Merge commit '36adc36' into dtls
* commit '36adc36':
Add support for getrandom()
Use library default for trunc-hmac in ssl_client2
Make truncated hmac a runtime option server-side
Fix portability issue in script
Specific error for suites in common but none good
Prefer SHA-1 certificates for pre-1.2 clients
Some more refactoring/tuning.
Minor refactoring
Conflicts:
include/polarssl/error.h
include/polarssl/ssl.h
library/error.c
diff --git a/ChangeLog b/ChangeLog
index f4551fb..42d1c7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,10 @@
length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST.
+ * Certificate selection based on signature hash, prefering SHA-1 over SHA-2
+ for pre-1.2 clients when multiple certificates are available.
+ * Add support for getrandom() syscall on recent Linux kernels with Glibc or
+ a compatible enough libc (eg uClibc).
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
@@ -61,6 +65,11 @@
* debug_print_buf() now prints a text view in addition to hexadecimal.
* Skip writing and parsing signature_algorithm extension if none of the
key exchanges enabled needs certificates.
+ * A specific error is now returned when there are ciphersuites in common
+ but none of them is usable due to external factors such as no certificate
+ with a suitable (extended)KeyUsage or curve or no PSK set.
+ * It is now possible to disable neogtiation of truncated HMAC server-side
+ at runtime with ssl_set_truncated_hmac().
= PolarSSL 1.3.9 released 2014-10-20
Security
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 00c794e..1e36a0d 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -91,7 +91,7 @@
* ECP 4 8 (Started from top)
* MD 5 4
* CIPHER 6 6
- * SSL 6 12 (Started from top)
+ * SSL 6 13 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 37d7e13..2af34cb 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -158,6 +158,7 @@
#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */
#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */
#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */
+#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate) */
/*
* Various constants
@@ -1851,15 +1852,15 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
/**
- * \brief Activate negotiation of truncated HMAC (Client only)
- * (Default: SSL_TRUNC_HMAC_ENABLED)
+ * \brief Activate negotiation of truncated HMAC
+ * (Default: SSL_TRUNC_HMAC_DISABLED on client,
+ * SSL_TRUNC_HMAC_ENABLED on server.)
*
* \param ssl SSL context
* \param truncate Enable or disable (SSL_TRUNC_HMAC_ENABLED or
* SSL_TRUNC_HMAC_DISABLED)
*
- * \return O if successful,
- * POLARSSL_ERR_SSL_BAD_INPUT_DATA if used server-side
+ * \return Always 0.
*/
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate );
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 9ca9e95..33e75bc 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -73,6 +73,43 @@
}
#else /* _WIN32 && !EFIX64 && !EFI32 */
+/*
+ * Test for Linux getrandom() support.
+ * Since there is no wrapper in the libc yet, use the generic syscall wrapper
+ * available in GNU libc and compatible libc's (eg uClibc).
+ */
+#if defined(__linux__) && defined(__GLIBC__)
+#include <linux/version.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+#if defined(SYS_getrandom)
+#define HAVE_GETRANDOM
+static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
+{
+ return( syscall( SYS_getrandom, buf, buflen, flags ) );
+}
+#endif /* SYS_getrandom */
+#endif /* __linux__ */
+
+#if defined(HAVE_GETRANDOM)
+
+#include <errno.h>
+
+int platform_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen )
+{
+ int ret;
+ ((void) data);
+
+ if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
+ return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
+
+ *olen = ret;
+ return( 0 );
+}
+
+#else /* HAVE_GETRANDOM */
+
#include <stdio.h>
int platform_entropy_poll( void *data,
@@ -100,6 +137,7 @@
return( 0 );
}
+#endif /* HAVE_GETRANDOM */
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !POLARSSL_NO_PLATFORM_ENTROPY */
diff --git a/library/error.c b/library/error.c
index f3c18c2..b3c2153 100644
--- a/library/error.c
+++ b/library/error.c
@@ -456,6 +456,8 @@
snprintf( buf, buflen, "SSL - DTLS client must retry for hello verification" );
if( use_ret == -(POLARSSL_ERR_SSL_BUFFER_TOO_SMALL) )
snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" );
+ if( use_ret == -(POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE) )
+ snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate)" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dc80ed0..d83c560 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -663,7 +663,8 @@
((void) buf);
- ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+ if( ssl->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+ ssl->session_negotiate->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
return( 0 );
}
@@ -831,11 +832,11 @@
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
- * Return 1 if the given EC key uses the given curve, 0 otherwise
+ * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/
#if defined(POLARSSL_ECDSA_C)
-static int ssl_key_matches_curves( pk_context *pk,
- const ecp_curve_info **curves )
+static int ssl_check_key_curve( pk_context *pk,
+ const ecp_curve_info **curves )
{
const ecp_curve_info **crv = curves;
ecp_group_id grp_id = pk_ec( *pk )->grp.id;
@@ -843,11 +844,11 @@
while( *crv != NULL )
{
if( (*crv)->grp_id == grp_id )
- return( 1 );
+ return( 0 );
crv++;
}
- return( 0 );
+ return( -1 );
}
#endif /* POLARSSL_ECDSA_C */
@@ -858,7 +859,7 @@
static int ssl_pick_cert( ssl_context *ssl,
const ssl_ciphersuite_t * ciphersuite_info )
{
- ssl_key_cert *cur, *list;
+ ssl_key_cert *cur, *list, *fallback = NULL;
pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
@@ -891,21 +892,41 @@
}
#if defined(POLARSSL_ECDSA_C)
- if( pk_alg == POLARSSL_PK_ECDSA )
- {
- if( ssl_key_matches_curves( cur->key, ssl->handshake->curves ) )
- break;
- }
- else
+ if( pk_alg == POLARSSL_PK_ECDSA &&
+ ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
+ continue;
#endif
- break;
+
+ /*
+ * Try to select a SHA-1 certificate for pre-1.2 clients, but still
+ * present them a SHA-higher cert rather than failing if it's the only
+ * one we got that satisfies the other conditions.
