Mercurial > hg > freeDiameter
view tests/testcnx.c @ 1327:82b386714795
Set callback data also when only setting expire callback (and not answer callback as well).
It is used when calling the expire callback, so not setting it makes no sense.
| author | Thomas Klausner <tk@giga.or.at> |
|---|---|
| date | Mon, 27 Nov 2017 15:21:20 +0100 |
| parents | 56c36d1007b4 |
| children | eff5bb332b5a |
line wrap: on
line source
/********************************************************************************************************* * Software License Agreement (BSD License) * * Author: Sebastien Decugis <sdecugis@freediameter.net> * * * * Copyright (c) 2013, WIDE Project and NICT * * All rights reserved. * * * * Redistribution and use of this software in source and binary forms, with or without modification, are * * permitted provided that the following conditions are met: * * * * * Redistributions of source code must retain the above * * copyright notice, this list of conditions and the * * following disclaimer. * * * * * Redistributions in binary form must reproduce the above * * copyright notice, this list of conditions and the * * following disclaimer in the documentation and/or other * * materials provided with the distribution. * * * * * Neither the name of the WIDE Project or NICT nor the * * names of its contributors may be used to endorse or * * promote products derived from this software without * * specific prior written permission of WIDE Project and * * NICT. * * * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ #include "tests.h" #ifndef TEST_PORT #define TEST_PORT 3868 #endif /* TEST_PORT */ #ifndef NB_STREAMS #define NB_STREAMS 10 #endif /* NB_STREAMS */ #ifndef GNUTLS_DEFAULT_PRIORITY # define GNUTLS_DEFAULT_PRIORITY "NORMAL" #endif /* GNUTLS_DEFAULT_PRIORITY */ #ifndef GNUTLS_DEFAULT_DHBITS # define GNUTLS_DEFAULT_DHBITS 1024 #endif /* GNUTLS_DEFAULT_DHBITS */ /* The cryptographic data */ static char ca_data[] = "-----BEGIN CERTIFICATE-----\n" "MIIEqjCCA5KgAwIBAgIJANKgDwdlDYQDMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n" "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n" "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n" "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n" "Fw0wOTEwMDUwODUxNDRaFw0xOTEwMDMwODUxNDRaMIGUMQswCQYDVQQGEwJKUDEO\n" "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n" "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n" "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n" "hvcNAQEBBQADggEPADCCAQoCggEBAM5c6w4NnngTvGNWcJzbo0Kklp+kvUNQNgGu\n" "myvz826qPp07HTSyJrIcgFnuYDR0Nd130Ot9u5osqpQhHTvolxDE87Tii8i3hJSj\n" "TTY9K0ZwGb4AZ6QkuyMXS1jtOY657HqjpGZqT/2Syh0i7dM/hqSXFw0SPbyq+W1H\n" "SVFWa1CTkPywFWAzwdr5WKah77uZ1dxWqgPgUdcZOiIQtLRp5n3fg40Nwso5YdwS\n" "64+ebBX1pkhrCQ8AGc8O61Ep1JTXcO7jqQmPgzjiN+FeostI1Dp73S3MqleTAHjR\n" "hqZ77VF7nkroMM9btMHJBaxnfwc2ewULUJwnuOiGWrvMq/9Z4J8CAwEAAaOB/DCB\n" "+TAdBgNVHQ4EFgQUkqpVn7N3gmiJ7X5zQ2bki+7qv4UwgckGA1UdIwSBwTCBvoAU\n" "kqpVn7N3gmiJ7X5zQ2bki+7qv4WhgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n" "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n" "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n" "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA0qAPB2UNhAMwDAYD\n" "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJy0XLk8j8YLSTt2/VMy9TAUx\n" "esXUiZj0Ung+gkr7A1K0NnwYxDzG2adMhf13upHoydu2ErLMmD6F77x+QuY/q7nc\n" "ZvO0tvcoAP6ToSDwiypU5dnTmnfkgwVwzFkNCi1sGRosEm8c/c/8MfK0I0nVdj1/\n" "BIkIG7tTDVi9JvkWYl0UlSKWTZKrntVwCmscfC02DGb+GoLbO9+QmiNM5Y3yOYZ4\n" "Pc7SSoKLL0rwJBmpPNs7boYsweeSuCAVu0shRfgC90odXcej2EN5ETfCuU1evXNW\n" "5cA+zZsDK/nWJwxBaW0CxAHX579FElFWlK4+BnzhZRdDhmJDnN5dh4ekJGM6Lg==\n" "-----END CERTIFICATE-----\n"; /* Client: Certificate: Data: Version: 3 (0x2) Serial Number: 5 (0x5) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:04:05 2009 GMT Not After : Oct 25 04:04:05 2019 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=client.test/emailAddress=client@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bd:eb:50:1e:9d:7a:cd:9d:bb:e7:bc:4e:38:4a: b2:cc:9e:b4:89:77:01:ef:d1:c6:19:29:00:fe:ce: 3c:62:05:13:b1:8c:ff:31:7a:0f:c1:2e:4b:3c:0c: 40:1e:36:4e:76:da:0a:64:43:fc:1e:ea:0c:97:b2: 57:9c:9c:8c:90:bd:eb:23:7b:b8:b7:5c:03:ed:6f: 48:55:8a:88:08:38:c5:cd:33:b7:ab:a8:3a:6f:7f: 13:10:65:a5:50:b9:f4:8b:cc:2e:e9:79:58:a6:11: f0:58:45:41:ef:36:b3:35:cb:14:ec:82:0c:ad:11: 6a:ea:64:ef:28:a2:6e:47:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BE:B3:89:4F:9D:8F:6C:20:C4:D0:3E:6A:05:11:82:50:54:49:70:A2 X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption a3:88:f5:15:b5:ad:20:60:a1:85:19:3f:b9:5e:1e:be:31:7f: 84:7a:c2:18:3a:63:6a:67:1f:46:86:4d:10:d6:1d:ad:a2:c8: 0b:95:33:fa:e4:05:f4:b8:70:34:77:f7:85:6e:70:46:ac:39: 54:a9:5f:ea:5e:d1:33:bb:c9:a3:42:81:41:90:25:b5:92:8b: e8:6e:3e:97:06:dd:9a:cc:29:61:34:5a:d3:1c:5d:ad:d1:a3: eb:6a:47:b4:d0:c2:17:89:e1:e2:2d:36:18:50:1a:e7:d4:fc: 38:2e:47:0b:39:50:87:2f:aa:07:64:f8:9a:4d:47:01:da:10: d8:97:c7:a6:13:bc:0e:ca:63:c1:f2:09:fb:f8:6a:a4:5f:08: