Changeset 31:26685c67d387 in freeDiameter for freeDiameter/tests/testcnx.c
- Timestamp:
- Oct 28, 2009, 6:51:45 PM (15 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/tests/testcnx.c
r30 r31 39 39 #define TEST_PORT 3868 40 40 #endif /* TEST_PORT */ 41 42 #ifndef NB_STREAMS 43 #define NB_STREAMS 10 44 #endif /* NB_STREAMS */ 41 45 42 46 #ifndef GNUTLS_DEFAULT_PRIORITY … … 345 349 "-----END RSA PRIVATE KEY-----\n"; 346 350 351 /* Unknown CA certificate : 352 Certificate: 353 Data: 354 Version: 3 (0x2) 355 Serial Number: 1 (0x1) 356 Signature Algorithm: sha1WithRSAEncryption 357 Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp 358 Validity 359 Not Before: Oct 28 08:04:40 2009 GMT 360 Not After : Oct 28 08:04:40 2010 GMT 361 Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=unknown.cs/emailAddress=unknown@ca 362 Subject Public Key Info: 363 Public Key Algorithm: rsaEncryption 364 RSA Public Key: (1024 bit) 365 Modulus (1024 bit): 366 00:e6:3a:d5:8a:14:c8:15:d0:f0:5c:03:c3:af:33: 367 51:2c:17:b7:65:ac:45:e8:48:2d:ae:70:fd:7c:79: 368 3a:c7:80:c8:50:53:d0:19:d8:3a:26:a8:16:4d:4c: 369 04:17:09:df:69:9b:59:2b:89:c8:e0:60:bb:1d:37: 370 82:d2:3f:17:39:c9:8f:5d:76:e1:0f:6e:08:9a:8f: 371 16:4a:ea:83:86:f9:bd:15:14:56:68:87:79:05:f9: 372 5f:66:11:bd:22:46:26:64:be:57:16:51:66:41:50: 373 ac:f2:b1:ca:d0:38:11:4b:4c:b2:ee:25:36:6e:d3: 374 b9:63:72:c4:84:82:1c:2b:27 375 Exponent: 65537 (0x10001) 376 X509v3 extensions: 377 X509v3 Basic Constraints: 378 CA:FALSE 379 Netscape Comment: 380 OpenSSL Generated Certificate 381 X509v3 Subject Key Identifier: 382 BA:5A:9D:D2:B0:4B:72:D6:1F:00:11:0B:B5:7B:59:DF:08:38:81:BE 383 X509v3 Authority Key Identifier: 384 keyid:52:C5:A4:63:B8:DB:AC:F2:92:34:2F:72:56:71:C8:11:8E:76:E6:DF 385 386 Signature Algorithm: sha1WithRSAEncryption 387 90:8f:3b:bd:e3:a1:ca:6a:92:a6:fd:f0:64:ae:46:83:32:35: 388 61:80:57:8b:30:12:70:02:e1:51:d9:87:c8:af:d9:4b:b9:6d: 389 bf:ab:86:5f:19:1f:dc:af:84:67:bf:3c:bf:33:f3:7c:c6:81: 390 7b:e4:e9:26:1d:bc:d6:8c:ab:72:94:7f:85:33:95:d9:24:ec: 391 fd:7b:d2:fd:50:3e:e5:61:4f:75:51:ae:c6:4a:ec:df:cf:aa: 392 73:a5:08:f7:f3:9a:40:66:48:f0:8e:9b:43:b1:30:f3:e3:c8: 393 36:3f:68:36:6a:1c:aa:16:40:49:b4:73:9a:71:f1:17:6c:0b: 394 d3:e1:a7:b7:40:de:2c:3c:36:7c:d4:dd:d6:94:c9:d7:5f:f5: 395 ae:35:56:e8:cc:65:9c:bb:3d:e8:7a:ca:0e:ed:78:03:41:cb: 396 fd:80:81:de:f9:de:b2:14:4b:81:24:36:de:29:c1:06:11:86: 397 8c:a9:b0:0c:c7:57:cf:79:a7:3a:84:0c:27:dc:86:6d:cb:44: 398 2d:26:dc:7e:fb:17:d6:b2:3d:31:03:d3:f1:ab:5d:91:5d:94: 399 e4:94:88:70:96:b3:7c:0f:15:fe:c8:c6:4d:99:37:ab:09:0c: 400 da:ba:b6:0e:fa:5e:bb:4b:ce:04:21:06:09:a9:2c:27:86:76: 401 cc:ee:73:6f 402 */ 403 static char notrust_ca_data[] = "-----BEGIN CERTIFICATE-----\n" 404 "MIIEqjCCA5KgAwIBAgIJAP3UMghSlH9PMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n" 405 "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n" 406 "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n" 407 "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n" 408 "Fw0wOTEwMjgwODAzNDRaFw0xOTEwMjYwODAzNDRaMIGUMQswCQYDVQQGEwJKUDEO\n" 409 "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n" 410 "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n" 