[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (c930fe1a -> 778e2a03)
From: |
gnunet |
Subject: |
[libmicrohttpd] branch master updated (c930fe1a -> 778e2a03) |
Date: |
Thu, 13 Oct 2022 08:40:40 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from c930fe1a testcurl/https: updated copyright year in modified files,
fixed some doxy
new 4ccbeb54 testcurl/https: handle libcurl with missing custom CA support
new 094e2bbe testcurl/https: enabled parallel make
new ce538bc1 mhd_assert: use "DEBUG" macro defined by some toolchains
new 6e95c305 TLS: use application-specific system-wide configuration with
fallbacks
new c8b0bf56 testcurl/https/Makefile.am: removed bad whitespace
new 0b977681 Added new MHD option to append TLS priorities string
new f8502a2e testcurl/https: added test for
MHD_OPTION_HTTPS_PRIORITIES_APPEND
new 1689be3a daemon: merged processing of two similar options
new 9f659a60 daemon: added reporting of the position of problem in
priorities string
new 778e2a03 testcurl/https: minor improvements
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/include/microhttpd.h | 27 ++-
src/microhttpd/daemon.c | 322 +++++++++++++++++++++++++--
src/microhttpd/mhd_assert.h | 4 +
src/testcurl/https/Makefile.am | 7 +-
src/testcurl/https/test_https_get.c | 7 +
src/testcurl/https/test_https_get_iovec.c | 9 +-
src/testcurl/https/test_https_multi_daemon.c | 42 +++-
src/testcurl/https/test_https_session_info.c | 11 +-
src/testcurl/https/test_https_sni.c | 2 +-
src/testcurl/https/test_tls_authentication.c | 37 ++-
src/testcurl/https/test_tls_options.c | 2 +-
src/testcurl/https/tls_test_common.c | 78 ++++++-
src/testcurl/https/tls_test_common.h | 38 +++-
13 files changed, 538 insertions(+), 48 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 63afc9e0..13bfa554 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097540
+#define MHD_VERSION 0x00097542
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -1732,8 +1732,15 @@ enum MHD_OPTION
MHD_OPTION_HTTPS_CRED_TYPE = 10,
/**
- * Memory pointer to a `const char *` specifying the
- * cipher algorithm (default: "NORMAL").
+ * Memory pointer to a `const char *` specifying the GnuTLS priorities
string.
+ * If this options is not specified, then MHD will try the following strings:
+ * * "@LIBMICROHTTPD" (application-specific system-wide configuration)
+ * * "@SYSTEM" (system-wide configuration)
+ * * default GnuTLS priorities string
+ * * "NORMAL"
+ * The first configuration accepted by GnuTLS will be used.
+ * For more details see GnuTLS documentation for "Application-specific
+ * priority strings".
*/
MHD_OPTION_HTTPS_PRIORITIES = 11,
@@ -2018,7 +2025,19 @@ enum MHD_OPTION
* When not specified, default value #MHD_DAUTH_BIND_NONCE_NONE is used.
* @note Available since #MHD_VERSION 0x00097531
*/
- MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE = 36
+ MHD_OPTION_DIGEST_AUTH_NONCE_BIND_TYPE = 36,
+
+ /**
+ * Memory pointer to a `const char *` specifying the GnuTLS priorities to be
+ * appended to default priorities.
+ * This allow some specific options to be enabled/disabled, while leaving
+ * the rest of the settings to their defaults.
+ * The string does not have to start with a colon ':' character.
+ * See #MHD_OPTION_HTTPS_PRIORITIES description for details of automatic
+ * default priorities.
