[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7533 - in libmicrohttpd: . src/daemon src/daemon/https/tls
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r7533 - in libmicrohttpd: . src/daemon src/daemon/https/tls src/daemon/https/x509 src/include src/testcurl/https |
|
Date: |
Fri, 8 Aug 2008 20:06:39 -0600 (MDT) |
Author: lv-426
Date: 2008-08-08 20:06:38 -0600 (Fri, 08 Aug 2008)
New Revision: 7533
Removed:
libmicrohttpd/src/daemon/https/tls/gnutls_db.c
libmicrohttpd/src/daemon/https/tls/gnutls_db.h
Modified:
libmicrohttpd/configure.ac
libmicrohttpd/src/daemon/connection_https.c
libmicrohttpd/src/daemon/daemon.c
libmicrohttpd/src/daemon/https/tls/Makefile.am
libmicrohttpd/src/daemon/https/tls/auth_cert.h
libmicrohttpd/src/daemon/https/tls/ext_cert_type.c
libmicrohttpd/src/daemon/https/tls/gnutls_alert.c
libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c
libmicrohttpd/src/daemon/https/tls/gnutls_anon_cred.c
libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c
libmicrohttpd/src/daemon/https/tls/gnutls_int.h
libmicrohttpd/src/daemon/https/tls/gnutls_priority.c
libmicrohttpd/src/daemon/https/tls/gnutls_record.c
libmicrohttpd/src/daemon/https/tls/gnutls_session.c
libmicrohttpd/src/daemon/https/tls/gnutls_session_pack.c
libmicrohttpd/src/daemon/https/tls/gnutls_state.c
libmicrohttpd/src/daemon/https/tls/gnutls_x509.c
libmicrohttpd/src/daemon/https/x509/pkcs12.h
libmicrohttpd/src/daemon/internal.h
libmicrohttpd/src/include/microhttpd.h
libmicrohttpd/src/testcurl/https/tls_alert_test.c
libmicrohttpd/src/testcurl/https/tls_authentication_test.c
libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c
libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
libmicrohttpd/src/testcurl/https/tls_test_keys.h
Log:
temporary IP binding option added to MHD_daemon_start_va
added support for initiating the daemon in anonymous authentication mode
DH parameter initiation when using anonymous authentication
added daemon credential type field
added daemon option testing flexibility
removed db support
Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac 2008-08-06 16:32:11 UTC (rev 7532)
+++ libmicrohttpd/configure.ac 2008-08-09 02:06:38 UTC (rev 7533)
@@ -260,7 +260,8 @@
AC_DEFINE([ENABLE_MINITASN1],[1],[Include minitasn1 support])
AC_DEFINE([GNULIB_GC_HMAC_SHA1],[1],[GNULIB_GC_HMAC_SHA1])
AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
-AC_DEFINE([ENABLE_PKI],[1],[Include ENABLE_OPENPGP support])
+AC_DEFINE([ENABLE_ANON],[1],[Enable anonymous authentication])
+AC_DEFINE([ENABLE_PKI],[1],[Include PKI support])
AC_DEFINE([ENABLE_INCLUDED_OPENCDK],[1],[Include ENABLE_INCLUDED_OPENCDK
support])
# gnutls debug support
AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])
Modified: libmicrohttpd/src/daemon/connection_https.c
===================================================================
--- libmicrohttpd/src/daemon/connection_https.c 2008-08-06 16:32:11 UTC (rev
7532)
+++ libmicrohttpd/src/daemon/connection_https.c 2008-08-09 02:06:38 UTC (rev
7533)
@@ -37,7 +37,7 @@
#include "gnutls_int.h"
#include "gnutls_record.h"
-/* TODO rm #include "gnutls_errors.h" */
+/* TODO #include rm "gnutls_errors.h" */
#include "gnutls_errors.h"
/* forward declarations used when setting secure connection callbacks */
@@ -168,6 +168,9 @@
switch (connection->state)
{
+ /* on newly created connections we might reach here before any reply has
been received */
+ case MHD_TLS_CONNECTION_INIT:
+ return MHD_YES;
/* close connection if necessary */
case MHD_CONNECTION_CLOSED:
MHD_tls_connection_close (connection);
Modified: libmicrohttpd/src/daemon/daemon.c
===================================================================
--- libmicrohttpd/src/daemon/daemon.c 2008-08-06 16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/daemon.c 2008-08-09 02:06:38 UTC (rev 7533)
@@ -32,6 +32,7 @@
#if HTTPS_SUPPORT
#include "gnutls_int.h"
#include "gnutls_global.h"
+#include "auth_anon.h"
#endif
/**
@@ -56,26 +57,14 @@
*/
#define DEBUG_CONNECT MHD_NO
-#if HTTPS_SUPPORT
-/* initialize security aspects of the HTTPS daemon */
+/* TODO unite with code in gnutls_priority.c */
static int
-MHD_TLS_init (struct MHD_Daemon *daemon)
+MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
{
- int i;
- priority_st st;
gnutls_datum_t key;
gnutls_datum_t cert;
- gnutls_global_set_log_function (MHD_tls_log_func);
-
- /* setup server certificate */
- gnutls_certificate_allocate_credentials (&daemon->x509_cret);
-
- /* TODO remove if unused
- gnutls_certificate_set_x509_trust_file(x509_cret,
CAFILE,GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE,
GNUTLS_X509_FMT_PEM); */
-
- /* sets a certificate private key pair */
+ /* certificate & key loaded from file */
if (daemon->https_cert_path && daemon->https_key_path)
{
/* test for private key & certificate file exsitance */
@@ -98,20 +87,21 @@
CLOSE (daemon->socket_fd);
return -1;
}
- gnutls_certificate_set_x509_key_file (daemon->x509_cret,
- daemon->https_cert_path,
- daemon->https_key_path,
- GNUTLS_X509_FMT_PEM);
+ return gnutls_certificate_set_x509_key_file (daemon->x509_cred,
+ daemon->https_cert_path,
+ daemon->https_key_path,
+ GNUTLS_X509_FMT_PEM);
}
+ /* certificate & key loaded from memory */
else if (daemon->https_mem_cert && daemon->https_mem_key)
{
- key.data = (char *) daemon->https_mem_key;
+ key.data = (unsigned char *) daemon->https_mem_key;
key.size = strlen (daemon->https_mem_key);
- cert.data = (char *) daemon->https_mem_cert;
+ cert.data = (unsigned char *) daemon->https_mem_cert;
cert.size = strlen (daemon->https_mem_cert);
- gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key,
- GNUTLS_X509_FMT_PEM);
+ return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert,
+ &key, GNUTLS_X509_FMT_PEM);
}
else
{
@@ -120,29 +110,44 @@
#endif
return MHD_NO;
}
+}
- /* generate DH parameters if necessary */
- st = daemon->priority_cache->kx;
- for (i = 0; i < st.algorithms; i++)
+/* initialize security aspects of the HTTPS daemon */
+int
+MHD_TLS_init (struct MHD_Daemon *daemon)
+{
+ int ret;
+
+ switch (daemon->cred_type)
{
- /* initialize Diffie Hellman parameters if necessary */
- /* TODO add other cipher suits */
- if (st.priority[i] == MHD_GNUTLS_KX_DHE_RSA)
- {
- gnutls_dh_params_init (&daemon->dh_params);
- gnutls_dh_params_generate2 (daemon->dh_params, 1024);
- break;
- }
+ case MHD_GNUTLS_CRD_ANON:
+ ret = gnutls_anon_allocate_server_credentials (&daemon->anon_cred);
+ ret += gnutls_dh_params_init (&daemon->dh_params);
+ if (ret != 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ gnutls_dh_params_generate2 (daemon->dh_params, 1024);
+ gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params);
+ break;
+ case MHD_GNUTLS_CRD_CERTIFICATE:
+ ret = gnutls_certificate_allocate_credentials (&daemon->x509_cred) ;
+ if (ret != 0) {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ if ((ret = MHD_init_daemon_certificate (daemon)) != 0)
+ return ret;
+ default:
+#if HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ "Error: no daemon credentials type found. f: %s, l: %d\n",
+ __FUNCTION__, __LINE__);
+#endif
+ break;
}
- gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
-
- /* TODO address error case return value */
- return MHD_YES;
+ return MHD_NO;
}
-/* TODO unite with code in gnutls_priority.c */
-/* this is used to set HTTPS related daemon priorities */
inline static int
_set_priority (priority_st * st, const int *list)
{
@@ -152,7 +157,7 @@
num++;
if (num > MAX_ALGOS)
num = MAX_ALGOS;
- st->algorithms = num;
+ st->num_algorithms = num;
for (i = 0; i < num; i++)
{
@@ -161,7 +166,6 @@
return 0;
}
-#endif /* HTTPS_SUPPORT */
/**
* Obtain the select sets for this daemon.
@@ -300,12 +304,13 @@
}
#endif
+
/**
* Handle an individual TLS connection.
