentials/x509-server-dsa.pem
index 3eeefee..8301a01 100644
--- a/doc/credentials/x509-server-dsa.pem
+++ b/doc/credentials/x509-server-dsa.pem
@@ -1,29 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIE/TCCBGigAwIBAgIES/zFKTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251
-VExTIHRlc3QgQ0EwHhcNMTAwNTI2MDY1MjI1WhcNMTEwNTI2MDY1MjI1WjA3MRsw
-GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz
-Lm9yZzCCA0IwggI1BgcqhkjOOAQBMIICKAKCAQEA2WCq/yFVVSGBObDJyPSqhFBb
-0afpzBVCKFssgWYR/1++gEg4h0t2nq3KnIXGr+g/BnCotORdVLSQMIGmTlGlf1Ox
-BwGREF666muCJbcdjFYYWcIsPiP0zZaVQnpbtkLF0ZpVmPYHGGqd/OK3UZjElUrc
-kTf/irRrRTFcPDEh0SNYaTEfLtvL6EG3bcospSYMmCJs/X4MWFodpShAT4wVY+VD
-C5nhD9lEZxO0dCoI7pW0e4Is2hT8cc/MEkRedcL4FDhd5Pp95VPOb1Ihjr9A5GMQ
-Lp2GETVnbOMgbI24BJZGTMqBKWCo/hhheqggLJL/tMVyvHpPBPHbL3GwPtkY1wId
-APRKRttVoI7jrivXwJZcM64YnbxSln7PvdjyP+kCggEATb+OCfC9uIUQ+B6thS3A
-iit46KZVvpG+x4mWlK+ZFyIANq7wRHY22cKtlizmjh7tvhn6jPzjJo9nigEgqOtw
-B2ig6jlRclOcqCgxOGrubxUh7uxKCY77krNet+bMiXwJ6XNoEhcMSq3OrT5AROQU
-q6E/HCz4DLrItVp/1eo1nUshrhAzcLZmqL0Sb7WPd8BshkWKdq1jsLDBSHem9wfq
-Zz3UJAk0Xvslr6SWoAXohwUvxfgazQUS2XGpI7qRoA3/G008jhbzIr+CXNc3JFu1
-A1pgSsZ/hEnvlM/NeqJA2cuFWgR35lR9hmjh3qf6heL0zbpISA9OaoLI3LgZArJo
-8gOCAQUAAoIBACpigcfx8ylgXKNZFK4c8DAGeTYld4z510PA29fYbagZtogyASgy
-DlpMdlNdtZbPZUTjjP2QgqfX00Jfo+Y25cV9qxuMlJJPDQvC5mXJoIooH+yXERQ9
-MghetZWvaxO+lucVaDWjBR6bvfwI1UdEfGBlZVNgxmNOsIWtEk2ecYs8Mlr1b2D6
-WXI45Y7j6ZAXJDqdIhRX53qCJjjJTC/w5lcLxNjP2g0MWXqANEtAqnht5IcUGd3w
-+HlMxrQc0vJv+CXrwGH/O8TaNdCMTw2oS+/T34o+A1g7wCCbJy9sfjS7cHXJzi+h
-Oozprf9pQCVXlbheoXY9io19IfEv420nT2ejgZMwgZAwDAYDVR0TAQH/BAIwADAa
-BgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
-DwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUaMlZ8SavkapRIvMJUWfhbI3seMQw
-HwYDVR0jBBgwFoAU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GB
-AKG9nyfVLkJ5KPQ2nbD4Jn1EeOGNWESroYJCQZdB/s3yKdNuZFXByr5pY/9RTjVt
-dNyHm7nTqWtDPeeNLelD7R08b5aVDHSn0P1VDZxomtQrUSHvyk8/K+gC7ipj3OcJ
-To7cYX+WY0KCVp++O0nvkVz31tcRTDkd9EHm10Yj3q61
+MIIDUzCCArygAwIBAgIERhQf6zANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H
+bnVUTFMgdGVzdCBDQTAeFw0wNzA0MDQyMjAwMTJaFw0zNDA4MTkyMjAwMTVaMDIx
+CzAJBgNVBAYTAkdSMQ8wDQYDVQQKEwZHbnVUTFMxEjAQBgNVBAMTCWxvY2FsaG9z
+dDCCAbcwggErBgcqhkjOOAQBMIIBHgKBgQDJhmNZ9MScch9vtdbjtFWM42GuenpT