+ * @note Available since #MHD_VERSION 0x00097542
+ */
+ MHD_OPTION_HTTPS_PRIORITIES_APPEND = 37
} _MHD_FIXED_ENUM;
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 25571f61..8fb64410 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -5892,6 +5892,269 @@ parse_options (struct MHD_Daemon *daemon,
}
+#ifdef HTTPS_SUPPORT
+/**
+ * Type of GnuTLS priorities base string
+ */
+enum MHD_TlsPrioritiesBaseType
+{
+ MHD_TLS_PRIO_BASE_LIBMHD = 0, /**< @c "@LIBMICROHTTPD" */
+ MHD_TLS_PRIO_BASE_SYSTEM = 1, /**< @c "@SYSTEM" */
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+ MHD_TLS_PRIO_BASE_DEFAULT, /**< Default priorities string */
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+ MHD_TLS_PRIO_BASE_NORMAL /**< @c "NORMAL */
+};
+
+static const struct _MHD_cstr_w_len MHD_TlsBasePriotities[] = {
+ _MHD_S_STR_W_LEN ("@LIBMICROHTTPD"),
+ _MHD_S_STR_W_LEN ("@SYSTEM"),
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+ {NULL, 0},
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+ _MHD_S_STR_W_LEN ("NORMAL")
+};
+
+/**
+ * Initialise TLS priorities with default settings
+ * @param daemon the daemon to initialise TLS priorities
+ * @return true on success, false on error
+ */
+static bool
+daemon_tls_priorities_init_default (struct MHD_Daemon *daemon)
+{
+ unsigned int p;
+ int res;
+
+ mhd_assert (0 != (((unsigned int) daemon->options) & MHD_USE_TLS));
+ mhd_assert (NULL == daemon->priority_cache);
+ mhd_assert (MHD_TLS_PRIO_BASE_NORMAL + 1 == \
+ sizeof(MHD_TlsBasePriotities) /
sizeof(MHD_TlsBasePriotities[0]));
+
+ for (p = 0;
+ p < sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]);
+ ++p)
+ {
+ res = gnutls_priority_init (&daemon->priority_cache,
+ MHD_TlsBasePriotities[p].str, NULL);
+ if (GNUTLS_E_SUCCESS == res)
+ {
+#ifdef _DEBUG
+#ifdef HAVE_MESSAGES
+ switch ((enum MHD_TlsPrioritiesBaseType) p)
+ {
+ case MHD_TLS_PRIO_BASE_LIBMHD:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "@LIBMICROHTTPD application-specific system-wide " \
+ "configuration.\n") );
+ break;
+ case MHD_TLS_PRIO_BASE_SYSTEM:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "@SYSTEM system-wide configuration.\n") );
+ break;
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+ case MHD_TLS_PRIO_BASE_DEFAULT:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "GnuTLS default configuration.\n") );
+ break;
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+ case MHD_TLS_PRIO_BASE_NORMAL:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "NORMAL configuration.\n") );
+ break;
+ default:
+ mhd_assert (0);
+ }
+#endif /* HAVE_MESSAGES */
+#endif /* _DEBUG */
+ return true;
+ }
+ }
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("Failed to set GnuTLS priorities. Last error: %s\n"),
+ gnutls_strerror (res));
+#endif /* HAVE_MESSAGES */
+ return false;
+}
+
+
+/**
+ * The inner helper function for #daemon_tls_priorities_init_app().
+ * @param daemon the daemon to use
+ * @param prio the appication-specified appendix for default priorities
+ * @param prio_len the length of @a prio
+ * @param buf the temporal buffer for string manipulations
+ * @param buf_size the size of the @a buf
+ * @return true on success, false on error
+ */
+static bool
+daemon_tls_priorities_init_append_inner_ (struct MHD_Daemon *daemon,
+ const char *prio,
+ size_t prio_len,
+ char *buf,
+ const size_t buf_size)
+{
+ unsigned int p;
+ int res;
+ const char *err_pos;
+
+ (void) buf_size; /* Mute compiler warning for non-Debug builds */
+ mhd_assert (0 != (((unsigned int) daemon->options) & MHD_USE_TLS));
+ mhd_assert (NULL == daemon->priority_cache);
+ mhd_assert (MHD_TLS_PRIO_BASE_NORMAL + 1 == \
+ sizeof(MHD_TlsBasePriotities) /
sizeof(MHD_TlsBasePriotities[0]));
+
+ for (p = 0;
+ p < sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]);
+ ++p)
+ {
+
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+#if GNUTLS_VERSION_NUMBER >= 0x030603
