Mercurial > hg > freeDiameter
view tests/testcnx.c @ 662:2e94ef0515d7 1.1.0-rc1
Updated copyright information
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Fri, 14 Jan 2011 16:27:21 +0900 |
| parents | f198d16fa7f4 |
| children | 8c3dc8584dab |
line wrap: on
line source
/********************************************************************************************************* * Software License Agreement (BSD License) * * Author: Sebastien Decugis <sdecugis@nict.go.jp> * * * * Copyright (c) 2011, WIDE Project and NICT * * All rights reserved. * * * * Redistribution and use of this software in source and binary forms, with or without modification, are * * permitted provided that the following conditions are met: * * * * * Redistributions of source code must retain the above * * copyright notice, this list of conditions and the * * following disclaimer. * * * * * Redistributions in binary form must reproduce the above * * copyright notice, this list of conditions and the * * following disclaimer in the documentation and/or other * * materials provided with the distribution. * * * * * Neither the name of the WIDE Project or NICT nor the * * names of its contributors may be used to endorse or * * promote products derived from this software without * * specific prior written permission of WIDE Project and * * NICT. * * * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ #include "tests.h" #ifndef TEST_PORT #define TEST_PORT 3868 #endif /* TEST_PORT */ #ifndef NB_STREAMS #define NB_STREAMS 10 #endif /* NB_STREAMS */ #ifndef GNUTLS_DEFAULT_PRIORITY # define GNUTLS_DEFAULT_PRIORITY "NORMAL" #endif /* GNUTLS_DEFAULT_PRIORITY */ #ifndef GNUTLS_DEFAULT_DHBITS # define GNUTLS_DEFAULT_DHBITS 1024 #endif /* GNUTLS_DEFAULT_DHBITS */ /* The cryptographic data */ static char ca_data[] = "-----BEGIN CERTIFICATE-----\n" "MIIEqjCCA5KgAwIBAgIJANKgDwdlDYQDMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n" "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n" "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n" "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n" "Fw0wOTEwMDUwODUxNDRaFw0xOTEwMDMwODUxNDRaMIGUMQswCQYDVQQGEwJKUDEO\n" "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n" "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n" "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n" "hvcNAQEBBQADggEPADCCAQoCggEBAM5c6w4NnngTvGNWcJzbo0Kklp+kvUNQNgGu\n" "myvz826qPp07HTSyJrIcgFnuYDR0Nd130Ot9u5osqpQhHTvolxDE87Tii8i3hJSj\n" "TTY9K0ZwGb4AZ6QkuyMXS1jtOY657HqjpGZqT/2Syh0i7dM/hqSXFw0SPbyq+W1H\n" "SVFWa1CTkPywFWAzwdr5WKah77uZ1dxWqgPgUdcZOiIQtLRp5n3fg40Nwso5YdwS\n" "64+ebBX1pkhrCQ8AGc8O61Ep1JTXcO7jqQmPgzjiN+FeostI1Dp73S3MqleTAHjR\n" "hqZ77VF7nkroMM9btMHJBaxnfwc2ewULUJwnuOiGWrvMq/9Z4J8CAwEAAaOB/DCB\n" "+TAdBgNVHQ4EFgQUkqpVn7N3gmiJ7X5zQ2bki+7qv4UwgckGA1UdIwSBwTCBvoAU\n" "kqpVn7N3gmiJ7X5zQ2bki+7qv4WhgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n" "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n" "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n" "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA0qAPB2UNhAMwDAYD\n" "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJy0XLk8j8YLSTt2/VMy9TAUx\n" "esXUiZj0Ung+gkr7A1K0NnwYxDzG2adMhf13upHoydu2ErLMmD6F77x+QuY/q7nc\n" "ZvO0tvcoAP6ToSDwiypU5dnTmnfkgwVwzFkNCi1sGRosEm8c/c/8MfK0I0nVdj1/\n" "BIkIG7tTDVi9JvkWYl0UlSKWTZKrntVwCmscfC02DGb+GoLbO9+QmiNM5Y3yOYZ4\n" "Pc7SSoKLL0rwJBmpPNs7boYsweeSuCAVu0shRfgC90odXcej2EN5ETfCuU1evXNW\n" "5cA+zZsDK/nWJwxBaW0CxAHX579FElFWlK4+BnzhZRdDhmJDnN5dh4ekJGM6Lg==\n" "-----END CERTIFICATE-----\n"; /* Client: Certificate: Data: Version: 3 (0x2) Serial Number: 5 (0x5) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:04:05 2009 GMT Not After : Oct 25 04:04:05 2019 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=client.test/emailAddress=client@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bd:eb:50:1e:9d:7a:cd:9d:bb:e7:bc:4e:38:4a: b2:cc:9e:b4:89:77:01:ef:d1:c6:19:29:00:fe:ce: 3c:62:05:13:b1:8c:ff:31:7a:0f:c1:2e:4b:3c:0c: 40:1e:36:4e:76:da:0a:64:43:fc:1e:ea:0c:97:b2: 57:9c:9c:8c:90:bd:eb:23:7b:b8:b7:5c:03:ed:6f: 