File CVE-2009-3555-1.patch of Package gnutls
Index: gnutls-2.4.1/configure
===================================================================
--- gnutls-2.4.1.orig/configure
+++ gnutls-2.4.1/configure
@@ -46596,7 +46596,7 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
-ac_config_files="$ac_config_files Makefile po/Makefile.in doc/Makefile doc/examples/Makefile doc/scripts/Makefile doc/manpages/Makefile doc/reference/Makefile doc/credentials/Makefile doc/credentials/x509/Makefile doc/credentials/srp/Makefile doc/credentials/openpgp/Makefile gl/Makefile lgl/Makefile tests/Makefile tests/rsa-md5-collision/Makefile tests/userid/Makefile tests/pkcs1-padding/Makefile tests/pkcs8-decode/Makefile tests/pkcs12-decode/Makefile tests/pathlen/Makefile tests/key-id/Makefile tests/sha2/Makefile tests/hostname-check/Makefile includes/Makefile includes/gnutls/gnutls.h lib/Makefile lib/minitasn1/Makefile lib/x509/Makefile libextra/Makefile lib/openpgp/Makefile lib/opencdk/Makefile tests/openpgp/Makefile tests/openpgp-certs/Makefile src/Makefile src/cfg/Makefile src/cfg/platon/Makefile src/cfg/platon/str/Makefile lib/libgnutls-config libextra/libgnutls-extra-config lib/gnutls.pc libextra/gnutls-extra.pc guile/Makefile guile/modules/Makefile guile/src/Makefile guile/tests/Makefile"
+ac_config_files="$ac_config_files Makefile po/Makefile.in doc/Makefile doc/examples/Makefile doc/scripts/Makefile doc/manpages/Makefile doc/reference/Makefile doc/credentials/Makefile doc/credentials/x509/Makefile doc/credentials/srp/Makefile doc/credentials/openpgp/Makefile gl/Makefile lgl/Makefile tests/Makefile tests/rsa-md5-collision/Makefile tests/userid/Makefile tests/pkcs1-padding/Makefile tests/pkcs8-decode/Makefile tests/pkcs12-decode/Makefile tests/pathlen/Makefile tests/key-id/Makefile tests/sha2/Makefile tests/hostname-check/Makefile includes/Makefile includes/gnutls/gnutls.h lib/Makefile lib/minitasn1/Makefile lib/x509/Makefile libextra/Makefile lib/openpgp/Makefile lib/opencdk/Makefile tests/openpgp/Makefile tests/openpgp-certs/Makefile tests/safe-renegotiation/Makefile src/Makefile src/cfg/Makefile src/cfg/platon/Makefile src/cfg/platon/str/Makefile lib/libgnutls-config libextra/libgnutls-extra-config lib/gnutls.pc libextra/gnutls-extra.pc guile/Makefile guile/modules/Makefile guile/src/Makefile guile/tests/Makefile"
ac_config_files="$ac_config_files guile/pre-inst-guile"
@@ -47481,6 +47481,7 @@ do
"lib/opencdk/Makefile") CONFIG_FILES="$CONFIG_FILES lib/opencdk/Makefile" ;;
"tests/openpgp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/openpgp/Makefile" ;;
"tests/openpgp-certs/Makefile") CONFIG_FILES="$CONFIG_FILES tests/openpgp-certs/Makefile" ;;
+ "tests/safe-renegotiation/Makefile") CONFIG_FILES="$CONFIG_FILES tests/safe-renegotiation/Makefile" ;;
"src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"src/cfg/Makefile") CONFIG_FILES="$CONFIG_FILES src/cfg/Makefile" ;;
"src/cfg/platon/Makefile") CONFIG_FILES="$CONFIG_FILES src/cfg/platon/Makefile" ;;
Index: gnutls-2.4.1/includes/gnutls/gnutls.h.in
===================================================================
--- gnutls-2.4.1.orig/includes/gnutls/gnutls.h.in
+++ gnutls-2.4.1/includes/gnutls/gnutls.h.in
@@ -481,6 +481,9 @@ extern "C"
void *data, size_t * data_length,
unsigned int *type, unsigned int indx);
+ /* Safe renegotiation */
+ int gnutls_safe_renegotiation_status (gnutls_session_t session);
+
/* Opaque PRF Input
* http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
*/
@@ -1303,6 +1306,9 @@ extern "C"
#define GNUTLS_E_IA_VERIFY_FAILED -104
#define GNUTLS_E_UNKNOWN_ALGORITHM -105
+#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
+#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
+#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
#define GNUTLS_E_BASE64_ENCODING_ERROR -201
#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
Index: gnutls-2.4.1/lib/Makefile.am
===================================================================
--- gnutls-2.4.1.orig/lib/Makefile.am
+++ gnutls-2.4.1/lib/Makefile.am
@@ -84,7 +84,7 @@ COBJECTS = gnutls_record.c gnutls_compre
gnutls_x509.c ext_cert_type.c gnutls_rsa_export.c \
auth_rsa_export.c ext_server_name.c auth_dh_common.c \
gnutls_helper.c ext_inner_application.c \
- gnutls_supplemental.c crypto.c random.c
+ gnutls_supplemental.c crypto.c random.c ext_safe_renegotiation.c
if ENABLE_OPRFI
COBJECTS += $(OPRFI_COBJECTS)
@@ -105,7 +105,7 @@ HFILES = debug.h gnutls_compress.h defin
ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
ext_inner_application.h gnutls_supplemental.h ext_oprfi.h \
- crypto.h random.h
+ crypto.h random.h ext_safe_renegotiation.h
# Separate so we can create the documentation
Index: gnutls-2.4.1/lib/Makefile.in
===================================================================
--- gnutls-2.4.1.orig/lib/Makefile.in
+++ gnutls-2.4.1/lib/Makefile.in
@@ -224,7 +224,7 @@ am__objects_4 = gnutls_record.lo gnutls_
gnutls_state.lo gnutls_x509.lo ext_cert_type.lo \
gnutls_rsa_export.lo auth_rsa_export.lo ext_server_name.lo \
auth_dh_common.lo gnutls_helper.lo ext_inner_application.lo \
- gnutls_supplemental.lo crypto.lo random.lo $(am__objects_3)
+ gnutls_supplemental.lo crypto.lo random.lo ext_safe_renegotiation.lo $(am__objects_3)
am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
@@ -731,7 +731,7 @@ COBJECTS = gnutls_record.c gnutls_compre
gnutls_x509.c ext_cert_type.c gnutls_rsa_export.c \
auth_rsa_export.c ext_server_name.c auth_dh_common.c \
gnutls_helper.c ext_inner_application.c gnutls_supplemental.c \
- crypto.c random.c $(am__append_6)
+ crypto.c random.c ext_safe_renegotiation.c $(am__append_6)
HFILES = debug.h gnutls_compress.h defines.h gnutls_cipher.h \
gnutls_buffers.h gnutls_errors.h gnutls_int.h \
gnutls_handshake.h gnutls_num.h gnutls_algorithms.h \
@@ -747,7 +747,7 @@ HFILES = debug.h gnutls_compress.h defin
ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
ext_inner_application.h gnutls_supplemental.h ext_oprfi.h \
- crypto.h random.h
+ crypto.h random.h ext_safe_renegotiation.h
# Separate so we can create the documentation
@@ -933,6 +933,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkix_asn1_tab.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_b64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_safe_renegotiation.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
Index: gnutls-2.4.1/lib/ext_safe_renegotiation.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/lib/ext_safe_renegotiation.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Steve Dispensa (<dispensa@phonefactor.com>)
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <ext_safe_renegotiation.h>
+#include <gnutls_errors.h>
+
+int
+_gnutls_safe_renegotiation_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ tls_ext_st *ext = &session->security_parameters.extensions;
+ int len = data[0];
+ ssize_t data_size = _data_size;
+
+ DECR_LEN (data_size, len+1 /* count the first byte and payload */);
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ /* It is not legal to receive this extension on a renegotiation and
+ * not receive it on the initial negotiation.
+ */
+ if (session->internals.initial_negotiation_completed != 0 &&
+ session->internals.connection_using_safe_renegotiation == 0)
+ {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > sizeof (ext->ri_extension_data))
+ {
+ gnutls_assert();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > 0)
+ memcpy (ext->ri_extension_data, &data[1], len);
+ ext->ri_extension_data_len = len;
+
+ /* "safe renegotiation received" means on *this* handshake; "connection using
+ * safe renegotiation" means that the initial hello received on the connection
+ * indicated safe renegotiation.
+ */
+ session->internals.safe_renegotiation_received = 1;
+ session->internals.connection_using_safe_renegotiation = 1;
+
+ return 0;
+}
+
+int
+_gnutls_safe_renegotiation_send_params (gnutls_session_t session,
+ opaque * data, size_t _data_size)
+{
+ /* The format of this extension is a one-byte length of verify data followed
+ * by the verify data itself. Note that the length byte does not include
+ * itself; IOW, empty verify data is represented as a length of 0. That means
+ * the minimum extension is one byte: 0x00.
+ */
+ ssize_t data_size = _data_size;
+ tls_ext_st *ext = &session->security_parameters.extensions;
+
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert();
+ return 0;
+ }
+
+ data[0] = 0;
+
+ /* Always offer the extension if we're a client */
+ if (session->internals.connection_using_safe_renegotiation ||
+ session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ DECR_LEN (data_size, 1);
+ data[0] = ext->client_verify_data_len;
+
+ DECR_LEN (data_size, ext->client_verify_data_len);
+
+ if (ext->client_verify_data_len > 0)
+ memcpy(&data[1],
+ ext->client_verify_data,
+ ext->client_verify_data_len);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ data[0] += ext->server_verify_data_len;
+
+ DECR_LEN (data_size, ext->server_verify_data_len);
+
+ if (ext->server_verify_data_len > 0)
+ memcpy(&data[1 + ext->client_verify_data_len],
+ ext->server_verify_data,
+ ext->server_verify_data_len);
+ }
+ }
+ else
+ return 0;
+
+ return 1 + data[0]; /* don't forget the length byte */
+}
+
+/**
+ * gnutls_safe_renegotiation_status:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Can be used to check whether safe renegotiation is being used
+ * in the current session. Returns 0 when not and non zero when
+ * used.
+ **/
+int gnutls_safe_renegotiation_status (gnutls_session_t session)
+{
+ return session->internals.connection_using_safe_renegotiation;
+}
Index: gnutls-2.4.1/lib/ext_safe_renegotiation.h
===================================================================
--- /dev/null
+++ gnutls-2.4.1/lib/ext_safe_renegotiation.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Steve Dispensa (<dispensa@phonefactor.com>)
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_SAFE_RENEGOTIATION_H
+# define EXT_SAFE_RENEGOTIATION_H
+
+int _gnutls_safe_renegotiation_recv_params (gnutls_session_t state,
+ const opaque * data, size_t data_size);
+int _gnutls_safe_renegotiation_send_params (gnutls_session_t state,
+ opaque * data, size_t);
+
+#endif /* EXT_SAFE_RENEGOTIATION_H */
Index: gnutls-2.4.1/lib/gnutls_alert.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_alert.c
+++ gnutls-2.4.1/lib/gnutls_alert.c
@@ -179,6 +179,10 @@ gnutls_error_to_alert (int err, int *lev
ret = GNUTLS_A_ILLEGAL_PARAMETER;
_level = GNUTLS_AL_FATAL;
break;
+ case GNUTLS_E_UNKNOWN_SRP_USERNAME:
+ ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
case GNUTLS_E_ASN1_DER_ERROR:
@@ -198,6 +202,7 @@ gnutls_error_to_alert (int err, int *lev
case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
case GNUTLS_E_NO_CIPHER_SUITES:
case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
ret = GNUTLS_A_HANDSHAKE_FAILURE;
_level = GNUTLS_AL_FATAL;
break;
@@ -211,6 +216,7 @@ gnutls_error_to_alert (int err, int *lev
_level = GNUTLS_AL_FATAL;
break;
case GNUTLS_E_REHANDSHAKE:
+ case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
ret = GNUTLS_A_NO_RENEGOTIATION;
_level = GNUTLS_AL_WARNING;
break;
Index: gnutls-2.4.1/lib/gnutls_algorithms.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_algorithms.c
+++ gnutls-2.4.1/lib/gnutls_algorithms.c
@@ -472,6 +472,9 @@ typedef struct
#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
+/* Safe renegotiation */
+#define GNUTLS_RENEGO_PROTECTION_REQUEST { GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR, GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR }
+
#define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
static const gnutls_cipher_suite_entry cs_algorithms[] = {
@@ -639,6 +642,9 @@ static const gnutls_cipher_suite_entry c
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1),
#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST,
+ GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN,
+ GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3),
{0, {{0, 0}}, 0, 0, 0, 0}
};
Index: gnutls-2.4.1/lib/gnutls_algorithms.h
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_algorithms.h
+++ gnutls-2.4.1/lib/gnutls_algorithms.h
@@ -27,6 +27,9 @@
#include "gnutls_auth.h"
+#define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
+#define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF
+
/* Functions for version handling. */
gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
Index: gnutls-2.4.1/lib/gnutls_constate.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_constate.c
+++ gnutls-2.4.1/lib/gnutls_constate.c
@@ -426,6 +426,17 @@ _gnutls_set_write_keys (gnutls_session_t
export_flag);
}
+#define CPY_EXTENSIONS \
+ memcpy(dst->extensions.server_names, src->extensions.server_names, sizeof(src->extensions.server_names)); \
+ dst->extensions.server_names_size = src->extensions.server_names_size; \
+ memcpy(dst->extensions.srp_username, src->extensions.srp_username, sizeof(src->extensions.srp_username)); \
+ dst->extensions.gnutls_ia_enable = src->extensions.gnutls_ia_enable; \
+ dst->extensions.gnutls_ia_peer_enable = src->extensions.gnutls_ia_peer_enable; \
+ dst->extensions.gnutls_ia_allowskip = src->extensions.gnutls_ia_allowskip; \
+ dst->extensions.gnutls_ia_peer_allowskip = src->extensions.gnutls_ia_peer_allowskip; \
+ dst->extensions.do_recv_supplemental = src->extensions.do_recv_supplemental; \
+ dst->extensions.do_send_supplemental = src->extensions.do_send_supplemental
+
#define CPY_COMMON dst->entity = src->entity; \
dst->kx_algorithm = src->kx_algorithm; \
memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \
@@ -439,8 +450,8 @@ _gnutls_set_write_keys (gnutls_session_t
dst->max_record_recv_size = src->max_record_recv_size; \
dst->max_record_send_size = src->max_record_send_size; \
dst->version = src->version; \
- memcpy( &dst->extensions, &src->extensions, sizeof(tls_ext_st)); \
- memcpy( &dst->inner_secret, &src->inner_secret, TLS_MASTER_SIZE);
+ CPY_EXTENSIONS; \
+ memcpy( &dst->inner_secret, &src->inner_secret, TLS_MASTER_SIZE)
static void
_gnutls_cpy_read_security_parameters (security_parameters_st *
Index: gnutls-2.4.1/lib/gnutls_errors.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_errors.c
+++ gnutls-2.4.1/lib/gnutls_errors.c
@@ -214,9 +214,15 @@ static const gnutls_error_entry error_al
GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
+ ERROR_ENTRY (N_("Safe renegotiation failed."),
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ ERROR_ENTRY (N_("Unsafe renegotiation denied."),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
ERROR_ENTRY (N_("The SRP username supplied is illegal."),
GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ ERROR_ENTRY (N_("The SRP username supplied is unknown."),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
Index: gnutls-2.4.1/lib/gnutls_extensions.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_extensions.c
+++ gnutls-2.4.1/lib/gnutls_extensions.c
@@ -35,6 +35,7 @@
#include <ext_server_name.h>
#include <ext_oprfi.h>
#include <ext_srp.h>
+#include <ext_safe_renegotiation.h>
#include <ext_inner_application.h>
#include <gnutls_num.h>
@@ -59,6 +60,10 @@ gnutls_extension_entry _gnutls_extension
EXTENSION_APPLICATION,
_gnutls_server_name_recv_params,
_gnutls_server_name_send_params),
+ GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ GNUTLS_EXT_MANDATORY,
+ _gnutls_safe_renegotiation_recv_params,
+ _gnutls_safe_renegotiation_send_params),
#ifdef ENABLE_OPRFI
GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_OPAQUE_PRF_INPUT,
EXTENSION_TLS,
@@ -174,7 +179,7 @@ _gnutls_parse_extensions (gnutls_session
type = _gnutls_read_uint16 (&data[pos]);
pos += 2;
- _gnutls_debug_log ("EXT[%x]: Received extension '%s/%d'\n", session,
+ _gnutls_debug_log ("EXT[%p]: Found extension '%s/%d'\n", session,
_gnutls_extension_get_name (type),type);
if ((ret = _gnutls_extension_list_check (session, type)) < 0)
@@ -211,7 +216,7 @@ _gnutls_parse_extensions (gnutls_session
* This list is used to check whether the (later) received
* extensions are the ones we requested.
*/
-static void
+void
_gnutls_extension_list_add (gnutls_session_t session, uint16_t type)
{
@@ -232,7 +237,7 @@ _gnutls_extension_list_add (gnutls_sessi
int
_gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size)
+ size_t data_size, tls_ext_parse_type_t parse_type)
{
int size;
uint16_t pos = 0;
@@ -263,6 +268,10 @@ _gnutls_gen_extensions (gnutls_session_t
ext_send = _gnutls_ext_func_send (p->type);
if (ext_send == NULL)
continue;
+
+ if (parse_type != EXTENSION_ANY && p->parse_type != parse_type)
+ continue;
+
size = ext_send (session, sdata, sdata_size);
if (size > 0)
{
Index: gnutls-2.4.1/lib/gnutls_extensions.h
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_extensions.h
+++ gnutls-2.4.1/lib/gnutls_extensions.h
@@ -27,7 +27,7 @@
const char *_gnutls_extension_get_name (uint16_t type);
int _gnutls_parse_extensions (gnutls_session_t, tls_ext_parse_type_t, const opaque *, int);
int _gnutls_gen_extensions (gnutls_session_t session, opaque * data,
- size_t data_size);
+ size_t data_size, tls_ext_parse_type_t);
typedef int (*ext_recv_func) (gnutls_session_t, const opaque *, size_t); /* recv data */
typedef int (*ext_send_func) (gnutls_session_t, opaque *, size_t); /* send data */
@@ -43,3 +43,5 @@ typedef struct
ext_recv_func gnutls_ext_func_recv;
ext_send_func gnutls_ext_func_send;
} gnutls_extension_entry;
+
+void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type);
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -48,6 +48,7 @@
#include <gnutls_record.h>
#include <gnutls_state.h>
#include <ext_srp.h>
+#include <ext_safe_renegotiation.h>
#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */
#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */
@@ -396,6 +397,33 @@ _gnutls_read_client_hello (gnutls_sessio
if (ret == 0)
{ /* resumed! */
+ /* Parse only the safe renegotiation extension
+ * We don't want to parse any other extensions since
+ * we don't want new extension values to overwrite the
+ * resumed ones.
+ */
+
+ /* move forward to extensions */
+ DECR_LEN (len, 2);
+ suite_size = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ DECR_LEN (len, suite_size);
+ pos += suite_size;
+
+ DECR_LEN (len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN (len, comp_size);
+ pos += comp_size;
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
resume_copy_required_values (session);
session->internals.resumed = RESUME_TRUE;
return _gnutls_user_hello_func( session, adv_version);
@@ -430,16 +458,18 @@ _gnutls_read_client_hello (gnutls_sessio
pos += comp_size;
/* Parse the extensions (if any)
- */
- if (neg_version >= GNUTLS_TLS1)
- {
- ret = _gnutls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */
- if (ret < 0)
- {
+ *
+ * Unconditionally try to parse extensions; safe renegotiation uses them in
+ * sslv3 and higher, even though sslv3 doesn't officially support them.
