commit 141a8e702c0d145de85abc7fd1f9d11363fa24a7
parent 54e83ba5ee023873390e84b11bb6abddc6e4e373
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Sun, 12 Dec 2021 17:31:39 +0300
test_https_time_out: additional fixes
Fixed possible abort on SIGPIPE.
Avoid meaningless test results reports (-1 was mapped to unsigned value).
Check GnuTLS functions results.
Correctly initialize GnuTLS session.
Diffstat:
4 files changed, 59 insertions(+), 70 deletions(-)
diff --git a/src/testcurl/https/test_https_time_out.c b/src/testcurl/https/test_https_time_out.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2014-2021 Karlson2k (Evgeny Grin)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
@@ -23,6 +24,7 @@
* @brief: daemon TLS alert response test-case
*
* @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
@@ -31,6 +33,9 @@
#ifdef MHD_HTTPS_REQUIRE_GRYPT
#include <gcrypt.h>
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif /* HAVE_SIGNAL_H */
#include "mhd_sockets.h" /* only macros used */
@@ -83,7 +88,7 @@ test_tls_session_time_out (gnutls_session_t session, int port)
if (sd == MHD_INVALID_SOCKET)
{
fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
- return -1;
+ return 2;
}
memset (&sa, '\0', sizeof (struct sockaddr_in));
@@ -91,33 +96,37 @@ test_tls_session_time_out (gnutls_session_t session, int port)
sa.sin_port = htons (port);
sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) sd);
-
ret = connect (sd, (struct sockaddr *) &sa, sizeof (struct sockaddr_in));
if (ret < 0)
{
fprintf (stderr, "Error: %s\n", MHD_E_FAILED_TO_CONNECT);
MHD_socket_close_chk_ (sd);
- return -1;
+ return 2;
}
+#if (GNUTLS_VERSION_NUMBER + 0 >= 0x030109) && ! defined(_WIN64)
+ gnutls_transport_set_int (session, (int) (sd));
+#else /* GnuTLS before 3.1.9 or Win64 */
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) (sd));
+#endif /* GnuTLS before 3.1.9 or Win64 */
+
ret = gnutls_handshake (session);
if (ret < 0)
{
fprintf (stderr, "Handshake failed\n");
MHD_socket_close_chk_ (sd);
- return -1;
+ return 2;
}
- (void) sleep (TIME_OUT + 1);
+ (void) sleep (TIME_OUT + 2);
/* check that server has closed the connection */
if (1 == num_disconnects)
{
fprintf (stderr, "Connection failed to time-out\n");
MHD_socket_close_chk_ (sd);
- return -1;
+ return 1;
}
else if (0 != num_disconnects)
abort ();
@@ -133,8 +142,6 @@ main (int argc, char *const *argv)
int errorCount = 0;
struct MHD_Daemon *d;
gnutls_session_t session;
- gnutls_datum_t key;
- gnutls_datum_t cert;
gnutls_certificate_credentials_t xcred;
int port;
(void) argc; /* Unused. Silent compiler warning. */
@@ -144,13 +151,30 @@ main (int argc, char *const *argv)
else
port = 3070;
+#ifdef MHD_SEND_SPIPE_SUPPRESS_NEEDED
+#if defined(HAVE_SIGNAL_H) && defined(SIGPIPE)
+ if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
+ {
+ fprintf (stderr, "Error suppressing SIGPIPE signal.\n");
+ exit (99);
+ }
+#else /* ! HAVE_SIGNAL_H || ! SIGPIPE */
+ fprintf (stderr, "Cannot suppress SIGPIPE signal.\n");
+ /* exit (77); */
+#endif
+#endif /* MHD_SEND_SPIPE_SUPPRESS_NEEDED */
+
#ifdef MHD_HTTPS_REQUIRE_GRYPT
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
- gnutls_global_init ();
+ if (GNUTLS_E_SUCCESS != gnutls_global_init ())
+ {
+ fprintf (stderr, "Cannot initialize GnuTLS.\n");
+ exit (99);
+ }
gnutls_global_set_log_level (11);
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
@@ -178,13 +202,13 @@ main (int argc, char *const *argv)
port = (int) dinfo->port;
}
- if (0 != setup_session (&session, &key, &cert, &xcred))
+ if (0 != setup_session (&session, &xcred))
{
fprintf (stderr, "failed to setup session\n");
return 1;
}
errorCount += test_tls_session_time_out (session, port);
- teardown_session (session, &key, &cert, xcred);
+ teardown_session (session, xcred);
print_test_result (errorCount, argv[0]);