48:55:8a:88:08:38:c5:cd:33:b7:ab:a8:3a:6f:7f: 13:10:65:a5:50:b9:f4:8b:cc:2e:e9:79:58:a6:11: f0:58:45:41:ef:36:b3:35:cb:14:ec:82:0c:ad:11: 6a:ea:64:ef:28:a2:6e:47:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BE:B3:89:4F:9D:8F:6C:20:C4:D0:3E:6A:05:11:82:50:54:49:70:A2 X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption a3:88:f5:15:b5:ad:20:60:a1:85:19:3f:b9:5e:1e:be:31:7f: 84:7a:c2:18:3a:63:6a:67:1f:46:86:4d:10:d6:1d:ad:a2:c8: 0b:95:33:fa:e4:05:f4:b8:70:34:77:f7:85:6e:70:46:ac:39: 54:a9:5f:ea:5e:d1:33:bb:c9:a3:42:81:41:90:25:b5:92:8b: e8:6e:3e:97:06:dd:9a:cc:29:61:34:5a:d3:1c:5d:ad:d1:a3: eb:6a:47:b4:d0:c2:17:89:e1:e2:2d:36:18:50:1a:e7:d4:fc: 38:2e:47:0b:39:50:87:2f:aa:07:64:f8:9a:4d:47:01:da:10: d8:97:c7:a6:13:bc:0e:ca:63:c1:f2:09:fb:f8:6a:a4:5f:08: b5:ad:ed:4f:71:b9:89:7f:43:27:85:72:e7:8d:a8:4a:cc:f6: 36:ca:8a:ae:82:b5:a8:42:41:99:87:84:7c:f0:90:fd:ca:96: 37:a2:e0:d9:fa:dd:a4:c9:f1:50:b7:e5:e6:8f:af:83:8c:23: b6:20:cc:66:e3:08:60:13:02:8f:42:3a:07:91:a7:38:b2:72: 16:fd:bd:a9:60:f0:e2:9f:23:f3:c0:99:e3:17:bc:00:7c:b3: 89:9c:ea:fa:3e:f6:69:a1:98:c2:ec:46:da:70:b6:f9:c3:93: a7:fc:36:dd */ static char client_cert_data[] ="-----BEGIN CERTIFICATE-----\n" "MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwNDA1WhcNMTkxMDI1MDQwNDA1WjCBgTELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n" "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n" "DAZBQUEgV0cxFDASBgNVBAMMC2NsaWVudC50ZXN0MRowGAYJKoZIhvcNAQkBFgtj\n" "bGllbnRAdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvetQHp16zZ27\n" "57xOOEqyzJ60iXcB79HGGSkA/s48YgUTsYz/MXoPwS5LPAxAHjZOdtoKZEP8HuoM\n" "l7JXnJyMkL3rI3u4t1wD7W9IVYqICDjFzTO3q6g6b38TEGWlULn0i8wu6XlYphHw\n" "WEVB7zazNcsU7IIMrRFq6mTvKKJuR0UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg\n" "hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O\n" "BBYEFL6ziU+dj2wgxNA+agURglBUSXCiMB8GA1UdIwQYMBaAFJKqVZ+zd4Joie1+\n" "c0Nm5Ivu6r+FMA0GCSqGSIb3DQEBBQUAA4IBAQCjiPUVta0gYKGFGT+5Xh6+MX+E\n" "esIYOmNqZx9Ghk0Q1h2tosgLlTP65AX0uHA0d/eFbnBGrDlUqV/qXtEzu8mjQoFB\n" "kCW1kovobj6XBt2azClhNFrTHF2t0aPrake00MIXieHiLTYYUBrn1Pw4LkcLOVCH\n" "L6oHZPiaTUcB2hDYl8emE7wOymPB8gn7+GqkXwi1re1PcbmJf0MnhXLnjahKzPY2\n" "yoqugrWoQkGZh4R88JD9ypY3ouDZ+t2kyfFQt+Xmj6+DjCO2IMxm4whgEwKPQjoH\n" "kac4snIW/b2pYPDinyPzwJnjF7wAfLOJnOr6PvZpoZjC7EbacLb5w5On/Dbd\n" "-----END CERTIFICATE-----\n"; static char client_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXgIBAAKBgQC961AenXrNnbvnvE44SrLMnrSJdwHv0cYZKQD+zjxiBROxjP8x\n" "eg/BLks8DEAeNk522gpkQ/we6gyXslecnIyQvesje7i3XAPtb0hViogIOMXNM7er\n" "qDpvfxMQZaVQufSLzC7peVimEfBYRUHvNrM1yxTsggytEWrqZO8oom5HRQIDAQAB\n" "AoGBAIYnsOLPby3LnC5n8AEHkyHDgdgQvsd/MSYYtuFHIZRD7dNfu+xhQru9TdvO\n" "84Pj7K07/FczRuc3gUmu6wBv/UIP9To15RHZh+/n537nybGus5S4IYKVvap477To\n" "0rQDf9ec27iw77gxb7moQ9Otuxwbv0h0Z+1EVLI8d8jHOq0BAkEA9YNr0R+7KXBS\n" "48yT43g5HpOFkTZzNXWVdpSvYGneb56wslk5Eatp235I4uz/a7Rej5v99W0M3nSe\n" "/AgHfYn75QJBAMYH/pBx/WkrLj+pPaARlNwInCIC5zUhr6B0IKCt2tvy5eyuc5sd\n" "AoTFaU+cSI+ZqsRzY8jMKkonktxBg48oJ+ECQQCt4AtlqcFVkbVCm8pJGQXq/7Ni\n" "qlthiwr1Vkv2TkQ4bPza8pGWT/3Cc2ePPyWN08n8jw+G11p72cAW4mDbqfN5AkEA\n" "mNYKrkiLn+NnqlJf8W4gSUGL3uQGtYbuGRQHKnuDckWhFm39YzWcgAQsJvkjN1EN\n" "7thvpsWLzfeE7ODTPGVtgQJATObxYJOt6rms3fAStwuXW3ET77TA1ja4XsUEe5Yu\n" "JpcQOruJb9XwndqzNbL0dSUePb9gFiBCGKYOyreNTTRTmw==\n" "-----END RSA PRIVATE KEY-----\n"; /* Server: Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:03:39 2009 GMT Not After : Oct 25 04:03:39 2019 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=serv.test/emailAddress=serv@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a6:f7:1c:a9:90:5b:fa:c8:f6:a3:04:0c:d0:8b: 45:c3:90:f7:2d:c2:c9:d7:bd:66:8a:7c:1c:51:89: 40:9e:cd:70:57:cb:00:47:a3:e8:76:8b:00:b3:c9: c3:0d:b1:b9:2a:08:9f:52:92:82:d3:18:c1:d8:d1: b8:1e:fd:71:fe:23:ec:19:e9:6d:9d:fd:ae:88:bc: 39:44:7a:37:ad:c6:88:d1:64:7c:b1:d4:3c:a9:30: c4:de:51:02:c4:48:4f:25:3e:2f:93:ae:25:32:66: 9a:dc:f4:44:45:ff:7f:12:49:97:0d:01:8d:13:9a: d3:8f:9e:2d:62:95:02:0a:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0C:33:C4:7F:39:D0:34:FF:F8:61:A1:46:8B:49:1D:A3:57:B3:4D:58 