411 "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n" 412 "hvcNAQEBBQADggEPADCCAQoCggEBALKW9iSUggF5mbvYe1Xk128Csfiijx+fwH5y\n" 413 "ZqWrHNt0YG/tZSwyCDMWBLXTeuYsntg5y0mcpsrN8v02tvrPiCzDfRPyz3mG68us\n" 414 "DPEEgQ1kqL2Gsti2DUcsdyZcDM+4rgsWRivgOTVyoNimv5f+xgmPYoElkgelLwZK\n" 415 "WxGt1VCebOxP3qZA3hSHWE1hJgL4svful7RD1PbwPzidxJKITyAiJoPKWQA9cjSa\n" 416 "gVzRQ7S4vmYALJn7xe+dMFRcfAK8RMv7/gJF6Rw7zufW0DIZK98KZs6aL0lmMPVk\n" 417 "f31N2uvndf+cjy0n4luwEoXY+TeJZY205lbwHrzR0rH75FSm0RsCAwEAAaOB/DCB\n" 418 "+TAdBgNVHQ4EFgQUUsWkY7jbrPKSNC9yVnHIEY525t8wgckGA1UdIwSBwTCBvoAU\n" 419 "UsWkY7jbrPKSNC9yVnHIEY525t+hgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n" 420 "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n" 421 "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n" 422 "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA/dQyCFKUf08wDAYD\n" 423 "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEACANo6IR3OQlQaXHJaprVVDvl\n" 424 "oMJC0FRbVCK503sbmWTJL98UqxRdsTZNIL07gXlK0oUKyiNijIXiLG8d5IlUrDxF\n" 425 "H/Vsu6s8k3/PpAUVeiO2oygWqvU5NGvt0jg54MrOJKhYYPWrzbmHty+cAXyoNzOR\n" 426 "+W5RX6HRQgxvZWQq2Ok46VX622R1nNjFmCBYT7I7/gWG+hkbIAoH6d9sULLjpC+B\n" 427 "bI+L/N7ac9/Og8pGIgpUI60Gn5zO93+E+Nhg+1BlcDHGnQD6vFNs8LYp5CCX/Zj1\n" 428 "tWFVXZnx58odaU3M4t9/ZQnkZdx9YJIroETbN0PoqlnSagBjgUvbWwn4YCotCA==\n" 429 "-----END CERTIFICATE-----\n"; 430 431 static char notrust_cert_data[]="-----BEGIN CERTIFICATE-----\n" 432 "MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n" 433 "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n" 434 "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n" 435 "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI4\n" 436 "MDgwNDQwWhcNMTAxMDI4MDgwNDQwWjB/MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n" 437 "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n" 438 "BkFBQSBXRzETMBEGA1UEAwwKdW5rbm93bi5jczEZMBcGCSqGSIb3DQEJARYKdW5r\n" 439 "bm93bkBjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5jrVihTIFdDwXAPD\n" 440 "rzNRLBe3ZaxF6EgtrnD9fHk6x4DIUFPQGdg6JqgWTUwEFwnfaZtZK4nI4GC7HTeC\n" 441 "0j8XOcmPXXbhD24Imo8WSuqDhvm9FRRWaId5BflfZhG9IkYmZL5XFlFmQVCs8rHK\n" 442 "0DgRS0yy7iU2btO5Y3LEhIIcKycCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB\n" 443 "hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE\n" 444 "FLpandKwS3LWHwARC7V7Wd8IOIG+MB8GA1UdIwQYMBaAFFLFpGO426zykjQvclZx\n" 445 "yBGOdubfMA0GCSqGSIb3DQEBBQUAA4IBAQCQjzu946HKapKm/fBkrkaDMjVhgFeL\n" 446 "MBJwAuFR2YfIr9lLuW2/q4ZfGR/cr4Rnvzy/M/N8xoF75OkmHbzWjKtylH+FM5XZ\n" 447 "JOz9e9L9UD7lYU91Ua7GSuzfz6pzpQj385pAZkjwjptDsTDz48g2P2g2ahyqFkBJ\n" 448 "tHOacfEXbAvT4ae3QN4sPDZ81N3WlMnXX/WuNVbozGWcuz3oesoO7XgDQcv9gIHe\n" 449 "+d6yFEuBJDbeKcEGEYaMqbAMx1fPeac6hAwn3IZty0QtJtx++xfWsj0xA9Pxq12R\n" 450 "XZTklIhwlrN8DxX+yMZNmTerCQzaurYO+l67S84EIQYJqSwnhnbM7nNv\n" 451 "-----END CERTIFICATE-----\n"; 452 static char notrust_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n" 453 "MIICXQIBAAKBgQDmOtWKFMgV0PBcA8OvM1EsF7dlrEXoSC2ucP18eTrHgMhQU9AZ\n" 454 "2DomqBZNTAQXCd9pm1kricjgYLsdN4LSPxc5yY9dduEPbgiajxZK6oOG+b0VFFZo\n" 455 "h3kF+V9mEb0iRiZkvlcWUWZBUKzyscrQOBFLTLLuJTZu07ljcsSEghwrJwIDAQAB\n" 456 "AoGAeRec1SGVE5Rvt5XrSK0vFofq2DlCE6hTDpszWFLTDbe4pDdRDybhfw+Nm15O\n" 457 "EGgK8BrbTcEMvKdkAzv9POQeLDE8JImgesHZFxN3jnkK+b762BGRDt57DzvMJsfj\n" 458 "1LBle+UBnZB1CvjrINvu+tNMVPlUpjIstbpMq0D+s01+ijECQQD8MHTv/M+Uc86u\n" 459 "1SFywgs+eQPQ8g0OoTLxzqo6YhW8FtwLjoRCZx2TNQS5gYBuQrixd/yE0Spfv9aS\n" 460 "UtlAaOc1AkEA6bVufggHVHcgiWqS8CHzb6g/GRxQixVshOsoVLMkCSz04zlwIfXF\n" 461 "c03hh5RJVv7jmuBmhHbayujMgvinw75oawJAQb9oXUDt5Wgj1FTgeYi5YbovEoRo\n" 462 "fw3ruDsHCl2UCQt0ptarCJzVixFhf/ORRi3C9RGxFfdqMrhS+qb62N4AmQJBALYU\n" 463 "T1BLiwJoiWXmLTJ/EP0V9Irov2uMtm5cE6DhrJqlduksz8r1gu7RZ3tMsVLg5Iy+\n" 464 "dcCQJOffNa54caQUTZ8CQQDTs/70Nr6F6ktrtmtU/S7lIitpQJCu9u/SPyBYPmFZ\n" 465 "9Axy6Ee66Php+eWDNP4Ln4axrapD0732wD8DcmGDVHij\n" 466 "-----END RSA PRIVATE KEY-----\n"; 467 468 347 469 struct fd_list eps = FD_LIST_INITIALIZER(eps); 348 470 … … 415 537 gnutls_datum_t expired_cert = { expired_cert_data, sizeof(expired_cert_data) }; 416 538 gnutls_datum_t expired_priv = { expired_priv_data, sizeof(expired_priv_data) }; 539 gnutls_datum_t notrust_ca = { notrust_ca_data, sizeof(notrust_ca_data) }; 540 gnutls_datum_t notrust_cert = { notrust_cert_data, sizeof(notrust_cert_data) }; 541 gnutls_datum_t notrust_priv = { notrust_priv_data, sizeof(notrust_priv_data) }; 417 542 418 543 struct cnxctx * listener; … … 431 556 /* First, initialize the daemon modules */ 432 557 INIT_FD(); 558 559 /* Restrain the # of streams */ 560 fd_g_config->cnf_sctp_str = NB_STREAMS; 433 561 434 562 /* Set the CA parameter in the config */ … … 663 791 664 792 /* Send a few TLS protected message, and replies */ 665 for (i = 0; i < 10; i++) {793 for (i = 0; i < 2 * NB_STREAMS; i++) { 666 794 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); 667 795 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); … … 744 872 745 873 /* Send a few TLS protected message, and replies */ 746 for (i = 0; i < 100; i++) {874 for (i = 0; i < 2 * NB_STREAMS; i++) { 747 875 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); 748 876 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); … … 773 901 struct connect_flags cf; 774 902 struct handshake_flags hf; 775 int i;776 903 777 904 memset(&cf, 0, sizeof(cf)); … … 809 936 810 937 /* Send a few TLS protected message, and replies */ 811 for (i = 0; i < 10; i++) {938 for (i = 0; i < 2 * NB_STREAMS; i++) { 812 939 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); 813 940 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); … … 832 959 } 833 960 961 #ifndef DISABLE_SCTP 962 /* SCTP Client / server emulating new Diameter behavior (handshake at connection directly) */ 963 { 964 struct connect_flags cf; 965 struct handshake_flags hf; 966 967 memset(&cf, 0, sizeof(cf)); 968 cf.proto = IPPROTO_SCTP; 969 970 memset(&hf, 0, sizeof(hf)); 971 972 /* Initialize remote certificate */ 973 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 974 CHECK( GNUTLS_E_SUCCESS, ret ); 975 /* Set the CA */ 976 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); 977 CHECK( 1, ret ); 978 /* Set the key */ 979 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); 980 CHECK( GNUTLS_E_SUCCESS, ret ); 981 982 /* Start the client thread */ 983 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 984 985 /* Accept the connection of the client */ 986 server_side = fd_cnx_serv_accept(listener_sctp); 987 CHECK( 1, server_side ? 