+pl7TxoxiD/qobcMuhMkTI3/veHJJFPoitfpTYqWV8WwW3XyD1pdbC6v3pELzHDeV
+Arz4MiVZ2b7DPiyc1YSBP2Z80lfGqrAlqMgD5smAvnIt+oW45YkbVuCwqu3RiN0O
+gzvzfM0lFbJopwIVAM/+ZKaWM40wdoYYoPDPcsCsWJbVAoGATfv+iN4EhLowKAYU
+FSrEpRH02IQW95Hk2ioOpegUOVH5DvKjKthObpgCB85KbrzEtuGVf/av3i84GEbB
+h3ihWudQuzOeYJeauyxKxeCipX60xSyNoS9v/awTx1k7APQti3gtrxpta1bxMSye
+/kfXlhVsjXt3ObAiBTqbFcI3LBYDgYUAAoGBAI4N8XVxTQPpa3o3bS2W8c92kLY6
+BhElo9F06s7GzubR16TMXdA8N7PxVlZYL4bqiwh2ofh0d9uQyxEqHj6vj5NeEXQG
+Ae+xzsPrtpQMP67qvsWA+4T7Ru8N+5s64dlCVgpSvrWL88rrRdfVSt6K/1l+eDie
+XCj2dBAigawjUxnOo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFBV5OH521F7bIeaGrKiIACmn
+ixxLMB8GA1UdIwQYMBaAFOk8HPutkm7mBqRWLKLhwFMnyPKVMA0GCSqGSIb3DQEB
+CwUAA4GBAGPAOdwFTc7hJmFIVtDkb3r8c0lNmexHB/RMKkv0uKu9+c2XwWjg4Hee
+eI7VEW9aLrnpp6NgdPChiOQ5C7eqKUH9NHxl3B3rqJijR90NNlbLhv/IBz4AZKhq
+XfHK221a/2pn1KNPac3HOTeM/AG25cathrZ0K5xiLKU0rFBWFW9H
-----END CERTIFICATE-----
diff --git a/doc/credentials/x509-server-key-dsa.pem
b/doc/credentials/x509-server-key-dsa.pem
index b103672..d0ee315 100644
--- a/doc/credentials/x509-server-key-dsa.pem
+++ b/doc/credentials/x509-server-key-dsa.pem
@@ -1,20 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
-MIIDTQIBAAKCAQEA2WCq/yFVVSGBObDJyPSqhFBb0afpzBVCKFssgWYR/1++gEg4
-h0t2nq3KnIXGr+g/BnCotORdVLSQMIGmTlGlf1OxBwGREF666muCJbcdjFYYWcIs
-PiP0zZaVQnpbtkLF0ZpVmPYHGGqd/OK3UZjElUrckTf/irRrRTFcPDEh0SNYaTEf
-LtvL6EG3bcospSYMmCJs/X4MWFodpShAT4wVY+VDC5nhD9lEZxO0dCoI7pW0e4Is
-2hT8cc/MEkRedcL4FDhd5Pp95VPOb1Ihjr9A5GMQLp2GETVnbOMgbI24BJZGTMqB
-KWCo/hhheqggLJL/tMVyvHpPBPHbL3GwPtkY1wIdAPRKRttVoI7jrivXwJZcM64Y
-nbxSln7PvdjyP+kCggEATb+OCfC9uIUQ+B6thS3Aiit46KZVvpG+x4mWlK+ZFyIA
-Nq7wRHY22cKtlizmjh7tvhn6jPzjJo9nigEgqOtwB2ig6jlRclOcqCgxOGrubxUh
-7uxKCY77krNet+bMiXwJ6XNoEhcMSq3OrT5AROQUq6E/HCz4DLrItVp/1eo1nUsh
-rhAzcLZmqL0Sb7WPd8BshkWKdq1jsLDBSHem9wfqZz3UJAk0Xvslr6SWoAXohwUv
-xfgazQUS2XGpI7qRoA3/G008jhbzIr+CXNc3JFu1A1pgSsZ/hEnvlM/NeqJA2cuF
-WgR35lR9hmjh3qf6heL0zbpISA9OaoLI3LgZArJo8gKCAQAqYoHH8fMpYFyjWRSu
-HPAwBnk2JXeM+ddDwNvX2G2oGbaIMgEoMg5aTHZTXbWWz2VE44z9kIKn19NCX6Pm
-NuXFfasbjJSSTw0LwuZlyaCKKB/slxEUPTIIXrWVr2sTvpbnFWg1owUem738CNVH
-RHxgZWVTYMZjTrCFrRJNnnGLPDJa9W9g+llyOOWO4+mQFyQ6nSIUV+d6giY4yUwv
-8OZXC8TYz9oNDFl6gDRLQKp4beSHFBnd8Ph5TMa0HNLyb/gl68Bh/zvE2jXQjE8N