*/
#if HTTPS_SUPPORT
static void *
-MHD_TLS_handle_connection (void *data)
+MHD_TLS_init_connection (void *data)
{
struct MHD_Connection *con = data;
@@ -320,16 +325,37 @@
/* sets cipher priorities */
gnutls_priority_set (con->tls_session, con->daemon->priority_cache);
- /* set needed credentials for certificate authentication. */
- gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE,
- con->daemon->x509_cret);
+ switch (con->daemon->cred_type)
+ {
+ /* set needed credentials for certificate authentication. */
+ case MHD_GNUTLS_CRD_CERTIFICATE:
+ gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE,
+ con->daemon->x509_cred);
+ break;
+ case MHD_GNUTLS_CRD_ANON:
+ /* set needed credentials for anonymous authentication. */
+ gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON,
+ con->daemon->anon_cred);
+ gnutls_dh_set_prime_bits (con->tls_session, 1024);
+ break;
+ default:
+#if HAVE_MESSAGES
+ MHD_DLOG (con->daemon,
+ "Error: couldn't init HTTPS session. no appropriate KX
algorithm found. f: %s, l: %d\n",
+ __FUNCTION__, __LINE__);
+#endif
+ break;
+ }
+
/* TODO avoid gnutls blocking recv / write calls
gnutls_transport_set_pull_function(tls_session, &recv);
gnutls_transport_set_push_function(tls_session, &send);
*/
- gnutls_transport_set_ptr (con->tls_session, con->socket_fd);
+ gnutls_transport_set_ptr (con->tls_session,
+ (gnutls_transport_ptr_t) ((void *) con->
+ socket_fd));
return MHD_handle_connection (data);
}
@@ -489,7 +515,7 @@
#if HTTPS_SUPPORT
if (daemon->options & MHD_USE_SSL)
res_thread_create = pthread_create (&connection->pid, NULL,
- &MHD_TLS_handle_connection,
+ &MHD_TLS_init_connection,
connection);
else
#endif
@@ -768,7 +794,7 @@
*/
struct MHD_Daemon *
MHD_start_daemon_va (unsigned int options,
- unsigned short port,
+ unsigned short port, char *ip,
MHD_AcceptPolicyCallback apc,
void *apc_cls,
MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap)
@@ -875,6 +901,7 @@
pthread_mutex_unlock (&gnutls_init_mutex);
/* set default priorities */
gnutls_priority_init (&retVal->priority_cache, "", NULL);
+ retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
}
#endif
/* initializes the argument pointer variable */
@@ -906,7 +933,7 @@
#if HTTPS_SUPPORT
case MHD_OPTION_PROTOCOL_VERSION:
_set_priority (&retVal->priority_cache->protocol,
- va_arg (ap, const int *));
+ va_arg (ap, const int *));
break;
case MHD_OPTION_HTTPS_KEY_PATH:
retVal->https_key_path = va_arg (ap, const char *);
@@ -920,8 +947,11 @@
case MHD_OPTION_HTTPS_MEM_CERT:
retVal->https_mem_cert = va_arg (ap, const char *);
break;
+ case MHD_OPTION_CRED_TYPE:
+ retVal->cred_type = va_arg (ap, const int);
+ break;
case MHD_OPTION_KX_PRIORITY:
- _set_priority (&retVal->priority_cache->cipher,
+ _set_priority (&retVal->priority_cache->kx,
va_arg (ap, const int *));
break;
case MHD_OPTION_CIPHER_ALGORITHM:
@@ -929,16 +959,17 @@
va_arg (ap, const int *));
break;
case MHD_OPTION_MAC_ALGO:
- _set_priority (&retVal->priority_cache->mac,
- va_arg (ap, const int *));
- break;
+ _set_priority (&retVal->priority_cache->mac,
+ va_arg (ap, const int *));
+ break;
#endif
default:
#if HAVE_MESSAGES
if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END)
{
fprintf (stderr,
- "Error: HTTPS option %d passed to non HTTPS daemon\n",
opt);
+ "Error: HTTPS option %d passed to non HTTPS daemon\n",
+ opt);
}
else
{
@@ -952,7 +983,7 @@
#if HTTPS_SUPPORT
/* initialize HTTPS daemon certificate aspects & send / recv functions */
- if (options & MHD_USE_SSL && MHD_NO == MHD_TLS_init (retVal))
+ if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0)
{
#if HAVE_MESSAGES
MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
@@ -985,20 +1016,246 @@
unsigned short port,
MHD_AcceptPolicyCallback apc,
void *apc_cls,
- MHD_AccessHandlerCallback dh, void *dh_cls, ...){
+ MHD_AccessHandlerCallback dh, void *dh_cls, ...)
+{
+ const int on = 1;
+ struct MHD_Daemon *retVal;
- int ret;
- va_list ap;
- va_start (ap, dh_cls);
- ret = MHD_start_daemon_va (options,
- port,
- apc,
- apc_cls,
- dh, dh_cls, ap);
- va_end (ap);
- return ret;
+ /* listeningss sockets used by the daemon */
+ int socket_fd;
+ va_list ap;
+
+ struct sockaddr_in servaddr4;
+ struct sockaddr_in6 servaddr6;
+ const struct sockaddr *servaddr;
+ socklen_t addrlen;
+ enum MHD_OPTION opt;
+
+ if ((port == 0) || (dh == NULL))
+ return NULL;
+ if ((options & MHD_USE_IPv6) != 0)
+ socket_fd = SOCKET (PF_INET6, SOCK_STREAM, 0);
+ else
+ socket_fd = SOCKET (PF_INET, SOCK_STREAM, 0);
+ if (socket_fd < 0)
+ {
+#if HAVE_MESSAGES
+ if ((options & MHD_USE_DEBUG) != 0)
+ fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno));
+#endif
+ return NULL;
+ }
+ if ((SETSOCKOPT (socket_fd,
+ SOL_SOCKET,
+ SO_REUSEADDR,
+ &on, sizeof (on)) < 0) && (options & MHD_USE_DEBUG) != 0)
+ {
+#if HAVE_MESSAGES
+ fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno));
+#endif
+ }
+ if ((options & MHD_USE_IPv6) != 0)
+ {
+ memset (&servaddr6, 0, sizeof (struct sockaddr_in6));
+ servaddr6.sin6_family = AF_INET6;
+ servaddr6.sin6_port = htons (port);
+ servaddr = (struct sockaddr *) &servaddr6;
+ addrlen = sizeof (struct sockaddr_in6);
+ }
+ else
+ {
+ memset (&servaddr4, 0, sizeof (struct sockaddr_in));
+ servaddr4.sin_family = AF_INET;
+ servaddr4.sin_port = htons (port);
+ servaddr = (struct sockaddr *) &servaddr4;
+ addrlen = sizeof (struct sockaddr_in);
+ }
+ if (BIND (socket_fd, servaddr, addrlen) < 0)
+ {
+#if HAVE_MESSAGES
+ if ((options & MHD_USE_DEBUG) != 0)
+ fprintf (stderr,
+ "Failed to bind to port %u: %s\n", port, STRERROR (errno));
+#endif
+ CLOSE (socket_fd);
+ return NULL;
+ }
+ if (LISTEN (socket_fd, 20) < 0)
+ {
+#if HAVE_MESSAGES
+ if ((options & MHD_USE_DEBUG) != 0)
+ fprintf (stderr,
+ "Failed to listen for connections: %s\n", STRERROR (errno));
+#endif
+ CLOSE (socket_fd);
+ return NULL;
+ }
+
+ /* allocate the mhd daemon */
+
+ retVal = malloc (sizeof (struct MHD_Daemon));
+
+ if (retVal == NULL)
+ {
+ CLOSE (socket_fd);
+ return NULL;
+ }
+
+ memset (retVal, 0, sizeof (struct MHD_Daemon));
+ retVal->options = options;
+ retVal->port = port;
+ retVal->apc = apc;
+ retVal->apc_cls = apc_cls;
+ retVal->socket_fd = socket_fd;
+ retVal->default_handler = dh;
+ retVal->default_handler_cls = dh_cls;
+ retVal->max_connections = MHD_MAX_CONNECTIONS_DEFAULT;
+ retVal->pool_size = MHD_POOL_SIZE_DEFAULT;
+ retVal->connection_timeout = 0; /* no timeout */
+#if HTTPS_SUPPORT
+ if (options & MHD_USE_SSL)
+ {
+ /* lock gnutls_global mutex since it uses reference counting */
+ pthread_mutex_lock (&gnutls_init_mutex);
+ gnutls_global_init ();
+ pthread_mutex_unlock (&gnutls_init_mutex);
+ /* set default priorities */
+ gnutls_priority_init (&retVal->priority_cache, "", NULL);
+ retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
+ }
+#endif
+ /* initializes the argument pointer variable */
+
+ va_start (ap, dh_cls);
+
+ /*
+ * loop through daemon options
+ */
+ while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION)))
+ {
+ switch (opt)
+ {
+ case MHD_OPTION_CONNECTION_MEMORY_LIMIT:
+ retVal->pool_size = va_arg (ap, unsigned int);
+ break;
+ case MHD_OPTION_CONNECTION_LIMIT:
+ retVal->max_connections = va_arg (ap, unsigned int);
+ break;
+ case MHD_OPTION_CONNECTION_TIMEOUT:
+ retVal->connection_timeout = va_arg (ap, unsigned int);
+ break;
+ case MHD_OPTION_NOTIFY_COMPLETED:
+ retVal->notify_completed =
+ va_arg (ap, MHD_RequestCompletedCallback);
+ retVal->notify_completed_cls = va_arg (ap, void *);
+ break;
+ case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
+ retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
+ break;
+#if HTTPS_SUPPORT
+ case MHD_OPTION_PROTOCOL_VERSION:
+ _set_priority (&retVal->priority_cache->protocol,
+ va_arg (ap, const int *));
+ break;
+ case MHD_OPTION_HTTPS_KEY_PATH:
+ retVal->https_key_path = va_arg (ap, const char *);
+ break;
+ case MHD_OPTION_HTTPS_CERT_PATH:
+ retVal->https_cert_path = va_arg (ap, const char *);
+ break;
+ case MHD_OPTION_HTTPS_MEM_KEY:
+ retVal->https_mem_key = va_arg (ap, const char *);
+ break;
+ case MHD_OPTION_HTTPS_MEM_CERT:
+ retVal->https_mem_cert = va_arg (ap, const char *);
+ break;
+ case MHD_OPTION_CRED_TYPE:
+ retVal->cred_type = va_arg (ap, const int);
+ break;
+ case MHD_OPTION_KX_PRIORITY:
+ _set_priority (&retVal->priority_cache->kx,
+ va_arg (ap, const int *));
+ break;
+ case MHD_OPTION_CIPHER_ALGORITHM:
+ _set_priority (&retVal->priority_cache->cipher,
+ va_arg (ap, const int *));
+ break;
+ case MHD_OPTION_MAC_ALGO:
+ _set_priority (&retVal->priority_cache->mac,
+ va_arg (ap, const int *));
+ break;
+#endif
+ default:
+#if HAVE_MESSAGES
+ if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END)
+ {
+ fprintf (stderr,
+ "Error: HTTPS option %d passed to non HTTPS daemon\n",
+ opt);
+ }
+ else
+ {
+ fprintf (stderr,
+ "Invalid MHD_OPTION argument! (Did you terminate the
list with MHD_OPTION_END?)\n");
+ }
+#endif
+ abort ();
+ }
+ }
+ va_end (ap);
+
+ /* initialize HTTPS daemon certificate aspects & send / recv functions */
+ if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
+#endif
+ free (retVal);
+ return NULL;
+ }
+
+ if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options
+ &
+
MHD_USE_SELECT_INTERNALLY)))
+ && (0 !=
+ pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal)))
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (retVal, "Failed to create listen thread: %s\n",
+ STRERROR (errno));
+#endif
+ free (retVal);
+ CLOSE (socket_fd);
+ return NULL;
+ }
+
+ return retVal;
}
+
+/*
+ * start the MHD_Daemon while binding to a specific ip address.
