[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (30ef790c -> c930fe1a)
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated (30ef790c -> c930fe1a) |
|
Date: |
Mon, 10 Oct 2022 13:00:45 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from 30ef790c testcurl: updated copyright year in updated files
new 2249c1f5 Removed curl_version_check
new c1f7c807 testcurl/https: fixed functions declarations
new 28e28436 testcurl/https: fixed compiler warnings, wrong types
new 0be4e8c2 testcurl/https: stopped CA file creation/removal
new f069ee36 testcurl/https: removed explicit cipher setting
new f7747015 testcurl/https: do not enforce TLSv1
new 26c6ba57 test_https_session_info: fixed compiler warning with old
libcurl
new 860010b6 testcurl/https: removed usage of deprecated libcurl parameter
new 8d00c4f7 testcurl/https: enable verbose libcurl on debug builds
new 4237407f test_https_get_parallel{,_threads}: removed artificial delay
new 8fea3c91 daemon: fixed delayed notification callback in
thread-per-connection mode
new a710f627 test_https_time_out: second attempt to really check something
with this test
new 759eb24f MHD_start_daemon(): minor readability improvement
new 9f22ba9b microhttpd.h: improved doxy for MHD_USE_THREAD_PER_CONNECTION
new 88d27af7 MHD_run_wait(): improved readability
new 3921f777 daemon: small refactoring for more compact code when poll()
is not supported
new 43e10b90 MHD_poll(): removed unneeded check
new f8441dac testcurl/https: significantly simplified test URI
new 6e78e802 testcurl/https: added proper check for snprintf() result
new 3330f10e testcurl/https: some simplifications and clean-ups
new a781ffa5 test_tls_extensions: removed unused test
new cfe614ca test_https_session_info: removed hardcoded TLS version
new b6979795 microhttpd.h: minor doxy fix
new 0913234c digestauth.h: removed leftover in doxy
new 288b02ad test_https_get_parallel_threads: removed libcurl-GnuTLS
requirement
new 749a8b43 tls_test_common: fixed comments and error messages
new b84dc1b2 test_tls_options: re-implemented, removed hardcoded TLS
versions
new 868cb71a https tests: renamed private key variable to match
certificate name
new 121c134c https tests: updated self-signed certificate
new 95e66629 test_tls_authentication: fixed to really test TLS
authentication
new c930fe1a testcurl/https: updated copyright year in modified files,
fixed some doxy
The 31 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
configure.ac | 8 -
src/include/microhttpd.h | 8 +-
src/microhttpd/daemon.c | 59 ++-
src/microhttpd/digestauth.h | 1 -
src/testcurl/https/Makefile.am | 9 +-
src/testcurl/https/curl_version_check.c | 176 --------
src/testcurl/https/test_empty_response.c | 25 +-
src/testcurl/https/test_https_get.c | 43 +-
src/testcurl/https/test_https_get_iovec.c | 67 ++-
src/testcurl/https/test_https_get_parallel.c | 50 +--
.../https/test_https_get_parallel_threads.c | 53 +--
src/testcurl/https/test_https_get_select.c | 35 +-
src/testcurl/https/test_https_multi_daemon.c | 45 +-
src/testcurl/https/test_https_session_info.c | 323 ++++++++++----
src/testcurl/https/test_https_sni.c | 28 +-
src/testcurl/https/test_https_time_out.c | 60 ++-
src/testcurl/https/test_tls_authentication.c | 43 +-
src/testcurl/https/test_tls_extensions.c | 296 -------------
src/testcurl/https/test_tls_options.c | 488 ++++++++++++++++-----
src/testcurl/https/tls_test_common.c | 293 +++++++------
src/testcurl/https/tls_test_common.h | 141 +++---
src/testcurl/https/tls_test_keys.h | 95 ++--
22 files changed, 1149 insertions(+), 1197 deletions(-)
delete mode 100644 src/testcurl/https/curl_version_check.c
delete mode 100644 src/testcurl/https/test_tls_extensions.c
diff --git a/configure.ac b/configure.ac
index 4f9b3f45..2bf5bbe7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2410,14 +2410,6 @@ AS_IF([test "$enable_curl" != "no"],
enable_curl=no
])
])
-AS_IF([test "$enable_curl" != "no"],
- [
-# Lib cURL & cURL - OpenSSL versions
- AC_DEFINE([MHD_REQ_CURL_VERSION], ["7.16.4"], [required cURL version to run
tests])
- AC_DEFINE([MHD_REQ_CURL_OPENSSL_VERSION], ["0.9.8"], [required cURL SSL
version to run tests])
- AC_DEFINE([MHD_REQ_CURL_GNUTLS_VERSION], ["2.8.6"], [gnuTLS lib version -
used in conjunction with cURL])
- AC_DEFINE([MHD_REQ_CURL_NSS_VERSION], ["3.12.0"], [NSS lib version - used in
conjunction with cURL])
- ])
AM_CONDITIONAL([HAVE_CURL], [test "x$enable_curl" = "xyes"])
mhd_have_libmagic="no"
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 41c5d2ce..63afc9e0 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -1245,6 +1245,11 @@ enum MHD_FLAG
/**
* Run using one thread per connection.
* Must be used only with #MHD_USE_INTERNAL_POLLING_THREAD.
+ *
+ * If #MHD_USE_ITC is also not used, closed and expired connections may only
+ * be cleaned up internally when a new connection is received.
+ * Consider adding of #MHD_USE_ITC flag to have faster internal cleanups
+ * at very minor increase in system resources usage.
*/
MHD_USE_THREAD_PER_CONNECTION = 4,
@@ -1576,7 +1581,8 @@ enum MHD_DAuthBindNonce
* RFC 7616 allows clients to re-use server-generated nonces for any URI
* in the same "protection space" which is by default consists of all server
* URIs.
- * This was default (and only supported) value before #MHD_VERSION 0x00097518
+ * This was default (and only supported) nonce bind type
+ * before #MHD_VERSION 0x00097518
*/
MHD_DAUTH_BIND_NONCE_URI = 1 << 1,
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 6f7bfb58..25571f61 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -4930,6 +4930,7 @@ MHD_poll_listen_socket (struct MHD_Daemon *daemon,
#endif
+#ifdef HAVE_POLL
/**
* Do poll()-based processing.
@@ -4942,22 +4943,17 @@ static enum MHD_Result
MHD_poll (struct MHD_Daemon *daemon,
int may_block)
{
-#ifdef HAVE_POLL
- if (daemon->shutdown)
- return MHD_NO;
if (0 == (daemon->options & MHD_USE_THREAD_PER_CONNECTION))
return MHD_poll_all (daemon,
may_block ? -1 : 0);
return MHD_poll_listen_socket (daemon,
may_block);
-#else
- (void) daemon;
- (void) may_block;
- return MHD_NO;
-#endif
}
+#endif /* HAVE_POLL */
+
+
#ifdef EPOLL_SUPPORT
/**
@@ -5528,25 +5524,23 @@ MHD_run_wait (struct MHD_Daemon *daemon,
if (0 > millisec)
millisec = -1;
- if (false)
- {
- (void) 0; /* Mute compiler warning */
- }
#ifdef HAVE_POLL
- else if (0 != (daemon->options & MHD_USE_POLL))
+ if (0 != (daemon->options & MHD_USE_POLL))
{
res = MHD_poll_all (daemon, millisec);
MHD_cleanup_connections (daemon);
}
+ else
#endif /* HAVE_POLL */
#ifdef EPOLL_SUPPORT
- else if (0 != (daemon->options & MHD_USE_EPOLL))
+ if (0 != (daemon->options & MHD_USE_EPOLL))
{
res = MHD_epoll (daemon, millisec);
MHD_cleanup_connections (daemon);
}
-#endif
else
+#endif
+ if (1)
{
res = MHD_select (daemon, millisec);
/* MHD_select does MHD_cleanup_connections already */
@@ -5644,14 +5638,17 @@ MHD_polling_thread (void *cls)
#endif /* HAVE_PTHREAD_SIGMASK */
while (! daemon->shutdown)
{
+#ifdef HAVE_POLL
if (0 != (daemon->options & MHD_USE_POLL))
MHD_poll (daemon, MHD_YES);
+ else
+#endif /* HAVE_POLL */
#ifdef EPOLL_SUPPORT
- else if (0 != (daemon->options & MHD_USE_EPOLL))
+ if (0 != (daemon->options & MHD_USE_EPOLL))
MHD_epoll (daemon, -1);
-#endif
else
- MHD_select (daemon, -1);
+#endif
+ MHD_select (daemon, -1);
MHD_cleanup_connections (daemon);
}
@@ -6737,16 +6734,17 @@ MHD_start_daemon_va (unsigned int flags,
return NULL;
/* Check for invalid combinations of flags. */
- if ( ((0 != (*pflags & MHD_USE_POLL)) && (0 != (*pflags & MHD_USE_EPOLL))) ||
- ((0 != (*pflags & MHD_USE_EPOLL)) && (0 != (*pflags
- &
-
MHD_USE_THREAD_PER_CONNECTION)))
- ||
- ((0 != (*pflags & MHD_USE_POLL)) &&
- (0 == (*pflags & (MHD_USE_INTERNAL_POLLING_THREAD
- | MHD_USE_THREAD_PER_CONNECTION)))) ||
- ((0 != (*pflags & MHD_USE_AUTO)) && (0 != (*pflags & (MHD_USE_POLL
- |
MHD_USE_EPOLL)))) )
+ if ((0 != (*pflags & MHD_USE_POLL)) && (0 != (*pflags & MHD_USE_EPOLL)))
+ return NULL;
+ if ((0 != (*pflags & MHD_USE_EPOLL)) &&
+ (0 != (*pflags & MHD_USE_THREAD_PER_CONNECTION)))
+ return NULL;
+ if ((0 != (*pflags & MHD_USE_POLL)) &&
+ (0 == (*pflags & (MHD_USE_INTERNAL_POLLING_THREAD
+ | MHD_USE_THREAD_PER_CONNECTION))))
+ return NULL;
+ if ((0 != (*pflags & MHD_USE_AUTO)) &&
+ (0 != (*pflags & (MHD_USE_POLL | MHD_USE_EPOLL))))
return NULL;
if (0 != (*pflags & MHD_USE_AUTO))
@@ -6873,8 +6871,9 @@ MHD_start_daemon_va (unsigned int flags,
}
#endif
- if ( (NULL != daemon->notify_completed) &&
- (0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION)) )
+ if ( (0 != (daemon->options & MHD_USE_THREAD_PER_CONNECTION))
+ && ((NULL != daemon->notify_completed)
+ || (NULL != daemon->notify_connection)) )
*pflags |= MHD_USE_ITC; /* requires ITC */
#ifndef NDEBUG
diff --git a/src/microhttpd/digestauth.h b/src/microhttpd/digestauth.h
index e8844f27..4ba26709 100644
--- a/src/microhttpd/digestauth.h
+++ b/src/microhttpd/digestauth.h
@@ -61,7 +61,6 @@
/**
* The token for SHA-512/256 algorithm.
- * Unsupported currently by MHD for authentication.
*/
#define _MHD_SHA512_256_TOKEN "SHA-512-256"
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
index 39394db1..6b9962b3 100644
--- a/src/testcurl/https/Makefile.am
+++ b/src/testcurl/https/Makefile.am
@@ -9,6 +9,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/microhttpd \
-DMHD_CPU_COUNT=$(CPU_COUNT) \
+ -DSRCDIR=\"$(srcdir)\" \
$(CPPFLAGS_ac) $(LIBCURL_CPPFLAGS) $(MHD_TLS_LIB_CPPFLAGS)
AM_CFLAGS = $(CFLAGS_ac) @LIBGCRYPT_CFLAGS@
@@ -78,8 +79,7 @@ test_tls_options_SOURCES = \
test_tls_options.c \
tls_test_keys.h \
tls_test_common.h \
- tls_test_common.c \
- curl_version_check.c
+ tls_test_common.c
test_https_get_parallel_SOURCES = \
test_https_get_parallel.c \
@@ -137,16 +137,11 @@ test_https_get_iovec_SOURCES = \
tls_test_common.h \
tls_test_common.c
-if HAVE_GNUTLS_SNI
test_https_sni_SOURCES = \
test_https_sni.c \
tls_test_keys.h \
tls_test_common.h \
tls_test_common.c
-test_https_sni_CPPFLAGS = \
- $(AM_CPPFLAGS) \
- -DABS_SRCDIR=\"$(abs_srcdir)\"
-endif
test_https_get_select_SOURCES = \
test_https_get_select.c \
diff --git a/src/testcurl/https/curl_version_check.c
b/src/testcurl/https/curl_version_check.c
deleted file mode 100644
index 64c645e5..00000000
--- a/src/testcurl/https/curl_version_check.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- This file is part of libmicrohttpd
- Copyright (C) 2007 Christian Grothoff
- Copyright (C) 2016-2021 Evgeny Grin (Karlson2k)
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
-*/
-
-/**
- * @file curl_version_check.c
- * @brief verify required cURL version is available to run tests
- * @author Sagie Amir
- * @author Karlson2k (Evgeny Grin)
- */
-
-#include "MHD_config.h"
-#include "platform.h"
-#include <curl/curl.h>
-
-#ifndef WINDOWS
-#include <unistd.h>
-#endif
-
-static int
-parse_version_number (const char **s)
-{
- int i = 0;
- char num[17];
-
- while (i < 16 && ((**s >= '0') & (**s <= '9')))
- {
- num[i] = **s;
- (*s)++;
- i++;
- }
-
- num[i] = '\0';
-
- return atoi (num);
-}
-
-
-static const char *
-parse_version_string (const char *s, int *major, int *minor, int *micro)
-{
- if (! s)
- return NULL;
- *major = parse_version_number (&s);
- if (*s != '.')
- return NULL;
- s++;
- *minor = parse_version_number (&s);
- if (*s != '.')
- return NULL;
- s++;
- *micro = parse_version_number (&s);
- return s;
-}
-
-
-/*
- * check local libcurl version matches required version
- */
-int
-curl_check_version (const char *req_version)
-{
- const char *ver;
- const char *curl_ver;
-#ifdef HTTPS_SUPPORT
- const char *ssl_ver;
- const char *req_ssl_ver;
-#endif /* HTTPS_SUPPORT */
-
- int loc_major, loc_minor, loc_micro;
- int rq_major, rq_minor, rq_micro;
-
- ver = curl_version ();
-#ifdef HAVE_MESSAGES
- fprintf (stderr, "curl version: %s\n", ver);
-#endif
- /*
- * this call relies on the cURL string to be of the exact following format :
- * 'libcurl/7.16.4 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/0.6.5' OR
- * 'libcurl/7.18.2 GnuTLS/2.4.0 zlib/1.2.3.3 libidn/0.6.5'
- */
- curl_ver = strchr (ver, '/');
- if (curl_ver == NULL)
- return -1;
- curl_ver++;
- /* Parse version numbers */
- if ( (NULL == parse_version_string (req_version, &rq_major, &rq_minor,
- &rq_micro)) ||
- (NULL == parse_version_string (curl_ver, &loc_major, &loc_minor,
- &loc_micro)) )
- return -1;
-
- /* Compare version numbers. */
- if (((loc_major > rq_major)
- || ((loc_major == rq_major) && (loc_minor > rq_minor))
- || ((loc_major == rq_major) && (loc_minor == rq_minor)
- && (loc_micro > rq_micro)) || ((loc_major == rq_major)
- && (loc_minor == rq_minor)
- && (loc_micro == rq_micro) )) == 0)
- {
- fprintf (stderr,
- "Error: running curl test depends on local libcurl version >
%s\n",
- req_version);
- return -1;
- }
-
- /*
- * enforce required gnutls/openssl version.