b5:ad:ed:4f:71:b9:89:7f:43:27:85:72:e7:8d:a8:4a:cc:f6: 36:ca:8a:ae:82:b5:a8:42:41:99:87:84:7c:f0:90:fd:ca:96: 37:a2:e0:d9:fa:dd:a4:c9:f1:50:b7:e5:e6:8f:af:83:8c:23: b6:20:cc:66:e3:08:60:13:02:8f:42:3a:07:91:a7:38:b2:72: 16:fd:bd:a9:60:f0:e2:9f:23:f3:c0:99:e3:17:bc:00:7c:b3: 89:9c:ea:fa:3e:f6:69:a1:98:c2:ec:46:da:70:b6:f9:c3:93: a7:fc:36:dd */ static char client_cert_data[] ="-----BEGIN CERTIFICATE-----\n" "MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwNDA1WhcNMTkxMDI1MDQwNDA1WjCBgTELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n" "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n" "DAZBQUEgV0cxFDASBgNVBAMMC2NsaWVudC50ZXN0MRowGAYJKoZIhvcNAQkBFgtj\n" "bGllbnRAdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvetQHp16zZ27\n" "57xOOEqyzJ60iXcB79HGGSkA/s48YgUTsYz/MXoPwS5LPAxAHjZOdtoKZEP8HuoM\n" "l7JXnJyMkL3rI3u4t1wD7W9IVYqICDjFzTO3q6g6b38TEGWlULn0i8wu6XlYphHw\n" "WEVB7zazNcsU7IIMrRFq6mTvKKJuR0UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg\n" "hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O\n" "BBYEFL6ziU+dj2wgxNA+agURglBUSXCiMB8GA1UdIwQYMBaAFJKqVZ+zd4Joie1+\n" "c0Nm5Ivu6r+FMA0GCSqGSIb3DQEBBQUAA4IBAQCjiPUVta0gYKGFGT+5Xh6+MX+E\n" "esIYOmNqZx9Ghk0Q1h2tosgLlTP65AX0uHA0d/eFbnBGrDlUqV/qXtEzu8mjQoFB\n" "kCW1kovobj6XBt2azClhNFrTHF2t0aPrake00MIXieHiLTYYUBrn1Pw4LkcLOVCH\n" "L6oHZPiaTUcB2hDYl8emE7wOymPB8gn7+GqkXwi1re1PcbmJf0MnhXLnjahKzPY2\n" "yoqugrWoQkGZh4R88JD9ypY3ouDZ+t2kyfFQt+Xmj6+DjCO2IMxm4whgEwKPQjoH\n" "kac4snIW/b2pYPDinyPzwJnjF7wAfLOJnOr6PvZpoZjC7EbacLb5w5On/Dbd\n" "-----END CERTIFICATE-----\n"; static char client_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXgIBAAKBgQC961AenXrNnbvnvE44SrLMnrSJdwHv0cYZKQD+zjxiBROxjP8x\n" "eg/BLks8DEAeNk522gpkQ/we6gyXslecnIyQvesje7i3XAPtb0hViogIOMXNM7er\n" "qDpvfxMQZaVQufSLzC7peVimEfBYRUHvNrM1yxTsggytEWrqZO8oom5HRQIDAQAB\n" "AoGBAIYnsOLPby3LnC5n8AEHkyHDgdgQvsd/MSYYtuFHIZRD7dNfu+xhQru9TdvO\n" "84Pj7K07/FczRuc3gUmu6wBv/UIP9To15RHZh+/n537nybGus5S4IYKVvap477To\n" "0rQDf9ec27iw77gxb7moQ9Otuxwbv0h0Z+1EVLI8d8jHOq0BAkEA9YNr0R+7KXBS\n" "48yT43g5HpOFkTZzNXWVdpSvYGneb56wslk5Eatp235I4uz/a7Rej5v99W0M3nSe\n" "/AgHfYn75QJBAMYH/pBx/WkrLj+pPaARlNwInCIC5zUhr6B0IKCt2tvy5eyuc5sd\n" "AoTFaU+cSI+ZqsRzY8jMKkonktxBg48oJ+ECQQCt4AtlqcFVkbVCm8pJGQXq/7Ni\n" "qlthiwr1Vkv2TkQ4bPza8pGWT/3Cc2ePPyWN08n8jw+G11p72cAW4mDbqfN5AkEA\n" "mNYKrkiLn+NnqlJf8W4gSUGL3uQGtYbuGRQHKnuDckWhFm39YzWcgAQsJvkjN1EN\n" "7thvpsWLzfeE7ODTPGVtgQJATObxYJOt6rms3fAStwuXW3ET77TA1ja4XsUEe5Yu\n" "JpcQOruJb9XwndqzNbL0dSUePb9gFiBCGKYOyreNTTRTmw==\n" "-----END RSA PRIVATE KEY-----\n"; /* Server: Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:03:39 2009 GMT Not After : Oct 25 04:03:39 2019 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=serv.test/emailAddress=serv@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a6:f7:1c:a9:90:5b:fa:c8:f6:a3:04:0c:d0:8b: 45:c3:90:f7:2d:c2:c9:d7:bd:66:8a:7c:1c:51:89: 40:9e:cd:70:57:cb:00:47:a3:e8:76:8b:00:b3:c9: c3:0d:b1:b9:2a:08:9f:52:92:82:d3:18:c1:d8:d1: b8:1e:fd:71:fe:23:ec:19:e9:6d:9d:fd:ae:88:bc: 39:44:7a:37:ad:c6:88:d1:64:7c:b1:d4:3c:a9:30: c4:de:51:02:c4:48:4f:25:3e:2f:93:ae:25:32:66: 9a:dc:f4:44:45:ff:7f:12:49:97:0d:01:8d:13:9a: d3:8f:9e:2d:62:95:02:0a:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0C:33:C4:7F:39:D0:34:FF:F8:61:A1:46:8B:49:1D:A3:57:B3:4D:58 X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption 87:f5:49:a6:04:f9:98:9a:f1:1a:68:ce:06:ae:4c:0c:08:eb: ba:98:e7:3f:df:22:7f:35:88:1d:b7:8a:f3:89:a3:68:0d:53: 45:eb:23:a1:dd:6b:dc:b0:80:58:0c:10:0b:49:74:ea:a8:b6: 8c:2e:c6:73:dc:7a:74:c7:59:3e:79:5a:d2:5c:15:0b:f1:d8: 19:37:2a:c0:22:75:10:3f:4c:e9:a1:e0:eb:b2:9e:09:70:3d: 2a:4c:fe:9c:99:36:4b:aa:6c:e1:8b:9c:aa:e1:29:1f:49:6b: 14:db:12:ae:cf:68:4a:dd:03:e1:3b:ad:79:b4:54:84:1d:bb: ac:45:c4:85:f1:03:65:65:96:23:ae:e7:97:3c:5c:db:ce:55: 34:5d:c3:73:ec:cd:f6:0f:a5:81:5f:c2:ab:a3:42:fa:36:7f: 83:ef:db:0f:cd:62:0b:ea:d9:4f:73:35:68:5f:23:d5:0a:be: ff:7f:23:9a:af:0d:a5:f8:3e:3a:f0:63:1c:e1:d2:96:81:cf: 7b:5a:6b:d0:9b:67:56:9e:aa:a9:e8:f1:6c:fb:54:2b:1a:f4: ef:16:5a:be:1d:a9:c8:d6:cc:f7:42:8c:fe:83:2c:84:8c:80: fb:1c:88:f6:35:1c:ae:43:72:fa:68:30:9c:25:8b:db:2c:84: 87:76:9d:b9 */ static char server_cert_data[] ="-----BEGIN CERTIFICATE-----\n" "MIIDhDCCAmygAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwMzM5WhcNMTkxMDI1MDQwMzM5WjB9MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n" "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n" "BkFBQSBXRzESMBAGA1UEAwwJc2Vydi50ZXN0MRgwFgYJKoZIhvcNAQkBFglzZXJ2\n" "QHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb3HKmQW/rI9qMEDNCL\n" "RcOQ9y3Cyde9Zop8HFGJQJ7NcFfLAEej6HaLALPJww2xuSoIn1KSgtMYwdjRuB79\n" "cf4j7BnpbZ39roi8OUR6N63GiNFkfLHUPKkwxN5RAsRITyU+L5OuJTJmmtz0REX/\n" "fxJJlw0BjROa04+eLWKVAgrHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4\n" "QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQM\n" "M8R/OdA0//hhoUaLSR2jV7NNWDAfBgNVHSMEGDAWgBSSqlWfs3eCaIntfnNDZuSL\n" "7uq/hTANBgkqhkiG9w0BAQUFAAOCAQEAh/VJpgT5mJrxGmjOBq5MDAjrupjnP98i\n" "fzWIHbeK84mjaA1TResjod1r3LCAWAwQC0l06qi2jC7Gc9x6dMdZPnla0lwVC/HY\n" "GTcqwCJ1ED9M6aHg67KeCXA9Kkz+nJk2S6ps4YucquEpH0lrFNsSrs9oSt0D4Tut\n" "ebRUhB27rEXEhfEDZWWWI67nlzxc285VNF3Dc+zN9g+lgV/Cq6NC+jZ/g+/bD81i\n" "C+rZT3M1aF8j1Qq+/38jmq8Npfg+OvBjHOHSloHPe1pr0JtnVp6qqejxbPtUKxr0\n" "7xZavh2pyNbM90KM/oMshIyA+xyI9jUcrkNy+mgwnCWL2yyEh3aduQ==\n" "-----END