+ */
+ ret = _gnutls_parse_extensions (session, EXTENSION_APPLICATION,
+ &data[pos], len);
+ /* len is the rest of the parsed length */
+ if (ret < 0)
+ {
gnutls_assert ();
return ret;
- }
- }
+ }
ret = _gnutls_user_hello_func( session, adv_version);
if (ret < 0)
@@ -448,15 +478,20 @@ _gnutls_read_client_hello (gnutls_sessio
return ret;
}
- if (neg_version >= GNUTLS_TLS1)
- {
- ret = _gnutls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */
- if (ret < 0)
- {
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
gnutls_assert ();
return ret;
- }
- }
+ }
+ ret = _gnutls_parse_extensions (session, EXTENSION_TLS,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
/* select an appropriate cipher suite
*/
@@ -520,7 +555,7 @@ _gnutls_handshake_hash_pending (gnutls_s
int
_gnutls_send_finished (gnutls_session_t session, int again)
{
- uint8_t data[36];
+ uint8_t data[MAX_VERIFY_DATA_SIZE];
int ret;
int data_size = 0;
@@ -560,6 +595,31 @@ _gnutls_send_finished (gnutls_session_t
}
+ /* Save data for safe renegotiation.
+ */
+ if (data_size > MAX_VERIFY_DATA_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ session->security_parameters.extensions.client_verify_data_len =
+ data_size;
+
+ memcpy (session->security_parameters.extensions.client_verify_data,
+ data, data_size);
+ }
+ else
+ {
+ session->security_parameters.extensions.server_verify_data_len =
+ data_size;
+
+ memcpy (session->security_parameters.extensions.server_verify_data,
+ data, data_size);
+ }
+
ret =
_gnutls_send_handshake (session, data, data_size,
GNUTLS_HANDSHAKE_FINISHED);
@@ -573,10 +633,11 @@ _gnutls_send_finished (gnutls_session_t
int
_gnutls_recv_finished (gnutls_session_t session)
{
- uint8_t data[36], *vrfy;
+ uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
int data_size;
int ret;
int vrfysize;
+ tls_ext_st *ext;
ret =
_gnutls_recv_handshake (session, &vrfy, &vrfysize,
@@ -634,6 +695,28 @@ _gnutls_recv_finished (gnutls_session_t
}
gnutls_free (vrfy);
+ /* Save peer's verify data for safe renegotiation */
+ if (data_size > MAX_VERIFY_DATA_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ ext = &session->security_parameters.extensions;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ memcpy (ext->server_verify_data, data, data_size);
+ ext->server_verify_data_len = data_size;
+ }
+ else
+ {
+ memcpy (ext->client_verify_data, data, data_size);
+ ext->client_verify_data_len = data_size;
+ }
+
+ session->internals.initial_negotiation_completed = 1;
+
return ret;
}
@@ -688,6 +771,26 @@ _gnutls_server_select_suite (gnutls_sess
* supported by the peer.
*/
+ /* First, check for safe renegotiation SCSV.
+ */
+ if (session->internals.priorities.sr != SR_DISABLED)
+ {
+ int offset;
+
+ for(offset = 0; offset < datalen; offset += 2)
+ {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
+ data[offset+1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
+ {
+ _gnutls_handshake_log ("HSK[%p]: Received safe renegotiation CS\n", session);
+ session->internals.safe_renegotiation_received = 1;
+ session->internals.connection_using_safe_renegotiation = 1;
+ break;
+ }
+ }
+ }
+
pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
x = _gnutls_supported_ciphersuites (session, &ciphers);
@@ -1029,7 +1132,6 @@ _gnutls_recv_handshake_header (gnutls_se
if (ret < 0)
{
- gnutls_assert ();
return ret;
}
@@ -1520,8 +1622,21 @@ _gnutls_read_server_hello (gnutls_sessio
* values;
*/
if (_gnutls_client_check_if_resuming
- (session, &data[pos], session_id_len) == 0)
- return 0;
+ (session, &data[pos], session_id_len) == 0)
+ {
+ pos += session_id_len + 2 + 1;
+ DECR_LEN (len, 2+1);
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+
pos += session_id_len;
@@ -1553,30 +1668,31 @@ _gnutls_read_server_hello (gnutls_sessio
/* Parse extensions.
*/
- if (version >= GNUTLS_TLS1)
- {
- ret = _gnutls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */
- if (ret < 0)
- {
+ ret = _gnutls_parse_extensions (session, EXTENSION_ANY,
+ &data[pos], len);
+ if (ret < 0)
+ {
gnutls_assert ();
return ret;
- }
- }
+ }
return ret;
}
/* This function copies the appropriate ciphersuites to a locally allocated buffer
- * Needed in client hello messages. Returns the new data length.
+ * Needed in client hello messages. Returns the new data length,If add_scsv is
+ * true, add the special safe renegotiation CS.
*/
static int
_gnutls_copy_ciphersuites (gnutls_session_t session,
- opaque * ret_data, size_t ret_data_size)
+ opaque * ret_data, size_t ret_data_size,
+ int add_scsv)
{
int ret, i;
cipher_suite_st *cipher_suites;
uint16_t cipher_num;
int datalen, pos;
+ uint16_t loop_max;
ret = _gnutls_supported_ciphersuites_sorted (session, &cipher_suites);
if (ret < 0)
@@ -1607,6 +1723,9 @@ _gnutls_copy_ciphersuites (gnutls_sessio
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
+ if (add_scsv)
+ ++ret;
+
cipher_num = ret;
cipher_num *= sizeof (uint16_t); /* in order to get bytes */
@@ -1624,11 +1743,21 @@ _gnutls_copy_ciphersuites (gnutls_sessio
_gnutls_write_uint16 (cipher_num, ret_data);
pos += 2;
- for (i = 0; i < (cipher_num / 2); i++)
+ loop_max = add_scsv ? cipher_num - 2 : cipher_num;
+
+ for (i = 0; i < (loop_max / 2); i++)
{
memcpy (&ret_data[pos], cipher_suites[i].suite, 2);
pos += 2;
}
+
+ if (add_scsv)
+ {
+ /* Safe renegotiation signalling CS value is { 0x00, 0xff } */
+ ret_data[pos++] = 0x00;
+ ret_data[pos++] = 0xff;
+ }
+
gnutls_free (cipher_suites);
return datalen;
@@ -1688,7 +1817,7 @@ _gnutls_send_client_hello (gnutls_sessio
{
opaque *data = NULL;
int extdatalen;
- int pos = 0;
+ int pos = 0, type;
int datalen = 0, ret = 0;
opaque rnd[TLS_RANDOM_SIZE];
gnutls_protocol_t hver;
@@ -1777,9 +1906,21 @@ _gnutls_send_client_hello (gnutls_sessio
/* Copy the ciphersuites.
+ *
+ * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
+ * prevention on initial negotiation (but not renegotiation; that's
+ * handled with the RI extension below).
*/
- extdatalen =
- _gnutls_copy_ciphersuites (session, extdata, sizeof (extdata));
+ if(!session->internals.initial_negotiation_completed &&
+ session->security_parameters.entity == GNUTLS_CLIENT &&
+ gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ extdatalen = _gnutls_copy_ciphersuites (session, extdata, sizeof (extdata), TRUE);
+ _gnutls_extension_list_add (session, GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ }
+ else
+ extdatalen = _gnutls_copy_ciphersuites (session, extdata, sizeof (extdata), FALSE);
+
if (extdatalen > 0)
{
datalen += extdatalen;
@@ -1834,9 +1975,17 @@ _gnutls_send_client_hello (gnutls_sessio
/* Generate and copy TLS extensions.
*/
if (hver >= GNUTLS_TLS1)
- {
- extdatalen =
- _gnutls_gen_extensions (session, extdata, sizeof (extdata));
+ type = EXTENSION_ANY;
+ else
+ {
+ if (session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ extdatalen =
+ _gnutls_gen_extensions (session, extdata, sizeof (extdata), type);
if (extdatalen > 0)
{
@@ -1856,7 +2005,6 @@ _gnutls_send_client_hello (gnutls_sessio
gnutls_free (data);
return extdatalen;
}
- }
}
ret =
@@ -1902,15 +2050,7 @@ _gnutls_send_server_hello (gnutls_sessio
* alert and abort.
*/
gnutls_assert ();
- ret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_UNKNOWN_PSK_IDENTITY);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
}
}
#endif
@@ -1919,7 +2059,7 @@ _gnutls_send_server_hello (gnutls_sessio
{
datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
extdatalen =
- _gnutls_gen_extensions (session, extdata, sizeof (extdata));
+ _gnutls_gen_extensions (session, extdata, sizeof (extdata), EXTENSION_ANY);
if (extdatalen < 0)
{
@@ -1985,6 +2125,8 @@ _gnutls_send_hello (gnutls_session_t ses
{
int ret;
+ session->internals.safe_renegotiation_received = 0;
+
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
ret = _gnutls_send_client_hello (session, again);
@@ -2006,6 +2148,7 @@ int
_gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen)
{
int ret;
+ tls_ext_st *ext;
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
@@ -2027,6 +2170,89 @@ _gnutls_recv_hello (gnutls_session_t ses
}
}
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ /* Safe renegotiation */
+ ext = &session->security_parameters.extensions;
+
+ if (session->internals.safe_renegotiation_received)
+ {
+ if ((ext->ri_extension_data_len < ext->client_verify_data_len) ||
+ (memcmp (ext->ri_extension_data,
+ ext->client_verify_data,
+ ext->client_verify_data_len)))
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Safe renegotiation failed [1]\n");
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ if ((ext->ri_extension_data_len !=
+ ext->client_verify_data_len + ext->server_verify_data_len) ||
+ memcmp (ext->ri_extension_data + ext->client_verify_data_len,
+ ext->server_verify_data, ext->server_verify_data_len) != 0)
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Safe renegotiation failed [2]\n");
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ else /* Make sure there are 0 extra bytes */
+ {
+ if (ext->ri_extension_data_len != ext->client_verify_data_len)
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Safe renegotiation failed [3]\n");
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+
+ _gnutls_handshake_log ("Safe renegotiation succeeded.\n");
+ }
+ else /* safe renegotiation not received... */
+ {
+ if (session->internals.connection_using_safe_renegotiation)
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Peer previously asked for safe renegotiation!\n");
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ /* Clients can't tell if it's an initial negotiation */
+ if (session->internals.initial_negotiation_completed)
+ {
+
+ if (session->internals.priorities.sr < SR_PARTIAL)
+ {
+ _gnutls_handshake_log ("Allowing unsafe (re)negotiation!\n");
+ }
+ else
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Denying unsafe (re)negotiation.\n");
+ return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ }
+ else
+ {
+ if (session->internals.priorities.sr < SR_SAFE)
+ {
+ _gnutls_handshake_log ("Allowing unsafe initial negotiation!\n");
+ }
+ else
+ {
+ gnutls_assert();
+ _gnutls_handshake_log ("Denying unsafe initial negotiation.\n");
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ }
+
return ret;
}
@@ -2067,6 +2293,13 @@ _gnutls_recv_hello (gnutls_session_t ses
* gnutls_handshake() function in order to negotiate the new
* parameters.
*
+ * Since TLS is full duplex some application data might have been
+ * sent during peer's processing of this message. In that case
+ * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE
+ * is returned to clear any pending data. Care must be taken if
+ * rehandshake is mandatory to terminate if it does not start after
+ * some threshold.
+ *
* If the client does not wish to renegotiate parameters he will
* should with an alert message, thus the return code will be
* %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be
Index: gnutls-2.4.1/lib/gnutls_int.h
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_int.h
+++ gnutls-2.4.1/lib/gnutls_int.h
@@ -142,7 +142,8 @@ typedef enum extensions_t
GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI,
#endif
GNUTLS_EXTENSION_SRP = 12,
- GNUTLS_EXTENSION_INNER_APPLICATION = 37703
+ GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281, /* aka: 0xff01 */
} extensions_t;
typedef enum
@@ -257,6 +258,11 @@ typedef struct
} server_name_st;
#define MAX_SERVER_NAME_EXTENSIONS 3
+#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
+
+/* If you want the extension data to be kept across resuming sessions
+ * then modify CPY_EXTENSIONS in gnutls_constate.c
+ */
typedef struct
{
@@ -273,6 +279,9 @@ typedef struct
/* Used by extensions that enable supplemental data. */
int do_recv_supplemental, do_send_supplemental;
+ /*** Those below do not get copied when resuming session
+ ***/
+
/* Opaque PRF input. */
gnutls_oprfi_callback_func oprfi_cb;
void *oprfi_userdata;
@@ -280,6 +289,15 @@ typedef struct
uint16_t oprfi_client_len;
opaque *oprfi_server;
uint16_t oprfi_server_len;
+
+ /* Safe renegotiation. */
+ uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t client_verify_data_len;
+ uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t server_verify_data_len;
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE*2]; /* max signal is 72 bytes in s->c sslv3 */
+ size_t ri_extension_data_len;
+
} tls_ext_st;
/* This flag indicates for an extension whether
@@ -291,7 +309,9 @@ typedef enum tls_ext_parse_type_t
{
EXTENSION_ANY,
EXTENSION_APPLICATION,
- EXTENSION_TLS
+ EXTENSION_TLS,
+ GNUTLS_EXT_MANDATORY, /* parse even if resuming or extensions disabled */
+ GNUTLS_EXT_NONE,
} tls_ext_parse_type_t;
/* auth_info_t structures now MAY contain malloced
@@ -388,6 +408,13 @@ typedef struct
unsigned int algorithms;
} priority_st;
+typedef enum {
+ SR_DISABLED,
+ SR_UNSAFE,
+ SR_PARTIAL,
+ SR_SAFE,
+} safe_renegotiation_t;
+
/* For the external api */
struct gnutls_priority_st
{
@@ -399,7 +426,8 @@ struct gnutls_priority_st
priority_st cert_type;
/* to disable record padding */
- int no_padding;
+ int no_padding:1;
+ safe_renegotiation_t sr;
};
@@ -651,6 +679,10 @@ typedef struct
gnutls_sign_func sign_func;
void *sign_func_userdata;
+ int safe_renegotiation_received:1;
+ int initial_negotiation_completed:1;
+ int connection_using_safe_renegotiation:1;
+
/* If you add anything here, check _gnutls_handshake_internal_state_clear().
*/
} internals_st;
Index: gnutls-2.4.1/lib/gnutls_priority.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_priority.c
+++ gnutls-2.4.1/lib/gnutls_priority.c
@@ -473,6 +473,22 @@ gnutls_priority_set (gnutls_session_t se
* '+' appended with an algorithm will add this algorithm.
* '%COMPAT' will enable compatibility features for a server.
*
+ * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation completely. Do not use
+ * unless you know what you are doing. Testing purposes only.
+ *
+ * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is now
+ * the default for clients, but will change once more servers support the safe renegotiation
+ * TLS fix).
+ *
+ * "%PARTIAL_SAFE_RENEGOTIATION" In server side it will enable safe renegotiation
+ * and will protect all clients from known attacks, but will not prevent insecure clients
+ * from connecting. In client side it will disallow from renegotiating with an insecure server
+ * but will not prevent connecting to one (this leaves the client vulnerable to attacks).
+ *
+ * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and Servers will refuse
+ * to talk to an insecure peer.
+ *
+ *
* To avoid collisions in order to specify a compression algorithm in
* this string you have to prefix it with "COMP-", protocol versions
* with "VERS-" and certificate types with "CTYPE-". All other
@@ -502,7 +518,7 @@ gnutls_priority_init (gnutls_priority_t
{
char *broken_list[MAX_ELEMENTS];
int broken_list_size, i, j;
- char *darg;
+ char *darg = NULL;
int algo;
rmadd_func *fn;
@@ -512,6 +528,11 @@ gnutls_priority_init (gnutls_priority_t
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
+
+ /* for now unsafe renegotiation is default on everyone. To be removed
+ * when we make it the default.
+ */
+ (*priority_cache)->sr = SR_PARTIAL;
if (priorities == NULL)
priorities = "NORMAL";
@@ -520,7 +541,7 @@ gnutls_priority_init (gnutls_priority_t
if (darg == NULL)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ goto error;
}
break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':');
@@ -610,6 +631,25 @@ gnutls_priority_init (gnutls_priority_t
GNUTLS_CRT_UNKNOWN)
fn (&(*priority_cache)->cert_type, algo);
} /* now check if the element is something like -ALGO */
+ else if (strcasecmp (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_UNSAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_SAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_PARTIAL;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_DISABLED;
+ }
else
goto error;
}
@@ -637,6 +677,7 @@ error:
}
}
gnutls_free (darg);
+ gnutls_free(*priority_cache);
return GNUTLS_E_INVALID_REQUEST;
Index: gnutls-2.4.1/lib/gnutls_record.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_record.c
+++ gnutls-2.4.1/lib/gnutls_record.c
@@ -741,10 +741,18 @@ record_check_type (gnutls_session_t sess
* If we are a server, a client may initiate a renegotiation at any time.
*/
if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- gnutls_assert ();
- return GNUTLS_E_REHANDSHAKE;
- }
+ {
+ gnutls_assert ();
+ ret =
+ _gnutls_record_buffer_put (recv_type, session, (void *) data,
+ data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return GNUTLS_E_REHANDSHAKE;
+ }
/* If we are already in a handshake then a Hello
* Request is illegal. But here we don't really care
@@ -896,9 +904,13 @@ begin:
_gnutls_io_read_buffered (session, &headers, header_size,
-1)) != header_size)
{
+ _gnutls_handshake_log ("XXX[]: ret: %d %s\n", ret, gnutls_strerror(ret));
+
if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
return ret;
+ _gnutls_handshake_log ("XXX2[]: ret: %d %s\n", ret, gnutls_strerror(ret));
+
session_invalidate (session);
if (type == GNUTLS_ALERT)
{
Index: gnutls-2.4.1/lib/gnutls_state.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_state.c
+++ gnutls-2.4.1/lib/gnutls_state.c
@@ -214,6 +214,7 @@ _gnutls_handshake_internal_state_clear (
session->internals.adv_version_minor = 0;
session->internals.adv_version_minor = 0;
session->internals.direction = 0;
+ session->internals.safe_renegotiation_received = 0;
/* use out of band data for the last
* handshake messages received.
@@ -330,6 +331,11 @@ gnutls_init (gnutls_session_t * session,
_gnutls_handshake_internal_state_clear (*session);
+ /* emulate old gnutls behavior for old applications that do not use the priority_*
+ * functions.
