23
23
/* Code based on ../mini-x509.c.
25
25
* This tests that a %SAFE_RENEGOTIATION client will reject handshakes
26
* against servers that do not support the extension (server uses
27
* %DISABLE_SAFE_RENEGOTIATION).
26
* against servers that do not support the extension. This is sort of
27
* the inverse of what srn1.c is testing.
30
30
#ifdef HAVE_CONFIG_H
43
45
fprintf (stderr, "|<%d>| %s", level, str);
46
static char *to_server;
47
static size_t to_server_len;
49
static char *to_client;
50
static size_t to_client_len;
53
client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
55
if (to_client_len < len)
57
gnutls_transport_set_global_errno (EAGAIN);
61
memcpy (data, to_client, len);
63
memmove (to_client, to_client + len, to_client_len - len);
70
client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
72
size_t newlen = to_server_len + len;
75
tmp = realloc (to_server, newlen);
80
memcpy (to_server + to_server_len, data, len);
81
to_server_len = newlen;
87
server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
89
if (to_server_len < len)
91
gnutls_transport_set_global_errno (EAGAIN);
95
memcpy (data, to_server, len);
97
memmove (to_server, to_server + len, to_server_len - len);
104
server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
106
size_t newlen = to_client_len + len;
109
tmp = realloc (to_client, newlen);
114
memcpy (to_client + to_client_len, data, len);
115
to_client_len = newlen;
120
48
static unsigned char server_cert_pem[] =
121
49
"-----BEGIN CERTIFICATE-----\n"
122
50
"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
158
86
sizeof (server_key_pem)
162
main (int argc, char *argv[])
164
int debug_level = argc - 1;
165
int exit_code = EXIT_SUCCESS;
166
91
/* Server stuff. */
167
92
gnutls_certificate_credentials_t serverx509cred;
168
93
gnutls_session_t server;
175
100
/* General init. */
176
101
gnutls_global_init ();
177
102
gnutls_global_set_log_function (tls_log_func);
178
gnutls_global_set_log_level (debug_level);
103
if (debug) gnutls_global_set_log_level (2);
180
105
/* Init server */
181
106
gnutls_certificate_allocate_credentials (&serverx509cred);
182
107
gnutls_certificate_set_x509_key_mem (serverx509cred,
183
&server_cert, &server_key,
184
GNUTLS_X509_FMT_PEM);
108
&server_cert, &server_key,
109
GNUTLS_X509_FMT_PEM);
185
110
gnutls_init (&server, GNUTLS_SERVER);
186
111
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
187
112
gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
189
114
gnutls_transport_set_push_function (server, server_push);
190
115
gnutls_transport_set_pull_function (server, server_pull);
116
gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
192
118
/* Init client */
193
119
gnutls_certificate_allocate_credentials (&clientx509cred);
196
122
gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", NULL);
197
123
gnutls_transport_set_push_function (client, client_push);
198
124
gnutls_transport_set_pull_function (client, client_pull);
125
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
200
127
/* Check that initially no session use the extension. */
201
128
if (gnutls_safe_renegotiation_status (server)
210
static int max_iter = 0;
214
if (cret == GNUTLS_E_AGAIN)
216
cret = gnutls_handshake (client);
219
tls_log_func (0, "gnutls_handshake (client)...\n");
220
tls_log_func (0, gnutls_strerror (cret));
221
tls_log_func (0, "\n");
225
if (sret == GNUTLS_E_AGAIN)
227
sret = gnutls_handshake (server);
230
tls_log_func (0, "gnutls_handshake (server)...\n");
231
tls_log_func (0, gnutls_strerror (sret));
232
tls_log_func (0, "\n");
236
while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS)
237
&& (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
239
if (cret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED && sret != GNUTLS_E_SUCCESS)
240
exit_code = EXIT_FAILURE;
135
HANDSHAKE_EXPECT(client, server, GNUTLS_E_SAFE_RENEGOTIATION_FAILED, GNUTLS_E_AGAIN);
242
137
gnutls_bye (client, GNUTLS_SHUT_RDWR);
243
138
gnutls_bye (server, GNUTLS_SHUT_RDWR);
245
140
gnutls_deinit (client);
246
141
gnutls_deinit (server);
251
143
gnutls_certificate_free_credentials (serverx509cred);
144
gnutls_certificate_free_credentials (clientx509cred);
253
146
gnutls_global_deinit ();
258
puts ("Self-test successful");
260
puts ("Self-test failed");
150
puts ("Self-test successful");