-qEvv09+KPgNYO8AgmycvbH40u3B1yc4voTqM6a3/aUAlV5W4XqF2PYqNfSHxL+Nt
-J09nAhxknuZfej9TUxehS7vOjMSdoOEaky5AW5ZjuVBy
+MIIBvAIBAAKBgQDJhmNZ9MScch9vtdbjtFWM42GuenpTpl7TxoxiD/qobcMuhMkT
+I3/veHJJFPoitfpTYqWV8WwW3XyD1pdbC6v3pELzHDeVArz4MiVZ2b7DPiyc1YSB
+P2Z80lfGqrAlqMgD5smAvnIt+oW45YkbVuCwqu3RiN0OgzvzfM0lFbJopwIVAM/+
+ZKaWM40wdoYYoPDPcsCsWJbVAoGATfv+iN4EhLowKAYUFSrEpRH02IQW95Hk2ioO
+pegUOVH5DvKjKthObpgCB85KbrzEtuGVf/av3i84GEbBh3ihWudQuzOeYJeauyxK
+xeCipX60xSyNoS9v/awTx1k7APQti3gtrxpta1bxMSye/kfXlhVsjXt3ObAiBTqb
+FcI3LBYCgYEAjg3xdXFNA+lrejdtLZbxz3aQtjoGESWj0XTqzsbO5tHXpMxd0Dw3
+s/FWVlgvhuqLCHah+HR325DLESoePq+Pk14RdAYB77HOw+u2lAw/ruq+xYD7hPtG
+7w37mzrh2UJWClK+tYvzyutF19VK3or/WX54OJ5cKPZ0ECKBrCNTGc4CFQCG+CWx
+lxcvOH2TssueKdW2la/PUw==
-----END DSA PRIVATE KEY-----
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 595cf66..510c4e6 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -733,7 +733,6 @@ parse_handshake_header (gnutls_session_t session,
mbuffer_st* bufel, gnutls_hand
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
dataptr = _mbuffer_get_udata_ptr(bufel);
- data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
/* if reading a client hello of SSLv2 */
if (!IS_DTLS(session) && htype == GNUTLS_HANDSHAKE_CLIENT_HELLO &&
@@ -776,6 +775,7 @@ parse_handshake_header (gnutls_session_t session,
mbuffer_st* bufel, gnutls_hand
hsk->end_offset = hsk->length;
}
}
+ data_size = _mbuffer_get_udata_size(bufel) - handshake_header_size;
/* make the length offset */
if (hsk->end_offset > 0) hsk->end_offset--;
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 3c58f26..ce5837f 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -142,29 +142,6 @@ fi
AC_MSG_WARN([C99 macros not supported. This may affect compiling.])
])
- AC_MSG_CHECKING([whether to enable Opaque PRF input support])
- AC_ARG_ENABLE(opaque-prf-input,
- AS_HELP_STRING([--enable-opaque-prf-input=DD],
- [enable Opaque PRF input using DD as extension type]),
- ac_opaque_prf_input=$enableval, ac_opaque_prf_input=no)
- if test "$ac_opaque_prf_input" != "no"; then
- if ! echo $ac_opaque_prf_input | egrep -q '^[[0-9]]+$'; then
- ac_opaque_prf_input=no
- AC_MSG_WARN([[
- *** Could not parse Opaque PRF Input extension type.
