commit 3b17bb4814b17e7975dbd101942f830d6430b6b9
parent 63b5f01682144ebb24cbfbcc05b2260cd3fa2605
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 25 Jul 2010 10:25:22 +0000
docu updates, API extensions, version bump
Diffstat:
15 files changed, 34 insertions(+), 418 deletions(-)
diff --git a/README b/README
@@ -72,15 +72,6 @@ implemented (in order of importance) before we can claim to be
reasonably complete.
-Missing features:
-=================
-- SSL support does not work with SELECT-based threading modes
- (issue is that the gnutls state machine does not like EAGAIN/EINTR
- return values from send/recv, despite having tons of
- branches on those values).
-- SSL code is not working (GNUtls integration broken)
-
-
Untested features:
==================
- add testcases for http/1.1 pipelining (need
@@ -111,7 +102,6 @@ Missing documentation:
- manual:
* document configuration options
- * document SSL/TLS support
* document details on porting MHD (plibc, z/OS)
- tutorial:
* clean up English
diff --git a/configure.ac b/configure.ac
@@ -21,15 +21,15 @@
#
#
AC_PREREQ(2.57)
-AC_INIT([libmicrohttpd], [0.4.6],[libmicrohttpd@gnu.org])
-AM_INIT_AUTOMAKE([libmicrohttpd], [0.4.6])
+AC_INIT([libmicrohttpd], [0.9.0],[libmicrohttpd@gnu.org])
+AM_INIT_AUTOMAKE([libmicrohttpd], [0.9.0])
AM_CONFIG_HEADER([MHD_config.h])
AC_CONFIG_MACRO_DIR([m4])
AH_TOP([#define _GNU_SOURCE 1])
-LIB_VERSION_CURRENT=7
-LIB_VERSION_REVISION=1
-LIB_VERSION_AGE=2
+LIB_VERSION_CURRENT=8
+LIB_VERSION_REVISION=0
+LIB_VERSION_AGE=0
AC_SUBST(LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE)
diff --git a/doc/microhttpd.texi b/doc/microhttpd.texi
@@ -536,7 +536,12 @@ What cipher algorithm is being used.
Takes no extra arguments.
@item MHD_CONNECTION_INFO_PROTOCOL,
-Takes no extra arguments.
+Takes no extra arguments. Allows finding out the TLS/SSL protocol used
+(HTTPS connections only).
+
+@item MHD_CONNECTION_INFO_GNUTLS_SESSION,
+Takes no extra arguments. Allows access to the underlying GNUtls session
+(HTTPS connections only).
@end table
@end deftp
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
@@ -1,5 +1,5 @@
/*
- This file is part of libmicrohttpd
+ This file is part of libmicrohttpd
(C) 2007, 2008 Daniel Pittman and Christian Grothoff
This library is free software; you can redistribute it and/or
@@ -2275,6 +2275,10 @@ MHD_get_connection_info (struct MHD_Connection *connection,
return NULL;
connection->protocol = gnutls_protocol_get_version (connection->tls_session);
return (const union MHD_ConnectionInfo *) &connection->protocol;
+ case MHD_CONNECTION_INFO_GNUTLS_SESSION:
+ if (connection->tls_session == NULL)
+ return NULL;
+ return (const union MHD_ConnectionInfo *) &connection->tls_session;
#endif
case MHD_CONNECTION_INFO_CLIENT_ADDRESS:
return (const union MHD_ConnectionInfo *) &connection->addr;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -598,7 +598,12 @@ enum MHD_ConnectionInfoType
* Obtain IP address of the client.
* Takes no extra arguments.
*/
- MHD_CONNECTION_INFO_CLIENT_ADDRESS
+ MHD_CONNECTION_INFO_CLIENT_ADDRESS,
+
+ /**
+ * Get the GNUTLS session handle.
+ */
+ MHD_CONNECTION_INFO_GNUTLS_SESSION
};
/**
@@ -1199,11 +1204,22 @@ int MHD_destroy_post_processor (struct MHD_PostProcessor *pp);
union MHD_ConnectionInfo
{
+ /**
+ * Cipher algorithm used, of type "enum gnutls_cipher_algorithm".
