commit c5ad835c7cf6c02bc5445f8b3ed47925bded90f7
parent 63f23d21318034a669b1f40954041d3c1bda8ede
Author: lv-426 <oxcafebaby@yahoo.com>
Date: Thu, 14 Aug 2008 16:13:04 +0000
bind option uses sockaddr - [ ! MHD_USE_IPv6 should be removed in favor of a generic addrlen argument ]
openpgp support currently disabled
Diffstat:
26 files changed, 546 insertions(+), 1837 deletions(-)
diff --git a/configure.ac b/configure.ac
@@ -226,9 +226,10 @@ AC_ARG_ENABLE([OpenPGP],
[enable_openpgp=$enableval],
[enable_openpgp="no"])
AC_MSG_RESULT($enable_openpgp)
+# currently we ignore this option.
if test "$enable_openpgp" = "yes"
then
- AC_DEFINE([ENABLE_OPENPGP],[1],[Include OpenGPG support])
+ AC_DEFINE([ENABLE_OPENPGP],[0],[Include OpenGPG support])
else
AC_DEFINE([ENABLE_OPENPGP],[0],[Include OpenGPG support])
fi
@@ -306,8 +307,6 @@ src/daemon/https/Makefile
src/daemon/https/tls/Makefile
src/daemon/https/x509/Makefile
src/daemon/https/lgl/Makefile
-src/daemon/https/openpgp/Makefile
-src/daemon/https/opencdk/Makefile
src/daemon/https/minitasn1/Makefile
src/examples/Makefile
src/testcurl/Makefile
diff --git a/src/daemon/connection.c b/src/daemon/connection.c
@@ -149,9 +149,9 @@ MHD_get_connection_values (struct MHD_Connection *connection,
/**
* This function can be used to add an entry to
- * the HTTP headers of a connection (so that the
+ * the HTTP headers of a connection (so that the
* MHD_get_connection_values function will return
- * them -- and the MHD PostProcessor will also
+ * them -- and the MHD PostProcessor will also
* see them). This maybe required in certain
* situations (see Mantis #1399) where (broken)
* HTTP implementations fail to supply values needed
@@ -176,10 +176,10 @@ MHD_get_connection_values (struct MHD_Connection *connection,
* performed due to insufficient memory;
* MHD_YES on success
*/
-int
+int
MHD_set_connection_value (struct MHD_Connection *connection,
enum MHD_ValueKind kind,
- const char *key,
+ const char *key,
const char *value)
{
struct MHD_HTTP_Header * pos;
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
@@ -32,7 +32,6 @@
#include "response.h"
#include "reason_phrase.h"
-#include "microhttpd.h"
/* get opaque type */
#include "gnutls_int.h"
#include "gnutls_record.h"
@@ -45,15 +44,57 @@ int MHD_connection_handle_read (struct MHD_Connection *connection);
int MHD_connection_handle_write (struct MHD_Connection *connection);
int MHD_connection_handle_idle (struct MHD_Connection *connection);
-/*
+/**
+ * retrieve session info
+ *
+ * @param connection: from which to retrieve data
+ * @return: an appropriate 'union MHD_SessionInfo' with the requested connection data or 'null_info' in an invalid request has been received.
+ */
+union MHD_SessionInfo
+MHD_get_session_info ( struct MHD_Connection * connection, enum MHD_InfoType infoType)
+{
+ /* return NULL if this isn't a SSL/TLS type connection */
+ if (connection->tls_session == NULL)
+ {
+ /* TODO clean */
+ return (union MHD_SessionInfo) 0;
+ }
+ switch (infoType)
+ {
+#if HTTPS_SUPPORT
+ case MHS_INFO_CIPHER_ALGO:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ read_bulk_cipher_algorithm;
+ case MHD_INFO_KX_ALGO:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ kx_algorithm;
+ case MHD_INFO_CREDENTIALS_TYPE:
+ return (union MHD_SessionInfo) connection->tls_session->key->cred->algorithm;
+ case MHD_INFO_MAC_ALGO:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ read_mac_algorithm;
+ case MHD_INFO_COMPRESSION_METHOD:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ read_compression_algorithm;
+ case MHD_INFO_PROTOCOL:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ version;
+ case MHD_INFO_CERT_TYPE:
+ return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+ cert_type;
+#endif
+ };
+ return (union MHD_SessionInfo) 0;
+}
+
+/**
* This function is called once a secure connection has been marked
* for closure.
