20
20
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
23
/* Code based on ./srn0.c.
23
/* Code based on ../mini-x509.c.
25
* This tests that clients without support for safe renegotiation is
26
* able to handshake against servers with support, but not able to
27
* rehandshake (server will refuse rehandshake).
25
* This tests that a %INITIAL_SAFE_RENEGOTIATION server will reject
26
* handshakes against clients that do not support the extension. This
27
* is sort of the inverse of what srn3.c is testing.
30
30
#ifdef HAVE_CONFIG_H
43
45
fprintf (stderr, "|<%d>| %s", level, str);
46
static char *to_server;
47
static size_t to_server_len;
49
static char *to_client;
50
static size_t to_client_len;
53
client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
55
if (to_client_len < len)
57
gnutls_transport_set_global_errno (EAGAIN);
61
memcpy (data, to_client, len);
63
memmove (to_client, to_client + len, to_client_len - len);
70
client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
72
size_t newlen = to_server_len + len;
75
tmp = realloc (to_server, newlen);
80
memcpy (to_server + to_server_len, data, len);
81
to_server_len = newlen;
87
server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
89
if (to_server_len < len)
91
gnutls_transport_set_global_errno (EAGAIN);
95
memcpy (data, to_server, len);
97
memmove (to_server, to_server + len, to_server_len - len);
104
server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
106
size_t newlen = to_client_len + len;
109
tmp = realloc (to_client, newlen);
114
memcpy (to_client + to_client_len, data, len);
115
to_client_len = newlen;
120
48
static unsigned char server_cert_pem[] =
121
49
"-----BEGIN CERTIFICATE-----\n"
122
50
"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
175
100
/* General init. */
176
101
gnutls_global_init ();
177
102
gnutls_global_set_log_function (tls_log_func);
178
gnutls_global_set_log_level (debug_level);
103
if (debug) gnutls_global_set_log_level (5);
180
105
/* Init server */
181
106
gnutls_certificate_allocate_credentials (&serverx509cred);
182
107
gnutls_certificate_set_x509_key_mem (serverx509cred,
183
&server_cert, &server_key,
184
GNUTLS_X509_FMT_PEM);
108
&server_cert, &server_key,
109
GNUTLS_X509_FMT_PEM);
185
110
gnutls_init (&server, GNUTLS_SERVER);
186
111
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
187
gnutls_priority_set_direct (server, "NORMAL", NULL);
112
gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL);
188
113
gnutls_transport_set_push_function (server, server_push);
189
114
gnutls_transport_set_pull_function (server, server_pull);
115
gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
191
117
/* Init client */
192
118
gnutls_certificate_allocate_credentials (&clientx509cred);
193
119
gnutls_init (&client, GNUTLS_CLIENT);
194
120
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
195
121
gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
197
123
gnutls_transport_set_push_function (client, client_push);
198
124
gnutls_transport_set_pull_function (client, client_pull);
125
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
200
127
/* Check that initially no session use the extension. */
201
128
if (gnutls_safe_renegotiation_status (server)
210
static int max_iter = 0;
214
if (cret == GNUTLS_E_AGAIN)
216
cret = gnutls_handshake (client);
219
tls_log_func (0, "gnutls_handshake (client)...\n");
220
tls_log_func (0, gnutls_strerror (cret));
221
tls_log_func (0, "\n");
225
if (sret == GNUTLS_E_AGAIN)
227
sret = gnutls_handshake (server);
230
tls_log_func (0, "gnutls_handshake (server)...\n");
231
tls_log_func (0, gnutls_strerror (sret));
232
tls_log_func (0, "\n");
238
!(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
240
&& (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
242
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
243
exit_code = EXIT_FAILURE;
245
if (gnutls_safe_renegotiation_status (client) ||
246
gnutls_safe_renegotiation_status (server))
248
tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n");
249
exit_code = EXIT_FAILURE;
252
sret = gnutls_rehandshake (server);
255
tls_log_func (0, "gnutls_rehandshake (server)...\n");
256
tls_log_func (0, gnutls_strerror (sret));
257
tls_log_func (0, "\n");
263
n = gnutls_record_recv (client, b, 1);
264
if (n != GNUTLS_E_REHANDSHAKE)
268
cret = GNUTLS_E_AGAIN;
269
sret = GNUTLS_E_AGAIN;
273
static int max_iter = 0;
277
if (cret == GNUTLS_E_AGAIN)
279
cret = gnutls_handshake (client);
282
tls_log_func (0, "second gnutls_handshake (client)...\n");
283
tls_log_func (0, gnutls_strerror (cret));
284
tls_log_func (0, "\n");
288
if (sret == GNUTLS_E_AGAIN)
290
sret = gnutls_handshake (server);
293
tls_log_func (0, "second gnutls_handshake (server)...\n");
294
tls_log_func (0, gnutls_strerror (sret));
295
tls_log_func (0, "\n");
299
if (sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
304
!(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
306
&& (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
308
if (cret != GNUTLS_E_SUCCESS
309
&& sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
312
if (gnutls_safe_renegotiation_status (client) ||
313
gnutls_safe_renegotiation_status (server))
315
tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n");
316
exit_code = EXIT_FAILURE;
135
HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SAFE_RENEGOTIATION_FAILED);
319
137
gnutls_bye (client, GNUTLS_SHUT_RDWR);
320
138
gnutls_bye (server, GNUTLS_SHUT_RDWR);