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c
@@ -210,8 +210,6 @@ main (int argc, char *const *argv)
FILE *test_fd;
struct MHD_Daemon *d;
gnutls_session_t session;
- gnutls_datum_t key;
- gnutls_datum_t cert;
gnutls_certificate_credentials_t xcred;
const int ext_arr[] = {
GNUTLS_EXTENSION_SERVER_NAME,
@@ -266,25 +264,25 @@ main (int argc, char *const *argv)
}
i = 0;
- setup_session (&session, &key, &cert, &xcred);
+ setup_session (&session, &xcred);
errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
- teardown_session (session, &key, &cert, xcred);
+ teardown_session (session, xcred);
#if 1
i = 0;
while (ext_arr[i] != -1)
{
- setup_session (&session, &key, &cert, &xcred);
+ setup_session (&session, &xcred);
errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
- teardown_session (session, &key, &cert, xcred);
+ teardown_session (session, xcred);
- setup_session (&session, &key, &cert, &xcred);
+ setup_session (&session, &xcred);
errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8);
- teardown_session (session, &key, &cert, xcred);
+ teardown_session (session, xcred);
/* this test specifically tests the issue raised in CVE-2008-1948 */
- setup_session (&session, &key, &cert, &xcred);
+ setup_session (&session, &xcred);
errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0);
- teardown_session (session, &key, &cert, xcred);
+ teardown_session (session, xcred);
i++;
}
#endif
diff --git a/src/testcurl/https/tls_test_common.c b/src/testcurl/https/tls_test_common.c
@@ -504,62 +504,33 @@ teardown_testcase (struct MHD_Daemon *d)
int
setup_session (gnutls_session_t *session,
- gnutls_datum_t *key,
- gnutls_datum_t *cert,
gnutls_certificate_credentials_t *xcred)
{
- int ret;
- const char *err_pos;
-
- gnutls_certificate_allocate_credentials (xcred);
- key->size = strlen (srv_key_pem) + 1;
- key->data = malloc (key->size);
- if (NULL == key->data)
- {
- gnutls_certificate_free_credentials (*xcred);
- return -1;
- }
- memcpy (key->data, srv_key_pem, key->size);
- cert->size = strlen (srv_self_signed_cert_pem) + 1;
- cert->data = malloc (cert->size);
- if (NULL == cert->data)
- {
- gnutls_certificate_free_credentials (*xcred);
- free (key->data);
- return -1;
- }
- memcpy (cert->data, srv_self_signed_cert_pem, cert->size);
- gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
- GNUTLS_X509_FMT_PEM);
- gnutls_init (session, GNUTLS_CLIENT);
- ret = gnutls_priority_set_direct (*session,
- "NORMAL", &err_pos);
- if (ret < 0)
+ if (GNUTLS_E_SUCCESS == gnutls_init (session, GNUTLS_CLIENT))
{
+ if (GNUTLS_E_SUCCESS == gnutls_set_default_priority (*session))
+ {
+ if (GNUTLS_E_SUCCESS == gnutls_certificate_allocate_credentials (xcred))
+ {
+ if (GNUTLS_E_SUCCESS == gnutls_credentials_set (*session,
+ GNUTLS_CRD_CERTIFICATE,
+ *xcred))
+ {
+ return 0;
+ }
+ gnutls_certificate_free_credentials (*xcred);
+ }
+ }
gnutls_deinit (*session);
- gnutls_certificate_free_credentials (*xcred);
- free (key->data);
- return -1;
}
- gnutls_credentials_set (*session,
- GNUTLS_CRD_CERTIFICATE,
- *xcred);
- return 0;
+ return -1;
}
int
teardown_session (gnutls_session_t session,
- gnutls_datum_t *key,
- gnutls_datum_t *cert,
gnutls_certificate_credentials_t xcred)
{
- free (key->data);
- key->data = NULL;
- key->size = 0;
- free (cert->data);
- cert->data = NULL;
- cert->size = 0;
gnutls_deinit (session);
gnutls_certificate_free_credentials (xcred);
return 0;
diff --git a/src/testcurl/https/tls_test_common.h b/src/testcurl/https/tls_test_common.h
@@ -146,14 +146,10 @@ teardown_testcase (struct MHD_Daemon *d);
int
setup_session (gnutls_session_t *session,
- gnutls_datum_t *key,
- gnutls_datum_t *cert,
gnutls_certificate_credentials_t *xcred);
int
teardown_session (gnutls_session_t session,
- gnutls_datum_t *key,
- gnutls_datum_t *cert,
gnutls_certificate_credentials_t xcred);
int