- * TODO use curl version string to assert use of gnutls
- */
-#ifdef HTTPS_SUPPORT
- ssl_ver = strchr (curl_ver, ' ');
- if (ssl_ver == NULL)
- return -1;
- ssl_ver++;
- if (strncmp ("GnuTLS", ssl_ver, strlen ("GNUtls")) == 0)
- {
- ssl_ver = strchr (ssl_ver, '/');
- req_ssl_ver = MHD_REQ_CURL_GNUTLS_VERSION;
- }
- else if (strncmp ("OpenSSL", ssl_ver, strlen ("OpenSSL")) == 0)
- {
- ssl_ver = strchr (ssl_ver, '/');
- req_ssl_ver = MHD_REQ_CURL_OPENSSL_VERSION;
- }
- else if (strncmp ("NSS", ssl_ver, strlen ("NSS")) == 0)
- {
- ssl_ver = strchr (ssl_ver, '/');
- req_ssl_ver = MHD_REQ_CURL_NSS_VERSION;
- }
- else
- {
- fprintf (stderr, "Error: unrecognized curl ssl library\n");
- return -1;
- }
- if (ssl_ver == NULL)
- return -1;
- ssl_ver++;
- if ( (NULL == parse_version_string (req_ssl_ver, &rq_major, &rq_minor,
- &rq_micro)) ||
- (NULL == parse_version_string (ssl_ver, &loc_major, &loc_minor,
- &loc_micro)) )
- return -1;
-
- if (((loc_major > rq_major)
- || ((loc_major == rq_major) && (loc_minor > rq_minor))
- || ((loc_major == rq_major) && (loc_minor == rq_minor)
- && (loc_micro > rq_micro)) || ((loc_major == rq_major)
- && (loc_minor == rq_minor)
- && (loc_micro == rq_micro) )) == 0)
- {
- fprintf (stderr,
- "Error: running curl test depends on local libcurl SSL version >
%s\n",
- req_ssl_ver);
- return -1;
- }
-#endif /* HTTPS_SUPPORT */
- return 0;
-}
diff --git a/src/testcurl/https/test_empty_response.c
b/src/testcurl/https/test_empty_response.c
index 3dc5b0bb..b1de3501 100644
--- a/src/testcurl/https/test_empty_response.c
+++ b/src/testcurl/https/test_empty_response.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2013 Christian Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -22,6 +23,7 @@
* @file test_empty_response.c
* @brief Testcase for libmicrohttpd HTTPS GET operations with empty reply
* @author Christian Grothoff
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "microhttpd.h"
@@ -57,8 +59,8 @@ ahc_echo (void *cls,
}
-static int
-testInternalSelectGet ()
+static unsigned int
+testInternalSelectGet (void)
{
struct MHD_Daemon *d;
CURL *c;
@@ -74,8 +76,7 @@ testInternalSelectGet ()
struct CURLMsg *msg;
time_t start;
struct timeval tv;
- int port;
- char *aes256_sha = "AES256-SHA";
+ uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -88,8 +89,8 @@ testInternalSelectGet ()
cbc.pos = 0;
d = MHD_start_daemon (MHD_USE_ERROR_LOG | MHD_USE_TLS
| MHD_USE_INTERNAL_POLLING_THREAD,
- port, NULL, NULL, &ahc_echo, "GET",
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ port, NULL, NULL, &ahc_echo, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
if (d == NULL)
@@ -103,21 +104,19 @@ testInternalSelectGet ()
{
MHD_stop_daemon (d); return 32;
}
- port = (int) dinfo->port;
- }
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
+ port = dinfo->port;
}
c = curl_easy_init ();
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
+#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world";);
curl_easy_setopt (c, CURLOPT_PORT, (long) port);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_get.c
b/src/testcurl/https/test_https_get.c
index f2016cc2..b18fc878 100644
--- a/src/testcurl/https/test_https_get.c
+++ b/src/testcurl/https/test_https_get.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2016-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -22,12 +23,11 @@
* @file test_https_get.c
* @brief Testcase for libmicrohttpd HTTPS GET operations
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "microhttpd.h"
-#include <limits.h>
-#include <sys/stat.h>
#include <curl/curl.h>
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
#include <gcrypt.h>
@@ -36,18 +36,17 @@
#include "tls_test_keys.h"
-static int global_port;
+static uint16_t global_port;
/* perform a HTTP GET request via SSL/TLS */
-static int
-test_secure_get (FILE *test_fd,
- const char *cipher_suite,
+static unsigned int
+test_secure_get (const char *cipher_suite,
int proto_version)
{
- int ret;
+ unsigned int ret;
struct MHD_Daemon *d;
- int port;
+ uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -66,7 +65,7 @@ test_secure_get (FILE *test_fd,
if (d == NULL)
{
fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
+ return 1;
}
if (0 == port)
{
@@ -74,12 +73,13 @@ test_secure_get (FILE *test_fd,
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
- MHD_stop_daemon (d); return -1;
+ MHD_stop_daemon (d);
+ return 1;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
- ret = test_https_transfer (test_fd,
+ ret = test_https_transfer (NULL,
port,
cipher_suite,
proto_version);
@@ -109,7 +109,7 @@ ahc_empty (void *cls,
(void) upload_data;
(void) upload_data_size; /* Unused. Silent compiler warning. */
- if (0 != strcmp ("GET",
+ if (0 != strcmp (MHD_HTTP_METHOD_GET,
method))
return MHD_NO; /* unexpected method */
if (&ptr != *req_cls)
@@ -151,8 +151,8 @@ curlExcessFound (CURL *c,
}
-static int
-testEmptyGet (int poll_flag)
+static unsigned int
+testEmptyGet (unsigned int poll_flag)
{
struct MHD_Daemon *d;
CURL *c;
@@ -189,9 +189,12 @@ testEmptyGet (int poll_flag)
{
MHD_stop_daemon (d); return 32;
}
- global_port = (int) dinfo->port;
+ global_port = dinfo->port;
}
c = curl_easy_init ();
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
+#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/";);
curl_easy_setopt (c, CURLOPT_PORT, (long) global_port);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
@@ -231,7 +234,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -248,13 +250,8 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
-
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, CURL_SSLVERSION_DEFAULT);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_iovec.c
b/src/testcurl/https/test_https_get_iovec.c
index 33272952..0df4bf65 100644
--- a/src/testcurl/https/test_https_get_iovec.c
+++ b/src/testcurl/https/test_https_get_iovec.c
@@ -1,7 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007-2021 Christian Grothoff
- Copyright (C) 2016-2021 Evgeny Grin
+ Copyright (C) 2016-2022 Evgeny Grin
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -44,7 +44,7 @@
#include "tls_test_keys.h"
-static int global_port;
+static uint16_t global_port;
/* Use large enough pieces (>16KB) to test partially consumed
* data as TLS doesn't take more than 16KB by a single call. */
@@ -117,16 +117,17 @@ iovec_ahc (void *cls,
for (j = 0; j < TESTSTR_IOVCNT; ++j)
{
+ int *chunk;
/* Assign chunks of memory area in the reverse order
* to make non-continous set of data therefore
* possible buffer overruns could be detected */
- iov[j].iov_base = data + (((TESTSTR_IOVCNT - 1) - j)
- * (TESTSTR_SIZE / TESTSTR_IOVCNT
- / sizeof(int)));
+ chunk = data + (((TESTSTR_IOVCNT - 1) - (unsigned int) j)
+ * (TESTSTR_SIZE / TESTSTR_IOVCNT / sizeof(int)));
+ iov[j].iov_base = chunk;
iov[j].iov_len = TESTSTR_SIZE / TESTSTR_IOVCNT;
for (i = 0; i < (int) (TESTSTR_IOVLEN / sizeof(int)); ++i)
- ((int *) iov[j].iov_base)[i] = i + (j * TESTSTR_IOVLEN / sizeof(int));
+ chunk[i] = i + (j * (int) (TESTSTR_IOVLEN / sizeof(int)));
}
response = MHD_create_response_from_iovec (iov,
@@ -139,14 +140,14 @@ iovec_ahc (void *cls,
}
-static int
+static unsigned int
test_iovec_transfer (void *cls,
- int port,
+ uint16_t port,
const char *cipher_suite,
int proto_version)
{
- int len;
- int ret = 0;
+ size_t len;
+ unsigned int ret = 0;
struct CBC cbc;
char url[255];
(void) cls; /* Unused. Silent compiler warning. */
@@ -155,32 +156,31 @@ test_iovec_transfer (void *cls,
if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
{
fprintf (stderr, MHD_E_MEM);
- return -1;
+ return 1;
}
cbc.size = len;
cbc.pos = 0;
- if (gen_test_file_url (url,
- sizeof (url),
- port))
+ if (gen_test_uri (url,
+ sizeof (url),
+ port))
{
- ret = -1;
+ ret = 1;
goto cleanup;
}
if (CURLE_OK !=
send_curl_req (url, &cbc, cipher_suite, proto_version))
{
- ret = -1;
+ ret = 1;
goto cleanup;
}
- /* compare test file & daemon response */
if ((cbc.pos != TESTSTR_SIZE) ||
(0 != check_read_data (cbc.buf, cbc.pos)))
{
fprintf (stderr, "Error: local file & received file differ.\n");
- ret = -1;
+ ret = 1;
}
cleanup:
free (cbc.buf);
@@ -189,14 +189,14 @@ cleanup:
/* perform a HTTP GET request via SSL/TLS */
-static int
+static unsigned int
test_secure_get (FILE *test_fd,
const char *cipher_suite,
int proto_version)
{
- int ret;
+ unsigned int ret;
struct MHD_Daemon *d;
- int port;
+ uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -215,7 +215,7 @@ test_secure_get (FILE *test_fd,
if (d == NULL)
{
fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
+ return 1;
}
if (0 == port)
{
@@ -223,9 +223,10 @@ test_secure_get (FILE *test_fd,
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
- MHD_stop_daemon (d); return -1;
+ MHD_stop_daemon (d);
+ return 1;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
ret = test_iovec_transfer (test_fd,
@@ -259,7 +260,7 @@ ahc_empty (void *cls,
(void) upload_data;
(void) upload_data_size; /* Unused. Silent compiler warning. */
- if (0 != strcmp ("GET",
+ if (0 != strcmp (MHD_HTTP_METHOD_GET,
method))
return MHD_NO; /* unexpected method */
if (&ptr != *req_cls)
@@ -308,8 +309,8 @@ curlExcessFound (CURL *c,
}
-static int
-testEmptyGet (int poll_flag)
+static unsigned int
+testEmptyGet (unsigned int poll_flag)
{
struct MHD_Daemon *d;
CURL *c;
@@ -346,9 +347,12 @@ testEmptyGet (int poll_flag)
{
MHD_stop_daemon (d); return 32;
}
- global_port = (int) dinfo->port;
+ global_port = dinfo->port;
}
c = curl_easy_init ();
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
+#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/";);
curl_easy_setopt (c, CURLOPT_PORT, (long) global_port);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
@@ -388,7 +392,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -406,12 +409,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_DEFAULT);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_parallel.c
b/src/testcurl/https/test_https_get_parallel.c
index cf318a46..3d7db915 100644
--- a/src/testcurl/https/test_https_get_parallel.c
+++ b/src/testcurl/https/test_https_get_parallel.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -20,9 +21,11 @@
/**
* @file test_https_get_parallel.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @brief Testcase for libmicrohttpd HTTPS GET operations with single-threaded
+ * MHD daemon and several clients working in parallel
* @author Sagie Amir
* @author Christian Grothoff
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
@@ -44,8 +47,6 @@
#define MHD_CPU_COUNT 4
#endif
-int curl_check_version (const char *req_version, ...);
-
/**
* used when spawning multiple threads executing curl server requests
@@ -56,10 +57,8 @@ https_transfer_thread_adapter (void *args)
{
static int nonnull;
struct https_test_data *cargs = args;
- int ret;
+ unsigned int ret;
- /* time spread incoming requests */
- usleep ((useconds_t) 10.0 * ((double) rand ()) / ((double) RAND_MAX));
ret = test_https_transfer (NULL, cargs->port,
cargs->cipher_suite, cargs->proto_version);
if (ret == 0)
@@ -71,12 +70,12 @@ https_transfer_thread_adapter (void *args)
/**
* Test non-parallel requests.
*
- * @return: 0 upon all client requests returning '0', -1 otherwise.
+ * @return: 0 upon all client requests returning '0', 1 otherwise.
*
* TODO : make client_count a parameter - number of curl client threads to
spawn
*/
-static int
-test_single_client (void *cls, int port, const char *cipher_suite,
+static unsigned int
+test_single_client (void *cls, uint16_t port, const char *cipher_suite,
int curl_proto_version)
{
void *client_thread_ret;
@@ -86,7 +85,7 @@ test_single_client (void *cls, int port, const char
*cipher_suite,
client_thread_ret = https_transfer_thread_adapter (&client_args);
if (client_thread_ret != NULL)
- return -1;
+ return 1;
return 0;
}
@@ -94,12 +93,12 @@ test_single_client (void *cls, int port, const char
*cipher_suite,
/**
* Test parallel request handling.
*
- * @return: 0 upon all client requests returning '0', -1 otherwise.
+ * @return: 0 upon all client requests returning '0', 1 otherwise.
*
* TODO : make client_count a parameter - number of curl client threads to
spawn
*/
-static int
-test_parallel_clients (void *cls, int port, const char *cipher_suite,
+static unsigned int
+test_parallel_clients (void *cls, uint16_t port, const char *cipher_suite,
int curl_proto_version)
{
int i;
@@ -116,7 +115,7 @@ test_parallel_clients (void *cls, int port, const char
*cipher_suite,
&https_transfer_thread_adapter, &client_args) != 0)
{
fprintf (stderr, "Error: failed to spawn test client threads.\n");
- return -1;
+ return 1;
}
}
@@ -125,7 +124,7 @@ test_parallel_clients (void *cls, int port, const char
*cipher_suite,
{
if ((pthread_join (client_arr[i], &client_thread_ret) != 0) ||
(client_thread_ret != NULL))
- return -1;
+ return 1;
}
return 0;
@@ -136,8 +135,7 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
- int port;
+ uint16_t port;
unsigned int iseed;
(void) argc; /* Unused. Silent compiler warning. */
@@ -157,8 +155,6 @@ main (int argc, char *const *argv)
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
#ifdef EPOLL_SUPPORT
errorCount +=
test_wrap ("single threaded daemon, single client, epoll",
@@ -166,8 +162,8 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
errorCount +=
@@ -175,8 +171,8 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#ifdef EPOLL_SUPPORT
errorCount +=
@@ -184,8 +180,8 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
errorCount +=
@@ -193,8 +189,8 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_parallel_threads.c
b/src/testcurl/https/test_https_get_parallel_threads.c
index e8df1e14..6e639f45 100644
--- a/src/testcurl/https/test_https_get_parallel_threads.c
+++ b/src/testcurl/https/test_https_get_parallel_threads.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -19,10 +20,12 @@
*/
/**
- * @file tls_thread_mode_test.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @file test_https_get_parallel_threads.c
+ * @brief Testcase for libmicrohttpd HTTPS GET operations with multi-threaded
+ * MHD daemon and several clients working in parallel
* @author Sagie Amir
* @author Christian Grothoff
+ * @author Karlson2k (Evgeny Grin)
*
* TODO: add test for external select!