+ */
+ (*session)->internals.priorities.sr = SR_PARTIAL;
+
return 0;
}
Index: gnutls-2.4.1/src/cli-gaa.c
===================================================================
--- gnutls-2.4.1.orig/src/cli-gaa.c
+++ gnutls-2.4.1/src/cli-gaa.c
@@ -129,6 +129,7 @@ void gaa_help(void)
printf("GNU TLS test client\nUsage: gnutls-cli [options] hostname\n\n\n");
__gaa_helpsingle('d', "debug", "integer ", "Enable debugging");
__gaa_helpsingle('r', "resume", "", "Connect, establish a session. Connect again and resume this session.");
+ __gaa_helpsingle('e', "rehandshake", "", "Connect, establish a session and rehandshake immediately.");
__gaa_helpsingle('s', "starttls", "", "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.");
__gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF.");
__gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates to read from.");
@@ -251,6 +252,8 @@ struct _gaainfo
int crlf;
#line 20 "cli.gaa"
int starttls;
+#line 20 "cli.gaa"
+ int rehandshake;
#line 17 "cli.gaa"
int resume;
#line 14 "cli.gaa"
@@ -309,7 +312,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 36
+#define GAA_NB_OPTION 37
#define GAAOPTID_copyright 1
#define GAAOPTID_version 2
#define GAAOPTID_help 3
@@ -344,8 +347,9 @@ static int gaa_error = 0;
#define GAAOPTID_x509fmtder 32
#define GAAOPTID_crlf 33
#define GAAOPTID_starttls 34
-#define GAAOPTID_resume 35
-#define GAAOPTID_debug 36
+#define GAAOPTID_rehandshake 35
+#define GAAOPTID_resume 36
+#define GAAOPTID_debug 37
#line 168 "gaa.skel"
@@ -743,6 +747,7 @@ static int gaa_get_option_num(char *str,
GAA_CHECK1STR("", GAAOPTID_x509fmtder);
GAA_CHECK1STR("", GAAOPTID_crlf);
GAA_CHECK1STR("s", GAAOPTID_starttls);
+ GAA_CHECK1STR("e", GAAOPTID_rehandshake);
GAA_CHECK1STR("r", GAAOPTID_resume);
#line 277 "gaa.skel"
@@ -782,6 +787,7 @@ static int gaa_get_option_num(char *str,
GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
GAA_CHECKSTR("crlf", GAAOPTID_crlf);
GAA_CHECKSTR("starttls", GAAOPTID_starttls);
+ GAA_CHECKSTR("rehandshake", GAAOPTID_rehandshake);
GAA_CHECKSTR("resume", GAAOPTID_resume);
GAA_CHECKSTR("debug", GAAOPTID_debug);
@@ -1131,6 +1137,13 @@ static int gaa_try(int gaa_num, int gaa_
return GAA_OK;
break;
+ case GAAOPTID_rehandshake:
+ OK = 0;
+#line 21 "cli.gaa"
+{ gaaval->rehandshake = 1 ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_resume:
OK = 0;
#line 18 "cli.gaa"
@@ -1191,7 +1204,7 @@ int gaa(int argc, char **argv, gaainfo *
gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0;
gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; gaaval->psk_key = NULL;
gaaval->psk_username = NULL; gaaval->priorities = NULL;
- gaaval->opaque_prf_input = NULL; gaaval->pgp_subkey = NULL; ;};
+ gaaval->opaque_prf_input = NULL; gaaval->pgp_subkey = NULL; gaaval->rehandshake = 0; ;};
}
inited = 1;
Index: gnutls-2.4.1/src/cli-gaa.h
===================================================================
--- gnutls-2.4.1.orig/src/cli-gaa.h
+++ gnutls-2.4.1/src/cli-gaa.h
@@ -82,6 +82,7 @@ struct _gaainfo
int crlf;
#line 20 "cli.gaa"
int starttls;
+ int rehandshake;
#line 17 "cli.gaa"
int resume;
#line 14 "cli.gaa"
Index: gnutls-2.4.1/src/cli.c
===================================================================
--- gnutls-2.4.1.orig/src/cli.c
+++ gnutls-2.4.1/src/cli.c
@@ -55,7 +55,7 @@ int _win_select(int max_fd, fd_set * rfd
#define MAX_BUF 4096
/* global stuff here */
-int resume, starttls, insecure;
+int resume, starttls, insecure, rehandshake;
char *hostname = NULL;
char *service;
int record_max_size;
@@ -672,6 +672,23 @@ after_handshake:
programs to search for when gnutls-cli has reached this point. */
printf ("\n- Simple Client Mode:\n\n");
+ if (rehandshake)
+ {
+ ret = do_handshake (&hd);
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** ReHandshake has failed\n");
+ gnutls_perror (ret);
+ gnutls_deinit (hd.session);
+ return 1;
+ }
+ else
+ {
+ printf ("- ReHandshake was completed\n");
+ }
+ }
+
#ifndef _WIN32
signal (SIGALRM, &starttls_alarm);
#endif
@@ -833,6 +850,7 @@ gaa_parser (int argc, char **argv)
print_cert = info.print_cert;
starttls = info.starttls;
resume = info.resume;
+ rehandshake = info.rehandshake;
insecure = info.insecure;
service = info.port;
record_max_size = info.record_size;
@@ -953,6 +971,11 @@ do_handshake (socket_st * socket)
socket->secure = 1;
}
+ else
+ {
+ gnutls_alert_send_appropriate(socket->session, ret);
+ shutdown (socket->fd, SHUT_RDWR);
+ }
return ret;
}
Index: gnutls-2.4.1/src/cli.gaa
===================================================================
--- gnutls-2.4.1.orig/src/cli.gaa
+++ gnutls-2.4.1/src/cli.gaa
@@ -17,6 +17,9 @@ option (d, debug) INT "integer" { $debug
#int resume;
option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session."
+#int rehandshake;
+option (e, rehandshake) { $rehandshake = 1 } "Connect, establish a session and rehandshake immediately."
+
#int starttls;
option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received."
@@ -131,4 +134,4 @@ init { $resume=0; $port="443"; $rest_arg
$srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0;
$debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL;
$psk_username = NULL; $priorities = NULL;
- $opaque_prf_input = NULL; $pgp_subkey = NULL; }
+ $opaque_prf_input = NULL; $pgp_subkey = NULL; $rehandshake = 0; }
Index: gnutls-2.4.1/src/serv.c
===================================================================
--- gnutls-2.4.1.orig/src/serv.c
+++ gnutls-2.4.1/src/serv.c
@@ -730,6 +730,18 @@ get_response (gnutls_session_t session,
}
else
{
+ fprintf(stderr, "received: %s\n", request);
+ if (request[0] == request[1] && request[0] == '*')
+ {
+ if (strncmp(request, "**REHANDSHAKE**", sizeof("**REHANDSHAKE**")-1)==0)
+ {
+ fprintf(stderr, "*** Sending rehandshake request\n");
+ gnutls_rehandshake(session);
+ }
+ *response = NULL;
+ *response_length = 0;
+ return;
+ }
*response = strdup (request);
*response_length = ((*response) ? strlen (*response) : 0);
}
@@ -1139,7 +1151,7 @@ main (int argc, char **argv)
ret =
gnutls_alert_send_appropriate (j->tls_session, r);
}
- while (ret == GNUTLS_E_AGAIN);
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
j->http_state = HTTP_STATE_CLOSING;
}
else if (r == 0)
@@ -1170,14 +1182,37 @@ main (int argc, char **argv)
}
else if (r <= 0)
{
- j->http_state = HTTP_STATE_CLOSING;
- if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ if (r == GNUTLS_E_REHANDSHAKE)
{
- check_alert (j->tls_session, r);
- fprintf (stderr, "Error while receiving data\n");
- GERR (r);
+ fprintf(stderr, "*** Received hello message\n");
+ do
+ {
+ r = gnutls_handshake (j->tls_session);
+ }
+ while (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN);
+ if (r < 0)
+ {
+
+ do
+ {
+ ret = gnutls_alert_send_appropriate (j->tls_session, r);
+ }
+ while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+
+ GERR (r);
+ j->http_state = HTTP_STATE_CLOSING;
+ }
}
-
+ else
+ {
+ j->http_state = HTTP_STATE_CLOSING;
+ if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
+ {
+ check_alert (j->tls_session, r);
+ fprintf (stderr, "Error while receiving data\n");
+ GERR (r);
+ }
+ }
}
else
{
@@ -1257,7 +1292,7 @@ main (int argc, char **argv)
}
}
- if (j->handshake_ok == 1)
+ if (j->handshake_ok == 1 && j->http_response != NULL)
{
/* FIXME if j->http_response == NULL? */
r = gnutls_record_send (j->tls_session,
@@ -1309,6 +1344,12 @@ main (int argc, char **argv)
}
}
}
+ else
+ {
+ j->request_length = 0;
+ j->http_request[0] = 0;
+ j->http_state = HTTP_STATE_REQUEST;
+ }
}
}
lloopend (listener_list, j);
Index: gnutls-2.4.1/src/tests.c
===================================================================
--- gnutls-2.4.1.orig/src/tests.c
+++ gnutls-2.4.1/src/tests.c
@@ -45,6 +45,7 @@ extern int verbose;
int tls1_ok = 0;
int ssl3_ok = 0;
int tls1_1_ok = 0;
+int tls1_2_ok = 0;
/* keep session info */
static char *session_data = NULL;
@@ -103,156 +104,32 @@ do_handshake (gnutls_session_t session)
return TEST_SUCCEED;
}
-static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
+char protocol_str[] = "+VERS-TLS1.0:+VERS-SSL3.0";
+char prio_str[256] = "";
static const int kx_priority[16] =
{ GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
GNUTLS_KX_ANON_DH,
GNUTLS_KX_RSA_EXPORT, 0
};
-static const int cipher_priority[16] =
- { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_ARCFOUR_40, 0
-};
-static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
-static const int mac_priority[16] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
-static const int cert_type_priority[16] = { GNUTLS_CRT_X509, 0 };
-
-#define ADD_ALL_CIPHERS(session) gnutls_cipher_set_priority(session, cipher_priority)
-#define ADD_ALL_COMP(session) gnutls_compression_set_priority(session, comp_priority)
-#define ADD_ALL_MACS(session) gnutls_mac_set_priority(session, mac_priority)
-#define ADD_ALL_KX(session) gnutls_kx_set_priority(session, kx_priority)
-#define ADD_ALL_PROTOCOLS(session) gnutls_protocol_set_priority(session, protocol_priority)
-#define ADD_ALL_CERTTYPES(session) gnutls_certificate_type_set_priority(session, cert_type_priority)
-
-static void
-ADD_KX (gnutls_session_t session, int kx)
-{
- static int _kx_priority[] = { 0, 0 };
- _kx_priority[0] = kx;
-
- gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_KX2 (gnutls_session_t session, int kx1, int kx2)
-{
- static int _kx_priority[] = { 0, 0, 0 };
- _kx_priority[0] = kx1;
- _kx_priority[1] = kx2;
-
- gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_CIPHER (gnutls_session_t session, int cipher)
-{
- static int _cipher_priority[] = { 0, 0 };
- _cipher_priority[0] = cipher;
-
- gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_CIPHER4 (gnutls_session_t session, int cipher1, int cipher2, int cipher3,
- int cipher4)
-{
- static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
- _cipher_priority[0] = cipher1;
- _cipher_priority[1] = cipher2;
- _cipher_priority[2] = cipher3;
- _cipher_priority[3] = cipher4;
-
- gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_MAC (gnutls_session_t session, int mac)
-{
- static int _mac_priority[] = { 0, 0 };
- _mac_priority[0] = mac;
-
- gnutls_mac_set_priority (session, _mac_priority);
-}
-
-static void
-ADD_COMP (gnutls_session_t session, int c)
-{
- static int _comp_priority[] = { 0, 0 };
- _comp_priority[0] = c;
-
- gnutls_compression_set_priority (session, _comp_priority);
-}
-
-static void
-ADD_CERTTYPE (gnutls_session_t session, int ctype)
-{
- static int _ct_priority[] = { 0, 0 };
- _ct_priority[0] = ctype;
-
- gnutls_certificate_type_set_priority (session, _ct_priority);
-}
-
-static void
-ADD_PROTOCOL (gnutls_session_t session, int protocol)
-{
- static int _proto_priority[] = { 0, 0 };
- _proto_priority[0] = protocol;
-
- gnutls_protocol_set_priority (session, _proto_priority);
-}
+#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
+#define ALL_COMP "+COMP-NULL"
+#define ALL_MACS "+SHA1:+MD5"
+#define ALL_CERTTYPES "+CTYPE-X509"
+#define REST "%%UNSAFE_RENEGOTIATION"
+#define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+RSA-EXPORT"
+#define INIT_STR "NONE:"
-static void
-ADD_PROTOCOL3 (gnutls_session_t session, int p1, int p2, int p3)
+static inline void _gnutls_priority_set_direct(gnutls_session_t session, const char* str)
{
- static int _proto_priority[] = { 0, 0, 0, 0 };
- _proto_priority[0] = p1;
- _proto_priority[1] = p2;
- _proto_priority[2] = p3;
-
- gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-#ifdef ENABLE_SRP
-static int srp_detected;
+ const char* err;
+ int ret = gnutls_priority_set_direct(session, str, &err);
-int
-_test_srp_username_callback (gnutls_session_t session,
- char **username, char **password)
-{
- srp_detected = 1;
-
- return -1;
-}
-
-test_code_t
-test_srp (gnutls_session_t session)
-{
- int ret;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX (session, GNUTLS_KX_SRP);
- srp_detected = 0;
-
- gnutls_srp_set_client_credentials_function (srp_cred,
- _test_srp_username_callback);
-
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
-
- ret = do_handshake (session);
-
- gnutls_srp_set_client_credentials_function (srp_cred, NULL);
-
- if (srp_detected != 0)
- return TEST_SUCCEED;
- else
- return TEST_FAILED;
+ if (ret < 0)
+ {
+ fprintf(stderr, "Error in %s\n", err);
+ exit(1);
+ }
}
-#endif
test_code_t
test_server (gnutls_session_t session)
@@ -267,12 +144,8 @@ test_server (gnutls_session_t session)
buf[sizeof (buf) - 1] = 0;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -316,10 +189,8 @@ test_export (gnutls_session_t session)
{
int ret;
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str, "+ARCFOUR-40:+RSA-EXPORT:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
@@ -346,13 +217,9 @@ test_export_info (gnutls_session_t sessi
if (verbose == 0 || export_true == 0)
return TEST_IGNORE;
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str, "+ARCFOUR-40:+RSA-EXPORT:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
- ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -393,13 +260,9 @@ test_dhe (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+DHE-RSA:+DHE-DSS:"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
- ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -410,6 +273,36 @@ test_dhe (gnutls_session_t session)
}
test_code_t
+test_safe_renegotiation (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":%%SAFE_RENEGOTIATION", protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+
+ return ret;
+}
+
+test_code_t
+test_safe_renegotiation_scsv (gnutls_session_t session)
+{
+ int ret;
+
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-SSL3.0:"ALL_MACS":"ALL_KX":%%SAFE_RENEGOTIATION");
+ _gnutls_priority_set_direct (session, prio_str);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ ret = do_handshake (session);
+
+ return ret;
+}
+
+test_code_t
test_dhe_group (gnutls_session_t session)
{
int ret, ret2;
@@ -419,13 +312,8 @@ test_dhe_group (gnutls_session_t session
if (verbose == 0 || pubkey.data == NULL)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+DHE-RSA:+DHE-DSS:"REST, protocol_str);
- ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -461,12 +349,9 @@ test_code_t
test_ssl3 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-SSL3.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -494,12 +379,9 @@ test_bye (gnutls_session_t session)
signal (SIGALRM, got_alarm);
#endif
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -546,12 +428,10 @@ test_code_t
test_aes (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_AES_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+AES-128-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST , protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -563,12 +443,10 @@ test_code_t
test_camellia (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_CAMELLIA_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+CAMELLIA-128-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -580,12 +458,10 @@ test_code_t
test_openpgp1 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_CERTTYPE (session, GNUTLS_CRT_OPENPGP);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":+CTYPE-OPENPGP:%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -603,17 +479,12 @@ test_unknown_ciphersuites (gnutls_sessio
{
int ret;
#ifdef ENABLE_CAMELLIA
- ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_ARCFOUR_128);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
#else
- ADD_CIPHER4 (session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128, 0);
+ sprintf(prio_str, INIT_STR "+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
#endif
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -624,12 +495,10 @@ test_code_t
test_md5 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, GNUTLS_MAC_MD5);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:+MD5:"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -641,12 +510,10 @@ test_code_t
test_zlib (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, GNUTLS_COMP_ZLIB);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":+COMP-ZLIB:"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -655,17 +522,11 @@ test_zlib (gnutls_session_t session)
#endif
test_code_t
-test_lzo (gnutls_session_t session)
+test_sha (gnutls_session_t session)
{
int ret;
- gnutls_handshake_set_private_extensions (session, 1);
-
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, GNUTLS_COMP_LZO);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR "+AES-128-CBC:"ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:+SHA1:"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -674,15 +535,12 @@ test_lzo (gnutls_session_t session)
}
test_code_t
-test_sha (gnutls_session_t session)
+test_3des (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, GNUTLS_MAC_SHA1);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+3DES-CBC:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -690,15 +548,12 @@ test_sha (gnutls_session_t session)
}
test_code_t
-test_3des (gnutls_session_t session)
+test_arcfour (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_3DES_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+ARCFOUR-128:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -706,15 +561,13 @@ test_3des (gnutls_session_t session)
}
test_code_t
-test_arcfour (gnutls_session_t session)
+test_arcfour_40 (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_128);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR "+ARCFOUR-40:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":""+RSA-EXPORT"":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -722,15 +575,13 @@ test_arcfour (gnutls_session_t session)
}
test_code_t
-test_arcfour_40 (gnutls_session_t session)
+test_tls1 (gnutls_session_t session)
{
int ret;
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -738,20 +589,18 @@ test_arcfour_40 (gnutls_session_t sessio
}
test_code_t
-test_tls1 (gnutls_session_t session)
+test_tls1_2 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_TLS1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.2:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
if (ret == TEST_SUCCEED)
- tls1_ok = 1;
+ tls1_2_ok = 1;
return ret;
@@ -761,12 +610,10 @@ test_code_t
test_tls1_1 (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_TLS1_1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.1:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -784,12 +631,9 @@ test_tls1_1_fallback (gnutls_session_t s
if (tls1_1_ok)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL3 (session, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:"ALL_MACS":"ALL_KX":"REST);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -815,12 +659,9 @@ test_tls_disable (gnutls_session_t sessi
if (tls1_ok != 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
+
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -829,8 +670,7 @@ test_tls_disable (gnutls_session_t sessi
/* disable TLS 1.0 */
if (ssl3_ok != 0)
{
- protocol_priority[0] = GNUTLS_SSL3;
- protocol_priority[1] = 0;
+ strcpy(protocol_str, "+VERS-SSL3.0");
}
}
return ret;
@@ -847,12 +687,8 @@ test_rsa_pms (gnutls_session_t session)
* If the server is old, buggy and only supports
* SSL 3.0 then the handshake will fail.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, GNUTLS_KX_RSA);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+RSA:"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
@@ -868,12 +704,8 @@ test_code_t
test_max_record_size (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
@@ -892,12 +724,9 @@ test_code_t
test_hello_extension (gnutls_session_t session)
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_record_set_max_size (session, 512);
@@ -923,12 +752,8 @@ test_version_rollback (gnutls_session_t
* attacks which allow a version downgrade) and this
* connection will fail.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 3, 0);
@@ -953,12 +778,8 @@ test_version_oob (gnutls_session_t sessi
/* here we enable both SSL 3.0 and TLS 1.0
* and we connect using a 5.5 record version.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_record_set_default_version (session, 5, 5);
@@ -978,12 +799,8 @@ test_rsa_pms_version_check (gnutls_sessi
*
* A normal server would abort this handshake.