*
- * @param :
- * @return:
+ * @param connection: the connection to close
*/
static void
-MHD_tls_connection_close (struct MHD_Connection *connection)
+MHD_tls_connection_close (struct MHD_Connection * connection)
{
MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
connection->tls_session->internals.read_eof = 1;
@@ -72,7 +113,13 @@ MHD_tls_connection_close (struct MHD_Connection *connection)
MHD_TLS_REQUEST_TERMINATED_COMPLETED_OK);
}
-/* TODO - we might want to send raw RST packets here... */
+/**
+ * This function is called once a secure connection has been marked
+ * for closure.
+ *
+ * @param connection: the connection to close
+ * @param termination_code: the termination code with which the notify completed callback function is called.
+ */
static void
MHD_tls_connection_close_err (struct MHD_Connection *connection,
enum MHD_RequestTerminationCode
@@ -91,44 +138,19 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection,
termination_code);
}
-union MHD_SessionInfo
-MHD_get_session_info (struct MHD_Connection *con, enum MHD_InfoType infoType)
-{
- /* return NULL if this isn't a SSL/TLS type connection */
- if (con->tls_session == NULL)
- {
- /* TODO clean */
- return (union MHD_SessionInfo) 0;
- }
- switch (infoType)
- {
- case MHS_INFO_CIPHER_ALGO:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- read_bulk_cipher_algorithm;
- case MHD_INFO_KX_ALGO:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- kx_algorithm;
- case MHD_INFO_CREDENTIALS_TYPE:
- return (union MHD_SessionInfo) con->tls_session->key->cred->algorithm;
- case MHD_INFO_MAC_ALGO:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- read_mac_algorithm;
- case MHD_INFO_COMPRESSION_METHOD:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- read_compression_algorithm;
- case MHD_INFO_PROTOCOL:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- version;
- case MHD_INFO_CERT_TYPE:
- return (union MHD_SessionInfo) con->tls_session->security_parameters.
- cert_type;
- };
- return (union MHD_SessionInfo) 0;
-}
+/**
+ * @name : MHDS_con_read
+ *
+ * reads data from the TLS record protocol
+ * @param connection: is a %MHD_Connection structure.
+ * @return: number of bytes received and zero on EOF. A negative
+ * error code is returned in case of an error.
+ **/
static ssize_t
-MHDS_con_read (struct MHD_Connection *connection)
+MHDS_con_read (struct MHD_Connection * connection)
{
+ /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */
ssize_t size = MHD_gnutls_record_recv (connection->tls_session,
&connection->read_buffer[connection->
read_buffer_offset],
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
@@ -818,14 +818,14 @@ MHD_start_daemon_va (unsigned int options,
{
const int on = 1;
struct MHD_Daemon *retVal;
- char * daemon_ip_addr = 0;
+ void * daemon_ip_addr;
/* listeningss sockets used by the daemon */
int socket_fd;
