commit 5d9a9723b3269dc58600d526dc719fa0bd525d3c
parent e460b1507c74c3d16b8e3cfee2f37e000c4b0159
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 15 Nov 2008 07:34:18 +0000
removing broken and/or dead code
Diffstat:
20 files changed, 14 insertions(+), 2176 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Sat Nov 15 00:31:33 MST 2008
+ Removing (broken) support for HTTPS servers with
+ anonymous (aka "no") certificates as well as
+ various useless dead code. -CG
+
Sat Nov 8 02:18:42 MST 2008
Unset TCP_CORK at the end of transmitting a response
to improve performance (on systems where this is
diff --git a/configure.ac b/configure.ac
@@ -330,7 +330,6 @@ AM_CONDITIONAL(HAVE_LIBZ, test x$zlib = x1)
AC_DEFINE([ENABLE_MINITASN1],[1],[Include minitasn1 support])
AC_DEFINE([GNULIB_GC_HMAC_SHA1],[1],[GNULIB_GC_HMAC_SHA1])
AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
-AC_DEFINE([ENABLE_ANON],[1],[Enable anonymous authentication])
AC_DEFINE([ENABLE_PKI],[0],[Include PKI support])
# gnutls debug support
AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
@@ -153,15 +153,6 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
{
switch (daemon->cred_type)
{
- case MHD_GNUTLS_CRD_ANON:
- if ((0 !=
- MHD__gnutls_anon_allocate_server_credentials (&daemon->anon_cred))
- || (0 != MHD__gnutls_dh_params_init (&daemon->dh_params)))
- return GNUTLS_E_MEMORY_ERROR;
- MHD__gnutls_dh_params_generate2 (daemon->dh_params, 1024);
- MHD__gnutls_anon_set_server_dh_params (daemon->anon_cred,
- daemon->dh_params);
- return 0;
case MHD_GNUTLS_CRD_CERTIFICATE:
if (0 !=
MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred))
@@ -495,13 +486,6 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
MHD_GNUTLS_CRD_CERTIFICATE,
connection->daemon->x509_cred);
break;
- case MHD_GNUTLS_CRD_ANON:
- /* set needed credentials for anonymous authentication. */
- MHD__gnutls_credentials_set (connection->tls_session,
- MHD_GNUTLS_CRD_ANON,
- connection->daemon->anon_cred);
- MHD__gnutls_dh_set_prime_bits (connection->tls_session, 1024);
- break;
default:
#if HAVE_MESSAGES
MHD_DLOG (connection->daemon,
@@ -1101,8 +1085,6 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
MHD__gnutls_priority_deinit (daemon->priority_cache);
if (daemon->x509_cred)
MHD__gnutls_certificate_free_credentials (daemon->x509_cred);
- if (daemon->anon_cred)
- MHD__gnutls_anon_free_server_credentials (daemon->anon_cred);
/* lock MHD_gnutls_global mutex since it uses reference counting */
pthread_mutex_lock (&MHD_gnutls_init_mutex);
MHD__gnutls_global_deinit ();
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -448,35 +448,6 @@ extern "C"
typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials;
typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials;
- typedef struct MHD_gtls_anon_server_credentials_st
- *MHD_gtls_anon_server_credentials_t;
- typedef struct MHD_gtls_anon_client_credentials_st
- *MHD_gtls_anon_client_credentials_t;
-
- void
- MHD__gnutls_anon_free_server_credentials
- (MHD_gtls_anon_server_credentials_t sc);
- int
- MHD__gnutls_anon_allocate_server_credentials
- (MHD_gtls_anon_server_credentials_t * sc);
-
- void
- MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t
- res,
- MHD_gtls_dh_params_t dh_params);
-
- void
- MHD__gnutls_anon_set_server_params_function
- (MHD_gtls_anon_server_credentials_t res,
- MHD_gnutls_params_function * func);
-
- void
- MHD__gnutls_anon_free_client_credentials
- (MHD_gtls_anon_client_credentials_t sc);
- int
- MHD__gnutls_anon_allocate_client_credentials
- (MHD_gtls_anon_client_credentials_t * sc);
-
void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t
sc);
int
@@ -488,19 +459,6 @@ extern "C"
void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc);
- void MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
- MHD_gtls_dh_params_t dh_params);
- void
- MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
- res,
- MHD_gtls_rsa_params_t
- rsa_params);
- void MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
- res, unsigned int flags);
- void MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
- res, unsigned int max_bits,
- unsigned int max_depth);
-
int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t
res, const char *CAFILE,
MHD_gnutls_x509_crt_fmt_t
@@ -647,13 +605,6 @@ extern "C"
void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
-/*
- * this function returns the hash of the given data.
