gnutls/resumption-with-NSS: Test extension

[mrc0mmand]

This PR extends the gnutls/resumption-with-NSS test with following:

• Various combinations of KEX, MAC and PRF algorithms
• Resumption with client authentication, session IDs and tickets

Known issues:

• DHE-DSS ciphersuites don't work when NSS is a server (see PR#7)
• strsclnt can't handle client certificates (see PR#7)
• segfault with ECDSA ciphersuites (see PR#7)
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA with TLS1.1 doesn't work with large DSA keys (see PR#9)

There's a one last issue on RHEL 7.4 (version nss-3.28.3-2.el7.x86_64) and I'm not sure if it's an expected behavior, as the process of fixing the ECDSA bugs was split into two phases (patching the segfault and patching the ticket support). When NSS is a server and the ticket extension is used, the handshake is unexpectedly terminated but the NSS server doesn't report any error:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: NSS <-> GNUTLS [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls1_2, ticket]
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
...
:: [  BEGIN   ] :: Running '/usr/lib64/nss/unsupported-tools/selfserv -d sql:nssdb -p 4433 -V tls1.0: -H 1 -c :C02C -e ecdsa-server -u -v >server.log 2>server.err &'
:: [   PASS   ] :: Command '/usr/lib64/nss/unsupported-tools/selfserv -d sql:nssdb -p 4433 -V tls1.0: -H 1 -c :C02C -e ecdsa-server -u -v >server.log 2>server.err &' (Expect$
d 0, got 0)
...
:: [  BEGIN   ] :: Running 'sleep 2 | gnutls-cli --resume --x509cafile ca/cert.pem --port 4433 --priority NORMAL:+VERS-TLS1.2 localhost'
Processed 1 CA certificate(s).
Resolving 'localhost'...
Connecting to '::1:4433'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=localhost', issuer `CN=ECDSA CA', EC key 256 bits, signed using ECDSA-SHA256, activated `2017-03-11 23:07:04 UTC', expires `2018-03-11 23:07:04 UTC', SHA-1 fi$
gerprint `ae2b75c296839bd063ff94702b4083d112e97472'
        Public Key ID:
                3ea5f93984618857efdfc283485656f69cde7793
        Public key's random art:
                +--[  EC  256]----+
                |                 |
                |        .   o    |
                |     . o . o o . |
                |    . o o +   +  |
                |     . .S*.  . ..|
                |       .++o   .E+|
                |       o=o + .  +|
                |        .oo.= .  |
                |          o. o   |
                +-----------------+

- Certificate[1] info:
 - subject `CN=ECDSA CA', issuer `O=Example CA', EC key 256 bits, signed using RSA-SHA256, activated `2012-03-11 23:07:04 UTC', expires `2027-03-11 23:07:04 UTC', SHA-1 finge
rprint `79b61e397bff727e3c6831d94e6dcd4bbf96691e'
- Certificate[2] info:
 - subject `O=Example CA', issuer `O=Example CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2012-03-11 23:07:03 UTC', expires `2027-03-11 23:07:03 UTC', SHA-1 fi
ngerprint `4e23d3f7057505257a40d0a68ce54860f81f9352'
- Status: The certificate is trusted. 
*** Fatal error: The TLS connection was non-properly terminated.
*** Handshake has failed
GnuTLS error: The TLS connection was non-properly terminated.
:: [   FAIL   ] :: Command 'sleep 2 | gnutls-cli --resume --x509cafile ca/cert.pem --port 4433 --priority NORMAL:+VERS-TLS1.2 localhost' (Expected 0, got 1)
:: [   FAIL   ] :: File '/var/tmp/rlRun_LOG.VyOTzFWM' should contain 'This is a resumed session' 
...
:: [  BEGIN   ] :: Running 'cat server.err'



selfserv: About to call accept.



selfserv: About to call accept.
selfserv: HDX PR_Read returned error 0:
Success
:: [   PASS   ] :: Command 'cat server.err' (Expected 0, got 0)