- *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
- *** to use extension value 42 use --enable-opqaue-prf-input=42]])
- fi
- fi
- if test "$ac_opaque_prf_input" != "no"; then
- AC_MSG_RESULT([yes (extension value $ac_opaque_prf_input)])
- AC_DEFINE_UNQUOTED([ENABLE_OPRFI], $ac_opaque_prf_input,
- [enable Opaque PRF Input])
- else
- AC_MSG_RESULT(no)
- fi
- AM_CONDITIONAL(ENABLE_OPRFI, test "$ac_opaque_prf_input" != "no")
-
AC_MSG_CHECKING([whether to disable SRP authentication support])
AC_ARG_ENABLE(srp-authentication,
AS_HELP_STRING([--disable-srp-authentication],
diff --git a/tests/certs/cert-rsa-2432.pem b/tests/certs/cert-rsa-2432.pem
new file mode 100644
index 0000000..bbc2b63
--- /dev/null
+++ b/tests/certs/cert-rsa-2432.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAk+gAwIBAgIETadUITANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJC
+RTEPMA0GA1UEChMGR251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTEwNDE0
+MjAwODAyWhcNMzgwODI5MjAwODA0WjAyMQswCQYDVQQGEwJCRTEPMA0GA1UEChMG
+R251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IB
+PwAwggE6AoIBMQDdz5fSpR2V3YYY2MS5raYMtJ223PrcIeE6YjQH6DOy6JfuLEHS
+EvFf7eR2/2UmHgzHQRVpXw35rYkUjerXFlKaR8G7AALkiEVzeKSu2zjDxgfSZA6H
+7XSMa8TAAlB8TqbRWOnlEwmp21rq6w8GgFwJ75TI6fs3LnXhrJOtmzcTS2Y6djPY
+xNdM+2HIkiEH/N+piFTko6lH0my44zmJEYg4LaLcPl5KqaSO1R+y0N1BPNoQaJ5H
+G2UCosUocwKDAwn99Sl+l9wqTkuqeUZGcIYbm7j2ir4ph31f2qWXa+/IQwlD4h+K
+Fn4dUF312gLu8sMqSOZrMOoC1++siwy4wYXYv3yFqB6DvlwmLnl7R/VKP2Zikv1B
+ILYsAPBSyiYGLXzPelB9D8vdlyDIb+TgUPTjAgMBAAGjVTBTMAwGA1UdEwEB/wQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E
+FgQUklPWcbn4aKqzU/aN9TlFZpyn5TEwDQYJKoZIhvcNAQELBQADggExAJi/SInB
+5uYVE8z8uu2gieWGRTBzaLJ5H4gCgPstybghVY3Ft1Ybz8N27tDw2SI6Y5LFBIZw
+HkIzKjvEFAjFQpJzfD45wO40xzMWX5Ouzx+aMAlR/i2UnCitKn7kFIFFaw3XESH8
+2ycXdLTMlBpunntYqeAGjdpfYOG4byhotli+xaw2Rzf2qDh0I4HzIr5h/wgIh+vC
+jykldV1M69UJKKt7mflpCKLGAtIuzfrxGc4/RGqhS6hW1RGuRONoBVBXjXIPxyHb
+j6NQeF1aOcuQPVJDM7/qiQcaksyFJ6g9NLhbUu7vILm2/+rFkNNHxVGQ4uY+Urke
+eRi+/eIkvkcyWrADa6rbw9v2YEQItiwZR6LwQ3/wB5dXq+yguGpJzgjmw03ypOm4
+Q+fwhNcachRdgho=
+-----END CERTIFICATE-----
diff --git a/tests/certs/rsa-2432.pem b/tests/certs/rsa-2432.pem
new file mode 100644
index 0000000..c3e3c44
--- /dev/null
+++ b/tests/certs/rsa-2432.pem
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIFfAIBAAKCATEA3c+X0qUdld2GGNjEua2mDLSdttz63CHhOmI0B+gzsuiX7ixB
+0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC5IhFc3ikrts4w8YH0mQO
+h+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7Ny514ayTrZs3E0tmOnYz
+2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5eSqmkjtUfstDdQTzaEGie
+RxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+KYd9X9qll2vvyEMJQ+If
+ihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hageg75cJi55e0f1Sj9mYpL9
+QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQABAoIBMQDKrMQSUpMs/ARq
+sa9X5iai12qAy3xhJofxXAgk7XRH1qX0l/XwqSRqvimS3hyjbrPIYVzaMmPHr1xh
+LqfVruz9UfHgF8uM3ENxllwL9f3xTQKaqJhqdXuYT2Sw+axnWUquYWseyH18+hUi
+MHRDQYhX/9VYnAvSyR4nfhRWfkwd0jhv1M/dE0eTbONVbMjHzrTj6NGBNVYZa6U6
+NopQnn78Sku061751RCC7lwmwEwAgpu2+n5SQzoXN79cPy4NdHbEfW8JEPyOXTNB
++yUVwI4glPbT+9GG2LwIL/eGT71DQOW6O7De6+URU7thc4VQSpt0CBG3XDvtp1bo
+AQ+MHncOAGtz5ueJwC10HjflosRLc1U2DBWQmAGCiG9smu8eYsFKfFwhxoW1VBdD
+jP1GU4xZAoGZAN68jwJoaZ+GbRcAgkyHDA6u2nCjPZ5qTZAp4PWWkCcXlSG0rhjS
+8ZW+p55dw6W5hm0k5Ozg+kYKgSRH5THTPzHy3ijmKXoyvEjz+A8arf4StedPAg2Z
+OLw3cx0ZDGM86WDvhBrPxw0WtgpaJiogZ6vtSeOB64kLkdi9agDjuTucB/1kBgfx
+6i17wkjfCkWIvvdebDpkMQqfAoGZAP7vpWHvz34u/c2HrviigWhNrA2oWnLmwhem
+TSd8vLGPM4VmI189NIeP2x3SpLF+uPoLIhUWJSHxzl9yIZkZb2ci+jj5paiGad6P
+wEruhJL7pngMgxrU69G2qG4BRc1F0UNKqqqql9428GjcpSczw2nklSxeifkpLAfc
+kTDOxUSBx5k3oLEVEkov/FDmF0+afUOd/Rz1pHM9AoGYSPHpx/kX9lWY7nqNMbDc
+owZipZbgfDwGMNt2QBfSF+tiPMqmZZzX35mz3WqJw4GR47a8flNjw4J3LsGY7wtm
+293VIgHWvZ1WCnJT3+Z16wqHpjw6yOdQLFvgiDwG0Y1GRSfL1NgNMV0puxQxAYTh
+Tu4ET8zhrV0ro5bM24O4yyvbdgHG890nO0QXqbPZ8lHJcMvsl+buJLMCgZhcxIfB
+46n1mNPyfnVFNJ0yf1EkhyaiuSXXxUQ+Ij3nvtxYppoohfUff1GUwJn9nMdi9bop
+Qi2w9HTMdpOTSpYnSasUIIQPlxnfSyAGJFVJxxkEhkkO8nv9jCIuJXhpAgbsHbeM
+8xbgXc2N2vyeD1AEsJE33A8JA9pp4fFTeWp/S1p+fqeSyMAnDt8Z8SB6bxU2Db+V
+Ui3NYQKBmQDcQLZxlmIVCSoi7bgYao0MzTZQRGxh2Sb8IP0JG/8JeXSvWBos2fA9
+gGnjYxuadFpkLlNE+mj8Y9YcHsnPsHblVc/ebKH9rB3jHWg8+SDvEDsaB3KLJp4g
+ElDlARbld3I1ACNmpY7RTIAqSintWG2fg8w3lvCbm96xyisGLG9KL1z9pJdAO/LG
+EYRdbwn1bSCWDbwiqYkWFg==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c
index b9a66e5..faa5d1d 100644
--- a/tests/cve-2009-1416.c
+++ b/tests/cve-2009-1416.c
@@ -40,6 +40,7 @@
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
+#include <string.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c
index a09faae..8b5992c 100644
--- a/tests/pkcs12_s2k_pem.c
+++ b/tests/pkcs12_s2k_pem.c
@@ -33,6 +33,7 @@
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
+#include <string.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
index f7b75e6..18c321f 100644
--- a/tests/scripts/common.sh
+++ b/tests/scripts/common.sh
@@ -20,6 +20,7 @@
fail() {
echo "Failure: $1" >&2
+ kill $PID
exit 1
}
@@ -38,6 +39,21 @@ launch_server() {
fi
}
+launch_bare_server() {
+ PARENT=$1;
+ shift;
+ $SERV $* >/dev/null 2>&1 &
+ LOCALPID="$!";
+ trap "[ ! -z \"${LOCALPID}\" ] && kill ${LOCALPID};" 15
+ wait "${LOCALPID}"
+ LOCALRET="$?"