*/
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
_gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
@@ -998,12 +815,8 @@ test_anonymous (gnutls_session_t session
{
int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, GNUTLS_KX_ANON_DH);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":+ANON-DH:"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
ret = do_handshake (session);
@@ -1025,12 +838,8 @@ test_session_resume2 (gnutls_session_t s
if (session == NULL)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
@@ -1072,12 +881,8 @@ test_certificate (gnutls_session_t sessi
if (verbose == 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1141,12 +946,8 @@ test_server_cas (gnutls_session_t sessio
if (verbose == 0)
return TEST_IGNORE;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
+ sprintf(prio_str, INIT_STR ALL_CIPHERS":"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
+ _gnutls_priority_set_direct (session, prio_str);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
Index: gnutls-2.4.1/src/tests.h
===================================================================
--- gnutls-2.4.1.orig/src/tests.h
+++ gnutls-2.4.1/src/tests.h
@@ -3,7 +3,6 @@ typedef enum
TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
} test_code_t;
-test_code_t test_srp (gnutls_session_t state);
test_code_t test_server (gnutls_session_t state);
test_code_t test_export (gnutls_session_t state);
test_code_t test_export_info (gnutls_session_t state);
@@ -21,7 +20,10 @@ test_code_t test_3des (gnutls_session_t
test_code_t test_arcfour (gnutls_session_t state);
test_code_t test_arcfour_40 (gnutls_session_t state);
test_code_t test_tls1 (gnutls_session_t state);
+test_code_t test_safe_renegotiation (gnutls_session_t state);
+test_code_t test_safe_renegotiation_scsv (gnutls_session_t state);
test_code_t test_tls1_1 (gnutls_session_t state);
+test_code_t test_tls1_2 (gnutls_session_t state);
test_code_t test_tls1_1_fallback (gnutls_session_t state);
test_code_t test_tls_disable (gnutls_session_t state);
test_code_t test_rsa_pms (gnutls_session_t state);
@@ -37,6 +39,5 @@ test_code_t test_session_resume2 (gnutls
test_code_t test_rsa_pms_version_check (gnutls_session_t session);
test_code_t test_version_oob (gnutls_session_t session);
test_code_t test_zlib (gnutls_session_t session);
-test_code_t test_lzo (gnutls_session_t session);
int _test_srp_username_callback (gnutls_session_t session,
char **username, char **password);
Index: gnutls-2.4.1/src/tls_test.c
===================================================================
--- gnutls-2.4.1.orig/src/tls_test.c
+++ gnutls-2.4.1/src/tls_test.c
@@ -75,6 +75,9 @@ typedef struct
} TLS_TEST;
static const TLS_TEST tls_tests[] = {
+ {"for Safe renegotiation support", test_safe_renegotiation, "yes", "no", "dunno"},
+ {"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv, "yes", "no", "dunno"},
+ {"for TLS 1.2 support", test_tls1_2, "yes", "no", "dunno"},
{"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
"SSL 3.0"},
@@ -135,14 +138,8 @@ static const TLS_TEST tls_tests[] = {
{"for ZLIB compression support (TLS extension)", test_zlib, "yes",
"no", "dunno"},
#endif
- {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
- "no", "dunno"},
{"for max record size (TLS extension)", test_max_record_size, "yes",
"no", "dunno"},
-#ifdef ENABLE_SRP
- {"for SRP authentication support (TLS extension)", test_srp, "yes",
- "no", "dunno"},
-#endif
{"for OpenPGP authentication support (TLS extension)", test_openpgp1,
"yes", "no", "dunno"},
{NULL, NULL, NULL, NULL, NULL}
@@ -228,7 +225,7 @@ main (int argc, char **argv)
/* if neither of SSL3 and TLSv1 are supported, exit
*/
- if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
+ if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
{
fprintf (stderr,
"\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
Index: gnutls-2.4.1/tests/Makefile.am
===================================================================
--- gnutls-2.4.1.orig/tests/Makefile.am
+++ gnutls-2.4.1/tests/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 hostname-check
+ userid pathlen key-id sha2 hostname-check safe-renegotiation
if ENABLE_OPENPGP
SUBDIRS += openpgp openpgp-certs
Index: gnutls-2.4.1/tests/Makefile.in
===================================================================
--- gnutls-2.4.1.orig/tests/Makefile.in
+++ gnutls-2.4.1/tests/Makefile.in
@@ -299,7 +299,7 @@ ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = rsa-md5-collision pkcs1-padding pkcs8-decode \
pkcs12-decode userid pathlen key-id sha2 hostname-check \
- openpgp openpgp-certs
+ openpgp openpgp-certs safe-renegotiation
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -705,7 +705,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 hostname-check $(am__append_1)
+ userid pathlen key-id sha2 safe-renegotiation hostname-check $(am__append_1)
EXTRA_DIST = libgcrypt.supp
AM_CPPFLAGS = -I$(top_srcdir)/lgl -I$(top_builddir)/lgl \
-I$(top_srcdir)/gl -I$(top_builddir)/gl \
Index: gnutls-2.4.1/tests/resume.c
===================================================================
--- gnutls-2.4.1.orig/tests/resume.c
+++ gnutls-2.4.1/tests/resume.c
@@ -45,6 +45,9 @@ static int wrap_db_store (void *dbf, gnu
static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
static int wrap_db_delete (void *dbf, gnutls_datum_t key);
+pid_t child;
+
+
#define TLS_SESSION_CACHE 50
/* A very basic TLS client, with anonymous authentication.
@@ -52,6 +55,12 @@ static int wrap_db_delete (void *dbf, gn
#define MAX_BUF 1024
#define MSG "Hello TLS"
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
+}
+
/* Connects to the peer and returns a socket
* descriptor.
@@ -106,6 +115,11 @@ client (void)
*/
int t;
gnutls_datum session_data;
+ if (debug)
+ {
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (2);
+ }
gnutls_global_init ();
@@ -333,6 +347,12 @@ server (void)
{
/* this must be called once in the program, it is mostly for the server.
*/
+ if (debug)
+ {
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (2);
+ }
+
gnutls_global_init ();
gnutls_anon_allocate_server_credentials (&anoncred);
@@ -422,8 +442,6 @@ server (void)
void
doit (void)
{
- pid_t child;
-
global_start ();
if (error_count)
return;
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.am
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.am
@@ -0,0 +1,37 @@
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/lib/includes \
+ -I$(top_builddir)/lib/includes
+
+AM_LDFLAGS = -no-install
+LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+
+ctests = srn0 srn1 srn2 srn3 srn4 srn5 srn6 srn7
+
+check_PROGRAMS = $(ctests)
+TESTS = $(ctests)
+TESTS_ENVIRONMENT = $(VALGRIND)
+
+EXTRA_DIST = README params.dh
+
+dist_check_SCRIPTS = testsrn
+#TESTS = testsrn
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
@@ -0,0 +1,1299 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+check_PROGRAMS = $(am__EXEEXT_1)
+TESTS = $(am__EXEEXT_1)
+subdir = tests/safe-renegotiation
+DIST_COMMON = README $(dist_check_SCRIPTS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/libextra/m4/hooks.m4 \
+ $(top_srcdir)/lib/m4/hooks.m4 $(top_srcdir)/lib/gl/m4/po.m4 \
+ $(top_srcdir)/gl/m4/00gnulib.m4 $(top_srcdir)/gl/m4/alloca.m4 \
+ $(top_srcdir)/gl/m4/arpa_inet_h.m4 \
+ $(top_srcdir)/gl/m4/asm-underscore.m4 \
+ $(top_srcdir)/gl/m4/autobuild.m4 \
+ $(top_srcdir)/gl/m4/clock_time.m4 $(top_srcdir)/gl/m4/close.m4 \
+ $(top_srcdir)/gl/m4/errno_h.m4 $(top_srcdir)/gl/m4/error.m4 \
+ $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/fclose.m4 $(top_srcdir)/gl/m4/float_h.m4 \
+ $(top_srcdir)/gl/m4/fseeko.m4 \
+ $(top_srcdir)/gl/m4/getaddrinfo.m4 \
+ $(top_srcdir)/gl/m4/getdelim.m4 $(top_srcdir)/gl/m4/getline.m4 \
+ $(top_srcdir)/gl/m4/getpass.m4 $(top_srcdir)/gl/m4/gettime.m4 \
+ $(top_srcdir)/gl/m4/gettimeofday.m4 \
+ $(top_srcdir)/gl/m4/gnulib-common.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/hostent.m4 \
+ $(top_srcdir)/gl/m4/include_next.m4 \
+ $(top_srcdir)/gl/m4/inet_ntop.m4 \
+ $(top_srcdir)/gl/m4/inet_pton.m4 \
+ $(top_srcdir)/gl/m4/intmax_t.m4 \
+ $(top_srcdir)/gl/m4/inttypes_h.m4 $(top_srcdir)/gl/m4/ioctl.m4 \
+ $(top_srcdir)/gl/m4/lib-ld.m4 $(top_srcdir)/gl/m4/lib-link.m4 \
+ $(top_srcdir)/gl/m4/lib-prefix.m4 \
+ $(top_srcdir)/gl/m4/longlong.m4 $(top_srcdir)/gl/m4/lseek.m4 \
+ $(top_srcdir)/gl/m4/malloc.m4 \
+ $(top_srcdir)/gl/m4/manywarnings.m4 \
+ $(top_srcdir)/gl/m4/memchr.m4 $(top_srcdir)/gl/m4/minmax.m4 \
+ $(top_srcdir)/gl/m4/mmap-anon.m4 \
+ $(top_srcdir)/gl/m4/multiarch.m4 \
+ $(top_srcdir)/gl/m4/netdb_h.m4 \
+ $(top_srcdir)/gl/m4/netinet_in_h.m4 \
+ $(top_srcdir)/gl/m4/onceonly_2_57.m4 \
+ $(top_srcdir)/gl/m4/perror.m4 $(top_srcdir)/gl/m4/printf.m4 \
+ $(top_srcdir)/gl/m4/read-file.m4 \
+ $(top_srcdir)/gl/m4/readline.m4 $(top_srcdir)/gl/m4/realloc.m4 \
+ $(top_srcdir)/gl/m4/select.m4 $(top_srcdir)/gl/m4/servent.m4 \
+ $(top_srcdir)/gl/m4/size_max.m4 \
+ $(top_srcdir)/gl/m4/snprintf.m4 $(top_srcdir)/gl/m4/sockets.m4 \
+ $(top_srcdir)/gl/m4/socklen.m4 $(top_srcdir)/gl/m4/sockpfaf.m4 \
+ $(top_srcdir)/gl/m4/stdarg.m4 $(top_srcdir)/gl/m4/stdbool.m4 \
+ $(top_srcdir)/gl/m4/stddef_h.m4 $(top_srcdir)/gl/m4/stdint.m4 \
+ $(top_srcdir)/gl/m4/stdint_h.m4 $(top_srcdir)/gl/m4/stdio_h.m4 \
+ $(top_srcdir)/gl/m4/stdlib_h.m4 \
+ $(top_srcdir)/gl/m4/strerror.m4 \
+ $(top_srcdir)/gl/m4/string_h.m4 \
+ $(top_srcdir)/gl/m4/sys_ioctl_h.m4 \
+ $(top_srcdir)/gl/m4/sys_select_h.m4 \
+ $(top_srcdir)/gl/m4/sys_socket_h.m4 \
+ $(top_srcdir)/gl/m4/sys_stat_h.m4 \
+ $(top_srcdir)/gl/m4/sys_time_h.m4 \
+ $(top_srcdir)/gl/m4/time_h.m4 $(top_srcdir)/gl/m4/timespec.m4 \
+ $(top_srcdir)/gl/m4/ungetc.m4 $(top_srcdir)/gl/m4/unistd_h.m4 \
+ $(top_srcdir)/gl/m4/valgrind-tests.m4 \
+ $(top_srcdir)/gl/m4/vasnprintf.m4 \
+ $(top_srcdir)/gl/m4/version-etc.m4 \
+ $(top_srcdir)/gl/m4/warn-on-use.m4 \
+ $(top_srcdir)/gl/m4/warnings.m4 $(top_srcdir)/gl/m4/wchar_h.m4 \
+ $(top_srcdir)/gl/m4/wchar_t.m4 $(top_srcdir)/gl/m4/wint_t.m4 \
+ $(top_srcdir)/gl/m4/xsize.m4 $(top_srcdir)/m4/gtk-doc.m4 \
+ $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 = srn0$(EXEEXT) srn1$(EXEEXT) srn2$(EXEEXT) srn3$(EXEEXT) \
+ srn4$(EXEEXT) srn5$(EXEEXT) srn6$(EXEEXT) srn7$(EXEEXT)
+srn0_SOURCES = srn0.c
+srn0_OBJECTS = srn0.$(OBJEXT)
+srn0_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+srn0_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn1_SOURCES = srn1.c
+srn1_OBJECTS = srn1.$(OBJEXT)
+srn1_LDADD = $(LDADD)
+srn1_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn2_SOURCES = srn2.c
+srn2_OBJECTS = srn2.$(OBJEXT)
+srn2_LDADD = $(LDADD)
+srn2_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn3_SOURCES = srn3.c
+srn3_OBJECTS = srn3.$(OBJEXT)
+srn3_LDADD = $(LDADD)
+srn3_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn4_SOURCES = srn4.c
+srn4_OBJECTS = srn4.$(OBJEXT)
+srn4_LDADD = $(LDADD)
+srn4_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn5_SOURCES = srn5.c
+srn5_OBJECTS = srn5.$(OBJEXT)
+srn5_LDADD = $(LDADD)
+srn5_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn6_SOURCES = srn6.c
+srn6_OBJECTS = srn6.$(OBJEXT)
+srn6_LDADD = $(LDADD)
+srn6_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+srn7_SOURCES = srn7.c
+srn7_OBJECTS = srn7.$(OBJEXT)
+srn7_LDADD = $(LDADD)
+srn7_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = srn0.c srn1.c srn2.c srn3.c srn4.c srn5.c srn6.c srn7.c
+DIST_SOURCES = srn0.c srn1.c srn2.c srn3.c srn4.c srn5.c srn6.c srn7.c
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+ red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
+AMTAR = @AMTAR@
+APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@
+AR = @AR@
+AS = @AS@
+ASM_SYMBOL_PREFIX = @ASM_SYMBOL_PREFIX@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CONFIG_INCLUDE = @CONFIG_INCLUDE@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@
+EMULTIHOP_VALUE = @EMULTIHOP_VALUE@
+ENOLINK_HIDDEN = @ENOLINK_HIDDEN@
+ENOLINK_VALUE = @ENOLINK_VALUE@
+EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@
+EOVERFLOW_VALUE = @EOVERFLOW_VALUE@
+ERRNO_H = @ERRNO_H@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FLOAT_H = @FLOAT_H@
+GAA = @GAA@
+GETADDRINFO_LIB = @GETADDRINFO_LIB@
+GNULIB_ACCEPT = @GNULIB_ACCEPT@
+GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@
+GNULIB_ATOLL = @GNULIB_ATOLL@
+GNULIB_BIND = @GNULIB_BIND@
+GNULIB_BTOWC = @GNULIB_BTOWC@
+GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@
+GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@
+GNULIB_CHOWN = @GNULIB_CHOWN@
+GNULIB_CLOSE = @GNULIB_CLOSE@
+GNULIB_CONNECT = @GNULIB_CONNECT@
+GNULIB_DPRINTF = @GNULIB_DPRINTF@
+GNULIB_DUP2 = @GNULIB_DUP2@
+GNULIB_DUP3 = @GNULIB_DUP3@
+GNULIB_ENVIRON = @GNULIB_ENVIRON@
+GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@
+GNULIB_FACCESSAT = @GNULIB_FACCESSAT@
+GNULIB_FCHDIR = @GNULIB_FCHDIR@
+GNULIB_FCHMODAT = @GNULIB_FCHMODAT@
+GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@
+GNULIB_FCLOSE = @GNULIB_FCLOSE@
+GNULIB_FFLUSH = @GNULIB_FFLUSH@
+GNULIB_FOPEN = @GNULIB_FOPEN@
+GNULIB_FPRINTF = @GNULIB_FPRINTF@
+GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@
+GNULIB_FPURGE = @GNULIB_FPURGE@
+GNULIB_FPUTC = @GNULIB_FPUTC@
+GNULIB_FPUTS = @GNULIB_FPUTS@
+GNULIB_FREOPEN = @GNULIB_FREOPEN@
+GNULIB_FSEEK = @GNULIB_FSEEK@
+GNULIB_FSEEKO = @GNULIB_FSEEKO@
+GNULIB_FSTATAT = @GNULIB_FSTATAT@
+GNULIB_FSYNC = @GNULIB_FSYNC@
+GNULIB_FTELL = @GNULIB_FTELL@
+GNULIB_FTELLO = @GNULIB_FTELLO@
+GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@
+GNULIB_FUTIMENS = @GNULIB_FUTIMENS@
+GNULIB_FWRITE = @GNULIB_FWRITE@
+GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@
+GNULIB_GETCWD = @GNULIB_GETCWD@
+GNULIB_GETDELIM = @GNULIB_GETDELIM@
+GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@
+GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@
+GNULIB_GETGROUPS = @GNULIB_GETGROUPS@
+GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@
+GNULIB_GETLINE = @GNULIB_GETLINE@
+GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@
+GNULIB_GETLOGIN = @GNULIB_GETLOGIN@
+GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@
+GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@
+GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@
+GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@
+GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@
+GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@
+GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@
+GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@
+GNULIB_GRANTPT = @GNULIB_GRANTPT@
+GNULIB_INET_NTOP = @GNULIB_INET_NTOP@
+GNULIB_INET_PTON = @GNULIB_INET_PTON@
+GNULIB_IOCTL = @GNULIB_IOCTL@
+GNULIB_LCHMOD = @GNULIB_LCHMOD@
+GNULIB_LCHOWN = @GNULIB_LCHOWN@
+GNULIB_LINK = @GNULIB_LINK@
+GNULIB_LINKAT = @GNULIB_LINKAT@
+GNULIB_LISTEN = @GNULIB_LISTEN@
+GNULIB_LSEEK = @GNULIB_LSEEK@
+GNULIB_LSTAT = @GNULIB_LSTAT@
+GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@
+GNULIB_MBRLEN = @GNULIB_MBRLEN@
+GNULIB_MBRTOWC = @GNULIB_MBRTOWC@
+GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@
+GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@
+GNULIB_MBSCHR = @GNULIB_MBSCHR@
+GNULIB_MBSCSPN = @GNULIB_MBSCSPN@
+GNULIB_MBSINIT = @GNULIB_MBSINIT@
+GNULIB_MBSLEN = @GNULIB_MBSLEN@
+GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@
+GNULIB_MBSNLEN = @GNULIB_MBSNLEN@
+GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@
+GNULIB_MBSPBRK = @GNULIB_MBSPBRK@
+GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@
+GNULIB_MBSRCHR = @GNULIB_MBSRCHR@
+GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@
+GNULIB_MBSSEP = @GNULIB_MBSSEP@
+GNULIB_MBSSPN = @GNULIB_MBSSPN@
+GNULIB_MBSSTR = @GNULIB_MBSSTR@
+GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@
+GNULIB_MEMCHR = @GNULIB_MEMCHR@
+GNULIB_MEMMEM = @GNULIB_MEMMEM@
+GNULIB_MEMPCPY = @GNULIB_MEMPCPY@
+GNULIB_MEMRCHR = @GNULIB_MEMRCHR@
+GNULIB_MKDIRAT = @GNULIB_MKDIRAT@
+GNULIB_MKDTEMP = @GNULIB_MKDTEMP@
+GNULIB_MKFIFO = @GNULIB_MKFIFO@
+GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@
+GNULIB_MKNOD = @GNULIB_MKNOD@
+GNULIB_MKNODAT = @GNULIB_MKNODAT@
+GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@
+GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@
+GNULIB_MKSTEMP = @GNULIB_MKSTEMP@
+GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@
+GNULIB_MKTIME = @GNULIB_MKTIME@
+GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@
+GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@
+GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@
+GNULIB_PERROR = @GNULIB_PERROR@
+GNULIB_PIPE2 = @GNULIB_PIPE2@
+GNULIB_POPEN = @GNULIB_POPEN@
+GNULIB_PREAD = @GNULIB_PREAD@
+GNULIB_PRINTF = @GNULIB_PRINTF@
+GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@
+GNULIB_PTSNAME = @GNULIB_PTSNAME@
+GNULIB_PUTC = @GNULIB_PUTC@
+GNULIB_PUTCHAR = @GNULIB_PUTCHAR@
+GNULIB_PUTENV = @GNULIB_PUTENV@
+GNULIB_PUTS = @GNULIB_PUTS@
+GNULIB_PWRITE = @GNULIB_PWRITE@
+GNULIB_RANDOM_R = @GNULIB_RANDOM_R@
+GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@
+GNULIB_READLINK = @GNULIB_READLINK@
+GNULIB_READLINKAT = @GNULIB_READLINKAT@
+GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@
+GNULIB_REALPATH = @GNULIB_REALPATH@
+GNULIB_RECV = @GNULIB_RECV@
+GNULIB_RECVFROM = @GNULIB_RECVFROM@
+GNULIB_REMOVE = @GNULIB_REMOVE@
+GNULIB_RENAME = @GNULIB_RENAME@
+GNULIB_RENAMEAT = @GNULIB_RENAMEAT@
+GNULIB_RMDIR = @GNULIB_RMDIR@
+GNULIB_RPMATCH = @GNULIB_RPMATCH@
+GNULIB_SELECT = @GNULIB_SELECT@
+GNULIB_SEND = @GNULIB_SEND@
+GNULIB_SENDTO = @GNULIB_SENDTO@
+GNULIB_SETENV = @GNULIB_SETENV@
+GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@
+GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@
+GNULIB_SLEEP = @GNULIB_SLEEP@
+GNULIB_SNPRINTF = @GNULIB_SNPRINTF@
+GNULIB_SOCKET = @GNULIB_SOCKET@
+GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@
+GNULIB_STAT = @GNULIB_STAT@
+GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@
+GNULIB_STPCPY = @GNULIB_STPCPY@
+GNULIB_STPNCPY = @GNULIB_STPNCPY@
+GNULIB_STRCASESTR = @GNULIB_STRCASESTR@
+GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@
+GNULIB_STRDUP = @GNULIB_STRDUP@
+GNULIB_STRERROR = @GNULIB_STRERROR@
+GNULIB_STRNCAT = @GNULIB_STRNCAT@
+GNULIB_STRNDUP = @GNULIB_STRNDUP@
+GNULIB_STRNLEN = @GNULIB_STRNLEN@
+GNULIB_STRPBRK = @GNULIB_STRPBRK@
+GNULIB_STRPTIME = @GNULIB_STRPTIME@
+GNULIB_STRSEP = @GNULIB_STRSEP@
+GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@
+GNULIB_STRSTR = @GNULIB_STRSTR@
+GNULIB_STRTOD = @GNULIB_STRTOD@
+GNULIB_STRTOK_R = @GNULIB_STRTOK_R@
+GNULIB_STRTOLL = @GNULIB_STRTOLL@
+GNULIB_STRTOULL = @GNULIB_STRTOULL@
+GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@
+GNULIB_SYMLINK = @GNULIB_SYMLINK@
+GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@
+GNULIB_TIMEGM = @GNULIB_TIMEGM@
+GNULIB_TIME_R = @GNULIB_TIME_R@
+GNULIB_TMPFILE = @GNULIB_TMPFILE@
+GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@
+GNULIB_UNISTD_H_GETOPT = @GNULIB_UNISTD_H_GETOPT@
+GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@
+GNULIB_UNLINK = @GNULIB_UNLINK@
+GNULIB_UNLINKAT = @GNULIB_UNLINKAT@
+GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@
+GNULIB_UNSETENV = @GNULIB_UNSETENV@
+GNULIB_USLEEP = @GNULIB_USLEEP@
+GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@
+GNULIB_VASPRINTF = @GNULIB_VASPRINTF@
+GNULIB_VDPRINTF = @GNULIB_VDPRINTF@
+GNULIB_VFPRINTF = @GNULIB_VFPRINTF@
+GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@
+GNULIB_VPRINTF = @GNULIB_VPRINTF@
+GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@
+GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@
+GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@
+GNULIB_WCRTOMB = @GNULIB_WCRTOMB@
+GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@
+GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@
+GNULIB_WCTOB = @GNULIB_WCTOB@
+GNULIB_WCWIDTH = @GNULIB_WCWIDTH@
+GNULIB_WRITE = @GNULIB_WRITE@
+GREP = @GREP@
+GTKDOC_CHECK = @GTKDOC_CHECK@
+GTKDOC_MKPDF = @GTKDOC_MKPDF@
+GTKDOC_REBASE = @GTKDOC_REBASE@
+GUILE = @GUILE@
+GUILE_CFLAGS = @GUILE_CFLAGS@
+GUILE_CONFIG = @GUILE_CONFIG@
+GUILE_LDFLAGS = @GUILE_LDFLAGS@
+GUILE_SITE = @GUILE_SITE@
+GUILE_TOOLS = @GUILE_TOOLS@
+HAVE_ACCEPT4 = @HAVE_ACCEPT4@
+HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@
+HAVE_ATOLL = @HAVE_ATOLL@
+HAVE_BTOWC = @HAVE_BTOWC@
+HAVE_CALLOC_POSIX = @HAVE_CALLOC_POSIX@
+HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@
+HAVE_CHOWN = @HAVE_CHOWN@
+HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@
+HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@
+HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@
+HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@
+HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@
+HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@
+HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@
+HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@
+HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@
+HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@
+HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@
+HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@
+HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@
+HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@
+HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@
+HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@
+HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@
+HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@
+HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@
+HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@
+HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@
+HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@
+HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@
+HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@
+HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@
+HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@
+HAVE_DPRINTF = @HAVE_DPRINTF@
+HAVE_DUP2 = @HAVE_DUP2@
+HAVE_DUP3 = @HAVE_DUP3@
+HAVE_EUIDACCESS = @HAVE_EUIDACCESS@
+HAVE_FACCESSAT = @HAVE_FACCESSAT@
+HAVE_FCHDIR = @HAVE_FCHDIR@
+HAVE_FCHMODAT = @HAVE_FCHMODAT@
+HAVE_FCHOWNAT = @HAVE_FCHOWNAT@
+HAVE_FSEEKO = @HAVE_FSEEKO@
+HAVE_FSTATAT = @HAVE_FSTATAT@
+HAVE_FSYNC = @HAVE_FSYNC@
+HAVE_FTELLO = @HAVE_FTELLO@
+HAVE_FTRUNCATE = @HAVE_FTRUNCATE@
+HAVE_FUTIMENS = @HAVE_FUTIMENS@
+HAVE_GETDOMAINNAME = @HAVE_GETDOMAINNAME@
+HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@
+HAVE_GETGROUPS = @HAVE_GETGROUPS@
+HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@
+HAVE_GETLOGIN = @HAVE_GETLOGIN@
+HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@
+HAVE_GETSUBOPT = @HAVE_GETSUBOPT@
+HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@
+HAVE_GRANTPT = @HAVE_GRANTPT@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LCHMOD = @HAVE_LCHMOD@
+HAVE_LCHOWN = @HAVE_LCHOWN@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LINK = @HAVE_LINK@
+HAVE_LINKAT = @HAVE_LINKAT@
+HAVE_LOCALTIME_R = @HAVE_LOCALTIME_R@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_LSTAT = @HAVE_LSTAT@
+HAVE_MALLOC_POSIX = @HAVE_MALLOC_POSIX@
+HAVE_MBRLEN = @HAVE_MBRLEN@
+HAVE_MBRTOWC = @HAVE_MBRTOWC@
+HAVE_MBSINIT = @HAVE_MBSINIT@
+HAVE_MBSLEN = @HAVE_MBSLEN@
+HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@
+HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@
+HAVE_MEMCHR = @HAVE_MEMCHR@
+HAVE_MEMPCPY = @HAVE_MEMPCPY@
+HAVE_MKDIRAT = @HAVE_MKDIRAT@
+HAVE_MKDTEMP = @HAVE_MKDTEMP@
+HAVE_MKFIFO = @HAVE_MKFIFO@
+HAVE_MKFIFOAT = @HAVE_MKFIFOAT@
+HAVE_MKNOD = @HAVE_MKNOD@
+HAVE_MKNODAT = @HAVE_MKNODAT@
+HAVE_MKOSTEMP = @HAVE_MKOSTEMP@
+HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@
+HAVE_MKSTEMP = @HAVE_MKSTEMP@
+HAVE_MKSTEMPS = @HAVE_MKSTEMPS@
+HAVE_NANOSLEEP = @HAVE_NANOSLEEP@
+HAVE_NETDB_H = @HAVE_NETDB_H@
+HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@
+HAVE_OS_H = @HAVE_OS_H@
+HAVE_PIPE2 = @HAVE_PIPE2@
+HAVE_PREAD = @HAVE_PREAD@
+HAVE_PTSNAME = @HAVE_PTSNAME@
+HAVE_PWRITE = @HAVE_PWRITE@
+HAVE_RANDOM_H = @HAVE_RANDOM_H@
+HAVE_RANDOM_R = @HAVE_RANDOM_R@
+HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@
+HAVE_READLINK = @HAVE_READLINK@
+HAVE_READLINKAT = @HAVE_READLINKAT@
+HAVE_REALLOC_POSIX = @HAVE_REALLOC_POSIX@
+HAVE_REALPATH = @HAVE_REALPATH@
+HAVE_RENAMEAT = @HAVE_RENAMEAT@
+HAVE_RPMATCH = @HAVE_RPMATCH@
+HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@
+HAVE_SETENV = @HAVE_SETENV@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_SLEEP = @HAVE_SLEEP@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_STPCPY = @HAVE_STPCPY@
+HAVE_STPNCPY = @HAVE_STPNCPY@
+HAVE_STRCASESTR = @HAVE_STRCASESTR@
+HAVE_STRCHRNUL = @HAVE_STRCHRNUL@
+HAVE_STRPBRK = @HAVE_STRPBRK@
+HAVE_STRPTIME = @HAVE_STRPTIME@
+HAVE_STRSEP = @HAVE_STRSEP@
+HAVE_STRTOD = @HAVE_STRTOD@
+HAVE_STRTOLL = @HAVE_STRTOLL@
+HAVE_STRTOULL = @HAVE_STRTOULL@
+HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@
+HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@
+HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@
+HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@
+HAVE_STRVERSCMP = @HAVE_STRVERSCMP@
+HAVE_SYMLINK = @HAVE_SYMLINK@
+HAVE_SYMLINKAT = @HAVE_SYMLINKAT@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@
+HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@
+HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@
+HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@
+HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@
+HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_TIMEGM = @HAVE_TIMEGM@
+HAVE_TTYNAME_R = @HAVE_TTYNAME_R@
+HAVE_UNISTD_H = @HAVE_UNISTD_H@
+HAVE_UNLINKAT = @HAVE_UNLINKAT@
+HAVE_UNLOCKPT = @HAVE_UNLOCKPT@
+HAVE_UNSETENV = @HAVE_UNSETENV@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_USLEEP = @HAVE_USLEEP@
+HAVE_UTIMENSAT = @HAVE_UTIMENSAT@
+HAVE_VASPRINTF = @HAVE_VASPRINTF@
+HAVE_VDPRINTF = @HAVE_VDPRINTF@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
+HAVE_WCHAR_T = @HAVE_WCHAR_T@
+HAVE_WCRTOMB = @HAVE_WCRTOMB@
+HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@
+HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@
+HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@
+HAVE_WINT_T = @HAVE_WINT_T@
+HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@
+HAVE__BOOL = @HAVE__BOOL@
+HOSTENT_LIB = @HOSTENT_LIB@
+HTML_DIR = @HTML_DIR@
+INCLUDE_NEXT = @INCLUDE_NEXT@
+INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@
+INET_NTOP_LIB = @INET_NTOP_LIB@
+INET_PTON_LIB = @INET_PTON_LIB@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBSOCKET = @LIBSOCKET@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@
+LIBTOOL = @LIBTOOL@
+LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTALLOCA = @LTALLOCA@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBREADLINE = @LTLIBREADLINE@
+LTLIBTASN1 = @LTLIBTASN1@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NETINET_IN_H = @NETINET_IN_H@
+NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@
+NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@
+NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@
+NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@
+NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@
+NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@
+NEXT_AS_FIRST_DIRECTIVE_STDARG_H = @NEXT_AS_FIRST_DIRECTIVE_STDARG_H@
+NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@
+NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@
+NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@
+NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@
+NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@
+NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@
+NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@
+NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@
+NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@
+NEXT_ERRNO_H = @NEXT_ERRNO_H@
+NEXT_FLOAT_H = @NEXT_FLOAT_H@
+NEXT_NETDB_H = @NEXT_NETDB_H@
+NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@
+NEXT_STDARG_H = @NEXT_STDARG_H@
+NEXT_STDDEF_H = @NEXT_STDDEF_H@
+NEXT_STDINT_H = @NEXT_STDINT_H@
+NEXT_STDIO_H = @NEXT_STDIO_H@
+NEXT_STDLIB_H = @NEXT_STDLIB_H@
+NEXT_STRING_H = @NEXT_STRING_H@
+NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@
+NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@
+NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@
+NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@
+NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@
+NEXT_TIME_H = @NEXT_TIME_H@
+NEXT_UNISTD_H = @NEXT_UNISTD_H@
+NEXT_WCHAR_H = @NEXT_WCHAR_H@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PMCCABE = @PMCCABE@
+PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@
+PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
+RANLIB = @RANLIB@
+REPLACE_BTOWC = @REPLACE_BTOWC@
+REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@
+REPLACE_CHOWN = @REPLACE_CHOWN@
+REPLACE_CLOSE = @REPLACE_CLOSE@
+REPLACE_DPRINTF = @REPLACE_DPRINTF@
+REPLACE_DUP = @REPLACE_DUP@
+REPLACE_DUP2 = @REPLACE_DUP2@
+REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@
+REPLACE_FCLOSE = @REPLACE_FCLOSE@
+REPLACE_FFLUSH = @REPLACE_FFLUSH@
+REPLACE_FOPEN = @REPLACE_FOPEN@
+REPLACE_FPRINTF = @REPLACE_FPRINTF@
+REPLACE_FPURGE = @REPLACE_FPURGE@
+REPLACE_FREOPEN = @REPLACE_FREOPEN@
+REPLACE_FSEEK = @REPLACE_FSEEK@
+REPLACE_FSEEKO = @REPLACE_FSEEKO@
+REPLACE_FSTAT = @REPLACE_FSTAT@
+REPLACE_FSTATAT = @REPLACE_FSTATAT@
+REPLACE_FTELL = @REPLACE_FTELL@
+REPLACE_FTELLO = @REPLACE_FTELLO@
+REPLACE_FUTIMENS = @REPLACE_FUTIMENS@
+REPLACE_GETCWD = @REPLACE_GETCWD@
+REPLACE_GETDELIM = @REPLACE_GETDELIM@
+REPLACE_GETGROUPS = @REPLACE_GETGROUPS@
+REPLACE_GETLINE = @REPLACE_GETLINE@
+REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@
+REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@
+REPLACE_IOCTL = @REPLACE_IOCTL@
+REPLACE_LCHOWN = @REPLACE_LCHOWN@
+REPLACE_LINK = @REPLACE_LINK@
+REPLACE_LINKAT = @REPLACE_LINKAT@
+REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@
+REPLACE_LSEEK = @REPLACE_LSEEK@
+REPLACE_LSTAT = @REPLACE_LSTAT@
+REPLACE_MBRLEN = @REPLACE_MBRLEN@
+REPLACE_MBRTOWC = @REPLACE_MBRTOWC@
+REPLACE_MBSINIT = @REPLACE_MBSINIT@
+REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@
+REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@
+REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@
+REPLACE_MEMCHR = @REPLACE_MEMCHR@
+REPLACE_MEMMEM = @REPLACE_MEMMEM@
+REPLACE_MKDIR = @REPLACE_MKDIR@
+REPLACE_MKFIFO = @REPLACE_MKFIFO@
+REPLACE_MKNOD = @REPLACE_MKNOD@
+REPLACE_MKSTEMP = @REPLACE_MKSTEMP@
+REPLACE_MKTIME = @REPLACE_MKTIME@
+REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@
+REPLACE_NULL = @REPLACE_NULL@
+REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@
+REPLACE_PERROR = @REPLACE_PERROR@
+REPLACE_POPEN = @REPLACE_POPEN@
+REPLACE_PREAD = @REPLACE_PREAD@
+REPLACE_PRINTF = @REPLACE_PRINTF@
+REPLACE_PUTENV = @REPLACE_PUTENV@
+REPLACE_PWRITE = @REPLACE_PWRITE@
+REPLACE_READLINK = @REPLACE_READLINK@
+REPLACE_REALPATH = @REPLACE_REALPATH@
+REPLACE_REMOVE = @REPLACE_REMOVE@
+REPLACE_RENAME = @REPLACE_RENAME@
+REPLACE_RENAMEAT = @REPLACE_RENAMEAT@
+REPLACE_RMDIR = @REPLACE_RMDIR@
+REPLACE_SELECT = @REPLACE_SELECT@
+REPLACE_SETENV = @REPLACE_SETENV@
+REPLACE_SLEEP = @REPLACE_SLEEP@
+REPLACE_SNPRINTF = @REPLACE_SNPRINTF@
+REPLACE_SPRINTF = @REPLACE_SPRINTF@
+REPLACE_STAT = @REPLACE_STAT@
+REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@
+REPLACE_STPNCPY = @REPLACE_STPNCPY@
+REPLACE_STRCASESTR = @REPLACE_STRCASESTR@
+REPLACE_STRDUP = @REPLACE_STRDUP@
+REPLACE_STRERROR = @REPLACE_STRERROR@
+REPLACE_STRNCAT = @REPLACE_STRNCAT@
+REPLACE_STRNDUP = @REPLACE_STRNDUP@
+REPLACE_STRNLEN = @REPLACE_STRNLEN@
+REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@
+REPLACE_STRSTR = @REPLACE_STRSTR@
+REPLACE_STRTOD = @REPLACE_STRTOD@
+REPLACE_STRTOK_R = @REPLACE_STRTOK_R@
+REPLACE_SYMLINK = @REPLACE_SYMLINK@
+REPLACE_TIMEGM = @REPLACE_TIMEGM@
+REPLACE_TMPFILE = @REPLACE_TMPFILE@
+REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@
+REPLACE_UNLINK = @REPLACE_UNLINK@
+REPLACE_UNLINKAT = @REPLACE_UNLINKAT@
+REPLACE_UNSETENV = @REPLACE_UNSETENV@
+REPLACE_USLEEP = @REPLACE_USLEEP@
+REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@
+REPLACE_VASPRINTF = @REPLACE_VASPRINTF@
+REPLACE_VDPRINTF = @REPLACE_VDPRINTF@
+REPLACE_VFPRINTF = @REPLACE_VFPRINTF@
+REPLACE_VPRINTF = @REPLACE_VPRINTF@
+REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@
+REPLACE_VSPRINTF = @REPLACE_VSPRINTF@
+REPLACE_WCRTOMB = @REPLACE_WCRTOMB@
+REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@
+REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@
+REPLACE_WCTOB = @REPLACE_WCTOB@
+REPLACE_WCWIDTH = @REPLACE_WCWIDTH@
+REPLACE_WRITE = @REPLACE_WRITE@
+SED = @SED@
+SERVENT_LIB = @SERVENT_LIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDARG_H = @STDARG_H@
+STDBOOL_H = @STDBOOL_H@
+STDDEF_H = @STDDEF_H@
+STDINT_H = @STDINT_H@
+STRIP = @STRIP@
+SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@
+SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
+SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@
+TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@
+UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@
+UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@
+UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
+VALGRIND = @VALGRIND@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+abs_aux_dir = @abs_aux_dir@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gl_LIBOBJS = @gl_LIBOBJS@
+gl_LTLIBOBJS = @gl_LTLIBOBJS@
+gltests_LIBOBJS = @gltests_LIBOBJS@
+gltests_LTLIBOBJS = @gltests_LTLIBOBJS@
+gltests_WITNESS = @gltests_WITNESS@
+guile_snarf = @guile_snarf@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+subdirs = @subdirs@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/lib/includes \
+ -I$(top_builddir)/lib/includes
+
+AM_LDFLAGS = -no-install
+LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+ctests = srn0 srn1 srn2 srn3 srn4 srn5 srn6 srn7
+TESTS_ENVIRONMENT = $(VALGRIND)
+EXTRA_DIST = README params.dh
+dist_check_SCRIPTS = testsrn
+all: all-am
+
+.SUFFIXES:
+ .SUFFIXES: .c .lo .o .obj
+ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/safe-renegotiation/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu tests/safe-renegotiation/Makefile
+ .PRECIOUS: Makefile
+ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+ srn0$(EXEEXT): $(srn0_OBJECTS) $(srn0_DEPENDENCIES)
+ @rm -f srn0$(EXEEXT)
+ $(LINK) $(srn0_OBJECTS) $(srn0_LDADD) $(LIBS)
+srn1$(EXEEXT): $(srn1_OBJECTS) $(srn1_DEPENDENCIES)
+ @rm -f srn1$(EXEEXT)
+ $(LINK) $(srn1_OBJECTS) $(srn1_LDADD) $(LIBS)
+srn2$(EXEEXT): $(srn2_OBJECTS) $(srn2_DEPENDENCIES)
+ @rm -f srn2$(EXEEXT)
+ $(LINK) $(srn2_OBJECTS) $(srn2_LDADD) $(LIBS)
+srn3$(EXEEXT): $(srn3_OBJECTS) $(srn3_DEPENDENCIES)
+ @rm -f srn3$(EXEEXT)
+ $(LINK) $(srn3_OBJECTS) $(srn3_LDADD) $(LIBS)
+srn4$(EXEEXT): $(srn4_OBJECTS) $(srn4_DEPENDENCIES)
+ @rm -f srn4$(EXEEXT)
+ $(LINK) $(srn4_OBJECTS) $(srn4_LDADD) $(LIBS)
+srn5$(EXEEXT): $(srn5_OBJECTS) $(srn5_DEPENDENCIES)
+ @rm -f srn5$(EXEEXT)
+ $(LINK) $(srn5_OBJECTS) $(srn5_LDADD) $(LIBS)
+srn6$(EXEEXT): $(srn6_OBJECTS) $(srn6_DEPENDENCIES)
+ @rm -f srn6$(EXEEXT)
+ $(LINK) $(srn6_OBJECTS) $(srn6_LDADD) $(LIBS)
+srn7$(EXEEXT): $(srn7_OBJECTS) $(srn7_DEPENDENCIES)
+ @rm -f srn7$(EXEEXT)
+ $(LINK) $(srn7_OBJECTS) $(srn7_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn0.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn4.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn5.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn6.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn7.Po@am__quote@
+
+.c.o:
+ @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+ @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+ @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+ @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+ @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+ tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ ctags: CTAGS
+ CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+ $(dist_check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+ check: check-am
+ all-am: Makefile
+installdirs:
+ install: install-am
+ install-exec: install-exec-am
+ install-data: install-data-am
+ uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+ install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+ distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+ maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libtool ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am
+
+#TESTS = testsrn
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# # Otherwise a system limit (for SysV at least) may be exceeded.
