[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 05/31: testcurl/https: removed explicit cipher setting
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] 05/31: testcurl/https: removed explicit cipher setting |
|
Date: |
Mon, 10 Oct 2022 13:00:50 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit f069ee365d4cedb9854924ab2f6b96476b64319f
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Oct 4 18:49:35 2022 +0300
testcurl/https: removed explicit cipher setting
Explicit ciphers are not required and not future-proof.
---
src/testcurl/https/test_empty_response.c | 6 ------
src/testcurl/https/test_https_get.c | 8 +-------
src/testcurl/https/test_https_get_iovec.c | 7 +------
src/testcurl/https/test_https_get_parallel.c | 11 ++++-------
src/testcurl/https/test_https_get_parallel_threads.c | 10 ++--------
src/testcurl/https/test_https_get_select.c | 5 -----
src/testcurl/https/test_https_multi_daemon.c | 8 +-------
src/testcurl/https/test_https_session_info.c | 7 -------
src/testcurl/https/test_tls_authentication.c | 8 +-------
src/testcurl/https/test_tls_extensions.c | 2 +-
src/testcurl/https/test_tls_options.c | 10 ++++------
src/testcurl/https/tls_test_common.c | 10 ++++++----
12 files changed, 21 insertions(+), 71 deletions(-)
diff --git a/src/testcurl/https/test_empty_response.c
b/src/testcurl/https/test_empty_response.c
index 07388b76..c1e58245 100644
--- a/src/testcurl/https/test_empty_response.c
+++ b/src/testcurl/https/test_empty_response.c
@@ -75,7 +75,6 @@ testInternalSelectGet (void)
time_t start;
struct timeval tv;
uint16_t port;
- const char *aes256_sha = "AES256-SHA";
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -105,10 +104,6 @@ testInternalSelectGet (void)
}
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
c = curl_easy_init ();
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world";);
@@ -117,7 +112,6 @@ testInternalSelectGet (void)
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_get.c
b/src/testcurl/https/test_https_get.c
index 7c917d3b..f7569f43 100644
--- a/src/testcurl/https/test_https_get.c
+++ b/src/testcurl/https/test_https_get.c
@@ -232,7 +232,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -249,13 +248,8 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
-
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_iovec.c
b/src/testcurl/https/test_https_get_iovec.c
index 39da52f3..7b99ff68 100644
--- a/src/testcurl/https/test_https_get_iovec.c
+++ b/src/testcurl/https/test_https_get_iovec.c
@@ -390,7 +390,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -408,12 +407,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_parallel.c
b/src/testcurl/https/test_https_get_parallel.c
index 3fe65637..55725e3f 100644
--- a/src/testcurl/https/test_https_get_parallel.c
+++ b/src/testcurl/https/test_https_get_parallel.c
@@ -134,7 +134,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
uint16_t port;
unsigned int iseed;
(void) argc; /* Unused. Silent compiler warning. */
@@ -155,8 +154,6 @@ main (int argc, char *const *argv)
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
#ifdef EPOLL_SUPPORT
errorCount +=
test_wrap ("single threaded daemon, single client, epoll",
@@ -164,7 +161,7 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
@@ -173,7 +170,7 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#ifdef EPOLL_SUPPORT
@@ -182,7 +179,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
@@ -191,7 +188,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
diff --git a/src/testcurl/https/test_https_get_parallel_threads.c
b/src/testcurl/https/test_https_get_parallel_threads.c
index ae63b9fd..afbd793d 100644
--- a/src/testcurl/https/test_https_get_parallel_threads.c
+++ b/src/testcurl/https/test_https_get_parallel_threads.c
@@ -139,7 +139,6 @@ main (int argc, char *const *argv)
const char *ssl_version;
uint16_t port;
unsigned int iseed;
- const char *aes256_sha = "AES256-SHA";
(void) argc; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -172,17 +171,12 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
test_wrap ("multi threaded daemon, single client", &test_single_client,
NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
@@ -191,7 +185,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
diff --git a/src/testcurl/https/test_https_get_select.c
b/src/testcurl/https/test_https_get_select.c
index 4de66fe6..7149caf7 100644
--- a/src/testcurl/https/test_https_get_select.c
+++ b/src/testcurl/https/test_https_get_select.c
@@ -92,7 +92,6 @@ testExternalGet (unsigned int flags)
struct CURLMsg *msg;
time_t start;
struct timeval tv;
- const char *aes256_sha = "AES256-SHA";
uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -122,9 +121,6 @@ testExternalGet (unsigned int flags)
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
-
c = curl_easy_init ();
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world";);
curl_easy_setopt (c, CURLOPT_PORT, (long) port);
@@ -132,7 +128,6 @@ testExternalGet (unsigned int flags)
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_multi_daemon.c
b/src/testcurl/https/test_https_multi_daemon.c
index fdc8279b..be7f65a2 100644
--- a/src/testcurl/https/test_https_multi_daemon.c