+ *
+ * TODO : address adding ip parameter to MHD_start_daemon
+ */
+struct MHD_Daemon *
+MHD_start_daemon_ip (unsigned int options,
+ unsigned short port, char *ip,
+ MHD_AcceptPolicyCallback apc,
+ void *apc_cls,
+ MHD_AccessHandlerCallback dh, void *dh_cls, ...)
+{
+
+ gnutls_global_set_log_level (5);
+
+ struct MHD_Daemon *ret;
+ va_list ap;
+ va_start (ap, dh_cls);
+ ret = MHD_start_daemon_va (options, port, ip, apc, apc_cls, dh, dh_cls, ap);
+ va_end (ap);
+ return ret;
+}
+
/**
* Start a webserver on the given port.
*
@@ -1066,7 +1323,10 @@
{
gnutls_priority_deinit (daemon->priority_cache);
- gnutls_certificate_free_credentials (daemon->x509_cret);
+ if (daemon->x509_cred)
+ gnutls_certificate_free_credentials (daemon->x509_cred);
+ if (daemon->anon_cred)
+ gnutls_anon_free_server_credentials (daemon->anon_cred);
/* lock gnutls_global mutex since it uses reference counting */
pthread_mutex_lock (&gnutls_init_mutex);
Modified: libmicrohttpd/src/daemon/https/tls/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -43,7 +43,6 @@
gnutls_compress_int.c \
gnutls_constate.c \
gnutls_datum.c \
-gnutls_db.c \
gnutls_dh.c \
gnutls_dh_primes.c \
gnutls_errors.c \
Modified: libmicrohttpd/src/daemon/https/tls/auth_cert.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/auth_cert.h 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/auth_cert.h 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -34,6 +34,7 @@
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
+
typedef struct gnutls_certificate_credentials_st
{
gnutls_dh_params_t dh_params;
@@ -45,7 +46,7 @@
gnutls_cert **cert_list;
/* contains a list of a list of certificates.
- * eg (X509): [0] certificate1, certificate11, certificate111
+ * eg (X509): [0] certificate1, certificate11, certificate111
* (if more than one, one certificate certifies the one before)
* [1] certificate2, certificate22, ...
*/
@@ -75,14 +76,14 @@
/* X509 specific stuff */
gnutls_x509_crt_t *x509_ca_list;
- unsigned x509_ncas; /* number of CAs in the ca_list
+ unsigned x509_ncas; /* number of CAs in the ca_list
*/
gnutls_x509_crl_t *x509_crl_list;
- unsigned x509_ncrls; /* number of CRLs in the crl_list
+ unsigned x509_ncrls; /* number of CRLs in the crl_list
*/
- unsigned int verify_flags; /* flags to be used at
+ unsigned int verify_flags; /* flags to be used at
* certificate verification.
*/
unsigned int verify_depth;
Modified: libmicrohttpd/src/daemon/https/tls/ext_cert_type.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/ext_cert_type.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/ext_cert_type.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -150,10 +150,10 @@
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
- if (session->internals.priorities.cert_type.algorithms > 0)
+ if (session->internals.priorities.cert_type.num_algorithms > 0)
{
- len = session->internals.priorities.cert_type.algorithms;
+ len = session->internals.priorities.cert_type.num_algorithms;
if (len == 1 &&
session->internals.priorities.cert_type.priority[0] ==
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_alert.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_alert.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_alert.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -148,7 +148,7 @@
* alert should be sent to the peer indicating that no renegotiation will
* be performed.
*
- * If there is no mapping to a valid alert the alert to indicate internal
error
+ * If there is no mapping to a valid alert the alert to indicate internal
error
* is returned.
*
**/
@@ -163,7 +163,7 @@
/* GNUTLS_A_DECRYPTION_FAILED is not sent, because
* it is not defined in SSL3. Note that we must
* not distinguish Decryption failures from mac
- * check failures, due to the possibility of some
+ * check failures, due to the possibility of some
* attacks.
*/
ret = GNUTLS_A_BAD_RECORD_MAC;
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -767,7 +767,7 @@
gnutls_mac_algorithm_t algorithm)
{ /* actually returns the priority */
unsigned int i;
- for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++)
{
if (session->internals.priorities.mac.priority[i] == algorithm)
return i;
@@ -893,7 +893,7 @@
gnutls_compression_method_t algorithm)
{ /* actually returns the priority */
unsigned int i;
- for (i = 0; i < session->internals.priorities.compression.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.compression.num_algorithms;
i++)
{
if (session->internals.priorities.compression.priority[i] == algorithm)
return i;
@@ -1040,7 +1040,7 @@
gnutls_cipher_algorithm_t algorithm)
{
unsigned int i;
- for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++)
{
if (session->internals.priorities.cipher.priority[i] == algorithm)
return i;
@@ -1176,7 +1176,7 @@
gnutls_kx_algorithm_t algorithm)
{
unsigned int i;
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++)
{
if (session->internals.priorities.kx.priority[i] == algorithm)
return i;
@@ -1276,7 +1276,7 @@
return -1;
}
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] == version)
return i;
@@ -1294,7 +1294,7 @@
return MHD_GNUTLS_VERSION_UNKNOWN;
}
else
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] < min)
min = session->internals.priorities.protocol.priority[i];
@@ -1316,7 +1316,7 @@
return MHD_GNUTLS_VERSION_UNKNOWN;
}
else
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
{
if (session->internals.priorities.protocol.priority[i] > max)
max = session->internals.priorities.protocol.priority[i];
@@ -1886,7 +1886,7 @@
/* returns the TLS numbers of the compression methods we support
*/
-#define SUPPORTED_COMPRESSION_METHODS
session->internals.priorities.compression.algorithms
+#define SUPPORTED_COMPRESSION_METHODS
session->internals.priorities.compression.num_algorithms
int
_gnutls_supported_compression_methods (gnutls_session_t session,
uint8_t ** comp)
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_anon_cred.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_anon_cred.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_anon_cred.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -62,8 +62,9 @@
gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
sc)
{
-
*sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
return 0;
}
Deleted: libmicrohttpd/src/daemon/https/tls/gnutls_db.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_db.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_db.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -1,386 +0,0 @@
-/*
- * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains functions that manipulate a database backend
- * for resumed sessions.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-// #include "gnutls_session.h"
-#include <gnutls_db.h>
-#include "debug.h"
-#include <gnutls_session_pack.h>
-#include <gnutls_datum.h>
-
-/**
- * gnutls_db_set_retrieve_function - Sets the function that will be used to
get data
- * @session: is a #gnutls_session_t structure.
- * @retr_func: is the function.
- *
- * Sets the function that will be used to retrieve data from the resumed
- * sessions database. This function must return a gnutls_datum_t containing
the
- * data on success, or a gnutls_datum_t containing null and 0 on failure.
- *
- * The datum's data must be allocated using the function
- * gnutls_malloc().
- *
- * The first argument to retr_func() will be null unless gnutls_db_set_ptr()
- * has been called.
- *
- **/
-void
-gnutls_db_set_retrieve_function (gnutls_session_t session,
- gnutls_db_retr_func retr_func)
-{
- session->internals.db_retrieve_func = retr_func;
-}
-
-/**
- * gnutls_db_set_remove_function - Sets the function that will be used to
remove data
- * @session: is a #gnutls_session_t structure.
- * @rem_func: is the function.
- *
- * Sets the function that will be used to remove data from the resumed
- * sessions database. This function must return 0 on success.
- *
- * The first argument to rem_func() will be null unless gnutls_db_set_ptr()
- * has been called.
- *
- **/
-void
-gnutls_db_set_remove_function (gnutls_session_t session,
- gnutls_db_remove_func rem_func)
-{
- session->internals.db_remove_func = rem_func;
-}
-
-/**
- * gnutls_db_set_store_function - Sets the function that will be used to put
data
- * @session: is a #gnutls_session_t structure.
- * @store_func: is the function
- *
- * Sets the function that will be used to store data from the resumed
- * sessions database. This function must remove 0 on success.
- *
- * The first argument to store_func() will be null unless gnutls_db_set_ptr()
- * has been called.
- *
- **/
-void
-gnutls_db_set_store_function (gnutls_session_t session,
- gnutls_db_store_func store_func)
-{
- session->internals.db_store_func = store_func;
-}
-
-/**
- * gnutls_db_set_ptr - Sets a pointer to be sent to db functions
- * @session: is a #gnutls_session_t structure.
- * @ptr: is the pointer
- *
- * Sets the pointer that will be provided to db store, retrieve and delete
functions, as
- * the first argument.
- *
- **/
-void
-gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
-{
- session->internals.db_ptr = ptr;
-}
-
-/**
- * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
- * @session: is a #gnutls_session_t structure.