*/
@@ -46,8 +49,6 @@
#define MHD_CPU_COUNT 4
#endif
-int curl_check_version (const char *req_version, ...);
-
/**
* used when spawning multiple threads executing curl server requests
*
@@ -57,10 +58,8 @@ https_transfer_thread_adapter (void *args)
{
static int nonnull;
struct https_test_data *cargs = args;
- int ret;
+ unsigned int ret;
- /* time spread incoming requests */
- usleep ((useconds_t) 10.0 * ((double) rand ()) / ((double) RAND_MAX));
ret = test_https_transfer (cargs->cls, cargs->port,
cargs->cipher_suite, cargs->proto_version);
if (ret == 0)
@@ -72,12 +71,12 @@ https_transfer_thread_adapter (void *args)
/**
* Test non-parallel requests.
*
- * @return: 0 upon all client requests returning '0', -1 otherwise.
+ * @return: 0 upon all client requests returning '0', 1 otherwise.
*
* TODO : make client_count a parameter - number of curl client threads to
spawn
*/
-static int
-test_single_client (void *cls, int port, const char *cipher_suite,
+static unsigned int
+test_single_client (void *cls, uint16_t port, const char *cipher_suite,
int curl_proto_version)
{
void *client_thread_ret;
@@ -87,7 +86,7 @@ test_single_client (void *cls, int port, const char
*cipher_suite,
client_thread_ret = https_transfer_thread_adapter (&client_args);
if (client_thread_ret != NULL)
- return -1;
+ return 1;
return 0;
}
@@ -95,12 +94,12 @@ test_single_client (void *cls, int port, const char
*cipher_suite,
/**
* Test parallel request handling.
*
- * @return: 0 upon all client requests returning '0', -1 otherwise.
+ * @return: 0 upon all client requests returning '0', 1 otherwise.
*
* TODO : make client_count a parameter - number of curl client threads to
spawn
*/
-static int
-test_parallel_clients (void *cls, int port, const char *cipher_suite,
+static unsigned int
+test_parallel_clients (void *cls, uint16_t port, const char *cipher_suite,
int curl_proto_version)
{
int i;
@@ -118,7 +117,7 @@ test_parallel_clients (void *cls, int port, const char
*cipher_suite,
{
fprintf (stderr, "Error: failed to spawn test client threads.\n");
- return -1;
+ return 1;
}
}
@@ -127,7 +126,7 @@ test_parallel_clients (void *cls, int port, const char
*cipher_suite,
{
if ((pthread_join (client_arr[i], &client_thread_ret) != 0) ||
(client_thread_ret != NULL))
- return -1;
+ return 1;
}
return 0;
@@ -139,9 +138,8 @@ main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
- int port;
+ uint16_t port;
unsigned int iseed;
- char *aes256_sha = "AES256-SHA";
(void) argc; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -167,25 +165,14 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
- if (! curl_tls_is_gnutls ())
- {
- fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
- curl_global_cleanup ();
- return 77;
- }
-
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
errorCount +=
test_wrap ("multi threaded daemon, single client", &test_single_client,
NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
errorCount +=
@@ -193,8 +180,8 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
- srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
+ NULL, CURL_SSLVERSION_DEFAULT, MHD_OPTION_HTTPS_MEM_KEY,
+ srv_self_signed_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
if (errorCount != 0)
diff --git a/src/testcurl/https/test_https_get_select.c
b/src/testcurl/https/test_https_get_select.c
index 92774771..1939ccff 100644
--- a/src/testcurl/https/test_https_get_select.c
+++ b/src/testcurl/https/test_https_get_select.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -20,8 +21,9 @@
/**
* @file test_https_get_select.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @brief Testcase for libmicrohttpd HTTPS GET operations using external
select
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
@@ -47,12 +49,12 @@ ahc_echo (void *cls,
void **req_cls)
{
static int ptr;
- const char *me = cls;
struct MHD_Response *response;
enum MHD_Result ret;
+ (void) cls;
(void) version; (void) upload_data; (void) upload_data_size; /*
Unused. Silent compiler warning. */
- if (0 != strcmp (me, method))
+ if (0 != strcmp (MHD_HTTP_METHOD_GET, method))
return MHD_NO; /* unexpected method */
if (&ptr != *req_cls)
{
@@ -60,9 +62,8 @@ ahc_echo (void *cls,
return MHD_YES;
}
*req_cls = NULL;
- response = MHD_create_response_from_buffer (strlen (url),
- (void *) url,
- MHD_RESPMEM_MUST_COPY);
+ response = MHD_create_response_from_buffer_copy (strlen (url),
+ (const void *) url);
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
MHD_destroy_response (response);
if (ret == MHD_NO)
@@ -71,8 +72,8 @@ ahc_echo (void *cls,
}
-static int
-testExternalGet (int flags)
+static unsigned int
+testExternalGet (unsigned int flags)
{
struct MHD_Daemon *d;
CURL *c;
@@ -93,8 +94,7 @@ testExternalGet (int flags)
struct CURLMsg *msg;
time_t start;
struct timeval tv;
- const char *aes256_sha = "AES256-SHA";
- int port;
+ uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -106,8 +106,8 @@ testExternalGet (int flags)
cbc.size = 2048;
cbc.pos = 0;
d = MHD_start_daemon (MHD_USE_ERROR_LOG | MHD_USE_TLS | flags,
- port, NULL, NULL, &ahc_echo, "GET",
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ port, NULL, NULL, &ahc_echo, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
if (d == NULL)
@@ -120,20 +120,19 @@ testExternalGet (int flags)
{
MHD_stop_daemon (d); return 32;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
-
c = curl_easy_init ();
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
+#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world";);
curl_easy_setopt (c, CURLOPT_PORT, (long) port);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_multi_daemon.c
b/src/testcurl/https/test_https_multi_daemon.c
index da60c543..8ffef656 100644
--- a/src/testcurl/https/test_https_multi_daemon.c
+++ b/src/testcurl/https/test_https_multi_daemon.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2016-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -19,9 +20,10 @@
*/
/**
- * @file mhds_multi_daemon_test.c
+ * @file test_https_multi_daemon.c
* @brief Testcase for libmicrohttpd multiple HTTPS daemon scenario
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
@@ -39,15 +41,15 @@
* assert initiating two separate daemons and having one shut down
* doesn't affect the other
*/
-static int
+static unsigned int
test_concurent_daemon_pair (void *cls,
const char *cipher_suite,
int proto_version)
{
- int ret;
+ unsigned int ret;
struct MHD_Daemon *d1;
struct MHD_Daemon *d2;
- int port1, port2;
+ uint16_t port1, port2;
(void) cls; /* Unused. Silent compiler warning. */
@@ -63,14 +65,14 @@ test_concurent_daemon_pair (void *cls,
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG, port1,
NULL, NULL, &http_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
if (d1 == NULL)
{
fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
+ return 1;
}
if (0 == port1)
{
@@ -78,7 +80,9 @@ test_concurent_daemon_pair (void *cls,
dinfo = MHD_get_daemon_info (d1, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
- MHD_stop_daemon (d1); return -1;
+ fprintf (stderr, "Cannot detect daemon bind port.\n");
+ MHD_stop_daemon (d1);
+ return 1;
}
port1 = (int) dinfo->port;
}
@@ -87,7 +91,7 @@ test_concurent_daemon_pair (void *cls,
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG, port2,
NULL, NULL, &http_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
@@ -95,7 +99,7 @@ test_concurent_daemon_pair (void *cls,
{
MHD_stop_daemon (d1);
fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
+ return 1;
}
if (0 == port2)
{
@@ -103,9 +107,10 @@ test_concurent_daemon_pair (void *cls,
dinfo = MHD_get_daemon_info (d2, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
+ fprintf (stderr, "Cannot detect daemon bind port.\n");
MHD_stop_daemon (d1);
MHD_stop_daemon (d2);
- return -1;
+ return 1;
}
port2 = (int) dinfo->port;
}
@@ -128,8 +133,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- FILE *cert;
- const char *aes256_sha = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -146,28 +149,12 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
- if ((cert = setup_ca_cert ()) == NULL)
- {
- fprintf (stderr, MHD_E_TEST_FILE_CREAT);
- curl_global_cleanup ();
- return 99;
- }
-
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
errorCount +=
- test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_concurent_daemon_pair (NULL, NULL, CURL_SSLVERSION_DEFAULT);
print_test_result (errorCount, "concurent_daemon_pair");
curl_global_cleanup ();
- fclose (cert);
- if (0 != remove (ca_cert_file_name))
- fprintf (stderr,
- "Failed to remove `%s'\n",
- ca_cert_file_name);
return errorCount != 0 ? 1 : 0;
}
diff --git a/src/testcurl/https/test_https_session_info.c
b/src/testcurl/https/test_https_session_info.c
index 12208ba7..bad47b1c 100644
--- a/src/testcurl/https/test_https_session_info.c
+++ b/src/testcurl/https/test_https_session_info.c
@@ -20,7 +20,7 @@
*/
/**
- * @file mhds_session_info_test.c
+ * @file test_https_session_info.c
* @brief Testcase for libmicrohttpd HTTPS connection querying operations
* @author Sagie Amir
* @author Karlson2k (Evgeny Grin)
@@ -35,52 +35,50 @@
#include "tls_test_common.h"
#include "tls_test_keys.h"
-struct MHD_Daemon *d;
-
/*
* HTTP access handler call back
* used to query negotiated security parameters
*/
static enum MHD_Result
-query_session_ahc (void *cls, struct MHD_Connection *connection,
- const char *url, const char *method,
- const char *version, const char *upload_data,
- size_t *upload_data_size, void **req_cls)
+query_info_ahc (void *cls, struct MHD_Connection *connection,
+ const char *url, const char *method,
+ const char *version, const char *upload_data,
+ size_t *upload_data_size, void **req_cls)
{
struct MHD_Response *response;
enum MHD_Result ret;
- int gret;
- (void) cls; (void) url; (void) method; (void) version; /* Unused. Silent
compiler warning. */
- (void) upload_data; (void) upload_data_size; /* Unused. Silent
compiler warning. */
+ const union MHD_ConnectionInfo *conn_info;
+ enum know_gnutls_tls_id *used_tls_ver;
+ (void) url; (void) method; (void) version; /* Unused. Silent compiler
warning. */
+ (void) upload_data; (void) upload_data_size; /* Unused. Silent compiler
warning. */
+ used_tls_ver = (enum know_gnutls_tls_id *) cls;
if (NULL == *req_cls)
{
- *req_cls = (void *) &query_session_ahc;
+ *req_cls = (void *) &query_info_ahc;
return MHD_YES;
}
- if (GNUTLS_TLS1_1 !=
- (gret = MHD_get_connection_info
- (connection,
- MHD_CONNECTION_INFO_PROTOCOL)->protocol))
+ conn_info = MHD_get_connection_info (connection,
+ MHD_CONNECTION_INFO_PROTOCOL);
+ if (NULL == conn_info)
{
- if (GNUTLS_TLS1_2 == gret)
- {
- /* as usual, TLS implementations sometimes don't
- quite do what was asked, just mildly complain... */
- fprintf (stderr,
- "Warning: requested TLS 1.1, got TLS 1.2\n");
- }
- else
- {
- /* really different version... */
- fprintf (stderr,
- "Error: requested protocol mismatch (wanted %d, got %d)\n",
- GNUTLS_TLS1_1,
- gret);
- return MHD_NO;
- }
+ fflush (stderr);
+ fflush (stdout);
+ fprintf (stderr, "MHD_get_connection_info() failed.\n");
+ fflush (stderr);
+ return MHD_NO;
}
+ if (0 == (unsigned int) conn_info->protocol)
+ {
+ fflush (stderr);
+ fflush (stdout);
+ fprintf (stderr, "MHD_get_connection_info()->protocol has "
+ "wrong zero value.\n");
+ fflush (stderr);
+ return MHD_NO;
+ }
+ *used_tls_ver = (enum know_gnutls_tls_id) conn_info->protocol;
response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE),
EMPTY_PAGE);
@@ -93,43 +91,42 @@ query_session_ahc (void *cls, struct MHD_Connection
*connection,
/**
* negotiate a secure connection with server & query negotiated security
parameters
*/
-#if LIBCURL_VERSION_NUM >= 0x072200
-static int
-test_query_session ()
+static unsigned int
+test_query_session (enum know_gnutls_tls_id tls_ver, uint16_t *pport)
{
CURL *c;
struct CBC cbc;
CURLcode errornum;
char url[256];
- int port;
- const char *aes256_sha = "AES256-SHA";
-
- if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
- port = 0;
- else
- port = 3060;
+ enum know_gnutls_tls_id found_tls_ver;
+ struct MHD_Daemon *d;
if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
- return 16;
+ return 99;
cbc.size = 255;
cbc.pos = 0;
/* setup test */
+ found_tls_ver = KNOWN_BAD;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
- | MHD_USE_ERROR_LOG, port,
- NULL, NULL, &query_session_ahc, NULL,
- MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128",
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ | MHD_USE_ERROR_LOG, *pport,
+ NULL, NULL,
+ &query_info_ahc, &found_tls_ver,
+ MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver],
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
if (d == NULL)
{
free (cbc.buf);
- return 2;
+ fprintf (stderr, "MHD_start_daemon() with %s failed.\n",
+ tls_names[tls_ver]);
+ fflush (stderr);
+ return 77;
}
- if (0 == port)
+ if (0 == *pport)
{
const union MHD_DaemonInfo *dinfo;
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
@@ -137,65 +134,206 @@ test_query_session ()
{
MHD_stop_daemon (d);
free (cbc.buf);
- return 32;
+ fprintf (stderr, "MHD_get_daemon_info() failed.\n");
+ fflush (stderr);
+ return 10;
}
- port = (int) dinfo->port;
+ *pport = dinfo->port; /* Use the same port for rest of the checks */
}
- if (curl_tls_is_nss ())
+ gen_test_uri (url,
+ sizeof (url),
+ *pport);
+ c = curl_easy_init ();
+ fflush (stderr);
+ if (NULL == c)
{
- aes256_sha = "rsa_aes_256_sha";
+ fprintf (stderr, "curl_easy_init() failed.\n");
+ fflush (stderr);
+ MHD_stop_daemon (d);
+ free (cbc.buf);
+ return 99;
}
-
- gen_test_file_url (url,
- sizeof (url),
- port);
- c = curl_easy_init ();
-#if DEBUG_HTTPS_TEST
+#ifdef _DEBUG
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
- curl_easy_setopt (c, CURLOPT_URL, url);
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, &cbc);
- /* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
- /* currently skip any peer authentication */
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- * setting NOSIGNAL results in really weird
- * crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L);
- if (CURLE_OK != (errornum = curl_easy_perform (c)))
+
+ if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
+ CURL_HTTP_VERSION_1_1))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer)))
||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA,
+ &cbc))) ||
+ /* TLS options */
+ /* currently skip any peer authentication */
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
{
- fprintf (stderr, "curl_easy_perform failed: `%s'\n",
+ curl_easy_cleanup (c);
+ free (cbc.buf);
+ MHD_stop_daemon (d);
+ fflush (stderr);
+ fflush (stdout);
+ fprintf (stderr, "Error setting libcurl option: %s.\n",
curl_easy_strerror (errornum));
+ fflush (stderr);
+ return 99;
+ }
- MHD_stop_daemon (d);
+ if (CURLE_OK != (errornum = curl_easy_perform (c)))
+ {
+ unsigned int ret;
curl_easy_cleanup (c);
free (cbc.buf);
- return -1;
+ MHD_stop_daemon (d);
+
+ fflush (stderr);
+ fflush (stdout);
+ if ((CURLE_SSL_CONNECT_ERROR == errornum) ||
+ (CURLE_SSL_CIPHER == errornum))
+ {
+ ret = 77;
+ fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n",
+ curl_easy_strerror (errornum));
+
+ }
+ else
+ {
+ ret = 1;
+ fprintf (stderr, "curl_easy_perform failed: '%s'\n",
+ curl_easy_strerror (errornum));
+ }
+ fflush (stderr);
+
+ return ret;
}
curl_easy_cleanup (c);
- MHD_stop_daemon (d);
free (cbc.buf);
+ MHD_stop_daemon (d);
+
+ if (tls_ver != found_tls_ver)
+ {
+ fflush (stderr);
+ fflush (stdout);
+ fprintf (stderr, "MHD_get_connection_info (conn, "
+ "MHD_CONNECTION_INFO_PROTOCOL) returned unexpected "
+ "protocol version.\n"
+ "\tReturned: %s (%u)\tExpected: %s (%u)\n",
+ ((unsigned int) found_tls_ver) > KNOWN_TLS_MAX ?
