Gitiles
Code Review Sign In
gerrit.opencord.org / freeDiameter-old / eb10c6f4f21b424a7cededddce3bda18669d1b1f / . / tests / testcnx.c
blob: e1826c97f10d6b9570b435997d2e5668b546ad7b [file] [log] [blame]
Brian Waters13d96012017-12-08 16:53:31 -0600[diff] [blame]1/*********************************************************************************************************
2* Software License Agreement (BSD License) *
3* Author: Sebastien Decugis <sdecugis@freediameter.net> *
4* *
5* Copyright (c) 2013, WIDE Project and NICT *
6* All rights reserved. *
7* *
8* Redistribution and use of this software in source and binary forms, with or without modification, are *
9* permitted provided that the following conditions are met: *
10* *
11* * Redistributions of source code must retain the above *
12* copyright notice, this list of conditions and the *
13* following disclaimer. *
14* *
15* * Redistributions in binary form must reproduce the above *
16* copyright notice, this list of conditions and the *
17* following disclaimer in the documentation and/or other *
18* materials provided with the distribution. *
19* *
20* * Neither the name of the WIDE Project or NICT nor the *
21* names of its contributors may be used to endorse or *
22* promote products derived from this software without *
23* specific prior written permission of WIDE Project and *
24* NICT. *
25* *
26* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
27* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
28* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
29* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT *
30* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS *
31* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
32* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF *
33* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
34*********************************************************************************************************/
35
36#include "tests.h"
37
38#ifndef TEST_PORT
39#define TEST_PORT 3868
40#endif /* TEST_PORT */
41
42#ifndef NB_STREAMS
43#define NB_STREAMS 10
44#endif /* NB_STREAMS */
45
46#ifndef GNUTLS_DEFAULT_PRIORITY
47# define GNUTLS_DEFAULT_PRIORITY "NORMAL"
48#endif /* GNUTLS_DEFAULT_PRIORITY */
49
50#ifndef GNUTLS_DEFAULT_DHBITS
51# define GNUTLS_DEFAULT_DHBITS 1024
52#endif /* GNUTLS_DEFAULT_DHBITS */
53
54
55/* The cryptographic data */
56static char ca_data[] = "-----BEGIN CERTIFICATE-----\n"
57 "MIIEqjCCA5KgAwIBAgIJANKgDwdlDYQDMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n"
58 "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n"
59 "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n"
60 "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n"
61 "Fw0wOTEwMDUwODUxNDRaFw0xOTEwMDMwODUxNDRaMIGUMQswCQYDVQQGEwJKUDEO\n"
62 "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n"
63 "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n"
64 "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n"
65 "hvcNAQEBBQADggEPADCCAQoCggEBAM5c6w4NnngTvGNWcJzbo0Kklp+kvUNQNgGu\n"
66 "myvz826qPp07HTSyJrIcgFnuYDR0Nd130Ot9u5osqpQhHTvolxDE87Tii8i3hJSj\n"
67 "TTY9K0ZwGb4AZ6QkuyMXS1jtOY657HqjpGZqT/2Syh0i7dM/hqSXFw0SPbyq+W1H\n"
68 "SVFWa1CTkPywFWAzwdr5WKah77uZ1dxWqgPgUdcZOiIQtLRp5n3fg40Nwso5YdwS\n"
69 "64+ebBX1pkhrCQ8AGc8O61Ep1JTXcO7jqQmPgzjiN+FeostI1Dp73S3MqleTAHjR\n"
70 "hqZ77VF7nkroMM9btMHJBaxnfwc2ewULUJwnuOiGWrvMq/9Z4J8CAwEAAaOB/DCB\n"
71 "+TAdBgNVHQ4EFgQUkqpVn7N3gmiJ7X5zQ2bki+7qv4UwgckGA1UdIwSBwTCBvoAU\n"
72 "kqpVn7N3gmiJ7X5zQ2bki+7qv4WhgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n"
73 "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n"
74 "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n"
75 "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA0qAPB2UNhAMwDAYD\n"
76 "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJy0XLk8j8YLSTt2/VMy9TAUx\n"
77 "esXUiZj0Ung+gkr7A1K0NnwYxDzG2adMhf13upHoydu2ErLMmD6F77x+QuY/q7nc\n"
78 "ZvO0tvcoAP6ToSDwiypU5dnTmnfkgwVwzFkNCi1sGRosEm8c/c/8MfK0I0nVdj1/\n"
79 "BIkIG7tTDVi9JvkWYl0UlSKWTZKrntVwCmscfC02DGb+GoLbO9+QmiNM5Y3yOYZ4\n"
80 "Pc7SSoKLL0rwJBmpPNs7boYsweeSuCAVu0shRfgC90odXcej2EN5ETfCuU1evXNW\n"
81 "5cA+zZsDK/nWJwxBaW0CxAHX579FElFWlK4+BnzhZRdDhmJDnN5dh4ekJGM6Lg==\n"
82 "-----END CERTIFICATE-----\n";
83
84/* Client:
85 Certificate:
86 Data:
87 Version: 3 (0x2)
88 Serial Number: 5 (0x5)
89 Signature Algorithm: sha1WithRSAEncryption
90 Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp
91 Validity
92 Not Before: Oct 27 04:04:05 2009 GMT
93 Not After : Oct 25 04:04:05 2019 GMT
94 Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=client.test/emailAddress=client@test
95 Subject Public Key Info:
96 Public Key Algorithm: rsaEncryption
97 RSA Public Key: (1024 bit)
98 Modulus (1024 bit):
99 00:bd:eb:50:1e:9d:7a:cd:9d:bb:e7:bc:4e:38:4a:
100 b2:cc:9e:b4:89:77:01:ef:d1:c6:19:29:00:fe:ce:
101 3c:62:05:13:b1:8c:ff:31:7a:0f:c1:2e:4b:3c:0c:
102 40:1e:36:4e:76:da:0a:64:43:fc:1e:ea:0c:97:b2:
103 57:9c:9c:8c:90:bd:eb:23:7b:b8:b7:5c:03:ed:6f:
104 48:55:8a:88:08:38:c5:cd:33:b7:ab:a8:3a:6f:7f:
105 13:10:65:a5:50:b9:f4:8b:cc:2e:e9:79:58:a6:11:
106 f0:58:45:41:ef:36:b3:35:cb:14:ec:82:0c:ad:11:
107 6a:ea:64:ef:28:a2:6e:47:45
108 Exponent: 65537 (0x10001)
109 X509v3 extensions:
110 X509v3 Basic Constraints:
111 CA:FALSE
112 Netscape Comment:
113 OpenSSL Generated Certificate
114 X509v3 Subject Key Identifier:
115 BE:B3:89:4F:9D:8F:6C:20:C4:D0:3E:6A:05:11:82:50:54:49:70:A2
116 X509v3 Authority Key Identifier:
117 keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85
118
119 Signature Algorithm: sha1WithRSAEncryption
120 a3:88:f5:15:b5:ad:20:60:a1:85:19:3f:b9:5e:1e:be:31:7f:
121 84:7a:c2:18:3a:63:6a:67:1f:46:86:4d:10:d6:1d:ad:a2:c8:
122 0b:95:33:fa:e4:05:f4:b8:70:34:77:f7:85:6e:70:46:ac:39:
123 54:a9:5f:ea:5e:d1:33:bb:c9:a3:42:81:41:90:25:b5:92:8b:
124 e8:6e:3e:97:06:dd:9a:cc:29:61:34:5a:d3:1c:5d:ad:d1:a3:
125 eb:6a:47:b4:d0:c2:17:89:e1:e2:2d:36:18:50:1a:e7:d4:fc:
126 38:2e:47:0b:39:50:87:2f:aa:07:64:f8:9a:4d:47:01:da:10:
127 d8:97:c7:a6:13:bc:0e:ca:63:c1:f2:09:fb:f8:6a:a4:5f:08:
128 b5:ad:ed:4f:71:b9:89:7f:43:27:85:72:e7:8d:a8:4a:cc:f6:
129 36:ca:8a:ae:82:b5:a8:42:41:99:87:84:7c:f0:90:fd:ca:96:
130 37:a2:e0:d9:fa:dd:a4:c9:f1:50:b7:e5:e6:8f:af:83:8c:23:
131 b6:20:cc:66:e3:08:60:13:02:8f:42:3a:07:91:a7:38:b2:72:
132 16:fd:bd:a9:60:f0:e2:9f:23:f3:c0:99:e3:17:bc:00:7c:b3:
133 89:9c:ea:fa:3e:f6:69:a1:98:c2:ec:46:da:70:b6:f9:c3:93:
134 a7:fc:36:dd
135*/
136static char client_cert_data[] ="-----BEGIN CERTIFICATE-----\n"
137 "MIIDiTCCAnGgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n"
138 "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n"
139 "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n"
140 "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n"
141 "MDQwNDA1WhcNMTkxMDI1MDQwNDA1WjCBgTELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n"
142 "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n"
143 "DAZBQUEgV0cxFDASBgNVBAMMC2NsaWVudC50ZXN0MRowGAYJKoZIhvcNAQkBFgtj\n"
144 "bGllbnRAdGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvetQHp16zZ27\n"
145 "57xOOEqyzJ60iXcB79HGGSkA/s48YgUTsYz/MXoPwS5LPAxAHjZOdtoKZEP8HuoM\n"
146 "l7JXnJyMkL3rI3u4t1wD7W9IVYqICDjFzTO3q6g6b38TEGWlULn0i8wu6XlYphHw\n"
147 "WEVB7zazNcsU7IIMrRFq6mTvKKJuR0UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg\n"
148 "hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O\n"
149 "BBYEFL6ziU+dj2wgxNA+agURglBUSXCiMB8GA1UdIwQYMBaAFJKqVZ+zd4Joie1+\n"
150 "c0Nm5Ivu6r+FMA0GCSqGSIb3DQEBBQUAA4IBAQCjiPUVta0gYKGFGT+5Xh6+MX+E\n"
151 "esIYOmNqZx9Ghk0Q1h2tosgLlTP65AX0uHA0d/eFbnBGrDlUqV/qXtEzu8mjQoFB\n"
152 "kCW1kovobj6XBt2azClhNFrTHF2t0aPrake00MIXieHiLTYYUBrn1Pw4LkcLOVCH\n"
153 "L6oHZPiaTUcB2hDYl8emE7wOymPB8gn7+GqkXwi1re1PcbmJf0MnhXLnjahKzPY2\n"
154 "yoqugrWoQkGZh4R88JD9ypY3ouDZ+t2kyfFQt+Xmj6+DjCO2IMxm4whgEwKPQjoH\n"
155 "kac4snIW/b2pYPDinyPzwJnjF7wAfLOJnOr6PvZpoZjC7EbacLb5w5On/Dbd\n"
156 "-----END CERTIFICATE-----\n";
157static char client_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n"
158 "MIICXgIBAAKBgQC961AenXrNnbvnvE44SrLMnrSJdwHv0cYZKQD+zjxiBROxjP8x\n"
159 "eg/BLks8DEAeNk522gpkQ/we6gyXslecnIyQvesje7i3XAPtb0hViogIOMXNM7er\n"
160 "qDpvfxMQZaVQufSLzC7peVimEfBYRUHvNrM1yxTsggytEWrqZO8oom5HRQIDAQAB\n"
161 "AoGBAIYnsOLPby3LnC5n8AEHkyHDgdgQvsd/MSYYtuFHIZRD7dNfu+xhQru9TdvO\n"
162 "84Pj7K07/FczRuc3gUmu6wBv/UIP9To15RHZh+/n537nybGus5S4IYKVvap477To\n"
163 "0rQDf9ec27iw77gxb7moQ9Otuxwbv0h0Z+1EVLI8d8jHOq0BAkEA9YNr0R+7KXBS\n"
164 "48yT43g5HpOFkTZzNXWVdpSvYGneb56wslk5Eatp235I4uz/a7Rej5v99W0M3nSe\n"
165 "/AgHfYn75QJBAMYH/pBx/WkrLj+pPaARlNwInCIC5zUhr6B0IKCt2tvy5eyuc5sd\n"
166 "AoTFaU+cSI+ZqsRzY8jMKkonktxBg48oJ+ECQQCt4AtlqcFVkbVCm8pJGQXq/7Ni\n"
167 "qlthiwr1Vkv2TkQ4bPza8pGWT/3Cc2ePPyWN08n8jw+G11p72cAW4mDbqfN5AkEA\n"
168 "mNYKrkiLn+NnqlJf8W4gSUGL3uQGtYbuGRQHKnuDckWhFm39YzWcgAQsJvkjN1EN\n"
169 "7thvpsWLzfeE7ODTPGVtgQJATObxYJOt6rms3fAStwuXW3ET77TA1ja4XsUEe5Yu\n"
170 "JpcQOruJb9XwndqzNbL0dSUePb9gFiBCGKYOyreNTTRTmw==\n"
171 "-----END RSA PRIVATE KEY-----\n";
172
173/* Server:
174 Certificate:
175 Data:
176 Version: 3 (0x2)
177 Serial Number: 4 (0x4)
178 Signature Algorithm: sha1WithRSAEncryption
179 Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp
180 Validity
181 Not Before: Oct 27 04:03:39 2009 GMT
182 Not After : Oct 25 04:03:39 2019 GMT
183 Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=serv.test/emailAddress=serv@test
184 Subject Public Key Info:
185 Public Key Algorithm: rsaEncryption
186 RSA Public Key: (1024 bit)
187 Modulus (1024 bit):
188 00:a6:f7:1c:a9:90:5b:fa:c8:f6:a3:04:0c:d0:8b:
189 45:c3:90:f7:2d:c2:c9:d7:bd:66:8a:7c:1c:51:89:
190 40:9e:cd:70:57:cb:00:47:a3:e8:76:8b:00:b3:c9:
191 c3:0d:b1:b9:2a:08:9f:52:92:82:d3:18:c1:d8:d1:
192 b8:1e:fd:71:fe:23:ec:19:e9:6d:9d:fd:ae:88:bc:
193 39:44:7a:37:ad:c6:88:d1:64:7c:b1:d4:3c:a9:30:
194 c4:de:51:02:c4:48:4f:25:3e:2f:93:ae:25:32:66:
195 9a:dc:f4:44:45:ff:7f:12:49:97:0d:01:8d:13:9a:
196 d3:8f:9e:2d:62:95:02:0a:c7
197 Exponent: 65537 (0x10001)
198 X509v3 extensions:
199 X509v3 Basic Constraints:
200 CA:FALSE
201 Netscape Comment:
202 OpenSSL Generated Certificate
203 X509v3 Subject Key Identifier:
204 0C:33:C4:7F:39:D0:34:FF:F8:61:A1:46:8B:49:1D:A3:57:B3:4D:58
205 X509v3 Authority Key Identifier:
206 keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85
207
208 Signature Algorithm: sha1WithRSAEncryption
209 87:f5:49:a6:04:f9:98:9a:f1:1a:68:ce:06:ae:4c:0c:08:eb:
210 ba:98:e7:3f:df:22:7f:35:88:1d:b7:8a:f3:89:a3:68:0d:53:
211 45:eb:23:a1:dd:6b:dc:b0:80:58:0c:10:0b:49:74:ea:a8:b6:
212 8c:2e:c6:73:dc:7a:74:c7:59:3e:79:5a:d2:5c:15:0b:f1:d8:
213 19:37:2a:c0:22:75:10:3f:4c:e9:a1:e0:eb:b2:9e:09:70:3d:
214 2a:4c:fe:9c:99:36:4b:aa:6c:e1:8b:9c:aa:e1:29:1f:49:6b:
215 14:db:12:ae:cf:68:4a:dd:03:e1:3b:ad:79:b4:54:84:1d:bb:
216 ac:45:c4:85:f1:03:65:65:96:23:ae:e7:97:3c:5c:db:ce:55:
217 34:5d:c3:73:ec:cd:f6:0f:a5:81:5f:c2:ab:a3:42:fa:36:7f:
218 83:ef:db:0f:cd:62:0b:ea:d9:4f:73:35:68:5f:23:d5:0a:be:
219 ff:7f:23:9a:af:0d:a5:f8:3e:3a:f0:63:1c:e1:d2:96:81:cf:
220 7b:5a:6b:d0:9b:67:56:9e:aa:a9:e8:f1:6c:fb:54:2b:1a:f4:
221 ef:16:5a:be:1d:a9:c8:d6:cc:f7:42:8c:fe:83:2c:84:8c:80:
222 fb:1c:88:f6:35:1c:ae:43:72:fa:68:30:9c:25:8b:db:2c:84:
223 87:76:9d:b9
224*/
225static char server_cert_data[] ="-----BEGIN CERTIFICATE-----\n"
226 "MIIDhDCCAmygAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n"
227 "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n"
228 "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n"
229 "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n"
230 "MDQwMzM5WhcNMTkxMDI1MDQwMzM5WjB9MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n"
231 "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n"
232 "BkFBQSBXRzESMBAGA1UEAwwJc2Vydi50ZXN0MRgwFgYJKoZIhvcNAQkBFglzZXJ2\n"
233 "QHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKb3HKmQW/rI9qMEDNCL\n"
234 "RcOQ9y3Cyde9Zop8HFGJQJ7NcFfLAEej6HaLALPJww2xuSoIn1KSgtMYwdjRuB79\n"
235 "cf4j7BnpbZ39roi8OUR6N63GiNFkfLHUPKkwxN5RAsRITyU+L5OuJTJmmtz0REX/\n"
236 "fxJJlw0BjROa04+eLWKVAgrHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4\n"
237 "QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQM\n"
238 "M8R/OdA0//hhoUaLSR2jV7NNWDAfBgNVHSMEGDAWgBSSqlWfs3eCaIntfnNDZuSL\n"
239 "7uq/hTANBgkqhkiG9w0BAQUFAAOCAQEAh/VJpgT5mJrxGmjOBq5MDAjrupjnP98i\n"
240 "fzWIHbeK84mjaA1TResjod1r3LCAWAwQC0l06qi2jC7Gc9x6dMdZPnla0lwVC/HY\n"
241 "GTcqwCJ1ED9M6aHg67KeCXA9Kkz+nJk2S6ps4YucquEpH0lrFNsSrs9oSt0D4Tut\n"
242 "ebRUhB27rEXEhfEDZWWWI67nlzxc285VNF3Dc+zN9g+lgV/Cq6NC+jZ/g+/bD81i\n"
243 "C+rZT3M1aF8j1Qq+/38jmq8Npfg+OvBjHOHSloHPe1pr0JtnVp6qqejxbPtUKxr0\n"
244 "7xZavh2pyNbM90KM/oMshIyA+xyI9jUcrkNy+mgwnCWL2yyEh3aduQ==\n"
245 "-----END CERTIFICATE-----\n";
246static char server_priv_data[] ="-----BEGIN RSA PRIVATE KEY-----\n"
247 "MIICXQIBAAKBgQCm9xypkFv6yPajBAzQi0XDkPctwsnXvWaKfBxRiUCezXBXywBH\n"
248 "o+h2iwCzycMNsbkqCJ9SkoLTGMHY0bge/XH+I+wZ6W2d/a6IvDlEejetxojRZHyx\n"
249 "1DypMMTeUQLESE8lPi+TriUyZprc9ERF/38SSZcNAY0TmtOPni1ilQIKxwIDAQAB\n"
250 "AoGAZv3Ddm0P79CLIt9asEFY1VvUvSuMqkGwwPfx1/HcJJkBFYapM4fN22G/Gyf3\n"
251 "47ifSWhsLtklTeXVnVMwSh14dJaJQuSEnaFnUUWfjiRbEAXZnMFwAIiaszEZbPap\n"
252 "NUNpcGl06FZrphYAMkjOVUfjCjfOZDAvL4JGpo271Zx4l0ECQQDYoFFQpBCPx0PK\n"
253 "TWUmvatXI/Amo94XkGfofbdeeI8PiAJBO5UI6rmjjIVwsJwO9dQb/IlP1/OnBeJv\n"
254 "p9YW5uixAkEAxVAOKu7mpGu0Q/K2iEUUYDX9YHf253kgkdIDF4iZk4Tcecjoxuru\n"
255 "fIWu9dMtyDVV+HT2X4cNEnO1/oS3kJII9wJBAJkdwDwiqz4lV6o/yFZ4zAoc8dsu\n"
256 "CoZXYMq5SYox5tTQit928OHLn4mVgqBjhPsiEVnyx0+zUZpmE2ZemHm5nxECQHfE\n"
257 "FBVzVYRP6+eil7E3XRrZKqc3qiLunxpkA4RxYebtKnaxwLmdOI1VB9InEQ8JcNmT\n"
258 "BUkOzJx6p+mJ3XJfchkCQQDWmbMYYJajsjlS4YpdUUj7cBSotA6vtkNVHFr0/ak/\n"
259 "S+tLkMNuruaInWizK+BKYTIJLlQDf5u5NTrw41vye5Hv\n"
260 "-----END RSA PRIVATE KEY-----\n";
261
262/* Expired:
263 Certificate:
264 Data:
265 Version: 3 (0x2)
266 Serial Number: 6 (0x6)
267 Signature Algorithm: sha1WithRSAEncryption
268 Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp
269 Validity
270 Not Before: Oct 27 04:06:35 2009 GMT
271 Not After : Oct 28 04:06:35 2009 GMT
272 Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=expired.test/emailAddress=expired@test
273 Subject Public Key Info:
274 Public Key Algorithm: rsaEncryption
275 RSA Public Key: (1024 bit)
276 Modulus (1024 bit):
277 00:e3:17:15:54:85:dc:cf:c7:a0:32:4a:49:7d:55:
278 75:9b:29:15:db:7e:87:17:d9:0e:65:44:53:d7:19:
279 37:27:c7:c6:fe:c6:dc:72:2b:dc:86:1a:ff:24:6c:
280 63:3f:75:9c:0a:14:e1:70:06:79:d4:b9:26:d4:68:
281 4c:28:38:ba:34:60:56:02:3d:94:55:4a:1f:4e:5a:
282 f0:a5:71:4c:3e:71:69:39:ad:bc:aa:55:35:fb:73:
283 5b:5f:6c:30:71:8e:8a:b6:a5:06:cc:ee:dd:29:c7:
284 52:0d:a7:9c:0f:a1:ba:52:11:e2:1b:b9:74:6b:08:
285 87:11:d2:ec:a9:ac:63:63:4f
286 Exponent: 65537 (0x10001)
287 X509v3 extensions:
288 X509v3 Basic Constraints:
289 CA:FALSE
290 Netscape Comment:
291 OpenSSL Generated Certificate
292 X509v3 Subject Key Identifier:
293 1C:AF:66:42:5B:AD:AA:A5:9B:D9:AE:3A:C1:5A:AC:2F:CC:CE:22:6C
294 X509v3 Authority Key Identifier:
295 keyid:92:AA:55:9F:B3:77:82:68:89:ED:7E:73:43:66:E4:8B:EE:EA:BF:85
296
297 Signature Algorithm: sha1WithRSAEncryption
298 60:8f:55:55:59:82:0f:64:cb:b8:11:c8:44:ce:bf:69:07:0d:
299 be:c2:34:be:42:6a:78:15:39:9f:be:8a:17:d6:43:42:c9:7c:
300 f1:6d:5d:aa:c3:1b:4d:b0:f0:b6:73:46:2a:87:cd:55:56:a3:
301 6d:cc:de:a8:28:6a:53:85:9e:e5:68:b7:3c:f5:72:13:7b:d0:
302 21:f2:91:49:35:e0:37:1e:28:19:d5:1b:cc:e1:32:1e:7f:b0:
303 86:df:43:a4:47:0f:29:0b:eb:51:60:9a:f5:ca:50:f4:2d:59:
304 cd:fc:50:9d:29:ed:45:98:de:a2:5c:d1:b5:7a:34:ad:7a:73:
305 48:8b:a2:9b:89:8e:4a:2e:2a:04:19:d6:62:6a:0d:f0:96:f2:
306 f0:d0:22:77:3b:7f:b1:2a:f4:3b:17:47:5e:38:07:09:65:ad:
307 1d:ea:46:69:6a:96:b6:6b:3b:5c:cc:6e:30:d7:cb:53:69:59:
308 c2:63:78:2b:03:d4:d4:f7:17:29:99:9a:43:ff:78:0a:af:42:
309 c5:b3:8d:09:38:5b:30:70:28:c1:97:ab:fd:7f:87:9a:ec:f2:
310 97:44:ff:f5:b9:41:30:d1:c6:32:98:69:34:c4:39:30:6f:e2:
311 d3:b2:70:97:66:ee:41:f5:ae:0f:09:f0:ed:60:96:67:a9:8a:
312 cd:d6:95:f2
313*/
314static char expired_cert_data[]="-----BEGIN CERTIFICATE-----\n"
315 "MIIDizCCAnOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n"
316 "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n"
317 "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n"
318 "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI3\n"
319 "MDQwNjM1WhcNMDkxMDI4MDQwNjM1WjCBgzELMAkGA1UEBhMCSlAxDjAMBgNVBAgM\n"
320 "BVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURFMQ8wDQYDVQQL\n"
321 "DAZBQUEgV0cxFTATBgNVBAMMDGV4cGlyZWQudGVzdDEbMBkGCSqGSIb3DQEJARYM\n"
322 "ZXhwaXJlZEB0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjFxVUhdzP\n"
323 "x6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxyK9yGGv8kbGM/dZwKFOFwBnnU\n"
324 "uSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyqVTX7c1tfbDBxjoq2pQbM7t0p\n"
325 "x1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQABo3sweTAJBgNVHRMEAjAAMCwG\n"
326 "CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV\n"
327 "HQ4EFgQUHK9mQlutqqWb2a46wVqsL8zOImwwHwYDVR0jBBgwFoAUkqpVn7N3gmiJ\n"
328 "7X5zQ2bki+7qv4UwDQYJKoZIhvcNAQEFBQADggEBAGCPVVVZgg9ky7gRyETOv2kH\n"
329 "Db7CNL5CangVOZ++ihfWQ0LJfPFtXarDG02w8LZzRiqHzVVWo23M3qgoalOFnuVo\n"
330 "tzz1chN70CHykUk14DceKBnVG8zhMh5/sIbfQ6RHDykL61FgmvXKUPQtWc38UJ0p\n"
331 "7UWY3qJc0bV6NK16c0iLopuJjkouKgQZ1mJqDfCW8vDQInc7f7Eq9DsXR144Bwll\n"
332 "rR3qRmlqlrZrO1zMbjDXy1NpWcJjeCsD1NT3FymZmkP/eAqvQsWzjQk4WzBwKMGX\n"
333 "q/1/h5rs8pdE//W5QTDRxjKYaTTEOTBv4tOycJdm7kH1rg8J8O1glmepis3WlfI=\n"
334 "-----END CERTIFICATE-----\n";
335static char expired_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n"
336 "MIICXgIBAAKBgQDjFxVUhdzPx6AySkl9VXWbKRXbfocX2Q5lRFPXGTcnx8b+xtxy\n"
337 "K9yGGv8kbGM/dZwKFOFwBnnUuSbUaEwoOLo0YFYCPZRVSh9OWvClcUw+cWk5rbyq\n"
338 "VTX7c1tfbDBxjoq2pQbM7t0px1INp5wPobpSEeIbuXRrCIcR0uyprGNjTwIDAQAB\n"
339 "AoGASwPoDui9XYHTIGm7xwRA+kVjLAOq+qy//aHJlEeHGcP7r1PfpHNqwH4QhGat\n"
340 "jlv6dLYbFld9TVDwS8A8UBkVIPLWnCysd5tF2A4C5akx6ouW6HliW/JheYrgl8AV\n"
341 "PVeR3bm91UbnpC0ABVlw87jp1Ovyr60Suo4jsoJz+CyTa2ECQQD0LJWpnwn1jIlR\n"
342 "DGkLi7F3E70JJcdhTWzBjGFD+Na+/2ZO0MKLhK+O1WUkKa0oi+e5P1JOnGIpTI8c\n"
343 "BJOO415RAkEA7hauapYuqGI/auSPH8/nFB5z1G94RTxo2a5THKcG5MqS/8N3ubFj\n"
344 "i2PPS0lEYVjqoHEsZUsMnDmXp6KDKMAfnwJBAIp+T1UqM8fmsmwaEerOjRXxSCNM\n"
345 "Hk5+T9Vn/jNDjOpAipLhrbbcx4bIWtmsGd8Jm6Fi3RhhcvvhxLorjlZZeEECQQCf\n"
346 "IaPD88sNmlUewdLzhUbCiLQMadCuHflKfRxpyy1tYAQuVFxCTdDlynkzra25ju+K\n"
347 "+vmcXjP4evnk/lbBtt+rAkEAgOr4Apgs3nMppngPV5yFx0NDqH2n8PlEAM1Il4Qs\n"
348 "IuuK18v0KwlUGAfEEmCiNh1e1qkLmD0CnI2QjYAjcLQUhw==\n"
349 "-----END RSA PRIVATE KEY-----\n";
350
351/* Unknown CA certificate :
352 Certificate:
353 Data:
354 Version: 3 (0x2)
355 Serial Number: 1 (0x1)
356 Signature Algorithm: sha1WithRSAEncryption
357 Issuer: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=chavroux.cowaddict.org/emailAddress=sdecugis@nict.go.jp
358 Validity
359 Not Before: Oct 28 08:04:40 2009 GMT
360 Not After : Oct 28 08:04:40 2010 GMT
361 Subject: C=JP, ST=Tokyo, L=Koganei, O=WIDE, OU=AAA WG, CN=unknown.cs/emailAddress=unknown@ca
362 Subject Public Key Info:
363 Public Key Algorithm: rsaEncryption
364 RSA Public Key: (1024 bit)
365 Modulus (1024 bit):
366 00:e6:3a:d5:8a:14:c8:15:d0:f0:5c:03:c3:af:33:
367 51:2c:17:b7:65:ac:45:e8:48:2d:ae:70:fd:7c:79:
368 3a:c7:80:c8:50:53:d0:19:d8:3a:26:a8:16:4d:4c:
369 04:17:09:df:69:9b:59:2b:89:c8:e0:60:bb:1d:37:
370 82:d2:3f:17:39:c9:8f:5d:76:e1:0f:6e:08:9a:8f:
371 16:4a:ea:83:86:f9:bd:15:14:56:68:87:79:05:f9:
372 5f:66:11:bd:22:46:26:64:be:57:16:51:66:41:50:
373 ac:f2:b1:ca:d0:38:11:4b:4c:b2:ee:25:36:6e:d3:
374 b9:63:72:c4:84:82:1c:2b:27
375 Exponent: 65537 (0x10001)
376 X509v3 extensions:
377 X509v3 Basic Constraints:
378 CA:FALSE
379 Netscape Comment:
380 OpenSSL Generated Certificate
381 X509v3 Subject Key Identifier:
382 BA:5A:9D:D2:B0:4B:72:D6:1F:00:11:0B:B5:7B:59:DF:08:38:81:BE
383 X509v3 Authority Key Identifier:
384 keyid:52:C5:A4:63:B8:DB:AC:F2:92:34:2F:72:56:71:C8:11:8E:76:E6:DF
385
386 Signature Algorithm: sha1WithRSAEncryption
387 90:8f:3b:bd:e3:a1:ca:6a:92:a6:fd:f0:64:ae:46:83:32:35:
388 61:80:57:8b:30:12:70:02:e1:51:d9:87:c8:af:d9:4b:b9:6d:
389 bf:ab:86:5f:19:1f:dc:af:84:67:bf:3c:bf:33:f3:7c:c6:81:
390 7b:e4:e9:26:1d:bc:d6:8c:ab:72:94:7f:85:33:95:d9:24:ec:
391 fd:7b:d2:fd:50:3e:e5:61:4f:75:51:ae:c6:4a:ec:df:cf:aa:
392 73:a5:08:f7:f3:9a:40:66:48:f0:8e:9b:43:b1:30:f3:e3:c8:
393 36:3f:68:36:6a:1c:aa:16:40:49:b4:73:9a:71:f1:17:6c:0b:
394 d3:e1:a7:b7:40:de:2c:3c:36:7c:d4:dd:d6:94:c9:d7:5f:f5:
395 ae:35:56:e8:cc:65:9c:bb:3d:e8:7a:ca:0e:ed:78:03:41:cb:
396 fd:80:81:de:f9:de:b2:14:4b:81:24:36:de:29:c1:06:11:86:
397 8c:a9:b0:0c:c7:57:cf:79:a7:3a:84:0c:27:dc:86:6d:cb:44:
398 2d:26:dc:7e:fb:17:d6:b2:3d:31:03:d3:f1:ab:5d:91:5d:94:
399 e4:94:88:70:96:b3:7c:0f:15:fe:c8:c6:4d:99:37:ab:09:0c:
400 da:ba:b6:0e:fa:5e:bb:4b:ce:04:21:06:09:a9:2c:27:86:76:
401 cc:ee:73:6f
402*/
403static char notrust_ca_data[] = "-----BEGIN CERTIFICATE-----\n"
404 "MIIEqjCCA5KgAwIBAgIJAP3UMghSlH9PMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD\n"
405 "VQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNV\n"
406 "BAoMBFdJREUxDzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293\n"
407 "YWRkaWN0Lm9yZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDAe\n"
408 "Fw0wOTEwMjgwODAzNDRaFw0xOTEwMjYwODAzNDRaMIGUMQswCQYDVQQGEwJKUDEO\n"
409 "MAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUx\n"
410 "DzANBgNVBAsMBkFBQSBXRzEfMB0GA1UEAwwWY2hhdnJvdXguY293YWRkaWN0Lm9y\n"
411 "ZzEiMCAGCSqGSIb3DQEJARYTc2RlY3VnaXNAbmljdC5nby5qcDCCASIwDQYJKoZI\n"
412 "hvcNAQEBBQADggEPADCCAQoCggEBALKW9iSUggF5mbvYe1Xk128Csfiijx+fwH5y\n"
413 "ZqWrHNt0YG/tZSwyCDMWBLXTeuYsntg5y0mcpsrN8v02tvrPiCzDfRPyz3mG68us\n"
414 "DPEEgQ1kqL2Gsti2DUcsdyZcDM+4rgsWRivgOTVyoNimv5f+xgmPYoElkgelLwZK\n"
415 "WxGt1VCebOxP3qZA3hSHWE1hJgL4svful7RD1PbwPzidxJKITyAiJoPKWQA9cjSa\n"
416 "gVzRQ7S4vmYALJn7xe+dMFRcfAK8RMv7/gJF6Rw7zufW0DIZK98KZs6aL0lmMPVk\n"
417 "f31N2uvndf+cjy0n4luwEoXY+TeJZY205lbwHrzR0rH75FSm0RsCAwEAAaOB/DCB\n"
418 "+TAdBgNVHQ4EFgQUUsWkY7jbrPKSNC9yVnHIEY525t8wgckGA1UdIwSBwTCBvoAU\n"
419 "UsWkY7jbrPKSNC9yVnHIEY525t+hgZqkgZcwgZQxCzAJBgNVBAYTAkpQMQ4wDAYD\n"
420 "VQQIDAVUb2t5bzEQMA4GA1UEBwwHS29nYW5laTENMAsGA1UECgwEV0lERTEPMA0G\n"
421 "A1UECwwGQUFBIFdHMR8wHQYDVQQDDBZjaGF2cm91eC5jb3dhZGRpY3Qub3JnMSIw\n"
422 "IAYJKoZIhvcNAQkBFhNzZGVjdWdpc0BuaWN0LmdvLmpwggkA/dQyCFKUf08wDAYD\n"
423 "VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEACANo6IR3OQlQaXHJaprVVDvl\n"
424 "oMJC0FRbVCK503sbmWTJL98UqxRdsTZNIL07gXlK0oUKyiNijIXiLG8d5IlUrDxF\n"
425 "H/Vsu6s8k3/PpAUVeiO2oygWqvU5NGvt0jg54MrOJKhYYPWrzbmHty+cAXyoNzOR\n"
426 "+W5RX6HRQgxvZWQq2Ok46VX622R1nNjFmCBYT7I7/gWG+hkbIAoH6d9sULLjpC+B\n"
427 "bI+L/N7ac9/Og8pGIgpUI60Gn5zO93+E+Nhg+1BlcDHGnQD6vFNs8LYp5CCX/Zj1\n"
428 "tWFVXZnx58odaU3M4t9/ZQnkZdx9YJIroETbN0PoqlnSagBjgUvbWwn4YCotCA==\n"
429 "-----END CERTIFICATE-----\n";
430
431static char notrust_cert_data[]="-----BEGIN CERTIFICATE-----\n"
432 "MIIDhjCCAm6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCSlAx\n"
433 "DjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdLb2dhbmVpMQ0wCwYDVQQKDARXSURF\n"
434 "MQ8wDQYDVQQLDAZBQUEgV0cxHzAdBgNVBAMMFmNoYXZyb3V4LmNvd2FkZGljdC5v\n"
435 "cmcxIjAgBgkqhkiG9w0BCQEWE3NkZWN1Z2lzQG5pY3QuZ28uanAwHhcNMDkxMDI4\n"
436 "MDgwNDQwWhcNMTAxMDI4MDgwNDQwWjB/MQswCQYDVQQGEwJKUDEOMAwGA1UECAwF\n"
437 "VG9reW8xEDAOBgNVBAcMB0tvZ2FuZWkxDTALBgNVBAoMBFdJREUxDzANBgNVBAsM\n"
438 "BkFBQSBXRzETMBEGA1UEAwwKdW5rbm93bi5jczEZMBcGCSqGSIb3DQEJARYKdW5r\n"
439 "bm93bkBjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5jrVihTIFdDwXAPD\n"
440 "rzNRLBe3ZaxF6EgtrnD9fHk6x4DIUFPQGdg6JqgWTUwEFwnfaZtZK4nI4GC7HTeC\n"
441 "0j8XOcmPXXbhD24Imo8WSuqDhvm9FRRWaId5BflfZhG9IkYmZL5XFlFmQVCs8rHK\n"
442 "0DgRS0yy7iU2btO5Y3LEhIIcKycCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB\n"
443 "hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE\n"
444 "FLpandKwS3LWHwARC7V7Wd8IOIG+MB8GA1UdIwQYMBaAFFLFpGO426zykjQvclZx\n"
445 "yBGOdubfMA0GCSqGSIb3DQEBBQUAA4IBAQCQjzu946HKapKm/fBkrkaDMjVhgFeL\n"
446 "MBJwAuFR2YfIr9lLuW2/q4ZfGR/cr4Rnvzy/M/N8xoF75OkmHbzWjKtylH+FM5XZ\n"
447 "JOz9e9L9UD7lYU91Ua7GSuzfz6pzpQj385pAZkjwjptDsTDz48g2P2g2ahyqFkBJ\n"
448 "tHOacfEXbAvT4ae3QN4sPDZ81N3WlMnXX/WuNVbozGWcuz3oesoO7XgDQcv9gIHe\n"
449 "+d6yFEuBJDbeKcEGEYaMqbAMx1fPeac6hAwn3IZty0QtJtx++xfWsj0xA9Pxq12R\n"
450 "XZTklIhwlrN8DxX+yMZNmTerCQzaurYO+l67S84EIQYJqSwnhnbM7nNv\n"
451 "-----END CERTIFICATE-----\n";
452static char notrust_priv_data[]="-----BEGIN RSA PRIVATE KEY-----\n"
453 "MIICXQIBAAKBgQDmOtWKFMgV0PBcA8OvM1EsF7dlrEXoSC2ucP18eTrHgMhQU9AZ\n"
454 "2DomqBZNTAQXCd9pm1kricjgYLsdN4LSPxc5yY9dduEPbgiajxZK6oOG+b0VFFZo\n"
455 "h3kF+V9mEb0iRiZkvlcWUWZBUKzyscrQOBFLTLLuJTZu07ljcsSEghwrJwIDAQAB\n"
456 "AoGAeRec1SGVE5Rvt5XrSK0vFofq2DlCE6hTDpszWFLTDbe4pDdRDybhfw+Nm15O\n"
457 "EGgK8BrbTcEMvKdkAzv9POQeLDE8JImgesHZFxN3jnkK+b762BGRDt57DzvMJsfj\n"
458 "1LBle+UBnZB1CvjrINvu+tNMVPlUpjIstbpMq0D+s01+ijECQQD8MHTv/M+Uc86u\n"
459 "1SFywgs+eQPQ8g0OoTLxzqo6YhW8FtwLjoRCZx2TNQS5gYBuQrixd/yE0Spfv9aS\n"
460 "UtlAaOc1AkEA6bVufggHVHcgiWqS8CHzb6g/GRxQixVshOsoVLMkCSz04zlwIfXF\n"
461 "c03hh5RJVv7jmuBmhHbayujMgvinw75oawJAQb9oXUDt5Wgj1FTgeYi5YbovEoRo\n"
462 "fw3ruDsHCl2UCQt0ptarCJzVixFhf/ORRi3C9RGxFfdqMrhS+qb62N4AmQJBALYU\n"
463 "T1BLiwJoiWXmLTJ/EP0V9Irov2uMtm5cE6DhrJqlduksz8r1gu7RZ3tMsVLg5Iy+\n"
464 "dcCQJOffNa54caQUTZ8CQQDTs/70Nr6F6ktrtmtU/S7lIitpQJCu9u/SPyBYPmFZ\n"
465 "9Axy6Ee66Php+eWDNP4Ln4axrapD0732wD8DcmGDVHij\n"
466 "-----END RSA PRIVATE KEY-----\n";
467
468/* Diffie-Hellman parameters, generated with GNUTLS certtool:
469certtool --generate-dh-params
470 Generator: 06
471
472 Prime: ea:c3:75:0b:32:cf:d9:17:98:5c:da:d1
473 e0:1d:b9:7c:be:29:60:b0:6f:68:a9:f6
474 8d:75:05:59:69:04:ae:39:7c:2b:74:04
475 3c:e2:da:28:8a:9b:93:aa:67:05:a7:3e
476 06:3e:0d:31:63:88:55:ad:5a:bd:41:22
477 b7:58:a7:45:b3:d5:03:ad:de:3c:8d:69
478 42:bf:84:3d:c1:90:e7:39:6a:4b:87:01
479 19:e5:f3:a4:e5:8e:e2:45:d5:0c:6b:17
480 22:2b:2e:50:83:91:0c:5b:82:fc:72:27
481 49:3b:9f:29:11:53:c7:90:b8:8d:87:73
482 1a:7b:05:ab:cb:30:59:16:71:30:60:1b
483 4c:80:15:3a:a2:d3:47:b7:4a:61:de:64
484 7e:79:de:88:53:b7:7a:c6:a2:9a:bb:55
485 40:2d:7a:71:c7:41:b5:29:df:d7:5c:fb
486 42:e4:d8:5e:0b:99:d3:3c:93:0f:33:51
487 8b:f4:60:e4:c5:b5:58:21:c0:51:c4:43
488 25:7c:37:fe:5c:d3:62:6c:2a:af:a7:2a
489 82:d5:d3:e2:bb:5d:ad:84:15:f6:78:d9
490 d5:a8:f7:f0:48:5c:8d:e0:3d:04:ac:cf
491 aa:34:3f:5d:f2:0d:3d:ee:ec:b8:d8:e8
492 ad:dc:d3:40:59:a0:fd:45:62:47:63:c0
493 bd:f5:df:8b
494*/
495static char dh_params_data[] = "-----BEGIN DH PARAMETERS-----\n"
496 "MIIBCAKCAQEA6sN1CzLP2ReYXNrR4B25fL4pYLBvaKn2jXUFWWkErjl8K3QEPOLa\n"
497 "KIqbk6pnBac+Bj4NMWOIVa1avUEit1inRbPVA63ePI1pQr+EPcGQ5zlqS4cBGeXz\n"
498 "pOWO4kXVDGsXIisuUIORDFuC/HInSTufKRFTx5C4jYdzGnsFq8swWRZxMGAbTIAV\n"
499 "OqLTR7dKYd5kfnneiFO3esaimrtVQC16ccdBtSnf11z7QuTYXguZ0zyTDzNRi/Rg\n"
500 "5MW1WCHAUcRDJXw3/lzTYmwqr6cqgtXT4rtdrYQV9njZ1aj38EhcjeA9BKzPqjQ/\n"
501 "XfINPe7suNjordzTQFmg/UViR2PAvfXfiwIBBg==\n"
502 "-----END DH PARAMETERS-----\n";
503
504
505/* List server endpoints */
506static struct fd_list eps = FD_LIST_INITIALIZER(eps);
507
508/* Pass parameters to the connect thread */
509struct connect_flags {
510 int proto;
511 int expect_failure; /* 0 or 1 */
512};
513
514/* Client's side of the connection established from a separate thread */
515static void * connect_thr(void * arg)
516{
517 struct connect_flags * cf = arg;
518 struct cnxctx * cnx = NULL;
519
520 fd_log_threadname ( "testcnx:connect" );
521
522 /* Connect to the server */
523 switch (cf->proto) {
524 case IPPROTO_TCP:
525 {
526 struct fd_endpoint * ep = (struct fd_endpoint *)(eps.next);
527 cnx = fd_cnx_cli_connect_tcp( &ep->sa, sSAlen(&ep->ss) );
528 CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure );
529 }
530 break;
531#ifndef DISABLE_SCTP
532 case IPPROTO_SCTP:
533 {
534 cnx = fd_cnx_cli_connect_sctp(0, TEST_PORT, &eps);
535 CHECK( 1, (cnx ? 1 : 0) ^ cf->expect_failure );
536 }
537 break;
538#endif /* DISABLE_SCTP */
539 default:
540 CHECK( 0, 1 );
541 }
542
543 /* exit */
544 return cnx;
545}
546
547/* Parameters to the handshake thread */
548struct handshake_flags {
549 struct cnxctx * cnx;
550 gnutls_certificate_credentials_t creds;
551 int algo;
552 int ret;
553};
554
555/* Handshake the client's side */
556static void * handshake_thr(void * arg)
557{
558 struct handshake_flags * hf = arg;
559 fd_log_threadname ( "testcnx:handshake" );
560 hf->ret = fd_cnx_handshake(hf->cnx, GNUTLS_CLIENT, hf->algo, NULL, hf->creds);
561 return NULL;
562}
563
564/* Terminate the client's connection side */
565static void * destroy_thr(void * arg)
566{
567 struct cnxctx * cnx = arg;
568 fd_log_threadname ( "testcnx:destroy" );
569 fd_cnx_destroy(cnx);
570 return NULL;
571}
572
573/* Main test routine */
574int main(int argc, char *argv[])
575{
576 gnutls_datum_t ca = { (uint8_t *)ca_data, sizeof(ca_data) };
577 gnutls_datum_t server_cert = { (uint8_t *)server_cert_data, sizeof(server_cert_data) };
578 gnutls_datum_t server_priv = { (uint8_t *)server_priv_data, sizeof(server_priv_data) };
579 gnutls_datum_t client_cert = { (uint8_t *)client_cert_data, sizeof(client_cert_data) };
580 gnutls_datum_t client_priv = { (uint8_t *)client_priv_data, sizeof(client_priv_data) };
581 gnutls_datum_t expired_cert = { (uint8_t *)expired_cert_data, sizeof(expired_cert_data) };