1 : 0 ); 988 989 /* Retrieve the client connection object */ 990 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 991 CHECK( 1, client_side ? 1 : 0 ); 992 hf.cnx = client_side; 993 994 /* Start the handshake directly */ 995 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 996 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 997 CHECK( 0, pthread_join(thr, NULL) ); 998 CHECK( 0, hf.ret ); 999 1000 /* Send a few TLS protected message, and replies */ 1001 for (i = 0; i < 2 * NB_STREAMS; i++) { 1002 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz)); 1003 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz)); 1004 CHECK( cer_sz, rcv_sz ); 1005 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); 1006 1007 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz)); 1008 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz)); 1009 CHECK( cer_sz, rcv_sz ); 1010 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) ); 1011 } 1012 1013 1014 /* Now close the connection */ 1015 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1016 fd_cnx_destroy(server_side); 1017 CHECK( 0, pthread_join(thr, NULL) ); 1018 1019 /* Free the credentials */ 1020 gnutls_certificate_free_keys(hf.creds); 1021 gnutls_certificate_free_cas(hf.creds); 1022 gnutls_certificate_free_credentials(hf.creds); 1023 } 1024 #endif /* DISABLE_SCTP */ 1025 1026 /* Basic operation tested successfully, now test we detect error conditions */ 1027 1028 /* Untrusted certificate, TCP */ 1029 { 1030 struct connect_flags cf; 1031 struct handshake_flags hf; 1032 1033 memset(&cf, 0, sizeof(cf)); 1034 cf.proto = IPPROTO_TCP; 1035 1036 memset(&hf, 0, sizeof(hf)); 1037 1038 /* Initialize remote certificate */ 1039 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 1040 CHECK( GNUTLS_E_SUCCESS, ret ); 1041 /* Set the CA */ 1042 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); 1043 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); 1044 CHECK( 1, ret ); 1045 /* Set the key */ 1046 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); 1047 CHECK( GNUTLS_E_SUCCESS, ret ); 1048 1049 /* Start the client thread */ 1050 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 1051 1052 /* Accept the connection of the client */ 1053 server_side = fd_cnx_serv_accept(listener); 1054 CHECK( 1, server_side ? 1 : 0 ); 1055 1056 /* Retrieve the client connection object */ 1057 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 1058 CHECK( 1, client_side ? 1 : 0 ); 1059 hf.cnx = client_side; 1060 1061 /* Start the handshake directly */ 1062 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 1063 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1064 CHECK( 0, pthread_join(thr, NULL) ); 1065 1066 /* Now close the connection */ 1067 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1068 fd_cnx_destroy(server_side); 1069 CHECK( 0, pthread_join(thr, NULL) ); 1070 1071 /* Free the credentials */ 1072 gnutls_certificate_free_keys(hf.creds); 1073 