mirror of https://github.com/ctz/rustls
Partially support -verify-prefs
This exits with BOGO_NACK if an unsupported verification algorithm is requested. That is enough to enable 78 more test cases.
This commit is contained in:
parent
235008b8d5
commit
432ceca9b8
|
@ -61,6 +61,8 @@
|
|||
"*-ECDSA_SHA1-*": "no ecdsa-sha1",
|
||||
"*-Sign-RSA_PKCS1_SHA1-*": "no sha1",
|
||||
"*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1",
|
||||
"VerifyPreferences-NoCommonAlgorithms": "we validate but don't actually implement -verify-prefs",
|
||||
"VerifyPreferences-Enforced": "",
|
||||
"*_P224_*": "no p224",
|
||||
"*-P-224-*": "",
|
||||
#ifdef RING
|
||||
|
@ -186,12 +188,9 @@
|
|||
"ALPNClient-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"ALPNServer-EmptyProtocolName-TLS-TLS12": ":PEER_MISBEHAVIOUR:",
|
||||
"ALPNServer-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Verify-ServerAuth-SignatureType": ":PEER_MISBEHAVIOUR:",
|
||||
"Verify-ClientAuth-SignatureType": ":BAD_SIGNATURE:",
|
||||
"Verify-ServerAuth-SignatureType-TLS13": ":BAD_SIGNATURE:",
|
||||
"Verify-ClientAuth-SignatureType-TLS13": ":BAD_SIGNATURE:",
|
||||
"ClientAuth-Enforced": ":PEER_MISBEHAVIOUR:",
|
||||
"ServerAuth-Enforced": ":PEER_MISBEHAVIOUR:",
|
||||
"UnofferedExtension-Client": ":PEER_MISBEHAVIOUR:",
|
||||
"UnknownExtension-Client": ":PEER_MISBEHAVIOUR:",
|
||||
"KeyUpdate-InvalidRequestMode": ":BAD_HANDSHAKE_MSG:",
|
||||
|
@ -226,14 +225,6 @@
|
|||
"NoSupportedVersions": ":INCOMPATIBLE:",
|
||||
"Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":PEER_ALERT_INTERNAL_ERROR:",
|
||||
"Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":HANDSHAKE_FAILURE:",
|
||||
"Client-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Server-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Client-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Server-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Client-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Server-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Client-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"Server-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:",
|
||||
"ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:",
|
||||
"Server-Sign-RSA_PKCS1_SHA256-TLS13": ":INCOMPATIBLE:",
|
||||
|
@ -252,8 +243,6 @@
|
|||
"ClientAuth-NoFallback-ECDSA": ":BAD_HANDSHAKE_MSG:",
|
||||
"ClientAuth-NoFallback-TLS13": ":BAD_HANDSHAKE_MSG:",
|
||||
"ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:",
|
||||
"ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"SecondClientHelloWrongCurve-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"SecondClientHelloMissingKeyShare-TLS13": ":INCOMPATIBLE:",
|
||||
"Resume-Server-BinderWrongLength-SecondBinder": ":PEER_MISBEHAVIOUR:",
|
||||
|
@ -347,9 +336,9 @@
|
|||
"SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
|
||||
"SendBogusAlertType": ":BAD_ALERT:",
|
||||
"TLS13-HRR-InvalidCompressionMethod": ":BAD_HANDSHAKE_MSG:",
|
||||
"CertificateCipherMismatch-RSA": ":PEER_MISBEHAVIOUR:",
|
||||
"CertificateCipherMismatch-ECDSA": ":PEER_MISBEHAVIOUR:",
|
||||
"CertificateCipherMismatch-Ed25519": ":PEER_MISBEHAVIOUR:",
|
||||
"CertificateCipherMismatch-RSA": ":WRONG_SIGNATURE_TYPE:",
|
||||
"CertificateCipherMismatch-ECDSA": ":WRONG_SIGNATURE_TYPE:",
|
||||
"CertificateCipherMismatch-Ed25519": ":WRONG_SIGNATURE_TYPE:",
|
||||
"ServerCipherFilter-RSA": ":INCOMPATIBLE:",
|
||||
"ServerCipherFilter-ECDSA": ":INCOMPATIBLE:",
|
||||
"ServerCipherFilter-Ed25519": ":INCOMPATIBLE:",
|
||||
|
|
|
@ -760,6 +760,10 @@ fn handle_err(err: Error) -> ! {
|
|||
Error::PeerMisbehaved(PeerMisbehaved::TooMuchEarlyDataReceived) => {
|
||||
quit(":TOO_MUCH_READ_EARLY_DATA:")
|
||||
}
|
||||
Error::PeerMisbehaved(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme)
|
||||
| Error::PeerMisbehaved(PeerMisbehaved::SignedKxWithWrongAlgorithm) => {
|
||||
quit(":WRONG_SIGNATURE_TYPE:")
|
||||
}
|
||||
Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"),
|
||||
Error::NoCertificatesPresented => quit(":NO_CERTS:"),
|
||||
Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"),
|
||||
|
@ -1091,6 +1095,9 @@ pub fn main() {
|
|||
}
|
||||
}
|
||||
}
|
||||
"-verify-prefs" => {
|
||||
lookup_scheme(args.remove(0).parse::<u16>().unwrap());
|
||||
}
|
||||
"-max-cert-list" |
|
||||
"-expect-curve-id" |
|
||||
"-expect-resume-curve-id" |
|
||||
|
@ -1314,7 +1321,6 @@ pub fn main() {
|
|||
"-handshake-twice" |
|
||||
"-on-resume-verify-fail" |
|
||||
"-reverify-on-resume" |
|
||||
"-verify-prefs" |
|
||||
"-no-op-extra-handshake" |
|
||||
"-expect-peer-cert-file" |
|
||||
"-no-rsa-pss-rsae-certs" |
|
||||
|
|
Loading…
Reference in New Issue