582 gnutls_datum_t expired_priv = { (uint8_t *)expired_priv_data, sizeof(expired_priv_data) };
583 gnutls_datum_t notrust_ca = { (uint8_t *)notrust_ca_data, sizeof(notrust_ca_data) };
584 gnutls_datum_t notrust_cert = { (uint8_t *)notrust_cert_data, sizeof(notrust_cert_data) };
585 gnutls_datum_t notrust_priv = { (uint8_t *)notrust_priv_data, sizeof(notrust_priv_data) };
586 gnutls_datum_t dh_params = { (uint8_t *)dh_params_data, sizeof(dh_params_data) };
587
588 /* Listening socket, server side */
589 struct cnxctx * listener;
590#ifndef DISABLE_SCTP
591 struct cnxctx * listener_sctp;
592#endif /* DISABLE_SCTP */
593
594 /* Server & client connected sockets */
595 struct cnxctx * server_side;
596 struct cnxctx * client_side;
597
598 pthread_t thr;
599 int ret, i;
600 uint8_t * cer_buf;
601 size_t cer_sz;
602 uint8_t * rcv_buf;
603 size_t rcv_sz;
604
605 /* First, initialize the daemon modules */
606 INIT_FD();
607
608 /* Restrain the # of streams */
609 fd_g_config->cnf_sctp_str = NB_STREAMS;
610
611 /* Set the CA parameter in the config */
612 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( fd_g_config->cnf_sec_data.credentials,
613 &ca,
614 GNUTLS_X509_FMT_PEM), );
615 CHECK( 1, ret );
616
617 #ifdef GNUTLS_VERSION_300
618 {
619 /* We import these CA in the trust list */
620 gnutls_x509_crt_t * calist;
621 unsigned int cacount = 0;
622
623 CHECK_GNUTLS_DO( ret = gnutls_x509_crt_list_import2(&calist, &cacount, &ca, GNUTLS_X509_FMT_PEM,
624 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED), );
625 CHECK( 1, cacount );
626
627 CHECK_GNUTLS_DO( ret = gnutls_x509_trust_list_add_cas (fd_g_config->cnf_sec_data.trustlist, calist, cacount, 0), );
628 CHECK( 1, ret );
629 }
630
631 /* Use certificate verification during the handshake */
632 gnutls_certificate_set_verify_function (fd_g_config->cnf_sec_data.credentials, fd_tls_verify_credentials_2);
633
634 #endif /* GNUTLS_VERSION_300 */
635
636
637 /* Set the server credentials (in config) */
638 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( fd_g_config->cnf_sec_data.credentials,
639 &server_cert,
640 &server_priv,
641 GNUTLS_X509_FMT_PEM), );
642 CHECK( GNUTLS_E_SUCCESS, ret );
643
644 /* Set the default priority */
645 CHECK_GNUTLS_DO( ret = gnutls_priority_init( &fd_g_config->cnf_sec_data.prio_cache, GNUTLS_DEFAULT_PRIORITY, NULL), );
646 CHECK( GNUTLS_E_SUCCESS, ret );
647
648 /* Set default DH params */
649 CHECK_GNUTLS_DO( ret = gnutls_dh_params_import_pkcs3( fd_g_config->cnf_sec_data.dh_cache, &dh_params, GNUTLS_X509_FMT_PEM), );
650 CHECK( GNUTLS_E_SUCCESS, ret );
651
652
653 /* Initialize the server address (this should give a safe loopback address + port, even on non-standard configs) */
654 {
655 struct addrinfo hints, *ai, *aip;
656 memset(&hints, 0, sizeof(hints));
657 hints.ai_flags = AI_NUMERICSERV;
658 hints.ai_family = AF_INET;
659 CHECK( 0, getaddrinfo("localhost", _stringize(TEST_PORT), &hints, &ai) );
660 aip = ai;
661 while (aip) {
662 CHECK( 0, fd_ep_add_merge( &eps, aip->ai_addr, aip->ai_addrlen, EP_FL_DISC | EP_ACCEPTALL ));
663 aip = aip->ai_next;
664 };
665 freeaddrinfo(ai);
666
667 CHECK( 0, FD_IS_LIST_EMPTY(&eps) ? 1 : 0 );
668 }
669
670 /* Start the server(s) */
671 {
672 /* TCP server */
673 listener = fd_cnx_serv_tcp(TEST_PORT, 0, (struct fd_endpoint *)(eps.next));
674 CHECK( 1, listener ? 1 : 0 );
675
676 /* Accept incoming clients */
677 CHECK( 0, fd_cnx_serv_listen(listener));
678
679#ifndef DISABLE_SCTP
680 /* SCTP server */
681 listener_sctp = fd_cnx_serv_sctp(TEST_PORT, &eps);
682 CHECK( 1, listener_sctp ? 1 : 0 );
683
684 /* Accept incoming clients */
685 CHECK( 0, fd_cnx_serv_listen(listener_sctp));
686#endif /* DISABLE_SCTP */
687
688 }
689
690 /* Initialize the CER message */
691 {
692 struct msg * cer;
693 struct dict_object * model = NULL;
694 struct avp * oh;
695 union avp_value value;
696
697 /* Find the CER dictionary object */
698 CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_COMMAND, CMD_BY_NAME, "Capabilities-Exchange-Request", &model, ENOENT ) );
699
700 /* Create the instance */
701 CHECK( 0, fd_msg_new ( model, 0, &cer ) );
702
703 /* Now find the Origin-Host dictionary object */
704 CHECK( 0, fd_dict_search ( fd_g_config->cnf_dict, DICT_AVP, AVP_BY_NAME, "Origin-Host", &model, ENOENT ) );
705
706 /* Create the instance */
707 CHECK( 0, fd_msg_avp_new ( model, 0, &oh ) );
708 value.os.data = (uint8_t *)"Client.side";
709 value.os.len = strlen((char *)value.os.data);
710 CHECK( 0, fd_msg_avp_setvalue ( oh, &value ) );
711
712 /* Add the AVP */
713 CHECK( 0, fd_msg_avp_add( cer, MSG_BRW_LAST_CHILD, oh) );
714
715 #if 0
716 /* For debug: dump the object */
717 fd_log_debug("Dumping CER");
718 fd_log_debug("%s", fd_msg_dump_treeview(FD_DUMP_TEST_PARAMS, cer, fd_g_config->cnf_dict, 0, 1));
719 #endif
720
721 CHECK( 0, fd_msg_bufferize( cer, &cer_buf, &cer_sz ) );
722 CHECK( 0, fd_msg_free(cer) );
723 }
724
725 /* Simple TCP client / server test (no TLS) */
726 {
727 struct connect_flags cf;
728
729 memset(&cf, 0, sizeof(cf));
730 cf.proto = IPPROTO_TCP;
731
732 /* Start the client thread */
733 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
734
735 /* Accept the connection of the client */
736 server_side = fd_cnx_serv_accept(listener);
737 CHECK( 1, server_side ? 1 : 0 );
738 CHECK( 0, fd_cnx_start_clear(server_side, 0) );
739
740 /* Retrieve the client connection object */
741 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
742 CHECK( 1, client_side ? 1 : 0 );
743 CHECK( 0, fd_cnx_start_clear(client_side, 0) );
744
745 /* Send a message and receive it */
746 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
747 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
748 CHECK( cer_sz, rcv_sz );
749 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
750 free(rcv_buf);
751
752 /* Do it in the other direction */
753 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
754 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
755 CHECK( cer_sz, rcv_sz );
756 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
757 free(rcv_buf);
758
759 /* Now close the connections */
760 fd_cnx_destroy(client_side);
761 fd_cnx_destroy(server_side);
762 }
763
764#ifndef DISABLE_SCTP
765 /* Simple SCTP client / server test (no TLS) */
766 {
767 struct connect_flags cf;
768
769 memset(&cf, 0, sizeof(cf));
770 cf.proto = IPPROTO_SCTP;
771
772 /* Start the client thread */
773 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
774
775 /* Accept the connection of the client */
776 server_side = fd_cnx_serv_accept(listener_sctp);
777 CHECK( 1, server_side ? 1 : 0 );
778
779 /* Retrieve the client connection object */
780 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
781 CHECK( 1, client_side ? 1 : 0 );
782
783 CHECK( 0, fd_cnx_start_clear(server_side, 1) );
784
785 /* Send a message and receive it */
786 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
787 CHECK( EINVAL, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
788 CHECK( 0, fd_cnx_start_clear(client_side, 0) );
789 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
790 CHECK( cer_sz, rcv_sz );
791 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
792 free(rcv_buf);
793
794 /* Do it in the other direction */
795 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
796 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
797 CHECK( cer_sz, rcv_sz );
798 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
799 free(rcv_buf);
800
801 /* Do it one more time to use another stream */
802 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
803 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
804 CHECK( cer_sz, rcv_sz );
805 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
806 free(rcv_buf);
807
808 /* Now close the connection */
809 fd_cnx_destroy(client_side);
810 fd_cnx_destroy(server_side);
811 }
812#endif /* DISABLE_SCTP */
813
814 /* TCP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */
815 {
816 struct connect_flags cf;
817 struct handshake_flags hf;
818
819 memset(&cf, 0, sizeof(cf));
820 cf.proto = IPPROTO_TCP;
821
822 memset(&hf, 0, sizeof(hf));
823
824 /* Initialize remote certificate */
825 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
826 CHECK( GNUTLS_E_SUCCESS, ret );
827 /* Set the CA */
828 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
829 CHECK( 1, ret );
830 /* Set the key */
831 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
832 CHECK( GNUTLS_E_SUCCESS, ret );
833
834 /* Start the client thread */
835 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
836
837 /* Accept the connection of the client */
838 server_side = fd_cnx_serv_accept(listener);
839 CHECK( 1, server_side ? 1 : 0 );
840
841 /* Retrieve the client connection object */
842 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
843 CHECK( 1, client_side ? 1 : 0 );
844 hf.cnx = client_side;
845
846 /* In legacy Diameter, we exchange first one message (CER / CEA) */
847
848 CHECK( 0, fd_cnx_start_clear(server_side, 0) );
849 CHECK( 0, fd_cnx_start_clear(client_side, 0) );
850
851 /* Send a message and receive it */
852 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
853 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
854 CHECK( cer_sz, rcv_sz );
855 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
856 free(rcv_buf);
857
858 /* And the supposed reply */
859 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
860 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
861 CHECK( cer_sz, rcv_sz );
862 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
863 free(rcv_buf);
864
865 /* At this point in legacy Diameter we start the handshake */
866 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