X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption 87:f5:49:a6:04:f9:98:9a:f1:1a:68:ce:06:ae:4c:0c:08:eb: ba:98:e7:3f:df:22:7f:35:88:1d:b7:8a:f3:89:a3:68:0d:53: 45:eb:23:a1:dd:6b:dc:b0:80:58:0c:10:0b:49:74:ea:a8:b6: 8c:2e:c6:73:dc:7a:74:c7:59:3e:79:5a:d2:5c:15:0b:f1:d8: 19:37:2a:c0:22:75:10:3f:4c:e9:a1:e0:eb:b2:9e:09:70:3d: 2a:4c:fe:9c:99:36:4b:aa:6c:e1:8b:9c:aa:e1:29:1f:49:6b: 14:db:12:ae:cf:68:4a:dd:03:e1:3b:ad:79:b4:54:84:1d:bb: ac:45:c4:85:f1:03:65:65:96:23:ae:e7:97:3c:5c:db:ce:55: 34:5d:c3:73:ec:cd:f6:0f:a5:81:5f:c2:ab:a3:42:fa:36:7f: 83:ef:db:0f:cd:62:0b:ea:d9:4f:73:35:68:5f:23:d5:0a:be: ff:7f:23:9a:af:0d:a5:f8:3e:3a:f0:63:1c:e1:d2:96:81:cf: 7b:5a:6b:d0:9b:67:56:9e:aa:a9:e8:f1:6c:fb:54:2b:1a:f4: ef:16:5a:be:1d:a9:c8:d6:cc:f7:42:8c:fe:83:2c:84:8c:80: fb:1c:88:f6:35:1c:ae:43:72:fa:68:30:9c:25:8b:db:2c:84: 87:76:9d:b9 */ static char server_cert_data[] ="-----BEGIN CERTIFICATE-----\n" "MIIDhDCCAmygAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwMzM5WhcNMTkxMDI1MDQwMzM5WjB9MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n" "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n" "BkFBQSBXRzESMBAGA1UEAwwJc2Vydi50ZXN0MRgwFgYJKoZIhvcNAQkBFglzZXJ2\n" "QHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb3HKmQW/rI9qMEDNCL\n" "RcOQ9y3Cyde9Zop8HFGJQJ7NcFfLAEej6HaLALPJww2xuSoIn1KSgtMYwdjRuB79\n" "cf4j7BnpbZ39roi8OUR6N63GiNFkfLHUPKkwxN5RAsRITyU+L5OuJTJmmtz0REX/\n" "fxJJlw0BjROa04+eLWKVAgrHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4\n" "QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQM\n" "M8R/OdA0//hhoUaLSR2jV7NNWDAfBgNVHSMEGDAWgBSSqlWfs3eCaIntfnNDZuSL\n" "7uq/hTANBgkqhkiG9w0BAQUFAAOCAQEAh/VJpgT5mJrxGmjOBq5MDAjrupjnP98i\n" "fzWIHbeK84mjaA1TResjod1r3LCAWAwQC0l06qi2jC7Gc9x6dMdZPnla0lwVC/HY\n" "GTcqwCJ1ED9M6aHg67KeCXA9Kkz+nJk2S6ps4YucquEpH0lrFNsSrs9oSt0D4Tut\n" "ebRUhB27rEXEhfEDZWWWI67nlzxc285VNF3Dc+zN9g+lgV/Cq6NC+jZ/g+/bD81i\n" "C+rZT3M1aF8j1Qq+/38jmq8Npfg+OvBjHOHSloHPe1pr0JtnVp6qqejxbPtUKxr0\n" "7xZavh2pyNbM90KM/oMshIyA+xyI9jUcrkNy+mgwnCWL2yyEh3aduQ==\n" "-----END CERTIFICATE-----\n"; static char server_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXQIBAAKBgQCm9xypkFv6yPajBAzQi0XDkPctwsnXvWaKfBxRiUCezXBXywBH\n" "o+h2iwCzycMNsbkqCJ9SkoLTGMHY0bge/XH+I+wZ6W2d/a6IvDlEejetxojRZHyx\n" "1DypMMTeUQLESE8lPi+TriUyZprc9ERF/38SSZcNAY0TmtOPni1ilQIKxwIDAQAB\n" "AoGAZv3Ddm0P79CLIt9asEFY1VvUvSuMqkGwwPfx1/HcJJkBFYapM4fN22G/Gyf3\n" "47ifSWhsLtklTeXVnVMwSh14dJaJQuSEnaFnUUWfjiRbEAXZnMFwAIiaszEZbPap\n" "NUNpcGl06FZrphYAMkjOVUfjCjfOZDAvL4JGpo271Zx4l0ECQQDYoFFQpBCPx0PK\n" "TWUmvatXI/Amo94XkGfofbdeeI8PiAJBO5UI6rmjjIVwsJwO9dQb/IlP1/OnBeJv\n" "p9YW5uixAkEAxVAOKu7mpGu0Q/K2iEUUYDX9YHf253kgkdIDF4iZk4Tcecjoxuru\n" "fIWu9dMtyDVV+HT2X4cNEnO1/oS3kJII9wJBAJkdwDwiqz4lV6o/yFZ4zAoc8dsu\n" "CoZXYMq5SYox5tTQit928OHLn4mVgqBjhPsiEVnyx0+zUZpmE2ZemHm5nxECQHfE\n" "FBVzVYRP6+eil7E3XRrZKqc3qiLunxpkA4RxYebtKnaxwLmdOI1VB9InEQ8JcNmT\n" "BUkOzJx6p+mJ3XJfchkCQQDWmbMYYJajsjlS4YpdUUj7cBSotA6vtkNVHFr0/ak/\n" "S+tLkMNuruaInWizK+BKYTIJLlQDf5u5NTrw41vye5Hv\n" "-----END RSA PRIVATE KEY-----\n"; /* Expired: Certificate: Data: Version: 3 (0x2) Serial Number: 6 (0x6) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:06:35 2009 GMT Not After : Oct 28 04:06:35 2009 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=expired.test/emailAddress=expired@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:e3:17:15:54:85:dc:cf:c7:a0:32:4a:49:7d:55: 75:9b:29:15:db:7e:87:17:d9:0e:65:44:53:d7:19: 37:27:c7:c6:fe:c6:dc:72:2b:dc:86:1a:ff:24:6c: 63:3f:75:9c:0a:14:e1:70:06:79:d4:b9:26:d4:68: 4c:28:38:ba:34:60:56:02:3d:94:55:4a:1f:4e:5a: f0:a5:71:4c:3e:71:69:39:ad:bc:aa:55:35:fb:73: 5b:5f:6c:30:71:8e:8a:b6:a5:06:cc:ee:dd:29:c7: 52:0d:a7:9c:0f:a1:ba:52:11:e2:1b:b9:74:6b:08: 87:11:d2:ec:a9:ac:63:63:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 1C:AF:66:42:5B:AD:AA:A5:9B:D9:AE:3A:C1:5A:AC:2F:CC:CE:22:6C X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption 60:8f:55:55:59:82:0f:64:cb:b8:11:c8:44:ce:bf:69:07:0d: be:c2:34:be:42:6a:78:15:39:9f:be:8a:17:d6:43:42:c9:7c: f1:6d:5d:aa:c3:1b:4d:b0:f0:b6:73:46:2a:87:cd:55:56:a3: 