CERTIFICATE-----\n"; static char server_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXQIBAAKBgQCm9xypkFv6yPajBAzQi0XDkPctwsnXvWaKfBxRiUCezXBXywBH\n" "o+h2iwCzycMNsbkqCJ9SkoLTGMHY0bge/XH+I+wZ6W2d/a6IvDlEejetxojRZHyx\n" "1DypMMTeUQLESE8lPi+TriUyZprc9ERF/38SSZcNAY0TmtOPni1ilQIKxwIDAQAB\n" "AoGAZv3Ddm0P79CLIt9asEFY1VvUvSuMqkGwwPfx1/HcJJkBFYapM4fN22G/Gyf3\n" "47ifSWhsLtklTeXVnVMwSh14dJaJQuSEnaFnUUWfjiRbEAXZnMFwAIiaszEZbPap\n" "NUNpcGl06FZrphYAMkjOVUfjCjfOZDAvL4JGpo271Zx4l0ECQQDYoFFQpBCPx0PK\n" "TWUmvatXI/Amo94XkGfofbdeeI8PiAJBO5UI6rmjjIVwsJwO9dQb/IlP1/OnBeJv\n" "p9YW5uixAkEAxVAOKu7mpGu0Q/K2iEUUYDX9YHf253kgkdIDF4iZk4Tcecjoxuru\n" "fIWu9dMtyDVV+HT2X4cNEnO1/oS3kJII9wJBAJkdwDwiqz4lV6o/yFZ4zAoc8dsu\n" "CoZXYMq5SYox5tTQit928OHLn4mVgqBjhPsiEVnyx0+zUZpmE2ZemHm5nxECQHfE\n" "FBVzVYRP6+eil7E3XRrZKqc3qiLunxpkA4RxYebtKnaxwLmdOI1VB9InEQ8JcNmT\n" "BUkOzJx6p+mJ3XJfchkCQQDWmbMYYJajsjlS4YpdUUj7cBSotA6vtkNVHFr0/ak/\n" "S+tLkMNuruaInWizK+BKYTIJLlQDf5u5NTrw41vye5Hv\n" "-----END RSA PRIVATE KEY-----\n"; /* Expired: Certificate: Data: Version: 3 (0x2) Serial Number: 6 (0x6) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 27 04:06:35 2009 GMT Not After : Oct 28 04:06:35 2009 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=expired.test/emailAddress=expired@test Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:e3:17:15:54:85:dc:cf:c7:a0:32:4a:49:7d:55: 75:9b:29:15:db:7e:87:17:d9:0e:65:44:53:d7:19: 37:27:c7:c6:fe:c6:dc:72:2b:dc:86:1a:ff:24:6c: 63:3f:75:9c:0a:14:e1:70:06:79:d4:b9:26:d4:68: 4c:28:38:ba:34:60:56:02:3d:94:55:4a:1f:4e:5a: f0:a5:71:4c:3e:71:69:39:ad:bc:aa:55:35:fb:73: 5b:5f:6c:30:71:8e:8a:b6:a5:06:cc:ee:dd:29:c7: 52:0d:a7:9c:0f:a1:ba:52:11:e2:1b:b9:74:6b:08: 87:11:d2:ec:a9:ac:63:63:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 1C:AF:66:42:5B:AD:AA:A5:9B:D9:AE:3A:C1:5A:AC:2F:CC:CE:22:6C X509v3 Authority Key Identifier: keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85 Signature Algorithm: sha1WithRSAEncryption 60:8f:55:55:59:82:0f:64:cb:b8:11:c8:44:ce:bf:69:07:0d: be:c2:34:be:42:6a:78:15:39:9f:be:8a:17:d6:43:42:c9:7c: f1:6d:5d:aa:c3:1b:4d:b0:f0:b6:73:46:2a:87:cd:55:56:a3: 6d:cc:de:a8:28:6a:53:85:9e:e5:68:b7:3c:f5:72:13:7b:d0: 21:f2:91:49:35:e0:37:1e:28:19:d5:1b:cc:e1:32:1e:7f:b0: 86:df:43:a4:47:0f:29:0b:eb:51:60:9a:f5:ca:50:f4:2d:59: cd:fc:50:9d:29:ed:45:98:de:a2:5c:d1:b5:7a:34:ad:7a:73: 48:8b:a2:9b:89:8e:4a:2e:2a:04:19:d6:62:6a:0d:f0:96:f2: f0:d0:22:77:3b:7f:b1:2a:f4:3b:17:47:5e:38:07:09:65:ad: 1d:ea:46:69:6a:96:b6:6b:3b:5c:cc:6e:30:d7:cb:53:69:59: c2:63:78:2b:03:d4:d4:f7:17:29:99:9a:43:ff:78:0a:af:42: c5:b3:8d:09:38:5b:30:70:28:c1:97:ab:fd:7f:87:9a:ec:f2: 97:44:ff:f5:b9:41:30:d1:c6:32:98:69:34:c4:39:30:6f:e2: d3:b2:70:97:66:ee:41:f5:ae:0f:09:f0:ed:60:96:67:a9:8a: cd:d6:95:f2 */ static char expired_cert_data[]="-----BEGIN CERTIFICATE-----\n" "MIIDizCCAnOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n" "MDQwNjM1WhcNMDkxMDI4MDQwNjM1WjCBgzELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n" "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n" "DAZBQUEgV0cxFTATBgNVBAMMDGV4cGlyZWQudGVzdDEbMBkGCSqGSIb3DQEJARYM\n" "ZXhwaXJlZEB0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjFxVUhdzP\n" "x6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxyK9yGGv8kbGM/dZwKFOFwBnnU\n" "uSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyqVTX7c1tfbDBxjoq2pQbM7t0p\n" "x1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQABo3sweTAJBgNVHRMEAjAAMCwG\n" "CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV\n" "HQ4EFgQUHK9mQlutqqWb2a46wVqsL8zOImwwHwYDVR0jBBgwFoAUkqpVn7N3gmiJ\n" "7X5zQ2bki+7qv4UwDQYJKoZIhvcNAQEFBQADggEBAGCPVVVZgg9ky7gRyETOv2kH\n" "Db7CNL5CangVOZ++ihfWQ0LJfPFtXarDG02w8LZzRiqHzVVWo23M3qgoalOFnuVo\n" "tzz1chN70CHykUk14DceKBnVG8zhMh5/sIbfQ6RHDykL61FgmvXKUPQtWc38UJ0p\n" "7UWY3qJc0bV6NK16c0iLopuJjkouKgQZ1mJqDfCW8vDQInc7f7Eq9DsXR144Bwll\n" "rR3qRmlqlrZrO1zMbjDXy1NpWcJjeCsD1NT3FymZmkP/eAqvQsWzjQk4WzBwKMGX\n" "q/1/h5rs8pdE//W5QTDRxjKYaTTEOTBv4tOycJdm7kH1rg8J8O1glmepis3WlfI=\n" "-----END CERTIFICATE-----\n"; static char expired_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXgIBAAKBgQDjFxVUhdzPx6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxy\n" "K9yGGv8kbGM/dZwKFOFwBnnUuSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyq\n" "VTX7c1tfbDBxjoq2pQbM7t0px1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQAB\n" "AoGASwPoDui9XYHTIGm7xwRA+kVjLAOq+qy//aHJlEeHGcP7r1PfpHNqwH4QhGat\n" "jlv6dLYbFld9TVDwS8A8UBkVIPLWnCysd5tF2A4C5akx6ouW6HliW/JheYrgl8AV\n" "PVeR3bm91UbnpC0ABVlw87jp1Ovyr60Suo4jsoJz+CyTa2ECQQD0LJWpnwn1jIlR\n" "DGkLi7F3E70JJcdhTWzBjGFD+Na+/2ZO0MKLhK+O1WUkKa0oi+e5P1JOnGIpTI8c\n" "BJOO415RAkEA7hauapYuqGI/auSPH8/nFB5z1G94RTxo2a5THKcG5MqS/8N3ubFj\n" "i2PPS0lEYVjqoHEsZUsMnDmXp6KDKMAfnwJBAIp+T1UqM8fmsmwaEerOjRXxSCNM\n" "Hk5+T9Vn/jNDjOpAipLhrbbcx4bIWtmsGd8Jm6Fi3RhhcvvhxLorjlZZeEECQQCf\n" "IaPD88sNmlUewdLzhUbCiLQMadCuHflKfRxpyy1tYAQuVFxCTdDlynkzra25ju+K\n" "+vmcXjP4evnk/lbBtt+rAkEAgOr4Apgs3nMppngPV5yFx0NDqH2n8PlEAM1Il4Qs\n" "IuuK18v0KwlUGAfEEmCiNh1e1qkLmD0CnI2QjYAjcLQUhw==\n" "-----END