+ if [ "${LOCALRET}" != "0" -a "${LOCALRET}" != "143" ] ; then
+ # Houston, we'v got a problem...
+ echo "Failed to launch server !"
+ kill -10 ${PARENT}
+ fi
+}
+
wait_server() {
trap "kill $1" 1 15 2
sleep 2
diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 5a85761..17a587e 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -72,6 +72,7 @@ nodist_eagain_cli_SOURCES = mini-eagain2.c
noinst_PROGRAMS = eagain-cli
-nodist_check_SCRIPTS = eagain #testsrn
+nodist_check_SCRIPTS = eagain testsrn testcompat chain
+
+TESTS = eagain testsrn testcompat chain
-TESTS = eagain #testsrn
diff --git a/tests/x509paths/chain b/tests/suite/chain
similarity index 77%
rename from tests/x509paths/chain
rename to tests/suite/chain
index f581fec..ca3468d 100755
--- a/tests/x509paths/chain
+++ b/tests/suite/chain
@@ -21,29 +21,38 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-CERTTOOL=../../src/certtool
+CERTTOOL=../../../src/certtool
SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 "
FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60
61 "
+KNOWN_BUGS=" 15 16 17 18 19 28 29 31 32 54 55 58 59 60 61 "
+
+cd x509paths
test -d X509tests || tar xfz x509tests.tgz
+mkdir -p chains
+RET=0
i=1
while test -d X509tests/test$i; do
- find X509tests/test$i -name *.crl -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --crl-info --inder --infile > chain$i.pem 2>/dev/null
- find X509tests/test$i -name E*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chain$i.pem 2>/dev/null
+ find X509tests/test$i -name *.crl -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --crl-info --inder --infile > chains/chain$i.pem 2>/dev/null
+ find X509tests/test$i -name E*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
if test "$i" -gt 1; then
- find X509tests/test$i -name I*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chain$i.pem 2>/dev/null
+ find X509tests/test$i -name I*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
fi
- find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chain$i.pem 2>/dev/null
- $CERTTOOL -e --infile chain$i.pem > out 2>&1
+ find X509tests/test$i -name T*.crt -print0 |sort -r -z|xargs -n1 --null
$CERTTOOL --certificate-info --inder --infile >> chains/chain$i.pem 2>/dev/null
+ $CERTTOOL -e --infile chains/chain$i.pem > out 2>&1
rc=$?
if test $rc != 0; then
echo "Chain $i FATAL failure."
+ RET=1
else
- if echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then
+ if echo "$KNOWN_BUGS" | grep " $i " > /dev/null 2>&1; then
+ echo "Chain $i verification was skipped due to known bug."
+ elif echo "$SUCCESS" | grep " $i " > /dev/null 2>&1; then
if grep 'Chain verification output:' out | grep -v 'Chain
verification output: Verified\.$' > /dev/null 2>&1; then
echo "Chain $i verification failure UNEXPECTED."
+ RET=1
else
echo "Chain $i verification success as expected."
fi
@@ -52,6 +61,7 @@ while test -d X509tests/test$i; do
echo "Chain $i verification failure as expected."
else
echo "Chain $i verification success UNEXPECTED. "
+ RET=1
fi
else
echo "Chain $i unclassified."