+# .NOEXPORT:
Index: gnutls-2.4.1/tests/safe-renegotiation/README
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/README
@@ -0,0 +1,93 @@
+Testing safe renegotiation is relatively complex, here is a summary of
+what we test and what how we believe it should work.
+
+ Client setting
+ Server setting
+ Initial handshake outcome
+ Rehandshake outcome
+srn0.c
+
+ This tests that the safe renegotiation extension is negotiated
+ properly by default on initial connections and on rehandshaked
+ connections. Consequently, it also verifies that rehandshaked
+ connections work with the extension enabled.
+
+ NORMAL
+ NORMAL
+ OK
+ OK
+
+srn1.c
+
+ This tests that clients without support for safe renegotiation is
+ able to handshake against servers with support, but not able to
+ rehandshake (server will refuse rehandshake).
+
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ NORMAL
+ OK
+ Server refuses
+
+srn2.c
+
+ This tests that clients with support for safe renegotiation is able
+ to handshake against servers without support, but not able to
+ rehandshake (client will refuse rehandshake).
+
+ NORMAL
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ OK
+ Client refuses
+
+srn3.c
+
+ This tests that a %SAFE_RENEGOTIATION client will reject handshakes
+ against servers that do not support the extension (server uses
+ %DISABLE_SAFE_RENEGOTIATION).
+
+ NORMAL:%SAFE_RENEGOTIATION
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ Client refuses
+ N/A
+
+srn4.c
+
+ This tests that a %SAFE_RENEGOTIATION server will reject handshakes
+ against clients that do not support the extension.
+
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ NORMAL:%SAFE_RENEGOTIATION
+ Server refuses
+ N/A
+
+srn5.c
+
+ This tests that a client with a permissive policy
+ (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
+ server with no support for the extension.
+
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ NORMAL:%UNSAFE_RENEGOTIATION
+ OK
+ OK
+
+srn6.c
+
+ This tests that a server with a permissive policy
+ (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
+ client with no support for the extension.
+
+ NORMAL:%UNSAFE_RENEGOTIATION
+ NORMAL:%DISABLE_SAFE_RENEGOTIATION
+ OK
+ OK
+
+srn7.c
+
+ This tests that clients and servers in %SAFE_RENEGOTIATION mode are
+ able to handshake and rehandshake.
+
+ NORMAL:%SAFE_RENEGOTIATION
+ NORMAL:%SAFE_RENEGOTIATION
+ OK
+ OK
Index: gnutls-2.4.1/tests/safe-renegotiation/params.dh
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/params.dh
@@ -0,0 +1,35 @@
+
+Generator: 05
+
+Prime: c9:e9:2d:fc:94:15:1a:10:4f:3c:b5:16
+ 7e:34:10:7d:eb:3d:d5:7d:61:ff:b0:ce
+ da:7f:6e:0c:ea:db:b4:87:f6:c6:34:a8
+ 3c:f8:84:52:14:59:ab:17:5c:d0:f0:86
+ c4:02:93:dc:09:83:57:16:98:21:d0:42
+ 8e:33:fc:48:69:e6:04:0d:4e:50:09:33
+ 2e:28:60:4f:05:08:7c:ce:2f:a6:1a:4c
+ 41:d1:a3:dd:f6:37:56:44:1d:b0:54:af
+ f7:4a:a0:c2:19:5d:ce:62:b0:7a:1b:e1
+ 5c:7f:bb:4d:7e:9e:28:48:00:a4:9a:86
+ 3e:6e:6e:9c:57:41:c7:ec:bf:7f:09:fc
+ da:25:c2:1e:e0:52:dc:65:8c:40:a3:6e
+ bd:99:4e:0b:1a:04:e0:23:20:46:5a:d0
+ 3f:b3:a4:d6:76:73:b7:cc:61:33:11:54
+ a6:32:ff:94:08:d5:66:36:fd:99:69:21
+ cc:28:5d:11:52:32:48:b6:a5:b5:c3:b0
+ 21:3f:f9:69:25:83:b1:3d:79:a6:ed:ae
+ db:95:62:fc:72:ca:ad:46:fc:b6:b1:ea
+ 98:68:97:ba:f2:54:aa:86:ed:62:b1:78
+ 5f:d5:19:80:ce:41:ee:98:a1:71:9f:fa
+ 5b:6b:d8:5e:7e:b3:18:0a:f0:4c:96:76
+ 6c:0c:b0:a3
+
+
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAyekt/JQVGhBPPLUWfjQQfes91X1h/7DO2n9uDOrbtIf2xjSoPPiE
+UhRZqxdc0PCGxAKT3AmDVxaYIdBCjjP8SGnmBA1OUAkzLihgTwUIfM4vphpMQdGj
+3fY3VkQdsFSv90qgwhldzmKwehvhXH+7TX6eKEgApJqGPm5unFdBx+y/fwn82iXC
+HuBS3GWMQKNuvZlOCxoE4CMgRlrQP7Ok1nZzt8xhMxFUpjL/lAjVZjb9mWkhzChd
+EVIySLaltcOwIT/5aSWDsT15pu2u25Vi/HLKrUb8trHqmGiXuvJUqobtYrF4X9UZ
+gM5B7pihcZ/6W2vYXn6zGArwTJZ2bAywowIBBQ==
+-----END DH PARAMETERS-----
Index: gnutls-2.4.1/tests/safe-renegotiation/srn0.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn0.c
@@ -0,0 +1,338 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ../mini-x509-rehandshake.c.
+ *
+ * This tests that the safe renegotiation extension is negotiated
+ * properly by default on initial connections and on rehandshaked
+ * connections. Consequently, it also verifies that rehandshaked
+ * connections work with the extension enabled.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL", NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL", NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (!gnutls_safe_renegotiation_status (client) ||
+ !gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session not using safe renegotiation!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = 1;
+
+ if (!gnutls_safe_renegotiation_status (client) ||
+ !gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0,
+ "Rehandshaked session not using safe renegotiation!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn1.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn1.c
@@ -0,0 +1,341 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ./srn0.c.
+ *
+ * This tests that clients without support for safe renegotiation is
+ * able to handshake against servers with support, but not able to
+ * rehandshake (server will refuse rehandshake).
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL", NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ break;
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS
+ && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ exit_code = 1;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn2.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn2.c
@@ -0,0 +1,341 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ./srn1.c.
+ *
+ * This tests that clients with support for safe renegotiation is able
+ * to handshake against servers without support, but not able to
+ * rehandshake (client will refuse rehandshake).
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL", NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session using safe renegotiation but shouldn't?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED)
+ break;
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED
+ && sret != GNUTLS_E_SUCCESS)
+ exit_code = 1;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Rehandshaked worked and uses safe reneg?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn3.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn3.c
@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ../mini-x509.c.
+ *
+ * This tests that a %SAFE_RENEGOTIATION client will reject handshakes
+ * against servers that do not support the extension (server uses
+ * %DISABLE_SAFE_RENEGOTIATION).
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS)
+ && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
+
+ if (cret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn4.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn4.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ../mini-x509.c.
+ *
+ * This tests that a %SAFE_RENEGOTIATION server will reject handshakes
+ * against clients that do not support the extension.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS)
+ && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED)
+ exit_code = EXIT_FAILURE;
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn5.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn5.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ./srn0.c.
+ *
+ * This tests that a client with a permissive policy
+ * (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
+ * server with no support for the extension.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%UNSAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session using safe renegotiation?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = 1;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Rehandshaked using safe renegotiation?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn6.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn6.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ./srn5.c.
+ *
+ * This tests that a server with a permissive policy
+ * (%UNSAFE_RENEGOTIATION) is able to handshake and rehandshake with a
+ * client with no support for the extension.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%UNSAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION",
+ NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session using safe renegotiation?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = 1;
+
+ if (gnutls_safe_renegotiation_status (client) ||
+ gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Rehandshaked using safe renegotiation?!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/srn7.c
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/srn7.c
@@ -0,0 +1,336 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Code based on ../srn0.c.
+ *
+ * This tests that clients and servers in %SAFE_RENEGOTIATION mode are
+ * able to handshake and rehandshake.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <gnutls/gnutls.h>
+
+ static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+static char *to_server;
+static size_t to_server_len;
+
+static char *to_client;
+static size_t to_client_len;
+
+ static ssize_t
+client_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_client_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_client, len);
+
+ memmove (to_client, to_client + len, to_client_len - len);
+ to_client_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+client_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_server_len + len;
+ char *tmp;
+
+ tmp = realloc (to_server, newlen);
+ if (!tmp)
+ abort ();
+ to_server = tmp;
+
+ memcpy (to_server + to_server_len, data, len);
+ to_server_len = newlen;
+
+ return len;
+}
+
+ static ssize_t
+server_pull (gnutls_transport_ptr_t tr, void *data, size_t len)
+{
+ if (to_server_len < len)
+ {
+ gnutls_transport_set_global_errno (EAGAIN);
+ return -1;
+ }
+
+ memcpy (data, to_server, len);
+
+ memmove (to_server, to_server + len, to_server_len - len);
+ to_server_len -= len;
+
+ return len;
+}
+
+ static ssize_t
+server_push (gnutls_transport_ptr_t tr, const void *data, size_t len)
+{
+ size_t newlen = to_client_len + len;
+ char *tmp;
+
+ tmp = realloc (to_client, newlen);
+ if (!tmp)
+ abort ();
+ to_client = tmp;
+
+ memcpy (to_client + to_client_len, data, len);
+ to_client_len = newlen;
+
+ return len;
+}
+
+static unsigned char server_cert_pem[] =
+"-----BEGIN CERTIFICATE-----\n"
+"MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
+"GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+"Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
+"dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
+"DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
+"tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
+"MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
+"Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
+"GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
+"bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
+"AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
+"rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t server_cert = { server_cert_pem,
+ sizeof (server_cert_pem)
+};
+
+static unsigned char server_key_pem[] =
+"-----BEGIN RSA PRIVATE KEY-----\n"
+"MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
+"TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
+"fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
+"AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
+"8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
+"iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
+"Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
+"oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
+"XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
+"qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
+"tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
+"hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
+"LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
+"-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t server_key = { server_key_pem,
+ sizeof (server_key_pem)
+};
+
+ int
+main (int argc, char *argv[])
+{
+ int debug_level = argc - 1;
+ int exit_code = EXIT_SUCCESS;
+ /* Server stuff. */
+ gnutls_certificate_credentials_t serverx509cred;
+ gnutls_session_t server;
+ int sret = GNUTLS_E_AGAIN;
+ /* Client stuff. */
+ gnutls_certificate_credentials_t clientx509cred;
+ gnutls_session_t client;
+ int cret = GNUTLS_E_AGAIN;
+
+ /* General init. */
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ gnutls_global_set_log_level (debug_level);
+
+ /* Init server */
+ gnutls_certificate_allocate_credentials (&serverx509cred);
+ gnutls_certificate_set_x509_key_mem (serverx509cred,
+ &server_cert, &server_key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (&server, GNUTLS_SERVER);
+ gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred);
+ gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (server, server_push);
+ gnutls_transport_set_pull_function (server, server_pull);
+
+ /* Init client */
+ gnutls_certificate_allocate_credentials (&clientx509cred);
+ gnutls_init (&client, GNUTLS_CLIENT);
+ gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred);
+ gnutls_priority_set_direct (client, "NORMAL:%SAFE_RENEGOTIATION", NULL);
+ gnutls_transport_set_push_function (client, client_push);
+ gnutls_transport_set_pull_function (client, client_pull);
+
+ /* Check that initially no session use the extension. */
+ if (gnutls_safe_renegotiation_status (server)
+ || gnutls_safe_renegotiation_status (client))
+ {
+ puts ("Client or server using extension before handshake?");
+ abort ();
+ }
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = EXIT_FAILURE;
+
+ if (!gnutls_safe_renegotiation_status (client) ||
+ !gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0, "Session not using safe renegotiation!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ sret = gnutls_rehandshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "gnutls_rehandshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+
+ {
+ ssize_t n;
+ char b[1];
+ n = gnutls_record_recv (client, b, 1);
+ if (n != GNUTLS_E_REHANDSHAKE)
+ abort ();
+ }
+
+ cret = GNUTLS_E_AGAIN;
+ sret = GNUTLS_E_AGAIN;
+
+ do
+ {
+ static int max_iter = 0;
+ if (max_iter++ > 10)
+ abort ();
+
+ if (cret == GNUTLS_E_AGAIN)
+ {
+ cret = gnutls_handshake (client);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (client)...\n");
+ tls_log_func (0, gnutls_strerror (cret));
+ tls_log_func (0, "\n");
+ }
+ }
+
+ if (sret == GNUTLS_E_AGAIN)
+ {
+ sret = gnutls_handshake (server);
+ if (debug_level > 0)
+ {
+ tls_log_func (0, "second gnutls_handshake (server)...\n");
+ tls_log_func (0, gnutls_strerror (sret));
+ tls_log_func (0, "\n");
+ }
+ }
+ }
+ while (
+ /* Not done: */
+ !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS)
+ /* No error: */
+ && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN));
+
+ if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS)
+ exit_code = 1;
+
+ if (!gnutls_safe_renegotiation_status (client) ||
+ !gnutls_safe_renegotiation_status (server))
+ {
+ tls_log_func (0,
+ "Rehandshaked session not using safe renegotiation!\n");
+ exit_code = EXIT_FAILURE;
+ }
+
+ gnutls_bye (client, GNUTLS_SHUT_RDWR);
+ gnutls_bye (server, GNUTLS_SHUT_RDWR);
+
+ gnutls_deinit (client);
+ gnutls_deinit (server);
+
+ free (to_server);
+ free (to_client);
+
+ gnutls_certificate_free_credentials (serverx509cred);
+
+ gnutls_global_deinit ();
+
+ if (debug_level > 0)
+ {
+ if (exit_code == 0)
+ puts ("Self-test successful");
+ else
+ puts ("Self-test failed");
+ }
+
+ return exit_code;
+}
Index: gnutls-2.4.1/tests/safe-renegotiation/testsrn
===================================================================
--- /dev/null
+++ gnutls-2.4.1/tests/safe-renegotiation/testsrn
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q"
+CLI="${CLI:-../../src/gnutls-cli$EXEEXT}"
+PORT="${PORT:-5558}"
+unset RETCODE
+
+fail() {
+ echo "Failure: $1" >&2
+ RETCODE=${RETCODE:-${2:-1}}
+}
+
+echo "Checking Safe renegotiation"
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+pid=$!
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-SSL3.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "0. Renegotiation should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "1. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "2. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "3. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "4. Unsafe renegotiation should have failed!"
+
+
+kill $pid
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+pid=$!
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "5. Safe rehandshake should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "6. Unsafe rehandshake should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "7. Unsafe negotiation should have failed!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "8. Unsafe renegotiation should have failed!"
+
+kill $pid
+wait
+
+$SERV -p $PORT --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --dhparams $srcdir/params.dh >/dev/null 2>&1 &
+pid=$!
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+ fail "9. Initial connection should have failed!"
+
+$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "10. Unsafe connection should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "11. Unsafe negotiation should have succeeded!"
+
+$CLI -p $PORT 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+ fail "12. Unsafe renegotiation should have succeeded!"