RSA PRIVATE KEY-----\n"; /* Unknown CA certificate : Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp Validity Not Before: Oct 28 08:04:40 2009 GMT Not After : Oct 28 08:04:40 2010 GMT Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=unknown.cs/emailAddress=unknown@ca Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:e6:3a:d5:8a:14:c8:15:d0:f0:5c:03:c3:af:33: 51:2c:17:b7:65:ac:45:e8:48:2d:ae:70:fd:7c:79: 3a:c7:80:c8:50:53:d0:19:d8:3a:26:a8:16:4d:4c: 04:17:09:df:69:9b:59:2b:89:c8:e0:60:bb:1d:37: 82:d2:3f:17:39:c9:8f:5d:76:e1:0f:6e:08:9a:8f: 16:4a:ea:83:86:f9:bd:15:14:56:68:87:79:05:f9: 5f:66:11:bd:22:46:26:64:be:57:16:51:66:41:50: ac:f2:b1:ca:d0:38:11:4b:4c:b2:ee:25:36:6e:d3: b9:63:72:c4:84:82:1c:2b:27 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: BA:5A:9D:D2:B0:4B:72:D6:1F:00:11:0B:B5:7B:59:DF:08:38:81:BE X509v3 Authority Key Identifier: keyid:52:C5:A4:63:B8:DB:AC:F2:92:34:2F:72:56:71:C8:11:8E:76:E6:DF Signature Algorithm: sha1WithRSAEncryption 90:8f:3b:bd:e3:a1:ca:6a:92:a6:fd:f0:64:ae:46:83:32:35: 61:80:57:8b:30:12:70:02:e1:51:d9:87:c8:af:d9:4b:b9:6d: bf:ab:86:5f:19:1f:dc:af:84:67:bf:3c:bf:33:f3:7c:c6:81: 7b:e4:e9:26:1d:bc:d6:8c:ab:72:94:7f:85:33:95:d9:24:ec: fd:7b:d2:fd:50:3e:e5:61:4f:75:51:ae:c6:4a:ec:df:cf:aa: 73:a5:08:f7:f3:9a:40:66:48:f0:8e:9b:43:b1:30:f3:e3:c8: 36:3f:68:36:6a:1c:aa:16:40:49:b4:73:9a:71:f1:17:6c:0b: d3:e1:a7:b7:40:de:2c:3c:36:7c:d4:dd:d6:94:c9:d7:5f:f5: ae:35:56:e8:cc:65:9c:bb:3d:e8:7a:ca:0e:ed:78:03:41:cb: fd:80:81:de:f9:de:b2:14:4b:81:24:36:de:29:c1:06:11:86: 8c:a9:b0:0c:c7:57:cf:79:a7:3a:84:0c:27:dc:86:6d:cb:44: 2d:26:dc:7e:fb:17:d6:b2:3d:31:03:d3:f1:ab:5d:91:5d:94: e4:94:88:70:96:b3:7c:0f:15:fe:c8:c6:4d:99:37:ab:09:0c: da:ba:b6:0e:fa:5e:bb:4b:ce:04:21:06:09:a9:2c:27:86:76: cc:ee:73:6f */ static char notrust_ca_data[] = "-----BEGIN CERTIFICATE-----\n" "MIIEqjCCA5KgAwIBAgIJAP3UMghSlH9PMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n" "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n" "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n" "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n" "Fw0wOTEwMjgwODAzNDRaFw0xOTEwMjYwODAzNDRaMIGUMQswCQYDVQQGEwJKUDEO\n" "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n" "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n" "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n" "hvcNAQEBBQADggEPADCCAQoCggEBALKW9iSUggF5mbvYe1Xk128Csfiijx+fwH5y\n" "ZqWrHNt0YG/tZSwyCDMWBLXTeuYsntg5y0mcpsrN8v02tvrPiCzDfRPyz3mG68us\n" "DPEEgQ1kqL2Gsti2DUcsdyZcDM+4rgsWRivgOTVyoNimv5f+xgmPYoElkgelLwZK\n" "WxGt1VCebOxP3qZA3hSHWE1hJgL4svful7RD1PbwPzidxJKITyAiJoPKWQA9cjSa\n" "gVzRQ7S4vmYALJn7xe+dMFRcfAK8RMv7/gJF6Rw7zufW0DIZK98KZs6aL0lmMPVk\n" "f31N2uvndf+cjy0n4luwEoXY+TeJZY205lbwHrzR0rH75FSm0RsCAwEAAaOB/DCB\n" "+TAdBgNVHQ4EFgQUUsWkY7jbrPKSNC9yVnHIEY525t8wgckGA1UdIwSBwTCBvoAU\n" "UsWkY7jbrPKSNC9yVnHIEY525t+hgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n" "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n" "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n" "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA/dQyCFKUf08wDAYD\n" "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEACANo6IR3OQlQaXHJaprVVDvl\n" "oMJC0FRbVCK503sbmWTJL98UqxRdsTZNIL07gXlK0oUKyiNijIXiLG8d5IlUrDxF\n" "H/Vsu6s8k3/PpAUVeiO2oygWqvU5NGvt0jg54MrOJKhYYPWrzbmHty+cAXyoNzOR\n" "+W5RX6HRQgxvZWQq2Ok46VX622R1nNjFmCBYT7I7/gWG+hkbIAoH6d9sULLjpC+B\n" "bI+L/N7ac9/Og8pGIgpUI60Gn5zO93+E+Nhg+1BlcDHGnQD6vFNs8LYp5CCX/Zj1\n" "tWFVXZnx58odaU3M4t9/ZQnkZdx9YJIroETbN0PoqlnSagBjgUvbWwn4YCotCA==\n" "-----END CERTIFICATE-----\n"; static char notrust_cert_data[]="-----BEGIN CERTIFICATE-----\n" "MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI4\n" "MDgwNDQwWhcNMTAxMDI4MDgwNDQwWjB/MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n" "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n" "BkFBQSBXRzETMBEGA1UEAwwKdW5rbm93bi5jczEZMBcGCSqGSIb3DQEJARYKdW5r\n" "bm93bkBjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5jrVihTIFdDwXAPD\n" "rzNRLBe3ZaxF6EgtrnD9fHk6x4DIUFPQGdg6JqgWTUwEFwnfaZtZK4nI4GC7HTeC\n" "0j8XOcmPXXbhD24Imo8WSuqDhvm9FRRWaId5BflfZhG9IkYmZL5XFlFmQVCs8rHK\n" "0DgRS0yy7iU2btO5Y3LEhIIcKycCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB\n" "hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE\n" "FLpandKwS3LWHwARC7V7Wd8IOIG+MB8GA1UdIwQYMBaAFFLFpGO426zykjQvclZx\n" "yBGOdubfMA0GCSqGSIb3DQEBBQUAA4IBAQCQjzu946HKapKm/fBkrkaDMjVhgFeL\n" "MBJwAuFR2YfIr9lLuW2/q4ZfGR/cr4Rnvzy/M/N8xoF75OkmHbzWjKtylH+FM5XZ\n" "JOz9e9L9UD7lYU91Ua7GSuzfz6pzpQj385pAZkjwjptDsTDz48g2P2g2ahyqFkBJ\n" "tHOacfEXbAvT4ae3QN4sPDZ81N3WlMnXX/WuNVbozGWcuz3oesoO7XgDQcv9gIHe\n" "+d6yFEuBJDbeKcEGEYaMqbAMx1fPeac6hAwn3IZty0QtJtx++xfWsj0xA9Pxq12R\n" "XZTklIhwlrN8DxX+yMZNmTerCQzaurYO+l67S84EIQYJqSwnhnbM7nNv\n" "-----END