[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-44-g7121c0e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-44-g7121c0e |
|
Date: |
Sat, 01 Sep 2012 10:43:18 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=7121c0e832886fa72c70e02e99d0dc75b23937e3
The branch, master has been updated
via 7121c0e832886fa72c70e02e99d0dc75b23937e3 (commit)
via 23d01d5c3853ccc0e609594e907f9e02cae05856 (commit)
via c38d782fa7187d9e2431985ea50e4cdf6f0ede57 (commit)
from 5c367d5f8a8cfe8deecca0360040e78d7249d0d1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7121c0e832886fa72c70e02e99d0dc75b23937e3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 1 12:39:13 2012 +0200
Added heartbeat functions
commit 23d01d5c3853ccc0e609594e907f9e02cae05856
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 1 11:27:51 2012 +0200
Added suite for ECDSA under various curves
commit c38d782fa7187d9e2431985ea50e4cdf6f0ede57
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 1 10:34:08 2012 +0200
documented fix
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
doc/Makefile.am | 10 ++++++
doc/cha-intro-tls.texi | 14 +++-----
doc/invoke-gnutls-cli.texi | 3 +-
doc/invoke-gnutls-serv.texi | 9 +++++-
doc/manpages/Makefile.am | 6 +++-
tests/certs/cert-ecc256.pem | 18 ++++++++++
tests/certs/cert-ecc384.pem | 19 +++++++++++
tests/certs/cert-ecc521.pem | 19 +++++++++++
tests/certs/ecc256.pem | 37 ++++++++++++++++++++++
tests/certs/ecc384.pem | 41 ++++++++++++++++++++++++
tests/certs/ecc521.pem | 45 ++++++++++++++++++++++++++
tests/suite/testcompat-main | 73 ++++++++++++++++++++++++++++++++++++++-----
13 files changed, 277 insertions(+), 19 deletions(-)
create mode 100644 tests/certs/cert-ecc256.pem
create mode 100644 tests/certs/cert-ecc384.pem
create mode 100644 tests/certs/cert-ecc521.pem
create mode 100644 tests/certs/ecc256.pem
create mode 100644 tests/certs/ecc384.pem
create mode 100644 tests/certs/ecc521.pem
diff --git a/NEWS b/NEWS
index e36b2a0..9e32087 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ See the end for copying conditions.
* Version 3.1.1 (unreleased)
+** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.
+
** certtool: Changes in password handling of certtool.
Ask password when required and only if the '--password' option is not
given. If the '--password' option is given during key generation then
diff --git a/doc/Makefile.am b/doc/Makefile.am
index d224c5a..c279057 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -882,6 +882,10 @@ FUNCS += functions/gnutls_handshake_get_last_out
FUNCS += functions/gnutls_handshake_get_last_out.short
FUNCS += functions/gnutls_handshake_get_last_in
FUNCS += functions/gnutls_handshake_get_last_in.short
+FUNCS += functions/gnutls_heartbeat_ping
+FUNCS += functions/gnutls_heartbeat_ping.short
+FUNCS += functions/gnutls_heartbeat_ping_rnd
+FUNCS += functions/gnutls_heartbeat_ping_rnd.short
FUNCS += functions/gnutls_record_send
FUNCS += functions/gnutls_record_send.short
FUNCS += functions/gnutls_record_recv
@@ -908,6 +912,12 @@ FUNCS += functions/gnutls_server_name_set
FUNCS += functions/gnutls_server_name_set.short
FUNCS += functions/gnutls_server_name_get
FUNCS += functions/gnutls_server_name_get.short
+FUNCS += functions/gnutls_heartbeat_enable
+FUNCS += functions/gnutls_heartbeat_enable.short
+FUNCS += functions/gnutls_heartbeat_allowed
+FUNCS += functions/gnutls_heartbeat_allowed.short
+FUNCS += functions/gnutls_heartbeat_timeout
+FUNCS += functions/gnutls_heartbeat_timeout.short
FUNCS += functions/gnutls_safe_renegotiation_status
FUNCS += functions/gnutls_safe_renegotiation_status.short
FUNCS += functions/gnutls_supplemental_get_name
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 1f56ec5..88ca94c 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -446,21 +446,19 @@ idea, which is implemented in GnuTLS.