+ "[wrong value]" : tls_names[found_tls_ver],
+ (unsigned int) found_tls_ver,
+ tls_names[tls_ver], (unsigned int) tls_ver);
+ fflush (stderr);
+ return 2;
+ }
return 0;
}
-#endif
+static unsigned int
+test_all_supported_versions (void)
+{
+ enum know_gnutls_tls_id ver_for_test; /**< TLS version used for test */
+ const gnutls_protocol_t *vers_list; /**< The list of GnuTLS supported TLS
versions */
+ uint16_t port;
+ unsigned int num_success; /**< Number of tests succeeded */
+ unsigned int num_failed; /**< Number of tests failed */
+
+ if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
+ port = 0; /* Use system automatic assignment */
+ else
+ port = 3060; /* Use predefined port, may break parallel testing of
another MHD build */
+
+ vers_list = gnutls_protocol_list ();
+ if (NULL == vers_list)
+ {
+ fprintf (stderr, "Error getting GnuTLS supported TLS versions");
+ return 99;
+ }
+ num_success = 0;
+ num_failed = 0;
+
+ for (ver_for_test = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_test;
+ ++ver_for_test)
+ {
+ const gnutls_protocol_t *ver_ptr; /**< The pointer to the position on
the @a vers_list */
+ unsigned int res;
+ for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr)
+ {
+ if (ver_for_test == (enum know_gnutls_tls_id) *ver_ptr)
+ break;
+ }
+ if (0 == *ver_ptr)
+ {
+ printf ("%s is not supported by GnuTLS, skipping.\n\n",
+ tls_names[ver_for_test]);
+ fflush (stdout);
+ continue;
+ }
+ printf ("Starting check for %s...\n",
+ tls_names[ver_for_test]);
+ fflush (stdout);
+ res = test_query_session (ver_for_test, &port);
+ fflush (stderr);
+ fflush (stdout);
+ if (99 == res)
+ {
+ fprintf (stderr, "Hard error. Test stopped.\n");
+ fflush (stderr);
+ return 99;
+ }
+ else if (77 == res)
+ {
+ printf ("%s does not work with libcurl client and GnuTLS "
+ "server combination, skipping.\n",
+ tls_names[ver_for_test]);
+ fflush (stdout);
+ }
+ else if (0 != res)
+ {
+ fprintf (stderr, "Check failed for %s.\n",
+ tls_names[ver_for_test]);
+ fflush (stderr);
+ num_failed++;
+ }
+ else
+ {
+ printf ("Check succeeded for %s.\n",
+ tls_names[ver_for_test]);
+ fflush (stdout);
+ num_success++;
+ }
+ printf ("\n");
+ fflush (stdout);
+ }
+
+ if (0 == num_failed)
+ {
+ if (0 == num_success)
+ {
+ fprintf (stderr, "No supported TLS version was found.\n");
+ fflush (stderr);
+ return 77;
+ }
+ return 0;
+ }
+ return num_failed;
+}
+
int
main (int argc, char *const *argv)
{
-#if LIBCURL_VERSION_NUM >= 0x072200
unsigned int errorCount = 0;
const char *ssl_version;
(void) argc; /* Unused. Silent compiler warning. */
@@ -216,19 +354,14 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
- if (! curl_tls_is_gnutls ())
- {
- fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
- curl_global_cleanup ();
+ errorCount = test_all_supported_versions ();
+ fflush (stderr);
+ fflush (stdout);
+ curl_global_cleanup ();
+ if (77 == errorCount)
return 77;
- }
- errorCount += test_query_session ();
+ else if (99 == errorCount)
+ return 99;
print_test_result (errorCount, argv[0]);
- curl_global_cleanup ();
return errorCount != 0 ? 1 : 0;
-#else /* LIBCURL_VERSION_NUM < 0x072200 */
- (void) argc; (void) argv; /* Unused. Silent compiler warning. */
- (void) query_session_ahc; /* Mute compiler warning */
- return 77;
-#endif /* LIBCURL_VERSION_NUM < 0x072200 */
}
diff --git a/src/testcurl/https/test_https_sni.c
b/src/testcurl/https/test_https_sni.c
index 3581aa17..573bf637 100644
--- a/src/testcurl/https/test_https_sni.c
+++ b/src/testcurl/https/test_https_sni.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2013, 2016 Christian Grothoff
+ Copyright (C) 2016-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -22,6 +23,7 @@
* @file test_https_sni.c
* @brief Testcase for libmicrohttpd HTTPS with SNI operations
* @author Christian Grothoff
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "microhttpd.h"
@@ -180,7 +182,7 @@ sni_callback (gnutls_session_t session,
/* perform a HTTP GET request via SSL/TLS */
static int
-do_get (const char *url, int port)
+do_get (const char *url, uint16_t port)
{
CURL *c;
struct CBC cbc;
@@ -199,7 +201,7 @@ do_get (const char *url, int port)
cbc.pos = 0;
c = curl_easy_init ();
-#if DEBUG_HTTPS_TEST
+#ifdef _DEBUG
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
curl_easy_setopt (c, CURLOPT_URL, url);
@@ -208,16 +210,16 @@ do_get (const char *url, int port)
curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, &cbc);
- curl_easy_setopt (c, CURLOPT_CAINFO, ABS_SRCDIR "/test-ca.crt");
+ curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
+ curl_easy_setopt (c, CURLOPT_CAINFO, SRCDIR "/test-ca.crt");
/* perform peer authentication */
/* TODO merge into send_curl_req */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 2L);
- sprintf (buf, "mhdhost1:%d:127.0.0.1", port);
+ sprintf (buf, "mhdhost1:%u:127.0.0.1", (unsigned int) port);
dns_info = curl_slist_append (NULL, buf);
- sprintf (buf, "mhdhost2:%d:127.0.0.1", port);
+ sprintf (buf, "mhdhost2:%u:127.0.0.1", (unsigned int) port);
dns_info = curl_slist_append (dns_info, buf);
curl_easy_setopt (c, CURLOPT_RESOLVE, dns_info);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
@@ -255,9 +257,9 @@ main (int argc, char *const *argv)
{
unsigned int error_count = 0;
struct MHD_Daemon *d;
- int port;
- (void) argc; /* Unused. Silent compiler warning. */
+ uint16_t port;
const char *tls_backend;
+ (void) argc; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -288,10 +290,10 @@ main (int argc, char *const *argv)
return 77;
}
- load_keys ("mhdhost1", ABS_SRCDIR "/mhdhost1.crt",
- ABS_SRCDIR "/mhdhost1.key");
- load_keys ("mhdhost2", ABS_SRCDIR "/mhdhost2.crt",
- ABS_SRCDIR "/mhdhost2.key");
+ load_keys ("mhdhost1", SRCDIR "/mhdhost1.crt",
+ SRCDIR "/mhdhost1.key");
+ load_keys ("mhdhost2", SRCDIR "/mhdhost2.crt",
+ SRCDIR "/mhdhost2.key");
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
@@ -313,7 +315,7 @@ main (int argc, char *const *argv)
{
MHD_stop_daemon (d); return -1;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
if (0 != do_get ("https://mhdhost1/";, port))
error_count++;
diff --git a/src/testcurl/https/test_https_time_out.c
b/src/testcurl/https/test_https_time_out.c
index b9e48363..24159fcd 100644
--- a/src/testcurl/https/test_https_time_out.c
+++ b/src/testcurl/https/test_https_time_out.c
@@ -1,7 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
- Copyright (C) 2014-2021 Karlson2k (Evgeny Grin)
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -21,7 +21,7 @@
/**
* @file test_https_time_out.c
- * @brief: daemon TLS alert response test-case
+ * @brief: daemon TLS timeout test
*
* @author Sagie Amir
* @author Karlson2k (Evgeny Grin)
@@ -54,17 +54,17 @@
#endif
#include "tls_test_keys.h"
-static const int TIME_OUT = 2;
+static const unsigned int timeout_val = 2;
-static unsigned int num_connects = 0;
-static unsigned int num_disconnects = 0;
+static volatile unsigned int num_connects = 0;
+static volatile unsigned int num_disconnects = 0;
/**
* Pause execution for specified number of milliseconds.
* @param ms the number of milliseconds to sleep
*/
-void
+static void
_MHD_sleep (uint32_t ms)
{
#if defined(_WIN32)
@@ -98,31 +98,40 @@ _MHD_sleep (uint32_t ms)
}
-void
+static void
socket_cb (void *cls,
struct MHD_Connection *c,
void **socket_context,
enum MHD_ConnectionNotificationCode toe)
{
- struct sckt_notif_cb_param *param = (struct sckt_notif_cb_param *) cls;
if (NULL == socket_context)
abort ();
if (NULL == c)
abort ();
- if (NULL == param)
+ if (NULL != cls)
abort ();
if (MHD_CONNECTION_NOTIFY_STARTED == toe)
+ {
num_connects++;
+#ifdef _DEBUG
+ fprintf (stderr, "MHD: Connection has started.\n");
+#endif /* _DEBUG */
+ }
else if (MHD_CONNECTION_NOTIFY_CLOSED == toe)
+ {
num_disconnects++;
+#ifdef _DEBUG
+ fprintf (stderr, "MHD: Connection has closed.\n");
+#endif /* _DEBUG */
+ }
else
abort ();
}
-static int
-test_tls_session_time_out (gnutls_session_t session, int port)
+static unsigned int
+test_tls_session_time_out (gnutls_session_t session, uint16_t port)
{
int ret;
MHD_socket sd;
@@ -163,17 +172,21 @@ test_tls_session_time_out (gnutls_session_t session, int
port)
return 2;
}
- _MHD_sleep (TIME_OUT * 1000 + 1200);
+ _MHD_sleep (timeout_val * 1000 + 1700);
+ if (0 == num_connects)
+ {
+ fprintf (stderr, "MHD has not detected any connection attempt.\n");
+ MHD_socket_close_chk_ (sd);
+ return 4;
+ }
/* check that server has closed the connection */
- if (1 == num_disconnects)
+ if (0 == num_disconnects)
{
- fprintf (stderr, "Connection failed to time-out\n");
+ fprintf (stderr, "MHD has not detected any disconnections.\n");
MHD_socket_close_chk_ (sd);
return 1;
}
- else if (0 != num_disconnects)
- abort ();
MHD_socket_close_chk_ (sd);
return 0;
@@ -183,11 +196,11 @@ test_tls_session_time_out (gnutls_session_t session, int
port)
int
main (int argc, char *const *argv)
{
- int errorCount = 0;
+ unsigned int errorCount = 0;
struct MHD_Daemon *d;
gnutls_session_t session;
gnutls_certificate_credentials_t xcred;
- int port;
+ uint16_t port;
(void) argc; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -225,8 +238,10 @@ main (int argc, char *const *argv)
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG, port,
NULL, NULL, &http_dummy_ahc, NULL,
- MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_CONNECTION_TIMEOUT,
+ (unsigned int) timeout_val,
+ MHD_OPTION_NOTIFY_CONNECTION, &socket_cb, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
@@ -241,9 +256,10 @@ main (int argc, char *const *argv)
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
- MHD_stop_daemon (d); return -1;
+ MHD_stop_daemon (d);
+ return 99;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
if (0 != setup_session (&session, &xcred))
diff --git a/src/testcurl/https/test_tls_authentication.c
b/src/testcurl/https/test_tls_authentication.c
index 0bb87f42..51c87c0e 100644
--- a/src/testcurl/https/test_tls_authentication.c
+++ b/src/testcurl/https/test_tls_authentication.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2016-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -19,9 +20,10 @@
*/
/**
- * @file tls_authentication_test.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @file test_tls_authentication.c
+ * @brief Testcase for libmicrohttpd HTTPS GET operations with CA-signed TLS
server certificate
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
@@ -37,12 +39,12 @@
/* perform a HTTP GET request via SSL/TLS */
-static int
-test_secure_get (void *cls, char *cipher_suite, int proto_version)
+static unsigned int
+test_secure_get (void *cls, const char *cipher_suite, int proto_version)
{
- int ret;
+ unsigned int ret;
struct MHD_Daemon *d;
- int port;
+ uint16_t port;
(void) cls; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -61,7 +63,7 @@ test_secure_get (void *cls, char *cipher_suite, int
proto_version)
if (d == NULL)
{
fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
+ return 1;
}
if (0 == port)
{
@@ -69,12 +71,13 @@ test_secure_get (void *cls, char *cipher_suite, int
proto_version)
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
- MHD_stop_daemon (d); return -1;
+ MHD_stop_daemon (d);
+ return 1;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
- ret = test_daemon_get (NULL, cipher_suite, proto_version, port, 0);
+ ret = test_daemon_get (NULL, cipher_suite, proto_version, port, 1);
MHD_stop_daemon (d);
return ret;
@@ -85,8 +88,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- char *aes256_sha = "AES256-SHA";
- FILE *crt;
(void) argc;
(void) argv; /* Unused. Silent compiler warning. */
@@ -105,27 +106,11 @@ main (int argc, char *const *argv)
return 77;
}
- if (NULL == (crt = setup_ca_cert ()))
- {
- fprintf (stderr, MHD_E_TEST_FILE_CREAT);
- curl_global_cleanup ();
- return 99;
- }
- fclose (crt);
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
- test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_DEFAULT);
print_test_result (errorCount, argv[0]);
curl_global_cleanup ();
- if (0 != remove (ca_cert_file_name))
- fprintf (stderr,
- "Failed to remove `%s'\n",
- ca_cert_file_name);
return errorCount != 0 ? 1 : 0;
}
diff --git a/src/testcurl/https/test_tls_extensions.c
b/src/testcurl/https/test_tls_extensions.c
deleted file mode 100644
index 277bd010..00000000