- */
- int MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
- const MHD_gnutls_datum_t * data, void *result,
- size_t * result_size);
-
typedef enum MHD_gnutls_x509_subject_alt_name_t
{
GNUTLS_SAN_DNSNAME = 1,
@@ -714,23 +665,6 @@ extern "C"
*/
void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session,
unsigned int bits);
- int MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session);
- int MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session);
- int MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session);
-
- int MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * raw_gen,
- MHD_gnutls_datum_t * raw_prime);
- int MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * raw_key);
-
- /*
- * RSA
- */
- int MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * exponent,
- MHD_gnutls_datum_t * modulus);
- int MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session);
/* External signing callback. Experimental. */
typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
@@ -761,20 +695,11 @@ extern "C"
req);
/* get data from the session */
- const MHD_gnutls_datum_t *MHD_gtls_certificate_get_peers (MHD_gtls_session_t
- session,
- unsigned int
- *list_size);
- const MHD_gnutls_datum_t *MHD_gtls_certificate_get_ours (MHD_gtls_session_t
- session);
-
time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t
session);
time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t
session);
- int MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t
- session);
int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session,
unsigned int *status);
@@ -796,16 +721,6 @@ extern "C"
const MHD_gnutls_datum_t * b64_data,
MHD_gnutls_datum_t * result);
- // void
- // MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t
- // res,
- // MHD_gnutls_params_function * func);
- // void MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
- // MHD_gnutls_params_function * func);
- // void MHD_gnutls_psk_set_params_function (MHD_gnutls_psk_server_credentials_t res,
- // MHD_gnutls_params_function * func);
-
-
/* key_usage will be an OR of the following values: */
/* when the key is to be used for signing: */
#define GNUTLS_KEY_DIGITAL_SIGNATURE 128
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \
-L$(GCRYPT_LIB_PATH)
libtls_la_SOURCES = \
-auth_anon.c \
auth_cert.c \
auth_dh_common.c \
auth_dhe.c \
@@ -30,7 +29,6 @@ ext_oprfi.c \
ext_server_name.c \
gnutls_alert.c \
gnutls_algorithms.c \
-gnutls_anon_cred.c \
gnutls_asn1_tab.c \
gnutls_auth.c \
gnutls_buffers.c \
@@ -66,7 +64,6 @@ gnutls_ui.c \
gnutls_x509.c \
pkix_asn1_tab.c \
x509_b64.c \
-auth_anon.h \
auth_cert.h \
auth_dh_common.h \
debug.h \
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the Anonymous Diffie Hellman key exchange part of
- * the anonymous authentication. The functions here are used in the
- * handshake.
- */
-
-#include <gnutls_int.h>
-
-#ifdef ENABLE_ANON
-
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "auth_anon.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-
-static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **);
-static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *,
- size_t);
-static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *,
- size_t);
-
-const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = {
- "ANON",
- NULL,
- NULL,
- MHD_gtls_gen_anon_server_kx,
- MHD_gtls_gen_dh_common_client_kx, /* this can be shared */
- NULL,
- NULL,
-
- NULL,
- NULL, /* certificate */
- MHD_gtls_proc_anon_server_kx,
- MHD_gtls_proc_anon_client_kx,
- NULL,
- NULL
-};
-
-static int
-MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
- mpi_t g, p;
- const mpi_t *mpis;
- int ret;
- MHD_gtls_dh_params_t dh_params;
- MHD_gtls_anon_server_credentials_t cred;
-
- cred = (MHD_gtls_anon_server_credentials_t)
- MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = MHD_gtls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- if ((ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- MHD_gtls_dh_set_group (session, g, p);
-
- ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- }
-
- return ret;
-}
-
-
-static int
-MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
- MHD_gtls_anon_server_credentials_t cred;
- int bits;
- int ret;
- mpi_t p, g;
- MHD_gtls_dh_params_t dh_params;
- const mpi_t *mpis;
-
- bits = MHD_gtls_dh_get_allowed_prime_bits (session);
-
- cred = (MHD_gtls_anon_server_credentials_t)
- MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
- if (cred == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- dh_params =
- MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
- mpis = MHD_gtls_dh_params_to_mpi (dh_params);
- if (mpis == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
- }
-
- p = mpis[0];
- g = mpis[1];
-
- ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
-
- return ret;
-
-}
-
-int
-MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data,
- size_t _data_size)
-{
-
- int ret;
-
- /* set auth_info */
- if ((ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return 0;
-}
-
-#endif /* ENABLE_ANON */
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h
@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* this is not to be included by MHD_gnutls_anon.c */
-#include <gnutls_auth.h>
-#include <auth_dh_common.h>
-
-typedef struct MHD_gtls_anon_server_credentials_st
-{
- MHD_gtls_dh_params_t dh_params;
- /* this callback is used to retrieve the DH or RSA
- * parameters.
- */
- MHD_gnutls_params_function *params_func;
-} mhd_anon_server_credentials_st;
-
-typedef struct MHD_gtls_anon_client_credentials_st
-{
- int dummy;
-} mhd_anon_client_credentials_st;
-
-typedef struct MHD_gtls_anon_auth_info_st
-{
- MHD_gtls_dh_info_st dh;
-} *mhd_anon_auth_info_t;
-
-typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
@@ -42,9 +42,6 @@ typedef struct
} MHD_gnutls_cred_map;
static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
- {MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_CRD_ANON,
- MHD_GNUTLS_CRD_ANON},
{MHD_GNUTLS_KX_RSA,
MHD_GNUTLS_CRD_CERTIFICATE,
MHD_GNUTLS_CRD_CERTIFICATE},
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct;
extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct;
extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct;
extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct;
extern MHD_gtls_mod_auth_st srp_auth_struct;
extern MHD_gtls_mod_auth_st psk_auth_struct;
extern MHD_gtls_mod_auth_st dhe_psk_auth_struct;
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry
} MHD_gtls_kx_algo_entry_t;
static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
-#ifdef ENABLE_ANON
- {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0},
-#endif
{"RSA",
MHD_GNUTLS_KX_RSA,
&MHD_gtls_rsa_auth_struct,
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
/* Keep the contents of this struct the same as the previous one. */
static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
{
-#ifdef ENABLE_ANON
- MHD_GNUTLS_KX_ANON_DH,
-#endif
MHD_GNUTLS_KX_RSA,
MHD_GNUTLS_KX_RSA_EXPORT,
MHD_GNUTLS_KX_DHE_RSA,
@@ -498,20 +488,6 @@ typedef struct
*/
#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
-/* ANONymous cipher suites.
