20
20
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
23
/* Code based on ./srn0.c.
23
/* Code based on srn0.c.
25
* This tests that a client with a permissive policy
26
* (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
27
* server with no support for the extension.
25
* This tests that clients with support for safe renegotiation is able
26
* to handshake properly against a server with no support for safe
27
* renegotiation, but that the client will not be able to complete a
30
31
#ifdef HAVE_CONFIG_H
43
46
fprintf (stderr, "|<%d>| %s", level, str);
46
static char *to_server;
47
static size_t to_server_len;
49
static char *to_client;
50
static size_t to_client_len;
53
client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
55
if (to_client_len < len)
57
gnutls_transport_set_global_errno (EAGAIN);
61
memcpy (data, to_client, len);
63
memmove (to_client, to_client + len, to_client_len - len);
70
client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
72
size_t newlen = to_server_len + len;
75
tmp = realloc (to_server, newlen);
80
memcpy (to_server + to_server_len, data, len);
81
to_server_len = newlen;
87
server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
89
if (to_server_len < len)
91
gnutls_transport_set_global_errno (EAGAIN);
95
memcpy (data, to_server, len);
97
memmove (to_server, to_server + len, to_server_len - len);
104
server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
106
size_t newlen = to_client_len + len;
109
tmp = realloc (to_client, newlen);
114
memcpy (to_client + to_client_len, data, len);
115
to_client_len = newlen;
120
49
static unsigned char server_cert_pem[] =
121
50
"-----BEGIN CERTIFICATE-----\n"
122
51
"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
175
101
/* General init. */
176
102
gnutls_global_init ();
177
103
gnutls_global_set_log_function (tls_log_func);
178
gnutls_global_set_log_level (debug_level);
104
if (debug) gnutls_global_set_log_level (2);
180
106
/* Init server */
181
107
gnutls_certificate_allocate_credentials (&serverx509cred);
182
108
gnutls_certificate_set_x509_key_mem (serverx509cred,
183
&server_cert, &server_key,
184
GNUTLS_X509_FMT_PEM);
109
&server_cert, &server_key,
110
GNUTLS_X509_FMT_PEM);
185
111
gnutls_init (&server, GNUTLS_SERVER);
186
112
gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
187
113
gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
189
115
gnutls_transport_set_push_function (server, server_push);
190
116
gnutls_transport_set_pull_function (server, server_pull);
117
gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
192
119
/* Init client */
193
120
gnutls_certificate_allocate_credentials (&clientx509cred);
194
121
gnutls_init (&client, GNUTLS_CLIENT);
195
122
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
196
gnutls_priority_set_direct (client, "NORMAL:%UNSAFE_RENEGOTIATION", NULL);
123
gnutls_priority_set_direct (client, "NORMAL", NULL);
197
124
gnutls_transport_set_push_function (client, client_push);
198
125
gnutls_transport_set_pull_function (client, client_pull);
200
/* Check that initially no session use the extension. */
201
if (gnutls_safe_renegotiation_status (server)
202
|| gnutls_safe_renegotiation_status (client))
204
puts ("Client or server using extension before handshake?");
210
static int max_iter = 0;
214
if (cret == GNUTLS_E_AGAIN)
216
cret = gnutls_handshake (client);
219
tls_log_func (0, "gnutls_handshake (client)...\n");
220
tls_log_func (0, gnutls_strerror (cret));
221
tls_log_func (0, "\n");
225
if (sret == GNUTLS_E_AGAIN)
227
sret = gnutls_handshake (server);
230
tls_log_func (0, "gnutls_handshake (server)...\n");
231
tls_log_func (0, gnutls_strerror (sret));
232
tls_log_func (0, "\n");
238
!(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
240
&& (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
242
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
243
exit_code = EXIT_FAILURE;
245
if (gnutls_safe_renegotiation_status (client) ||
246
gnutls_safe_renegotiation_status (server))
248
tls_log_func (0, "Session using safe renegotiation?!\n");
249
exit_code = EXIT_FAILURE;
126
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
128
HANDSHAKE(client, server);
130
if (gnutls_safe_renegotiation_status (client))
132
tls_log_func (0, "Client thinks it is using safe renegotiation!\n");
136
if (gnutls_safe_renegotiation_status (server))
138
tls_log_func (0, "Server thinks it is using safe renegotiation!\n");
252
142
sret = gnutls_rehandshake (server);
255
145
tls_log_func (0, "gnutls_rehandshake (server)...\n");
256
146
tls_log_func (0, gnutls_strerror (sret));
268
cret = GNUTLS_E_AGAIN;
269
sret = GNUTLS_E_AGAIN;
273
static int max_iter = 0;
277
if (cret == GNUTLS_E_AGAIN)
279
cret = gnutls_handshake (client);
282
tls_log_func (0, "second gnutls_handshake (client)...\n");
283
tls_log_func (0, gnutls_strerror (cret));
284
tls_log_func (0, "\n");
288
if (sret == GNUTLS_E_AGAIN)
290
sret = gnutls_handshake (server);
293
tls_log_func (0, "second gnutls_handshake (server)...\n");
294
tls_log_func (0, gnutls_strerror (sret));
295
tls_log_func (0, "\n");
301
!(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
303
&& (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
305
if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
158
HANDSHAKE_EXPECT(client, server, GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, GNUTLS_E_AGAIN);
308
160
if (gnutls_safe_renegotiation_status (client) ||
309
161
gnutls_safe_renegotiation_status (server))
311
tls_log_func (0, "Rehandshaked using safe renegotiation?!\n");
312
exit_code = EXIT_FAILURE;
164
"Rehandshaked session not using safe renegotiation!\n");
315
168
gnutls_bye (client, GNUTLS_SHUT_RDWR);