#include <Security/SecureTransport.h>
#include <Security/Security.h>
#include <clAppUtils/sslAppUtils.h>
#include <clAppUtils/ioSock.h>
#include <clAppUtils/sslThreading.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <utilLib/common.h>
#include <security_cdsa_utils/cuPrintCert.h>
#include <security_utilities/threading.h>
#include <security_utilities/devrandom.h>
#include "dhParams512.h"
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <sys/param.h>
#define STARTING_PORT 3000
#define SERVER_KC "localcert"
#define SERVER_ROOT "localcert.cer"
static char serverKcPath[MAXPATHLEN];
static void usage(char **argv)
{
printf("Usage: %s [options]\n", argv[0]);
printf("options:\n");
printf(" q(uiet)\n");
printf(" v(erbose)\n");
printf(" d (Diffie-Hellman, no keychain needed)\n");
printf(" p=startingPortNum\n");
printf(" t=startTestNum\n");
printf(" b (non blocking I/O)\n");
printf(" s=serverCertName; default %s\n", SERVER_ROOT);
printf(" R (ringBuffer I/O)\n");
exit(1);
}
typedef struct {
const char *groupDesc; const char *testDesc; bool noServeProt; SSLProtocol servTryVersion;
const char *serveAcceptProts; SSLProtocol expectServerProt; OSStatus serveStatus; bool noClientProt; SSLProtocol clientTryVersion;
const char *clientAcceptProts;
SSLProtocol expectClientProt;
OSStatus clientStatus;
bool serverAbort; } SslProtParams;
SslProtParams protTestParams[] =
{
{
"unrestricted server via SSLSetProtocolVersion",
"client SSLSetProtocolVersion(TLS1)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kTLSProtocol1, NULL, kSSLProtocol2, noErr,
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "3t", kTLSProtocol1, noErr, false
},
{
NULL, "client default",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
true, kSSLProtocolUnknown, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kTLSProtocol1, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "2t", kTLSProtocol1, noErr, false
},
{
"server SSLSetProtocolVersion(TLS1 only)",
"client SSLSetProtocolVersion(TLS1)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol3, NULL, kSSLProtocolUnknown, errSSLClosedAbort,
false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol3Only, NULL, kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "3t", kTLSProtocol1, noErr, false
},
{
NULL, "client default",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
true, kSSLProtocolUnknown, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "3", kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "23", kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "2t", kTLSProtocol1, noErr, false
},
{
"server SSLSetProtocolVersion(SSL3)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol3, NULL, kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol3, NULL, kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "3t", kSSLProtocol3, noErr, false
},
{
NULL, "client default",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
true, kSSLProtocolUnknown, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol3, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kSSLProtocol3, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
"server SSLSetProtocolVersion(SSL3 only)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol3Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "3t", kSSLProtocol3, noErr, false
},
{
NULL, "client default",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
true, kSSLProtocolUnknown, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol3Only, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort,
false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kSSLProtocol3Only, NULL, kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "2t", kSSLProtocolUnknown, errSSLNegotiation,
false
},
{
"server SSLSetProtocolVersion(SSL2)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, NULL, kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol3Only, NULL, kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "3t", kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client default",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
true, kSSLProtocolUnknown, NULL, kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "23t", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "3", kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "23", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr,
false, kTLSProtocol1, "2t", kSSLProtocol2, noErr, false
},
{
"unrestricted server via SSLSetProtocolVersionEnabled",