- */
-
-#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
-#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
-
-/* rfc3268: */
-#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
-#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
-
-/* rfc4132 */
-#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
-#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
-
/* PSK (not in TLS 1.0)
* draft-ietf-tls-psk:
*/
@@ -590,34 +566,6 @@ typedef struct
#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
- /* ANON_DH */
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
- MHD_GNUTLS_CIPHER_ARCFOUR_128,
- MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5,
- MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_AES_256_CBC,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef ENABLE_CAMELLIA
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
- MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
-
/* SRP */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-
-#ifdef ENABLE_ANON
-
-#include "gnutls_errors.h"
-#include "auth_anon.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-
-static const int anon_dummy;
-
-/**
- * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure
- * @sc: is an #MHD_gtls_anon_server_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus this
- * helper function is provided in order to free (deallocate) it.
- **/
-void
-MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t
- sc)
-{
-
- MHD_gnutls_free (sc);
-}
-
-/**
- * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure
- * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus this
- * helper function is provided in order to allocate it.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
- MHD__gnutls_anon_allocate_server_credentials
- (MHD_gtls_anon_server_credentials_t * sc)
-{
- *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st));
- if (*sc == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
- return 0;
-}
-
-
-/**
- * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure
- * @sc: is an #MHD_gtls_anon_client_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus this
- * helper function is provided in order to free (deallocate) it.
- **/
-void
-MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t
- sc)
-{
-}
-
-/**
- * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure
- * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus
- * this helper function is provided in order to allocate it.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
- MHD__gnutls_anon_allocate_client_credentials
- (MHD_gtls_anon_client_credentials_t * sc)
-{
- /* anon_dummy is only there for *sc not to be null.
- * it is not used at all;
- */
- *sc = (void *) &anon_dummy;
-
- return 0;
-}
-
-/**
- * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @dh_params: is a structure that holds diffie hellman parameters.
- *
- * This function will set the diffie hellman parameters for an
- * anonymous server to use. These parameters will be used in
- * Anonymous Diffie Hellman cipher suites.
- **/
-void
-MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res,
- MHD_gtls_dh_params_t dh_params)
-{
- res->dh_params = dh_params;
-}
-
-/**
- * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get
- * the diffie hellman parameters for anonymous authentication. The
- * callback should return zero on success.
- **/
-void
-MHD__gnutls_anon_set_server_params_function
- (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func)
-{
- res->params_func = func;
-}
-
-#endif
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
@@ -30,7 +30,6 @@
#include "auth_cert.h"
#include <gnutls_datum.h>
-#include "auth_anon.h"
/* The functions here are used in order for authentication algorithms
* to be able to retrieve the needed credentials eg public and private
* key etc.
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session)
* structure. Thus you will have to keep the structure allocated until
* you call MHD__gnutls_deinit(). ]
*
- * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client.
- * In case of a server it should be MHD_gtls_anon_server_credentials_t.
- *
* For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t
* in case of a client, and MHD_gnutls_srp_server_credentials_t, in case
* of a server.
@@ -267,7 +263,6 @@ out:
* is data obtained by the handshake protocol, the key exchange algorithm,
* and the TLS extensions messages.
*
- * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
* In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
* In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-*/
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
{
case MHD_GNUTLS_CRD_SRP:
break;
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
-
- if (info == NULL)
- break;
-
- dh_info = &info->dh;
- MHD_gtls_free_dh_info (dh_info);
- }
- break;
case MHD_GNUTLS_CRD_CERTIFICATE:
{
unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -47,7 +47,6 @@
#include "gnutls_record.h"
#include "gnutls_state.h"
#include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */
-#include "auth_anon.h" /* for MHD_gtls_anon_server_credentials_t */
#include "gc.h"
#ifdef HANDSHAKE_DEBUG
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session,
if (delete == 1)
return 1;
-#ifdef ENABLE_ANON
- }
- else if (cred_type == MHD_GNUTLS_CRD_ANON)
- {
- MHD_gtls_anon_server_credentials_t anon_cred =
- (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key,
- cred_type,
- NULL);
-
- if (anon_cred != NULL)
- {
- dh_params =
- MHD_gtls_get_dh_params (anon_cred->dh_params,
- anon_cred->params_func, session);
- }
-#endif
#ifdef ENABLE_PSK
}
else if (cred_type == MHD_GNUTLS_CRD_PSK)
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
@@ -33,7 +33,6 @@
#ifdef ENABLE_PSK
# include <auth_psk.h>
#endif
-#include <auth_anon.h>
#include <auth_cert.h>
#include <gnutls_errors.h>
#include <gnutls_auth_int.h>
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session,
static int pack_security_parameters (MHD_gtls_session_t session,
MHD_gnutls_datum_t * packed_session);
-/* Packs the ANON session authentication data. */
-#ifdef ENABLE_ANON
-
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the whole structure
- * 2 bytes the size of secret key in bits
- * 4 bytes the size of the prime
- * x bytes the prime
- * 4 bytes the size of the generator
- * x bytes the generator
- * 4 bytes the size of the public key
- * x bytes the public key
- */
-static int
-pack_anon_auth_info (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * packed_session)
-{
- mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
- int pos = 0;
- size_t pack_size;
-
- if (info)
- pack_size = 2 + 4 * 3 + info->dh.prime.size +
- info->dh.generator.size + info->dh.public_key.size;
- else
- pack_size = 0;
-
- packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
- /* calculate the size and allocate the data.
