2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * This file is part of GnuTLS.
6 * GnuTLS is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuTLS is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
27 #include <gnutls/gnutls.h>
30 # include <sys/socket.h>
32 # include <ws2tcpip.h>
36 #include <cli-debug-args.h>
39 /* Gnulib portability files. */
41 #include <version-etc.h>
44 static void cmd_parser (int argc
, char **argv
);
46 #define ERR(err,s) if (err==-1) {perror(s);return(1);}
49 /* global stuff here */
51 const char *hostname
= NULL
;
57 gnutls_srp_client_credentials_t srp_cred
;
58 gnutls_anon_client_credentials_t anon_cred
;
59 gnutls_certificate_credentials_t xcred
;
61 /* end of global stuff */
63 unsigned int verbose
= 0;
70 tls_log_func (int level
, const char *str
)
72 fprintf (stderr
, "|<%d>| %s", level
, str
);
75 typedef test_code_t (*TEST_FUNC
) (gnutls_session_t
);
79 const char *test_name
;
83 const char *unsure_str
;
86 static const TLS_TEST tls_tests
[] = {
87 {"for SSL 3.0 support", test_ssl3
, "yes", "no", "dunno"},
88 {"whether \%COMPAT is required", test_record_padding
, "no", "yes", "dunno"},
89 {"for TLS 1.0 support", test_tls1
, "yes", "no", "dunno"},
90 {"for TLS 1.1 support", test_tls1_1
, "yes", "no", "dunno"},
91 {"fallback from TLS 1.1 to", test_tls1_1_fallback
, "TLS 1.0", "failed",
93 {"for TLS 1.2 support", test_tls1_2
, "yes", "no", "dunno"},
94 /* The following tests will disable TLS 1.x if the server is
96 {"whether we need to disable TLS 1.2", test_tls_disable2
, "no", "yes",
98 {"whether we need to disable TLS 1.1", test_tls_disable1
, "no", "yes",
100 {"whether we need to disable TLS 1.0", test_tls_disable0
, "no", "yes",
102 {"for Safe renegotiation support", test_safe_renegotiation
, "yes", "no",
104 {"for Safe renegotiation support (SCSV)", test_safe_renegotiation_scsv
,
105 "yes", "no", "dunno"},
106 {"for HTTPS server name", test_server
, "", "failed", "not checked"},
107 {"for version rollback bug in RSA PMS", test_rsa_pms
, "no", "yes",
109 {"for version rollback bug in Client Hello", test_version_rollback
,
110 "no", "yes", "dunno"},
113 {"whether the server ignores the RSA PMS version",
114 test_rsa_pms_version_check
, "yes", "no", "dunno"},
115 {"whether the server can accept Hello Extensions",
116 test_hello_extension
, "yes", "no", "dunno"},
117 {"whether the server can accept HeartBeat Extension", test_heartbeat_extension
, "yes", "no", "dunno"},
118 {"whether the server can accept small records (512 bytes)",
119 test_small_records
, "yes", "no", "dunno"},
120 {"whether the server can accept cipher suites not in SSL 3.0 spec",
121 test_unknown_ciphersuites
, "yes", "no", "dunno"},
122 {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob
, "yes", "no", "dunno"},
123 {"for certificate information", test_certificate
, "", "", ""},
124 {"for trusted CAs", test_server_cas
, "", "", ""},
125 {"whether the server understands TLS closure alerts", test_bye
, "yes",
127 /* the fact that is after the closure alert test does matter.
