tests/version-checks.c

   1 /*
   2  * Copyright (C) 2016 Red Hat, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * GnuTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GnuTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GnuTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <stdio.h>
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <errno.h>
  31 #include <gnutls/gnutls.h>
  32 #include "utils.h"
  33 #include "eagain-common.h"
  34 #include "cert-common.h"
  35
  36 /*
  37  * That test verifies whether the support versions are negotiated
  38  * in the NORMAL priority string.
  39  */
  40
  41 const char *side;
  42
  43 static void tls_log_func(int level, const char *str)
  44 {
  45         fprintf(stderr, "%s|<%d>| %s", side, level, str);
  46 }
  47
  48 static void try(const char *client_prio, int expected)
  49 {
  50         int ret;
  51         gnutls_certificate_credentials_t serverx509cred;
  52         gnutls_session_t server;
  53         int sret = GNUTLS_E_AGAIN;
  54         /* Client stuff. */
  55         gnutls_certificate_credentials_t clientx509cred;
  56         gnutls_session_t client;
  57         int cret = GNUTLS_E_AGAIN;
  58
  59         /* General init. */
  60         gnutls_global_set_log_function(tls_log_func);
  61         if (debug)
  62                 gnutls_global_set_log_level(6);
  63
  64         /* Init server */
  65         gnutls_certificate_allocate_credentials(&serverx509cred);
  66         gnutls_certificate_set_x509_key_mem(serverx509cred,
  67                                             &server_cert, &server_key,
  68                                             GNUTLS_X509_FMT_PEM);
  69
  70         gnutls_init(&server, GNUTLS_SERVER);
  71         gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
  72                                serverx509cred);
  73
  74         gnutls_priority_set_direct(server,
  75                                    "NORMAL",
  76                                    NULL);
  77         gnutls_transport_set_push_function(server, server_push);
  78         gnutls_transport_set_pull_function(server, server_pull);
  79         gnutls_transport_set_ptr(server, server);
  80
  81         /* Init client */
  82
  83         ret = gnutls_certificate_allocate_credentials(&clientx509cred);
  84         if (ret < 0)
  85                 exit(1);
  86
  87         ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM);
  88         if (ret < 0)
  89                 exit(1);
  90
  91         ret = gnutls_init(&client, GNUTLS_CLIENT);
  92         if (ret < 0)
  93                 exit(1);
  94
  95         ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
  96                                clientx509cred);
  97         if (ret < 0)
  98                 exit(1);
  99
 100         gnutls_transport_set_push_function(client, client_push);
 101         gnutls_transport_set_pull_function(client, client_pull);
 102         gnutls_transport_set_ptr(client, client);
 103
 104         ret = gnutls_priority_set_direct(client, client_prio, NULL);
 105         if (ret < 0) {
 106                 exit(1);
 107         }
 108
 109         if (expected > 0) {
 110                 HANDSHAKE(client, server);
 111
 112                 ret = gnutls_protocol_get_version(client);
 113                 if (ret != expected) {
 114                         fail("unexpected negotiated protocol %s (expected %s)\n", gnutls_protocol_get_name(ret),
 115                                 gnutls_protocol_get_name(expected));
 116                         exit(1);
 117                 }
 118         } else {
 119                 HANDSHAKE_EXPECT(client, server, GNUTLS_E_UNSUPPORTED_VERSION_PACKET, GNUTLS_E_AGAIN);
 120         }
 121
 122         gnutls_bye(client, GNUTLS_SHUT_RDWR);
 123         gnutls_bye(server, GNUTLS_SHUT_RDWR);
 124
 125         gnutls_deinit(client);
 126         gnutls_deinit(server);
 127
 128         gnutls_certificate_free_credentials(serverx509cred);
 129         gnutls_certificate_free_credentials(clientx509cred);
 130 }
 131
 132 void doit(void)
 133 {
 134         global_init();
 135
 136         try("NORMAL:-VERS-ALL:+VERS-TLS1.0", GNUTLS_TLS1_0);
 137         reset_buffers();
 138         try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0", GNUTLS_TLS1_0);
 139         reset_buffers();
 140         try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1", GNUTLS_TLS1_1);
 141         reset_buffers();
 142         try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2);
 143         reset_buffers();
 144 #ifdef ENABLE_SSL3
 145         try("NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", GNUTLS_SSL3);
 146 #else
 147         try("NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", -1);
 148 #endif
 149         reset_buffers();
 150         gnutls_global_deinit();
 151 }