+ if (NULL == MHD_TlsBasePriotities[p].str)
+ res = gnutls_priority_init2 (&daemon->priority_cache, prio, &err_pos,
+ GNUTLS_PRIORITY_INIT_DEF_APPEND);
+ else
+#else \
+ /* 0x030300 <= GNUTLS_VERSION_NUMBER && GNUTLS_VERSION_NUMBER < 0x030603 */
+ if (NULL == MHD_TlsBasePriotities[p].str)
+ continue; /* Skip the value, no way to append priorities to the default
string */
+ else
+#endif /* GNUTLS_VERSION_NUMBER < 0x030603 */
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+ if (1)
+ {
+ size_t buf_pos;
+
+ mhd_assert (NULL != MHD_TlsBasePriotities[p].str);
+ buf_pos = 0;
+ memcpy (buf + buf_pos, MHD_TlsBasePriotities[p].str,
+ MHD_TlsBasePriotities[p].len);
+ buf_pos += MHD_TlsBasePriotities[p].len;
+ buf[buf_pos++] = ':';
+ memcpy (buf + buf_pos, prio, prio_len + 1);
+#ifdef _DEBUG
+ buf_pos += prio_len + 1;
+ mhd_assert (buf_size >= buf_pos);
+#endif /* _DEBUG */
+ res = gnutls_priority_init (&daemon->priority_cache, buf, &err_pos);
+ }
+ if (GNUTLS_E_SUCCESS == res)
+ {
+#ifdef _DEBUG
+#ifdef HAVE_MESSAGES
+ switch ((enum MHD_TlsPrioritiesBaseType) p)
+ {
+ case MHD_TLS_PRIO_BASE_LIBMHD:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "priorities specified by application appended to " \
+ "@LIBMICROHTTPD application-specific system-wide " \
+ "configuration.\n") );
+ break;
+ case MHD_TLS_PRIO_BASE_SYSTEM:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "priorities specified by application appended to " \
+ "@SYSTEM system-wide configuration.\n") );
+ break;
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+ case MHD_TLS_PRIO_BASE_DEFAULT:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "priorities specified by application appended to " \
+ "GnuTLS default configuration.\n") );
+ break;
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+ case MHD_TLS_PRIO_BASE_NORMAL:
+ MHD_DLOG (daemon,
+ _ ("GnuTLS priorities have been initialised with " \
+ "priorities specified by application appended to " \
+ "NORMAL configuration.\n") );
+ break;
+ default:
+ mhd_assert (0);
+ }
+#endif /* HAVE_MESSAGES */
+#endif /* _DEBUG */
+ return true;
+ }
+ }
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("Failed to set GnuTLS priorities. Last error: %s. " \
+ "The problematic part starts at: %s\n"),
+ gnutls_strerror (res), err_pos);
+#endif /* HAVE_MESSAGES */
+ return false;
+}
+
+
+#define LOCAL_BUFF_SIZE 128
+
+/**
+ * Initialise TLS priorities with default settings with application-specified
+ * appended string.
+ * @param daemon the daemon to initialise TLS priorities
+ * @param prio the application specified priorities to be appended to
+ * the GnuTLS standard priorities string
+ * @return true on success, false on error
+ */
+static bool
+daemon_tls_priorities_init_append (struct MHD_Daemon *daemon, const char *prio)
+{
+ static const size_t longest_base_prio = MHD_TlsBasePriotities[0].len;
+ bool ret;
+ size_t prio_len;
+ size_t buf_size_needed;
+
+ if (NULL == prio)
+ return daemon_tls_priorities_init_default (daemon);
+
+ if (':' == prio[0])
+ ++prio;
+
+ prio_len = strlen (prio);
+
+ buf_size_needed = longest_base_prio + 1 + prio_len + 1;
+
+ if (LOCAL_BUFF_SIZE >= buf_size_needed)
+ {
+ char local_buffer[LOCAL_BUFF_SIZE];
+ ret = daemon_tls_priorities_init_append_inner_ (daemon, prio, prio_len,
+ local_buffer,
+ LOCAL_BUFF_SIZE);
+ }
+ else
+ {
+ char *allocated_buffer;
+ allocated_buffer = (char *) malloc (buf_size_needed);
+ if (NULL == allocated_buffer)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("Error allocating memory: %s\n"),
+ MHD_strerror_ (errno));
+#endif
+ return false;
+ }
+ ret = daemon_tls_priorities_init_append_inner_ (daemon, prio, prio_len,
+ allocated_buffer,
+ buf_size_needed);
+ free (allocated_buffer);
+ }
+ return ret;
+}
+
+
+#endif /* HTTPS_SUPPORT */
+
+
/**
* Parse a list of options given as varargs.