+ */
+ if( ssl->minor_ver < SSL_MINOR_VERSION_3 &&
+ cur->cert->sig_md != POLARSSL_MD_SHA1 )
+ {
+ if( fallback == NULL )
+ fallback = cur;
+ continue;
+ }
+
+ /* If we get there, we got a winner */
+ break;
}
- if( cur == NULL )
- return( -1 );
+ if( cur != NULL )
+ {
+ ssl->handshake->key_cert = cur;
+ return( 0 );
+ }
- ssl->handshake->key_cert = cur;
- return( 0 );
+ if( fallback != NULL )
+ {
+ ssl->handshake->key_cert = fallback;
+ return( 0 );
+ }
+
+ return( -1 );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
@@ -921,8 +942,8 @@
suite_info = ssl_ciphersuite_from_id( suite_id );
if( suite_info == NULL )
{
- SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", suite_id ) );
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( suite_info->min_minor_ver > ssl->minor_ver ||
@@ -971,7 +992,7 @@
#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
static int ssl_parse_client_hello_v2( ssl_context *ssl )
{
- int ret;
+ int ret, got_common_suite;
unsigned int i, j;
size_t n;
unsigned int ciph_len, sess_len, chal_len;
@@ -1169,6 +1190,7 @@
}
#endif /* POLARSSL_SSL_FALLBACK_SCSV */
+ got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@@ -1186,6 +1208,8 @@
p[2] != ( ( ciphersuites[i] ) & 0xFF ) )
continue;
+ got_common_suite = 1;
+
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 )
return( ret );
@@ -1195,9 +1219,17 @@
}
}
- SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-
- return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ if( got_common_suite )
+ {
+ SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+ "but none of them usable" ) );
+ return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
+ }
+ else
+ {
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ }
have_ciphersuite_v2:
ssl->session_negotiate->ciphersuite = ciphersuites[i];
@@ -1229,7 +1261,7 @@
static int ssl_parse_client_hello( ssl_context *ssl )
{
- int ret;
+ int ret, got_common_suite;
unsigned int i, j;
unsigned int ciph_offset, comp_offset, ext_offset;
unsigned int msg_len, ciph_len, sess_len, comp_len, ext_len;
@@ -1923,6 +1955,7 @@
* (At the end because we need information from the EC-based extensions
* and certificate from the SNI callback triggered by the SNI extension.)
*/
+ got_common_suite = 0;
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
@@ -1939,6 +1972,8 @@
p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
continue;
+ got_common_suite = 1;
+
if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
&ciphersuite_info ) ) != 0 )
return( ret );
@@ -1948,12 +1983,19 @@
}
}
- SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-
- if( ( ret = ssl_send_fatal_handshake_failure( ssl ) ) != 0 )
- return( ret );
-
- return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ if( got_common_suite )
+ {
+ SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
+ "but none of them usable" ) );
+ ssl_send_fatal_handshake_failure( ssl );
+ return( POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE );
+ }
+ else
+ {
+ SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
+ ssl_send_fatal_handshake_failure( ssl );
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
+ }
have_ciphersuite:
ssl->session_negotiate->ciphersuite = ciphersuites[i];
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 413582a..c78b1a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5149,6 +5149,11 @@
if( endpoint == SSL_IS_CLIENT )
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
#endif
+
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ if( endpoint == SSL_IS_SERVER )
+ ssl->trunc_hmac = SSL_TRUNC_HMAC_ENABLED;
+#endif
}
int ssl_set_transport( ssl_context *ssl, int transport )
@@ -5692,9 +5697,6 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int ssl_set_truncated_hmac( ssl_context *ssl, int truncate )
{
- if( ssl->endpoint != SSL_IS_CLIENT )
- return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
-
ssl->trunc_hmac = truncate;
return( 0 );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0ddd802..9313499 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -92,7 +92,7 @@
#define DFL_MAX_VERSION -1
#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
-#define DFL_TRUNC_HMAC 0
+#define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
@@ -274,7 +274,7 @@
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
#define USAGE_TRUNC_HMAC \
- " trunc_hmac=%%d default: 0 (disabled)\n"
+ " trunc_hmac=%%d default: library default\n"
#else
#define USAGE_TRUNC_HMAC ""
#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
@@ -740,9 +740,12 @@
}
else if( strcmp( p, "trunc_hmac" ) == 0 )
{
- opt.trunc_hmac = atoi( q );
- if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
- goto usage;
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
}
else if( strcmp( p, "hs_timeout" ) == 0 )
{
@@ -1057,12 +1060,8 @@
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
- if( opt.trunc_hmac != 0 )
- if( ( ret = ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ) ) != 0 )
- {
- printf( " failed\n ! ssl_set_truncated_hmac returned %d\n\n", ret );
- goto exit;
- }
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
#endif
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index fb2327a..85189bd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -115,6 +115,7 @@
