[glib-networking] Rewrite the test for TLS 1.3 again
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking] Rewrite the test for TLS 1.3 again
- Date: Mon, 12 Nov 2018 01:58:39 +0000 (UTC)
commit cce5f871b49eb8e009f5f6b8b4a2ab7e641b9fc8
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sun Nov 11 19:41:54 2018 -0600
Rewrite the test for TLS 1.3 again
This is based on the same logic we use to compute the minimum available
protocol version in g_tls_connection_gnutls_init_priorities(), so we can
figure out whether TLS 1.3 is actually available at runtime or not.
tls/tests/connection.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
---
diff --git a/tls/tests/connection.c b/tls/tests/connection.c
index db8de0e..7524fbf 100644
--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
@@ -1026,11 +1026,35 @@ test_client_auth_rehandshake (TestConnection *test,
static gboolean
client_can_receive_certificate_required_errors (TestConnection *test)
{
- /* This is a very imperfect check, since it returns true on Fedora 28,
- * where GNUTLS_TLS1_3 is defined but TLS 1.3 is disabled anyway.
- * The tests will just remain broken there, I guess.
+ gnutls_priority_t priority_cache;
+ int ret;
+ int i;
+ int nprotos;
+ static int max_proto = 0;
+ const guint *protos;
+
+ /* Determine whether GNUTLS_TLS1_3 is available at *runtime* (using
+ * the default priority) so that these tests work in Fedora 28, which
+ * has GnuTLS 3.6 (and therefore GNUTLS_TLS1_3) but with TLS 1.3
+ * disabled.
*/
- return GNUTLS_TLS_VERSION_MAX <= GNUTLS_TLS1_2;
+ if (max_proto == 0)
+ {
+ ret = gnutls_priority_init (&priority_cache, "NORMAL", NULL);
+ g_assert_cmpint (ret, ==, GNUTLS_E_SUCCESS);
+
+ nprotos = gnutls_priority_protocol_list (priority_cache, &protos);
+
+ for (i = 0; i < nprotos && protos[i] <= GNUTLS_TLS_VERSION_MAX; i++)
+ {
+ if (protos[i] > max_proto)
+ max_proto = protos[i];
+ }
+
+ gnutls_priority_deinit (priority_cache);
+ }
+
+ return max_proto <= GNUTLS_TLS1_2;
}
static void
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]