@@ -60,3 +70,5 @@ while test -d X509tests/test$i; do
i=`expr $i + 1`
done
rm -f out
+
+exit $RET
diff --git a/tests/userid/userid b/tests/suite/testcompat
similarity index 70%
copy from tests/userid/userid
copy to tests/suite/testcompat
index 06e4153..5f63216 100755
--- a/tests/userid/userid
+++ b/tests/suite/testcompat
@@ -1,8 +1,8 @@
#!/bin/sh
-# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2010 Free Software Foundation, Inc.
#
-# Author: Simon Josefsson
+# Author: Nikos Mavrogiannopoulos
#
# This file is part of GnuTLS.
#
@@ -20,17 +20,8 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-srcdir=${srcdir:-.}
-CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
-
-$CERTTOOL --certificate-info --infile $srcdir/userid.pem >out 2>&1
-RET=$?
-if [ $RET != 0 ];then
- echo "Error in userid:"
- cat out
- exit 1
+if ! test -x /usr/bin/openssl;then
+ exit 77
fi
-rm -f out
-
-exit 0
+datefudge "2007-04-22" ./testcompat-main
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main
new file mode 100755
index 0000000..18ec3b1
--- /dev/null
+++ b/tests/suite/testcompat-main
@@ -0,0 +1,244 @@
+#!/bin/sh
+
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+PORT="${PORT:-5558}"
+unset RETCODE
+
+if test "${WINDIR}" != "";then
+ exit 77
+fi
+
+. ../scripts/common.sh
+
+echo "Compatibility checks using "`openssl version`
+
+DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem
+DSA_KEY=$srcdir/../dsa/dsa.1024.pem
+
+RSA_CERT=$srcdir/../certs/cert-rsa-2432.pem
+RSA_KEY=$srcdir/../certs/rsa-2432.pem
+
+CA_CERT=$srcdir/../../doc/credentials/x509-ca.pem
+CLI_CERT=$srcdir/../../doc/credentials/x509-client.pem
+CLI_KEY=$srcdir/../../doc/credentials/x509-client-key.pem
+
+SERV_CERT=$srcdir/../../doc/credentials/x509-server.pem
+SERV_KEY=$srcdir/../../doc/credentials/x509-server-key.pem
+SERV_DSA_CERT=$srcdir/../../doc/credentials/x509-server-dsa.pem
+SERV_DSA_KEY=$srcdir/../../doc/credentials/x509-server-key-dsa.pem
+
+echo "#####################"
+echo "# Client mode tests #"
+echo "#####################"
+
+SERV=openssl
+
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey
$DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test SSL 3.0 with RSA ciphersuite
+echo "Checking SSL 3.0 with RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --insecure
--x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail "Failed"
+
+# Test SSL 3.0 with DHE-RSA ciphersuite
+echo "Checking SSL 3.0 with DHE-RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+# Test SSL 3.0 with DHE-DSS ciphersuite
+echo "Checking SSL 3.0 with DHE-DSS..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey
$DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with RSA ciphersuite
+echo "Checking TLS 1.0 with RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --insecure
--x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null >/dev/null || \
+ fail "Failed"
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "Checking TLS 1.0 with DHE-RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+# Test TLS 1.0 with DHE-DSS ciphersuite
+echo "Checking TLS 1.0 with DHE-DSS..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem
-dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT
-dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with RSA ciphersuite
+echo "Checking DTLS 1.0 with RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem
-dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT
-dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with DHE-RSA ciphersuite
+echo "Checking DTLS 1.0 with DHE-RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA" --udp
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem
-dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT
-dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
+PID=$!
+wait_server $PID
+
+# Test DTLS 1.0 with DHE-DSS ciphersuite
+echo "Checking DTLS 1.0 with DHE-DSS..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Client mode tests were successfully completed"
+echo ""
+echo "#####################"
+echo "# Server mode tests #"
+echo "#####################"
+SERV="../../src/gnutls-serv$EXEEXT -q"
+CLI="openssl"
+PORT="5559"
+
+# Note that openssl s_client does not return error code on failure
+
+echo "Check SSL 3.0 with RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA"
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check SSL 3.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA"
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check SSL 3.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS"
--x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh
& PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+#TLS 1.0
+
+echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA"
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA"
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS"
--x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh
& PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+
+# DTLS
+echo "Check DTLS 1.0 with RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key
$CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check DTLS 1.0 with DHE-RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-RSA" --udp
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key
$CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+echo "Check DTLS 1.0 with DHE-DSS ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp
--x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh
& PID=$!