- */
- packed_session->data =
- MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
- if (packed_session->data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
- MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
- pos += 4 + PACK_HEADER_SIZE;
-
- if (pack_size > 0)
- {
- MHD_gtls_write_uint16 (info->dh.secret_bits,
- &packed_session->data[pos]);
- pos += 2;
-
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
- pos += 4 + info->dh.prime.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
- pos += 4 + info->dh.generator.size;
- MHD_gtls_write_datum32 (&packed_session->data[pos],
- info->dh.public_key);
- pos += 4 + info->dh.public_key.size;
-
- }
-
- return 0;
-}
-
-/* Format:
- * 1 byte the credentials type
- * 4 bytes the size of the whole structure
- * 2 bytes the size of secret key in bits
- * 4 bytes the size of the prime
- * x bytes the prime
- * 4 bytes the size of the generator
- * x bytes the generator
- * 4 bytes the size of the public key
- * x bytes the public key
- */
-static int
-unpack_anon_auth_info (MHD_gtls_session_t session,
- const MHD_gnutls_datum_t * packed_session)
-{
- size_t pack_size;
- int pos = 0, size, ret;
- mhd_anon_auth_info_t info;
-
- if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
- pos += PACK_HEADER_SIZE + 4;
-
-
- if (pack_size == 0)
- return 0; /* nothing to be done */
-
- /* a simple check for integrity */
- if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* client and serer have the same auth_info here
- */
- ret =
- MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
- sizeof (anon_auth_info_st), 1);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
- pos += 2;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
- pos += 4;
- ret =
- MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
- size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- pos += size;
-
- return 0;
-
-error:
- MHD__gnutls_free_datum (&info->dh.prime);
- MHD__gnutls_free_datum (&info->dh.generator);
- MHD__gnutls_free_datum (&info->dh.public_key);
- return ret;
-}
-#endif /* ANON */
-
/* Since auth_info structures contain malloced data, this function
* is required in order to pack these structures in a vector in
* order to store them to the DB.
@@ -267,16 +97,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session,
}
break;
#endif
-#ifdef ENABLE_ANON
- case MHD_GNUTLS_CRD_ANON:
- ret = pack_anon_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
case MHD_GNUTLS_CRD_CERTIFICATE:
ret = pack_certificate_auth_info (session, packed_session);
if (ret < 0)
@@ -346,16 +166,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session,
}
break;
#endif
-#ifdef ENABLE_ANON
- case MHD_GNUTLS_CRD_ANON:
- ret = unpack_anon_auth_info (session, packed_session);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
-#endif
case MHD_GNUTLS_CRD_CERTIFICATE:
ret = unpack_certificate_auth_info (session, packed_session);
if (ret < 0)
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
@@ -38,7 +38,6 @@
#include <gnutls_buffers.h>
#include <gnutls_state.h>
#include <auth_cert.h>
-#include <auth_anon.h>
#include <gnutls_algorithms.h>
#include <gnutls_rsa_export.h>
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public)
switch (MHD_gtls_auth_get_type (session))
{
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
case MHD_GNUTLS_CRD_CERTIFICATE:
{
cert_auth_info_t info;
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits)
{
switch (MHD_gtls_auth_get_type (session))
{
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- info->dh.secret_bits = bits;
- break;
- }
case MHD_GNUTLS_CRD_CERTIFICATE:
{
cert_auth_info_t info;
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime)
switch (MHD_gtls_auth_get_type (session))
{
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
case MHD_GNUTLS_CRD_CERTIFICATE:
{
cert_auth_info_t info;
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c
@@ -27,7 +27,6 @@
*/
#include <gnutls_int.h>
-#include <auth_anon.h>
#include <auth_cert.h>
#include <gnutls_errors.h>
#include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
session->internals.dh_prime_bits = bits;
}
-/**
- * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
- * @session: is a gnutls session
- * @raw_gen: will hold the generator.
- * @raw_prime: will hold the prime.
- *
- * This function will return the group parameters used in the last Diffie Hellman
- * authentication with the peer. These are the prime and the generator used.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * raw_gen,
- MHD_gnutls_datum_t * raw_prime)
-{
- MHD_gtls_dh_info_st *dh;
- int ret;
- mhd_anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
-
- switch (MHD_gtls_auth_get_type (session))
- {
- case MHD_GNUTLS_CRD_ANON:
- anon_info = MHD_gtls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- case MHD_GNUTLS_CRD_CERTIFICATE:
- cert_info = MHD_gtls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret =
- MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (raw_prime);
- return ret;
- }
-
- return 0;
-}
-
-/**
- * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
- * @session: is a gnutls session
- * @raw_key: will hold the public key.
- *
- * This function will return the peer's public key used in the last Diffie Hellman authentication.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * raw_key)
-{
- MHD_gtls_dh_info_st *dh;
- mhd_anon_auth_info_t anon_info;
- cert_auth_info_t cert_info;
- cert_auth_info_t psk_info;
-
- switch (MHD_gtls_auth_get_type (session))
- {
- case MHD_GNUTLS_CRD_ANON:
- {
- anon_info = MHD_gtls_get_auth_info (session);
- if (anon_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &anon_info->dh;
- break;
- }
- case MHD_GNUTLS_CRD_PSK:
- {
- psk_info = MHD_gtls_get_auth_info (session);
- if (psk_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &psk_info->dh;
- break;
- }
- case MHD_GNUTLS_CRD_CERTIFICATE:
- {
-
- cert_info = MHD_gtls_get_auth_info (session);
- if (cert_info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &cert_info->dh;
- break;
- }
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
- dh->public_key.size);
-}
-
-/**
- * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
- * @session: is a gnutls session
- * @exponent: will hold the exponent.
- * @modulus: will hold the modulus.