129 {"whether the server supports session resumption",
130 test_session_resume2
, "yes", "no", "dunno"},
131 {"for export-grade ciphersuite support", test_export
, "yes", "no",
133 {"RSA-export ciphersuite info", test_export_info
, "", "N/A", "N/A"},
135 {"for anonymous authentication support", test_anonymous
, "yes", "no",
137 {"anonymous Diffie-Hellman group info", test_dhe_group
, "", "N/A",
140 {"for ephemeral Diffie-Hellman support", test_dhe
, "yes", "no",
142 {"ephemeral Diffie-Hellman group info", test_dhe_group
, "", "N/A",
144 {"for ephemeral EC Diffie-Hellman support", test_ecdhe
, "yes", "no",
146 {"ephemeral EC Diffie-Hellman group info", test_ecdhe_curve
, "", "N/A",
148 {"for AES-GCM cipher support", test_aes_gcm
, "yes", "no",
150 {"for AES-CBC cipher support", test_aes
, "yes", "no",
152 {"for CAMELLIA cipher support", test_camellia
, "yes", "no",
154 {"for 3DES-CBC cipher support", test_3des
, "yes", "no", "dunno"},
155 {"for ARCFOUR 128 cipher support", test_arcfour
, "yes", "no", "dunno"},
156 {"for ARCFOUR 40 cipher support", test_arcfour_40
, "yes", "no",
158 {"for MD5 MAC support", test_md5
, "yes", "no", "dunno"},
159 {"for SHA1 MAC support", test_sha
, "yes", "no", "dunno"},
160 {"for SHA256 MAC support", test_sha256
, "yes", "no", "dunno"},
162 {"for ZLIB compression support", test_zlib
, "yes",
165 {"for max record size", test_max_record_size
, "yes",
167 {"for OpenPGP authentication support", test_openpgp1
,
168 "yes", "no", "dunno"},
169 {NULL
, NULL
, NULL
, NULL
, NULL
}
176 main (int argc
, char **argv
)
180 gnutls_session_t state
;
181 char buffer
[MAX_BUF
+ 1];
183 struct addrinfo hints
, *res
, *ptr
;
185 set_program_name (argv
[0]);
186 cmd_parser(argc
, argv
);
189 signal (SIGPIPE
, SIG_IGN
);
194 if (gnutls_global_init () < 0)
196 fprintf (stderr
, "global state initialization error\n");
200 gnutls_global_set_log_function (tls_log_func
);
201 gnutls_global_set_log_level (debug
);
203 printf ("Resolving '%s'...\n", hostname
);
204 /* get server name */
205 memset (&hints
, 0, sizeof (hints
));
206 hints
.ai_socktype
= SOCK_STREAM
;
208 snprintf (portname
, sizeof (portname
), "%d", port
);
209 if ((err
= getaddrinfo (hostname
, portname
, &hints
, &res
)) != 0)
211 fprintf (stderr
, "Cannot resolve %s: %s\n", hostname
,
217 if (gnutls_certificate_allocate_credentials (&xcred
) < 0)
218 { /* space for 2 certificates */
219 fprintf (stderr
, "memory error\n");
225 if (gnutls_srp_allocate_client_credentials (&srp_cred
) < 0)
227 fprintf (stderr
, "memory error\n");
234 if (gnutls_anon_allocate_client_credentials (&anon_cred
) < 0)
236 fprintf (stderr
, "memory error\n");
246 if (tls_tests
[i
].test_name
== NULL
)
247 break; /* finished */
249 /* if neither of SSL3 and TLSv1 are supported, exit
251 if (i
> 6 && tls1_1_ok
== 0 && tls1_ok
== 0 && ssl3_ok
== 0)
254 "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
259 for (ptr
= res
; ptr
!= NULL
; ptr
= ptr
->ai_next
)
261 sd
= socket (ptr
->ai_family
, ptr
->ai_socktype
, ptr
->ai_protocol
);
267 getnameinfo (ptr
->ai_addr
, ptr
->ai_addrlen
, buffer
, MAX_BUF
,
268 NULL
, 0, NI_NUMERICHOST
);
270 printf ("Connecting to '%s:%d'...\n", buffer
, port
);
271 if ((err
= connect (sd
, ptr
->ai_addr
, ptr
->ai_addrlen
)) != 0)
278 ERR (err
, "connect") gnutls_init (&state
, GNUTLS_CLIENT
|GNUTLS_NO_EXTENSIONS
);
279 gnutls_transport_set_ptr (state
, (gnutls_transport_ptr_t
)
280 gl_fd_to_handle (sd
));
284 printf ("Checking %s...", tls_tests
[i
].test_name
);
287 ret
= tls_tests
[i
].func (state
);
289 if (ret
== TEST_SUCCEED
)
290 printf (" %s\n", tls_tests
[i
].suc_str
);
291 else if (ret
== TEST_FAILED
)
292 printf (" %s\n", tls_tests
[i
].fail_str
);
293 else if (ret
== TEST_UNSURE
)
294 printf (" %s\n", tls_tests
[i
].unsure_str
);
295 else if (ret
== TEST_IGNORE
)
301 while (ret
== TEST_IGNORE
&& tls_tests
[i
].test_name
!= NULL
);
303 gnutls_deinit (state
);
305 shutdown (sd
, SHUT_RDWR
); /* no more receptions */
315 gnutls_srp_free_client_credentials (srp_cred
);
317 gnutls_certificate_free_credentials (xcred
);
319 gnutls_anon_free_client_credentials (anon_cred
);
321 gnutls_global_deinit ();
326 static void cmd_parser (int argc
, char **argv
)
328 const char* rest
= NULL
;
329 int optct
= optionProcess( &gnutls_cli_debugOptions
, argc
, argv
);
333 if (rest
== NULL
&& argc
> 0)
337 port
= OPT_VALUE_PORT
;
342 hostname
= "localhost";
347 debug
= OPT_VALUE_DEBUG
;
349 if (HAVE_OPT(VERBOSE
))