*
@@ -6153,25 +6416,41 @@ parse_options_va (struct MHD_Daemon *daemon,
#endif
break;
case MHD_OPTION_HTTPS_PRIORITIES:
+ case MHD_OPTION_HTTPS_PRIORITIES_APPEND:
pstr = va_arg (ap,
const char *);
if (0 != (daemon->options & MHD_USE_TLS))
{
- int init_res;
- gnutls_priority_deinit (daemon->priority_cache);
- init_res = gnutls_priority_init (&daemon->priority_cache,
- pstr,
- NULL);
- if (GNUTLS_E_SUCCESS != init_res)
+ if (NULL != daemon->priority_cache)
+ gnutls_priority_deinit (daemon->priority_cache);
+
+ if (MHD_OPTION_HTTPS_PRIORITIES == opt)
{
+ int init_res;
+ const char *err_pos;
+ init_res = gnutls_priority_init (&daemon->priority_cache,
+ pstr,
+ &err_pos);
+ if (GNUTLS_E_SUCCESS != init_res)
+ {
#ifdef HAVE_MESSAGES
- MHD_DLOG (daemon,
- _ ("Setting priorities to `%s' failed: %s\n"),
- pstr,
- gnutls_strerror (init_res));
+ MHD_DLOG (daemon,
+ _ ("Setting priorities to '%s' failed: %s " \
+ "The problematic part starts at: %s\n"),
+ pstr,
+ gnutls_strerror (init_res),
+ err_pos);
#endif
+ daemon->priority_cache = NULL;
+ return MHD_NO;
+ }
+ }
+ else
+ {
+ /* The cache has been deinited */
daemon->priority_cache = NULL;
- return MHD_NO;
+ if (! daemon_tls_priorities_init_append (daemon, pstr))
+ return MHD_NO;
}
}
#ifdef HAVE_MESSAGES
@@ -6419,6 +6698,7 @@ parse_options_va (struct MHD_Daemon *daemon,
case MHD_OPTION_HTTPS_MEM_TRUST:
case MHD_OPTION_HTTPS_MEM_DHPARAMS:
case MHD_OPTION_HTTPS_PRIORITIES:
+ case MHD_OPTION_HTTPS_PRIORITIES_APPEND:
case MHD_OPTION_ARRAY:
case MHD_OPTION_HTTPS_CERT_CALLBACK:
case MHD_OPTION_HTTPS_CERT_CALLBACK2:
@@ -6653,7 +6933,6 @@ setup_epoll_to_listen (struct MHD_Daemon *daemon)
#endif
-
/**
* Start a webserver on the given port.
*
@@ -6775,12 +7054,6 @@ MHD_start_daemon_va (unsigned int flags,
/* try to open listen socket */
#ifdef HTTPS_SUPPORT
daemon->priority_cache = NULL;
- if (0 != (*pflags & MHD_USE_TLS))
- {
- gnutls_priority_init (&daemon->priority_cache,
- "NORMAL",
- NULL);
- }
#endif /* HTTPS_SUPPORT */
daemon->listen_fd = MHD_INVALID_SOCKET;
daemon->listen_is_unix = _MHD_NO;
@@ -6857,6 +7130,19 @@ MHD_start_daemon_va (unsigned int flags,
free (daemon);
return NULL;
}
+#ifdef HTTPS_SUPPORT
+ if ((0 != (*pflags & MHD_USE_TLS))
+ && (NULL == daemon->priority_cache)
+ && ! daemon_tls_priorities_init_default (daemon))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _ ("Failed to initialise GnuTLS priorities.\n"));
+#endif /* HAVE_MESSAGES */
+ free (daemon);
+ return NULL;
+ }
+#endif /* HTTPS_SUPPORT */
#ifdef HAVE_MESSAGES
if ( (0 != (flags & MHD_USE_THREAD_PER_CONNECTION)) &&
diff --git a/src/microhttpd/mhd_assert.h b/src/microhttpd/mhd_assert.h
index 9513f12e..b24ce93d 100644
--- a/src/microhttpd/mhd_assert.h
+++ b/src/microhttpd/mhd_assert.h
@@ -32,7 +32,11 @@
#include "mhd_options.h"
#if ! defined(_DEBUG) && ! defined(NDEBUG)
+#ifndef DEBUG /* Used by some toolchains */
#define NDEBUG 1 /* Use NDEBUG by default */
+#else /* DEBUG */
+#define _DEBUG 1
+#endif /* DEBUG */
#endif /* !_DEBUG && !NDEBUG */
#if defined(_DEBUG) && defined(NDEBUG)
#error Both _DEBUG and NDEBUG are defined
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
index 6b9962b3..324076ef 100644
--- a/src/testcurl/https/Makefile.am
+++ b/src/testcurl/https/Makefile.am
@@ -3,7 +3,7 @@ EMPTY_ITEM =
SUBDIRS = .