- *
- * This function will return the peer's public key exponent and
- * modulus used in the last RSA-EXPORT authentication. The output
- * parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * exponent,
- MHD_gnutls_datum_t * modulus)
-{
- cert_auth_info_t info;
- int ret;
-
- if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
- {
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
- info->rsa_export.modulus.size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
- info->rsa_export.exponent.size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (modulus);
- return ret;
- }
-
- return 0;
- }
-
- return GNUTLS_E_INVALID_REQUEST;
-}
-
-/**
- * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
-{
- switch (MHD_gtls_auth_get_type (session))
- {
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->dh.secret_bits;
- }
- case MHD_GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return info->dh.secret_bits;
- }
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-}
-
-/**
- * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits of the prime used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
-{
- MHD_gtls_dh_info_st *dh;
-
- switch (MHD_gtls_auth_get_type (session))
- {
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- dh = &info->dh;
- break;
- }
- case MHD_GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return (dh->prime.size) * 8;
-
-}
-
-/**
- * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last RSA-EXPORT key exchange
- * with the peer.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
-{
- cert_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- return info->rsa_export.modulus.size * 8;
-}
-
-/**
- * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
-{
- MHD_gtls_dh_info_st *dh;
-
- switch (MHD_gtls_auth_get_type (session))
- {
- case MHD_GNUTLS_CRD_ANON:
- {
- mhd_anon_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- case MHD_GNUTLS_CRD_CERTIFICATE:
- {
- cert_auth_info_t info;
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
-
- dh = &info->dh;
- break;
- }
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return dh->public_key.size * 8;
-
-}
-
-/* CERTIFICATE STUFF */
-
-/**
- * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
- * @session: is a gnutls session
- *
- * This function will return the certificate as sent to the peer,
- * in the last handshake. These certificates are in raw format.
- * In X.509 this is a certificate list. In OpenPGP this is a single
- * certificate.
- * Returns NULL in case of an error, or if no certificate was used.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
-{
- MHD_gtls_cert_credentials_t cred;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-
- cred
- = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
- MHD_GNUTLS_CRD_CERTIFICATE,
- NULL);
- if (cred == NULL || cred->cert_list == NULL)
- {
- MHD_gnutls_assert ();
- return NULL;
- }
-
- if (session->internals.selected_cert_list == NULL)
- return NULL;
-
- return &session->internals.selected_cert_list[0].raw;
-}
-
-/**
- * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
- * @session: is a gnutls session
- * @list_size: is the length of the certificate list
- *
- * This function will return the peer's raw certificate (chain) as
- * sent by the peer. These certificates are in raw format (DER encoded
- * for X.509). In case of a X.509 then a certificate list may be present.
- * The first certificate in the list is the peer's certificate,
- * following the issuer's certificate, then the issuer's issuer etc.
- *
- * In case of OpenPGP keys a single key will be returned
- * in raw format.
- *
- * Returns NULL in case of an error, or if no certificate was sent.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_peers (MHD_gtls_session_t
- session, unsigned int *list_size)
-{
- cert_auth_info_t info;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return NULL;
-
- *list_size = info->ncerts;
- return info->raw_certificate_list;
-}
-
-/**
- * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
- * @session: is a gnutls session
- *
- * This function will return 0 if the peer (server) did not request client
- * authentication or 1 otherwise.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
-{
- cert_auth_info_t info;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INTERNAL_ERROR;
- return info->certificate_requested;
-}
-
-/**
- * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
- * @algo: is a digest algorithm
- * @data: is the data
- * @result: is the place where the result will be copied (may be null).
- * @result_size: should hold the size of the result. The actual size
- * of the returned result will also be copied there.
- *
- * This function will calculate a fingerprint (actually a hash), of the
- * given data. The result is not printable data. You should convert it
- * to hex, or to something else printable.
- *
- * This is the usual way to calculate a fingerprint of an X.509
- * DER encoded certificate. Note however that the fingerprint
- * of an OpenPGP is not just a hash and cannot be calculated with
- * this function.
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
- const MHD_gnutls_datum_t * data,
- void *result, size_t * result_size)
-{
- GNUTLS_HASH_HANDLE td;
- int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
-
- if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
- {
- *result_size = hash_len;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *result_size = hash_len;
-
- if (result)
- {
- td = MHD_gtls_hash_init (HASH2MAC (algo));
- if (td == NULL)
- return GNUTLS_E_HASH_FAILED;
-
- MHD_gnutls_hash (td, data->data, data->size);
-
- MHD_gnutls_hash_deinit (td, result);
- }
-
- return 0;
-}
-
-/**
- * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @dh_params: is a structure that holds diffie hellman parameters.
- *
- * This function will set the diffie hellman parameters for a
- * certificate server to use. These parameters will be used in
- * Ephemeral Diffie Hellman cipher suites. Note that only a pointer
- * to the parameters are stored in the certificate handle, so if you
- * deallocate the parameters before the certificate is deallocated,
- * you must change the parameters stored in the certificate first.
- *
- **/
-void
-MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
- MHD_gtls_dh_params_t dh_params)
-{
- res->dh_params = dh_params;
-}
-
-/**
- * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for certificate authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
- MHD_gnutls_params_function * func)
-{
- res->params_func = func;
-}
-
-/**
- * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @flags: are the flags
- *
- * This function will set the flags to be used at verification of the
- * certificates. Flags must be OR of the
- * #MHD_gnutls_certificate_verify_flags enumerations.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
- res, unsigned int flags)
-{
- res->verify_flags = flags;
-}
-
-/**
- * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
- * @res: is a MHD_gnutls_certificate_credentials structure
- * @max_bits: is the number of bits of an acceptable certificate (default 8200)
- * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
- *
- * This function will set some upper limits for the default verification function,
- * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
- * You can set them to zero to disable limits.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
- res,
- unsigned int max_bits,
- unsigned int max_depth)
-{
- res->verify_depth = max_depth;
- res->verify_bits = max_bits;
-}
-
-/**
- * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @rsa_params: is a structure that holds temporary RSA parameters.