6d:cc:de:a8:28:6a:53:85:9e:e5:68:b7:3c:f5:72:13:7b:d0: 21:f2:91:49:35:e0:37:1e:28:19:d5:1b:cc:e1:32:1e:7f:b0: 86:df:43:a4:47:0f:29:0b:eb:51:60:9a:f5:ca:50:f4:2d:59: cd:fc:50:9d:29:ed:45:98:de:a2:5c:d1:b5:7a:34:ad:7a:73: 48:8b:a2:9b:89:8e:4a:2e:2a:04:19:d6:62:6a:0d:f0:96:f2: f0:d0:22:77:3b:7f:b1:2a:f4:3b:17:47:5e:38:07:09:65:ad: 1d:ea:46:69:6a:96:b6:6b:3b:5c:cc:6e:30:d7:cb:53:69:59: c2:63:78:2b:03:d4:d4:f7:17:29:99:9a:43:ff:78:0a:af:42: c5:b3:8d:09:38:5b:30:70:28:c1:97:ab:fd:7f:87:9a:ec:f2: 97:44:ff:f5:b9:41:30:d1:c6:32:98:69:34:c4:39:30:6f:e2: d3:b2:70:97:66:ee:41:f5:ae:0f:09:f0:ed:60:96:67:a9:8a: cd:d6:95:f2 */ static char expired_cert_data[]="-----BEGIN CERTIFICATE-----\n" "MIIDizCCAnOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwNjM1WhcNMDkxMDI4MDQwNjM1WjCBgzELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n" "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n" "DAZBQUEgV0cxFTATBgNVBAMMDGV4cGlyZWQudGVzdDEbMBkGCSqGSIb3DQEJARYM\n" "ZXhwaXJlZEB0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjFxVUhdzP\n" "x6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxyK9yGGv8kbGM/dZwKFOFwBnnU\n" "uSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyqVTX7c1tfbDBxjoq2pQbM7t0p\n" "x1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQABo3sweTAJBgNVHRMEAjAAMCwG\n" "CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV\n" "HQ4EFgQUHK9mQlutqqWb2a46wVqsL8zOImwwHwYDVR0jBBgwFoAUkqpVn7N3gmiJ\n" "7X5zQ2bki+7qv4UwDQYJKoZIhvcNAQEFBQADggEBAGCPVVVZgg9ky7gRyETOv2kH\n" "Db7CNL5CangVOZ++ihfWQ0LJfPFtXarDG02w8LZzRiqHzVVWo23M3qgoalOFnuVo\n" "tzz1chN70CHykUk14DceKBnVG8zhMh5/sIbfQ6RHDykL61FgmvXKUPQtWc38UJ0p\n" "7UWY3qJc0bV6NK16c0iLopuJjkouKgQZ1mJqDfCW8vDQInc7f7Eq9DsXR144Bwll\n" "rR3qRmlqlrZrO1zMbjDXy1NpWcJjeCsD1NT3FymZmkP/eAqvQsWzjQk4WzBwKMGX\n" "q/1/h5rs8pdE//W5QTDRxjKYaTTEOTBv4tOycJdm7kH1rg8J8O1glmepis3WlfI=\n" "-----END CERTIFICATE-----\n"; static char expired_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXgIBAAKBgQDjFxVUhdzPx6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxy\n" "K9yGGv8kbGM/dZwKFOFwBnnUuSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyq\n" "VTX7c1tfbDBxjoq2pQbM7t0px1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQAB\n" "AoGASwPoDui9XYHTIGm7xwRA+kVjLAOq+qy//aHJlEeHGcP7r1PfpHNqwH4QhGat\n" "jlv6dLYbFld9TVDwS8A8UBkVIPLWnCysd5tF2A4C5akx6ouW6HliW/JheYrgl8AV\n" "PVeR3bm91UbnpC0ABVlw87jp1Ovyr60Suo4jsoJz+CyTa2ECQQD0LJWpnwn1jIlR\n" "DGkLi7F3E70JJcdhTWzBjGFD+Na+/2ZO0MKLhK+O1WUkKa0oi+e5P1JOnGIpTI8c\n" "BJOO415RAkEA7hauapYuqGI/auSPH8/nFB5z1G94RTxo2a5THKcG5MqS/8N3ubFj\n" "i2PPS0lEYVjqoHEsZUsMnDmXp6KDKMAfnwJBAIp+T1UqM8fmsmwaEerOjRXxSCNM\n" "Hk5+T9Vn/jNDjOpAipLhrbbcx4bIWtmsGd8Jm6Fi3RhhcvvhxLorjlZZeEECQQCf\n" "IaPD88sNmlUewdLzhUbCiLQMadCuHflKfRxpyy1tYAQuVFxCTdDlynkzra25ju+K\n" "+vmcXjP4evnk/lbBtt+rAkEAgOr4Apgs3nMppngPV5yFx0NDqH2n8PlEAM1Il4Qs\n" "IuuK18v0KwlUGAfEEmCiNh1e1qkLmD0CnI2QjYAjcLQUhw==\n" "-----END RSA PRIVATE KEY-----\n"; /* Unknown CA certificate : Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 28 08:04:40 2009 GMT Not After : Oct 28 08:04:40 2010 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=unknown.cs/emailAddress=unknown@ca Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:e6:3a:d5:8a:14:c8:15:d0:f0:5c:03:c3:af:33: 51:2c:17:b7:65:ac:45:e8:48:2d:ae:70:fd:7c:79: 3a:c7:80:c8:50:53:d0:19:d8:3a:26:a8:16:4d:4c: 04:17:09:df:69:9b:59:2b:89:c8:e0:60:bb:1d:37: 82:d2:3f:17:39:c9:8f:5d:76:e1:0f:6e:08:9a:8f: 16:4a:ea:83:86:f9:bd:15:14:56:68:87:79:05:f9: 5f:66:11:bd:22:46:26:64:be:57:16:51:66:41:50: ac:f2:b1:ca:d0:38:11:4b:4c:b2:ee:25:36:6e:d3: b9:63:72:c4:84:82:1c:2b:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BA:5A:9D:D2:B0:4B:72:D6:1F:00:11:0B:B5:7B:59:DF:08:38:81:BE X509v3 Authority Key Identifier: keyid:52:C5:A4:63:B8:DB:AC:F2:92:34:2F:72:56:71:C8:11:8E:76:E6:DF Signature Algorithm: sha1WithRSAEncryption 90:8f:3b:bd:e3:a1:ca:6a:92:a6:fd:f0:64:ae:46:83:32:35: 61:80:57:8b:30:12:70:02:e1:51:d9:87:c8:af:d9:4b:b9:6d: bf:ab:86:5f:19:1f:dc:af:84:67:bf:3c:bf:33:f3:7c:c6:81: 7b:e4:e9:26:1d:bc:d6:8c:ab:72:94:7f:85:33:95:d9:24:ec: fd:7b:d2:fd:50:3e:e5:61:4f:75:51:ae:c6:4a:ec:df:cf:aa: 73:a5:08:f7:f3:9a:40:66:48:f0:8e:9b:43:b1:30:f3:e3:c8: 36:3f:68:36:6a:1c:aa:16:40:49:b4:73:9a:71:f1:17:6c:0b: d3:e1:a7:b7:40:de:2c:3c:36:7c:d4:dd:d6:94:c9:d7:5f:f5: ae:35:56:e8:cc:65:9c:bb:3d:e8:7a:ca:0e:ed:78:03:41:cb: fd:80:81:de:f9:de:b2:14:4b:81:24:36:de:29:c1:06:11:86: 8c:a9:b0:0c:c7:57:cf:79:a7:3a:84:0c:27:dc:86:6d:cb:44: 2d:26:dc:7e:fb:17:d6:b2:3d:31:03:d3:f1:ab:5d:91:5d:94: e4:94:88:70:96:b3:7c:0f:15:fe:c8:c6:4d:99:37:ab:09:0c: da:ba:b6:0e:fa:5e:bb:4b:ce:04:21:06:09:a9:2c:27:86:76: cc:ee:73:6f */ static char notrust_ca_data[] = "-----BEGIN CERTIFICATE-----\n" "MIIEqjCCA5KgAwIBAgIJAP3UMghSlH9PMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n" "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n" "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n" "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n" "Fw0wOTEwMjgwODAzNDRaFw0xOTEwMjYwODAzNDRaMIGUMQswCQYDVQQGEwJKUDEO\n" "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n" "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n" "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n" "hvcNAQEBBQADggEPADCCAQoCggEBALKW9iSUggF5mbvYe1Xk128Csfiijx+fwH5y\n" "ZqWrHNt0YG/tZSwyCDMWBLXTeuYsntg5y0mcpsrN8v02tvrPiCzDfRPyz3mG68us\n" "DPEEgQ1kqL2Gsti2DUcsdyZcDM+4rgsWRivgOTVyoNimv5f+xgmPYoElkgelLwZK\n" "WxGt1VCebOxP3qZA3hSHWE1hJgL4svful7RD1PbwPzidxJKITyAiJoPKWQA9cjSa\n" "gVzRQ7S4vmYALJn7xe+dMFRcfAK8RMv7/gJF6Rw7zufW0DIZK98KZs6aL0lmMPVk\n" "f31N2uvndf+cjy0n4luwEoXY+TeJZY205lbwHrzR0rH75FSm0RsCAwEAAaOB/DCB\n" "+TAdBgNVHQ4EFgQUUsWkY7jbrPKSNC9yVnHIEY525t8wgckGA1UdIwSBwTCBvoAU\n" "UsWkY7jbrPKSNC9yVnHIEY525t+hgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n" "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n" "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n" "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA/dQyCFKUf08wDAYD\n" "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEACANo6IR3OQlQaXHJaprVVDvl\n" "oMJC0FRbVCK503sbmWTJL98UqxRdsTZNIL07gXlK0oUKyiNijIXiLG8d5IlUrDxF\n" "H/Vsu6s8k3/PpAUVeiO2oygWqvU5NGvt0jg54MrOJKhYYPWrzbmHty+cAXyoNzOR\n" "+W5RX6HRQgxvZWQq2Ok46VX622R1nNjFmCBYT7I7/gWG+hkbIAoH6d9sULLjpC+B\n" "bI+L/N7ac9/Og8pGIgpUI60Gn5zO93+E+Nhg+1BlcDHGnQD6vFNs8LYp5CCX/Zj1\n" "tWFVXZnx58odaU3M4t9/ZQnkZdx9YJIroETbN0PoqlnSagBjgUvbWwn4YCotCA==\n" "-----END CERTIFICATE-----\n"; static char notrust_cert_data[]="-----BEGIN CERTIFICATE-----\n" "MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI4\n" "MDgwNDQwWhcNMTAxMDI4MDgwNDQwWjB/MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n" "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n" "BkFBQSBXRzETMBEGA1UEAwwKdW5rbm93bi5jczEZMBcGCSqGSIb3DQEJARYKdW5r\n" "bm93bkBjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5jrVihTIFdDwXAPD\n" "rzNRLBe3ZaxF6EgtrnD9fHk6x4DIUFPQGdg6JqgWTUwEFwnfaZtZK4nI4GC7HTeC\n" "0j8XOcmPXXbhD24Imo8WSuqDhvm9FRRWaId5BflfZhG9IkYmZL5XFlFmQVCs8rHK\n" "0DgRS0yy7iU2btO5Y3LEhIIcKycCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB\n" "hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE\n" "FLpandKwS3LWHwARC7V7Wd8IOIG+MB8GA1UdIwQYMBaAFFLFpGO426zykjQvclZx\n" "yBGOdubfMA0GCSqGSIb3DQEBBQUAA4IBAQCQjzu946HKapKm/fBkrkaDMjVhgFeL\n" "MBJwAuFR2YfIr9lLuW2/q4ZfGR/cr4Rnvzy/M/N8xoF75OkmHbzWjKtylH+FM5XZ\n" "JOz9e9L9UD7lYU91Ua7GSuzfz6pzpQj385pAZkjwjptDsTDz48g2P2g2ahyqFkBJ\n" "tHOacfEXbAvT4ae3QN4sPDZ81N3WlMnXX/WuNVbozGWcuz3oesoO7XgDQcv9gIHe\n" "+d6yFEuBJDbeKcEGEYaMqbAMx1fPeac6hAwn3IZty0QtJtx++xfWsj0xA9Pxq12R\n" "XZTklIhwlrN8DxX+yMZNmTerCQzaurYO+l67S84EIQYJqSwnhnbM7nNv\n" "-----END CERTIFICATE-----\n"; static char notrust_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXQIBAAKBgQDmOtWKFMgV0PBcA8OvM1EsF7dlrEXoSC2ucP18eTrHgMhQU9AZ\n" "2DomqBZNTAQXCd9pm1kricjgYLsdN4LSPxc5yY9dduEPbgiajxZK6oOG+b0VFFZo\n" "h3kF+V9mEb0iRiZkvlcWUWZBUKzyscrQOBFLTLLuJTZu07ljcsSEghwrJwIDAQAB\n" "AoGAeRec1SGVE5Rvt5XrSK0vFofq2DlCE6hTDpszWFLTDbe4pDdRDybhfw+Nm15O\n" "EGgK8BrbTcEMvKdkAzv9POQeLDE8JImgesHZFxN3jnkK+b762BGRDt57DzvMJsfj\n" "1LBle+UBnZB1CvjrINvu+tNMVPlUpjIstbpMq0D+s01+ijECQQD8MHTv/M+Uc86u\n" "1SFywgs+eQPQ8g0OoTLxzqo6YhW8FtwLjoRCZx2TNQS5gYBuQrixd/yE0Spfv9aS\n" "UtlAaOc1AkEA6bVufggHVHcgiWqS8CHzb6g/GRxQixVshOsoVLMkCSz04zlwIfXF\n" "c03hh5RJVv7jmuBmhHbayujMgvinw75oawJAQb9oXUDt5Wgj1FTgeYi5YbovEoRo\n" "fw3ruDsHCl2UCQt0ptarCJzVixFhf/ORRi3C9RGxFfdqMrhS+qb62N4AmQJBALYU\n" "T1BLiwJoiWXmLTJ/EP0V9Irov2uMtm5cE6DhrJqlduksz8r1gu7RZ3tMsVLg5Iy+\n" "dcCQJOffNa54caQUTZ8CQQDTs/70Nr6F6ktrtmtU/S7lIitpQJCu9u/SPyBYPmFZ\n" "9Axy6Ee66Php+eWDNP4Ln4axrapD0732wD8DcmGDVHij\n" "-----END