struct sockaddr_in servaddr4;
struct sockaddr_in6 servaddr6;
- const struct sockaddr *servaddr;
+ const struct sockaddr *servaddr = 0;
socklen_t addrlen;
enum MHD_OPTION opt;
@@ -890,8 +890,8 @@ MHD_start_daemon_va (unsigned int options,
case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
break;
- case MHD_OPTION_IP_ADDR:
- daemon_ip_addr = va_arg (ap, const char *);
+ case MHD_OPTION_SOCK_ADDR:
+ servaddr = va_arg (ap, struct sockaddr *);
break;
#if HTTPS_SUPPORT
case MHD_OPTION_PROTOCOL_VERSION:
@@ -965,19 +965,21 @@ MHD_start_daemon_va (unsigned int options,
fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno));
#endif
}
- if ((options & MHD_USE_IPv6) != 0)
+
+ /* check for user supplied sockaddr */
+ if (servaddr) {
+ if (options & MHD_USE_IPv6){
+ addrlen = sizeof (struct sockaddr_in6);
+ }
+ else{
+ addrlen = sizeof (struct sockaddr_in);
+ }
+ }
+ else if ((options & MHD_USE_IPv6) != 0)
{
memset (&servaddr6, 0, sizeof (struct sockaddr_in6));
servaddr6.sin6_family = AF_INET6;
servaddr6.sin6_port = htons (port);
- if (daemon_ip_addr && inet_pton (AF_INET6, daemon_ip_addr, &servaddr6.sin6_addr) <= 0){
- #if HAVE_MESSAGES
- if ((options & MHD_USE_DEBUG) != 0)
- fprintf (stderr,
- "Failed to parse given daemon ipv6 inet address: %s\n", daemon_ip_addr );
- return NULL;
- #endif
- }
servaddr = (struct sockaddr *) &servaddr6;
addrlen = sizeof (struct sockaddr_in6);
}
@@ -986,14 +988,6 @@ MHD_start_daemon_va (unsigned int options,
memset (&servaddr4, 0, sizeof (struct sockaddr_in));
servaddr4.sin_family = AF_INET;
servaddr4.sin_port = htons (port);
- if (daemon_ip_addr && inet_pton (AF_INET, daemon_ip_addr, &servaddr4.sin_addr) <= 0){
-#if HAVE_MESSAGES
- if ((options & MHD_USE_DEBUG) != 0)
- fprintf (stderr,
- "Failed to parse given daemon ipv4 inet address: %s\n", daemon_ip_addr );
- return NULL;
-#endif
- }
servaddr = (struct sockaddr *) &servaddr4;
addrlen = sizeof (struct sockaddr_in);
}
diff --git a/src/daemon/https/Makefile.am b/src/daemon/https/Makefile.am
@@ -2,18 +2,5 @@
SUBDIRS = minitasn1 lgl x509 tls
if ENABLE_OPENPGP
-SUBDIRS += opencdk openpgp
+# SUBDIRS += opencdk openpgp
endif
-
-#noinst_PROGRAMS = errcodes
-#errcodes_SOURCES = errcodes.c
-#errcodes_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBTASN1_LIBS)
-
-# gnutls_serv_SOURCES = serv.gaa serv-gaa.h serv-gaa.c list.h serv.c common.h common.c select.c
-# srptool_SOURCES = crypt.gaa crypt-gaa.h crypt-gaa.c crypt.c
-# gnutls_cli_debug_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c \
-# tls_test.c tests.h tests.c common.h common.c
-# certtool_SOURCES = certtool.gaa certtool-gaa.h certtool-cfg.h \
-# certtool-gaa.c certtool.c prime.c certtool-cfg.c
-
-EXTRA_DIST = gnutls.h
diff --git a/src/daemon/https/compat.h b/src/daemon/https/compat.h
@@ -1,98 +0,0 @@
-/* Typedefs to be fully compatible with the types of
- * GnuTLS 1.0.x.