- *
- * This function will set the temporary RSA parameters for a certificate
- * server to use. These parameters will be used in RSA-EXPORT
- * cipher suites.
- *
- **/
-void
-MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
- res,
- MHD_gtls_rsa_params_t
- rsa_params)
-{
- res->rsa_params = rsa_params;
-}
-
-/**
- * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for anonymous authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
- MHD_gnutls_params_function * func)
-{
- res->params_func = func;
-}
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
@@ -652,9 +652,6 @@ struct MHD_Daemon
/* server x509 credintials */
MHD_gtls_cert_credentials_t x509_cred;
- /* credentials used for anonymous authentication */
- MHD_gtls_anon_server_credentials_t anon_cred;
-
/* cipher priority cache */
MHD_gnutls_priority_t priority_cache;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -365,8 +365,8 @@ enum MHD_OPTION
MHD_OPTION_HTTPS_MEM_CERT = 10,
/**
- * Daemon credentials type. Either certificate or anonymous,
- * this option should be followed by one of the values listed in
+ * Daemon credentials type.
+ * This option should be followed by one of the values listed in
* "enum MHD_GNUTLS_CredentialsType".
*/
MHD_OPTION_CRED_TYPE = 11,
@@ -530,7 +530,6 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm
MHD_GNUTLS_KX_RSA = 1,
MHD_GNUTLS_KX_DHE_DSS,
MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_KX_ANON_DH,
MHD_GNUTLS_KX_SRP,
MHD_GNUTLS_KX_RSA_EXPORT,
MHD_GNUTLS_KX_SRP_RSA,
@@ -549,11 +548,6 @@ enum MHD_GNUTLS_CredentialsType
MHD_GNUTLS_CRD_CERTIFICATE = 1,
/**
- * We have no certificate ("anonymous").
- */
- MHD_GNUTLS_CRD_ANON,
-
- /**
* Use SRP (password-based authentication).
*/
MHD_GNUTLS_CRD_SRP,
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
@@ -11,8 +11,6 @@ $(LIBCURL_CPPFLAGS)
check_PROGRAMS = \
tls_daemon_options_test \
- tls_daemon_options_adh_test \
- tls_daemon_options_dh_test \
tls_authentication_test \
mhds_multi_daemon_test \
mhds_session_info_test
@@ -55,20 +53,6 @@ tls_daemon_options_test_LDADD = \
$(top_builddir)/src/daemon/libmicrohttpd.la \
@LIBCURL@
-tls_daemon_options_dh_test_SOURCES = \
- tls_daemon_options_dh_test.c
-tls_daemon_options_dh_test_LDADD = \
- $(top_builddir)/src/testcurl/libcurl_version_check.a \
- $(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
-
-tls_daemon_options_adh_test_SOURCES = \
- tls_daemon_options_adh_test.c
-tls_daemon_options_adh_test_LDADD = \
- $(top_builddir)/src/testcurl/libcurl_version_check.a \
- $(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
-
tls_authentication_test_SOURCES = \
tls_authentication_test.c
tls_authentication_test_LDADD = \
diff --git a/src/testcurl/https/tls_daemon_options_adh_test.c b/src/testcurl/https/tls_daemon_options_adh_test.c
@@ -1,395 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file tls_daemon_options_adh_test.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-
-#include <sys/stat.h>
-
-#include "gnutls.h"
-#include <curl/curl.h>
-
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-
-#include "tls_test_keys.h"
-
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-
-int curl_check_version (const char *req_version, ...);
-
-struct CBC
-{
- char *buf;
- size_t pos;
- size_t size;
-};
-
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
- struct CBC *cbc = ctx;
-
- if (cbc->pos + size * nmemb > cbc->size)
- return 0; /* overflow */
- memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
- cbc->pos += size * nmemb;
- return size * nmemb;
-}
-
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
- FILE *file = cls;
- fseek (file, pos, SEEK_SET);
- return fread (buf, 1, max, file);
-}
-
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
- const char *url, const char *method, const char *upload_data,
- const char *version, unsigned int *upload_data_size, void **ptr)
-{
- static int aptr;
- struct MHD_Response *response;
- int ret;
- FILE *file;
- struct stat buf;
-
- if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
- return MHD_NO; /* unexpected method */
- if (&aptr != *ptr)
- {
- /* do never respond on first call */
- *ptr = &aptr;
- return MHD_YES;
- }
- *ptr = NULL; /* reset when done */
-
- file = fopen (url, "r");
- if (file == NULL)
- {
- response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
- (void *) PAGE_NOT_FOUND,
- MHD_NO, MHD_NO);
- ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
- MHD_destroy_response (response);
- }
- else
- {
- stat (url, &buf);
- response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */
- &file_reader, file,
- (MHD_ContentReaderFreeCallback)
- & fclose);
- ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
- MHD_destroy_response (response);
- }
- return ret;
-}
-
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
- CURL *c;
- CURLcode errornum;
- struct CBC cbc;
- char *doc_path;
- char url[255];
- struct stat statb;
-
- stat (test_file_name, &statb);
-
- int len = statb.st_size;
-
- /* used to memcmp local copy & deamon supplied copy */
- unsigned char *mem_test_file_local;
-
- /* setup test file path, url */
- doc_path = get_current_dir_name ();
-
- if (NULL == (mem_test_file_local = malloc (len)))
- {
- fclose (test_fd);
- fprintf (stderr, MHD_E_MEM);
- return -1;
- }
-
- fseek (test_fd, 0, SEEK_SET);
- if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
- {
- fclose (test_fd);
- fprintf (stderr, "Error: failed to read test file. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
- {
- fclose (test_fd);
- fprintf (stderr, MHD_E_MEM);
- return -1;
- }
- cbc.size = len;
- cbc.pos = 0;
-
- /* construct url - this might use doc_path */
- sprintf (url, "%s%s/%s", "https://localhost:42433",
- doc_path, test_file_name);
-
- c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
- curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
- curl_easy_setopt (c, CURLOPT_URL, url);
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-