+++ b/src/testcurl/https/test_https_multi_daemon.c
@@ -131,7 +131,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -149,13 +148,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
- test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_concurent_daemon_pair (NULL, NULL, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, "concurent_daemon_pair");
diff --git a/src/testcurl/https/test_https_session_info.c
b/src/testcurl/https/test_https_session_info.c
index 3070c5f7..e3b2b428 100644
--- a/src/testcurl/https/test_https_session_info.c
+++ b/src/testcurl/https/test_https_session_info.c
@@ -102,7 +102,6 @@ test_query_session (void)
CURLcode errornum;
char url[256];
uint16_t port;
- const char *aes256_sha = "AES256-SHA";
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -142,11 +141,6 @@ test_query_session (void)
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
gen_test_file_url (url,
sizeof (url),
port);
@@ -162,7 +156,6 @@ test_query_session (void)
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
/* currently skip any peer authentication */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
diff --git a/src/testcurl/https/test_tls_authentication.c
b/src/testcurl/https/test_tls_authentication.c
index bedc3dd9..1fa2f795 100644
--- a/src/testcurl/https/test_tls_authentication.c
+++ b/src/testcurl/https/test_tls_authentication.c
@@ -86,7 +86,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
(void) argc;
(void) argv; /* Unused. Silent compiler warning. */
@@ -105,13 +104,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
- test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, argv[0]);
diff --git a/src/testcurl/https/test_tls_extensions.c
b/src/testcurl/https/test_tls_extensions.c
index ecfbf7cc..6cad17e8 100644
--- a/src/testcurl/https/test_tls_extensions.c
+++ b/src/testcurl/https/test_tls_extensions.c
@@ -187,7 +187,7 @@ test_hello_extension (gnutls_session_t session, uint16_t
port,
gnutls_free (data);
/* make sure daemon is still functioning */
- if (CURLE_OK != send_curl_req (url, &cbc, "AES128-SHA",
+ if (CURLE_OK != send_curl_req (url, &cbc, NULL,
MHD_GNUTLS_PROTOCOL_TLS1_2))
{
ret = -1;
diff --git a/src/testcurl/https/test_tls_options.c
b/src/testcurl/https/test_tls_options.c
index b0f969a8..7390b89a 100644
--- a/src/testcurl/https/test_tls_options.c
+++ b/src/testcurl/https/test_tls_options.c
@@ -89,8 +89,6 @@ main (int argc, char *const *argv)
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD
| MHD_USE_TLS | MHD_USE_ERROR_LOG;
uint16_t port;
- const char *aes128_sha = "AES128-SHA";
- const char *aes256_sha = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -139,9 +137,9 @@ main (int argc, char *const *argv)
}
if (0 !=
- test_wrap ("TLS1.0-AES-SHA1",
+ test_wrap ("TLS1.0",
&test_https_transfer, NULL, port, daemon_flags,
- aes128_sha,
+ NULL,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -149,7 +147,7 @@ main (int argc, char *const *argv)
"NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
- fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
+ fprintf (stderr, "TLS1.0 test failed\n");
errorCount++;
}
fprintf (stderr,
@@ -157,7 +155,7 @@ main (int argc, char *const *argv)
if (0 !=
test_wrap ("TLS1.1 vs TLS1.0",
&test_unmatching_ssl_version, NULL, port, daemon_flags,
- aes256_sha,
+ NULL,
CURL_SSLVERSION_TLSv1_1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
diff --git a/src/testcurl/https/tls_test_common.c
b/src/testcurl/https/tls_test_common.c
index 70606e67..63a79f59 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -84,8 +84,9 @@ test_daemon_get (void *cls,
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* perform peer authentication */
/* TODO merge into send_curl_req */
@@ -280,8 +281,9 @@ send_curl_req (char *url,
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* currently skip any peer authentication */
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))))
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (30ef790c -> c930fe1a), gnunet, 2022/10/10
- [libmicrohttpd] 04/31: testcurl/https: stopped CA file creation/removal, gnunet, 2022/10/10
- [libmicrohttpd] 05/31: testcurl/https: removed explicit cipher setting,
gnunet <=
- [libmicrohttpd] 01/31: Removed curl_version_check, gnunet, 2022/10/10
- [libmicrohttpd] 07/31: test_https_session_info: fixed compiler warning with old libcurl, gnunet, 2022/10/10
- [libmicrohttpd] 12/31: test_https_time_out: second attempt to really check something with this test, gnunet, 2022/10/10
- [libmicrohttpd] 02/31: testcurl/https: fixed functions declarations, gnunet, 2022/10/10
- [libmicrohttpd] 03/31: testcurl/https: fixed compiler warnings, wrong types, gnunet, 2022/10/10
- [libmicrohttpd] 06/31: testcurl/https: do not enforce TLSv1, gnunet, 2022/10/10
- [libmicrohttpd] 08/31: testcurl/https: removed usage of deprecated libcurl parameter, gnunet, 2022/10/10
- [libmicrohttpd] 10/31: test_https_get_parallel{,_threads}: removed artificial delay, gnunet, 2022/10/10
- [libmicrohttpd] 13/31: MHD_start_daemon(): minor readability improvement, gnunet, 2022/10/10
- [libmicrohttpd] 14/31: microhttpd.h: improved doxy for MHD_USE_THREAD_PER_CONNECTION, gnunet, 2022/10/10