"client SSLSetProtocolVersion(TLS1)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kTLSProtocol1, "23t", kSSLProtocol2, noErr,
false, kSSLProtocol2, NULL, kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "3t", kTLSProtocol1, noErr
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kTLSProtocol1, "23t", kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "2t", kTLSProtocol1, noErr, false
},
{
"server SSLSetProtocolVersionEnabled(t)",
"client SSLSetProtocolVersion(TLS1)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol3, NULL, kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol3Only, NULL, kSSLProtocolUnknown, errSSLConnectionRefused, true
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "3t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "3", kSSLProtocolUnknown, errSSLConnectionRefused,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "23", kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort,
true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kTLSProtocol1, "t", kTLSProtocol1, noErr,
false, kTLSProtocol1, "2t", kTLSProtocol1, noErr, false
},
{
"server SSLSetProtocolVersionEnabled(23)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol2, "23", kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol2, "23", kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol2, "23", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol2, "23", kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kSSLProtocol2, "23", kSSLProtocol2, noErr,
false, kTLSProtocol1, "2", kSSLProtocol2, noErr, false
},
{
"server SSLSetProtocolVersionEnabled(3)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kTLSProtocol1, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol2, "3", kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1Only, NULL, kSSLProtocolUnknown, errSSLNegotiation, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol2, "3", kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol2, "3", kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "t", kSSLProtocolUnknown, errSSLNegotiation, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23t", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol2, "3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol2, "3", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2t)",
false, kSSLProtocol2, "3", kSSLProtocol3, errSSLClosedAbort,
false, kTLSProtocol1, "2t", kSSLProtocolUnknown, errSSLNegotiation, false
},
{
"server SSLSetProtocolVersionEnabled(3t)",
"client SSLSetProtocolVersion(TLS1)",
false, kSSLProtocol2, "t3", kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL,
"client SSLSetProtocolVersion(TLS1), server default",
true, kSSLProtocolUnknown, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(TLS1 only)",
false, kSSLProtocol2, "t3", kTLSProtocol1, noErr,
false, kTLSProtocol1Only, NULL, kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3)",
false, kSSLProtocol2, "t3", kSSLProtocol3, noErr,
false, kSSLProtocol3, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL3 only)",
false, kSSLProtocol2, "t3", kSSLProtocol3, noErr,
false, kSSLProtocol3Only, NULL, kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersion(SSL2)",
false, kSSLProtocol2, "t3", kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersion(SSL2), server default",
true, kSSLProtocolUnknown, NULL, kSSLProtocolUnknown, errSSLNegotiation,
false, kSSLProtocol2, NULL, kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersionEnabled(t)",
false, kSSLProtocol2, "t3", kTLSProtocol1, noErr,
false, kTLSProtocol1, "t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3t)",
false, kSSLProtocol2, "t3", kTLSProtocol1, noErr,
false, kTLSProtocol1, "3t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23t)",
false, kSSLProtocol2, "t3", kTLSProtocol1, noErr,
false, kTLSProtocol1, "23t", kTLSProtocol1, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(3)",
false, kSSLProtocol2, "t3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "3", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(23)",
false, kSSLProtocol2, "t3", kSSLProtocol3, noErr,
false, kTLSProtocol1, "23", kSSLProtocol3, noErr, false
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol2, "t3", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
NULL, "client SSLSetProtocolVersionEnabled(2)",
false, kSSLProtocol2, "t3", kSSLProtocolUnknown, errSSLNegotiation,
false, kTLSProtocol1, "2", kSSLProtocolUnknown, errSSLClosedAbort, true
},
{
"server default", "client SSLSetProtocolVersionEnabled(2t)",
true, kSSLProtocolUnknown, NULL, kTLSProtocol1, noErr,