CERTIFICATE-----\n"; static char notrust_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n" "MIICXQIBAAKBgQDmOtWKFMgV0PBcA8OvM1EsF7dlrEXoSC2ucP18eTrHgMhQU9AZ\n" "2DomqBZNTAQXCd9pm1kricjgYLsdN4LSPxc5yY9dduEPbgiajxZK6oOG+b0VFFZo\n" "h3kF+V9mEb0iRiZkvlcWUWZBUKzyscrQOBFLTLLuJTZu07ljcsSEghwrJwIDAQAB\n" "AoGAeRec1SGVE5Rvt5XrSK0vFofq2DlCE6hTDpszWFLTDbe4pDdRDybhfw+Nm15O\n" "EGgK8BrbTcEMvKdkAzv9POQeLDE8JImgesHZFxN3jnkK+b762BGRDt57DzvMJsfj\n" "1LBle+UBnZB1CvjrINvu+tNMVPlUpjIstbpMq0D+s01+ijECQQD8MHTv/M+Uc86u\n" "1SFywgs+eQPQ8g0OoTLxzqo6YhW8FtwLjoRCZx2TNQS5gYBuQrixd/yE0Spfv9aS\n" "UtlAaOc1AkEA6bVufggHVHcgiWqS8CHzb6g/GRxQixVshOsoVLMkCSz04zlwIfXF\n" "c03hh5RJVv7jmuBmhHbayujMgvinw75oawJAQb9oXUDt5Wgj1FTgeYi5YbovEoRo\n" "fw3ruDsHCl2UCQt0ptarCJzVixFhf/ORRi3C9RGxFfdqMrhS+qb62N4AmQJBALYU\n" "T1BLiwJoiWXmLTJ/EP0V9Irov2uMtm5cE6DhrJqlduksz8r1gu7RZ3tMsVLg5Iy+\n" "dcCQJOffNa54caQUTZ8CQQDTs/70Nr6F6ktrtmtU/S7lIitpQJCu9u/SPyBYPmFZ\n" "9Axy6Ee66Php+eWDNP4Ln4axrapD0732wD8DcmGDVHij\n" "-----END RSA PRIVATE KEY-----\n"; /* Diffie-Hellman parameters, generated with GNUTLS certtool: certtool --generate-dh-params Generator: 06 Prime: ea:c3:75:0b:32:cf:d9:17:98:5c:da:d1 e0:1d:b9:7c:be:29:60:b0:6f:68:a9:f6 8d:75:05:59:69:04:ae:39:7c:2b:74:04 3c:e2:da:28:8a:9b:93:aa:67:05:a7:3e 06:3e:0d:31:63:88:55:ad:5a:bd:41:22 b7:58:a7:45:b3:d5:03:ad:de:3c:8d:69 42:bf:84:3d:c1:90:e7:39:6a:4b:87:01 19:e5:f3:a4:e5:8e:e2:45:d5:0c:6b:17 22:2b:2e:50:83:91:0c:5b:82:fc:72:27 49:3b:9f:29:11:53:c7:90:b8:8d:87:73 1a:7b:05:ab:cb:30:59:16:71:30:60:1b 4c:80:15:3a:a2:d3:47:b7:4a:61:de:64 7e:79:de:88:53:b7:7a:c6:a2:9a:bb:55 40:2d:7a:71:c7:41:b5:29:df:d7:5c:fb 42:e4:d8:5e:0b:99:d3:3c:93:0f:33:51 8b:f4:60:e4:c5:b5:58:21:c0:51:c4:43 25:7c:37:fe:5c:d3:62:6c:2a:af:a7:2a 82:d5:d3:e2:bb:5d:ad:84:15:f6:78:d9 d5:a8:f7:f0:48:5c:8d:e0:3d:04:ac:cf aa:34:3f:5d:f2:0d:3d:ee:ec:b8:d8:e8 ad:dc:d3:40:59:a0:fd:45:62:47:63:c0 bd:f5:df:8b */ static char dh_params_data[] = "-----BEGIN DH PARAMETERS-----\n" "MIIBCAKCAQEA6sN1CzLP2ReYXNrR4B25fL4pYLBvaKn2jXUFWWkErjl8K3QEPOLa\n" "KIqbk6pnBac+Bj4NMWOIVa1avUEit1inRbPVA63ePI1pQr+EPcGQ5zlqS4cBGeXz\n" "pOWO4kXVDGsXIisuUIORDFuC/HInSTufKRFTx5C4jYdzGnsFq8swWRZxMGAbTIAV\n" "OqLTR7dKYd5kfnneiFO3esaimrtVQC16ccdBtSnf11z7QuTYXguZ0zyTDzNRi/Rg\n" "5MW1WCHAUcRDJXw3/lzTYmwqr6cqgtXT4rtdrYQV9njZ1aj38EhcjeA9BKzPqjQ/\n" "XfINPe7suNjordzTQFmg/UViR2PAvfXfiwIBBg==\n" "-----END DH PARAMETERS-----\n"; /* List server endpoints */ static struct fd_list eps = FD_LIST_INITIALIZER(eps); /* Pass parameters to the connect thread */ struct connect_flags { int proto; int expect_failure; /* 0 or 1 */ }; /* Client's side of the connection established from a separate thread */ static void * connect_thr(void * arg) { struct connect_flags * cf = arg; struct cnxctx * cnx = NULL; fd_log_threadname ( "testcnx:connect" ); /* Connect to the server */ switch (cf->proto) { case IPPROTO_TCP: { struct fd_endpoint * ep = (struct fd_endpoint *)(eps.next); cnx = fd_cnx_cli_connect_tcp( &ep->sa, sSAlen(&ep->ss) ); CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure ); } break; #ifndef DISABLE_SCTP case IPPROTO_SCTP: { cnx = fd_cnx_cli_connect_sctp(0, TEST_PORT, &eps); CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure ); } break; #endif /* DISABLE_SCTP */ default: CHECK( 0, 1 ); } /* exit */ return cnx; } /* Parameters to the handshake thread */ struct handshake_flags { struct cnxctx * cnx; gnutls_certificate_credentials_t creds; int algo; int ret; }; /* Handshake the client's side */ static void * handshake_thr(void * arg) { struct handshake_flags * hf = arg; fd_log_threadname ( "testcnx:handshake" ); hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, hf->algo, NULL, hf->creds); return NULL; } /* Terminate the client's connection side */ static void * destroy_thr(void * arg) { struct cnxctx * cnx = arg; fd_log_threadname ( "testcnx:destroy" ); fd_cnx_destroy(cnx); return NULL; } /* Main test routine */ int main(int argc, char *argv[]) { gnutls_datum_t ca = { (uint8_t *)ca_data, sizeof(ca_data) }; gnutls_datum_t server_cert = { (uint8_t *)server_cert_data, sizeof(server_cert_data) }; gnutls_datum_t server_priv = { (uint8_t *)server_priv_data, sizeof(server_priv_data) }; gnutls_datum_t client_cert = { (uint8_t *)client_cert_data, sizeof(client_cert_data) }; gnutls_datum_t client_priv = { (uint8_t *)client_priv_data, sizeof(client_priv_data) }; gnutls_datum_t expired_cert = { (uint8_t *)expired_cert_data, sizeof(expired_cert_data) }; gnutls_datum_t expired_priv = { (uint8_t *)expired_priv_data, sizeof(expired_priv_data) }; gnutls_datum_t notrust_ca = { (uint8_t *)notrust_ca_data, sizeof(notrust_ca_data) }; gnutls_datum_t notrust_cert = { (uint8_t *)notrust_cert_data, sizeof(notrust_cert_data) }; gnutls_datum_t notrust_priv = { (uint8_t *)notrust_priv_data, sizeof(notrust_priv_data) }; gnutls_datum_t dh_params = { (uint8_t *)dh_params_data, sizeof(dh_params_data) }; /* Listening socket, server side */ struct cnxctx * listener; #ifndef DISABLE_SCTP struct cnxctx * listener_sctp; #endif /* DISABLE_SCTP */ /* Server & client connected sockets */ struct cnxctx * server_side; struct cnxctx * client_side; pthread_t thr; int ret, i; uint8_t * cer_buf; size_t cer_sz; uint8_t * rcv_buf; size_t rcv_sz; /* First, initialize the daemon modules */ INIT_FD(); /* Restrain the # of streams */ fd_g_config->cnf_sctp_str = NB_STREAMS; /* Set the CA parameter in the config */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( fd_g_config->cnf_sec_data.credentials, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); #ifdef GNUTLS_VERSION_300 { /* We import these CA in the trust list */ gnutls_x509_crt_t * calist; unsigned int cacount = 0; CHECK_GNUTLS_DO( ret = gnutls_x509_crt_list_import2(&calist, &cacount, &ca, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED), ); CHECK( 1, cacount ); CHECK_GNUTLS_DO( ret = gnutls_x509_trust_list_add_cas (fd_g_config->cnf_sec_data.trustlist, calist, cacount, 0), ); CHECK( 1, ret ); } /* Use certificate verification during the handshake */ gnutls_certificate_set_verify_function (fd_g_config->cnf_sec_data.credentials, fd_tls_verify_credentials_2); #endif /* GNUTLS_VERSION_300 */ /* Set the server credentials (in config) */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( fd_g_config->cnf_sec_data.credentials, &server_cert, &server_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the default priority */ CHECK_GNUTLS_DO( ret = gnutls_priority_init( &fd_g_config->cnf_sec_data.prio_cache, GNUTLS_DEFAULT_PRIORITY, NULL), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set default DH params */ CHECK_GNUTLS_DO( ret = gnutls_dh_params_import_pkcs3( fd_g_config->cnf_sec_data.dh_cache, &dh_params, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Initialize the server address (this should give a safe loopback address + port, even on non-standard configs) */ { struct addrinfo hints, *ai, *aip; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_NUMERICSERV; hints.ai_family = AF_INET; CHECK( 0, getaddrinfo("localhost", _stringize(TEST_PORT), &hints, &ai) ); aip = ai; while (aip) { CHECK( 0, fd_ep_add_merge( &eps, aip->ai_addr, aip->ai_addrlen, EP_FL_DISC | EP_ACCEPTALL )); aip = aip->ai_next; }; freeaddrinfo(ai); CHECK( 0, FD_IS_LIST_EMPTY(&eps) ? 1 : 0 ); } /* Start the server(s) */ { /* TCP server */ listener = fd_cnx_serv_tcp(TEST_PORT, 0, (struct fd_endpoint *)(eps.next)); CHECK( 1, listener ? 1 : 0 ); /* Accept incoming clients */ CHECK( 0, fd_cnx_serv_listen(listener)); #ifndef DISABLE_SCTP /* SCTP server */ listener_sctp = fd_cnx_serv_sctp(TEST_PORT, &eps); CHECK( 1, listener_sctp ? 1 : 0 ); /* Accept incoming clients */ CHECK( 0, fd_cnx_serv_listen(listener_sctp)); #endif /* DISABLE_SCTP */ } /* Initialize the CER message */ { struct msg * cer; struct dict_object * model = NULL; struct avp * oh; union avp_value value; /* Find the CER dictionary object */ CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_COMMAND, CMD_BY_NAME, "Capabilities-Exchange-Request", &model, ENOENT ) ); /* Create the instance */ CHECK( 0, fd_msg_new ( model, 0, &cer ) ); /* Now find the Origin-Host dictionary object */ CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_AVP, AVP_BY_NAME, "Origin-Host", &model, ENOENT ) ); /* Create the instance */ CHECK( 0, fd_msg_avp_new ( model, 0, &oh ) ); value.os.data = (uint8_t *)"Client.side"; value.os.len = strlen((char *)value.os.data); CHECK( 0, fd_msg_avp_setvalue ( oh, &value ) ); /* Add the AVP */ CHECK( 0, fd_msg_avp_add( cer, MSG_BRW_LAST_CHILD, oh) ); #if 0 /* For debug: dump the object */ fd_log_debug("Dumping CER"); fd_log_debug("%s", fd_msg_dump_treeview(FD_DUMP_TEST_PARAMS, cer, fd_g_config->cnf_dict, 0, 1)); #endif CHECK( 0, fd_msg_bufferize( cer, &cer_buf, &cer_sz ) ); CHECK( 0, fd_msg_free(cer) ); } /* Simple TCP client / server test (no TLS) */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(server_side, 0) ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it in the other direction */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Now close the connections */ fd_cnx_destroy(client_side); fd_cnx_destroy(server_side); } #ifndef DISABLE_SCTP /* Simple SCTP client / server test (no TLS) */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); CHECK( 0, fd_cnx_start_clear(server_side, 1) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( EINVAL, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it in the other direction */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Do it one more time to use another stream */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* Now close the connection */ fd_cnx_destroy(client_side); fd_cnx_destroy(server_side); } #endif /* DISABLE_SCTP */ /* TCP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* In legacy Diameter, we exchange first one message (CER / CEA) */ CHECK( 0, fd_cnx_start_clear(server_side, 0) ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* And the supposed reply */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* At this point in legacy Diameter we start the