- *
- * Returns the pointer that will be sent to db store, retrieve and delete
functions, as
- * the first argument.
- *
- **/
-void *
-gnutls_db_get_ptr (gnutls_session_t session)
-{
- return session->internals.db_ptr;
-}
-
-/**
- * gnutls_db_set_cache_expiration - Sets the expiration time for resumed
sessions.
- * @session: is a #gnutls_session_t structure.
- * @seconds: is the number of seconds.
- *
- * Sets the expiration time for resumed sessions. The default is 3600 (one
hour)
- * at the time writing this.
- **/
-void
-gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
-{
- session->internals.expire_time = seconds;
-}
-
-/**
- * gnutls_db_check_entry - checks if the given db entry has expired
- * @session: is a #gnutls_session_t structure.
- * @session_entry: is the session data (not key)
- *
- * This function returns GNUTLS_E_EXPIRED, if the database entry
- * has expired or 0 otherwise. This function is to be used when
- * you want to clear unnesessary session which occupy space in your
- * backend.
- *
- **/
-int
-gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
-{
- time_t timestamp;
-
- timestamp = time (0);
-
- if (session_entry.data != NULL)
- if (timestamp -
- ((security_parameters_st *) (session_entry.data))->timestamp <=
- session->internals.expire_time
- || ((security_parameters_st *) (session_entry.data))->
- timestamp > timestamp
- || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
- return GNUTLS_E_EXPIRED;
-
- return 0;
-}
-
-/* The format of storing data is:
- * (forget it). Check gnutls_session_pack.c
- */
-int
-_gnutls_server_register_current_session (gnutls_session_t session)
-{
- gnutls_datum_t key;
- gnutls_datum_t content;
- int ret = 0;
-
- key.data = session->security_parameters.session_id;
- key.size = session->security_parameters.session_id_size;
-
- if (session->internals.resumable == RESUME_FALSE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session->security_parameters.session_id == NULL
- || session->security_parameters.session_id_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
-/* copy data */
- ret = _gnutls_session_pack (session, &content);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = _gnutls_store_session (session, key, content);
- _gnutls_free_datum (&content);
-
- return ret;
-}
-
-/* Checks if both db_store and db_retrieve functions have
- * been set up.
- */
-static int
-_gnutls_db_func_is_ok (gnutls_session_t session)
-{
- if (session->internals.db_store_func != NULL &&
- session->internals.db_retrieve_func != NULL &&
- session->internals.db_remove_func != NULL)
- return 0;
- else
- return GNUTLS_E_DB_ERROR;
-}
-
-
-int
-_gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id, int session_id_size)
-{
- gnutls_datum_t data;
- gnutls_datum_t key;
- int ret;
-
- key.data = session_id;
- key.size = session_id_size;
-
- if (_gnutls_db_func_is_ok (session) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- data = _gnutls_retrieve_session (session, key);
-
- if (data.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- /* expiration check is performed inside */
- ret = gnutls_session_set_data (session, data.data, data.size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- gnutls_free (data.data);
-
- return 0;
-}
-
-int
-_gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
- int session_id_size)
-{
- gnutls_datum_t key;
-
- key.data = session_id;
- key.size = session_id_size;
-
- return _gnutls_remove_session (session, key);
-}
-
-
-/* Stores session data to the db backend.
- */
-int
-_gnutls_store_session (gnutls_session_t session,
- gnutls_datum_t session_id, gnutls_datum_t session_data)
-{
- int ret = 0;
-
- if (session->internals.resumable == RESUME_FALSE)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (_gnutls_db_func_is_ok (session) != 0)
- {
- return GNUTLS_E_DB_ERROR;
- }
-
- if (session_id.data == NULL || session_id.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
-
- if (session_data.data == NULL || session_data.size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_SESSION;
- }
- /* if we can't read why bother writing? */
-
- if (session->internals.db_store_func != NULL)
- ret =
- session->internals.db_store_func (session->internals.db_ptr,
- session_id, session_data);
-
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
-
-}
-
-/* Retrieves session data from the db backend.
- */
-gnutls_datum_t
-_gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id)
-{
- gnutls_datum_t ret = { NULL, 0 };
-
- if (session_id.data == NULL || session_id.size == 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (session->internals.db_retrieve_func != NULL)
- ret =
- session->internals.db_retrieve_func (session->internals.db_ptr,
- session_id);
-
- return ret;
-
-}
-
-/* Removes session data from the db backend.
- */
-int
-_gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id)
-{
- int ret = 0;
-
- if (_gnutls_db_func_is_ok (session) != 0)
- {
- return GNUTLS_E_DB_ERROR;
- }
-
- if (session_id.data == NULL || session_id.size == 0)
- return GNUTLS_E_INVALID_SESSION;
-
- /* if we can't read why bother writing? */
- if (session->internals.db_remove_func != NULL)
- ret =
- session->internals.db_remove_func (session->internals.db_ptr,
- session_id);
-
- return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
-
-}
-
-/**
- * gnutls_db_remove_session - This function will remove the current session
data from the database
- * @session: is a #gnutls_session_t structure.
- *
- * This function will remove the current session data from the session
- * database. This will prevent future handshakes reusing these session
- * data. This function should be called if a session was terminated
- * abnormally, and before gnutls_deinit() is called.
- *
- * Normally gnutls_deinit() will remove abnormally terminated sessions.
- *
- **/
-void
-gnutls_db_remove_session (gnutls_session_t session)
-{
- /* if the session has failed abnormally it has
- * to be removed from the db
- */
- _gnutls_db_remove_session (session,
- session->security_parameters.session_id,
- session->security_parameters.session_id_size);
-}
Deleted: libmicrohttpd/src/daemon/https/tls/gnutls_db.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_db.h 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_db.h 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int _gnutls_server_register_current_session (gnutls_session_t session);
-int _gnutls_server_restore_session (gnutls_session_t session,
- uint8_t * session_id,
- int session_id_size);
-int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
- int session_id_size);
-int _gnutls_store_session (gnutls_session_t session,
- gnutls_datum_t session_id,
- gnutls_datum_t session_data);
-gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session,
- gnutls_datum_t session_id);
-int _gnutls_remove_session (gnutls_session_t session,
- gnutls_datum_t session_id);
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -37,7 +37,6 @@
#include "gnutls_handshake.h"
#include "gnutls_num.h"
#include "gnutls_hash_int.h"
-#include "gnutls_db.h"
#include "gnutls_extensions.h"
#include "gnutls_supplemental.h"
#include "gnutls_auth_int.h"
@@ -338,7 +337,7 @@
int datalen)
{
uint8_t session_id_len;
- int pos = 0, ret;
+ int pos = 0, ret = 0;
uint16_t suite_size, comp_size;
gnutls_protocol_t adv_version;
int neg_version;
@@ -383,10 +382,10 @@
}
DECR_LEN (len, session_id_len);
- ret = _gnutls_server_restore_session (session, &data[pos], session_id_len);
pos += session_id_len;
- if (ret == 0)
+ /* TODO rm if support for resumed sessions won't be supported */
+ if (0)
{ /* resumed! */
resume_copy_required_values (session);
session->internals.resumed = RESUME_TRUE;
@@ -2647,12 +2646,6 @@
IMED_RET ("recv handshake final 2", ret);
}
- if (session->security_parameters.entity == GNUTLS_SERVER)
- {
- /* in order to support session resuming */
- _gnutls_server_register_current_session (session);
- }
-
/* clear handshake buffer */
_gnutls_handshake_hash_buffers_clear (session);
return ret;
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_int.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_int.h 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_int.h 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -380,7 +380,7 @@
typedef struct
{
unsigned int priority[MAX_ALGOS];
- unsigned int algorithms;
+ unsigned int num_algorithms;
} priority_st;
/* For the external api */
@@ -391,6 +391,8 @@
priority_st kx;
priority_st compression;
priority_st protocol;
+
+ /* certificate type : x509, OpenPGP, etc. */
priority_st cert_type;
/* to disable record padding */
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_priority.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_priority.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_priority.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -56,7 +56,7 @@
num++;
if (num > MAX_ALGOS)
num = MAX_ALGOS;
- session->internals.priorities.cipher.algorithms = num;
+ session->internals.priorities.cipher.num_algorithms = num;
for (i = 0; i < num; i++)
{
@@ -75,7 +75,7 @@
num++;
if (num > MAX_ALGOS)
num = MAX_ALGOS;
- st->algorithms = num;
+ st->num_algorithms = num;
for (i = 0; i < num; i++)
{
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_record.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_record.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_record.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -35,7 +35,6 @@
#include "gnutls_hash_int.h"
#include "gnutls_cipher_int.h"
#include "gnutls_algorithms.h"
-#include "gnutls_db.h"
#include "gnutls_auth_int.h"
#include "gnutls_num.h"
#include "gnutls_record.h"
@@ -289,7 +288,7 @@
return 0;
}
-/* Copies the record version into the headers. The
+/* Copies the record version into the headers. The
* version must have 2 bytes at least.
*/
inline static void
@@ -316,7 +315,7 @@
/* This function behaves exactly like write(). The only difference is
* that it accepts, the gnutls_session_t and the content_type_t of data to
* send (if called by the user the Content is specific)
- * It is intended to transfer data, under the current session.
+ * It is intended to transfer data, under the current session.
*
* Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
* This makes the function much easier to read, and more error resistant
@@ -376,7 +375,7 @@
else
data2send_size = sizeofdata;
- /* Only encrypt if we don't have data to send
+ /* Only encrypt if we don't have data to send
* from the previous run. - probably interrupted.
*/
if (session->internals.record_send_buffer.length > 0)
@@ -469,7 +468,7 @@
return retval;
}
-/* This function is to be called if the handshake was successfully
+/* This function is to be called if the handshake was successfully
* completed. This sends a Change Cipher Spec packet to the peer.