false, kTLSProtocol1, "2t", kTLSProtocol1, noErr, false
},
};
#define NUM_SSL_PROT_TESTS (sizeof(protTestParams) / sizeof(protTestParams[0]))
#define IGNORE_SIGPIPE 1
#if IGNORE_SIGPIPE
#include <signal.h>
void sigpipe(int sig)
{
}
#endif
#define CERT_VFY_DISABLE false
SslAppTestParams serverDefaults =
{
"no name here",
false, 0, NULL, NULL, false, kTLSProtocol1,
NULL, serverKcPath, SERVER_KC, true, CERT_VFY_DISABLE, NULL, false, kNeverAuthenticate,
false, NULL, false, NULL, 0, noErr, kTLSProtocol1, kSSLClientCertNone,
SSL_CIPHER_IGNORE,
false, false, false, {0}, {0}, false, 0, false,
kSSLProtocolUnknown,
SSL_NULL_WITH_NULL_NULL,
kSSLClientCertNone,
noHardwareErr
};
SslAppTestParams clientDefaults =
{
"localhost",
false, 0, NULL, NULL, false, kTLSProtocol1,
NULL, NULL, NULL, false, CERT_VFY_DISABLE, SERVER_ROOT, false, kNeverAuthenticate,
false, NULL, false, NULL, 0, noErr, kTLSProtocol1, kSSLClientCertNone,
SSL_CIPHER_IGNORE,
false, false, false, {0}, {0}, false, 0, false,
kSSLProtocolUnknown,
SSL_NULL_WITH_NULL_NULL,
kSSLClientCertNone,
noHardwareErr
};
int main(int argc, char **argv)
{
int ourRtn = 0;
char *argp;
SslAppTestParams clientParams;
SslAppTestParams serverParams;
unsigned short portNum = STARTING_PORT;
SslProtParams *protParams;
unsigned testNum;
int thisRtn;
unsigned startTest = 0;
SSLCipherSuite ciphers[2]; bool diffieHellman = false;
RingBuffer serverToClientRing;
RingBuffer clientToServerRing;
bool ringBufferIo = false;
for(int arg=1; arg<argc; arg++) {
argp = argv[arg];
switch(argp[0]) {
case 'q':
serverDefaults.quiet = clientDefaults.quiet = true;
break;
case 'v':
serverDefaults.verbose = clientDefaults.verbose = true;
break;
case 'p':
portNum = atoi(&argp[2]);
break;
case 't':
startTest = atoi(&argp[2]);
break;
case 'd':
diffieHellman = true;
break;
case 'b':
serverDefaults.nonBlocking = clientDefaults.nonBlocking =
true;
break;
case 's':
clientDefaults.anchorFile = &argp[2];
break;
case 'R':
ringBufferIo = true;
break;
default:
usage(argv);
}
}
if(sslCheckFile(clientDefaults.anchorFile)) {
exit(1);
}
if(ringBufferIo) {
ringBufSetup(&serverToClientRing, "serveToClient", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
ringBufSetup(&clientToServerRing, "clientToServe", DEFAULT_NUM_RB_BUFS, DEFAULT_BUF_RB_SIZE);
serverDefaults.serverToClientRing = &serverToClientRing;
serverDefaults.clientToServerRing = &clientToServerRing;
clientDefaults.serverToClientRing = &serverToClientRing;
clientDefaults.clientToServerRing = &clientToServerRing;
}
#if IGNORE_SIGPIPE
signal(SIGPIPE, sigpipe);
#endif
sslKeychainPath(SERVER_KC, serverKcPath);
testStartBanner("sslProt", argc, argv);
serverParams.port = portNum - 1; if(diffieHellman) {
ciphers[0] = SSL_DH_anon_WITH_RC4_128_MD5;
ciphers[1] = SSL_NO_SUCH_CIPHERSUITE;
serverDefaults.ciphers = ciphers;
serverDefaults.dhParams = dhParams512;
serverDefaults.dhParamsLen = sizeof(dhParams512);
serverDefaults.myCertKcName = NULL;
clientDefaults.anchorFile = NULL;
}
for(testNum=startTest; testNum<NUM_SSL_PROT_TESTS; testNum++) {
protParams = &protTestParams[testNum];
if(diffieHellman) {
if((protParams->servTryVersion == kSSLProtocol2) ||
(protParams->clientTryVersion == kSSLProtocol2) ||
(protParams->serveAcceptProts &&
!strcmp(protParams->serveAcceptProts, "2")) ||
(protParams->clientAcceptProts &&
!strcmp(protParams->clientAcceptProts, "2"))) {
if(serverDefaults.verbose) {
printf("...skipping %s for D-H\n",
protParams->testDesc);
}
continue;
}
}
if(protParams->groupDesc && !serverDefaults.quiet) {
printf("...%s\n", protParams->groupDesc);
}
SSL_THR_SETUP(serverParams, clientParams, clientDefaults,
serverDefault);
if(ringBufferIo) {
ringBufferReset(&serverToClientRing);
ringBufferReset(&clientToServerRing);
}
serverParams.tryVersion = protParams->servTryVersion;
clientParams.tryVersion = protParams->clientTryVersion;
serverParams.acceptedProts = protParams->serveAcceptProts;
clientParams.acceptedProts = protParams->clientAcceptProts;
serverParams.expectVersion = protParams->expectServerProt;
clientParams.expectVersion = protParams->expectClientProt;
serverParams.expectRtn = protParams->serveStatus;
clientParams.expectRtn = protParams->clientStatus;
serverParams.serverAbort = protParams->serverAbort;
SSL_THR_RUN_NUM(serverParams, clientParams, protParams->testDesc,
ourRtn, testNum);
}
done:
if(!clientParams.quiet) {
if(ourRtn == 0) {
printf("===== sslProt test PASSED =====\n");
}
else {
printf("****FAIL: %d errors detected\n", ourRtn);
}
}
return ourRtn;
}