handshake */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT /* No impact on TCP */, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* SCTP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */ /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* In legacy Diameter, we exchange first one message (CER / CEA) */ CHECK( 0, fd_cnx_start_clear(server_side, 0) ); CHECK( 0, fd_cnx_start_clear(client_side, 0) ); /* Send a message and receive it */ CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* And the supposed reply */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); /* At this point in legacy Diameter we start the handshake */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* TCP Client / server emulating new Diameter behavior (handshake at connection directly) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* SCTP Client / server emulating new Diameter behavior (DTLS handshake at connection directly) */ TODO("Enabled after DTLS implementation"); if (0) { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected messages, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* SCTP Client / server emulating old intermediary Diameter behavior (TLS handshake at connection directly) */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */ /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected messages, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Test with different number of streams between server and client */ #ifndef DISABLE_SCTP /* DTLS / SCTP style */ TODO("Enabled after DTLS implementation"); if (0) { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread with more streams than the server */ fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 4 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Do the same test but with more streams on the server this time */ fd_g_config->cnf_sctp_str = NB_STREAMS / 2; CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* TLS / SCTP style */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); hf.algo = ALGO_HANDSHAKE_3436; /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread with more streams than the server */ fd_g_config->cnf_sctp_str = 2 * NB_STREAMS; CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 4 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Do the same test but with more streams on the server this time */ fd_g_config->cnf_sctp_str = NB_STREAMS / 2; CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Send a few TLS protected message, and replies */ for (i = 0; i < 2 * NB_STREAMS; i++) { CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); CHECK( cer_sz, rcv_sz ); CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); free(rcv_buf); } /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Basic operation tested successfully, now test we detect error conditions */ /* Untrusted certificate, TCP */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Same in SCTP */ #ifndef DISABLE_SCTP /* DTLS */ TODO("Enabled after DTLS implementation"); if (0) { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* TLS */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); hf.algo = ALGO_HANDSHAKE_3436; /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Expired certificate */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &expired_cert, &expired_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake directly */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Non matching hostname */ { struct connect_flags cf; struct handshake_flags hf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Set the correct hostname we expect from the client (in the server) */ fd_cnx_sethostname(server_side, "client.test"); /* Start the handshake, check it is successful */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Do it again with an invalid hostname */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Set the correct hostname we expect from the client (in the server) */ fd_cnx_sethostname(server_side, "nomatch.test"); /* Start the handshake, check it is successful */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); CHECK( 0, pthread_join(thr, NULL) ); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* Test the other functions of the module */ { struct connect_flags cf; struct handshake_flags hf; char * str; const gnutls_datum_t *cert_list; unsigned int cert_list_size; struct fifo * myfifo = NULL; struct timespec now; int ev_code; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Test some simple functions */ /* fd_cnx_getid */ str = fd_cnx_getid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_getproto */ i = fd_cnx_getproto(server_side); CHECK( IPPROTO_TCP, i); /* fd_cnx_getTLS */ i = fd_cnx_getTLS(server_side); CHECK( 1, i ? 