--- a/src/testcurl/https/test_tls_extensions.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- This file is part of libmicrohttpd
- Copyright (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
- */
-
-/**
- * @file tls_extension_test.c
- * @brief: test daemon response to TLS client hello requests containing
extensions
- *
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-#include "tls_test_common.h"
-#include "mhd_sockets.h" /* only macros used */
-#ifdef MHD_HTTPS_REQUIRE_GCRYPT
-#include <gcrypt.h>
-#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
-#include "tls_test_keys.h"
-
-#define MAX_EXT_DATA_LENGTH 256
-
-/**
- * Test daemon response to TLS client hello requests containing extensions
- *
- * @param session
- * @param port
- * @param exten_t - the type of extension being appended to client hello
request
- * @param ext_count - the number of consecutive extension replicas inserted
into request
- * @param ext_length - the length of each appended extension
- * @return 0 on successful test completion, -1 otherwise
- */
-static int
-test_hello_extension (gnutls_session_t session, int port, extensions_t exten_t,
- int ext_count, int ext_length)
-{
- int i, ret = 0, pos = 0;
- MHD_socket sd;
- int exten_data_len, ciphersuite_len, datalen;
- struct sockaddr_in sa;
- char url[255];
- opaque *data = NULL;
- uint8_t session_id_len = 0;
- opaque rnd[TLS_RANDOM_SIZE];
- opaque extdata[MAX_EXT_DATA_LENGTH];
-
- /* single, null compression */
- unsigned char comp[] = { 0x01, 0x00 };
- struct CBC cbc;
-
- sd = -1;
- memset (&cbc, 0, sizeof (struct CBC));
- if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
- {
- fprintf (stderr, MHD_E_MEM);
- ret = -1;
- goto cleanup;
- }
- cbc.size = 256;
-
- sd = socket (AF_INET, SOCK_STREAM, 0);
- if (sd == -1)
- {
- fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
- free (cbc.buf);
- return -1;
- }
- memset (&sa, '\0', sizeof (struct sockaddr_in));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (port);
- sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
-
- enum MHD_GNUTLS_Protocol hver;
-
- /* init hash functions */
- session->internals.handshake_mac_handle_md5 =
- MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
- session->internals.handshake_mac_handle_sha =
- MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-
- /* version = 2 , random = [4 for unix time + 28 for random bytes] */
- datalen = 2 /* version */ + TLS_RANDOM_SIZE + (session_id_len + 1);
-
- data = MHD_gnutls_malloc (datalen);
- if (data == NULL)
- {
- free (cbc.buf);
- return -1;
- }
- hver = MHD_gtls_version_max (session);
- data[pos++] = MHD_gtls_version_get_major (hver);
- data[pos++] = MHD_gtls_version_get_minor (hver);
-
- /* Set the version we advertise as maximum (RSA uses it). */
- set_adv_version (session, MHD_gtls_version_get_major (hver),
- MHD_gtls_version_get_minor (hver));
-
- session->security_parameters.version = hver;
- session->security_parameters.timestamp = time (NULL);
-
- /* generate session client random */
- memset (session->security_parameters.client_random, 0, TLS_RANDOM_SIZE);
- gnutls_write_uint32 (time (NULL), rnd);
- if (GC_OK != MHD_gc_nonce ((char *) &rnd[4], TLS_RANDOM_SIZE - 4))
- abort ();
- memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
- memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
- pos += TLS_RANDOM_SIZE;
-
- /* Copy the Session ID */
- data[pos++] = session_id_len;
-
- /*
- * len = ciphersuite data + 2 bytes ciphersuite length \
- * 1 byte compression length + 1 byte compression data + \
- * 2 bytes extension length, extensions data
- */ciphersuite_len = MHD__gnutls_copy_ciphersuites (session, extdata,
- sizeof (extdata));
- exten_data_len = ext_count * (2 + 2 + ext_length);
- datalen += ciphersuite_len + 2 + 2 + exten_data_len;
- data = MHD_gtls_realloc_fast (data, datalen);
- memcpy (&data[pos], extdata, sizeof (ciphersuite_len));
- pos += ciphersuite_len;
-
- /* set compression */
- memcpy (&data[pos], comp, sizeof (comp));
- pos += 2;
-
- /* set extensions length = 2 type bytes + 2 length bytes + extension length
*/
- gnutls_write_uint16 (exten_data_len, &data[pos]);
- pos += 2;
- for (i = 0; i < ext_count; ++i)
- {
- /* write extension type */
- gnutls_write_uint16 (exten_t, &data[pos]);
- pos += 2;
- gnutls_write_uint16 (ext_length, &data[pos]);
- pos += 2;
- /* we might want to generate random data here */
- memset (&data[pos], 0, ext_length);
- pos += ext_length;
- }
-
- if (connect (sd, &sa, sizeof (struct sockaddr_in)) < 0)
- {
- fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
- ret = -1;
- goto cleanup;
- }
-
- gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long) sd);
-
- if (gen_test_file_url (url,
- sizeof (url),
- port))
- {
- ret = -1;
- goto cleanup;
- }
-
- /* this should crash the server */
- ret = gnutls_send_handshake (session, data, datalen,
- GNUTLS_HANDSHAKE_CLIENT_HELLO);
-
- /* advance to STATE2 */
- session->internals.handshake_state = STATE2;
- ret = gnutls_handshake (session);
- ret = gnutls_bye (session, GNUTLS_SHUT_WR);
-
- gnutls_free (data);
-
- /* make sure daemon is still functioning */
- if (CURLE_OK != send_curl_req (url, &cbc, "AES128-SHA",
- MHD_GNUTLS_PROTOCOL_TLS1_2))
- {
- ret = -1;
- goto cleanup;
- }
-
-cleanup:
- if (-1 != sd)
- MHD_socket_close_chk_ (sd);
- gnutls_free (cbc.buf);
- return ret;
-}
-
-
-int
-main (int argc, char *const *argv)
-{
- int i, errorCount = 0;
- FILE *test_fd;
- struct MHD_Daemon *d;
- gnutls_session_t session;
- gnutls_certificate_credentials_t xcred;
- const int ext_arr[] = {
- GNUTLS_EXTENSION_SERVER_NAME,
- -1
- };
- int port;
-
- if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
- port = 0;
- else
- port = 3080;
-
-#ifdef MHD_HTTPS_REQUIRE_GCRYPT
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-#ifdef GCRYCTL_INITIALIZATION_FINISHED
- gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-#endif
-#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
- MHD_gtls_global_set_log_level (11);
-
- if ((test_fd = setup_test_file ()) == NULL)
- {
- fprintf (stderr, MHD_E_TEST_FILE_CREAT);
- return -1;
- }
-
- if (! testsuite_curl_global_init ())
- return 99;
-
- d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
- | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
- | MHD_USE_ERROR_LOG, port,
- NULL, NULL, &http_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_END);
-
- if (d == NULL)
- {
- fprintf (stderr, "%s\n", MHD_E_SERVER_INIT);
- return -1;
- }
- if (0 == port)
- {
- const union MHD_DaemonInfo *dinfo;
- dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
- if ((NULL == dinfo) || (0 == dinfo->port) )
- {
- MHD_stop_daemon (d); return -1;
- }
- port = (int) dinfo->port;
- }
-
- i = 0;
- setup_session (&session, &xcred);
- errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
- teardown_session (session, xcred);
-#if 1
- i = 0;
- while (ext_arr[i] != -1)
- {
- setup_session (&session, &xcred);
- errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
- teardown_session (session, xcred);
-
- setup_session (&session, &xcred);
- errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8);
- teardown_session (session, xcred);
-
- /* this test specifically tests the issue raised in CVE-2008-1948 */
- setup_session (&session, &xcred);
- errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0);
- teardown_session (session, xcred);
- i++;
- }
-#endif
-
- print_test_result (errorCount, argv[0]);
-
- MHD_stop_daemon (d);
-
- curl_global_cleanup ();
- fclose (test_fd);
-
- return (0 == errorCount) ? 0 : 1; /* 0 == pass */
-}
diff --git a/src/testcurl/https/test_tls_options.c
b/src/testcurl/https/test_tls_options.c
index 7e15e3ca..dfd7aad4 100644
--- a/src/testcurl/https/test_tls_options.c
+++ b/src/testcurl/https/test_tls_options.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
- Copyright (C) 2007, 2010, 2016 Christian Grothoff
+ Copyright (C) 2007, 2016 Christian Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -16,92 +17,419 @@
along with libmicrohttpd; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
-*/
+ */
/**
- * @file tls_daemon_options_test.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @file test_tls_options.c
+ * @brief Testcase for libmicrohttpd HTTPS TLS version match/mismatch
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "microhttpd.h"
-#include <sys/stat.h>
-#include <limits.h>
+#include <curl/curl.h>
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
#include <gcrypt.h>
#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
#include "tls_test_common.h"
#include "tls_test_keys.h"
-int curl_check_version (const char *req_version, ...);
-
-/**
- * test server refuses to negotiate connections with unsupported protocol
versions
- *
+/*
+ * HTTP access handler call back
+ * used to query negotiated security parameters
*/
-static int
-test_unmatching_ssl_version (void *cls, int port, const char *cipher_suite,
- int curl_req_ssl_version)
+static enum MHD_Result
+simple_ahc (void *cls, struct MHD_Connection *connection,
+ const char *url, const char *method,
+ const char *version, const char *upload_data,
+ size_t *upload_data_size, void **req_cls)
{
- struct CBC cbc;
- char url[255];
- (void) cls; /* Unused. Silent compiler warning. */
- if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
+ struct MHD_Response *response;
+ enum MHD_Result ret;
+ (void) cls; (void) url; (void) method; (void) version; /* Unused. Silent
compiler warning. */
+ (void) upload_data; (void) upload_data_size; /* Unused. Silent compiler
warning. */
+
+ if (NULL == *req_cls)
{
- fprintf (stderr, "Error: failed to allocate: %s\n",
- strerror (errno));
- return -1;
+ *req_cls = (void *) &simple_ahc;
+ return MHD_YES;
}
- cbc.size = 256;
- cbc.pos = 0;
- if (gen_test_file_url (url,
+ response =
+ MHD_create_response_from_buffer_static (MHD_STATICSTR_LEN_ (EMPTY_PAGE),
+ EMPTY_PAGE);
+ ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
+ MHD_destroy_response (response);
+ return ret;
+}
+
+
+enum check_result
+{
+ CHECK_RES_OK = 0,
+ CHECK_RES_ERR = 1,
+
+ CHECK_RES_MHD_START_FAILED = 17,
+ CHECK_RES_CURL_TLS_INIT_FAIL = 18,
+ CHECK_RES_CURL_TLS_CONN_FAIL = 19,
+
+ CHECK_RES_HARD_ERROR = 99
+};
+
+static enum check_result
+check_tls_match_inner (enum know_gnutls_tls_id tls_ver_mhd,
+ enum know_gnutls_tls_id tls_ver_libcurl,
+ uint16_t *pport,
+ struct MHD_Daemon **d_ptr,
+ struct CBC *pcbc,
+ CURL **c_ptr)
+{
+ CURLcode errornum;
+ char url[256];
+ int libcurl_tls_set;
+ CURL *c;
+ struct MHD_Daemon *d;
+
+ /* setup test */
+ d =
+ MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
+ | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
+ | MHD_USE_ERROR_LOG, *pport,
+ NULL, NULL,
+ &simple_ahc, NULL,
+ MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver_mhd],
+ MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
+ fflush (stderr);
+ fflush (stdout);
+ *d_ptr = d;
+
+ if (d == NULL)
+ {
+ fprintf (stderr, "MHD_start_daemon() with %s failed.\n",
+ tls_names[tls_ver_mhd]);
+ return CHECK_RES_MHD_START_FAILED;
+ }
+ if (0 == *pport)
+ {
+ const union MHD_DaemonInfo *dinfo;
+ dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
+ if ((NULL == dinfo) || (0 == dinfo->port) )
+ {
+ fprintf (stderr, "MHD_get_daemon_info() failed.\n");
+ return CHECK_RES_ERR;
+ }
+ *pport = dinfo->port; /* Use the same port for rest of the checks */
+ }
+
+ if (0 != gen_test_uri (url,
sizeof (url),
- port))
+ *pport))
+ {
+ fprintf (stderr, "failed to generate URI.\n");
+ return CHECK_RES_CURL_TLS_INIT_FAIL;
+ }
+ c = curl_easy_init ();
+ fflush (stderr);
+ fflush (stdout);
+ *c_ptr = c;
+ if (NULL == c)
+ {
+ fprintf (stderr, "curl_easy_init() failed.\n");
+ return CHECK_RES_HARD_ERROR;
+ }
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
+#endif
+
+ if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
+ CURL_HTTP_VERSION_1_1))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer)))
||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA,
+ pcbc))) ||
+ /* TLS options */
+ /* currently skip any peer authentication */
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) ||
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
+ (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