-.NOTPARALLEL:
+@HEAVY_TESTS_NOTPARALLEL@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
@@ -29,7 +29,7 @@ if HAVE_GNUTLS_SNI
endif
if HAVE_POSIX_THREADS
- HTTPS_PARALLEL_TESTS = \
+HTTPS_PARALLEL_TESTS = \
test_https_get_parallel \
test_https_get_parallel_threads
endif
@@ -40,6 +40,7 @@ THREAD_ONLY_TESTS = \
$(HTTPS_PARALLEL_TESTS) \
$(TEST_HTTPS_SNI) \
test_https_session_info \
+ test_https_session_info_append \
test_https_multi_daemon \
test_https_get \
test_empty_response \
@@ -119,6 +120,8 @@ test_https_session_info_SOURCES = \
tls_test_common.h \
tls_test_common.c
+test_https_session_info_append_SOURCES = $(test_https_session_info_SOURCES)
+
test_https_multi_daemon_SOURCES = \
test_https_multi_daemon.c \
tls_test_keys.h \
diff --git a/src/testcurl/https/test_https_get.c
b/src/testcurl/https/test_https_get.c
index b18fc878..f3f0e1f5 100644
--- a/src/testcurl/https/test_https_get.c
+++ b/src/testcurl/https/test_https_get.c
@@ -143,6 +143,12 @@ curlExcessFound (CURL *c,
const size_t str_size = strlen (excess_found);
(void) c; /* Unused. Silence compiler warning. */
+#ifdef _DEBUG
+ if ((CURLINFO_TEXT == type) ||
+ (CURLINFO_HEADER_IN == type) ||
+ (CURLINFO_HEADER_OUT == type))
+ fprintf (stderr, "%.*s", (int) size, data);
+#endif /* _DEBUG */
if ((CURLINFO_TEXT == type)
&& (size >= str_size)
&& (0 == strncmp (excess_found, data, str_size)))
@@ -196,6 +202,7 @@ testEmptyGet (unsigned int poll_flag)
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/");
+ curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_easy_setopt (c, CURLOPT_PORT, (long) global_port);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
diff --git a/src/testcurl/https/test_https_get_iovec.c
b/src/testcurl/https/test_https_get_iovec.c
index 0df4bf65..33a2e326 100644
--- a/src/testcurl/https/test_https_get_iovec.c
+++ b/src/testcurl/https/test_https_get_iovec.c
@@ -201,7 +201,7 @@ test_secure_get (FILE *test_fd,
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
else
- port = 3041;
+ port = 3045;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
@@ -301,6 +301,12 @@ curlExcessFound (CURL *c,
const size_t str_size = strlen (excess_found);
(void) c; /* Unused. Silence compiler warning. */
+#ifdef _DEBUG
+ if ((CURLINFO_TEXT == type) ||
+ (CURLINFO_HEADER_IN == type) ||
+ (CURLINFO_HEADER_OUT == type))
+ fprintf (stderr, "%.*s", (int) size, data);
+#endif /* _DEBUG */
if ((CURLINFO_TEXT == type)
&& (size >= str_size)
&& (0 == strncmp (excess_found, data, str_size)))
@@ -355,6 +361,7 @@ testEmptyGet (unsigned int poll_flag)
#endif
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/");
curl_easy_setopt (c, CURLOPT_PORT, (long) global_port);
+ curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
curl_easy_setopt (c, CURLOPT_DEBUGFUNCTION, &curlExcessFound);
diff --git a/src/testcurl/https/test_https_multi_daemon.c
b/src/testcurl/https/test_https_multi_daemon.c
index 8ffef656..b7b9b065 100644
--- a/src/testcurl/https/test_https_multi_daemon.c
+++ b/src/testcurl/https/test_https_multi_daemon.c
@@ -47,12 +47,12 @@ test_concurent_daemon_pair (void *cls,
int proto_version)
{
unsigned int ret;
+ enum test_get_result res;
struct MHD_Daemon *d1;
struct MHD_Daemon *d2;
uint16_t port1, port2;
(void) cls; /* Unused. Silent compiler warning. */
-
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port1 = port2 = 0;
else
@@ -115,15 +115,42 @@ test_concurent_daemon_pair (void *cls,
port2 = (int) dinfo->port;
}
- ret =
+ res =
test_daemon_get (NULL, cipher_suite, proto_version, port1, 0);
- ret +=
+ ret = (unsigned int) res;
+ if ((TEST_GET_HARD_ERROR == res) ||
+ (TEST_GET_CURL_GEN_ERROR == res))
+ {
+ fprintf (stderr, "libcurl error.\nTest aborted.\n");
+ MHD_stop_daemon (d2);
+ MHD_stop_daemon (d1);
+ return 99;
+ }
+
+ res =
test_daemon_get (NULL, cipher_suite, proto_version,
port2, 0);
+ ret += (unsigned int) res;
+ if ((TEST_GET_HARD_ERROR == res) ||
+ (TEST_GET_CURL_GEN_ERROR == res))
+ {
+ fprintf (stderr, "libcurl error.\nTest aborted.\n");