1 : 0 ); /* fd_cnx_getcred */ CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); /* We could also verify that the cert_list really contains the client_cert and ca certificates */ /* fd_cnx_getremoteid */ str = fd_cnx_getremoteid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_recv_setaltfifo */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_fifo_new(&myfifo, 0) ); CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); do { CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); free(rcv_buf); } while (ev_code != FDEVP_CNX_MSG_RECV); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); fd_event_destroy(&myfifo, free); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #ifndef DISABLE_SCTP /* And re-test with a SCTP connection */ TODO("Enabled after DTLS implementation"); if (0) { struct connect_flags cf; struct handshake_flags hf; char * str; const gnutls_datum_t *cert_list; unsigned int cert_list_size; struct fifo * myfifo = NULL; struct timespec now; int ev_code; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Test some simple functions */ /* fd_cnx_getid */ str = fd_cnx_getid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_getproto */ i = fd_cnx_getproto(server_side); CHECK( IPPROTO_SCTP, i); /* fd_cnx_getTLS */ i = fd_cnx_getTLS(server_side); CHECK( 1, i ? 1 : 0 ); /* fd_cnx_getcred */ CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); /* We could also verify that the cert_list really contains the client_cert and ca certificates */ /* fd_cnx_getremoteid */ str = fd_cnx_getremoteid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_recv_setaltfifo */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_fifo_new(&myfifo, 0) ); CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); do { CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); free(rcv_buf); } while (ev_code != FDEVP_CNX_MSG_RECV); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); fd_event_destroy(&myfifo, free); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } /* TLS */ { struct connect_flags cf; struct handshake_flags hf; char * str; const gnutls_datum_t *cert_list; unsigned int cert_list_size; struct fifo * myfifo = NULL; struct timespec now; int ev_code; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; memset(&hf, 0, sizeof(hf)); hf.algo = ALGO_HANDSHAKE_3436; /* Initialize remote certificate */ CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Set the CA */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); CHECK( 1, ret ); /* Set the key */ CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); CHECK( GNUTLS_E_SUCCESS, ret ); /* Start the client thread */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); /* Accept the connection of the client */ server_side = fd_cnx_serv_accept(listener_sctp); CHECK( 1, server_side ? 1 : 0 ); /* Retrieve the client connection object */ CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 1, client_side ? 1 : 0 ); hf.cnx = client_side; /* Start the handshake */ CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) ); CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) ); CHECK( 0, pthread_join(thr, NULL) ); CHECK( 0, hf.ret ); /* Test some simple functions */ /* fd_cnx_getid */ str = fd_cnx_getid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_getproto */ i = fd_cnx_getproto(server_side); CHECK( IPPROTO_SCTP, i); /* fd_cnx_getTLS */ i = fd_cnx_getTLS(server_side); CHECK( 1, i ? 1 : 0 ); /* fd_cnx_getcred */ CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) ); CHECK( 1, (cert_list_size > 0) ? 1 : 0 ); /* We could also verify that the cert_list really contains the client_cert and ca certificates */ /* fd_cnx_getremoteid */ str = fd_cnx_getremoteid(server_side); CHECK( 1, str ? 1 : 0 ); CHECK( 1, (str[0] != '\0') ? 1 : 0 ); /* fd_cnx_recv_setaltfifo */ CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); CHECK( 0, fd_fifo_new(&myfifo, 0) ); CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) ); CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) ); do { CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) ); free(rcv_buf); } while (ev_code != FDEVP_CNX_MSG_RECV); /* Now close the connection */ CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) ); fd_cnx_destroy(server_side); CHECK( 0, pthread_join(thr, NULL) ); fd_event_destroy(&myfifo, free); /* Free the credentials */ gnutls_certificate_free_keys(hf.creds); gnutls_certificate_free_cas(hf.creds); gnutls_certificate_free_credentials(hf.creds); } #endif /* DISABLE_SCTP */ /* Destroy the servers */ { fd_cnx_destroy(listener); #ifndef DISABLE_SCTP fd_cnx_destroy(listener_sctp); #endif /* DISABLE_SCTP */ } /* Check that connection attempt fails then */ { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_TCP; cf.expect_failure = 1; /* Start the client thread, that should fail */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 0, client_side ? 1 : 0 ); } #ifndef DISABLE_SCTP { struct connect_flags cf; memset(&cf, 0, sizeof(cf)); cf.proto = IPPROTO_SCTP; cf.expect_failure = 1; /* Start the client thread, that should fail */ CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) ); CHECK( 0, pthread_join( thr, (void *)&client_side ) ); CHECK( 0, client_side ? 1 : 0 ); } #endif /* DISABLE_SCTP */ /* That's all for the tests yet */ PASSTEST(); }