867 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT /* No impact on TCP */, NULL, NULL) );
868 CHECK( 0, pthread_join(thr, NULL) );
869 CHECK( 0, hf.ret );
870
871 /* Send a few TLS protected message, and replies */
872 for (i = 0; i < 2 * NB_STREAMS; i++) {
873 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
874 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
875 CHECK( cer_sz, rcv_sz );
876 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
877 free(rcv_buf);
878
879 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
880 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
881 CHECK( cer_sz, rcv_sz );
882 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
883 free(rcv_buf);
884 }
885
886
887 /* Now close the connection */
888 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
889 fd_cnx_destroy(server_side);
890 CHECK( 0, pthread_join(thr, NULL) );
891
892 /* Free the credentials */
893 gnutls_certificate_free_keys(hf.creds);
894 gnutls_certificate_free_cas(hf.creds);
895 gnutls_certificate_free_credentials(hf.creds);
896 }
897
898#ifndef DISABLE_SCTP
899 /* SCTP Client / server emulating old Diameter behavior (handshake after 1 message exchange) */
900 {
901 struct connect_flags cf;
902 struct handshake_flags hf;
903
904 memset(&cf, 0, sizeof(cf));
905 cf.proto = IPPROTO_SCTP;
906
907 memset(&hf, 0, sizeof(hf));
908 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */
909
910 /* Initialize remote certificate */
911 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
912 CHECK( GNUTLS_E_SUCCESS, ret );
913 /* Set the CA */
914 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
915 CHECK( 1, ret );
916 /* Set the key */
917 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
918 CHECK( GNUTLS_E_SUCCESS, ret );
919
920 /* Start the client thread */
921 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
922
923 /* Accept the connection of the client */
924 server_side = fd_cnx_serv_accept(listener_sctp);
925 CHECK( 1, server_side ? 1 : 0 );
926
927 /* Retrieve the client connection object */
928 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
929 CHECK( 1, client_side ? 1 : 0 );
930 hf.cnx = client_side;
931
932 /* In legacy Diameter, we exchange first one message (CER / CEA) */
933
934 CHECK( 0, fd_cnx_start_clear(server_side, 0) );
935 CHECK( 0, fd_cnx_start_clear(client_side, 0) );
936
937 /* Send a message and receive it */
938 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
939 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
940 CHECK( cer_sz, rcv_sz );
941 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
942 free(rcv_buf);
943
944 /* And the supposed reply */
945 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
946 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
947 CHECK( cer_sz, rcv_sz );
948 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
949 free(rcv_buf);
950
951 /* At this point in legacy Diameter we start the handshake */
952 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
953 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
954 CHECK( 0, pthread_join(thr, NULL) );
955 CHECK( 0, hf.ret );
956
957 /* Send a few TLS protected message, and replies */
958 for (i = 0; i < 2 * NB_STREAMS; i++) {
959 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
960 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
961 CHECK( cer_sz, rcv_sz );
962 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
963 free(rcv_buf);
964
965 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
966 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
967 CHECK( cer_sz, rcv_sz );
968 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
969 free(rcv_buf);
970 }
971
972
973 /* Now close the connection */
974 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
975 fd_cnx_destroy(server_side);
976 CHECK( 0, pthread_join(thr, NULL) );
977
978 /* Free the credentials */
979 gnutls_certificate_free_keys(hf.creds);
980 gnutls_certificate_free_cas(hf.creds);
981 gnutls_certificate_free_credentials(hf.creds);
982 }
983#endif /* DISABLE_SCTP */
984
985 /* TCP Client / server emulating new Diameter behavior (handshake at connection directly) */
986 {
987 struct connect_flags cf;
988 struct handshake_flags hf;
989
990 memset(&cf, 0, sizeof(cf));
991 cf.proto = IPPROTO_TCP;
992
993 memset(&hf, 0, sizeof(hf));
994
995 /* Initialize remote certificate */
996 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
997 CHECK( GNUTLS_E_SUCCESS, ret );
998 /* Set the CA */
999 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1000 CHECK( 1, ret );
1001 /* Set the key */
1002 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1003 CHECK( GNUTLS_E_SUCCESS, ret );
1004
1005 /* Start the client thread */
1006 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1007
1008 /* Accept the connection of the client */
1009 server_side = fd_cnx_serv_accept(listener);
1010 CHECK( 1, server_side ? 1 : 0 );
1011
1012 /* Retrieve the client connection object */
1013 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1014 CHECK( 1, client_side ? 1 : 0 );
1015 hf.cnx = client_side;
1016
1017 /* Start the handshake directly */
1018 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1019 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1020 CHECK( 0, pthread_join(thr, NULL) );
1021 CHECK( 0, hf.ret );
1022
1023 /* Send a few TLS protected message, and replies */
1024 for (i = 0; i < 2 * NB_STREAMS; i++) {
1025 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1026 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1027 CHECK( cer_sz, rcv_sz );
1028 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1029 free(rcv_buf);
1030
1031 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1032 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1033 CHECK( cer_sz, rcv_sz );
1034 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1035 free(rcv_buf);
1036 }
1037
1038 /* Now close the connection */
1039 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1040 fd_cnx_destroy(server_side);
1041 CHECK( 0, pthread_join(thr, NULL) );
1042
1043 /* Free the credentials */
1044 gnutls_certificate_free_keys(hf.creds);
1045 gnutls_certificate_free_cas(hf.creds);
1046 gnutls_certificate_free_credentials(hf.creds);
1047 }
1048
1049#ifndef DISABLE_SCTP
1050
1051
1052 /* SCTP Client / server emulating new Diameter behavior (DTLS handshake at connection directly) */
1053 TODO("Enabled after DTLS implementation");
1054 if (0)
1055 {
1056 struct connect_flags cf;
1057 struct handshake_flags hf;
1058
1059 memset(&cf, 0, sizeof(cf));
1060 cf.proto = IPPROTO_SCTP;
1061
1062 memset(&hf, 0, sizeof(hf));
1063
1064 /* Initialize remote certificate */
1065 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1066 CHECK( GNUTLS_E_SUCCESS, ret );
1067 /* Set the CA */
1068 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1069 CHECK( 1, ret );
1070 /* Set the key */
1071 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1072 CHECK( GNUTLS_E_SUCCESS, ret );
1073
1074 /* Start the client thread */
1075 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1076
1077 /* Accept the connection of the client */
1078 server_side = fd_cnx_serv_accept(listener_sctp);
1079 CHECK( 1, server_side ? 1 : 0 );
1080
1081 /* Retrieve the client connection object */
1082 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1083 CHECK( 1, client_side ? 1 : 0 );
1084 hf.cnx = client_side;
1085
1086 /* Start the handshake directly */
1087 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1088 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1089 CHECK( 0, pthread_join(thr, NULL) );
1090 CHECK( 0, hf.ret );
1091
1092 /* Send a few TLS protected messages, and replies */
1093 for (i = 0; i < 2 * NB_STREAMS; i++) {
1094 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1095 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1096 CHECK( cer_sz, rcv_sz );
1097 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1098 free(rcv_buf);
1099
1100 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1101 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1102 CHECK( cer_sz, rcv_sz );
1103 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1104 free(rcv_buf);
1105 }
1106
1107
1108 /* Now close the connection */
1109 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1110 fd_cnx_destroy(server_side);
1111 CHECK( 0, pthread_join(thr, NULL) );
1112
1113 /* Free the credentials */
1114 gnutls_certificate_free_keys(hf.creds);
1115 gnutls_certificate_free_cas(hf.creds);
1116 gnutls_certificate_free_credentials(hf.creds);
1117 }
1118
1119 /* SCTP Client / server emulating old intermediary Diameter behavior (TLS handshake at connection directly) */
1120 {
1121 struct connect_flags cf;
1122 struct handshake_flags hf;
1123
1124 memset(&cf, 0, sizeof(cf));
1125 cf.proto = IPPROTO_SCTP;
1126
1127 memset(&hf, 0, sizeof(hf));
1128 hf.algo = ALGO_HANDSHAKE_3436; /* this is mandatory for old TLS mechanism */
1129
1130 /* Initialize remote certificate */
1131 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1132 CHECK( GNUTLS_E_SUCCESS, ret );
1133 /* Set the CA */
1134 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1135 CHECK( 1, ret );
1136 /* Set the key */
1137 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1138 CHECK( GNUTLS_E_SUCCESS, ret );
1139
1140 /* Start the client thread */
1141 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1142
1143 /* Accept the connection of the client */
1144 server_side = fd_cnx_serv_accept(listener_sctp);
1145 CHECK( 1, server_side ? 1 : 0 );
1146
1147 /* Retrieve the client connection object */
