} TLS_TEST;
static const TLS_TEST tls_tests[] = {
+ {"whether the server accepts default record size (512 bytes)",
+ test_send_record, "yes", "no", "dunno"},
+ {"whether %ALLOW_SMALL_RECORDS is required",
+ test_send_record_with_allow_small_records, "yes", "no", "dunno"},
#ifdef ENABLE_SSL3
{"for SSL 3.0 (RFC6101) support", test_ssl3, "yes", "no", "dunno"},
/* The following tests will disable TLS 1.x if the server is
"yes", "dunno"},
{"whether we need to disable TLS 1.0", test_tls_disable0, "no",
"yes", "dunno"},
- {"whether \%NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
+ {"whether %NO_EXTENSIONS is required", test_no_extensions, "no", "yes",
"dunno"},
- {"whether \%COMPAT is required", test_record_padding, "no", "yes",
+ {"whether %COMPAT is required", test_record_padding, "no", "yes",
"dunno"},
{"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
{"for TLS 1.0 (RFC2246) support with TLS 1.0 record version", test_tls1_nossl3, "yes", "no", "dunno"},
int tls1_1_ok = 0;
int tls1_2_ok = 0;
int tls1_3_ok = 0;
+int send_record_ok = 0;
/* keep session info */
static char *session_data = NULL;
ext_text = "none";
return TEST_SUCCEED;
}
+
+static test_code_t
+test_do_handshake_and_send_record(gnutls_session_t session)
+{
+ int ret;
+ /* This will be padded to 512 bytes. */
+ const char snd_buf[] = "GET / HTTP/1.0\r\n\r\n";
+ static char buf[5 * 1024];
+
+ ret = test_do_handshake(session);
+ if (ret != TEST_SUCCEED)
+ return ret;
+
+ gnutls_record_send(session, snd_buf, sizeof(snd_buf) - 1);
+ ret = gnutls_record_recv(session, buf, sizeof(buf) - 1);
+ if (ret < 0)
+ return TEST_FAILED;
+
+ return TEST_SUCCEED;
+}
+
+/* These tests shall be sent in this order to check if the server
+ * advertises smaller limits than our default 512. and we can work it
+ * around with %ALLOW_SMALL_RECORDS. */
+test_code_t test_send_record(gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":%s:"
+ ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = test_do_handshake_and_send_record(session);
+ if (ret == TEST_SUCCEED)
+ send_record_ok = 1;
+ return ret;
+}
+
+test_code_t test_send_record_with_allow_small_records(gnutls_session_t session)
+{
+ int ret;
+
+ /* If test_send_record succeeded, we don't need to check. */
+ if (send_record_ok)
+ return TEST_FAILED;
+
+ sprintf(prio_str,
+ INIT_STR ALL_CIPHERS ":" ALL_COMP ":%s:"
+ ALL_MACS ":" ALL_KX ":%%ALLOW_SMALL_RECORDS:%s",
+ protocol_str, rest);
+ _gnutls_priority_set_direct(session, prio_str);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = test_do_handshake_and_send_record(session);
+ if (ret == TEST_SUCCEED)
+ strcat(rest, ":%ALLOW_SMALL_RECORDS");
+ return ret;
+}
test_code_t test_session_resume2(gnutls_session_t state);
test_code_t test_rsa_pms_version_check(gnutls_session_t session);
test_code_t test_version_oob(gnutls_session_t session);
+test_code_t test_send_record(gnutls_session_t session);
+test_code_t test_send_record_with_allow_small_records(gnutls_session_t session);
int _test_srp_username_callback(gnutls_session_t session,
char **username, char **password);
rm -f ${OUTFILE}
+# Small records test
+echo ""
+echo "Checking output of gnutls-cli-debug for small records"
+
+eval "${GETPORT}"
+launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \
+ --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} --recordsize=64 >/dev/null 2>&1
+PID=$!
+wait_server ${PID}
+
+timeout 1800 datefudge "2017-08-9" \
+"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
+
+kill ${PID}
+wait
+
+check_text "whether the server accepts default record size (512 bytes)... no"
+check_text "whether %ALLOW_SMALL_RECORDS is required... yes"
+
+rm -f ${OUTFILE}
+
exit 0
git.samba.org / gd / gnutls / commitdiff