+ MHD_stop_daemon (d2);
+ MHD_stop_daemon (d1);
+ return 99;
+ }
MHD_stop_daemon (d2);
- ret +=
+ res =
test_daemon_get (NULL, cipher_suite, proto_version, port1, 0);
+ ret += (unsigned int) res;
+ if ((TEST_GET_HARD_ERROR == res) ||
+ (TEST_GET_CURL_GEN_ERROR == res))
+ {
+ fprintf (stderr, "libcurl error.\nTest aborted.\n");
+ MHD_stop_daemon (d1);
+ return 99;
+ }
MHD_stop_daemon (d1);
return ret;
}
@@ -132,7 +159,7 @@ test_concurent_daemon_pair (void *cls,
int
main (int argc, char *const *argv)
{
- unsigned int errorCount = 0;
+ unsigned int errorCount;
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -150,11 +177,14 @@ main (int argc, char *const *argv)
return 77;
}
- errorCount +=
+ errorCount =
test_concurent_daemon_pair (NULL, NULL, CURL_SSLVERSION_DEFAULT);
print_test_result (errorCount, "concurent_daemon_pair");
curl_global_cleanup ();
+ if (99 == errorCount)
+ return 99;
+
return errorCount != 0 ? 1 : 0;
}
diff --git a/src/testcurl/https/test_https_session_info.c
b/src/testcurl/https/test_https_session_info.c
index bad47b1c..084ffe67 100644
--- a/src/testcurl/https/test_https_session_info.c
+++ b/src/testcurl/https/test_https_session_info.c
@@ -35,6 +35,9 @@
#include "tls_test_common.h"
#include "tls_test_keys.h"
+
+static int test_append_prio;
+
/*
* HTTP access handler call back
* used to query negotiated security parameters
@@ -113,7 +116,12 @@ test_query_session (enum know_gnutls_tls_id tls_ver,
uint16_t *pport)
| MHD_USE_ERROR_LOG, *pport,
NULL, NULL,
&query_info_ahc, &found_tls_ver,
- MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver],
+ test_append_prio ?
+ MHD_OPTION_HTTPS_PRIORITIES_APPEND :
+ MHD_OPTION_HTTPS_PRIORITIES,
+ test_append_prio ?
+ priorities_append_map[tls_ver] :
+ priorities_map[tls_ver],
MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
@@ -344,6 +352,7 @@ main (int argc, char *const *argv)
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
+ test_append_prio = has_in_name (argv[0], "_append");
if (! testsuite_curl_global_init ())
return 99;
diff --git a/src/testcurl/https/test_https_sni.c
b/src/testcurl/https/test_https_sni.c
index 573bf637..c4e94007 100644
--- a/src/testcurl/https/test_https_sni.c
+++ b/src/testcurl/https/test_https_sni.c
@@ -264,7 +264,7 @@ main (int argc, char *const *argv)
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
else
- port = 3060;
+ port = 3065;
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
diff --git a/src/testcurl/https/test_tls_authentication.c
b/src/testcurl/https/test_tls_authentication.c
index 51c87c0e..56b61c99 100644
--- a/src/testcurl/https/test_tls_authentication.c
+++ b/src/testcurl/https/test_tls_authentication.c
@@ -42,7 +42,7 @@
static unsigned int
test_secure_get (void *cls, const char *cipher_suite, int proto_version)
{
- unsigned int ret;
+ enum test_get_result ret;
struct MHD_Daemon *d;
uint16_t port;
(void) cls; /* Unused. Silent compiler warning. */
@@ -50,7 +50,7 @@ test_secure_get (void *cls, const char *cipher_suite, int
proto_version)
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
else
- port = 3070;
+ port = 3075;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
@@ -80,14 +80,28 @@ test_secure_get (void *cls, const char *cipher_suite, int
proto_version)
ret = test_daemon_get (NULL, cipher_suite, proto_version, port, 1);
MHD_stop_daemon (d);
- return ret;
+ if (TEST_GET_HARD_ERROR == ret)
+ return 99;
+ if (TEST_GET_CURL_GEN_ERROR == ret)
+ {
+ fprintf (stderr, "libcurl error.\nTest aborted.\n");
+ return 99;
+ }
+ if ((TEST_GET_CURL_CA_ERROR == ret) ||
+ (TEST_GET_CURL_NOT_IMPLT == ret))
+ {
+ fprintf (stderr, "libcurl TLS backend does not support custom CA.\n"
+ "Test skipped.\n");
+ return 77;
+ }
+ return TEST_GET_OK == ret ? 0 : 1;
}
int
main (int argc, char *const *argv)
{
- unsigned int errorCount = 0;
+ unsigned int errorCount;
(void) argc;
(void) argv; /* Unused. Silent compiler warning. */
@@ -105,12 +119,25 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