1148 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1149 CHECK( 1, client_side ? 1 : 0 );
1150 hf.cnx = client_side;
1151
1152 /* Start the handshake directly */
1153 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1154 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1155 CHECK( 0, pthread_join(thr, NULL) );
1156 CHECK( 0, hf.ret );
1157
1158 /* Send a few TLS protected messages, and replies */
1159 for (i = 0; i < 2 * NB_STREAMS; i++) {
1160 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1161 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1162 CHECK( cer_sz, rcv_sz );
1163 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1164 free(rcv_buf);
1165
1166 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1167 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1168 CHECK( cer_sz, rcv_sz );
1169 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1170 free(rcv_buf);
1171 }
1172
1173
1174 /* Now close the connection */
1175 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1176 fd_cnx_destroy(server_side);
1177 CHECK( 0, pthread_join(thr, NULL) );
1178
1179 /* Free the credentials */
1180 gnutls_certificate_free_keys(hf.creds);
1181 gnutls_certificate_free_cas(hf.creds);
1182 gnutls_certificate_free_credentials(hf.creds);
1183 }
1184#endif /* DISABLE_SCTP */
1185
1186 /* Test with different number of streams between server and client */
1187#ifndef DISABLE_SCTP
1188 /* DTLS / SCTP style */
1189 TODO("Enabled after DTLS implementation");
1190 if (0)
1191 {
1192 struct connect_flags cf;
1193 struct handshake_flags hf;
1194
1195 memset(&cf, 0, sizeof(cf));
1196 cf.proto = IPPROTO_SCTP;
1197
1198 memset(&hf, 0, sizeof(hf));
1199
1200 /* Initialize remote certificate */
1201 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1202 CHECK( GNUTLS_E_SUCCESS, ret );
1203 /* Set the CA */
1204 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1205 CHECK( 1, ret );
1206 /* Set the key */
1207 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1208 CHECK( GNUTLS_E_SUCCESS, ret );
1209
1210 /* Start the client thread with more streams than the server */
1211 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS;
1212 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1213
1214 /* Accept the connection of the client */
1215 server_side = fd_cnx_serv_accept(listener_sctp);
1216 CHECK( 1, server_side ? 1 : 0 );
1217
1218 /* Retrieve the client connection object */
1219 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1220 CHECK( 1, client_side ? 1 : 0 );
1221 hf.cnx = client_side;
1222
1223 /* Start the handshake directly */
1224 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1225 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1226 CHECK( 0, pthread_join(thr, NULL) );
1227 CHECK( 0, hf.ret );
1228
1229 /* Send a few TLS protected message, and replies */
1230 for (i = 0; i < 4 * NB_STREAMS; i++) {
1231 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1232 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1233 CHECK( cer_sz, rcv_sz );
1234 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1235 free(rcv_buf);
1236
1237 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1238 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1239 CHECK( cer_sz, rcv_sz );
1240 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1241 free(rcv_buf);
1242 }
1243
1244 /* Now close the connection */
1245 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1246 fd_cnx_destroy(server_side);
1247 CHECK( 0, pthread_join(thr, NULL) );
1248
1249 /* Do the same test but with more streams on the server this time */
1250 fd_g_config->cnf_sctp_str = NB_STREAMS / 2;
1251 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1252
1253 /* Accept the connection of the client */
1254 server_side = fd_cnx_serv_accept(listener_sctp);
1255 CHECK( 1, server_side ? 1 : 0 );
1256
1257 /* Retrieve the client connection object */
1258 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1259 CHECK( 1, client_side ? 1 : 0 );
1260 hf.cnx = client_side;
1261
1262 /* Start the handshake directly */
1263 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1264 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1265 CHECK( 0, pthread_join(thr, NULL) );
1266 CHECK( 0, hf.ret );
1267
1268 /* Send a few TLS protected message, and replies */
1269 for (i = 0; i < 2 * NB_STREAMS; i++) {
1270 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1271 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1272 CHECK( cer_sz, rcv_sz );
1273 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1274 free(rcv_buf);
1275
1276 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1277 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1278 CHECK( cer_sz, rcv_sz );
1279 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1280 free(rcv_buf);
1281 }
1282
1283 /* Now close the connection */
1284 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1285 fd_cnx_destroy(server_side);
1286 CHECK( 0, pthread_join(thr, NULL) );
1287
1288
1289 /* Free the credentials */
1290 gnutls_certificate_free_keys(hf.creds);
1291 gnutls_certificate_free_cas(hf.creds);
1292 gnutls_certificate_free_credentials(hf.creds);
1293 }
1294
1295 /* TLS / SCTP style */
1296 {
1297 struct connect_flags cf;
1298 struct handshake_flags hf;
1299
1300 memset(&cf, 0, sizeof(cf));
1301 cf.proto = IPPROTO_SCTP;
1302
1303 memset(&hf, 0, sizeof(hf));
1304 hf.algo = ALGO_HANDSHAKE_3436;
1305
1306 /* Initialize remote certificate */
1307 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1308 CHECK( GNUTLS_E_SUCCESS, ret );
1309 /* Set the CA */
1310 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1311 CHECK( 1, ret );
1312 /* Set the key */
1313 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1314 CHECK( GNUTLS_E_SUCCESS, ret );
1315
1316 /* Start the client thread with more streams than the server */
1317 fd_g_config->cnf_sctp_str = 2 * NB_STREAMS;
1318 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1319
1320 /* Accept the connection of the client */
1321 server_side = fd_cnx_serv_accept(listener_sctp);
1322 CHECK( 1, server_side ? 1 : 0 );
1323
1324 /* Retrieve the client connection object */
1325 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1326 CHECK( 1, client_side ? 1 : 0 );
1327 hf.cnx = client_side;
1328
1329 /* Start the handshake directly */
1330 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1331 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1332 CHECK( 0, pthread_join(thr, NULL) );
1333 CHECK( 0, hf.ret );
1334
1335 /* Send a few TLS protected message, and replies */
1336 for (i = 0; i < 4 * NB_STREAMS; i++) {
1337 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1338 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1339 CHECK( cer_sz, rcv_sz );
1340 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1341 free(rcv_buf);
1342
1343 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1344 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1345 CHECK( cer_sz, rcv_sz );
1346 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1347 free(rcv_buf);
1348 }
1349
1350 /* Now close the connection */
1351 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1352 fd_cnx_destroy(server_side);
1353 CHECK( 0, pthread_join(thr, NULL) );
1354
1355 /* Do the same test but with more streams on the server this time */
1356 fd_g_config->cnf_sctp_str = NB_STREAMS / 2;
1357 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1358
1359 /* Accept the connection of the client */
1360 server_side = fd_cnx_serv_accept(listener_sctp);
1361 CHECK( 1, server_side ? 1 : 0 );
1362
1363 /* Retrieve the client connection object */
1364 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1365 CHECK( 1, client_side ? 1 : 0 );
1366 hf.cnx = client_side;
1367
1368 /* Start the handshake directly */
1369 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1370 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1371 CHECK( 0, pthread_join(thr, NULL) );
1372 CHECK( 0, hf.ret );
1373
1374 /* Send a few TLS protected message, and replies */
1375 for (i = 0; i < 2 * NB_STREAMS; i++) {
1376 CHECK( 0, fd_cnx_send(server_side, cer_buf, cer_sz));
1377 CHECK( 0, fd_cnx_receive(client_side, NULL, &rcv_buf, &rcv_sz));
1378 CHECK( cer_sz, rcv_sz );
1379 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1380 free(rcv_buf);
1381
1382 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1383 CHECK( 0, fd_cnx_receive(server_side, NULL, &rcv_buf, &rcv_sz));
1384 CHECK( cer_sz, rcv_sz );
1385 CHECK( 0, memcmp( rcv_buf, cer_buf, cer_sz ) );
1386 free(rcv_buf);
1387 }
1388
1389 /* Now close the connection */
1390 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1391 fd_cnx_destroy(server_side);
1392 CHECK( 0, pthread_join(thr, NULL) );
1393
1394
1395 /* Free the credentials */
1396 gnutls_certificate_free_keys(hf.creds);
1397 gnutls_certificate_free_cas(hf.creds);
1398 gnutls_certificate_free_credentials(hf.creds);
1399 }
1400
1401#endif /* DISABLE_SCTP */
1402
1403
1404 /* Basic operation tested successfully, now test we detect error conditions */
1405
1406 /* Untrusted certificate, TCP */
1407 {
1408 struct connect_flags cf;
1409 struct handshake_flags hf;
1410
1411 memset(&cf, 0, sizeof(cf));
1412 cf.proto = IPPROTO_TCP;
1413
1414 memset(&hf, 0, sizeof(hf));
1415
1416 /* Initialize remote certificate */
1417 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1418 CHECK( GNUTLS_E_SUCCESS, ret );
1419 /* Set the CA */
1420 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &notrust_ca, GNUTLS_X509_FMT_PEM), );
1421 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1422 CHECK( 1, ret );
1423 /* Set the key */
1424 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &notrust_cert, &notrust_priv, GNUTLS_X509_FMT_PEM), );