gnutls_certificate_free_cas(hf.creds); 1074 gnutls_certificate_free_credentials(hf.creds); 1075 } 1076 1077 /* Same in SCTP */ 1078 #ifndef DISABLE_SCTP 1079 { 1080 struct connect_flags cf; 1081 struct handshake_flags hf; 1082 1083 memset(&cf, 0, sizeof(cf)); 1084 cf.proto = IPPROTO_SCTP; 1085 1086 memset(&hf, 0, sizeof(hf)); 1087 1088 /* Initialize remote certificate */ 1089 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 1090 CHECK( GNUTLS_E_SUCCESS, ret ); 1091 /* Set the CA */ 1092 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, ¬rust_ca, GNUTLS_X509_FMT_PEM), ); 1093 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); 1094 CHECK( 1, ret ); 1095 /* Set the key */ 1096 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, ¬rust_cert, ¬rust_priv, GNUTLS_X509_FMT_PEM), ); 1097 CHECK( GNUTLS_E_SUCCESS, ret ); 1098 1099 /* Start the client thread */ 1100 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 1101 1102 /* Accept the connection of the client */ 1103 server_side = fd_cnx_serv_accept(listener_sctp); 1104 CHECK( 1, server_side ? 1 : 0 ); 1105 1106 /* Retrieve the client connection object */ 1107 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 1108 CHECK( 1, client_side ? 1 : 0 ); 1109 hf.cnx = client_side; 1110 1111 /* Start the handshake directly */ 1112 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 1113 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1114 CHECK( 0, pthread_join(thr, NULL) ); 1115 1116 /* Now close the connection */ 1117 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1118 fd_cnx_destroy(server_side); 1119 CHECK( 0, pthread_join(thr, NULL) ); 1120 1121 /* Free the credentials */ 1122 gnutls_certificate_free_keys(hf.creds); 1123 gnutls_certificate_free_cas(hf.creds); 1124 gnutls_certificate_free_credentials(hf.creds); 1125 } 1126 #endif /* DISABLE_SCTP */ 1127 1128 /* Expired certificate */ 1129 { 1130 struct connect_flags cf; 1131 struct handshake_flags hf; 1132 1133 memset(&cf, 0, sizeof(cf)); 1134 cf.proto = IPPROTO_TCP; 1135 1136 memset(&hf, 0, sizeof(hf)); 1137 1138 /* Initialize remote certificate */ 1139 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 1140 CHECK( GNUTLS_E_SUCCESS, ret ); 1141 /* Set the CA */ 1142 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); 1143 CHECK( 1, ret ); 1144 /* Set the key */ 1145 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &expired_cert, &expired_priv, GNUTLS_X509_FMT_PEM), ); 1146 CHECK( GNUTLS_E_SUCCESS, ret ); 1147 1148 /* Start the client thread */ 1149 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 1150 1151 /* Accept the connection of the client */ 1152 server_side = fd_cnx_serv_accept(listener); 1153 CHECK( 1, server_side ? 1 : 0 ); 1154 1155 /* Retrieve the client connection object */ 1156 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 1157 CHECK( 1, client_side ? 