+ {
+ fflush (stderr);
+ fflush (stdout);
+ fprintf (stderr, "Error setting libcurl option: %s.\n",
+ curl_easy_strerror (errornum));
+ return CHECK_RES_HARD_ERROR;
+ }
+ libcurl_tls_set = 0;
+#if CURL_AT_LEAST_VERSION (7,54,0)
+ if (CURL_SSLVERSION_MAX_DEFAULT !=
+ libcurl_tls_max_vers_map[tls_ver_libcurl])
+ {
+ errornum = curl_easy_setopt (c, CURLOPT_SSLVERSION,
+ libcurl_tls_vers_map[tls_ver_libcurl]
+ | libcurl_tls_max_vers_map[tls_ver_libcurl]);
+ if (CURLE_OK == errornum)
+ libcurl_tls_set = 1;
+ else
+ {
+ fprintf (stderr, "Error setting libcurl TLS version range: "
+ "%s.\nRetrying with minimum TLS version only.\n",
+ curl_easy_strerror (errornum));
+ }
+ }
+#endif /* CURL_AT_LEAST_VERSION(7,54,0) */
+ if (! libcurl_tls_set &&
+ (CURLE_OK !=
+ (errornum = curl_easy_setopt (c, CURLOPT_SSLVERSION,
+ libcurl_tls_vers_map[tls_ver_libcurl]))))
{
- free (cbc.buf);
- fprintf (stderr,
- "Internal error in gen_test_file_url\n");
- return -1;
+ fprintf (stderr, "Error setting libcurl minimum TLS version: %s.\n",
+ curl_easy_strerror (errornum));
+ return CHECK_RES_CURL_TLS_INIT_FAIL;
}
- /* assert daemon *rejected* request */
- if (CURLE_OK ==
- send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
+ errornum = curl_easy_perform (c);
+ fflush (stderr);
+ fflush (stdout);
+ if (CURLE_OK != errornum)
{
- free (cbc.buf);
- fprintf (stderr,
- "cURL failed to reject request despite SSL version mismatch!\n");
- return -1;
+ if ((CURLE_SSL_CONNECT_ERROR == errornum) ||
+ (CURLE_SSL_CIPHER == errornum))
+ {
+ fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n",
+ curl_easy_strerror (errornum));
+ return CHECK_RES_CURL_TLS_CONN_FAIL;
+
+ }
+ else
+ {
+ fprintf (stderr, "curl_easy_perform failed: '%s'\n",
+ curl_easy_strerror (errornum));
+ return CHECK_RES_ERR;
+ }
}
+ return CHECK_RES_OK;
+}
+
+
+/**
+ * negotiate a secure connection with server with specific TLS versions
+ * set for MHD and for libcurl
+ */
+static enum check_result
+check_tls_match (enum know_gnutls_tls_id tls_ver_mhd,
+ enum know_gnutls_tls_id tls_ver_libcurl,
+ uint16_t *pport)
+{
+ CURL *c;
+ struct CBC cbc;
+ enum check_result ret;
+ struct MHD_Daemon *d;
+
+ if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
+ return CHECK_RES_HARD_ERROR;
+ cbc.size = 255;
+ cbc.pos = 0;
+ d = NULL;
+ c = NULL;
+ ret = check_tls_match_inner (tls_ver_mhd, tls_ver_libcurl, pport,
+ &d, &cbc, &c);
+ fflush (stderr);
+ fflush (stdout);
+ if (NULL != d)
+ MHD_stop_daemon (d);
+ if (NULL != c)
+ curl_easy_cleanup (c);
free (cbc.buf);
- return 0;
+
+ return ret;
+}
+
+
+static unsigned int
+test_first_supported_versions (void)
+{
+ enum know_gnutls_tls_id ver_for_check; /**< TLS version used for test */
+ const gnutls_protocol_t *vers_list; /**< The list of GnuTLS supported TLS
versions */
+ uint16_t port;
+
+ if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
+ port = 0; /* Use system automatic assignment */
+ else
+ port = 3060; /* Use predefined port, may break parallel testing of
another MHD build */
+
+ vers_list = gnutls_protocol_list ();
+ if (NULL == vers_list)
+ {
+ fprintf (stderr, "Error getting GnuTLS supported TLS versions");
+ return 99;
+ }
+
+ for (ver_for_check = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_check;
+ ++ver_for_check)
+ {
+ const gnutls_protocol_t *ver_ptr; /**< The pointer to the position on
the @a vers_list */
+ enum check_result res;
+ for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr)
+ {
+ if (ver_for_check == (enum know_gnutls_tls_id) *ver_ptr)
+ break;
+ }
+ if (0 == *ver_ptr)
+ {
+ printf ("%s is not supported by GnuTLS, skipping.\n\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ continue;
+ }
+ if (CURL_SSLVERSION_LAST == libcurl_tls_vers_map[ver_for_check])
+ {
+ printf ("%s is not supported by libcurl, skipping.\n\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ continue;
+ }
+ /* Found some TLS version that supported by GnuTLS and should be supported
+ by libcurl (but in practice support depends on used TLS library) */
+
+ if (KNOWN_TLS_MIN != ver_for_check)
+ printf ("\n");
+ printf ("Starting check with MHD set to '%s' and "
+ "libcurl set to '%s' (successful connection is expected)...\n",
+ tls_names[ver_for_check], tls_names[ver_for_check]);
+ fflush (stdout);
+
+ /* Check with MHD and libcurl set to the same TLS version */
+ res = check_tls_match (ver_for_check, ver_for_check, &port);
+ if (CHECK_RES_HARD_ERROR == res)
+ {
+ fprintf (stderr, "Hard error. Test stopped.\n");
+ fflush (stderr);
+ return 99;
+ }
+ else if (CHECK_RES_ERR == res)
+ {
+ printf ("Test failed.\n");
+ fflush (stdout);
+ return 2;
+ }
+ else if (CHECK_RES_MHD_START_FAILED == res)
+ {
+ printf ("Skipping '%s' as MHD cannot be started with this setting.\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ continue;
+ }
+ else if (CHECK_RES_CURL_TLS_INIT_FAIL == res)
+ {
+ printf ("Skipping '%s' as libcurl rejected this setting.\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ continue;
+ }
+ else if (CHECK_RES_CURL_TLS_CONN_FAIL == res)
+ {
+ printf ("Skipping '%s' as it is not supported by current libcurl "
+ "and GnuTLS combination.\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ continue;
+ }
+ printf ("Connection succeeded for MHD set to '%s' and "
+ "libcurl set to '%s'.\n\n",
+ tls_names[ver_for_check], tls_names[ver_for_check]);
+
+ /* Check with libcurl set to the next TLS version relative to MHD setting
*/
+ if (KNOWN_TLS_MAX == ver_for_check)
+ {
+ printf ("Test is incomplete as the latest known TLS version ('%s') "
+ "was found as minimum working version.\nThere is no space to "
+ "advance to the next version.\nAssuming that test is fine.\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ return 0;
+ }
+ if (CURL_SSLVERSION_LAST == libcurl_tls_vers_map[ver_for_check + 1])
+ {
+ printf ("Test is incomplete as '%s' is the latest version supported "
+ "by libcurl.\nThere is no space to "
+ "advance to the next version.\nAssuming that test is fine.\n",
+ tls_names[ver_for_check]);
+ fflush (stdout);
+ return 0;
+ }
+ printf ("Starting check with MHD set to '%s' and "
+ "minimum libcurl TLS version set to '%s' "
+ "(failed connection is expected)...\n",
+ tls_names[ver_for_check], tls_names[ver_for_check + 1]);
+ fflush (stdout);
+ res = check_tls_match (ver_for_check, ver_for_check + 1,
+ &port);
+ if (CHECK_RES_HARD_ERROR == res)
+ {
+ fprintf (stderr, "Hard error. Test stopped.\n");
+ fflush (stderr);
+ return 99;
+ }
+ else if (CHECK_RES_ERR == res)
+ {
+ printf ("Test failed.\n");
+ fflush (stdout);
+ return 2;
+ }
+ else if (CHECK_RES_MHD_START_FAILED == res)
+ {
+ printf ("MHD cannot be started for the second time with "
+ "the same setting.\n");
+ fflush (stdout);
+ return 4;
+ }
+ else if (CHECK_RES_CURL_TLS_INIT_FAIL == res)
+ {
+ printf ("'%s' has been rejected by libcurl.\n"
+ "Assuming that test is fine.\n",
+ tls_names[ver_for_check + 1]);
+ fflush (stdout);
+ return 0;
+ }
+ else if (CHECK_RES_CURL_TLS_CONN_FAIL == res)
+ {
+ printf ("As expected, libcurl cannot connect to MHD when libcurl "
+ "minimum TLS version is set to '%s' while MHD TLS version set "
+ "to '%s'.\n"
+ "Test succeeded.\n",
+ tls_names[ver_for_check + 1], tls_names[ver_for_check]);
+ fflush (stdout);
+ return 0;
+ }
+ }
+
+ fprintf (stderr, "The test skipped: No know TLS versions are supported by "
+ "both MHD and libcurl.\n");
+ fflush (stderr);
+ return 77;
}
-/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
- int daemon_flags =
- MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD
- | MHD_USE_TLS | MHD_USE_ERROR_LOG;
- int port;
- const char *aes128_sha = "AES128-SHA";
- const char *aes256_sha = "AES256-SHA";
- (void) argc; (void) argv; /* Unused. Silent compiler warning. */
-
- if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
- port = 0;
- else
- port = 3010;
+ (void) argc; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
- gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
@@ -110,61 +438,21 @@ main (int argc, char *const *argv)
if (! testsuite_curl_global_init ())
return 99;
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return 77;
- }
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
+ curl_global_cleanup ();
return 77;
}
-
- if (curl_tls_is_schannel () || curl_tls_is_sectransport ())
- {
- fprintf (stderr,
- "libcurl TLS backend does not support this test. Skipping.\n");
- return 77;
- }
-
- if (curl_tls_is_nss ())
- {
- aes128_sha = "rsa_aes_128_sha";
- aes256_sha = "rsa_aes_256_sha";
- }
-
- if (0 !=
- test_wrap ("TLS1.0-AES-SHA1",
- &test_https_transfer, NULL, port, daemon_flags,
- aes128_sha,
- CURL_SSLVERSION_TLSv1,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_HTTPS_PRIORITIES,
- "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
- MHD_OPTION_END))
- {
- fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
- errorCount++;
- }
- fprintf (stderr,
- "The following handshake should fail (and print an error
message)...\n");
- if (0 !=
- test_wrap ("TLS1.1 vs TLS1.0",
- &test_unmatching_ssl_version, NULL, port, daemon_flags,
- aes256_sha,
- CURL_SSLVERSION_TLSv1_1,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_HTTPS_PRIORITIES,
- "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
- MHD_OPTION_END))
- {
- fprintf (stderr, "TLS1.1 vs TLS1.0 test failed\n");
- errorCount++;
- }
+ errorCount = test_first_supported_versions ();
+ fflush (stderr);
+ fflush (stdout);
curl_global_cleanup ();
-
+ if (77 == errorCount)
+ return 77;
+ else if (99 == errorCount)
+ return 99;
+ print_test_result (errorCount, argv[0]);
return errorCount != 0 ? 1 : 0;
}
diff --git a/src/testcurl/https/tls_test_common.c
b/src/testcurl/https/tls_test_common.c
index e23f1c4e..98d62482 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2017-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -26,45 +27,82 @@
#include "tls_test_common.h"
#include "tls_test_keys.h"
+/**
+ * Map @a know_gnutls_tls_ids values to printable names.
+ */
+const char *tls_names[KNOW_TLS_IDS_COUNT] = {
+ "Bad value",
+ "SSL version 3",
+ "TLS version 1.0",
+ "TLS version 1.1",
+ "TLS version 1.2",
+ "TLS version 1.3"
+};
-FILE *
-setup_ca_cert ()
-{
- FILE *cert_fd;
+/**
+ * Map @a know_gnutls_tls_ids values to GnuTLS priorities strings.
+ */
+const char *priorities_map[KNOW_TLS_IDS_COUNT] = {
+ "NONE",
+ "NORMAL:!VERS-ALL:+VERS-SSL3.0",
+ "NORMAL:!VERS-ALL:+VERS-TLS1.0",
+ "NORMAL:!VERS-ALL:+VERS-TLS1.1",
+ "NORMAL:!VERS-ALL:+VERS-TLS1.2",
+ "NORMAL:!VERS-ALL:+VERS-TLS1.3"
+};
- if (NULL == (cert_fd = fopen (ca_cert_file_name, "wb+")))
- {
- fprintf (stderr, "Error: failed to open `%s': %s\n",
- ca_cert_file_name, strerror (errno));
- return NULL;
- }
- if (fwrite (ca_cert_pem, sizeof (char), strlen (ca_cert_pem) + 1, cert_fd)
- != strlen (ca_cert_pem) + 1)
- {
- fprintf (stderr, "Error: failed to write `%s. %s'\n",
- ca_cert_file_name, strerror (errno));
- fclose (cert_fd);
- return NULL;
- }
- if (fflush (cert_fd))
- {
- fprintf (stderr, "Error: failed to flush ca cert file stream. %s\n",
- strerror (errno));
- fclose (cert_fd);
- return NULL;
- }
- return cert_fd;
-}
+/**
+ * Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value.
+ */
+const long libcurl_tls_vers_map[KNOW_TLS_IDS_COUNT] = {
+ CURL_SSLVERSION_LAST, /* bad value */
+ CURL_SSLVERSION_SSLv3,
+#if CURL_AT_LEAST_VERSION (7,34,0)
+ CURL_SSLVERSION_TLSv1_0,
+#else /* CURL VER < 7.34.0 */
+ CURL_SSLVERSION_TLSv1, /* TLS 1.0 or later */
+#endif /* CURL VER < 7.34.0 */
+#if CURL_AT_LEAST_VERSION (7,34,0)
+ CURL_SSLVERSION_TLSv1_1,
+#else /* CURL VER < 7.34.0 */
+ CURL_SSLVERSION_LAST, /* bad value, not supported by this libcurl version */
+#endif /* CURL VER < 7.34.0 */
+#if CURL_AT_LEAST_VERSION (7,34,0)
+ CURL_SSLVERSION_TLSv1_2,
+#else /* CURL VER < 7.34.0 */
+ CURL_SSLVERSION_LAST, /* bad value, not supported by this libcurl version */
+#endif /* CURL VER < 7.34.0 */
+#if CURL_AT_LEAST_VERSION (7,52,0)
+ CURL_SSLVERSION_TLSv1_3
+#else /* CURL VER < 7.34.0 */
+ CURL_SSLVERSION_LAST /* bad value, not supported by this libcurl version */
+#endif /* CURL VER < 7.34.0 */
+};
+
+#if CURL_AT_LEAST_VERSION (7,54,0)
+/**
+ * Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value
+ * for maximum supported TLS version.