1425 CHECK( GNUTLS_E_SUCCESS, ret );
1426
1427 /* Start the client thread */
1428 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1429
1430 /* Accept the connection of the client */
1431 server_side = fd_cnx_serv_accept(listener);
1432 CHECK( 1, server_side ? 1 : 0 );
1433
1434 /* Retrieve the client connection object */
1435 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1436 CHECK( 1, client_side ? 1 : 0 );
1437 hf.cnx = client_side;
1438
1439 /* Start the handshake directly */
1440 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1441 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1442 fd_cnx_destroy(server_side);
1443
1444 CHECK( 0, pthread_join(thr, NULL) );
1445
1446 /* Now close the connection */
1447 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1448 CHECK( 0, pthread_join(thr, NULL) );
1449
1450 /* Free the credentials */
1451 gnutls_certificate_free_keys(hf.creds);
1452 gnutls_certificate_free_cas(hf.creds);
1453 gnutls_certificate_free_credentials(hf.creds);
1454 }
1455
1456 /* Same in SCTP */
1457#ifndef DISABLE_SCTP
1458 /* DTLS */
1459 TODO("Enabled after DTLS implementation");
1460 if (0)
1461 {
1462 struct connect_flags cf;
1463 struct handshake_flags hf;
1464
1465 memset(&cf, 0, sizeof(cf));
1466 cf.proto = IPPROTO_SCTP;
1467
1468 memset(&hf, 0, sizeof(hf));
1469
1470 /* Initialize remote certificate */
1471 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1472 CHECK( GNUTLS_E_SUCCESS, ret );
1473 /* Set the CA */
1474 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &notrust_ca, GNUTLS_X509_FMT_PEM), );
1475 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1476 CHECK( 1, ret );
1477 /* Set the key */
1478 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &notrust_cert, &notrust_priv, GNUTLS_X509_FMT_PEM), );
1479 CHECK( GNUTLS_E_SUCCESS, ret );
1480
1481 /* Start the client thread */
1482 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1483
1484 /* Accept the connection of the client */
1485 server_side = fd_cnx_serv_accept(listener_sctp);
1486 CHECK( 1, server_side ? 1 : 0 );
1487
1488 /* Retrieve the client connection object */
1489 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1490 CHECK( 1, client_side ? 1 : 0 );
1491 hf.cnx = client_side;
1492
1493 /* Start the handshake directly */
1494 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1495 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1496 fd_cnx_destroy(server_side);
1497 CHECK( 0, pthread_join(thr, NULL) );
1498
1499 /* Now close the connection */
1500 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1501 CHECK( 0, pthread_join(thr, NULL) );
1502
1503 /* Free the credentials */
1504 gnutls_certificate_free_keys(hf.creds);
1505 gnutls_certificate_free_cas(hf.creds);
1506 gnutls_certificate_free_credentials(hf.creds);
1507 }
1508
1509 /* TLS */
1510 {
1511 struct connect_flags cf;
1512 struct handshake_flags hf;
1513
1514 memset(&cf, 0, sizeof(cf));
1515 cf.proto = IPPROTO_SCTP;
1516
1517 memset(&hf, 0, sizeof(hf));
1518 hf.algo = ALGO_HANDSHAKE_3436;
1519
1520 /* Initialize remote certificate */
1521 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1522 CHECK( GNUTLS_E_SUCCESS, ret );
1523 /* Set the CA */
1524 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &notrust_ca, GNUTLS_X509_FMT_PEM), );
1525 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1526 CHECK( 1, ret );
1527 /* Set the key */
1528 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &notrust_cert, &notrust_priv, GNUTLS_X509_FMT_PEM), );
1529 CHECK( GNUTLS_E_SUCCESS, ret );
1530
1531 /* Start the client thread */
1532 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1533
1534 /* Accept the connection of the client */
1535 server_side = fd_cnx_serv_accept(listener_sctp);
1536 CHECK( 1, server_side ? 1 : 0 );
1537
1538 /* Retrieve the client connection object */
1539 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1540 CHECK( 1, client_side ? 1 : 0 );
1541 hf.cnx = client_side;
1542
1543 /* Start the handshake directly */
1544 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1545 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1546 fd_cnx_destroy(server_side);
1547 CHECK( 0, pthread_join(thr, NULL) );
1548
1549 /* Now close the connection */
1550 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1551 CHECK( 0, pthread_join(thr, NULL) );
1552
1553 /* Free the credentials */
1554 gnutls_certificate_free_keys(hf.creds);
1555 gnutls_certificate_free_cas(hf.creds);
1556 gnutls_certificate_free_credentials(hf.creds);
1557 }
1558#endif /* DISABLE_SCTP */
1559
1560 /* Expired certificate */
1561 {
1562 struct connect_flags cf;
1563 struct handshake_flags hf;
1564
1565 memset(&cf, 0, sizeof(cf));
1566 cf.proto = IPPROTO_TCP;
1567
1568 memset(&hf, 0, sizeof(hf));
1569
1570 /* Initialize remote certificate */
1571 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1572 CHECK( GNUTLS_E_SUCCESS, ret );
1573 /* Set the CA */
1574 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1575 CHECK( 1, ret );
1576 /* Set the key */
1577 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &expired_cert, &expired_priv, GNUTLS_X509_FMT_PEM), );
1578 CHECK( GNUTLS_E_SUCCESS, ret );
1579
1580 /* Start the client thread */
1581 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1582
1583 /* Accept the connection of the client */
1584 server_side = fd_cnx_serv_accept(listener);
1585 CHECK( 1, server_side ? 1 : 0 );
1586
1587 /* Retrieve the client connection object */
1588 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1589 CHECK( 1, client_side ? 1 : 0 );
1590 hf.cnx = client_side;
1591
1592 /* Start the handshake directly */
1593 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1594 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1595 fd_cnx_destroy(server_side);
1596 CHECK( 0, pthread_join(thr, NULL) );
1597
1598 /* Now close the connection */
1599 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1600 CHECK( 0, pthread_join(thr, NULL) );
1601
1602 /* Free the credentials */
1603 gnutls_certificate_free_keys(hf.creds);
1604 gnutls_certificate_free_cas(hf.creds);
1605 gnutls_certificate_free_credentials(hf.creds);
1606 }
1607
1608 /* Non matching hostname */
1609
1610 {
1611 struct connect_flags cf;
1612 struct handshake_flags hf;
1613
1614 memset(&cf, 0, sizeof(cf));
1615 cf.proto = IPPROTO_TCP;
1616
1617 memset(&hf, 0, sizeof(hf));
1618
1619 /* Initialize remote certificate */
1620 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1621 CHECK( GNUTLS_E_SUCCESS, ret );
1622 /* Set the CA */
1623 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1624 CHECK( 1, ret );
1625 /* Set the key */
1626 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1627 CHECK( GNUTLS_E_SUCCESS, ret );
1628
1629 /* Start the client thread */
1630 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1631
1632 /* Accept the connection of the client */
1633 server_side = fd_cnx_serv_accept(listener);
1634 CHECK( 1, server_side ? 1 : 0 );
1635
1636 /* Retrieve the client connection object */
1637 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1638 CHECK( 1, client_side ? 1 : 0 );
1639 hf.cnx = client_side;
1640
1641 /* Set the correct hostname we expect from the client (in the server) */
1642 fd_cnx_sethostname(server_side, "client.test");
1643
1644 /* Start the handshake, check it is successful */
1645 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1646 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1647 CHECK( 0, pthread_join(thr, NULL) );
1648 CHECK( 0, hf.ret );
1649
1650 /* Now close the connection */
1651 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1652 fd_cnx_destroy(server_side);
1653 CHECK( 0, pthread_join(thr, NULL) );
1654
1655 /* Do it again with an invalid hostname */
1656 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1657
1658 /* Accept the connection of the client */
1659 server_side = fd_cnx_serv_accept(listener);
1660 CHECK( 1, server_side ? 1 : 0 );
1661
1662 /* Retrieve the client connection object */
1663 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1664 CHECK( 1, client_side ? 1 : 0 );
1665 hf.cnx = client_side;
1666
1667 /* Set the correct hostname we expect from the client (in the server) */
1668 fd_cnx_sethostname(server_side, "nomatch.test");
1669
1670 /* Start the handshake, check it is successful */
1671 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1672 CHECK( EINVAL, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1673 fd_cnx_destroy(server_side);
1674 CHECK( 0, pthread_join(thr, NULL) );
1675
1676 /* Now close the connection */
1677 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1678 CHECK( 0, pthread_join(thr, NULL) );
1679
1680 /* Free the credentials */
1681 gnutls_certificate_free_keys(hf.creds);
1682 gnutls_certificate_free_cas(hf.creds);
1683 gnutls_certificate_free_credentials(hf.creds);
1684 }
1685
1686 /* Test the other functions of the module */
1687 {
1688 struct connect_flags cf;
1689 struct handshake_flags hf;
1690 char * str;
1691 const gnutls_datum_t *cert_list;
1692 unsigned int cert_list_size;
1693 struct fifo * myfifo = NULL;
1694 struct timespec now;
1695 int ev_code;
1696
1697 memset(&cf, 0, sizeof(cf));
1698 cf.proto = IPPROTO_TCP;
1699
1700 memset(&hf, 0, sizeof(hf));
1701
1702 /* Initialize remote certificate */
1703 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1704 CHECK( GNUTLS_E_SUCCESS, ret );
1705 /* Set the CA */
1706 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1707 CHECK( 1, ret );
1708 /* Set the key */
1709 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1710 CHECK( GNUTLS_E_SUCCESS, ret );
1711