- /* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- /* currently skip any peer authentication */
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
- if (CURLE_OK != (errornum = curl_easy_perform (c)))
- {
- fprintf (stderr, "curl_easy_perform failed: `%s'\n",
- curl_easy_strerror (errornum));
- curl_easy_cleanup (c);
- return errornum;
- }
-
- curl_easy_cleanup (c);
-
- if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
- {
- fprintf (stderr, "Error: local file & received file differ.\n");
- free (cbc.buf);
- free (mem_test_file_local);
- return -1;
- }
-
- free (mem_test_file_local);
- free (cbc.buf);
- free (doc_path);
- return 0;
-}
-
-static FILE *
-setupTestFile ()
-{
- FILE *test_fd;
-
- if (NULL == (test_fd = fopen (test_file_name, "w+")))
- {
- fprintf (stderr, "Error: failed to open `%s': %s\n",
- test_file_name, strerror (errno));
- return NULL;
- }
- if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
- != strlen (test_file_data))
- {
- fprintf (stderr, "Error: failed to write `%s. %s'\n",
- test_file_name, strerror (errno));
- return NULL;
- }
- if (fflush (test_fd))
- {
- fprintf (stderr, "Error: failed to flush test file stream. %s\n",
- strerror (errno));
- return NULL;
- }
-
- return test_fd;
-}
-
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
- *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, 42433,
- NULL, NULL, &http_ahc, NULL, arg_list);
-
- if (*d == NULL)
- {
- fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
- }
-
- return 0;
-}
-
-static void
-teardown (struct MHD_Daemon *d)
-{
- MHD_stop_daemon (d);
-}
-
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
- (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
- FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
- int ret;
- va_list arg_list;
- struct MHD_Daemon *d;
-
- va_start (arg_list, proto_version);
- if (setup (&d, arg_list) != 0)
- {
- va_end (arg_list);
- return -1;
- }
-
- fprintf (stdout, "running test: %s ", test_name);
- ret = test (test_fd, cipher_suite, proto_version);
-
- if (ret == 0)
- {
- fprintf (stdout, "[pass]\n");
- }
- else
- {
- fprintf (stdout, "[fail]\n");
- }
-
- teardown (d);
- va_end (arg_list);
- return ret;
-}
-
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
- int curl_proto_version)
-{
- CURL *c;
- CURLcode errornum;
-
- c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
- curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
- curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-
- /* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-
- /* assert daemon rejected request */
- if (CURLE_OK == (errornum = curl_easy_perform (c)))
- {
- fprintf (stderr, "curl_easy_perform failed: `%s'\n",
- curl_easy_strerror (errornum));
- curl_easy_cleanup (c);
- return -1;
- }
-
- return 0;
-}
-
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
- FILE *test_fd;
- unsigned int errorCount = 0;
-
- MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return -1;
- }
-
- if ((test_fd = setupTestFile ()) == NULL)
- {
- fprintf (stderr, MHD_E_TEST_FILE_CREAT);
- return -1;
- }
-
- if (0 != curl_global_init (CURL_GLOBAL_ALL))
- {
- fprintf (stderr, "Error: %s\n", strerror (errno));
- return -1;
- }
-
- int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
- errorCount +=
- test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd,
- "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1,
- MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
- MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
-
- if (errorCount != 0)
- fprintf (stderr, "Failed test: %s.\n", argv[0]);
-
- curl_global_cleanup ();
- fclose (test_fd);
-
- remove (test_file_name);
-
- return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_daemon_options_dh_test.c b/src/testcurl/https/tls_daemon_options_dh_test.c
@@ -1,397 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file tls_daemon_options_dh_test.c
- * @brief Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-
-#include <sys/stat.h>
-
-#include "gnutls.h"
-#include <curl/curl.h>
-
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-
-#include "tls_test_keys.h"
-
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-
-int curl_check_version (const char *req_version, ...);
-
-struct CBC
-{
- char *buf;
- size_t pos;
- size_t size;
-};
-
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
- struct CBC *cbc = ctx;
-
- if (cbc->pos + size * nmemb > cbc->size)
- return 0; /* overflow */
- memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
- cbc->pos += size * nmemb;
- return size * nmemb;
-}
-
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
- FILE *file = cls;
- fseek (file, pos, SEEK_SET);
- return fread (buf, 1, max, file);
-}
-
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
- const char *url, const char *method, const char *upload_data,
- const char *version, unsigned int *upload_data_size, void **ptr)
-{
- static int aptr;
- struct MHD_Response *response;
- int ret;
- FILE *file;
- struct stat buf;
-
- if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
- return MHD_NO; /* unexpected method */
- if (&aptr != *ptr)
- {
- /* do never respond on first call */
- *ptr = &aptr;
- return MHD_YES;
- }
- *ptr = NULL; /* reset when done */
-
- file = fopen (url, "r");
- if (file == NULL)
- {
- response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
- (void *) PAGE_NOT_FOUND,
- MHD_NO, MHD_NO);
- ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
- MHD_destroy_response (response);
- }
- else
- {
- stat (url, &buf);
- response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */
- &file_reader, file,
- (MHD_ContentReaderFreeCallback)
- & fclose);
- ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
- MHD_destroy_response (response);
- }
- return ret;
-}
-
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
- CURL *c;
- CURLcode errornum;
- struct CBC cbc;
- char *doc_path;
- char url[255];
- struct stat statb;