+ */
+const long libcurl_tls_max_vers_map[KNOW_TLS_IDS_COUNT] = {
+ CURL_SSLVERSION_MAX_DEFAULT, /* bad value */
+ CURL_SSLVERSION_MAX_DEFAULT, /* SSLv3 */
+ CURL_SSLVERSION_MAX_TLSv1_0,
+ CURL_SSLVERSION_MAX_TLSv1_1,
+ CURL_SSLVERSION_MAX_TLSv1_2,
+ CURL_SSLVERSION_MAX_TLSv1_3
+};
+#endif /* CURL_AT_LEAST_VERSION(7,54,0) */
/*
* test HTTPS transfer
*/
-int
+unsigned int
test_daemon_get (void *cls,
const char *cipher_suite,
int proto_version,
- int port,
+ uint16_t port,
int ver_peer)
{
CURL *c;
@@ -79,18 +117,18 @@ test_daemon_get (void *cls,
if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
{
fprintf (stderr, MHD_E_MEM);
- return -1;
+ return 1;
}
cbc.size = len;
cbc.pos = 0;
/* construct url - this might use doc_path */
- gen_test_file_url (url,
- sizeof (url),
- port);
+ gen_test_uri (url,
+ sizeof (url),
+ port);
c = curl_easy_init ();
-#if DEBUG_HTTPS_TEST
+#ifdef _DEBUG
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_URL, url))) ||
@@ -100,7 +138,7 @@ test_daemon_get (void *cls,
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION,
©Buffer))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FILE, &cbc))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
{
@@ -108,14 +146,15 @@ test_daemon_get (void *cls,
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return e;
+ return 1;
}
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* perform peer authentication */
/* TODO merge into send_curl_req */
@@ -127,16 +166,17 @@ test_daemon_get (void *cls,
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return e;
+ return 1;
}
if (ver_peer &&
- (CURLE_OK != curl_easy_setopt (c, CURLOPT_CAINFO, ca_cert_file_name)))
+ (CURLE_OK !=
+ (e = curl_easy_setopt (c, CURLOPT_CAINFO, ca_cert_file_name))))
{
fprintf (stderr, "HTTPS curl_easy_setopt failed: `%s'\n",
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return e;
+ return 1;
}
if (CURLE_OK != (errornum = curl_easy_perform (c)))
{
@@ -144,16 +184,16 @@ test_daemon_get (void *cls,
curl_easy_strerror (errornum));
curl_easy_cleanup (c);
free (cbc.buf);
- return errornum;
+ return 1;
}
curl_easy_cleanup (c);
if (memcmp (cbc.buf, test_data, len) != 0)
{
- fprintf (stderr, "Error: local file & received file differ.\n");
+ fprintf (stderr, "Error: local data & received data differ.\n");
free (cbc.buf);
- return -1;
+ return 1;
}
free (cbc.buf);
@@ -162,15 +202,13 @@ test_daemon_get (void *cls,
void
-print_test_result (int test_outcome,
- char *test_name)
+print_test_result (unsigned int test_outcome,
+ const char *test_name)
{
if (test_outcome != 0)
fprintf (stderr,
"running test: %s [fail: %u]\n",
- test_name, (unsigned
- int)
- test_outcome);
+ test_name, test_outcome);
#if 0
else
fprintf (stdout,
@@ -189,7 +227,10 @@ copyBuffer (void *ptr,
struct CBC *cbc = ctx;
if (cbc->pos + size * nmemb > cbc->size)
+ {
+ fprintf (stderr, "Server data does not fit buffer.\n");
return 0; /* overflow */
+ }
memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
cbc->pos += size * nmemb;
return size * nmemb;
@@ -264,7 +305,7 @@ http_dummy_ahc (void *cls,
* @return
*/
/* TODO have test wrap consider a NULL cbc */
-int
+CURLcode
send_curl_req (char *url,
struct CBC *cbc,
const char *cipher_suite,
@@ -274,8 +315,8 @@ send_curl_req (char *url,
CURLcode errornum;
CURLcode e;
c = curl_easy_init ();
-#if DEBUG_HTTPS_TEST
- curl_easy_setopt (c, CURLOPT_VERBOSE, CURL_VERBOS_LEVEL);
+#ifdef _DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_URL, url))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
@@ -296,7 +337,7 @@ send_curl_req (char *url,
{
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION,
©Buffer))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FILE, cbc))))
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEDATA, cbc))))
{
fprintf (stderr, "curl_easy_setopt failed: `%s'\n",
curl_easy_strerror (e));
@@ -308,8 +349,9 @@ send_curl_req (char *url,
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* currently skip any peer authentication */
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))))
@@ -334,86 +376,44 @@ send_curl_req (char *url,
/**
- * compile test file url pointing to the current running directory path
+ * compile test URI
*
- * @param[out] url - char buffer into which the url is compiled
- * @param url_len number of bytes available in url
+ * @param[out] uri - char buffer into which the url is compiled
+ * @param uri_len number of bytes available in @a url
* @param port port to use for the test
- * @return -1 on error
+ * @return 1 on error
*/
-int
-gen_test_file_url (char *url,
- size_t url_len,
- int port)
+unsigned int
+gen_test_uri (char *uri,
+ size_t uri_len,
+ uint16_t port)
{
- int ret = 0;
- char *doc_path;
- size_t doc_path_len;
- /* setup test file path, url */
-#ifdef PATH_MAX
- doc_path_len = PATH_MAX > 4096 ? 4096 : PATH_MAX;
-#else /* ! PATH_MAX */
- doc_path_len = 4096;
-#endif /* ! PATH_MAX */
-#ifdef WINDOWS
- size_t i;
-#endif /* ! WINDOWS */
- if (NULL == (doc_path = malloc (doc_path_len)))
- {
- fprintf (stderr, MHD_E_MEM);
- return -1;
- }
- if (NULL == getcwd (doc_path, doc_path_len))
- {
- fprintf (stderr,
- "Error: failed to get working directory. %s\n",
- strerror (errno));
- free (doc_path);
- return -1;
- }
-#ifdef WINDOWS
- for (i = 0; i < doc_path_len; i++)
- {
- if (doc_path[i] == 0)
- break;
- if (doc_path[i] == '\\')
- {
- doc_path[i] = '/';
- }
- if (doc_path[i] != ':')
- continue;
- if (i == 0)
- break;
- doc_path[i] = doc_path[i - 1];
- doc_path[i - 1] = '/';
- }
-#endif
- /* construct url */
- if (snprintf (url,
- url_len,
- "%s:%d%s/%s",
- "https://127.0.0.1";,
- port,
- doc_path,
- "urlpath") >= (long long) url_len)
- ret = -1;
-
- free (doc_path);
- return ret;
+ int res;
+
+ res = snprintf (uri,
+ uri_len,
+ "https://127.0.0.1:%u/urlpath";,
+ (unsigned int) port);
+ if (res <= 0)
+ return 1;
+ if ((size_t) res >= uri_len)
+ return 1;
+
+ return 0;
}
/**
- * test HTTPS file transfer
+ * test HTTPS data transfer
*/
-int
+unsigned int
test_https_transfer (void *cls,
- int port,
+ uint16_t port,
const char *cipher_suite,
int proto_version)
{
- int len;
- int ret = 0;
+ size_t len;
+ unsigned int ret = 0;
struct CBC cbc;
char url[255];
(void) cls; /* Unused. Silent compiler warning. */
@@ -422,34 +422,34 @@ test_https_transfer (void *cls,
if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
{
fprintf (stderr, MHD_E_MEM);
- return -1;
+ return 1;
}
cbc.size = len;
cbc.pos = 0;
- if (gen_test_file_url (url,
- sizeof (url),
- port))
+ if (gen_test_uri (url,
+ sizeof (url),
+ port))
{
- ret = -1;
+ ret = 1;
goto cleanup;
}
if (CURLE_OK !=
send_curl_req (url, &cbc, cipher_suite, proto_version))
{
- ret = -1;
+ ret = 1;
goto cleanup;
}
- /* compare test file & daemon response */
+ /* compare test data & daemon response */
if ( (len != strlen (test_data)) ||
(memcmp (cbc.buf,
test_data,
len) != 0) )
{
- fprintf (stderr, "Error: local file & received file differ.\n");
- ret = -1;
+ fprintf (stderr, "Error: original data & received data differ.\n");
+ ret = 1;
}
cleanup:
free (cbc.buf);
@@ -465,9 +465,9 @@ cleanup:
* @param arg_list
* @return port number on success or zero on failure
*/
-int
-setup_testcase (struct MHD_Daemon **d, int port, int daemon_flags, va_list
- arg_list)
+static uint16_t
+setup_testcase (struct MHD_Daemon **d, uint16_t port, unsigned int
daemon_flags,
+ va_list arg_list)
{
*d = MHD_start_daemon_va (daemon_flags, port,
NULL, NULL, &http_ahc, NULL, arg_list);
@@ -487,21 +487,21 @@ setup_testcase (struct MHD_Daemon **d, int port, int
daemon_flags, va_list
MHD_stop_daemon (*d);
return 0;
}
- port = (int) dinfo->port;
+ port = dinfo->port;
}
return port;
}
-void
+static void
teardown_testcase (struct MHD_Daemon *d)
{
MHD_stop_daemon (d);
}
-int
+unsigned int
setup_session (gnutls_session_t *session,
gnutls_certificate_credentials_t *xcred)
{
@@ -522,11 +522,11 @@ setup_session (gnutls_session_t *session,
}
gnutls_deinit (*session);
}
- return -1;
+ return 1;
}
-int
+unsigned int
teardown_session (gnutls_session_t session,
gnutls_certificate_credentials_t xcred)
{
@@ -537,14 +537,15 @@ teardown_session (gnutls_session_t session,
/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) */
-int
-test_wrap (const char *test_name, int
- (*test_function)(void *cls, int port, const char *cipher_suite,
+unsigned int
+test_wrap (const char *test_name, unsigned int
+ (*test_function)(void *cls, uint16_t port, const char *cipher_suite,
int proto_version), void *cls,
- int port,
- int daemon_flags, const char *cipher_suite, int proto_version, ...)
+ uint16_t port,
+ unsigned int daemon_flags, const char *cipher_suite,
+ int proto_version, ...)
{
- int ret;
+ unsigned int ret;
va_list arg_list;
struct MHD_Daemon *d;
(void) cls; /* Unused. Silent compiler warning. */
@@ -555,7 +556,7 @@ test_wrap (const char *test_name, int
{
va_end (arg_list);
fprintf (stderr, "Failed to setup testcase %s\n", test_name);
- return -1;
+ return 1;
}
#if 0
fprintf (stdout, "running test: %s ", test_name);
diff --git a/src/testcurl/https/tls_test_common.h
b/src/testcurl/https/tls_test_common.h
index a10f31e7..dc4be451 100644
--- a/src/testcurl/https/tls_test_common.h
+++ b/src/testcurl/https/tls_test_common.h
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2017-2022 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -28,12 +29,16 @@
#include <limits.h>
#include <gnutls/gnutls.h>
-/* this enables verbos CURL version checking */
-#define DEBUG_HTTPS_TEST 0
-#define CURL_VERBOS_LEVEL 0
+#ifndef CURL_VERSION_BITS
+#define CURL_VERSION_BITS(x,y,z) ((x) << 16 | (y) << 8 | (z))
+#endif /* ! CURL_VERSION_BITS */
+#ifndef CURL_AT_LEAST_VERSION
+#define CURL_AT_LEAST_VERSION(x,y,z) \
+ (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS (x, y, z))
+#endif /* ! CURL_AT_LEAST_VERSION */
#define test_data "Hello World\n"
-#define ca_cert_file_name "tmp_ca_cert.pem"
+#define ca_cert_file_name SRCDIR "/test-ca.crt"
#define EMPTY_PAGE \
"<html><head><title>Empty page</title></head><body>Empty page</body></html>"
@@ -48,11 +53,60 @@
#define MHD_E_FAILED_TO_CONNECT \
"Error: server connection could not be established\n"
-/* TODO rm if unused */
+#ifndef MHD_STATICSTR_LEN_
+/**
+ * Determine length of static string / macro strings at compile time.
+ */
+#define MHD_STATICSTR_LEN_(macro) (sizeof(macro) / sizeof(char) - 1)
+#endif /* ! MHD_STATICSTR_LEN_ */
+
+
+/* The local copy if GnuTLS IDs to avoid long #ifdefs list with various
+ * GnuTLS versions */
+/**
+ * The list of know (at the moment of writing) GnuTLS IDs of TLS versions.
+ * Can be safely casted to/from @a gnutls_protocol_t.
+ */
+enum know_gnutls_tls_id
+{
+ KNOWN_BAD = 0, /**< No TLS */
+ KNOWN_TLS_SSLv3 = 1, /**< GNUTLS_SSL3 */
+ KNOWN_TLS_V1_0 = 2, /**< GNUTLS_TLS1_0 */
+ KNOWN_TLS_V1_1 = 3, /**< GNUTLS_TLS1_1 */
+ KNOWN_TLS_V1_2 = 4, /**< GNUTLS_TLS1_2 */
+ KNOWN_TLS_V1_3 = 5, /**< GNUTLS_TLS1_3 */
+ KNOWN_TLS_MIN = KNOWN_TLS_SSLv3, /**< Minimum valid value */
+ KNOWN_TLS_MAX = KNOWN_TLS_V1_3 /**< Maximum valid value */
+};
+
+#define KNOW_TLS_IDS_COUNT 6 /* KNOWN_TLS_MAX + 1 */
+/**
+ * Map @a know_gnutls_tls_ids values to printable names.
+ */
+extern const char *tls_names[KNOW_TLS_IDS_COUNT];
+
+/**
+ * Map @a know_gnutls_tls_ids values to GnuTLS priorities strings.
+ */
+extern const char *priorities_map[KNOW_TLS_IDS_COUNT];
+
+/**
+ * Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value.
+ */
+extern const long libcurl_tls_vers_map[KNOW_TLS_IDS_COUNT];
+
+#if CURL_AT_LEAST_VERSION (7,54,0)
+/**
+ * Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value
+ * for maximum supported TLS version.