+ */
int /* enum gnutls_cipher_algorithm */ cipher_algorithm;
+ /**
+ * Protocol used, of type "enum gnutls_protocol".
+ */
int /* enum gnutls_protocol */ protocol;
/**
+ * GNUtls session handle, of type "gnutls_session_t".
+ */
+ void * /* gnutls_session_t */ tls_session;
+
+ /**
* Address information for the client.
*/
struct sockaddr_in * client_addr;
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
@@ -18,9 +18,7 @@ check_PROGRAMS = \
mhds_session_info_test \
tls_thread_mode_test \
tls_multi_thread_mode_test \
- tls_session_time_out_test \
- tls_cipher_change_test \
- tls_alert_test
+ tls_session_time_out_test
EXTRA_DIST = cert.pem key.pem tls_test_keys.h tls_test_common.h
@@ -34,8 +32,6 @@ TESTS = \
tls_thread_mode_test \
tls_multi_thread_mode_test \
tls_session_time_out_test \
- tls_cipher_change_test \
- tls_alert_test \
tls_authentication_test
# cURL dependent tests
@@ -47,22 +43,6 @@ tls_session_time_out_test_LDADD = \
$(top_builddir)/src/daemon/libmicrohttpd.la \
@LIBCURL@
-tls_cipher_change_test_SOURCES = \
- tls_cipher_change_test.c \
- tls_test_common.c
-tls_cipher_change_test_LDADD = \
- $(top_builddir)/src/testcurl/libcurl_version_check.a \
- $(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
-
-tls_alert_test_SOURCES = \
- tls_alert_test.c \
- tls_test_common.c
-tls_alert_test_LDADD = \
- $(top_builddir)/src/testcurl/libcurl_version_check.a \
- $(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
-
tls_daemon_options_test_SOURCES = \
tls_daemon_options_test.c \
tls_test_common.c
diff --git a/src/testcurl/https/mhds_get_test.c b/src/testcurl/https/mhds_get_test.c
@@ -95,9 +95,6 @@ main (int argc, char *const *argv)
FILE *test_fd;
unsigned int errorCount = 0;
- gnutls_global_set_log_level(11);
- if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_GNUTLS_VERSION))
- return -1;
if (!gcry_check_version (GCRYPT_VERSION))
abort ();
if ((test_fd = setup_test_file ()) == NULL)
diff --git a/src/testcurl/https/mhds_get_test_select.c b/src/testcurl/https/mhds_get_test_select.c
@@ -206,36 +206,24 @@ main (int argc, char *const *argv)
FILE *test_fd;
unsigned int errorCount = 0;
- /* gnutls_global_set_log_level(11); */
- if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION))
- {
- return -1;
- }
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-
if (!gcry_check_version (GCRYPT_VERSION))
abort ();
-
if ((test_fd = setup_test_file ()) == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
return -1;
}
-
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
fclose (test_fd);
return -1;
}
-
if (0 != (errorCount = testExternalGet ()))
fprintf (stderr, "Fail: %d\n", errorCount);
-
-
curl_global_cleanup ();
fclose (test_fd);
remove (TEST_FILE_NAME);
-
return errorCount != 0;
}
diff --git a/src/testcurl/https/mhds_multi_daemon_test.c b/src/testcurl/https/mhds_multi_daemon_test.c
@@ -194,17 +194,11 @@ main (int argc, char *const *argv)
FILE *test_fd;
unsigned int errorCount = 0;
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return -1;
- }
-
if ((test_fd = setup_test_file ()) == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
return -1;
}
-
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error (code: %u). l:%d f:%s\n", errorCount, __LINE__,
@@ -212,7 +206,6 @@ main (int argc, char *const *argv)
fclose (test_fd);
return -1;
}
-
errorCount +=
test_concurent_daemon_pair (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c
@@ -161,21 +161,13 @@ main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return -1;
- }
-
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error (code: %u)\n", errorCount);
return -1;
}
-
errorCount += test_query_session ();
-
print_test_result (errorCount, argv[0]);
-
curl_global_cleanup ();
if (errorCount > 0)
fprintf (stderr, "Error (code: %u)\n", errorCount);
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c
@@ -1,185 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file tls_alert_test.c
- * @brief: daemon TLS alert response test-case
- *
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-#include "tls_test_common.h"
-
-extern const char srv_key_pem[];
-extern const char srv_self_signed_cert_pem[];
-
-/*
- * assert server closes connection upon receiving a
- * close notify alert message.