*/
ssize_t
@@ -556,8 +555,8 @@
uint16_t * length, uint16_t * header_size)
{
- /* Read the first two bytes to determine if this is a
- * version 2 message
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
*/
if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
@@ -565,7 +564,7 @@
{
/* if msb set and expecting handshake message
- * it should be SSL 2 hello
+ * it should be SSL 2 hello
*/
version[0] = 3; /* assume SSL 3.0 */
version[1] = 0;
@@ -593,7 +592,7 @@
version[0] = headers[1];
version[1] = headers[2];
- /* No DECR_LEN, since headers has enough size.
+ /* No DECR_LEN, since headers has enough size.
*/
*length = _gnutls_read_uint16 (&headers[3]);
}
@@ -676,7 +675,7 @@
*/
if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
{
- /* If we have been expecting for an alert do
+ /* If we have been expecting for an alert do
*/
session->internals.read_eof = 1;
return GNUTLS_E_INT_RET_0; /* EOF */
@@ -911,7 +910,7 @@
}
/* Here we check if the Type of the received packet is
- * ok.
+ * ok.
*/
if ((ret = check_recv_type (recv_type)) < 0)
{
@@ -952,7 +951,7 @@
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
- /* check if we have that data into buffer.
+ /* check if we have that data into buffer.
*/
if ((ret = _gnutls_io_read_buffered (session, &recv_data,
header_size + length, recv_type))
@@ -1017,7 +1016,7 @@
read_sequence_number),
_gnutls_packet2str (recv_type), recv_type, decrypted_length);
- /* increase sequence number
+ /* increase sequence number
*/
if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0)
{
@@ -1037,7 +1036,7 @@
return ret;
}
- /* Get Application data from buffer
+ /* Get Application data from buffer
*/
if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type
== GNUTLS_HANDSHAKE
@@ -1051,7 +1050,7 @@
return ret;
}
- /* if the buffer just got empty
+ /* if the buffer just got empty
*/
if (_gnutls_record_buffer_get_size (type, session) == 0)
{
@@ -1066,11 +1065,11 @@
{
gnutls_assert ();
return GNUTLS_E_UNEXPECTED_PACKET;
- /* we didn't get what we wanted to
+ /* we didn't get what we wanted to
*/
}
- /* (originally for) TLS 1.0 CBC protection.
+ /* (originally for) TLS 1.0 CBC protection.
* Actually this code is called if we just received
* an empty packet. An empty TLS packet is usually
* sent to protect some vulnerabilities in the CBC mode.
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_session.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_session.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_session.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -24,7 +24,7 @@
#include "gnutls_int.h"
#include "gnutls_errors.h"
#include "debug.h"
-#include <gnutls_session_pack.h>
+#include "gnutls_session_pack.h"
#include <gnutls_datum.h>
/**
@@ -123,10 +123,10 @@
*
* Returns the current session id. This can be used if you want to check if
* the next session you tried to resume was actually resumed.
- * This is because resumed sessions have the same sessionID with the
+ * This is because resumed sessions have the same sessionID with the
* original session.
*
- * Session id is some data set by the server, that identify the current
session.
+ * Session id is some data set by the server, that identify the current
session.
* In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
*
* Returns zero on success.
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_session_pack.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_session_pack.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_session_pack.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -54,7 +54,170 @@
static int pack_security_parameters (gnutls_session_t session,
gnutls_datum_t * packed_session);
+/* Packs the ANON session authentication data. */
+#ifdef ENABLE_ANON
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the whole structure
+ * 2 bytes the size of secret key in bits
+ * 4 bytes the size of the prime
+ * x bytes the prime
+ * 4 bytes the size of the generator
+ * x bytes the generator
+ * 4 bytes the size of the public key
+ * x bytes the public key
+ */
+static int
+pack_anon_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session)
+{
+ anon_auth_info_t info = _gnutls_get_auth_info (session);
+ int pos = 0;
+ size_t pack_size;
+
+ if (info)
+ pack_size = 2 + 4 * 3 + info->dh.prime.size +
+ info->dh.generator.size + info->dh.public_key.size;
+ else
+ pack_size = 0;
+
+ packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
+
+ /* calculate the size and allocate the data.
+ */
+ packed_session->data =
+ gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
+
+ if (packed_session->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
+ _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
+ pos += 4 + PACK_HEADER_SIZE;
+
+ if (pack_size > 0)
+ {
+ _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
+ pos += 2;
+
+ _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
+ pos += 4 + info->dh.prime.size;
+ _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
+ pos += 4 + info->dh.generator.size;
+ _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
+ pos += 4 + info->dh.public_key.size;
+
+ }
+
+ return 0;
+}
+
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the whole structure
+ * 2 bytes the size of secret key in bits
+ * 4 bytes the size of the prime
+ * x bytes the prime
+ * 4 bytes the size of the generator
+ * x bytes the generator
+ * 4 bytes the size of the public key
+ * x bytes the public key
+ */
+static int
+unpack_anon_auth_info (gnutls_session_t session,
+ const gnutls_datum_t * packed_session)
+{
+ size_t pack_size;
+ int pos = 0, size, ret;
+ anon_auth_info_t info;
+
+ if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
+ pos += PACK_HEADER_SIZE + 4;
+
+
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
+
+ /* a simple check for integrity */
+ if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* client and serer have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
+ sizeof (anon_auth_info_st), 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
+ pos += 2;
+
+ size = _gnutls_read_uint32 (&packed_session->data[pos]);
+ pos += 4;
+ ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ pos += size;
+
+ size = _gnutls_read_uint32 (&packed_session->data[pos]);
+ pos += 4;
+ ret =
+ _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ pos += size;
+
+ size = _gnutls_read_uint32 (&packed_session->data[pos]);
+ pos += 4;
+ ret =
+ _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
+ size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ pos += size;
+
+ return 0;
+
+error:
+ _gnutls_free_datum (&info->dh.prime);
+ _gnutls_free_datum (&info->dh.generator);
+ _gnutls_free_datum (&info->dh.public_key);
+ return ret;
+}
+#endif /* ANON */
+
/* Since auth_info structures contain malloced data, this function
* is required in order to pack these structures in a vector in
* order to store them to the DB.
@@ -121,7 +284,7 @@
}
- /* Auth_info structures copied. Now copy security_parameters_st.
+ /* Auth_info structures copied. Now copy security_parameters_st.
* packed_session must have allocated space for the security parameters.
*/
ret = pack_security_parameters (session, packed_session);
@@ -201,7 +364,7 @@
}
- /* Auth_info structures copied. Now copy security_parameters_st.
+ /* Auth_info structures copied. Now copy security_parameters_st.
* packed_session must have allocated space for the security parameters.
*/
ret = unpack_security_parameters (session, packed_session);
@@ -477,7 +640,7 @@
/* Packs the SRP session authentication data.
*/
-/* Format:
+/* Format:
* 1 byte the credentials type
* 4 bytes the size of the SRP username (x)
* x bytes the SRP username
@@ -569,167 +732,12 @@
#endif
-#ifdef ENABLE_ANON
-/* Packs the ANON session authentication data.
- */
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the whole structure
- * 2 bytes the size of secret key in bits
- * 4 bytes the size of the prime
- * x bytes the prime
- * 4 bytes the size of the generator
- * x bytes the generator
- * 4 bytes the size of the public key
- * x bytes the public key
- */
-static int
-pack_anon_auth_info (gnutls_session_t session,
- gnutls_datum_t * packed_session)
-{
- anon_auth_info_t info = _gnutls_get_auth_info (session);
- int pos = 0;
- size_t pack_size;
-
- if (info)
- pack_size = 2 + 4 * 3 + info->dh.prime.size +
- info->dh.generator.size + info->dh.public_key.size;
- else
- pack_size = 0;
-
- packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
- /* calculate the size and allocate the data.
- */
- packed_session->data =
- gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
- if (packed_session->data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
- _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
- pos += 4 + PACK_HEADER_SIZE;
-
- if (pack_size > 0)
- {
- _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
- pos += 2;
-
- _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
- pos += 4 + info->dh.prime.size;
- _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
- pos += 4 + info->dh.generator.size;
- _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
- pos += 4 + info->dh.public_key.size;
-
- }
-
- return 0;
-}
-
-
-static int
-unpack_anon_auth_info (gnutls_session_t session,
- const gnutls_datum_t * packed_session)
-{
- size_t pack_size;
- int pos = 0, size, ret;
- anon_auth_info_t info;
-
- if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
- pos += PACK_HEADER_SIZE + 4;
-
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* a simple check for integrity */
- if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* client and serer have the same auth_info here
- */
- ret =
- _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = _gnutls_get_auth_info (session);
- if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- size = _gnutls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = _gnutls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = _gnutls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto error;
- }
- pos += size;
-
- return 0;
-
-error:
- _gnutls_free_datum (&info->dh.prime);
- _gnutls_free_datum (&info->dh.generator);
- _gnutls_free_datum (&info->dh.public_key);
- return ret;
-}
-#endif /* ANON */
-
#ifdef ENABLE_PSK
/* Packs the PSK session authentication data.
*/
-/* Format:
+/* Format:
* 1 byte the credentials type
* 4 bytes the size of the whole structure
* 4 bytes the size of the PSK username (x)
@@ -909,7 +917,7 @@
/* Packs the security parameters.
*/
-/* Format:
+/* Format:
* 4 bytes the total security data size
* 1 byte the entity type (client/server)
* 1 byte the key exchange algorithm used
@@ -947,7 +955,7 @@
*
* 2 bytes the number of server name extensions (up to
MAX_SERVER_NAME_EXTENSIONS)
* 1 byte the first name type
- * 2 bytes the size of the first name
+ * 2 bytes the size of the first name
* x bytes the first name (MAX_SERVER_NAME_SIZE)
* and so on...