RSA PRIVATE KEY-----\n"; struct fd_list eps = FD_LIST_INITIALIZER(eps); struct connect_flags { int proto; int expect_failure; /* 0 or 1 */ }; void * connect_thr(void * arg) { struct connect_flags * cf = arg; struct cnxctx * cnx = NULL; fd_log_threadname ( "testcnx:connect" ); /* Connect to the server */ switch (cf->proto) { case IPPROTO_TCP: { struct fd_endpoint * ep = (struct fd_endpoint *)(eps.next); cnx = fd_cnx_cli_connect_tcp( &ep->sa, sSAlen(&ep->ss) ); CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure ); } break; #ifndef DISABLE_SCTP case IPPROTO_SCTP: { cnx = fd_cnx_cli_connect_sctp(0, TEST_PORT, &eps); CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure ); } break; #endif /* DISABLE_SCTP */ default: CHECK( 0, 1 ); } /* exit */ return cnx; } struct handshake_flags { struct cnxctx * cnx; gnutls_certificate_credentials_t creds; int ret; }; void * handshake_thr(void * arg) { struct handshake_flags * hf = arg; fd_log_threadname ( "testcnx:handshake" ); hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, NULL, hf->creds); return NULL; } void * destroy_thr(void * arg) { struct cnxctx * cnx = arg; fd_log_threadname ( "testcnx:destroy" ); fd_cnx_destroy(cnx); return NULL; } /* Main test routine */ int main(int argc, char *argv[]) { gnutls_datum_t ca = { (uint8_t *)ca_data, sizeof(ca_data) }; gnutls_datum_t server_cert = { (uint8_t *)server_cert_data, sizeof(server_cert_data) }; gnutls_datum_t server_priv = { (uint8_t *)server_priv_data, sizeof(server_priv_data) }; gnutls_datum_t client_cert = { (uint8_t *)client_cert_data, sizeof(client_cert_data) }; gnutls_datum_t client_priv = { (uint8_t *)client_priv_data, sizeof(client_priv_data) }; gnutls_datum_t expired_cert = { (uint8_t *)expired_cert_data, sizeof(expired_cert_data) }; gnutls_datum_t expired_priv = { (uint8_t *)expired_priv_data, sizeof(expired_priv_data) }; gnutls_datum_t notrust_ca = { (uint8_t *)notrust_ca_data, sizeof(notrust_ca_data) }; gnutls_datum_t notrust_cert = { (uint8_t *)notrust_cert_data, sizeof(notrust_cert_data) }; gnutls_datum_t notrust_priv = { (uint8_t *)notrust_priv_data, sizeof(notrust_priv_data) }; struct cnxctx * listener; #ifndef DISABLE_SCTP struct cnxctx * listener_sctp; #endif /* DISABLE_SCTP */ struct cnxctx * server_side; struct cnxctx * client_side; pthread_t thr; int ret, i; uint8_t * cer_buf; size_t cer_sz; uint8_t * rcv_buf; size_t rcv_sz; /* First, initialize the daemon modules */ INIT_FD(); /* Restrain the # of streams */ fd_g_config->cnf_sctp_str = NB_STREAMS; /* Set the CA parameter in the config */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( fd_g_config->cnf_sec_data.credentials, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the server credentials (in config) */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( fd_g_config->cnf_sec_data.credentials, &server_cert, &server_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the default priority */ CHECK_GNUTLS_DO( ret = gnutls_priority_init( &fd_g_config->cnf_sec_data.prio_cache, GNUTLS_DEFAULT_PRIORITY, NULL), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set default DH params */ CHECK_GNUTLS_DO( ret = gnutls_dh_params_generate2( fd_g_config->cnf_sec_data.dh_cache, GNUTLS_DEFAULT_DHBITS), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Initialize the server addresses */ { struct addrinfo hints, *ai, *aip; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_NUMERICSERV; hints.ai_family = AF_INET; CHECK( 0, getaddrinfo("localhost", _stringize(TEST_PORT), &hints, &ai) ); aip = ai; while (aip) { CHECK( 0, fd_ep_add_merge( &eps, aip->ai_addr, aip->ai_addrlen, EP_FL_DISC | EP_ACCEPTALL )); aip = aip->ai_next; }; freeaddrinfo(ai); } /* Start the server(s) */ { /* TCP server */ listener = fd_cnx_serv_tcp(TEST_PORT, 0, (struct fd_endpoint *)(eps.next)); CHECK( 1, listener ? 