- */
-
-#include "gnutls.h"
-
-#ifndef GCOMPAT_H
-# define GCOMPAT_H
-
-#ifdef __GNUC__
-
-#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
-
-#if _GNUTLS_GCC_VERSION >= 30100
-#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
-#endif
-
-#endif /* __GNUC__ */
-
-#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
-#define _GNUTLS_GCC_ATTR_DEPRECATED
-#endif
-
-#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
-#define gnutls_kx_algorithm gnutls_kx_algorithm_t
-#define gnutls_paramsype gnutls_paramsype_t
-#define gnutls_mac_algorithm gnutls_mac_algorithm_t
-#define gnutls_digest_algorithm gnutls_digest_algorithm_t
-#define gnutls_compression_method gnutls_compression_method_t
-#define gnutls_connection_end gnutls_connection_end_t
-#define gnutls_credentialsype gnutls_credentialsype_t
-#define gnutls_certificateype gnutls_certificateype_t
-#define gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t
-#define gnutls_openpgp_key_fmt gnutls_openpgp_key_fmt_t
-#define gnutls_pk_algorithm gnutls_pk_algorithm_t
-#define gnutls_sign_algorithm gnutls_sign_algorithm_t
-#define gnutls_server_name gnutls_server_nameype_t
-#define gnutls_protocol gnutls_protocol_version_t
-#define gnutls_close_request gnutls_close_request_t
-#define gnutls_openpgp_key_status gnutls_openpgp_key_status_t
-#define gnutls_certificate_request gnutls_certificate_request_t
-#define gnutls_certificate_status gnutls_certificate_status_t
-#define gnutls_session mhd_gtls_session_t
-#define gnutls_alert_level gnutls_alert_level_t
-#define gnutls_alert_description gnutls_alert_description_t
-#define gnutls_x509_subject_alt_name gnutls_x509_subject_alt_name_t
-#define gnutls_openpgp_key gnutls_openpgp_key_t
-#define gnutls_openpgp_privkey gnutls_openpgp_privkey_t
-#define gnutls_openpgp_keyring gnutls_openpgp_keyring_t
-#define gnutls_x509_crt gnutls_x509_crt_t
-#define gnutls_x509_privkey gnutls_x509_privkey_t
-#define gnutls_x509_crl gnutls_x509_crl_t
-#define gnutls_pkcs7 gnutls_pkcs7_t
-#define gnutls_x509_crq gnutls_x509_crq_t
-#define gnutls_pkcs_encrypt_flags gnutls_pkcs_encrypt_flags_t
-#define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
-#define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
-#define gnutls_pkcs12 gnutls_pkcs12_t
-#define gnutls_certificate_credentials mhd_gtls_cert_credentials_t
-#define gnutls_anon_server_credentials mhd_gtls_anon_server_credentials_t
-#define gnutls_anon_client_credentials mhd_gtls_anon_client_credentials_t
-#define gnutls_srp_client_credentials gnutls_srp_client_credentials_t
-#define gnutls_srp_server_credentials gnutls_srp_server_credentials_t
-#define gnutls_dh_params mhd_gtls_dh_params_t
-#define gnutls_rsa_params mhd_gtls_rsa_params_t
-#define gnutls_params_type gnutls_params_type_t
-#define gnutls_credentials_type gnutls_credentials_type_t
-#define gnutls_certificate_type gnutls_certificate_type_t
-#define gnutls_datum gnutls_datum_t
-#define gnutls_transport_ptr gnutls_transport_ptr_t
-
-/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
- modified to use the PSK alert. */
-#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
-#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
-
-/* OpenPGP stuff renamed in 2.1.x. */
-#define gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
-#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
-#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
-#define gnutls_openpgp_send_key MHD_gtls_openpgp_send_cert
-#define gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
-#define gnutls_openpgp_key_t gnutls_openpgp_crt_t
-#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
-#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
-#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
-#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
-#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
-#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
-#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
-#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
-#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
-#define gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
-#define gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
-#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
-#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
-
-#endif /* GCOMPAT_H */
diff --git a/src/daemon/https/extra.h b/src/daemon/https/extra.h
@@ -60,22 +60,23 @@ extern "C"
*
