commit 92b638cf8467f90b6e345046bedd627bf00b8707
parent 8524a6cfe99a34f776a334652c8558b45792ab12
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 18 Nov 2010 22:11:38 +0000
patch fixing #1619
Diffstat:
12 files changed, 105 insertions(+), 24 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Thu Nov 18 23:10:36 CET 2010
+ Fixing #1619 (testcases not working with NSS on Fedora). -CG/timn
+
Thu Nov 18 22:55:58 CET 2010
Fixing #1621 (socket not closed under certain circumstances). -CG/jaredc
diff --git a/configure.ac b/configure.ac
@@ -211,9 +211,11 @@ then
MHD_REQ_CURL_VERSION=7.16.4
MHD_REQ_CURL_OPENSSL_VERSION=0.9.8
MHD_REQ_CURL_GNUTLS_VERSION=2.8.6
+ MHD_REQ_CURL_NSS_VERSION=3.12.0
AC_DEFINE_UNQUOTED([MHD_REQ_CURL_VERSION], "$MHD_REQ_CURL_VERSION", [required cURL version to run tests])
AC_DEFINE_UNQUOTED([MHD_REQ_CURL_OPENSSL_VERSION], "$MHD_REQ_CURL_OPENSSL_VERSION", [required cURL SSL version to run tests])
AC_DEFINE_UNQUOTED([MHD_REQ_CURL_GNUTLS_VERSION], "$MHD_REQ_CURL_GNUTLS_VERSION", [gnuTLS lib version - used in conjunction with cURL])
+ AC_DEFINE_UNQUOTED([MHD_REQ_CURL_NSS_VERSION], "$MHD_REQ_CURL_NSS_VERSION", [NSS lib version - used in conjunction with cURL])
fi
LIBS=$SAVE_LIBS
AM_CONDITIONAL(HAVE_CURL, test x$curl = x1)
diff --git a/src/testcurl/curl_version_check.c b/src/testcurl/curl_version_check.c
@@ -67,6 +67,13 @@ parse_version_string (const char *s, int *major, int *minor, int *micro)
return s;
}
+#if HTTPS_SUPPORT
+int
+curl_uses_nss_ssl()
+{
+ return (strstr(curl_version(), " NSS/") != NULL) ? 0 : -1;
+}
+#endif
/*
* check local libcurl version matches required version
@@ -135,6 +142,11 @@ curl_check_version (const char *req_version)
ssl_ver = strchr (ssl_ver, '/');
req_ssl_ver = MHD_REQ_CURL_OPENSSL_VERSION;
}
+ else if (strncmp ("NSS", ssl_ver, strlen ("NSS")) == 0)
+ {
+ ssl_ver = strchr (ssl_ver, '/');
+ req_ssl_ver = MHD_REQ_CURL_NSS_VERSION;
+ }
else
{
fprintf (stderr, "Error: unrecognized curl ssl library\n");
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
@@ -46,7 +46,7 @@ tls_session_time_out_test_SOURCES = \
tls_session_time_out_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
tls_daemon_options_test_SOURCES = \
tls_daemon_options_test.c \
@@ -54,7 +54,7 @@ tls_daemon_options_test_SOURCES = \
tls_daemon_options_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
tls_thread_mode_test_SOURCES = \
tls_thread_mode_test.c \
@@ -62,7 +62,7 @@ tls_thread_mode_test_SOURCES = \
tls_thread_mode_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
tls_multi_thread_mode_test_SOURCES = \
tls_multi_thread_mode_test.c \
@@ -70,7 +70,7 @@ tls_multi_thread_mode_test_SOURCES = \
tls_multi_thread_mode_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
tls_authentication_test_SOURCES = \
tls_authentication_test.c \
@@ -78,7 +78,7 @@ tls_authentication_test_SOURCES = \
tls_authentication_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
mhds_session_info_test_SOURCES = \
mhds_session_info_test.c \
@@ -86,7 +86,7 @@ mhds_session_info_test_SOURCES = \
mhds_session_info_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
mhds_multi_daemon_test_SOURCES = \
mhds_multi_daemon_test.c \
@@ -94,7 +94,7 @@ mhds_multi_daemon_test_SOURCES = \
mhds_multi_daemon_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
mhds_get_test_SOURCES = \
mhds_get_test.c \
@@ -102,7 +102,7 @@ mhds_get_test_SOURCES = \
mhds_get_test_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
mhds_get_test_select_SOURCES = \
@@ -111,4 +111,5 @@ mhds_get_test_select_SOURCES = \
mhds_get_test_select_LDADD = \
$(top_builddir)/src/testcurl/libcurl_version_check.a \
$(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
+ @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@
+
diff --git a/src/testcurl/https/mhds_get_test.c b/src/testcurl/https/mhds_get_test.c
@@ -33,6 +33,7 @@
#include "tls_test_common.h"
int curl_check_version (const char *req_version, ...);
+int curl_uses_nss_ssl ();
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
extern const char srv_signed_cert_pem[];
@@ -101,12 +102,24 @@ main (int argc, char *const *argv)
fprintf (stderr, "Error: %s\n", strerror (errno));
return -1;
}
+
+ char *aes256_sha_tlsv1 = "AES256-SHA";
+ char *aes256_sha_sslv3 = "AES256-SHA";
+ char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA";
+
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha_tlsv1 = "rsa_aes_256_sha";
+ aes256_sha_sslv3 = "rsa_aes_256_sha";
+ des_cbc3_sha_tlsv1 = "rsa_aes_128_sha";
+ }
+
errorCount +=
- test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
errorCount +=
- test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+ test_secure_get (NULL, aes256_sha_sslv3, CURL_SSLVERSION_SSLv3);
errorCount +=
- test_cipher_option (NULL, "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1);