*
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_state.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_state.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_state.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -32,7 +32,6 @@
#include <gnutls_auth_int.h>
#include <gnutls_num.h>
#include <gnutls_datum.h>
-#include <gnutls_db.h>
#include <gnutls_record.h>
#include <gnutls_handshake.h>
#include <gnutls_dh.h>
@@ -154,11 +153,11 @@
}
}
- if (session->internals.priorities.cert_type.algorithms == 0 && cert_type
+ if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type
== DEFAULT_CERT_TYPE)
return 0;
- for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
+ for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++)
{
if (session->internals.priorities.cert_type.priority[i] == cert_type)
{
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_x509.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_x509.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_x509.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -93,9 +93,9 @@
* _gnutls_x509_cert_verify_peers - This function returns the peer's
certificate status
* @session: is a gnutls session
*
- * This function will try to verify the peer's certificate and return its
status (TRUSTED, REVOKED etc.).
+ * This function will try to verify the peer's certificate and return its
status (TRUSTED, REVOKED etc.).
* The return value (status) should be one of the gnutls_certificate_status_t
enumerated elements.
- * However you must also check the peer's name in order to check if the
verified certificate belongs to the
+ * However you must also check the peer's name in order to check if the
verified certificate belongs to the
* actual peer. Returns a negative error code in case of an error, or
GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
*
-*/
@@ -178,7 +178,7 @@
}
- /* Verify certificate
+ /* Verify certificate
*/
ret =
gnutls_x509_crt_list_verify (peer_certificate_list,
@@ -522,7 +522,7 @@
}
_gnutls_free_datum (&tmp); /* free ptr2 */
- /* now we move ptr after the pem header
+ /* now we move ptr after the pem header
*/
ptr++;
/* find the next certificate (if any)
@@ -794,18 +794,18 @@
* @key: is the private key, or %NULL
* @type: is PEM or DER
*
- * This function sets a certificate/private key pair in the
+ * This function sets a certificate/private key pair in the
* gnutls_certificate_credentials_t structure. This function may be called
* more than once (in case multiple keys/certificates exist for the
* server).
*
- * Currently are supported: RSA PKCS-1 encoded private keys,
+ * Currently are supported: RSA PKCS-1 encoded private keys,
* DSA private keys.
*
* DSA private keys are encoded the OpenSSL way, which is an ASN.1
* DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
*
- * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
+ * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
* is supported. This means that certificates intended for signing cannot
* be used for ciphersuites that require encryption.
*
@@ -825,7 +825,7 @@
{
int ret;
- /* this should be first
+ /* this should be first
*/
if ((ret = read_key_mem (res, key ? key->data : NULL,
key ? key->size : 0, type)) < 0)
@@ -867,7 +867,7 @@
{
int ret, i;
- /* this should be first
+ /* this should be first
*/
res->pkey =
@@ -956,7 +956,7 @@
{
int ret;
- /* this should be first
+ /* this should be first
*/
if ((ret = read_key_file (res, KEYFILE, type)) < 0)
return ret;
@@ -983,7 +983,7 @@
unsigned size, i;
opaque *pdata;
- /* Generate the RDN sequence
+ /* Generate the RDN sequence
* This will be sent to clients when a certificate
* request message is sent.
*/
@@ -1036,11 +1036,8 @@
return 0;
}
-
-
-
-/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
- * certificate (uses the KeyUsage field).
+/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
+ * certificate (uses the KeyUsage field).
*/
int
_gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg)
@@ -1158,7 +1155,7 @@
return ret;
}
- /* now we move ptr after the pem header
+ /* now we move ptr after the pem header
*/
ptr++;
size--;
@@ -1452,7 +1449,7 @@
return ret;
}
- /* now we move ptr after the pem header
+ /* now we move ptr after the pem header
*/
ptr++;
/* find the next certificate (if any)
Modified: libmicrohttpd/src/daemon/https/x509/pkcs12.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/pkcs12.h 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/daemon/https/x509/pkcs12.h 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -23,7 +23,6 @@
*/
/* TODO clean */
-
#ifndef GNUTLS_PKCS12_H
#define GNUTLS_PKCS12_H
Modified: libmicrohttpd/src/daemon/internal.h
===================================================================
--- libmicrohttpd/src/daemon/internal.h 2008-08-06 16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/daemon/internal.h 2008-08-09 02:06:38 UTC (rev 7533)
@@ -627,9 +627,14 @@
unsigned short port;
#if HTTPS_SUPPORT
- /* server credintials */
- gnutls_certificate_credentials_t x509_cret;
+ gnutls_credentials_type_t cred_type;
+ /* server x509 credintials */
+ gnutls_certificate_credentials_t x509_cred;
+
+ /* credentials used for anonymous authentication */
+ gnutls_anon_server_credentials_t anon_cred;
+
/* cipher priority cache */
gnutls_priority_t priority_cache;
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2008-08-06 16:32:11 UTC (rev
7532)
+++ libmicrohttpd/src/include/microhttpd.h 2008-08-09 02:06:38 UTC (rev
7533)
@@ -64,8 +64,6 @@
* depend on your platform; for possible suggestions consult
* "platform.h" in the MHD distribution).
*
- * TODO:
- * - Add option codes for SSL support
*/
#ifndef MHD_MICROHTTPD_H
@@ -380,6 +378,13 @@
MHD_OPTION_HTTPS_MEM_CERT,
/*
+ * daemon credentials type. either certificate or anonymous,
+ * this option should be followed by one of the values listed in
+ * gnutls_credentials_type_t.
+ */
+ MHD_OPTION_CRED_TYPE,
+
+ /*
* SSL/TLS protocol version
*
* Memory pointer to a zero terminated int array representing the
@@ -714,11 +719,17 @@
*/
struct MHD_Daemon *
MHD_start_daemon_va (unsigned int options,
- unsigned short port,
+ unsigned short port, char * ip,
MHD_AcceptPolicyCallback apc,
void *apc_cls,
MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap);
+struct MHD_Daemon *
+MHD_start_daemon_ip (unsigned int options,
+ unsigned short port, char *ip,
+ MHD_AcceptPolicyCallback apc,
+ void *apc_cls,
+ MHD_AccessHandlerCallback dh, void *dh_cls, ...);
/*
* Variadic version of MHD_start_daemon_va. This function will delegate calls
@@ -1025,6 +1036,7 @@
MHD_GNUTLS_KX_SRP_DSS
} gnutls_kx_algorithm_t;
+/* server credentials type */
typedef enum
{
MHD_GNUTLS_CRD_CERTIFICATE = 1,
@@ -1034,6 +1046,7 @@
MHD_GNUTLS_CRD_IA
} gnutls_credentials_type_t;
+/* mac algorithm */
typedef enum
{
MHD_GNUTLS_MAC_UNKNOWN = 0,
@@ -1056,7 +1069,7 @@
MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256
} gnutls_digest_algorithm_t;
-
+/* compression method */
typedef enum
{
MHD_GNUTLS_COMP_UNKNOWN = 0,
@@ -1067,6 +1080,7 @@
*/
} gnutls_compression_method_t;
+/* protocol type */
typedef enum
{
MHD_GNUTLS_SSL3 = 1,
@@ -1076,6 +1090,7 @@
MHD_GNUTLS_VERSION_UNKNOWN = 0xff
} gnutls_protocol_t;
+/* certificate_type */
typedef enum
{
MHD_GNUTLS_CRT_UNKNOWN = 0,
Modified: libmicrohttpd/src/testcurl/https/tls_alert_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_alert_test.c 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/testcurl/https/tls_alert_test.c 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -62,7 +62,7 @@
gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred)
{
int ret;
- const char **err_pos;
+ const char ** err_pos;
gnutls_certificate_allocate_credentials (xcred);
Modified: libmicrohttpd/src/testcurl/https/tls_authentication_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_authentication_test.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/testcurl/https/tls_authentication_test.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -39,10 +39,12 @@
extern int curl_check_version (const char *req_version, ...);
+const int DEBUG_GNUTLS_LOG_LEVEL = 6;
const char *ca_cert_file_name = "ca_cert_pem";
const char *test_file_name = "https_test_file";
const char test_file_data[] = "Hello World\n";
+
struct CBC
{
char *buf;
@@ -173,8 +175,8 @@
#endif
curl_easy_setopt (c, CURLOPT_URL, url);
curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 3L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 3L);
+ curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
+ curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
@@ -224,14 +226,13 @@
{
int ret;
struct MHD_Daemon *d;
- int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 };
- d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
MHD_USE_DEBUG, 42433,
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem,
- MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
+ MHD_OPTION_END);
if (d == NULL)
{
@@ -308,7 +309,7 @@
FILE *test_fd;
unsigned int errorCount = 0;
- /* gnutls_global_set_log_level (11); */
+ gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
@@ -330,7 +331,7 @@
}
errorCount +=
- test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+ test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
if (errorCount != 0)
fprintf (stderr, "Failed test: %s.\n", argv[0]);
Modified: libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c 2008-08-06
16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c 2008-08-09
02:06:38 UTC (rev 7533)
@@ -32,6 +32,7 @@
#include "gnutls.h"
#include <curl/curl.h>
+#define DEBUG_CURL_VERBOSE 0
#define PAGE_NOT_FOUND "<html><head><title>File not
found</title></head><body>File not found</body></html>"
#define MHD_E_MEM "Error: memory error\n"
@@ -42,6 +43,7 @@
#include "tls_test_keys.h"
+const int DEBUG_GNUTLS_LOG_LEVEL = 0;
const char *test_file_name = "https_test_file";
const char test_file_data[] = "Hello World\n";
@@ -123,7 +125,7 @@
* @param test_fd: file to attempt transfering
*/
static int
-test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version)
+test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
{
CURL *c;
CURLcode errornum;
@@ -172,7 +174,7 @@
doc_path, test_file_name);
c = curl_easy_init ();
-#ifdef DEBUG
+#if DEBUG_CURL_VERBOSE
curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
#endif
curl_easy_setopt (c, CURLOPT_URL, url);
@@ -249,14 +251,11 @@
}
static int
-setup (struct MHD_Daemon **d, enum MHD_OPTION option, void * value )
+setup (struct MHD_Daemon **d, va_list arg_list)
{
- *d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, 42433,
- NULL, NULL, &http_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- option, value, MHD_OPTION_END);
+ *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433, "127.0.0.1",
+ NULL, NULL, &http_ahc, NULL, arg_list);
if (*d == NULL)
{
@@ -273,19 +272,37 @@
MHD_stop_daemon (d);
}
+/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move
to test_util.c */
int
-test_wrap (int
+test_wrap (char *test_name, int
(*test) (FILE * test_fd, char *cipher_suite, int proto_version),
- FILE * test_fd, char *cipher_suite, int proto_version,
- enum MHD_OPTION option, void * value)
+ FILE * test_fd, char *cipher_suite, int proto_version, ...)