The TLS extension which allows to request response from the peer in a
way similar to ping command described in @xcite{RFC6520}. This
extension is disabled by default - user have to call
address@hidden to enable it. Note: this will set
address@hidden to enable it. Note: this will set
local policy affecting HeartBeat messages coming from the peer - the policy
-could be checked via @funcref{gnutls_heartbeat_enabled_local}. The
-same policy set by the peer for our messages could be checked via
address@hidden The requests coming from
-peer are answered automatically (if policy permits) inside
address@hidden, requests to peer could be send via
+could be checked via @funcref{gnutls_heartbeat_allowed}.
+The requests coming from peer are answered automatically (if policy permits)
+inside @funcref{gnutls_record_recv}, requests to peer could be send via
@funcref{gnutls_heartbeat_ping} or
@funcref{gnutls_heartbeat_ping_rnd}. Each request triggers timeout
which could be checked and manipulated with @funcref{gnutls_heartbeat_timeout}.
Policy-related functions:
address@hidden,gnutls_heartbeat_deny},
@showfuncB{gnutls_heartbeat_enabled_local,gnutls_heartbeat_enabled_remote}
address@hidden,gnutls_heartbeat_enable}
Operational functions:
address@hidden,@showfuncB{gnutls_heartbeat_ping,gnutls_heartbeat_ping_rnd}
address@hidden,gnutls_heartbeat_ping,gnutls_heartbeat_ping_rnd}
@node Safe renegotiation
@subsection Safe renegotiation
diff --git a/doc/invoke-gnutls-cli.texi b/doc/invoke-gnutls-cli.texi
index b7c35c9..f00fa04 100644
--- a/doc/invoke-gnutls-cli.texi
+++ b/doc/invoke-gnutls-cli.texi
@@ -7,7 +7,7 @@
#
# DO NOT EDIT THIS FILE (invoke-gnutls-cli.texi)
#
-# It has been AutoGen-ed June 6, 2012 at 09:11:09 PM by AutoGen 5.16
+# It has been AutoGen-ed September 1, 2012 at 11:10:28 AM by AutoGen 5.16
# From the definitions ../src/cli-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -48,6 +48,7 @@ USAGE: gnutls-cli [ -<flag> [<val>] |
--<name>address@hidden| @}<val>] ]... [hostname]
--ocsp Enable OCSP certificate verification
- disabled as --no-ocsp
-r, --resume Establish a session and resume
+ -b, --heartbeat Activate heartbeat support
-e, --rehandshake Establish a session and rehandshake
--noticket Don't accept session tickets
-s, --starttls Connect, establish a plain session and start TLS.
diff --git a/doc/invoke-gnutls-serv.texi b/doc/invoke-gnutls-serv.texi
index bd7b686..57da3b7 100644
--- a/doc/invoke-gnutls-serv.texi
+++ b/doc/invoke-gnutls-serv.texi
@@ -7,7 +7,7 @@
#
# DO NOT EDIT THIS FILE (invoke-gnutls-serv.texi)
#
-# It has been AutoGen-ed May 9, 2012 at 08:06:12 PM by AutoGen 5.16
+# It has been AutoGen-ed September 1, 2012 at 11:10:28 AM by AutoGen 5.16
# From the definitions ../src/serv-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -52,6 +52,7 @@ USAGE: gnutls-serv [ -<flag> [<val>] |
--<name>address@hidden| @}<val>] ]...