- *
- * @param session: an initialized TLS session
- */
-static int
-test_alert_close_notify (gnutls_session_t session)
-{
- int sd, ret;
- struct sockaddr_in sa;
-
- sd = socket (AF_INET, SOCK_STREAM, 0);
- if (sd == -1)
- {
- fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
- return -1;
- }
-
- memset (&sa, '\0', sizeof (struct sockaddr_in));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (DEAMON_TEST_PORT);
- inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
-
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (long) sd);
-
- ret = connect (sd, &sa, sizeof (struct sockaddr_in));
-
- if (ret < 0)
- {
- fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
- return -1;
- }
-
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- return -1;
- }
-
- gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_CLOSE_NOTIFY);
-
-#if FIXME_GHM
- /* check server responds with a 'close-notify' */
- gnutls_recv_int (session, GNUTLS_ALERT, GNUTLS_HANDSHAKE_FINISHED, 0, 0);
-
- close (sd);
- /* CLOSE_NOTIFY */
- if (session->internals.last_alert != GNUTLS_A_CLOSE_NOTIFY)
- {
- return -1;
- }
-#endif
- return 0;
-}
-
-/*
- * assert server closes connection upon receiving a
- * fatal unexpected_message alert.
- *
- * @param session: an initialized TLS session
- */
-static int
-test_alert_unexpected_message (gnutls_session_t session)
-{
- int sd, ret;
- struct sockaddr_in sa;
-
- sd = socket (AF_INET, SOCK_STREAM, 0);
- if (sd == -1)
- {
- fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
- return -1;
- }
- memset (&sa, '\0', sizeof (struct sockaddr_in));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (DEAMON_TEST_PORT);
- inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
-
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) ((void *) (long) sd));
-
- ret = connect (sd, &sa, sizeof (struct sockaddr_in));
-
- if (ret < 0)
- {
- fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
- return -1;
- }
-
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- return -1;
- }
-
- gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_UNEXPECTED_MESSAGE);
- usleep (100);
-
- /* TODO better RST trigger */
- if (send (sd, "", 1, 0) == 0)
- {
- return -1;
- }
-
- close (sd);
- return 0;
-}
-
-int
-main (int argc, char *const *argv)
-{
- int errorCount = 0;;
- struct MHD_Daemon *d;
- gnutls_session_t session;
- gnutls_datum_t key;
- gnutls_datum_t cert;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
- gnutls_global_set_log_level (11);
-
- d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, DEAMON_TEST_PORT,
- NULL, NULL, &http_dummy_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_END);
-
- if (d == NULL)
- {
- fprintf (stderr, "%s\n", MHD_E_SERVER_INIT);
- return -1;
- }
-
- setup_session (&session, &key, &cert, &xcred);
- errorCount += test_alert_close_notify (session);
- teardown_session (session, &key, &cert, xcred);
-
- setup_session (&session, &key, &cert, &xcred);
- errorCount += test_alert_unexpected_message (session);
- teardown_session (session, &key, &cert, xcred);
-
- print_test_result (errorCount, argv[0]);
-
- MHD_stop_daemon (d);
- gnutls_global_deinit ();
-
- return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c
@@ -205,11 +205,6 @@ main (int argc, char *const *argv)
FILE *test_fd;
unsigned int errorCount = 0;
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return -1;
- }
-
if ((test_fd = setup_test_file ()) == NULL || setup_ca_cert () == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
diff --git a/src/testcurl/https/tls_cipher_change_test.c b/src/testcurl/https/tls_cipher_change_test.c
@@ -1,152 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file mhds_get_test.c