+
+kill $pid
+wait
+
+exit ${RETCODE:-0}
Index: gnutls-2.4.1/src/tests.c
===================================================================
--- gnutls-2.4.1.orig/src/tests.c
+++ gnutls-2.4.1/src/tests.c
@@ -192,8 +192,6 @@ test_export (gnutls_session_t session)
sprintf(prio_str, "+ARCFOUR-40:+RSA-EXPORT:"ALL_COMP":"ALL_CERTTYPES":%s:"ALL_MACS":"ALL_KX":"REST, protocol_str);
_gnutls_priority_set_direct (session, prio_str);
- ADD_KX (session, GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
ret = do_handshake (session);
Index: gnutls-2.4.1/configure.in
===================================================================
--- gnutls-2.4.1.orig/configure.in
+++ gnutls-2.4.1/configure.in
@@ -687,7 +687,7 @@ AC_CONFIG_FILES([Makefile po/Makefile.in
tests/Makefile tests/rsa-md5-collision/Makefile tests/userid/Makefile \
tests/pkcs1-padding/Makefile tests/pkcs8-decode/Makefile \
tests/pkcs12-decode/Makefile tests/pathlen/Makefile \
- tests/key-id/Makefile tests/sha2/Makefile \
+ tests/key-id/Makefile tests/sha2/Makefile tests/safe-renegotiation/Makefile \
tests/hostname-check/Makefile \
includes/Makefile includes/gnutls/gnutls.h \
lib/Makefile lib/minitasn1/Makefile lib/x509/Makefile \
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.am
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/Makefile.am
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.am
@@ -18,12 +18,17 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
-AM_CPPFLAGS = \
- -I$(top_srcdir)/lib/includes \
- -I$(top_builddir)/lib/includes
+#AM_CPPFLAGS = \
+# -I$(top_srcdir)/lib/includes \
+# -I$(top_builddir)/lib/includes
+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes \
+ -I$(top_srcdir)/tests
AM_LDFLAGS = -no-install
-LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+#LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+LDADD = -L$(top_builddir)/libextra -lgnutls-extra \
+ -L$(top_builddir)/lib -lgnutls \
+ -L$(top_builddir)/tests -lutils
ctests = srn0 srn1 srn2 srn3 srn4 srn5 srn6 srn7
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/Makefile.in
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
@@ -879,12 +879,17 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
-AM_CPPFLAGS = \
- -I$(top_srcdir)/lib/includes \
- -I$(top_builddir)/lib/includes
+#AM_CPPFLAGS = \
+# -I$(top_srcdir)/lib/includes \
+# -I$(top_builddir)/lib/includes
+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes \
+ -I$(top_srcdir)/tests
AM_LDFLAGS = -no-install
-LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+#LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
+LDADD = -L$(top_builddir)/libextra -lgnutls-extra \
+ -L$(top_builddir)/lib -lgnutls \
+ -L$(top_builddir)/tests -lutils
ctests = srn0 srn1 srn2 srn3 srn4 srn5 srn6 srn7
TESTS_ENVIRONMENT = $(VALGRIND)
EXTRA_DIST = README params.dh
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/Makefile.in
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
@@ -58,138 +58,138 @@ DIST_COMMON = README $(dist_check_SCRIPT
$(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/libextra/m4/hooks.m4 \
- $(top_srcdir)/lib/m4/hooks.m4 $(top_srcdir)/lib/gl/m4/po.m4 \
- $(top_srcdir)/gl/m4/00gnulib.m4 $(top_srcdir)/gl/m4/alloca.m4 \
- $(top_srcdir)/gl/m4/arpa_inet_h.m4 \
- $(top_srcdir)/gl/m4/asm-underscore.m4 \
- $(top_srcdir)/gl/m4/autobuild.m4 \
- $(top_srcdir)/gl/m4/clock_time.m4 $(top_srcdir)/gl/m4/close.m4 \
- $(top_srcdir)/gl/m4/errno_h.m4 $(top_srcdir)/gl/m4/error.m4 \
- $(top_srcdir)/gl/m4/extensions.m4 \
- $(top_srcdir)/gl/m4/fclose.m4 $(top_srcdir)/gl/m4/float_h.m4 \
- $(top_srcdir)/gl/m4/fseeko.m4 \
- $(top_srcdir)/gl/m4/getaddrinfo.m4 \
- $(top_srcdir)/gl/m4/getdelim.m4 $(top_srcdir)/gl/m4/getline.m4 \
- $(top_srcdir)/gl/m4/getpass.m4 $(top_srcdir)/gl/m4/gettime.m4 \
- $(top_srcdir)/gl/m4/gettimeofday.m4 \
- $(top_srcdir)/gl/m4/gnulib-common.m4 \
- $(top_srcdir)/gl/m4/gnulib-comp.m4 \
- $(top_srcdir)/gl/m4/hostent.m4 \
- $(top_srcdir)/gl/m4/include_next.m4 \
- $(top_srcdir)/gl/m4/inet_ntop.m4 \
- $(top_srcdir)/gl/m4/inet_pton.m4 \
- $(top_srcdir)/gl/m4/intmax_t.m4 \
- $(top_srcdir)/gl/m4/inttypes_h.m4 $(top_srcdir)/gl/m4/ioctl.m4 \
- $(top_srcdir)/gl/m4/lib-ld.m4 $(top_srcdir)/gl/m4/lib-link.m4 \
- $(top_srcdir)/gl/m4/lib-prefix.m4 \
- $(top_srcdir)/gl/m4/longlong.m4 $(top_srcdir)/gl/m4/lseek.m4 \
- $(top_srcdir)/gl/m4/malloc.m4 \
- $(top_srcdir)/gl/m4/manywarnings.m4 \
- $(top_srcdir)/gl/m4/memchr.m4 $(top_srcdir)/gl/m4/minmax.m4 \
- $(top_srcdir)/gl/m4/mmap-anon.m4 \
- $(top_srcdir)/gl/m4/multiarch.m4 \
- $(top_srcdir)/gl/m4/netdb_h.m4 \
- $(top_srcdir)/gl/m4/netinet_in_h.m4 \
- $(top_srcdir)/gl/m4/onceonly_2_57.m4 \
- $(top_srcdir)/gl/m4/perror.m4 $(top_srcdir)/gl/m4/printf.m4 \
- $(top_srcdir)/gl/m4/read-file.m4 \
- $(top_srcdir)/gl/m4/readline.m4 $(top_srcdir)/gl/m4/realloc.m4 \
- $(top_srcdir)/gl/m4/select.m4 $(top_srcdir)/gl/m4/servent.m4 \
- $(top_srcdir)/gl/m4/size_max.m4 \
- $(top_srcdir)/gl/m4/snprintf.m4 $(top_srcdir)/gl/m4/sockets.m4 \
- $(top_srcdir)/gl/m4/socklen.m4 $(top_srcdir)/gl/m4/sockpfaf.m4 \
- $(top_srcdir)/gl/m4/stdarg.m4 $(top_srcdir)/gl/m4/stdbool.m4 \
- $(top_srcdir)/gl/m4/stddef_h.m4 $(top_srcdir)/gl/m4/stdint.m4 \
- $(top_srcdir)/gl/m4/stdint_h.m4 $(top_srcdir)/gl/m4/stdio_h.m4 \
- $(top_srcdir)/gl/m4/stdlib_h.m4 \
- $(top_srcdir)/gl/m4/strerror.m4 \
- $(top_srcdir)/gl/m4/string_h.m4 \
- $(top_srcdir)/gl/m4/sys_ioctl_h.m4 \
- $(top_srcdir)/gl/m4/sys_select_h.m4 \
- $(top_srcdir)/gl/m4/sys_socket_h.m4 \
- $(top_srcdir)/gl/m4/sys_stat_h.m4 \
- $(top_srcdir)/gl/m4/sys_time_h.m4 \
- $(top_srcdir)/gl/m4/time_h.m4 $(top_srcdir)/gl/m4/timespec.m4 \
- $(top_srcdir)/gl/m4/ungetc.m4 $(top_srcdir)/gl/m4/unistd_h.m4 \
- $(top_srcdir)/gl/m4/valgrind-tests.m4 \
- $(top_srcdir)/gl/m4/vasnprintf.m4 \
- $(top_srcdir)/gl/m4/version-etc.m4 \
- $(top_srcdir)/gl/m4/warn-on-use.m4 \
- $(top_srcdir)/gl/m4/warnings.m4 $(top_srcdir)/gl/m4/wchar_h.m4 \
- $(top_srcdir)/gl/m4/wchar_t.m4 $(top_srcdir)/gl/m4/wint_t.m4 \
- $(top_srcdir)/gl/m4/xsize.m4 $(top_srcdir)/m4/gtk-doc.m4 \
- $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac
+ $(top_srcdir)/lib/m4/hooks.m4 $(top_srcdir)/lib/gl/m4/po.m4 \
+ $(top_srcdir)/gl/m4/00gnulib.m4 $(top_srcdir)/gl/m4/alloca.m4 \
+ $(top_srcdir)/gl/m4/arpa_inet_h.m4 \
+ $(top_srcdir)/gl/m4/asm-underscore.m4 \
+ $(top_srcdir)/gl/m4/autobuild.m4 \
+ $(top_srcdir)/gl/m4/clock_time.m4 $(top_srcdir)/gl/m4/close.m4 \
+ $(top_srcdir)/gl/m4/errno_h.m4 $(top_srcdir)/gl/m4/error.m4 \
+ $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/fclose.m4 $(top_srcdir)/gl/m4/float_h.m4 \
+ $(top_srcdir)/gl/m4/fseeko.m4 \
+ $(top_srcdir)/gl/m4/getaddrinfo.m4 \
+ $(top_srcdir)/gl/m4/getdelim.m4 $(top_srcdir)/gl/m4/getline.m4 \
+ $(top_srcdir)/gl/m4/getpass.m4 $(top_srcdir)/gl/m4/gettime.m4 \
+ $(top_srcdir)/gl/m4/gettimeofday.m4 \
+ $(top_srcdir)/gl/m4/gnulib-common.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 \
+ $(top_srcdir)/gl/m4/hostent.m4 \
+ $(top_srcdir)/gl/m4/include_next.m4 \
+ $(top_srcdir)/gl/m4/inet_ntop.m4 \
+ $(top_srcdir)/gl/m4/inet_pton.m4 \
+ $(top_srcdir)/gl/m4/intmax_t.m4 \
+ $(top_srcdir)/gl/m4/inttypes_h.m4 $(top_srcdir)/gl/m4/ioctl.m4 \
+ $(top_srcdir)/gl/m4/lib-ld.m4 $(top_srcdir)/gl/m4/lib-link.m4 \
+ $(top_srcdir)/gl/m4/lib-prefix.m4 \
+ $(top_srcdir)/gl/m4/longlong.m4 $(top_srcdir)/gl/m4/lseek.m4 \
+ $(top_srcdir)/gl/m4/malloc.m4 \
+ $(top_srcdir)/gl/m4/manywarnings.m4 \
+ $(top_srcdir)/gl/m4/memchr.m4 $(top_srcdir)/gl/m4/minmax.m4 \
+ $(top_srcdir)/gl/m4/mmap-anon.m4 \
+ $(top_srcdir)/gl/m4/multiarch.m4 \
+ $(top_srcdir)/gl/m4/netdb_h.m4 \
+ $(top_srcdir)/gl/m4/netinet_in_h.m4 \
+ $(top_srcdir)/gl/m4/onceonly_2_57.m4 \
+ $(top_srcdir)/gl/m4/perror.m4 $(top_srcdir)/gl/m4/printf.m4 \
+ $(top_srcdir)/gl/m4/read-file.m4 \
+ $(top_srcdir)/gl/m4/readline.m4 $(top_srcdir)/gl/m4/realloc.m4 \
+ $(top_srcdir)/gl/m4/select.m4 $(top_srcdir)/gl/m4/servent.m4 \
+ $(top_srcdir)/gl/m4/size_max.m4 \
+ $(top_srcdir)/gl/m4/snprintf.m4 $(top_srcdir)/gl/m4/sockets.m4 \
+ $(top_srcdir)/gl/m4/socklen.m4 $(top_srcdir)/gl/m4/sockpfaf.m4 \
+ $(top_srcdir)/gl/m4/stdarg.m4 $(top_srcdir)/gl/m4/stdbool.m4 \
+ $(top_srcdir)/gl/m4/stddef_h.m4 $(top_srcdir)/gl/m4/stdint.m4 \
+ $(top_srcdir)/gl/m4/stdint_h.m4 $(top_srcdir)/gl/m4/stdio_h.m4 \
+ $(top_srcdir)/gl/m4/stdlib_h.m4 \
+ $(top_srcdir)/gl/m4/strerror.m4 \
+ $(top_srcdir)/gl/m4/string_h.m4 \
+ $(top_srcdir)/gl/m4/sys_ioctl_h.m4 \
+ $(top_srcdir)/gl/m4/sys_select_h.m4 \
+ $(top_srcdir)/gl/m4/sys_socket_h.m4 \
+ $(top_srcdir)/gl/m4/sys_stat_h.m4 \
+ $(top_srcdir)/gl/m4/sys_time_h.m4 \
+ $(top_srcdir)/gl/m4/time_h.m4 $(top_srcdir)/gl/m4/timespec.m4 \
+ $(top_srcdir)/gl/m4/ungetc.m4 $(top_srcdir)/gl/m4/unistd_h.m4 \
+ $(top_srcdir)/gl/m4/valgrind-tests.m4 \
+ $(top_srcdir)/gl/m4/vasnprintf.m4 \
+ $(top_srcdir)/gl/m4/version-etc.m4 \
+ $(top_srcdir)/gl/m4/warn-on-use.m4 \
+ $(top_srcdir)/gl/m4/warnings.m4 $(top_srcdir)/gl/m4/wchar_h.m4 \
+ $(top_srcdir)/gl/m4/wchar_t.m4 $(top_srcdir)/gl/m4/wint_t.m4 \
+ $(top_srcdir)/gl/m4/xsize.m4 $(top_srcdir)/m4/gtk-doc.m4 \
+ $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
+ $(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__EXEEXT_1 = srn0$(EXEEXT) srn1$(EXEEXT) srn2$(EXEEXT) srn3$(EXEEXT) \
- srn4$(EXEEXT) srn5$(EXEEXT) srn6$(EXEEXT) srn7$(EXEEXT)
+ srn4$(EXEEXT) srn5$(EXEEXT) srn6$(EXEEXT) srn7$(EXEEXT)
srn0_SOURCES = srn0.c
srn0_OBJECTS = srn0.$(OBJEXT)
srn0_LDADD = $(LDADD)
am__DEPENDENCIES_1 =
srn0_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn1_SOURCES = srn1.c
srn1_OBJECTS = srn1.$(OBJEXT)
srn1_LDADD = $(LDADD)
srn1_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn2_SOURCES = srn2.c
srn2_OBJECTS = srn2.$(OBJEXT)
srn2_LDADD = $(LDADD)
srn2_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn3_SOURCES = srn3.c
srn3_OBJECTS = srn3.$(OBJEXT)
srn3_LDADD = $(LDADD)
srn3_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn4_SOURCES = srn4.c
srn4_OBJECTS = srn4.$(OBJEXT)
srn4_LDADD = $(LDADD)
srn4_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn5_SOURCES = srn5.c
srn5_OBJECTS = srn5.$(OBJEXT)
srn5_LDADD = $(LDADD)
srn5_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn6_SOURCES = srn6.c
srn6_OBJECTS = srn6.$(OBJEXT)
srn6_LDADD = $(LDADD)
srn6_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
srn7_SOURCES = srn7.c
srn7_OBJECTS = srn7.$(OBJEXT)
srn7_LDADD = $(LDADD)
srn7_DEPENDENCIES = ../../lib/libgnutls.la $(am__DEPENDENCIES_1) \
- $(am__DEPENDENCIES_1)
+ $(am__DEPENDENCIES_1)
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
SOURCES = srn0.c srn1.c srn2.c srn3.c srn4.c srn5.c srn6.c srn7.c
DIST_SOURCES = srn0.c srn1.c srn2.c srn3.c srn4.c srn5.c srn6.c srn7.c
ETAGS = etags
CTAGS = ctags
am__tty_colors = \
- red=; grn=; lgn=; blu=; std=
+red=; grn=; lgn=; blu=; std=
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
@@ -887,7 +887,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/includes -
AM_LDFLAGS = -no-install
#LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET)
-LDADD = -L$(top_builddir)/libextra -lgnutls-extra \
+LDADD = ../../lib/libgnutls.la $(LTLIBGCRYPT) $(LIBSOCKET) \
+ -L$(top_builddir)/libextra -lgnutls-extra \
-L$(top_builddir)/lib -lgnutls \
-L$(top_builddir)/tests -lutils
ctests = srn0 srn1 srn2 srn3 srn4 srn5 srn6 srn7
@@ -897,7 +898,7 @@ dist_check_SCRIPTS = testsrn
all: all-am
.SUFFIXES:
- .SUFFIXES: .c .lo .o .obj
+.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
@@ -910,8 +911,8 @@ all: all-am
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/safe-renegotiation/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu tests/safe-renegotiation/Makefile
- .PRECIOUS: Makefile
- Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
@@ -930,43 +931,43 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
- srn0$(EXEEXT): $(srn0_OBJECTS) $(srn0_DEPENDENCIES)
- @rm -f srn0$(EXEEXT)
- $(LINK) $(srn0_OBJECTS) $(srn0_LDADD) $(LIBS)
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+srn0$(EXEEXT): $(srn0_OBJECTS) $(srn0_DEPENDENCIES)
+ @rm -f srn0$(EXEEXT)
+ $(LINK) $(srn0_OBJECTS) $(srn0_LDADD) $(LIBS)
srn1$(EXEEXT): $(srn1_OBJECTS) $(srn1_DEPENDENCIES)
- @rm -f srn1$(EXEEXT)
- $(LINK) $(srn1_OBJECTS) $(srn1_LDADD) $(LIBS)
+ @rm -f srn1$(EXEEXT)
+ $(LINK) $(srn1_OBJECTS) $(srn1_LDADD) $(LIBS)
srn2$(EXEEXT): $(srn2_OBJECTS) $(srn2_DEPENDENCIES)
- @rm -f srn2$(EXEEXT)
- $(LINK) $(srn2_OBJECTS) $(srn2_LDADD) $(LIBS)
+ @rm -f srn2$(EXEEXT)
+ $(LINK) $(srn2_OBJECTS) $(srn2_LDADD) $(LIBS)
srn3$(EXEEXT): $(srn3_OBJECTS) $(srn3_DEPENDENCIES)
- @rm -f srn3$(EXEEXT)
- $(LINK) $(srn3_OBJECTS) $(srn3_LDADD) $(LIBS)
+ @rm -f srn3$(EXEEXT)
+ $(LINK) $(srn3_OBJECTS) $(srn3_LDADD) $(LIBS)
srn4$(EXEEXT): $(srn4_OBJECTS) $(srn4_DEPENDENCIES)
- @rm -f srn4$(EXEEXT)
- $(LINK) $(srn4_OBJECTS) $(srn4_LDADD) $(LIBS)
+ @rm -f srn4$(EXEEXT)
+ $(LINK) $(srn4_OBJECTS) $(srn4_LDADD) $(LIBS)
srn5$(EXEEXT): $(srn5_OBJECTS) $(srn5_DEPENDENCIES)
- @rm -f srn5$(EXEEXT)
- $(LINK) $(srn5_OBJECTS) $(srn5_LDADD) $(LIBS)
+ @rm -f srn5$(EXEEXT)
+ $(LINK) $(srn5_OBJECTS) $(srn5_LDADD) $(LIBS)
srn6$(EXEEXT): $(srn6_OBJECTS) $(srn6_DEPENDENCIES)
- @rm -f srn6$(EXEEXT)
- $(LINK) $(srn6_OBJECTS) $(srn6_LDADD) $(LIBS)
+ @rm -f srn6$(EXEEXT)
+ $(LINK) $(srn6_OBJECTS) $(srn6_LDADD) $(LIBS)
srn7$(EXEEXT): $(srn7_OBJECTS) $(srn7_DEPENDENCIES)
- @rm -f srn7$(EXEEXT)
- $(LINK) $(srn7_OBJECTS) $(srn7_LDADD) $(LIBS)
+ @rm -f srn7$(EXEEXT)
+ $(LINK) $(srn7_OBJECTS) $(srn7_LDADD) $(LIBS)
mostlyclean-compile:
- -rm -f *.$(OBJEXT)
+ -rm -f *.$(OBJEXT)
distclean-compile:
- -rm -f *.tab.c
+ -rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn0.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn1.Po@am__quote@
@@ -978,25 +979,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srn7.Po@am__quote@
.c.o:
- @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
- @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
- @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
- @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
- @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
- @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
@@ -1178,28 +1179,28 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
- check-am: all-am
+check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
- $(dist_check_SCRIPTS)
+ $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
- check: check-am
- all-am: Makefile
+check: check-am
+all-am: Makefile
installdirs:
- install: install-am
- install-exec: install-exec-am
- install-data: install-data-am
- uninstall: uninstall-am
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
- install-strip:
+install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
- mostlyclean-generic:
+mostlyclean-generic:
clean-generic:
@@ -1210,7 +1211,7 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
- clean: clean-am
+clean: clean-am
clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
mostlyclean-am
@@ -1218,7 +1219,7 @@ clean-am: clean-checkPROGRAMS clean-gene
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
- distclean-am: clean-am distclean-compile distclean-generic \
+distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
@@ -1264,7 +1265,7 @@ installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
- maintainer-clean-am: distclean-am maintainer-clean-generic
+maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
Index: gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/Makefile.in
+++ gnutls-2.4.1/tests/safe-renegotiation/Makefile.in
@@ -1059,95 +1059,96 @@ distclean-tags:
check-TESTS: $(TESTS)
@failed=0; all=0; xfail=0; xpass=0; skip=0; \
- srcdir=$(srcdir); export srcdir; \
- list=' $(TESTS) '; \
- $(am__tty_colors); \
- if test -n "$$list"; then \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
for tst in $$list; do \
- if test -f ./$$tst; then dir=./; \