+ test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, argv[0]);
diff --git a/src/testcurl/https/mhds_get_test_select.c b/src/testcurl/https/mhds_get_test_select.c
@@ -33,6 +33,7 @@
#include "tls_test_common.h"
int curl_check_version (const char *req_version, ...);
+int curl_uses_nss_ssl ();
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
extern const char srv_signed_cert_pem[];
@@ -100,10 +101,20 @@ testExternalGet ()
MHD_OPTION_END);
if (d == NULL)
return 256;
+
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
c = curl_easy_init ();
curl_easy_setopt (c, CURLOPT_URL, "https://localhost:1082/hello_world");
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
+ /* TLS options */
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
diff --git a/src/testcurl/https/mhds_multi_daemon_test.c b/src/testcurl/https/mhds_multi_daemon_test.c
@@ -106,9 +106,14 @@ main (int argc, char *const *argv)
return -1;
}
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
errorCount +=
- test_concurent_daemon_pair (NULL, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+ test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3);
print_test_result (errorCount, "concurent_daemon_pair");
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c
@@ -116,6 +116,12 @@ test_query_session ()
if (d == NULL)
return 2;
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
c = curl_easy_init ();
#if DEBUG_HTTPS_TEST
curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
@@ -128,7 +134,7 @@ test_query_session ()
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, "AES256-SHA");
+ curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
/* currently skip any peer authentication */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c
@@ -62,7 +62,7 @@ test_secure_get (void * cls, char *cipher_suite, int proto_version)
return -1;
}
- ret = test_daemon_get (NULL, cipher_suite, proto_version, DEAMON_TEST_PORT, 1);
+ ret = test_daemon_get (NULL, cipher_suite, proto_version, DEAMON_TEST_PORT, 0);
MHD_stop_daemon (d);
return ret;
@@ -86,8 +86,14 @@ main (int argc, char *const *argv)
return -1;
}
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
errorCount +=
- test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, argv[0]);
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
@@ -94,10 +94,20 @@ main (int argc, char *const *argv)
fprintf (stderr, "Error: %s\n", strerror (errno));
return 0;
}
+
+ char *aes128_sha = "AES128-SHA";
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes128_sha = "rsa_aes_128_sha";
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
+
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
- "AES128-SHA1",
+ aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -106,7 +116,7 @@ main (int argc, char *const *argv)
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
- "AES128-SHA1",
+ aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -116,7 +126,7 @@ main (int argc, char *const *argv)
errorCount +=
test_wrap ("SSL3.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
- "AES128-SHA1",
+ aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -141,7 +151,7 @@ main (int argc, char *const *argv)
errorCount +=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
- "AES256-SHA",
+ aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
diff --git a/src/testcurl/https/tls_multi_thread_mode_test.c b/src/testcurl/https/tls_multi_thread_mode_test.c
@@ -136,11 +136,17 @@ main (int argc, char *const *argv)
return -1;
}
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
errorCount +=
test_wrap ("multi threaded daemon, single client", &test_single_client,
NULL,
MHD_USE_SSL | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
- "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
@@ -148,7 +154,7 @@ main (int argc, char *const *argv)
test_wrap ("multi threaded daemon, parallel client",
&test_parallel_clients, NULL,
MHD_USE_SSL | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
- "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
diff --git a/src/testcurl/https/tls_thread_mode_test.c b/src/testcurl/https/tls_thread_mode_test.c
@@ -137,11 +137,17 @@ main (int argc, char *const *argv)
return -1;
}
+ char *aes256_sha = "AES256-SHA";
+ if (curl_uses_nss_ssl() == 0)
+ {
+ aes256_sha = "rsa_aes_256_sha";
+ }
+
errorCount +=
test_wrap ("single threaded daemon, single client", &test_single_client,
NULL,
MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
- "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
@@ -149,7 +155,7 @@ main (int argc, char *const *argv)
test_wrap ("single threaded daemon, parallel clients",
&test_parallel_clients, NULL,
MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
- "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