1 : 0 ); /* Accept incoming clients */ CHECK( 0, fd_cnx_serv_listen(listener)); #ifndef DISABLE_SCTP /* SCTP server */ listener_sctp = fd_cnx_serv_sctp(TEST_PORT, &eps); CHECK( 1, listener_sctp ? 1 : 0 ); /* Accept incoming clients */ CHECK( 0, fd_cnx_serv_listen(listener_sctp)); #endif /* DISABLE_SCTP */ } /* Initialize the CER message */ { struct msg * cer; struct dict_object * model = NULL; struct avp * oh; union avp_value value; /* Find the CER dictionary object */ CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_COMMAND, CMD_BY_NAME, "Capabilities-Exchange-Request", &model, ENOENT ) ); /* Create the instance */ CHECK( 0, fd_msg_new ( model, 0, &cer ) ); /* Now find the Origin-Host dictionary object */ CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_AVP, AVP_BY_NAME, "Origin-Host", &model, ENOENT ) ); /* Create the instance */ CHECK( 0, fd_msg_avp_new ( model, 0, &oh ) ); value.os.data = (uint8_t *)"Client.side"; value.os.len = strlen((char *)value.os.data); CHECK( 0, fd_msg_avp_setvalue ( oh, &value ) ); /* Add the AVP */ CHECK( 0, fd_msg_avp_add( cer, MSG_BRW_LAST_CHILD, oh) ); #if 1 /* For debug: dump the object */ fd_log_debug("Dumping CER\n"); fd_msg_dump_walk(0, cer); #endif CHECK( 0, fd_msg_bufferize( cer, &cer_buf, &cer_sz ) ); CHECK( 0, fd_msg_free(cer) ); } /* Simple TCP client / server test (no TLS) */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(server_side, 0) ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it in the other direction */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Now close the connection */ fd_cnx_destroy(client_side); fd_cnx_destroy(server_side); } #ifndef DISABLE_SCTP /* Simple SCTP client / server test (no TLS) */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(server_side, 1) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( EINVAL, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it in the other direction */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it one more time to use another stream */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Now close the connection */ fd_cnx_destroy(client_side); fd_cnx_destroy(server_side); } #endif /* DISABLE_SCTP */ /* TCP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* In legacy Diameter, we exchange first one message (CER / CEA) */ CHECK( 0, fd_cnx_start_clear(server_side, 0) ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* And the supposed reply */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* At this point in legacy Diameter we start the handshake */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* SCTP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* In legacy Diameter, we exchange first one message (CER / CEA) */ CHECK( 0, fd_cnx_start_clear(server_side, 0) ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* And the supposed reply */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* At this point in legacy Diameter we start the handshake */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* TCP Client / server emulating new Diameter behavior (handshake at connection directly) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* SCTP Client / server emulating new Diameter behavior (handshake at connection directly) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Test with different number of streams between server and client */ #ifndef DISABLE_SCTP { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread with more streams than the server */ fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 4 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Do the same test but with more streams on the server this time */ fd_g_config->cnf_sctp_str = NB_STREAMS / 2; CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Basic operation tested successfully, now test we detect error conditions */ /* Untrusted certificate, TCP */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Same