+#if ! CURL_AT_LEAST_VERSION (7,60,0)
+ if (curl_tls_is_schannel ())
+ {
+ fprintf (stderr, "libcurl before version 7.60.0 does not support "
+ "custom CA with Schannel backend.\nTest skipped.\n");
+ curl_global_cleanup ();
+ return 77;
+ }
+#endif /* ! CURL_AT_LEAST_VERSION(7,60,0) */
- errorCount +=
+ errorCount =
test_secure_get (NULL, NULL, CURL_SSLVERSION_DEFAULT);
print_test_result (errorCount, argv[0]);
curl_global_cleanup ();
+ if (77 == errorCount)
+ return 77;
+ if (99 == errorCount)
+ return 77;
return errorCount != 0 ? 1 : 0;
}
diff --git a/src/testcurl/https/test_tls_options.c
b/src/testcurl/https/test_tls_options.c
index dfd7aad4..09e0c9c9 100644
--- a/src/testcurl/https/test_tls_options.c
+++ b/src/testcurl/https/test_tls_options.c
@@ -267,7 +267,7 @@ test_first_supported_versions (void)
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0; /* Use system automatic assignment */
else
- port = 3060; /* Use predefined port, may break parallel testing of
another MHD build */
+ port = 3080; /* Use predefined port, may break parallel testing of
another MHD build */
vers_list = gnutls_protocol_list ();
if (NULL == vers_list)
diff --git a/src/testcurl/https/tls_test_common.c
b/src/testcurl/https/tls_test_common.c
index 98d62482..f28f2fb2 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -23,7 +23,9 @@
* @file tls_test_common.c
* @brief Common tls test functions
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
+#include <string.h>
#include "tls_test_common.h"
#include "tls_test_keys.h"
@@ -51,6 +53,18 @@ const char *priorities_map[KNOW_TLS_IDS_COUNT] = {
"NORMAL:!VERS-ALL:+VERS-TLS1.3"
};
+/**
+ * Map @a know_gnutls_tls_ids values to GnuTLS priorities append strings.
+ */
+const char *priorities_append_map[KNOW_TLS_IDS_COUNT] = {
+ "NONE",
+ "!VERS-ALL:+VERS-SSL3.0",
+ "!VERS-ALL:+VERS-TLS1.0",
+ "!VERS-ALL:+VERS-TLS1.1",
+ "!VERS-ALL:+VERS-TLS1.2",
+ "!VERS-ALL:+VERS-TLS1.3"
+};
+
/**
* Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value.
@@ -98,7 +112,7 @@ const long libcurl_tls_max_vers_map[KNOW_TLS_IDS_COUNT] = {
/*
* test HTTPS transfer
*/
-unsigned int
+enum test_get_result
test_daemon_get (void *cls,
const char *cipher_suite,
int proto_version,
@@ -117,7 +131,7 @@ test_daemon_get (void *cls,
if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
{
fprintf (stderr, MHD_E_MEM);
- return 1;
+ return TEST_GET_HARD_ERROR;
}
cbc.size = len;
cbc.pos = 0;
@@ -146,7 +160,7 @@ test_daemon_get (void *cls,
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return 1;
+ return TEST_GET_CURL_GEN_ERROR;
}
/* TLS options */
@@ -166,7 +180,7 @@ test_daemon_get (void *cls,
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return 1;
+ return TEST_GET_CURL_GEN_ERROR;
}
if (ver_peer &&
(CURLE_OK !=
@@ -176,7 +190,7 @@ test_daemon_get (void *cls,
curl_easy_strerror (e));
curl_easy_cleanup (c);
free (cbc.buf);
- return 1;
+ return TEST_GET_CURL_CA_ERROR;
}
if (CURLE_OK != (errornum = curl_easy_perform (c)))
{
@@ -184,7 +198,15 @@ test_daemon_get (void *cls,
curl_easy_strerror (errornum));
curl_easy_cleanup (c);
free (cbc.buf);
- return 1;
+ if ((CURLE_SSL_CACERT_BADFILE == errornum)
+#if CURL_AT_LEAST_VERSION (7,21,5)
+ || (CURLE_NOT_BUILT_IN == errornum)
+#endif /* CURL_AT_LEAST_VERSION (7,21,5) */
+ )
+ return TEST_GET_CURL_CA_ERROR;
+ if (CURLE_OUT_OF_MEMORY == errornum)
+ return TEST_GET_HARD_ERROR;
+ return TEST_GET_ERROR;
}
curl_easy_cleanup (c);
@@ -193,11 +215,11 @@ test_daemon_get (void *cls,
{
fprintf (stderr, "Error: local data & received data differ.\n");
free (cbc.buf);
- return 1;
+ return TEST_GET_TRANSFER_ERROR;
}
free (cbc.buf);
- return 0;
+ return TEST_GET_OK;
}
@@ -718,3 +740,43 @@ testsuite_curl_global_init (void)
}
return 1;
}
+
+
+/**
+ * Check whether program name contains specific @a marker string.
+ * Only last component in pathname is checked for marker presence,
+ * all leading directories names (if any) are ignored. Directories
+ * separators are handled correctly on both non-W32 and W32
+ * platforms.