- elif test -f $$tst; then dir=; \
- else dir="$(srcdir)/"; fi; \
- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xpass=`expr $$xpass + 1`; \
- failed=`expr $$failed + 1`; \
- col=$$red; res=XPASS; \
- ;; \
- *) \
- col=$$grn; res=PASS; \
- ;; \
- esac; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xfail=`expr $$xfail + 1`; \
- col=$$lgn; res=XFAIL; \
- ;; \
- *) \
- failed=`expr $$failed + 1`; \
- col=$$red; res=FAIL; \
- ;; \
- esac; \
- else \
- skip=`expr $$skip + 1`; \
- col=$$blu; res=SKIP; \
- fi; \
- echo "$${col}$$res$${std}: $$tst"; \
+ echo "test---------$$tst"
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
done; \
if test "$$all" -eq 1; then \
- tests="test"; \
- All=""; \
- else \
- tests="tests"; \
- All="All "; \
- fi; \
- if test "$$failed" -eq 0; then \
- if test "$$xfail" -eq 0; then \
- banner="$$All$$all $$tests passed"; \
- else \
- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
- fi; \
- else \
- if test "$$xpass" -eq 0; then \
- banner="$$failed of $$all $$tests failed"; \
- else \
- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
- fi; \
- fi; \
- dashes="$$banner"; \
- skipped=""; \
- if test "$$skip" -ne 0; then \
- if test "$$skip" -eq 1; then \
- skipped="($$skip test was not run)"; \
- else \
- skipped="($$skip tests were not run)"; \
- fi; \
- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$skipped"; \
- fi; \
- report=""; \
- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
- report="Please report to $(PACKAGE_BUGREPORT)"; \
- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$report"; \
- fi; \
- dashes=`echo "$$dashes" | sed s/./=/g`; \
- if test "$$failed" -eq 0; then \
- echo "$$grn$$dashes"; \
- else \
- echo "$$red$$dashes"; \
- fi; \
- echo "$$banner"; \
- test -z "$$skipped" || echo "$$skipped"; \
- test -z "$$report" || echo "$$report"; \
- echo "$$dashes$$std"; \
- test "$$failed" -eq 0; \
- else :; fi
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
Index: gnutls-2.4.1/tests/safe-renegotiation/srn1.c
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/srn1.c
+++ gnutls-2.4.1/tests/safe-renegotiation/srn1.c
@@ -74,7 +74,10 @@ client_push (gnutls_transport_ptr_t tr,
tmp = realloc (to_server, newlen);
if (!tmp)
+ {
+ puts ("1Client or server using extension before handshake?");
abort ();
+ }
to_server = tmp;
memcpy (to_server + to_server_len, data, len);
@@ -108,7 +111,10 @@ server_push (gnutls_transport_ptr_t tr,
tmp = realloc (to_client, newlen);
if (!tmp)
+ {
+ puts ("2Client or server using extension before handshake?");
abort ();
+ }
to_client = tmp;
memcpy (to_client + to_client_len, data, len);
@@ -197,6 +203,7 @@ main (int argc, char *argv[])
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
+ puts ("3Client or server using extension before handshake?");
/* Check that initially no session use the extension. */
if (gnutls_safe_renegotiation_status (server)
|| gnutls_safe_renegotiation_status (client))
@@ -204,12 +211,16 @@ main (int argc, char *argv[])
puts ("Client or server using extension before handshake?");
abort ();
}
+ puts ("4Client or server using extension before handshake?");
do
{
static int max_iter = 0;
if (max_iter++ > 10)
+ {
+ puts ("5Client or server using extension before handshake?");
abort ();
+ }
if (cret == GNUTLS_E_AGAIN)
{
@@ -262,7 +273,10 @@ main (int argc, char *argv[])
char b[1];
n = gnutls_record_recv (client, b, 1);
if (n != GNUTLS_E_REHANDSHAKE)
+ {
+ puts ("6Client or server using extension before handshake?");
abort ();
+ }
}
cret = GNUTLS_E_AGAIN;
@@ -272,7 +286,10 @@ main (int argc, char *argv[])
{
static int max_iter = 0;
if (max_iter++ > 10)
+ {
+ puts ("7Client or server using extension before handshake?");
abort ();
+ }
if (cret == GNUTLS_E_AGAIN)
{
Index: gnutls-2.4.1/src/tests.c
===================================================================
--- gnutls-2.4.1.orig/src/tests.c
+++ gnutls-2.4.1/src/tests.c
@@ -106,11 +106,6 @@ do_handshake (gnutls_session_t session)
char protocol_str[] = "+VERS-TLS1.0:+VERS-SSL3.0";
char prio_str[256] = "";
-static const int kx_priority[16] =
- { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_ANON_DH,
- GNUTLS_KX_RSA_EXPORT, 0
-};
#define ALL_CIPHERS "+3DES-CBC:+ARCFOUR-128:+ARCFOUR-40"
#define ALL_COMP "+COMP-NULL"
#define ALL_MACS "+SHA1:+MD5"
Index: gnutls-2.4.1/tests/safe-renegotiation/srn1.c
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/srn1.c
+++ gnutls-2.4.1/tests/safe-renegotiation/srn1.c
@@ -225,6 +225,7 @@ main (int argc, char *argv[])
if (cret == GNUTLS_E_AGAIN)
{
cret = gnutls_handshake (client);
+ printf ("cret: %d", cret);
if (debug_level > 0)
{
tls_log_func (0, "gnutls_handshake (client)...\n");
@@ -236,6 +237,7 @@ main (int argc, char *argv[])
if (sret == GNUTLS_E_AGAIN)
{
sret = gnutls_handshake (server);
+ printf ("sret: %d", sret);
if (debug_level > 0)
{
tls_log_func (0, "gnutls_handshake (server)...\n");
Index: gnutls-2.4.1/tests/safe-renegotiation/srn1.c
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/srn1.c
+++ gnutls-2.4.1/tests/safe-renegotiation/srn1.c
@@ -222,10 +222,10 @@ main (int argc, char *argv[])
abort ();
}
+ printf ("cret: %d | sret: %d \n", cret, sret);
if (cret == GNUTLS_E_AGAIN)
{
cret = gnutls_handshake (client);
- printf ("cret: %d", cret);
if (debug_level > 0)
{
tls_log_func (0, "gnutls_handshake (client)...\n");
@@ -237,7 +237,6 @@ main (int argc, char *argv[])
if (sret == GNUTLS_E_AGAIN)
{
sret = gnutls_handshake (server);
- printf ("sret: %d", sret);
if (debug_level > 0)
{
tls_log_func (0, "gnutls_handshake (server)...\n");
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -2469,22 +2469,27 @@ gnutls_handshake (gnutls_session_t sessi
{
int ret;
+ puts("handshake--1");
if ((ret = _gnutls_handshake_hash_init (session)) < 0)
{
gnutls_assert ();
return ret;
}
+ puts("handshake--2");
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
+ puts("handshake--3");
ret = _gnutls_handshake_client (session);
}
else
{
+ puts("handshake--4");
ret = _gnutls_handshake_server (session);
}
if (ret < 0)
{
+ puts("handshake--5");
/* In the case of a rehandshake abort
* we should reset the handshake's internal state.
*/
@@ -2494,16 +2499,19 @@ gnutls_handshake (gnutls_session_t sessi
return ret;
}
+ puts("handshake--6");
ret = _gnutls_handshake_common (session);
if (ret < 0)
{
+ puts("handshake--7");
if (_gnutls_abort_handshake (session, ret) == 0)
STATE = STATE0;
return ret;
}
+ puts("handshake--8");
STATE = STATE0;
_gnutls_handshake_io_buffer_clear (session);
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -54,6 +54,9 @@
#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */
#include <gc.h>
#include <random.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
#ifdef HANDSHAKE_DEBUG
#define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1860,12 +1860,14 @@ _gnutls_send_client_hello (gnutls_sessio
hver = session->internals.resumed_security_parameters.version;
}
+ puts("1111111111111111111111111");
if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
{
gnutls_assert ();
gnutls_free (data);
return GNUTLS_E_INTERNAL_ERROR;
}
+ puts("2222222222222222222222222");
data[pos++] = _gnutls_version_get_major (hver);
data[pos++] = _gnutls_version_get_minor (hver);
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1825,12 +1825,16 @@ _gnutls_send_client_hello (gnutls_sessio
opaque rnd[TLS_RANDOM_SIZE];
gnutls_protocol_t hver;
opaque extdata[MAX_EXT_DATA_LENGTH];
+ int rehandshake = 0;
opaque *SessionID =
session->internals.resumed_security_parameters.session_id;
uint8_t session_id_len =
session->internals.resumed_security_parameters.session_id_size;
+ if (session->security_parameters.session_id_size)
+ rehandshake = 1;
+
if (SessionID == NULL)
session_id_len = 0;
else if (session_id_len == 0)
@@ -1854,7 +1858,13 @@ _gnutls_send_client_hello (gnutls_sessio
* version number to the previously established.
*/
if (SessionID == NULL)
- hver = _gnutls_version_max (session);
+ {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = session->security_parameters.version;
+ else
+
+ hver = _gnutls_version_max (session);
+ }
else
{ /* we are resuming a session */
hver = session->internals.resumed_security_parameters.version;
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1871,6 +1871,7 @@ _gnutls_send_client_hello (gnutls_sessio
}
puts("1111111111111111111111111");
+ printf("version info: %d | GNUTLS_SSL3 :1 |GNUTLS_TLS1_0|GNUTLS_TLS1_1|GNUTLS_TLS1_2|GNUTLS_VERSION_UNKNOWN : 0xff| \n",(int)hver);
if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
{
gnutls_assert ();
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1860,10 +1860,15 @@ _gnutls_send_client_hello (gnutls_sessio
if (SessionID == NULL)
{
if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ {
hver = session->security_parameters.version;
+ printf("session->security_parameters.version: %d\n",session->security_parameters.version);
+ }
else
-
+ {
hver = _gnutls_version_max (session);
+ printf("_gnutls_version_max: %d\n", hver);
+ }
}
else
{ /* we are resuming a session */
Index: gnutls-2.4.1/lib/gnutls_priority.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_priority.c
+++ gnutls-2.4.1/lib/gnutls_priority.c
@@ -654,12 +654,42 @@ gnutls_priority_init (gnutls_priority_t
goto error;
}
else if (broken_list[i][0] == '%')
- {
- if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
- (*priority_cache)->no_padding = 1;
- else
- goto error;
- }
+ {
+ if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+ (*priority_cache)->no_padding = 1;
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ else if (strcasecmp (&broken_list[i][1],
+ "SSL3_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 1;
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ else if (strcasecmp (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_UNSAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_SAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_PARTIAL;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_DISABLED;
+ }
+ else
+ goto error;
+ }
else
goto error;
}
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1893,15 +1893,24 @@ _gnutls_send_client_hello (gnutls_sessio
*/
_gnutls_set_adv_version (session, hver);
- /* Some old implementations do not interoperate if we send a
- * different version in the record layer.
- * It seems they prefer to read the record's version
- * as the one we actually requested.
- * The proper behaviour is to use the one in the client hello
- * handshake packet and ignore the one in the packet's record
- * header.
- */
- _gnutls_set_current_version (session, hver);
+ if (session->internals.priorities.ssl3_record_version)
+ {
+ /* Honor the SSL3_RECORD_VERSION option
+ * */
+ _gnutls_set_current_version (session, GNUTLS_SSL3);
+ }
+ else
+ {
+ /* Some old implementations do not interoperate if we send a
+ * different version in the record layer.
+ * It seems they prefer to read the record's version
+ * as the one we actually requested.
+ * The proper behaviour is to use the one in the client hello
+ * handshake packet and ignore the one in the packet's record
+ * header.
+ */
+ _gnutls_set_current_version (session, hver);
+ }
/* In order to know when this session was initiated.
*/
Index: gnutls-2.4.1/lib/gnutls_int.h
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_int.h
+++ gnutls-2.4.1/lib/gnutls_int.h
@@ -428,6 +428,8 @@ struct gnutls_priority_st
/* to disable record padding */
int no_padding:1;
safe_renegotiation_t sr;
+ int ssl3_record_version;
+ int additional_verify_flags;
};
Index: gnutls-2.4.1/lib/gnutls_x509.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_x509.c
+++ gnutls-2.4.1/lib/gnutls_x509.c
@@ -178,7 +178,7 @@ _gnutls_x509_cert_verify_peers (gnutls_s
peer_certificate_list_size,
cred->x509_ca_list, cred->x509_ncas,
cred->x509_crl_list, cred->x509_ncrls,
- cred->verify_flags, status);
+ cred->verify_flags| session->internals.priorities.additional_verify_flags, status);
CLEAR_CERTS;
cta: command not found
cta: command not found
Index: gnutls-2.4.1/lib/gnutls_handshake.c
===================================================================
--- gnutls-2.4.1.orig/lib/gnutls_handshake.c
+++ gnutls-2.4.1/lib/gnutls_handshake.c
@@ -1862,12 +1862,10 @@ _gnutls_send_client_hello (gnutls_sessio
if (rehandshake) /* already negotiated version thus version_max == negotiated version */
{
hver = session->security_parameters.version;
- printf("session->security_parameters.version: %d\n",session->security_parameters.version);
}
else
{
hver = _gnutls_version_max (session);
- printf("_gnutls_version_max: %d\n", hver);
}
}
else
@@ -1875,15 +1873,12 @@ _gnutls_send_client_hello (gnutls_sessio
hver = session->internals.resumed_security_parameters.version;
}
- puts("1111111111111111111111111");
- printf("version info: %d | GNUTLS_SSL3 :1 |GNUTLS_TLS1_0|GNUTLS_TLS1_1|GNUTLS_TLS1_2|GNUTLS_VERSION_UNKNOWN : 0xff| \n",(int)hver);
if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
{
gnutls_assert ();
gnutls_free (data);
return GNUTLS_E_INTERNAL_ERROR;
}
- puts("2222222222222222222222222");
data[pos++] = _gnutls_version_get_major (hver);
data[pos++] = _gnutls_version_get_minor (hver);
@@ -2499,27 +2494,22 @@ gnutls_handshake (gnutls_session_t sessi
{
int ret;
- puts("handshake--1");
if ((ret = _gnutls_handshake_hash_init (session)) < 0)
{
gnutls_assert ();
return ret;
}
- puts("handshake--2");
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
- puts("handshake--3");
ret = _gnutls_handshake_client (session);
}
else
{
- puts("handshake--4");
ret = _gnutls_handshake_server (session);
}
if (ret < 0)
{
- puts("handshake--5");
/* In the case of a rehandshake abort
* we should reset the handshake's internal state.
*/
@@ -2529,19 +2519,16 @@ gnutls_handshake (gnutls_session_t sessi
return ret;
}
- puts("handshake--6");
ret = _gnutls_handshake_common (session);
if (ret < 0)
{
- puts("handshake--7");
if (_gnutls_abort_handshake (session, ret) == 0)
STATE = STATE0;
return ret;
}
- puts("handshake--8");
STATE = STATE0;
_gnutls_handshake_io_buffer_clear (session);
Index: gnutls-2.4.1/tests/safe-renegotiation/srn1.c
===================================================================
--- gnutls-2.4.1.orig/tests/safe-renegotiation/srn1.c
+++ gnutls-2.4.1/tests/safe-renegotiation/srn1.c
@@ -75,7 +75,6 @@ client_push (gnutls_transport_ptr_t tr,
tmp = realloc (to_server, newlen);
if (!tmp)
{
- puts ("1Client or server using extension before handshake?");
abort ();
}
to_server = tmp;
@@ -112,7 +111,6 @@ server_push (gnutls_transport_ptr_t tr,
tmp = realloc (to_client, newlen);
if (!tmp)
{
- puts ("2Client or server using extension before handshake?");
abort ();
}
to_client = tmp;
@@ -203,7 +201,6 @@ main (int argc, char *argv[])
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
- puts ("3Client or server using extension before handshake?");
/* Check that initially no session use the extension. */
if (gnutls_safe_renegotiation_status (server)
|| gnutls_safe_renegotiation_status (client))
@@ -211,18 +208,15 @@ main (int argc, char *argv[])
puts ("Client or server using extension before handshake?");
abort ();
}
- puts ("4Client or server using extension before handshake?");
do
{
static int max_iter = 0;
if (max_iter++ > 10)
{
- puts ("5Client or server using extension before handshake?");
abort ();
}
- printf ("cret: %d | sret: %d \n", cret, sret);
if (cret == GNUTLS_E_AGAIN)
{
cret = gnutls_handshake (client);
@@ -275,7 +269,6 @@ main (int argc, char *argv[])
n = gnutls_record_recv (client, b, 1);
if (n != GNUTLS_E_REHANDSHAKE)
{
- puts ("6Client or server using extension before handshake?");
abort ();
}
}
@@ -288,7 +281,6 @@ main (int argc, char *argv[])
static int max_iter = 0;
if (max_iter++ > 10)
{
- puts ("7Client or server using extension before handshake?");
abort ();
}