{
int ret;
+ va_list arg_list;
struct MHD_Daemon *d;
- if (setup (&d, option, value) != 0)
- return -1;
+ va_start (arg_list, proto_version);
+ if (setup (&d, arg_list) != 0)
+ {
+ va_end (arg_list);
+ return -1;
+ }
+
+ fprintf (stdout, "running test: %s ", test_name);
ret = test (test_fd, cipher_suite, proto_version);
+
+ if (ret == 0)
+ {
+ fprintf (stdout, "[pass]\n");
+ }
+ else
+ {
+ fprintf (stdout, "[fail]\n");
+ }
+
teardown (d);
+ va_end (arg_list);
return ret;
}
@@ -336,6 +353,9 @@
return ret;
}
+/*
+ * test server refuses to negotiate connections with unsupported protocol
versions
+ */
int
test_protocol_version (FILE * test_fd, char *cipher_suite,
int curl_proto_version)
@@ -344,7 +364,7 @@
CURLcode errornum;
c = curl_easy_init ();
-#ifdef DEBUG
+#if DEBUG_CURL_VERBOSE
curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
#endif
curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/";);
@@ -384,7 +404,7 @@
FILE *test_fd;
unsigned int errorCount = 0;
- gnutls_global_set_log_level(11);
+ gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
@@ -403,54 +423,61 @@
return -1;
}
- int mac[] = {MHD_GNUTLS_MAC_SHA1, 0};
- int p [] = {MHD_GNUTLS_SSL3, 0};
+ int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 };
+ int p[] = { MHD_GNUTLS_SSL3, 0 };
int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
- int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 };
+ int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-
-// errorCount +=
-// test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
-// CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0);
-// errorCount +=
-// test_wrap (&test_file_certificates, test_fd, "AES256-SHA",
-// CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0);
-//
-// errorCount +=
-// test_wrap (&test_protocol_version, test_fd, "AES256-SHA",
-// CURL_SSLVERSION_TLSv1, MHD_OPTION_PROTOCOL_VERSION, p);
-//
-// errorCount +=
-// test_wrap (&test_https_transfer, test_fd, "DES-CBC3-SHA",
-// CURL_SSLVERSION_TLSv1, MHD_OPTION_CIPHER_ALGORITHM, cipher);
-
errorCount +=
- test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
- CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, mac);
+ test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA",
+ CURL_SSLVERSION_TLSv1,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
+ errorCount +=
+ test_wrap ("file certificates", &test_file_certificates, test_fd,
+ "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ srv_self_signed_cert_pem, MHD_OPTION_END);
+ errorCount +=
+ test_wrap ("protocol_version", &test_protocol_version, test_fd,
+ "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p,
+ MHD_OPTION_END);
+ errorCount +=
+ test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd,
+ "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_END);
+ errorCount +=
+ test_wrap ("mac SH1", &test_https_transfer, test_fd, "AES256-SHA",
+ CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END);
+ errorCount +=
+ test_wrap ("kx ANON_DH", &test_https_transfer, test_fd,
+ "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
+ MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
+ kx, MHD_OPTION_END);
- // errorCount +=
- // test_wrap (&test_https_transfer, test_fd, "EDH-RSA-DES-CBC3-SHA",
- // CURL_SSLVERSION_TLSv1, MHD_OPTION_KX_PRIORITY, kx);
-
/*gnutls_mac_algorithm_t mac[] = {
- {MHD_GNUTLS_MAC_MD5, 0}, 0};
- gnutls_mac_algorithm_t * cur_mac;
+ {MHD_GNUTLS_MAC_MD5, 0}, 0};
+ gnutls_mac_algorithm_t * cur_mac;
- for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){
- option[0] = MHD_GNUTLS_MAC_SHA1;
- errorCount +=
- test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
- CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option);
- }*/
+ for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){
+ option[0] = MHD_GNUTLS_MAC_SHA1;
+ errorCount +=
+ test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
+ CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option);
+ } */
-
-
if (errorCount != 0)
fprintf (stderr, "Failed test: %s.\n", argv[0]);
- else
- {
- fprintf (stderr, "ok\n");
- }
curl_global_cleanup ();
fclose (test_fd);
Modified: libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
2008-08-06 16:32:11 UTC (rev 7532)
+++ libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
2008-08-09 02:06:38 UTC (rev 7533)
@@ -101,7 +101,6 @@
test_tls_session_time_out (gnutls_session_t session)
{
int sd, ret;
- char *url = "https://localhost:42433/";;
struct sockaddr_in sa;
sd = socket (AF_INET, SOCK_STREAM, 0);
@@ -153,8 +152,8 @@
gnutls_global_init ();
gnutls_global_set_log_level (11);
- d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, 42433,
+ d = MHD_start_daemon_ip(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433, "127.0.0.1",
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
Modified: libmicrohttpd/src/testcurl/https/tls_test_keys.h
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_test_keys.h 2008-08-06 16:32:11 UTC
(rev 7532)
+++ libmicrohttpd/src/testcurl/https/tls_test_keys.h 2008-08-09 02:06:38 UTC
(rev 7533)
@@ -24,105 +24,106 @@
/* Certificate Authority key */
const char ca_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIIEpAIBAAKCAQEA3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eB\n"
- "jiMegQJsJWFQT/CW8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCv\n"
- "nQ73wCIdCJoVyJbRN0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbq\n"
- "r9oVciRCQGgrmwEJdPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo1\n"
- "1cSmRbv5dkCHbx+youLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS\n"
- "0Zo+njEW6vRbmSMkrA1kH45+alN50X11mSgfoQIDAQABAoIBAAmLu+4Ushpdi5Sd\n"
- "P1cidjDFXfDaao5I2LTroghpnNyfaiT+zbj1jctu7K1luuX+Lh7+ZKIGH6RhVP8g\n"
- "R9eYBeyWHDsWJwPqCQJkrHR7LCkEfgkRAkaUZsSgzTqCWqUAeFa/xaQcdDcOu/nR\n"
- "DKMUexYmz4ZU+VJxPhWHzGuxhxM85uJOPK3rCaYCJoo1vMpF7MeFFvVljhSdyht5\n"
- "KD0w6qP0Y+vDe4cD/4W3wq82qXCFPA5oImjSJveEIJumPIjOyLFF+9p9V6hzg8Em\n"
- "48cpXcV3SsbaqTr6mSQl6b15zVwWq4CCt4mkeu6vK9PGzdnBiUmWaSXfprDwHaB3\n"
- "t1N0GRECgYEA5gP0gmZQDDJTlaGK9Z6pWiwpMBUoYcnqvCn8MQ5uPQn+KZir19AJ\n"
- "PkVLfWT9Dcaf3+2d0kBBgGYFWL+wK8DgrqALiLJfM6gP3Ts7G6Bis4GFdWY9aUnT\n"
- "6ZhRYdzetVArhTZBRKh8ERQNPy4TmzWDtjVUAfezUcvXqOjl9H5Q01ECgYEA+C2b\n"
- "i05t/RYcU0eFVYK8Yfl3jZJiopMdYwXCSCO21Ag2i0fjKC89rCmLlliffSSuDtNk\n"
- "xFsaSjns8Vyl7sjMcAOfsGokiUIcFnK/LyVoc3ie2NCiLVzw6zKK8lJ4bhn4afnv\n"
- "N9RKXP76emb8MaZroKlKkhMR8f2BvzXbv2NyU1ECgYEAtJeAXu1zhc/xnjaiQqxa\n"
- "rMilYfIKrZR571hLgDyjQttYqVIMAbp9t11yorYqlKlRFuCaG9yFUQlIw2BlMkUS\n"
- "YyiXRbE+W/Fk2z7I7qzjMarMnNsz9jmX3vzPULW4ScTzFnj9j6l1F3eV2vgTPrYq\n"
- "fmGqXo0bRmp0HVMWUPrn/LECgYEA3qHTQkHGS16VZGPpiY8xPVbUV8z07NC6cQVO\n"
- "hvZ64XTIsWN4tKjEU3glf2bbFCFef3BFmhv71pBmLRMmy7GYK/gkPdbKFdOXbM/d\n"
- "EAcnz0ZqgSeQBM+2U9dQbBdtb5+eiDsszNGFMC2QN1PBcyzOqh6UBbxTwdjfls9S\n"
- "5Trp6TECgYAzCZmmJuBW6WDK5ttOF/do6r0aurHr2mOr8oYxmBkhI3wphyUMNuaH\n"
- "rUk+R8LAmC1U4MbvvqoZH27xe+xd25mn6whitgZBH3DIetN7myDJep8wEG6aW4R5\n"
- "S82zk+LQJ7LTa1nPVPMS10qUXSH9cjShhszfeRIQM+lWbPoaEuo3yQ==\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n"
+ "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n"
+ "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n"
+ "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n"
+ "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n"
+ "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n"
+ "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n"
+ "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n"
+ "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n"
+ "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n"
+ "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n"
+ "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n"
+ "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n"
+ "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n"
+ "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n"
+ "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n"
+ "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n"
+ "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n"
+ "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n"
+ "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n"
+ "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n"
+ "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n"
+ "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n"
+ "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n"
+ "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n"