+ * @param prog_name program name, may include path
+ * @param marker marker to look for.
+ * @return zero if any parameter is NULL or empty string or
+ * @prog_name ends with slash or @marker is not found in
+ * program name, non-zero if @maker is found in program
+ * name.
+ */
+int
+has_in_name (const char *prog_name, const char *marker)
+{
+ size_t name_pos;
+ size_t pos;
+
+ if (! prog_name || ! marker || ! prog_name[0] || ! marker[0])
+ return 0;
+
+ pos = 0;
+ name_pos = 0;
+ while (prog_name[pos])
+ {
+ if ('/' == prog_name[pos])
+ name_pos = pos + 1;
+#if defined(_WIN32) || defined(__CYGWIN__)
+ else if ('\\' == prog_name[pos])
+ name_pos = pos + 1;
+#endif /* _WIN32 || __CYGWIN__ */
+ pos++;
+ }
+ if (name_pos == pos)
+ return 0;
+ return strstr (prog_name + name_pos, marker) != (char *) 0;
+}
diff --git a/src/testcurl/https/tls_test_common.h
b/src/testcurl/https/tls_test_common.h
index dc4be451..998467f4 100644
--- a/src/testcurl/https/tls_test_common.h
+++ b/src/testcurl/https/tls_test_common.h
@@ -90,6 +90,11 @@ extern const char *tls_names[KNOW_TLS_IDS_COUNT];
*/
extern const char *priorities_map[KNOW_TLS_IDS_COUNT];
+/**
+ * Map @a know_gnutls_tls_ids values to GnuTLS priorities append strings.
+ */
+extern const char *priorities_append_map[KNOW_TLS_IDS_COUNT];
+
/**
* Map @a know_gnutls_tls_ids values to libcurl @a CURLOPT_SSLVERSION value.
*/
@@ -133,10 +138,25 @@ curl_tls_is_schannel (void);
int
curl_tls_is_sectransport (void);
+
+enum test_get_result
+{
+ TEST_GET_OK = 0,
+ TEST_GET_ERROR = 1,
+
+ TEST_GET_MHD_ERROR = 16,
+ TEST_GET_TRANSFER_ERROR = 17,
+
+ TEST_GET_CURL_GEN_ERROR = 32,
+ TEST_GET_CURL_CA_ERROR = 33,
+ TEST_GET_CURL_NOT_IMPLT = 34,
+
+ TEST_GET_HARD_ERROR = 999
+};
/**
* perform cURL request for file
*/
-unsigned int
+enum test_get_result
test_daemon_get (void *cls,
const char *cipher_suite, int proto_version,
uint16_t port, int ver_peer);
@@ -203,4 +223,20 @@ test_wrap (const char *test_name, unsigned int
int testsuite_curl_global_init (void);
+/**
+ * Check whether program name contains specific @a marker string.
+ * Only last component in pathname is checked for marker presence,
+ * all leading directories names (if any) are ignored. Directories
+ * separators are handled correctly on both non-W32 and W32
+ * platforms.
+ * @param prog_name program name, may include path
+ * @param marker marker to look for.
+ * @return zero if any parameter is NULL or empty string or
+ * @prog_name ends with slash or @marker is not found in
+ * program name, non-zero if @maker is found in program
+ * name.
+ */
+int
+has_in_name (const char *prog_name, const char *marker);
+
#endif /* TLS_TEST_COMMON_H_ */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (c930fe1a -> 778e2a03),
gnunet <=
- [libmicrohttpd] 01/10: testcurl/https: handle libcurl with missing custom CA support, gnunet, 2022/10/13
- [libmicrohttpd] 04/10: TLS: use application-specific system-wide configuration with fallbacks, gnunet, 2022/10/13
- [libmicrohttpd] 03/10: mhd_assert: use "DEBUG" macro defined by some toolchains, gnunet, 2022/10/13
- [libmicrohttpd] 05/10: testcurl/https/Makefile.am: removed bad whitespace, gnunet, 2022/10/13
- [libmicrohttpd] 09/10: daemon: added reporting of the position of problem in priorities string, gnunet, 2022/10/13
- [libmicrohttpd] 08/10: daemon: merged processing of two similar options, gnunet, 2022/10/13
- [libmicrohttpd] 02/10: testcurl/https: enabled parallel make, gnunet, 2022/10/13
- [libmicrohttpd] 06/10: Added new MHD option to append TLS priorities string, gnunet, 2022/10/13
- [libmicrohttpd] 07/10: testcurl/https: added test for MHD_OPTION_HTTPS_PRIORITIES_APPEND, gnunet, 2022/10/13
- [libmicrohttpd] 10/10: testcurl/https: minor improvements, gnunet, 2022/10/13