git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Document problems with SHA-1 in certs with DANE-TA
[exim.git]
/
test
/
src
/
client.c
diff --git
a/test/src/client.c
b/test/src/client.c
index 4ac130df2d890ea29c6038e0ff0085ec135c412a..eef82ef5782be104017762f1a4595d5a4088599c 100644
(file)
--- a/
test/src/client.c
+++ b/
test/src/client.c
@@
-103,7
+103,7
@@
static int ssl_session_timeout = 200;
/* Priorities for TLS algorithms to use. */
/* Priorities for TLS algorithms to use. */
-#if GNUTLS_VERSION_NUMBER < 0x030400
+#
if GNUTLS_VERSION_NUMBER < 0x030400
static const int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
static const int kx_priority[16] = {
static const int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
static const int kx_priority[16] = {
@@
-125,7
+125,7
@@
static const int mac_priority[16] = {
0 };
static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
0 };
static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
-#endif
+#
endif
#endif /*HAVE_GNUTLS*/
#endif /*HAVE_GNUTLS*/
@@
-133,6
+133,7
@@
static const int comp_priority[16] = { GNUTLS_COMP_NULL, 0 };
#ifdef HAVE_TLS
char * ocsp_stapling = NULL;
#ifdef HAVE_TLS
char * ocsp_stapling = NULL;
+char * pri_string = NULL;
#endif
#endif
@@
-223,7
+224,7
@@
if(!(bs = OCSP_response_get1_basic(rsp)))
}
}
-if (!(sk = chain_from_pem_file(ocsp_stapling)))
+if (!(sk = chain_from_pem_file(
(const uschar *)
ocsp_stapling)))
{
BIO_printf(arg, "error in cert setup\n");
return 0;
{
BIO_printf(arg, "error in cert setup\n");
return 0;
@@
-454,7
+455,7
@@
gnutls_session_t session;
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_NO_EXTENSIONS);
-#if GNUTLS_VERSION_NUMBER < 0x030400
+#
if GNUTLS_VERSION_NUMBER < 0x030400
gnutls_cipher_set_priority(session, default_cipher_priority);
gnutls_compression_set_priority(session, comp_priority);
gnutls_kx_set_priority(session, kx_priority);
gnutls_cipher_set_priority(session, default_cipher_priority);
gnutls_compression_set_priority(session, comp_priority);
gnutls_kx_set_priority(session, kx_priority);
@@
-462,10
+463,19
@@
gnutls_protocol_set_priority(session, protocol_priority);
gnutls_mac_set_priority(session, mac_priority);
gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_mac_set_priority(session, mac_priority);
gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-#else
-gnutls_set_default_priority(session);
+# else
+if (pri_string)
+ {
+ gnutls_priority_t priority_cache;
+ const char * errpos;
+
+ gnutls_priority_init(&priority_cache, pri_string, &errpos);
+ gnutls_priority_set(session, priority_cache);
+ }
+else
+ gnutls_set_default_priority(session);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-#endif
+#
endif
gnutls_dh_set_prime_bits(session, DH_BITS);
gnutls_db_set_cache_expiration(session, ssl_session_timeout);
gnutls_dh_set_prime_bits(session, DH_BITS);
gnutls_db_set_cache_expiration(session, ssl_session_timeout);
@@
-710,7
+720,7
@@
int rc;
else if (strncmp(CS outbuffer, "<<< ", 4) == 0)
{
FILE * new_f;
else if (strncmp(CS outbuffer, "<<< ", 4) == 0)
{
FILE * new_f;
- if (!(new_f = fopen(outbuffer+4 , "r")))
+ if (!(new_f = fopen(
(const char *)
outbuffer+4 , "r")))
{
printf("Unable to open '%s': %s", inptr, strerror(errno));
exit(74);
{
printf("Unable to open '%s': %s", inptr, strerror(errno));
exit(74);
@@
-836,6
+846,10
@@
Usage: client\n"
"\
[-tls-on-connect]\n\
[-ocsp]\n"
"\
[-tls-on-connect]\n\
[-ocsp]\n"
+# ifdef HAVE_GNUTLS
+"\
+ [-p priority-string]\n"
+# endif
#endif
"\
[-tn] n seconds timeout\n\
#endif
"\
[-tn] n seconds timeout\n\
@@
-901,6
+915,17
@@
while (argc >= argi + 1 && argv[argi][0] == '-')
}
ocsp_stapling = argv[argi++];
}
}
ocsp_stapling = argv[argi++];
}
+# ifdef HAVE_GNUTLS
+ else if (strcmp(argv[argi], "-p") == 0)
+ {
+ if (argc < ++argi + 1)
+ {
+ fprintf(stderr, "Missing priority string\n");
+ exit(96);
+ }
+ pri_string = argv[argi++];
+ }
+#endif
#endif
else if (argv[argi][1] == 't' && isdigit(argv[argi][2]))
#endif
else if (argv[argi][1] == 't' && isdigit(argv[argi][2]))
git://git.exim.org / exim.git / blobdiff