1712 /* Start the client thread */
1713 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1714
1715 /* Accept the connection of the client */
1716 server_side = fd_cnx_serv_accept(listener);
1717 CHECK( 1, server_side ? 1 : 0 );
1718
1719 /* Retrieve the client connection object */
1720 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1721 CHECK( 1, client_side ? 1 : 0 );
1722 hf.cnx = client_side;
1723
1724 /* Start the handshake */
1725 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1726 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1727 CHECK( 0, pthread_join(thr, NULL) );
1728 CHECK( 0, hf.ret );
1729
1730 /* Test some simple functions */
1731
1732 /* fd_cnx_getid */
1733 str = fd_cnx_getid(server_side);
1734 CHECK( 1, str ? 1 : 0 );
1735 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1736
1737 /* fd_cnx_getproto */
1738 i = fd_cnx_getproto(server_side);
1739 CHECK( IPPROTO_TCP, i);
1740
1741 /* fd_cnx_getTLS */
1742 i = fd_cnx_getTLS(server_side);
1743 CHECK( 1, i ? 1 : 0 );
1744
1745 /* fd_cnx_getcred */
1746 CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) );
1747 CHECK( 1, (cert_list_size > 0) ? 1 : 0 );
1748 /* We could also verify that the cert_list really contains the client_cert and ca certificates */
1749
1750 /* fd_cnx_getremoteid */
1751 str = fd_cnx_getremoteid(server_side);
1752 CHECK( 1, str ? 1 : 0 );
1753 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1754
1755 /* fd_cnx_recv_setaltfifo */
1756 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1757 CHECK( 0, fd_fifo_new(&myfifo, 0) );
1758 CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) );
1759 CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) );
1760 do {
1761 CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) );
1762 free(rcv_buf);
1763 } while (ev_code != FDEVP_CNX_MSG_RECV);
1764
1765 /* Now close the connection */
1766 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1767 fd_cnx_destroy(server_side);
1768 CHECK( 0, pthread_join(thr, NULL) );
1769
1770 fd_event_destroy(&myfifo, free);
1771
1772 /* Free the credentials */
1773 gnutls_certificate_free_keys(hf.creds);
1774 gnutls_certificate_free_cas(hf.creds);
1775 gnutls_certificate_free_credentials(hf.creds);
1776 }
1777
1778#ifndef DISABLE_SCTP
1779 /* And re-test with a SCTP connection */
1780 TODO("Enabled after DTLS implementation");
1781 if (0)
1782 {
1783 struct connect_flags cf;
1784 struct handshake_flags hf;
1785 char * str;
1786 const gnutls_datum_t *cert_list;
1787 unsigned int cert_list_size;
1788 struct fifo * myfifo = NULL;
1789 struct timespec now;
1790 int ev_code;
1791
1792 memset(&cf, 0, sizeof(cf));
1793 cf.proto = IPPROTO_SCTP;
1794
1795 memset(&hf, 0, sizeof(hf));
1796
1797 /* Initialize remote certificate */
1798 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1799 CHECK( GNUTLS_E_SUCCESS, ret );
1800 /* Set the CA */
1801 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1802 CHECK( 1, ret );
1803 /* Set the key */
1804 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1805 CHECK( GNUTLS_E_SUCCESS, ret );
1806
1807 /* Start the client thread */
1808 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1809
1810 /* Accept the connection of the client */
1811 server_side = fd_cnx_serv_accept(listener_sctp);
1812 CHECK( 1, server_side ? 1 : 0 );
1813
1814 /* Retrieve the client connection object */
1815 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1816 CHECK( 1, client_side ? 1 : 0 );
1817 hf.cnx = client_side;
1818
1819 /* Start the handshake */
1820 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1821 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_DEFAULT, NULL, NULL) );
1822 CHECK( 0, pthread_join(thr, NULL) );
1823 CHECK( 0, hf.ret );
1824
1825 /* Test some simple functions */
1826
1827 /* fd_cnx_getid */
1828 str = fd_cnx_getid(server_side);
1829 CHECK( 1, str ? 1 : 0 );
1830 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1831
1832 /* fd_cnx_getproto */
1833 i = fd_cnx_getproto(server_side);
1834 CHECK( IPPROTO_SCTP, i);
1835
1836 /* fd_cnx_getTLS */
1837 i = fd_cnx_getTLS(server_side);
1838 CHECK( 1, i ? 1 : 0 );
1839
1840 /* fd_cnx_getcred */
1841 CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) );
1842 CHECK( 1, (cert_list_size > 0) ? 1 : 0 );
1843 /* We could also verify that the cert_list really contains the client_cert and ca certificates */
1844
1845 /* fd_cnx_getremoteid */
1846 str = fd_cnx_getremoteid(server_side);
1847 CHECK( 1, str ? 1 : 0 );
1848 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1849
1850 /* fd_cnx_recv_setaltfifo */
1851 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1852 CHECK( 0, fd_fifo_new(&myfifo, 0) );
1853 CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) );
1854 CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) );
1855 do {
1856 CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) );
1857 free(rcv_buf);
1858 } while (ev_code != FDEVP_CNX_MSG_RECV);
1859
1860 /* Now close the connection */
1861 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1862 fd_cnx_destroy(server_side);
1863 CHECK( 0, pthread_join(thr, NULL) );
1864
1865 fd_event_destroy(&myfifo, free);
1866
1867 /* Free the credentials */
1868 gnutls_certificate_free_keys(hf.creds);
1869 gnutls_certificate_free_cas(hf.creds);
1870 gnutls_certificate_free_credentials(hf.creds);
1871 }
1872
1873 /* TLS */
1874 {
1875 struct connect_flags cf;
1876 struct handshake_flags hf;
1877 char * str;
1878 const gnutls_datum_t *cert_list;
1879 unsigned int cert_list_size;
1880 struct fifo * myfifo = NULL;
1881 struct timespec now;
1882 int ev_code;
1883
1884 memset(&cf, 0, sizeof(cf));
1885 cf.proto = IPPROTO_SCTP;
1886
1887 memset(&hf, 0, sizeof(hf));
1888 hf.algo = ALGO_HANDSHAKE_3436;
1889
1890 /* Initialize remote certificate */
1891 CHECK_GNUTLS_DO( ret = gnutls_certificate_allocate_credentials (&hf.creds), );
1892 CHECK( GNUTLS_E_SUCCESS, ret );
1893 /* Set the CA */
1894 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_trust_mem( hf.creds, &ca, GNUTLS_X509_FMT_PEM), );
1895 CHECK( 1, ret );
1896 /* Set the key */
1897 CHECK_GNUTLS_DO( ret = gnutls_certificate_set_x509_key_mem( hf.creds, &client_cert, &client_priv, GNUTLS_X509_FMT_PEM), );
1898 CHECK( GNUTLS_E_SUCCESS, ret );
1899
1900 /* Start the client thread */
1901 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1902
1903 /* Accept the connection of the client */
1904 server_side = fd_cnx_serv_accept(listener_sctp);
1905 CHECK( 1, server_side ? 1 : 0 );
1906
1907 /* Retrieve the client connection object */
1908 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1909 CHECK( 1, client_side ? 1 : 0 );
1910 hf.cnx = client_side;
1911
1912 /* Start the handshake */
1913 CHECK( 0, pthread_create(&thr, NULL, handshake_thr, &hf) );
1914 CHECK( 0, fd_cnx_handshake(server_side, GNUTLS_SERVER, ALGO_HANDSHAKE_3436, NULL, NULL) );
1915 CHECK( 0, pthread_join(thr, NULL) );
1916 CHECK( 0, hf.ret );
1917
1918 /* Test some simple functions */
1919
1920 /* fd_cnx_getid */
1921 str = fd_cnx_getid(server_side);
1922 CHECK( 1, str ? 1 : 0 );
1923 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1924
1925 /* fd_cnx_getproto */
1926 i = fd_cnx_getproto(server_side);
1927 CHECK( IPPROTO_SCTP, i);
1928
1929 /* fd_cnx_getTLS */
1930 i = fd_cnx_getTLS(server_side);
1931 CHECK( 1, i ? 1 : 0 );
1932
1933 /* fd_cnx_getcred */
1934 CHECK( 0, fd_cnx_getcred(server_side, &cert_list, &cert_list_size) );
1935 CHECK( 1, (cert_list_size > 0) ? 1 : 0 );
1936 /* We could also verify that the cert_list really contains the client_cert and ca certificates */
1937
1938 /* fd_cnx_getremoteid */
1939 str = fd_cnx_getremoteid(server_side);
1940 CHECK( 1, str ? 1 : 0 );
1941 CHECK( 1, (str[0] != '\0') ? 1 : 0 );
1942
1943 /* fd_cnx_recv_setaltfifo */
1944 CHECK( 0, fd_cnx_send(client_side, cer_buf, cer_sz));
1945 CHECK( 0, fd_fifo_new(&myfifo, 0) );
1946 CHECK( 0, fd_cnx_recv_setaltfifo(server_side, myfifo) );
1947 CHECK( 0, clock_gettime(CLOCK_REALTIME, &now) );
1948 do {
1949 CHECK( 0, fd_event_timedget(myfifo, &now, ETIMEDOUT, &ev_code, NULL, (void *)&rcv_buf) );
1950 free(rcv_buf);
1951 } while (ev_code != FDEVP_CNX_MSG_RECV);
1952
1953 /* Now close the connection */
1954 CHECK( 0, pthread_create(&thr, NULL, destroy_thr, client_side) );
1955 fd_cnx_destroy(server_side);
1956 CHECK( 0, pthread_join(thr, NULL) );
1957
1958 fd_event_destroy(&myfifo, free);
1959
1960 /* Free the credentials */
1961 gnutls_certificate_free_keys(hf.creds);
1962 gnutls_certificate_free_cas(hf.creds);
1963 gnutls_certificate_free_credentials(hf.creds);
1964 }
1965#endif /* DISABLE_SCTP */
1966
1967
1968 /* Destroy the servers */
1969 {
1970 fd_cnx_destroy(listener);
1971#ifndef DISABLE_SCTP
1972 fd_cnx_destroy(listener_sctp);
1973#endif /* DISABLE_SCTP */
1974 }
1975
1976 /* Check that connection attempt fails then */
1977 {
1978 struct connect_flags cf;
1979
1980 memset(&cf, 0, sizeof(cf));
1981 cf.proto = IPPROTO_TCP;
1982 cf.expect_failure = 1;
1983
1984 /* Start the client thread, that should fail */
1985 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
1986 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
1987 CHECK( 0, client_side ? 1 : 0 );
1988 }
1989
1990#ifndef DISABLE_SCTP
1991 {
1992 struct connect_flags cf;
1993
1994 memset(&cf, 0, sizeof(cf));
1995 cf.proto = IPPROTO_SCTP;
1996 cf.expect_failure = 1;
1997
1998 /* Start the client thread, that should fail */
1999 CHECK( 0, pthread_create(&thr, NULL, connect_thr, &cf) );
2000 CHECK( 0, pthread_join( thr, (void *)&client_side ) );
2001 CHECK( 0, client_side ? 1 : 0 );
2002 }
2003#endif /* DISABLE_SCTP */
2004
2005
2006 /* That's all for the tests yet */
2007 PASSTEST();
2008}
2009