-
- stat (test_file_name, &statb);
-
- int len = statb.st_size;
-
- /* used to memcmp local copy & deamon supplied copy */
- unsigned char *mem_test_file_local;
-
- /* setup test file path, url */
- doc_path = get_current_dir_name ();
-
- if (NULL == (mem_test_file_local = malloc (len)))
- {
- fclose (test_fd);
- fprintf (stderr, MHD_E_MEM);
- return -1;
- }
-
- fseek (test_fd, 0, SEEK_SET);
- if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
- {
- fclose (test_fd);
- fprintf (stderr, "Error: failed to read test file. %s\n",
- strerror (errno));
- return -1;
- }
-
- if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
- {
- fclose (test_fd);
- fprintf (stderr, MHD_E_MEM);
- return -1;
- }
- cbc.size = len;
- cbc.pos = 0;
-
- /* construct url - this might use doc_path */
- sprintf (url, "%s%s/%s", "https://localhost:42433",
- doc_path, test_file_name);
-
- c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
- curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
- curl_easy_setopt (c, CURLOPT_URL, url);
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-
- /* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- /* currently skip any peer authentication */
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
- if (CURLE_OK != (errornum = curl_easy_perform (c)))
- {
- fprintf (stderr, "curl_easy_perform failed: `%s'\n",
- curl_easy_strerror (errornum));
- curl_easy_cleanup (c);
- return errornum;
- }
-
- curl_easy_cleanup (c);
-
- if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
- {
- fprintf (stderr, "Error: local file & received file differ.\n");
- free (cbc.buf);
- free (mem_test_file_local);
- return -1;
- }
-
- free (mem_test_file_local);
- free (cbc.buf);
- free (doc_path);
- return 0;
-}
-
-FILE *
-setupTestFile ()
-{
- FILE *test_fd;
-
- if (NULL == (test_fd = fopen (test_file_name, "w+")))
- {
- fprintf (stderr, "Error: failed to open `%s': %s\n",
- test_file_name, strerror (errno));
- return NULL;
- }
- if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
- != strlen (test_file_data))
- {
- fprintf (stderr, "Error: failed to write `%s. %s'\n",
- test_file_name, strerror (errno));
- return NULL;
- }
- if (fflush (test_fd))
- {
- fprintf (stderr, "Error: failed to flush test file stream. %s\n",
- strerror (errno));
- return NULL;
- }
-
- return test_fd;
-}
-
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
- *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
- MHD_USE_DEBUG, 42433,
- NULL, NULL, &http_ahc, NULL, arg_list);
-
- if (*d == NULL)
- {
- fprintf (stderr, MHD_E_SERVER_INIT);
- return -1;
- }
-
- return 0;
-}
-
-static void
-teardown (struct MHD_Daemon *d)
-{
- MHD_stop_daemon (d);
-}
-
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
- (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
- FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
- int ret;
- va_list arg_list;
- struct MHD_Daemon *d;
-
- va_start (arg_list, proto_version);
- if (setup (&d, arg_list) != 0)
- {
- va_end (arg_list);
- return -1;
- }
-
- fprintf (stdout, "running test: %s ", test_name);
- ret = test (test_fd, cipher_suite, proto_version);
-
- if (ret == 0)
- {
- fprintf (stdout, "[pass]\n");
- }
- else
- {
- fprintf (stdout, "[fail]\n");
- }
-
- teardown (d);
- va_end (arg_list);
- return ret;
-}
-
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
- int curl_proto_version)
-{
- CURL *c;
- CURLcode errornum;
-
- c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
- curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
- curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-
- /* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-
- /* assert daemon rejected request */
- if (CURLE_OK == (errornum = curl_easy_perform (c)))
- {
- fprintf (stderr, "curl_easy_perform failed: `%s'\n",
- curl_easy_strerror (errornum));
- curl_easy_cleanup (c);
- return -1;
- }
-
- return 0;
-}
-
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
- FILE *test_fd;
- unsigned int errorCount = 0;
-
- MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-
- if (curl_check_version (MHD_REQ_CURL_VERSION))
- {
- return -1;
- }
-
- if ((test_fd = setupTestFile ()) == NULL)
- {
- fprintf (stderr, MHD_E_TEST_FILE_CREAT);
- return -1;
- }
-
- if (0 != curl_global_init (CURL_GLOBAL_ALL))
- {
- fprintf (stderr, "Error: %s\n", strerror (errno));
- return -1;
- }
-
- int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
- int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-
- errorCount +=
- test_wrap ("kx ANON_DH", &test_https_transfer, test_fd,
- "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
- MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
- MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
- kx, MHD_OPTION_END);
- if (errorCount != 0)
- fprintf (stderr, "Failed test: %s.\n", argv[0]);
-
- curl_global_cleanup ();
- fclose (test_fd);
-
- remove (test_file_name);
-
- return errorCount != 0;
-}
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
@@ -222,7 +222,7 @@ test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
return 0;
}
-FILE *
+static FILE *
setupTestFile ()
{
FILE *test_fd;
@@ -381,7 +381,8 @@ main (int argc, char *const *argv)
int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
errorCount +=
- test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA",
+ test_wrap ("https_transfer", &test_https_transfer,
+ test_fd, "AES256-SHA",
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -389,9 +390,11 @@ main (int argc, char *const *argv)
errorCount +=
test_wrap ("protocol_version", &test_protocol_version, test_fd,
- "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ "AES256-SHA", CURL_SSLVERSION_TLSv1,
+ MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
- srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p,
+ srv_self_signed_cert_pem,
+ MHD_OPTION_PROTOCOL_VERSION, p,
MHD_OPTION_END);
errorCount +=
test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd,