+wait_server $PID
+
+$CLI s_client -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key
$CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
+
+
+
+exit 0
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 8df797c..68993b5 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -26,18 +26,17 @@ CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
PORT="${PORT:-5558}"
unset RETCODE
-fail() {
- echo "Failure: $1" >&2
- RETCODE=${RETCODE:-${2:-1}}
-}
+if test "${WINDIR}" != "";then
+ exit 77
+fi
-echo "Checking Safe renegotiation"
+. ../scripts/common.sh
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
-pid=$!
+echo "Checking Safe renegotiation"
-# give the server a chance to initialize
-sleep 2
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
+PID=$!
+wait_server $PID
$CLI -p $PORT 127.0.0.1 --rehandshake --priority
NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-SSL3.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 || \
fail "0. Renegotiation should have succeeded!"
@@ -55,14 +54,12 @@ $CLI -p $PORT 127.0.0.1 --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_R
fail "4. Unsafe renegotiation should have failed!"
-kill $pid
+kill $PID
wait
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
-pid=$!
-
-# give the server a chance to initialize
-sleep 2
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
+PID=$!
+wait_server $PID
$CLI -p $PORT 127.0.0.1 --rehandshake --priority
NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
fail "5. Safe rehandshake should have succeeded!"
@@ -76,14 +73,12 @@ $CLI -p $PORT 127.0.0.1 --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT 127.0.0.1 --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
fail "8. Unsafe renegotiation should have failed!"
-kill $pid
+kill $PID
wait
-$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
-pid=$!
-
-# give the server a chance to initialize
-sleep 2
+launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
--dhparams $srcdir/params.dh >/dev/null 2>&1 &
+PID=$!
+wait_server $PID
$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 && \
fail "9. Initial connection should have failed!"
@@ -97,7 +92,7 @@ $CLI -p $PORT 127.0.0.1 --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION <
$CLI -p $PORT 127.0.0.1 --rehandshake --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
fail "12. Unsafe renegotiation should have succeeded!"
-kill $pid
+kill $PID
wait
-exit ${RETCODE:-0}
+exit 0
diff --git a/tests/suite/x509paths/.gitignore b/tests/suite/x509paths/.gitignore
new file mode 100644
index 0000000..06baabd
--- /dev/null
+++ b/tests/suite/x509paths/.gitignore
@@ -0,0 +1 @@
+chains
diff --git a/tests/x509paths/README b/tests/suite/x509paths/README
similarity index 88%
rename from tests/x509paths/README
rename to tests/suite/x509paths/README
index 85532f6..46450a0 100644
--- a/tests/x509paths/README
+++ b/tests/suite/x509paths/README
@@ -13,9 +13,6 @@ currently.
See the PDF for information regarding the self tests. Particular
comments on individual tests below. The 'XXX' marks real bugs.
-Chain 13-14,65: We probably should not fail fatally, although this is
-not a real problem.
-
Chain 15-18: We should succeed, the reason we don't is that we use
memcmp for DN comparisons.
@@ -31,4 +28,4 @@ Chain 31-32: The CRL is issued by a issuer without CRLSign
real problem. This is easier to be supported now with the trust_list
that can verify CRLs on addition.
-Chain 54-63: We don't check path length constraints properly. XXX
+Chain 54-55,58-61: We don't check path length constraints properly. XXX
diff --git a/tests/x509paths/certpath1.07.zip
b/tests/suite/x509paths/certpath1.07.zip
similarity index 100%
rename from tests/x509paths/certpath1.07.zip
rename to tests/suite/x509paths/certpath1.07.zip
diff --git a/tests/x509paths/x509tests.tgz b/tests/suite/x509paths/x509tests.tgz
similarity index 100%
rename from tests/x509paths/x509tests.tgz
rename to tests/suite/x509paths/x509tests.tgz
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_0-46-g8f9563b,
Nikos Mavrogiannopoulos <=