+ "-----END RSA PRIVATE KEY-----\n";
/* Certificate Authority cert */
const char ca_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIC6DCCAdKgAwIBAgIESHv2uDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
- "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMDA0MFoXDTA5MDcxNTAxMDA0MFowFzEVMBMG\n"
- "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n"
- "3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eBjiMegQJsJWFQT/CW\n"
- "8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCvnQ73wCIdCJoVyJbR\n"
- "N0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbqr9oVciRCQGgrmwEJ\n"
- "dPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo11cSmRbv5dkCHbx+y\n"
- "ouLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS0Zo+njEW6vRbmSMk\n"
- "rA1kH45+alN50X11mSgfoQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n"
- "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFB3x03+3Qa2SDwRF6RkNcjg9zRHJMAsGCSqG\n"
- "SIb3DQEBBQOCAQEAjPoKMve8aqtL8fFXfSkYwLJUwuTG4E4mX804O5dsdvOEWR2/\n"
- "UQm5IDiAZ3fnHE8zh0C1Kg+dWnCv0i1Q5CYZJ5sSY3tKikG5UBPVJGV1tT0vDfmJ\n"
- "X7b52y35eN8qe5DsdyDAcF2GNRBU8opkLkyXb8U095AQiCHzTPpiesZd5phJlMPm\n"
- "AJaB4VtHAykDMeKd7HJAeelRi/1dP8xsYNc1z67cSrkt2f+B0WAyuAUBBr1NdYmS\n"
- "duegptXCh8OeGEL/v6mbIWoszDbOjk/0zwsgW8BD/eXaZgPPEUtmHizYPIRPdeW1\n"
- "MSCwccjl/XjDkIoN8kKss4Ftt+Wyajjjxeh6YA==\n" "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
+ "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n"
+ "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n"
+ "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n"
+ "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n"
+ "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n"
+ "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n"
+ "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n"
+ "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n"
+ "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n"
+ "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n"
+ "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n"
+ "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n"
+ "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n"
+ "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n"
+ "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n"
+ "-----END CERTIFICATE-----\n";
/* test server CA signed certificates */
const char srv_signed_cert_pem[] =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIDHzCCAgmgAwIBAgIESHv6kTALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
- "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMTcwNVoXDTA5MDcxNTAxMTcwNVowGzEZMBcG\n"
- "A1UEAxMQdGVzdF9zZXJ2ZXJfY2VydDCCAR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJ\n"
- "AoIBAJIY2+Wn+TRHIJ92tpNvCIE6FOsGclRxOFJwK0T6k3SK68LwQ9PkQTTB/DJu\n"
- "+hU2u6w6lt1+Q8PHTDMLtnkEeXnxPn1uQZnnMEBcHAGY1U99iJh0At68AyoG7nkb\n"
- "AzgzxxjMom+dEhGEFHOg9JKmJp138RzIWcMN2l4pKIryiBUh5AWt/7uqtA+9fQMq\n"
- "nOeO8OU5FM3eKevl3VSZ6usptbePbUDNs5uEmG+PTR0bc2rYgGeC4+wExWcJ+CAq\n"
- "voNVPno//MoMeJjWgXqF4wTBFdfsewngkflwRDPuZuLsxVrKnIx6jsBKIMuhVuxT\n"
- "66vnEmuR34TUIzLlVPcJ5wmby2UCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNV\n"
- "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBSHX75y\n"
- "gpEjstognUu4If50qWXQaDAfBgNVHSMEGDAWgBQd8dN/t0Gtkg8ERekZDXI4Pc0R\n"
- "yTALBgkqhkiG9w0BAQUDggEBAF56YMCdp0C88ZF9yaXJZ4PMuTpW83Mhg5Ar0a9H\n"
- "DasF58p8eeRLhsTJPi+NpFSMTujEabGS3+8l6Iu5F5stFgvbvnjLHdYu2Pjakos8\n"
- "NjZCCkuEmIO4PLd6h5ToOZf3ZXNHmFjRTtKHQKNrYizlHlgnEDcUbU4gB5KOg3jU\n"
- "rv/Mtar+5LRK7KvByswp26nRH1ijGV23sy9StK7tV/cJPe/UkxyUfSQwUmQzzWe6\n"
- "QGAQtppUjGabWXjuLuOUyiG5LReYC5ri7XZuVekCAfUHbOdPYTHPczvpKBnUyKIv\n"
- "BRKOarmNfNc3w5G7Ast3jNOE2JfiJ8+x9+rMWI01PlWVYvQ=\n"
- "-----END CERTIFICATE-----\n";
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
+ "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n"
+ "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n"
+ "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n"
+ "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n"
+ "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n"
+ "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n"
+ "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n"
+ "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n"
+ "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n"
+ "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n"
+ "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n"
+ "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n"
+ "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n"
+ "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n"
+ "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n"
+ "aO/omlvGHrI=\n"
+ "-----END CERTIFICATE-----\n";
/* test server key */
const char srv_signed_key_pem[] =
- "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIIEpAIBAAKCAQEAkhjb5af5NEcgn3a2k28IgToU6wZyVHE4UnArRPqTdIrrwvBD\n"
- "0+RBNMH8Mm76FTa7rDqW3X5Dw8dMMwu2eQR5efE+fW5BmecwQFwcAZjVT32ImHQC\n"
- "3rwDKgbueRsDODPHGMyib50SEYQUc6D0kqYmnXfxHMhZww3aXikoivKIFSHkBa3/\n"
- "u6q0D719Ayqc547w5TkUzd4p6+XdVJnq6ym1t49tQM2zm4SYb49NHRtzatiAZ4Lj\n"
- "7ATFZwn4ICq+g1U+ej/8ygx4mNaBeoXjBMEV1+x7CeCR+XBEM+5m4uzFWsqcjHqO\n"
- "wEogy6FW7FPrq+cSa5HfhNQjMuVU9wnnCZvLZQIDAQABAoIBABISPh0FrocfZzMi\n"
- "YYoSGWi2sQCzTvAQAyn7UvbY0eWAC5KU2qb6nHA0sIfif0+hcgxnQOML68DrRYso\n"
- "3zzP52DEjPjB6x5o4OiNHC+8YmJPQlatPu+jLPcFXXkgdMD+cpmoMk2BDcuZ3VfC\n"
- "KI59O9iNjgcD50p/y6uLBsdNIbUPSMe8ONWT7f5DN/DqEL+3tVZaRAOL+C8iKYf4\n"
- "EPI5z6gOyL0aEpulbMKc0YoZZ2kDmu5IyMLgkF3DJV440Y/6IGan88ZSjk6i/d7f\n"
- "ciKVtzIIbr5ubbuGe3htphTpRP0aA5WuVTzHrKk83/u3hG1RFv1q/cRD28tVUIII\n"
- "0pcwLmECgYEAwMdaR5Y2NqBk/fOvU/oCDAQ6w8jmIa4zMxskvq9Pr753jhT13j+T\n"
- "eQ1A590PF4PPvGFTqJ2vl3kj6JT5dzu7mGKoJLFsnttpw+0NYUgp0waPPZx010pp\n"
- "QGeyQ/cPsZEZkCehh9c5CsfO1YpjKLV/wdpBQ2xAnkV5dfFmzlzLOTECgYEAwgJf\n"
- "gxlR9Jgv7Qg/6Prs+SarqT4xDsJKKbD7wH2jveGFXVnkYTPVstwLCAus4LaLFKZ9\n"
- "1POQDUgO24E1GzuL7mqSuvymdl5gZICfpkHstOAfpqep96pUv4aI9BY/g5l4Lvep\n"
- "9c52tgQGwz0qgBUJBi6AvzxqRkBsxrXjX2m7KHUCgYEAtjx94ohkTXWIouy2xFrl\n"
- "jnh9GNGUgyhK7Dfvn3bYjJkwKZc06dkNzvQxdD5r4t3PBhS3YgFWmYmB4X7a6NUF\n"
- "vMMekjlLJkziib1Q1bLDHuLni+WYKmEEaEbepRMrub8h/D0KnQBewwspQoJkxHn3\n"
- "AMkSwurVlwi0DkOa3N+pmTECgYBXyCUZN1qqtjVxJXttWiPg88tWD2q5B9XwmUC/\n"
- "rtlor+LdAzBffsmhXQiswkOdhVrWpCJpOS8jo0f9r6+su7ury5LKgkh7ZGZu8vfJ\n"
- "jSiiCoqnqFMyWWJxKllLP8nLLKSBc9P2AU4bOyUoL8PMIjhsEJx2asqXMM1G98OC\n"
- "R1/EhQKBgQCmSkabsj8u5iEScicyJU87/sVkRIRE0GhjU8uuvcTe+dRiHuj2CENx\n"
- "hh967E0nUCiJzx3is0/nYByDles9W4BLEA8JSuM5r6E7UifHR4XwIi2tQcNhCWIu\n"
- "vGbfvxwqcm7Uj3XHb1GbYK5nnaRNailoJ7iyqHWxB1Q3iFIiMipcfg==\n"
- "-----END RSA PRIVATE KEY-----\n";
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n"
+ "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n"
+ "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n"
+ "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n"
+ "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n"
+ "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n"
+ "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n"
+ "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n"
+ "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n"
+ "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n"
+ "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n"
+ "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n"
+ "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n"
+ "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n"
+ "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n"
+ "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n"
+ "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n"
+ "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n"
+ "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n"
+ "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n"
+ "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n"
+ "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n"
+ "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n"
+ "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n"
+ "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n"
+ "-----END RSA PRIVATE KEY-----\n";
/* test server self signed certificates */
const char srv_self_signed_cert_pem[] =
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7533 - in libmicrohttpd: . src/daemon src/daemon/https/tls src/daemon/https/x509 src/include src/testcurl/https,
gnunet <=