[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https

From:	gnunet
Subject:	[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https
Date:	Fri, 3 Apr 2015 19:36:25 +0200
Author: grothoff
Date: 2015-04-03 19:36:25 +0200 (Fri, 03 Apr 2015)
New Revision: 35497

Modified:
   libmicrohttpd/ChangeLog
   libmicrohttpd/configure.ac
   libmicrohttpd/src/testcurl/https/test_empty_response.c
   libmicrohttpd/src/testcurl/https/test_https_get.c
   libmicrohttpd/src/testcurl/https/test_https_get_select.c
   libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c
   libmicrohttpd/src/testcurl/https/test_https_session_info.c
   libmicrohttpd/src/testcurl/https/test_tls_options.c
Log:
fixing https testcases that require SSL3, but SSL3 is dead and with modern 
gnutls not even supported

Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog     2015-04-03 13:03:19 UTC (rev 35496)
+++ libmicrohttpd/ChangeLog     2015-04-03 17:36:25 UTC (rev 35497)
@@ -1,3 +1,6 @@
+Fri Apr  3 12:55:31 CEST 2015
+       Update HTTPS testcases to avoid SSLv3, as SSLv3 is dead.
+
 Fri Apr  3 12:25:28 CEST 2015
        Do not enforce FD_SETSIZE-limit on worker control
        pipe when using MHD_USE_EPOLL_LINUX_ONLY (#3751). -MH/CG

Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac  2015-04-03 13:03:19 UTC (rev 35496)
+++ libmicrohttpd/configure.ac  2015-04-03 17:36:25 UTC (rev 35497)
@@ -1,5 +1,5 @@
 # This file is part of libmicrohttpd.
-# (C) 2006-2014 Christian Grothoff (and other contributing authors)
+# (C) 2006-2015 Christian Grothoff (and other contributing authors)
 #
 # libmicrohttpd is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published
@@ -22,15 +22,15 @@
 #
 AC_PREREQ([2.60])
 LT_PREREQ([2.4.0])
-AC_INIT([libmicrohttpd],[0.9.39],address@hidden)
+AC_INIT([libmicrohttpd],[0.9.40],address@hidden)
 AM_INIT_AUTOMAKE([silent-rules] [subdir-objects])
 AC_CONFIG_HEADERS([MHD_config.h])
 AC_CONFIG_MACRO_DIR([m4])
 AH_TOP([#define _GNU_SOURCE  1])
 
-LIB_VERSION_CURRENT=39
+LIB_VERSION_CURRENT=40
 LIB_VERSION_REVISION=0
-LIB_VERSION_AGE=29
+LIB_VERSION_AGE=30
 AC_SUBST(LIB_VERSION_CURRENT)
 AC_SUBST(LIB_VERSION_REVISION)
 AC_SUBST(LIB_VERSION_AGE)

Modified: libmicrohttpd/src/testcurl/https/test_empty_response.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_empty_response.c      2015-04-03 
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_empty_response.c      2015-04-03 
17:36:25 UTC (rev 35497)
@@ -99,7 +99,7 @@
   curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
   curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
   /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
   curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
   curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
   curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);

Modified: libmicrohttpd/src/testcurl/https/test_https_get.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_get.c   2015-04-03 13:03:19 UTC 
(rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_get.c   2015-04-03 17:36:25 UTC 
(rev 35497)
@@ -100,7 +100,6 @@
 {
   unsigned int errorCount = 0;
   const char *aes256_sha_tlsv1   = "AES256-SHA";
-  const char *aes256_sha_sslv3   = "AES256-SHA";
   const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA";
 
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
@@ -116,15 +115,12 @@
   if (curl_uses_nss_ssl() == 0)
     {
       aes256_sha_tlsv1 = "rsa_aes_256_sha";
-      aes256_sha_sslv3 = "rsa_aes_256_sha";
       des_cbc3_sha_tlsv1 = "rsa_aes_128_sha";
     }
 
   errorCount +=
     test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
   errorCount +=
-    test_secure_get (NULL, aes256_sha_sslv3, CURL_SSLVERSION_SSLv3);
-  errorCount +=
     test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1);
   print_test_result (errorCount, argv[0]);
 