0 to 17000
-a, --disable-client-cert Do not request a client certificate
-r, --require-client-cert Require a client certificate
+ -b, --heartbeat Activate heartbeat support
--x509fmtder Use DER format for certificates to read from
--priority=str Priorities string
--dhparams=file DH params file to use
@@ -103,6 +104,12 @@ please send bug reports to: bug-gnutls@@gnu.org
This is the ``enable debugging.'' option.
This option takes an argument number.
Specifies the debug level.
address@hidden heartbeat}
address@hidden heartbeat option (-b)
address@hidden gnutls-serv-heartbeat
+
+This is the ``activate heartbeat support'' option.
+Regularly ping client via heartbeat extension messages
@anchor{gnutls-serv priority}
@subheading priority option
@cindex gnutls-serv-priority
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 5049254..d599f88 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -268,6 +268,8 @@ APIMANS += gnutls_strerror_name.3
APIMANS += gnutls_handshake_set_private_extensions.3
APIMANS += gnutls_handshake_get_last_out.3
APIMANS += gnutls_handshake_get_last_in.3
+APIMANS += gnutls_heartbeat_ping.3
+APIMANS += gnutls_heartbeat_ping_rnd.3
APIMANS += gnutls_record_send.3
APIMANS += gnutls_record_recv.3
APIMANS += gnutls_record_recv_seq.3
@@ -281,7 +283,9 @@ APIMANS += gnutls_prf.3
APIMANS += gnutls_prf_raw.3
APIMANS += gnutls_server_name_set.3
APIMANS += gnutls_server_name_get.3
-APIMANS += gnutls_heartbeat_policy_set.3
+APIMANS += gnutls_heartbeat_enable.3
+APIMANS += gnutls_heartbeat_allowed.3
+APIMANS += gnutls_heartbeat_timeout.3
APIMANS += gnutls_safe_renegotiation_status.3
APIMANS += gnutls_supplemental_get_name.3
APIMANS += gnutls_session_ticket_key_generate.3
diff --git a/tests/certs/cert-ecc256.pem b/tests/certs/cert-ecc256.pem
new file mode 100644
index 0000000..3f5cbc1
--- /dev/null
+++ b/tests/certs/cert-ecc256.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx
+ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV
+HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu
+b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC
+ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4
+bA9XTz/2OnpgAZutUohNNb/tmRE=
+-----END CERTIFICATE-----
diff --git a/tests/certs/cert-ecc384.pem b/tests/certs/cert-ecc384.pem
new file mode 100644
index 0000000..29b057b
--- /dev/null
+++ b/tests/certs/cert-ecc384.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAqOgAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzFaGA8yMDE5MTAwNTA5MjIzMVow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMHYwEAYH
+KoZIzj0CAQYFK4EEACIDYgAEBdFp7VW/awwLHqaOT6qzraO12SYSPvIXu/4R0oBA
+ygamgH1/0nuW/ZKNQYfmiPtnLickPpVGaRBvoTEyAq858FmuTCFE2Kft0/En+Dpk
+6md6yd+7EqqztcvY2Gw4zPNwo4G2MIGzMAwGA1UdEwEB/wQCMAAwPQYDVR0RBDYw
+NIIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jngglsb2NhbGhvc3SH
+BMCoAQEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNV
+HQ4EFgQUR6LCq3Gbiil4XRkgb6gdSskwQIQwHwYDVR0jBBgwFoAU8LSB/pgSv7Uo
+uWRAA8vMH2ZOKAMwCgYIKoZIzj0EAwIDSQAwRgIhAL4FmNCgnUEnkfJAysOLApVT
+bOYXH1dnJ6j3FKxMXM+jAiEAtcWWV7yqvihzxptUdWMcg1kuZanf9VHuWmUMuUcc
+Nnk=
+-----END CERTIFICATE-----
diff --git a/tests/certs/cert-ecc521.pem b/tests/certs/cert-ecc521.pem
new file mode 100644
index 0000000..3fc1778
--- /dev/null
+++ b/tests/certs/cert-ecc521.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAsmgAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMjRaGA8yMDE5MTAwNTA5MjIyNFow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMIGbMBAG
+ByqGSM49AgEGBSuBBAAjA4GGAAQAoapA9bLQHQiI8V2mIzs9sq80VR4FBB0TBOSx
+GqBOE3FSzHAejQkIKc/1pW0v0wKvapYMq/RrfhPJxPkjTPtztUsAkU//9E0/aoEW
+VC6Rqf+VX3wIhe7+RS8JXdBh9SM0+Z9MCRUiM8K9qPMtpNgB2ks7T5BGFHSMlNKm
+uLW1agWPy5CjgbYwgbMwDAYDVR0TAQH/BAIwADA9BgNVHREENjA0ggx3d3cubm9u
+ZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCCWxvY2FsaG9zdIcEwKgBATATBgNV
+HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTagKMW
+kYyqTJk/RRjg++gqz6xX6zAfBgNVHSMEGDAWgBTwtIH+mBK/tSi5ZEADy8wfZk4o
+AzAKBggqhkjOPQQDAgNJADBGAiEAoj/ZB98cG/FaA7VVU+R6+TT3icF+De61rfim
+R43VMlUCIQCXjG9gRp0x+/8vCRL0/nr0a32SRPruKVDqbHnNiWchsg==
+-----END CERTIFICATE-----
diff --git a/tests/certs/ecc256.pem b/tests/certs/ecc256.pem
new file mode 100644
index 0000000..75a2cfa
--- /dev/null
+++ b/tests/certs/ecc256.pem
@@ -0,0 +1,37 @@
+Public Key Info:
+ Public Key Algorithm: EC
+ Key Security Level: High
+
+curve: SECP256R1
+private key:
+ 00:fd:2b:00:80:f3:36:5f:11:32:65:e3:8d:30:33:
+ 3b:47:f5:ce:f8:13:e5:4c:c2:cf:fd:e8:05:6a:ca:
+ c9:41:b1:
+x:
+ 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:
+ 30:5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:
+ c6:33:
+y:
+ 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:
+ fa:6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:
+ 94:c1:
+
+Public Key ID: AC:FA:47:67:C6:1B:41:79:12:57:F7:AC:05:C1:50:E2:8E:D0:0E:5B
+Public key's random art:
++--[ EC 256]----+
+| .o+==..|
+| .+o...+.|
+| o.Eo. +|
+| . *.o o |
+| S.o.. . |
+| .. * |
+| .. + o |
+| . . . |
+| .... |
++-----------------+
+
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEIQD9KwCA8zZfETJl440wMztH9c74E+VMws/96AVqyslBsaAKBggqhkjO
+PQMBB6FEA0IABDwVbx1IPmRZEyxtBBo4DTBc5D9Vy9kXFUZycZLB+MYzPQQuyMEP
+wFAEe5/JSLVA+m+TgllhXnJXy4MGvcyClME=
+-----END EC PRIVATE KEY-----
diff --git a/tests/certs/ecc384.pem b/tests/certs/ecc384.pem
new file mode 100644
index 0000000..bfa5d9f
--- /dev/null
+++ b/tests/certs/ecc384.pem
@@ -0,0 +1,41 @@
+Public Key Info:
+ Public Key Algorithm: EC
+ Key Security Level: High
+
+curve: SECP384R1
+private key:
+ 00:ff:42:b3:6d:ca:d3:06:13:d7:a7:e4:41:27:18:
+ ff:82:15:6a:c9:35:20:dc:4e:ad:e8:e6:07:37:87:
+ d8:d2:59:e9:39:17:94:22:c0:5e:07:46:0f:aa:4a:
+ 7d:7a:ea:30:
+x:
+ 05:d1:69:ed:55:bf:6b:0c:0b:1e:a6:8e:4f:aa:b3:
+ ad:a3:b5:d9:26:12:3e:f2:17:bb:fe:11:d2:80:40:
+ ca:06:a6:80:7d:7f:d2:7b:96:fd:92:8d:41:87:e6:
+ 88:fb:67:
+y:
+ 2e:27:24:3e:95:46:69:10:6f:a1:31:32:02:af:39:
+ f0:59:ae:4c:21:44:d8:a7:ed:d3:f1:27:f8:3a:64:
+ ea:67:7a:c9:df:bb:12:aa:b3:b5:cb:d8:d8:6c:38:
+ cc:f3:70:
+
+Public Key ID: 47:A2:C2:AB:71:9B:8A:29:78:5D:19:20:6F:A8:1D:4A:C9:30:40:84
+Public key's random art:
++--[ EC 384]----+
+|*o |
+|E . . |
+|o..+ . . . |
+| +o.o .. o |
+|.+ oo .oS . |
+|o . oo . |
+|. ..o. |
+|oo.+.o |
+|+.o.o |
++-----------------+
+
+-----BEGIN EC PRIVATE KEY-----
+MIGlAgEBBDEA/0KzbcrTBhPXp+RBJxj/ghVqyTUg3E6t6OYHN4fY0lnpOReUIsBe
+B0YPqkp9euowoAcGBSuBBAAioWQDYgAEBdFp7VW/awwLHqaOT6qzraO12SYSPvIX
+u/4R0oBAygamgH1/0nuW/ZKNQYfmiPtnLickPpVGaRBvoTEyAq858FmuTCFE2Kft
+0/En+Dpk6md6yd+7EqqztcvY2Gw4zPNw
+-----END EC PRIVATE KEY-----
diff --git a/tests/certs/ecc521.pem b/tests/certs/ecc521.pem
new file mode 100644
index 0000000..136d1e2
--- /dev/null
+++ b/tests/certs/ecc521.pem
@@ -0,0 +1,45 @@
+Public Key Info:
+ Public Key Algorithm: EC
+ Key Security Level: Ultra
+
+curve: SECP521R1
+private key:
+ 01:02:2a:fc:98:41:e5:9c:78:8a:68:74:9d:bc:48:
+ 53:80:de:28:5b:21:ee:f8:88:3a:6e:8e:1f:4e:e8:
+ 4d:f7:2d:a8:8c:0d:6a:00:11:c9:7a:58:28:57:df:
+ 57:50:27:89:67:93:44:d4:14:fd:5d:39:2c:bf:f6:
+ 07:58:f9:7e:96:63:
+x:
+ 00:a1:aa:40:f5:b2:d0:1d:08:88:f1:5d:a6:23:3b:
+ 3d:b2:af:34:55:1e:05:04:1d:13:04:e4:b1:1a:a0:
+ 4e:13:71:52:cc:70:1e:8d:09:08:29:cf:f5:a5:6d:
+ 2f:d3:02:af:6a:96:0c:ab:f4:6b:7e:13:c9:c4:f9:
+ 23:4c:fb:73:b5:4b:
+y:
+ 00:91:4f:ff:f4:4d:3f:6a:81:16:54:2e:91:a9:ff:
+ 95:5f:7c:08:85:ee:fe:45:2f:09:5d:d0:61:f5:23:
+ 34:f9:9f:4c:09:15:22:33:c2:bd:a8:f3:2d:a4:d8:
+ 01:da:4b:3b:4f:90:46:14:74:8c:94:d2:a6:b8:b5:
+ b5:6a:05:8f:cb:90:
+
+Public Key ID: DA:80:A3:16:91:8C:AA:4C:99:3F:45:18:E0:FB:E8:2A:CF:AC:57:EB
+Public key's random art:
++--[ EC 528]----+
+| ... |
+|.o .o |
+|..+. . |
+|. +... |
+|.=. o.. S |
+|+ +oo. + |
+|.oo= .. . |
+|o+. o |
+|==+.E |
++-----------------+
+
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBAir8mEHlnHiKaHSdvEhTgN4oWyHu+Ig6bo4fTuhN9y2ojA1qABHJ
+elgoV99XUCeJZ5NE1BT9XTksv/YHWPl+lmOgBwYFK4EEACOhgYkDgYYABAChqkD1
+stAdCIjxXaYjOz2yrzRVHgUEHRME5LEaoE4TcVLMcB6NCQgpz/WlbS/TAq9qlgyr
+9Gt+E8nE+SNM+3O1SwCRT//0TT9qgRZULpGp/5VffAiF7v5FLwld0GH1IzT5n0wJ
+FSIzwr2o8y2k2AHaSztPkEYUdIyU0qa4tbVqBY/LkA==
+-----END EC PRIVATE KEY-----
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main
index e1ffb94..06de7b7 100755
--- a/tests/suite/testcompat-main
+++ b/tests/suite/testcompat-main
@@ -56,8 +56,14 @@ CLI_CERT=$srcdir/../../doc/credentials/x509/clicert.pem
CLI_KEY=$srcdir/../../doc/credentials/x509/clikey.pem
CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem
-ECC_CERT=$srcdir/../certs/cert-ecc.pem
-ECC_KEY=$srcdir/../certs/ecc.pem
+ECC224_CERT=$srcdir/../certs/cert-ecc.pem
+ECC224_KEY=$srcdir/../certs/ecc.pem
+