- * @brief: daemon TLS cipher change message test-case
- *
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-#include "internal.h"
-#include "tls_test_common.h"
-
-extern const char srv_key_pem[];
-extern const char srv_self_signed_cert_pem[];
-
-char *http_get_req = "GET / HTTP/1.1\r\n\r\n";
-
-/* HTTP access handler call back */
-static int
-rehandshake_ahc (void *cls, struct MHD_Connection *connection,
- const char *url, const char *method, const char *upload_data,
- const char *version, size_t *upload_data_size,
- void **ptr)
-{
- int ret;
- /* server side re-handshake request */
- ret = gnutls_rehandshake (connection->tls_session);
-
- if (ret < 0)
- {
- fprintf (stderr, "Error: %s. f: %s, l: %d\n",
- "server failed to send Hello Request", __FUNCTION__, __LINE__);
- }
-
- return 0;
-}
-
-/*
- * Cipher change message should only occur while negotiating
- * the SSL/TLS handshake.
- * Test server disconnects upon receiving an out of context
- * message.
- *
- * @param session: initiallized TLS session
- */
-static int
-test_out_of_context_cipher_change (gnutls_session_t session)
-{
- int sd, ret;
- struct sockaddr_in sa;
-
- sd = socket (AF_INET, SOCK_STREAM, 0);
- if (sd == -1)
- {
- fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
- return -1;
- }
-
- memset (&sa, '\0', sizeof (struct sockaddr_in));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (DEAMON_TEST_PORT);
- inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
-
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (long) sd);
-
- ret = connect (sd, &sa, sizeof (struct sockaddr_in));
-
- if (ret < 0)
- {
- fprintf (stderr, "%s\n", MHD_E_FAILED_TO_CONNECT);
- return -1;
- }
-
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- return -1;
- }
-
-#if FIXME_GHM
- /* send an out of context cipher change spec */
- gnutls_send_change_cipher_spec (session, 0);
-#endif
-
- /* assert server has closed connection */
- /* TODO better RST trigger */
- if (send (sd, "", 1, 0) == 0)
- {
- return -1;
- }
-
- close (sd);
- return 0;
-}
-
-int
-main (int argc, char *const *argv)
-{
- int errorCount = 0;;
- struct MHD_Daemon *d;
- gnutls_session_t session;
- gnutls_datum_t key;
- gnutls_datum_t cert;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
- gnutls_global_set_log_level (11);
-
- d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, DEAMON_TEST_PORT,
- NULL, NULL, &rehandshake_ahc, NULL,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_END);
-
- if (d == NULL)
- {
- fprintf (stderr, "%s\n", MHD_E_SERVER_INIT);
- return -1;
- }
-
- setup_session (&session, &key, &cert, &xcred);
- errorCount += test_out_of_context_cipher_change (session);
- teardown_session (session, &key, &cert, xcred);
-
- print_test_result (errorCount, argv[0]);
-
- MHD_stop_daemon (d);
- gnutls_global_deinit ();
-
- return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_multi_thread_mode_test.c b/src/testcurl/https/tls_multi_thread_mode_test.c
@@ -131,10 +131,6 @@ main (int argc, char *const *argv)
/* initialize random seed used by curl clients */
unsigned int iseed = (unsigned int) time (NULL);
srand (iseed);
-
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- return -1;
-
if ((test_fd = setup_test_file ()) == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
diff --git a/src/testcurl/https/tls_thread_mode_test.c b/src/testcurl/https/tls_thread_mode_test.c
@@ -132,9 +132,6 @@ main (int argc, char *const *argv)
unsigned int iseed = (unsigned int) time (NULL);
srand (iseed);
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- return -1;
-
if ((test_fd = setup_test_file ()) == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