#define DFL_MAX_VERSION -1
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_TICKET_TIMEOUT -1
#define DFL_CACHE_MAX -1
@@ -185,6 +186,7 @@
int max_version; /* maximum protocol version accepted */
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* accept truncated hmac? */
int tickets; /* enable / disable session tickets */
int ticket_timeout; /* session ticket lifetime */
int cache_max; /* max number of session cache entries */
@@ -315,6 +317,13 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+#define USAGE_TRUNC_HMAC \
+ " trunc_hmac=%%d default: library default\n"
+#else
+#define USAGE_TRUNC_HMAC ""
+#endif
+
#if defined(POLARSSL_SSL_ALPN)
#define USAGE_ALPN \
" alpn=%%s default: \"\" (disabled)\n" \
@@ -407,6 +416,7 @@
USAGE_TICKETS \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
+ USAGE_TRUNC_HMAC \
USAGE_ALPN \
USAGE_EMS \
USAGE_ETM \
@@ -805,6 +815,7 @@
opt.max_version = DFL_MAX_VERSION;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.tickets = DFL_TICKETS;
opt.ticket_timeout = DFL_TICKET_TIMEOUT;
opt.cache_max = DFL_CACHE_MAX;
@@ -1025,6 +1036,15 @@
{
opt.alpn_string = q;
}
+ else if( strcmp( p, "trunc_hmac" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "extended_ms" ) == 0 )
{
switch( atoi( q ) )
@@ -1475,6 +1495,11 @@
};
#endif
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ if( opt.trunc_hmac != DFL_TRUNC_HMAC )
+ ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+#endif
+
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
ssl_set_extended_master_secret( &ssl, opt.extended_ms );
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 0ee992d..b9a8e9c 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -46,7 +46,7 @@
$/ = $line_separator;
-open(GREP, "/bin/grep \"define POLARSSL_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!");
+open(GREP, "grep \"define POLARSSL_ERR_\" $include_dir/* |") || die("Failure when calling grep: $!");
my $ll_old_define = "";
my $hl_old_define = "";
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3aeef96..1bd2a73 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -558,16 +558,43 @@
# Tests for Truncated HMAC extension
-run_test "Truncated HMAC: reference" \
+run_test "Truncated HMAC: client default, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
- -s "dumping 'computed mac' (20 bytes)"
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
-run_test "Truncated HMAC: actual test" \
+run_test "Truncated HMAC: client disabled, server default" \
"$P_SRV debug_level=4" \
- "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=0" \
0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server default" \
+ "$P_SRV debug_level=4" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
+ -s "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server disabled" \
+ "$P_SRV debug_level=4 trunc_hmac=0" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "dumping 'computed mac' (20 bytes)" \
+ -S "dumping 'computed mac' (10 bytes)"
+
+run_test "Truncated HMAC: client enabled, server enabled" \
+ "$P_SRV debug_level=4 trunc_hmac=1" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -S "dumping 'computed mac' (20 bytes)" \
-s "dumping 'computed mac' (10 bytes)"
# Tests for Encrypt-then-MAC extension
@@ -1604,6 +1631,60 @@
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+# Tests for certificate selection based on SHA verson
+
+run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_2" \
+ 0 \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -C "signed using.*ECDSA with SHA256" \
+ -c "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server5-sha1.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1" \
+ 0 \
+ -C "signed using.*ECDSA with SHA256" \
+ -c "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
+ "$P_SRV crt_file=data_files/server5.crt \
+ key_file=data_files/server5.key \
+ crt_file2=data_files/server6.crt \
+ key_file2=data_files/server6.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -c "serial number.*09" \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
+run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
+ "$P_SRV crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key \
+ crt_file2=data_files/server5.crt \
+ key_file2=data_files/server5.key" \
+ "$P_CLI force_version=tls1_1" \
+ 0 \
+ -c "serial number.*0A" \
+ -c "signed using.*ECDSA with SHA256" \
+ -C "signed using.*ECDSA with SHA1"
+
# tests for SNI
run_test "SNI: no SNI callback" \
@@ -2152,7 +2233,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2161,7 +2242,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
1 \
- -s "SSL - The server has no ciphersuites in common" \
+ -s "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2170,7 +2251,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2179,7 +2260,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2188,7 +2269,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2197,7 +2278,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=ghi psk=beef" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -2206,7 +2287,7 @@
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=beef" \
1 \
- -S "SSL - The server has no ciphersuites in common" \
+ -S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-s "SSL - Verification of the message MAC failed"