+ECC521_CERT=$srcdir/../certs/cert-ecc521.pem
+ECC521_KEY=$srcdir/../certs/ecc521.pem
+
+ECC384_CERT=$srcdir/../certs/cert-ecc384.pem
+ECC384_KEY=$srcdir/../certs/ecc384.pem
SERV_CERT=$srcdir/../../doc/credentials/x509/cert-rsa.pem
SERV_KEY=$srcdir/../../doc/credentials/x509/key-rsa.pem
@@ -133,18 +139,45 @@ kill $PID
wait
#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve
secp224r1 -CAfile $CA_ECC_CERT &
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1 -named_curve
secp224r1 -CAfile $CA_ECC_CERT &
PID=$!
wait_server $PID
# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
-echo "Checking TLS 1.0 with ECDHE-ECDSA..."
-$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null
>/dev/null || \
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP224R1)..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null
>/dev/null || \
fail $PID "Failed"
kill $PID
wait
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1 -named_curve
secp384r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null
>/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1 -named_curve
secp521r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA (SECP521R1)..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null
>/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+
if test $SV2 = 0;then
# Tests requiring openssl 1.0.1 - TLS 1.2
#-cipher
RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
@@ -172,12 +205,36 @@ kill $PID
wait
#-cipher ECDHE-ECDSA-AES128-SHA
-launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1_2 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve
secp224r1 -CAfile $CA_ECC_CERT &
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1_2 -key $ECC224_KEY -cert $ECC224_CERT -Verify 1
-named_curve secp224r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP224R1)"
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC224_CERT --x509keyfile $ECC224_KEY </dev/null
>/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1_2 -key $ECC384_KEY -cert $ECC384_CERT -Verify 1
-named_curve secp384r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP384R1)"
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC384_CERT --x509keyfile $ECC384_KEY </dev/null
>/dev/null || \
+ fail $PID "Failed"
+
+kill $PID
+wait
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1_2 -key $ECC521_KEY -cert $ECC521_CERT -Verify 1
-named_curve secp521r1 -CAfile $CA_ECC_CERT &
PID=$!
wait_server $PID
-echo "Checking TLS 1.2 with ECDHE-ECDSA..."
-$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null
>/dev/null || \
+echo "Checking TLS 1.2 with ECDHE-ECDSA... (SECP521R1)"
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL"
--insecure --x509certfile $ECC521_CERT --x509keyfile $ECC521_KEY </dev/null
>/dev/null || \
fail $PID "Failed"
kill $PID
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-44-g7121c0e,
Nikos Mavrogiannopoulos <=