1 : 0 ); 1158 hf.cnx = client_side; 1159 1160 /* Start the handshake directly */ 1161 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 1162 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1163 CHECK( 0, pthread_join(thr, NULL) ); 1164 1165 /* Now close the connection */ 1166 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1167 fd_cnx_destroy(server_side); 1168 CHECK( 0, pthread_join(thr, NULL) ); 1169 1170 /* Free the credentials */ 1171 gnutls_certificate_free_keys(hf.creds); 1172 gnutls_certificate_free_cas(hf.creds); 1173 gnutls_certificate_free_credentials(hf.creds); 1174 } 1175 1176 /* Non matching hostname */ 1177 1178 { 1179 struct connect_flags cf; 1180 struct handshake_flags hf; 1181 1182 memset(&cf, 0, sizeof(cf)); 1183 cf.proto = IPPROTO_TCP; 1184 1185 memset(&hf, 0, sizeof(hf)); 1186 1187 /* Initialize remote certificate */ 1188 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), ); 1189 CHECK( GNUTLS_E_SUCCESS, ret ); 1190 /* Set the CA */ 1191 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), ); 1192 CHECK( 1, ret ); 1193 /* Set the key */ 1194 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), ); 1195 CHECK( GNUTLS_E_SUCCESS, ret ); 1196 1197 /* Start the client thread */ 1198 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 1199 1200 /* Accept the connection of the client */ 1201 server_side = fd_cnx_serv_accept(listener); 1202 CHECK( 1, server_side ? 1 : 0 ); 1203 1204 /* Retrieve the client connection object */ 1205 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 1206 CHECK( 1, client_side ? 1 : 0 ); 1207 hf.cnx = client_side; 1208 1209 /* Set the correct hostname we expect from the client (in the server) */ 1210 fd_cnx_sethostname(server_side, "client.test"); 1211 1212 /* Start the handshake, check it is successful */ 1213 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 1214 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1215 CHECK( 0, pthread_join(thr, NULL) ); 1216 CHECK( 0, hf.ret ); 1217 1218 /* Now close the connection */ 1219 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1220 fd_cnx_destroy(server_side); 1221 CHECK( 0, pthread_join(thr, NULL) ); 1222 1223 /* Do it again with an invalid hostname */ 1224 CHECK( 0, pthread_create(&thr, 0, connect_thr, &cf) ); 1225 1226 /* Accept the connection of the client */ 1227 server_side = fd_cnx_serv_accept(listener); 1228 CHECK( 1, server_side ? 1 : 0 ); 1229 1230 /* Retrieve the client connection object */ 1231 CHECK( 0, pthread_join( thr, (void *)&client_side ) ); 1232 CHECK( 1, client_side ? 1 : 0 ); 1233 hf.cnx = client_side; 1234 1235 /* Set the correct hostname we expect from the client (in the server) */ 1236 fd_cnx_sethostname(server_side, "nomatch.test"); 1237 1238 /* Start the handshake, check it is successful */ 1239 CHECK( 0, pthread_create(&thr, 0, handshake_thr, &hf) ); 1240 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, NULL, NULL) ); 1241 CHECK( 0, pthread_join(thr, NULL) ); 1242 1243 /* Now close the connection */ 1244 CHECK( 0, pthread_create(&thr, 0, destroy_thr, client_side) ); 1245 fd_cnx_destroy(server_side); 1246 CHECK( 0, pthread_join(thr, NULL) ); 1247 1248 /* Free the credentials */ 1249 gnutls_certificate_free_keys(hf.creds); 1250 gnutls_certificate_free_cas(hf.creds); 1251 gnutls_certificate_free_credentials(hf.creds); 1252 } 1253 834 1254 /* That's all for the tests yet */ 835 1255 PASSTEST();
Note: See TracChangeset
for help on using the changeset viewer.