+ */
+extern const long libcurl_tls_max_vers_map[KNOW_TLS_IDS_COUNT];
+#endif /* CURL_AT_LEAST_VERSION(7,54,0) */
+
struct https_test_data
{
void *cls;
- int port;
+ uint16_t port;
const char *cipher_suite;
int proto_version;
};
@@ -64,16 +118,6 @@ struct CBC
size_t size;
};
-struct CipherDef
-{
- int options[2];
- char *curlname;
-};
-
-
-int
-curl_check_version (const char *req_version, ...);
-
int
curl_tls_is_gnutls (void);
@@ -89,19 +133,17 @@ curl_tls_is_schannel (void);
int
curl_tls_is_sectransport (void);
-FILE *
-setup_ca_cert (void);
-
/**
* perform cURL request for file
*/
-int
+unsigned int
test_daemon_get (void *cls,
const char *cipher_suite, int proto_version,
- int port, int ver_peer);
+ uint16_t port, int ver_peer);
void
-print_test_result (int test_outcome, char *test_name);
+print_test_result (unsigned int test_outcome,
+ const char *test_name);
size_t
copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx);
@@ -119,48 +161,45 @@ http_dummy_ahc (void *cls, struct MHD_Connection
*connection,
/**
- * compile test file url pointing to the current running directory path
+ * compile test URI
*
- * @param[out] url - char buffer into which the url is compiled
- * @param url_len number of bytes available in @a url
+ * @param[out] uri - char buffer into which the url is compiled
+ * @param uri_len number of bytes available in @a url
* @param port port to use for the test
- * @return -1 on error
+ * @return 1 on error
*/
-int
-gen_test_file_url (char *url,
- size_t url_len,
- int port);
-
-int
-send_curl_req (char *url, struct CBC *cbc, const char *cipher_suite,
+unsigned int
+gen_test_uri (char *uri,
+ size_t uri_len,
+ uint16_t port);
+
+CURLcode
+send_curl_req (char *url,
+ struct CBC *cbc,
+ const char *cipher_suite,
int proto_version);
-int
-test_https_transfer (void *cls, int port, const char *cipher_suite, int
- proto_version);
-
-int
-setup_testcase (struct MHD_Daemon **d, int port, int daemon_flags, va_list
- arg_list);
-
-void
-teardown_testcase (struct MHD_Daemon *d);
-
+unsigned int
+test_https_transfer (void *cls,
+ uint16_t port,
+ const char *cipher_suite,
+ int proto_version);
-int
+unsigned int
setup_session (gnutls_session_t *session,
gnutls_certificate_credentials_t *xcred);
-int
+unsigned int
teardown_session (gnutls_session_t session,
gnutls_certificate_credentials_t xcred);
-int
-test_wrap (const char *test_name, int
- (*test_function)(void *cls, int port, const char *cipher_suite,
+unsigned int
+test_wrap (const char *test_name, unsigned int
+ (*test_function)(void *cls, uint16_t port, const char *cipher_suite,
int proto_version), void *cls,
- int port,
- int daemon_flags, const char *cipher_suite, int proto_version, ...);
+ uint16_t port,
+ unsigned int daemon_flags, const char *cipher_suite,
+ int proto_version, ...);
int testsuite_curl_global_init (void);
diff --git a/src/testcurl/https/tls_test_keys.h
b/src/testcurl/https/tls_test_keys.h
index 53e2151d..ccb7a338 100644
--- a/src/testcurl/https/tls_test_keys.h
+++ b/src/testcurl/https/tls_test_keys.h
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2006, 2007, 2008 Christian Grothoff (and other contributing
authors)
+ Copyright (C) 2021-2022 Evgeny Grin (Karlson2k)
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -127,52 +128,56 @@
OT1qAbIblaRuWqCsid8BzP7ZQiAnAWgMRSUg1gzDwSwRhrYQRRWAyn/Qipzec+27\n\
-----END CERTIFICATE-----";
/* test server self signed certificates */
-static const char srv_self_signed_cert_pem[] = "-----BEGIN CERTIFICATE-----\n"
-
"MIIC+jCCAeSgAwIBAgIES0KCvTALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
-
"dF9jYV9jZXJ0MB4XDTEwMDEwNTAwMDcyNVoXDTQ1MDMxMjAwMDcyNVowFzEVMBMG\n"
-
"A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n"
-
"tDEagv3p9OUhUL55jMucxjNK9N5cuozhcnrwDfBSU6oVrqm5kPqO1I7Cggzw68Y5\n"
-
"jhTcBi4FXmYOZppm1R3MhSJ5JSi/67Q7X4J5rnJLXYGN27qjMpnoGQ/2xmsNG/is\n"
-
"i+h/2vbtPU+WP9SEJnTfPLLpZ7KqCAk7FUUzKsuLx3/SOKtdkrWxPKwYTgnDEN6D\n"
-
"JL7tEzCnG5DFc4mQ7YW9PaRdC3rS1T8PvQ3jB2BUnohM0cFvKRuiU35tU7h7CPbL\n"
-
"4L66VglXoiwqmgcrwI2U968bD0+wRQ5c5bzNoshJOzN6CTMh1IhbklSh/Z6FA/e8\n"
-
"hj0yVo2tdllXuJGVs3PIEwIDAQABo1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQM\n"
-
"MAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFDfU7pAv9LYn\n"
-
"n7jb4WHl4+Vgi2FnMAsGCSqGSIb3DQEBBQOCAQEAkaembPQMmv6OOjbIod8zTatr\n"
-
"x5Bwkwp3TOE1NRyy2OytzFIYRUkNrZYlcmrxcbNNycIK41CNVXbriFCF8gcmIq9y\n"
-
"vaKZn8Gcy+vGggv+1BP9IAPBGKRwSi0wmq9JoGE8hx+qqTpRSdfbM/cps/09hicO\n"
-
"0EIR7kWEbvnpMBcMKYOtYE9Gce7rdSMWVAsKc174xn8vW6TxCUvmWFv5DPg5HG1v\n"
-
"y1SUX73qafRo+W6FN4UC/DHfwRhF8RSKEnVbmgDVCs6GHdKBjU2qRgYyj6nWZqK1\n"
-
"XFUTWgia+Fl3D9vlsXaFcSZKA0Bq1eojl0B0AfeYAxTFwPWXscKvt/bXZfH8bg==\n"
- "-----END CERTIFICATE-----\n";
+static const char srv_self_signed_cert_pem[] =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDJzCCAg+gAwIBAgIUOKf6e6Heee2XA+yF5St3t+fVM40wDQYJKoZIhvcNAQEF\n"
+ "BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIyMTAxMDA4MzQ0N1oYDzIxMjIw\n"
+ "OTE2MDgzNDQ3WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB\n"
+ "AQUAA4IBDwAwggEKAoIBAQClivgF8Xq0ekQli++0l7Q5JFwJCuLf04Cb1UKIS80U\n"
+ "CfphFd1ILJepNw4bWR3OV1sRI1vFiw6LnCz53vOwVNyiZ+sMGi4bDX4AV9Xd+F83\n"
+ "xhG8AjOmKTayW0TxSIvt47Qd5S/4fgraxMtvqrRRBen30iKOwX7uNF/4dYb9vdin\n"
+ "OldV/e8uzbqSurMGkNDznOeSaNBmdO/7x0VMFZM2hwmHyiiw75/j4BhUlLCcMEvK\n"
+ "oN+YHNCNcTt3Qm1vVuiGXmh9QreOV09Gc1SzAltxF2gmI0jzw8r/duz18QXMNsMw\n"
+ "El/Ah4+02gR70L7qlgttN1NPU3RJpK/L34J7yg649wHTAgMBAAGjbzBtMB0GA1Ud\n"
+ "DgQWBBROVferD+YYcV1YEnFgC0jYm5X9BjAfBgNVHSMEGDAWgBROVferD+YYcV1Y\n"
+ "EnFgC0jYm5X9BjAPBgNVHRMBAf8EBTADAQH/MBoGA1UdEQQTMBGCCWxvY2FsaG9z\n"
+ "dIcEfwAAATANBgkqhkiG9w0BAQUFAAOCAQEAoRbozsm5xXdNX3VO++s2LMzw5KM9\n"
+ "RpIInHNkMJbnyLJFKJ8DF7nTxSGCA38YMkX3tphPNKZXbg+V64Dqr/XpzOVyiinU\n"
+ "7hIwyUdSSKKyErZxIWR97lY6Q3SOyPAg8ZElbtvSsSzmd772VE23VTXGDi7AW0PQ\n"
+ "hag9N2EEnHURMvID15O+UXyFpDdyUyQIbx3HuswsGDH9xBTm4irLyrZwO0KwKg5a\n"
+ "JBeUiPs0SYRRfn9/MoE6VwAnmOCg3LLR6ZPU3hQtTPLHj2Op1g5fey3X3X6lC+JC\n"
+ "K6dNZc1zBFPz8KANGUsFYbmoP2bvAAA+6KwCnZZEflUgE7/HFEmQhVOezw==\n"
+ "-----END CERTIFICATE-----\n";
/* test server key */
-static const char srv_key_pem[] = "-----BEGIN RSA PRIVATE KEY-----\n"
-
"MIIEpAIBAAKCAQEAtDEagv3p9OUhUL55jMucxjNK9N5cuozhcnrwDfBSU6oVrqm5\n"
-
"kPqO1I7Cggzw68Y5jhTcBi4FXmYOZppm1R3MhSJ5JSi/67Q7X4J5rnJLXYGN27qj\n"
-
"MpnoGQ/2xmsNG/isi+h/2vbtPU+WP9SEJnTfPLLpZ7KqCAk7FUUzKsuLx3/SOKtd\n"
-
"krWxPKwYTgnDEN6DJL7tEzCnG5DFc4mQ7YW9PaRdC3rS1T8PvQ3jB2BUnohM0cFv\n"
-
"KRuiU35tU7h7CPbL4L66VglXoiwqmgcrwI2U968bD0+wRQ5c5bzNoshJOzN6CTMh\n"
-
"1IhbklSh/Z6FA/e8hj0yVo2tdllXuJGVs3PIEwIDAQABAoIBAAEtcg+LFLGtoxjq\n"
-
"b+tFttBJfbRcfdG6ocYqBGmUXF+MgFs573DHX3sHNOQxlaNHtSgIclF1eYgNZFFt\n"
-
"VLIoBFTzfEQXoFosPUDoEuqVMeXLttmD7P2jwL780XJLZ4Xj6GY07npq1iGBcEZf\n"
-
"yCcdoyGkr9jgc5Auyis8DStGg/jfUBC4NBvF0GnuuNPAdYRPKUpKw9EatI+FdMjy\n"
-
"BuroD90fhdkK8EwMEVb9P17bdIc1MCIZFpUE9YHjVdK/oxCUhQ8KRfdbI4JU5Zh3\n"
-
"UtO6Jm2wFuP3VmeVpPvE/C2rxI70pyl6HMSiFGNc0rhJYCQ+yhohWj7nZ67H4vLx\n"
-
"plv5LxkCgYEAz7ewou8oFafDAMNoxaqKudvUg+lxXewdLDKaYBF5ACi9uAPCJ+v7\n"
-
"M5c/fvPFn/XHzo7xaXbtTAH3Z5xzBs+80OsvL+e1Ut4xR+ELRkybknh/s2wQeABk\n"
-
"Kb0vA59ukQGj12LV5phZMaVoXe6KJ7hZnN62d3K6m1wGE/k58i4pPLUCgYEA3hN8\n"
-
"G95zW7g0jVdSr+KUeVmephph9yh8Yb+3I3ojwOIv6d45TopGx8pFZlnBAMZf1ZQx\n"
-
"DIhzJNnaqZy/4w7RNaOGWnPA/5f+MIoHBiLGEEmfHC3lt087Yp9OuwDUHwpETYdV\n"
-
"o+KBCvVh60Et3bZUgF/1k/3YXxn8J5dsmJsjNqcCgYBLflyRa1BrRnTGMz9CEDCp\n"
-
"Si9b3h1Y4Hbd2GppHhCXMTd6yMrpDYhYANGQB3M9Juv+s88j4JhwNoq/uonH4Pqk\n"
-
"B8Y3qAQr4RuSH0WkwDUOsALhqBX4N1QwI1USAQEDbNAqeP5698X7GD3tXcQSmZrg\n"
-
"O8WfdjBCRNjkq4EW9xX/vQKBgQDONtmwJ0iHiu2BseyeVo/4fzfKlgUSNQ4K1rOA\n"
-
"xhIdMeu8Bxa/z7caHsGC4SVPSuYCtbE2Kh6BwapChcPJXCD45fgEViiJLuJiwEj1\n"
-
"caTpyvNsf1IoffJvCe9ZxtMyX549P8ZOgC3Dt0hN5CBrGLwu2Ox5l+YrqT10pi+5\n"
-
"JZX1UQKBgQCrcXrdkkDAc/a4+PxNRpJRLcU4fhv8/lr+UWItE8eUe7bd25bTQfQm\n"
-
"VpNKc/kAJ66PjIED6fy3ADhd2y4naT2a24uAgQ/M494J68qLnGh6K4JU/09uxR2v\n"
-
"1i2q/4FNLdFFk1XP4iNnTHRLZ+NYr2p5Y9RcvQfTjOauz8Ahav0lyg==\n"
- "-----END RSA PRIVATE KEY-----\n";
+static const char srv_self_signed_key_pem[] =
+ "-----BEGIN PRIVATE KEY-----\n"
+ "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClivgF8Xq0ekQl\n"
+ "i++0l7Q5JFwJCuLf04Cb1UKIS80UCfphFd1ILJepNw4bWR3OV1sRI1vFiw6LnCz5\n"
+ "3vOwVNyiZ+sMGi4bDX4AV9Xd+F83xhG8AjOmKTayW0TxSIvt47Qd5S/4fgraxMtv\n"
+ "qrRRBen30iKOwX7uNF/4dYb9vdinOldV/e8uzbqSurMGkNDznOeSaNBmdO/7x0VM\n"
+ "FZM2hwmHyiiw75/j4BhUlLCcMEvKoN+YHNCNcTt3Qm1vVuiGXmh9QreOV09Gc1Sz\n"
+ "AltxF2gmI0jzw8r/duz18QXMNsMwEl/Ah4+02gR70L7qlgttN1NPU3RJpK/L34J7\n"
+ "yg649wHTAgMBAAECggEAERbbCtYGakoy7cNX8Ac3Kiz4OVC/4gZWAQBPeX2FwrtS\n"
+ "9yHIMbK0x1mxIZ6eBpabBpZlW2vDCSOKuxLKiloAWt2qdJnhR5apesSWhe8leT7/\n"
+ "xq5dgZpAlMH6SIRKObknd2yY+qicW0A0licDrVeUcypkueL8xP9wJtiPInOuQXkI\n"
+ "QROhB13eStRuRKYwOn5gtwAHJ+J1DFKKiqpBOkrSYf4625StGegJO9+bjK0ei+0W\n"
+ "tp6unpiwA/lXTgz6Xim1Z3fzWs4XjFgVKzK5s/6yBJjr8spHX6lv7QsahP4w6HZ/\n"
+ "VcRxP6cJNd/otiTEtJXpbxiiyccwXm/AOcOn22P1cQKBgQDAnY/0G/ap/G98pneE\n"
+ "suzNXhWOQ8JoL8d66Io8vwTvfiJggfgUcwblI7pPCrSlaZMR7/q6JImE53lZtPk8\n"
+ "eI3c9lN0ocr8E7+huDpYdk7cMYj9SuxySsXoMLiMqzHFi+NcIhKMF56kk6a5CFCt\n"
+ "yP1Ofy76LVweGE3XvTwpwE7wUQKBgQDcBLyH1cC71s0I0Gz28AyELV9hPhasjAKO\n"
+ "12CVbeBVTPd+28uk/3o80wSrTksc6H5ehAA2aTvrb4OhwssWNL+D0fS8YK2cJ3V0\n"
+ "FJxGAM266+vC4d/8jRTHJnc+6PP3ix5t6vAt+K2Y0fePtefLqf4ebgXx/ODAj3J2\n"
+ "aZKBldjK4wKBgGIRFpTLk/eR/dUyEBHw4x3gdAsdtqJDCUYrlQ4+ly20Q55tLbiD\n"
+ "pBQP77CEm9rH+MgeLcKODbIsBB3HRUojet7wTydHpMhY6a1V1ebqPVZgpgWIGwBJ\n"
+ "z59bBusf0lRo15Y2Bslq0SurvSvh7um8NjO8D1fytj7gUumvgC0lq0sxAoGBAI1+\n"
+ "kkx9IBTtIDER8XGhkTsT/uoHxwcyh5abVmbjIclZ1TUFX2L+Vft17ePJVy8BKfvY\n"
+ "wlY7uShBMBNAteDTDXNV/CGFv0DUc4myk4nFjIkwng9XufeuN3WX/Eo+AF/rXSdt\n"
+ "VwcJjYLhTWdjoe1tppqlQTeN3HCaEA+s92ZVGvXnAoGAMCXGS6WZl1e5wsHRq0Yy\n"
+ "8Ef2Wrk620bBjKHolkTfvgfhlvxeZM1sv1ioZGsOeQ0z7O7wdJhvL0M/WAG+3yQj\n"
+ "HSXp81T1vOICPwNYZf8xcvbLKmvj7rHFt6ZAZF2o4EK8ReZTRyA3DUpBCDY+s3FN\n"
+ "GmBv0D7N3QP0CT3SzfQrPkc=\n"
+ "-----END PRIVATE KEY-----\n";
#endif
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (30ef790c -> c930fe1a),
gnunet <=
- [libmicrohttpd] 04/31: testcurl/https: stopped CA file creation/removal, gnunet, 2022/10/10
- [libmicrohttpd] 05/31: testcurl/https: removed explicit cipher setting, gnunet, 2022/10/10
- [libmicrohttpd] 01/31: Removed curl_version_check, gnunet, 2022/10/10
- [libmicrohttpd] 07/31: test_https_session_info: fixed compiler warning with old libcurl, gnunet, 2022/10/10
- [libmicrohttpd] 12/31: test_https_time_out: second attempt to really check something with this test, gnunet, 2022/10/10
- [libmicrohttpd] 02/31: testcurl/https: fixed functions declarations, gnunet, 2022/10/10
- [libmicrohttpd] 03/31: testcurl/https: fixed compiler warnings, wrong types, gnunet, 2022/10/10
- [libmicrohttpd] 06/31: testcurl/https: do not enforce TLSv1, gnunet, 2022/10/10
- [libmicrohttpd] 08/31: testcurl/https: removed usage of deprecated libcurl parameter, gnunet, 2022/10/10
- [libmicrohttpd] 10/31: test_https_get_parallel{,_threads}: removed artificial delay, gnunet, 2022/10/10