in SCTP */ #ifndef DISABLE_SCTP { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Expired certificate */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &expired_cert, &expired_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Non matching hostname */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Set the correct hostname we expect from the client (in the server) */ fd_cnx_sethostname(server_side, "client.test"); /* Start the handshake, check it is successful */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Do it again with an invalid hostname */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Set the correct hostname we expect from the client (in the server) */ fd_cnx_sethostname(server_side, "nomatch.test"); /* Start the handshake, check it is successful */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Test the other functions of the module */ { struct connect_flags cf; struct handshake_flags hf; char * str; const gnutls_datum_t *cert_list; unsigned int cert_list_size; struct fifo * myfifo = NULL; struct timespec now; int ev_code; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Test some simple functions */ /* fd_cnx_getid */ str = fd_cnx_getid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_getproto */ i = fd_cnx_getproto(server_side); CHECK( IPPROTO_TCP, i); /* fd_cnx_getTLS */ i = fd_cnx_getTLS(server_side); CHECK( 1, i ? 1 : 0 ); /* fd_cnx_getcred */ CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); /* We could also verify that the cert_list really contains the client_cert and ca certificates */ /* fd_cnx_getremoteid */ str = fd_cnx_getremoteid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_recv_setaltfifo */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_fifo_new(&myfifo) ); CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); do { CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); free(rcv_buf); } while (ev_code != FDEVP_CNX_MSG_RECV); fd_event_destroy(&myfifo, free); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* And re-test with a SCTP connection */ { struct connect_flags cf; struct handshake_flags hf; char * str; const gnutls_datum_t *cert_list; unsigned int cert_list_size; struct fifo * myfifo = NULL; struct timespec now; int ev_code; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake */ CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Test some simple functions */ /* fd_cnx_getid */ str = fd_cnx_getid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_getproto */ i = fd_cnx_getproto(server_side); CHECK( IPPROTO_SCTP, i); /* fd_cnx_getTLS */ i = fd_cnx_getTLS(server_side); CHECK( 1, i ? 1 : 0 ); /* fd_cnx_getcred */ CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); /* We could also verify that the cert_list really contains the client_cert and ca certificates */ /* fd_cnx_getremoteid */ str = fd_cnx_getremoteid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_recv_setaltfifo */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz, 0)); CHECK( 0, fd_fifo_new(&myfifo) ); CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); do { CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); free(rcv_buf); } while (ev_code != FDEVP_CNX_MSG_RECV); /* Now close the connection */ CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); fd_event_destroy(&myfifo, free); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Destroy the servers */ { fd_cnx_destroy(listener); #ifndef DISABLE_SCTP fd_cnx_destroy(listener_sctp); #endif /* DISABLE_SCTP */ } /* Check that connection attempt fails then */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; cf.expect_failure = 1; /* Start the client thread, that should fail */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 0, client_side ? 1 : 0 ); } #ifndef DISABLE_SCTP { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; cf.expect_failure = 1; /* Start the client thread, that should fail */ CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 0, client_side ? 1 : 0 ); } #endif /* DISABLE_SCTP */ /* That's all for the tests yet */ PASSTEST(); }