Modified: libmicrohttpd/src/testcurl/https/test_https_get_select.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_get_select.c    2015-04-03 
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_get_select.c    2015-04-03 
17:36:25 UTC (rev 35497)
@@ -111,7 +111,7 @@
   curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
   curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
   /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
   curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
   curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
   curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);

Modified: libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c  2015-04-03 
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c  2015-04-03 
17:36:25 UTC (rev 35497)
@@ -120,7 +120,7 @@
     }
   
   errorCount +=
-    test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3);
+    test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
 
   print_test_result (errorCount, "concurent_daemon_pair");
 

Modified: libmicrohttpd/src/testcurl/https/test_https_session_info.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_session_info.c  2015-04-03 
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_session_info.c  2015-04-03 
17:36:25 UTC (rev 35497)
@@ -55,7 +55,7 @@
       return MHD_YES;
     }
 
-  if (GNUTLS_SSL3 != 
+  if (GNUTLS_TLS1_1 != 
       (ret = MHD_get_connection_info
        (connection,
        MHD_CONNECTION_INFO_PROTOCOL)->protocol))
@@ -122,7 +122,7 @@
   curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
   curl_easy_setopt (c, CURLOPT_FILE, &cbc);
   /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
   curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
   /* currently skip any peer authentication */
   curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);

Modified: libmicrohttpd/src/testcurl/https/test_tls_options.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_tls_options.c 2015-04-03 13:03:19 UTC 
(rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_tls_options.c 2015-04-03 17:36:25 UTC 
(rev 35497)
@@ -134,53 +134,6 @@
       fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
       errorCount++;
     }
-#if 0
-  /* this used to work, but somehow no longer.  gnutls issue? */
-  if (0 != 
-      test_wrap ("SSL3.0-AES256-SHA1", 
-                &test_https_transfer, NULL, daemon_flags,
-                aes256_sha,
-                CURL_SSLVERSION_SSLv3,
-                MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
-                MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
-                MHD_OPTION_HTTPS_PRIORITIES, 
"NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
-              MHD_OPTION_END))
-    {
-      fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
-      errorCount++;
-    }
-  if (0 !=
-      test_wrap ("SSL3.0-AES-SHA1",
-                &test_https_transfer, NULL, daemon_flags,
-                aes128_sha,
-                CURL_SSLVERSION_SSLv3,
-                MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
-                MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
-                MHD_OPTION_HTTPS_PRIORITIES, 
"NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
-                MHD_OPTION_END))
-    {
-      fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
-      errorCount++;
-    }
-#endif
-
-
-#if 0
-  /* manual inspection of the handshake suggests that CURL will
-     request TLSv1, we send back "SSL3" and CURL takes it *despite*
-     being configured to speak SSL3-only.  Notably, the other way
-     round (have curl request SSL3, respond with TLSv1 only)
-     is properly refused by CURL.  Either way, this does NOT seem
-     to be a bug in MHD/gnuTLS but rather in CURL; hence this
-     test is commented out here... */
-  errorCount +=
-    test_wrap ("unmatching version: SSL3 vs. TLS", 
&test_unmatching_ssl_version,
-               NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
-               MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
-               MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
-               MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
-#endif
-
   fprintf (stderr,
           "The following handshake should fail (and print an error 
message)...\n");
   if (0 !=
[Prev in Thread]
Current Thread
[Next in Thread]
[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https, gnunet <=
Prev by Date: [GNUnet-SVN] r35496 - in libmicrohttpd/src: include microhttpd
Next by Date: [GNUnet-SVN] r35498 - in libmicrohttpd: . src/microhttpd src/testcurl
Previous by thread: [GNUnet-SVN] r35496 - in libmicrohttpd/src: include microhttpd
Next by thread: [GNUnet-SVN] r35498 - in libmicrohttpd: . src/microhttpd src/testcurl
Index(es):
- Date
- Thread