*/
typedef int (*mhd_gtls_openpgp_recv_key_func) (mhd_gtls_session_t session,
- const unsigned char *keyfpr,
- unsigned int keyfpr_length,
- gnutls_datum_t * key);
+ const unsigned char *keyfpr,
+ unsigned int keyfpr_length,
+ gnutls_datum_t * key);
void gnutls_openpgp_set_recv_key_function (mhd_gtls_session_t session,
- mhd_gtls_openpgp_recv_key_func
- func);
+ mhd_gtls_openpgp_recv_key_func
+ func);
int
gnutls_certificate_set_openpgp_key_file (mhd_gtls_cert_credentials_t
- res, const char *CERTFILE,
- const char *KEYFILE, gnutls_openpgp_crt_fmt_t);
- int gnutls_certificate_set_openpgp_key_mem (mhd_gtls_cert_credentials_t
- res,
- const gnutls_datum_t * CERT,
- const gnutls_datum_t * KEY, gnutls_openpgp_crt_fmt_t);
+ res, const char *CERTFILE,
+ const char *KEYFILE,
+ gnutls_openpgp_crt_fmt_t);
+ int gnutls_certificate_set_openpgp_key_mem (mhd_gtls_cert_credentials_t res,
+ const gnutls_datum_t * CERT,
+ const gnutls_datum_t * KEY,
+ gnutls_openpgp_crt_fmt_t);
int
gnutls_certificate_set_openpgp_keyring_mem
@@ -84,11 +85,12 @@ extern "C"
int
gnutls_certificate_set_openpgp_keyring_file
- (mhd_gtls_cert_credentials_t c, const char *file, gnutls_openpgp_crt_fmt_t);
+ (mhd_gtls_cert_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t);
- /* TLS/IA stuff
+ /*
+ * TLS/IA stuff
*/
-
typedef enum
{
GNUTLS_IA_APPLICATION_PAYLOAD = 0,
@@ -96,12 +98,12 @@ extern "C"
GNUTLS_IA_FINAL_PHASE_FINISHED = 2
} gnutls_ia_apptype_t;
- /* TLS/IA credential
+ /*
+ * TLS/IA credential
*/
-
typedef int (*gnutls_ia_avp_func) (mhd_gtls_session_t session, void *ptr,
- const char *last, size_t lastlen,
- char **next, size_t * nextlen);
+ const char *last, size_t lastlen,
+ char **next, size_t * nextlen);
typedef struct gnutls_ia_server_credentials_st
*gnutls_ia_server_credentials_t;
@@ -113,33 +115,33 @@ extern "C"
gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc);
extern int
gnutls_ia_allocate_client_credentials (gnutls_ia_client_credentials_t *
- sc);
+ sc);
extern void
gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc);
extern int
gnutls_ia_allocate_server_credentials (gnutls_ia_server_credentials_t *
- sc);
+ sc);
/* Client TLS/IA credential functions. */
extern void
gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred,
- gnutls_ia_avp_func avp_func);
+ gnutls_ia_avp_func avp_func);
extern void
gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred,
- void *ptr);
+ void *ptr);
extern void *gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t
- cred);
+ cred);
/* Server TLS/IA credential functions. */
extern void
gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred,
- gnutls_ia_avp_func avp_func);
+ gnutls_ia_avp_func avp_func);
extern void
gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred,
- void *ptr);
+ void *ptr);
extern void *gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t
- cred);
+ cred);
/* TLS/IA handshake. */
extern int gnutls_ia_handshake_p (mhd_gtls_session_t session);
@@ -149,29 +151,28 @@ extern "C"
/* TLS/IA low level interface. */
extern int
gnutls_ia_permute_inner_secret (mhd_gtls_session_t session,
- size_t session_keys_size,
- const char *session_keys);
+ size_t session_keys_size,
+ const char *session_keys);
extern int gnutls_ia_endphase_send (mhd_gtls_session_t session,
- int final_p);
+ int final_p);
extern int gnutls_ia_verify_endphase (mhd_gtls_session_t session,
- const char *checksum);
+ const char *checksum);
extern ssize_t gnutls_ia_send (mhd_gtls_session_t session,
- const char *data, size_t sizeofdata);
+ const char *data, size_t sizeofdata);
extern ssize_t gnutls_ia_recv (mhd_gtls_session_t session,
- char *data, size_t sizeofdata);
+ char *data, size_t sizeofdata);
/* Utility stuff. */
extern int gnutls_ia_generate_challenge (mhd_gtls_session_t session,
- size_t buffer_size,
- char *buffer);
+ size_t buffer_size, char *buffer);
extern void gnutls_ia_extract_inner_secret (mhd_gtls_session_t session,
- char *buffer);
+ char *buffer);
/* Define whether inner phases are wanted. */
extern void gnutls_ia_enable (mhd_gtls_session_t session,
- int allow_skip_on_resume);
+ int allow_skip_on_resume);
int gnutls_global_init_extra (void);
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -44,7 +44,6 @@ extern "C"
/* Get size_t. */
#include <stddef.h>
-#include <compat.h>
#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
diff --git a/src/daemon/https/openpgp/openpgp.h b/src/daemon/https/openpgp/openpgp.h
@@ -11,8 +11,8 @@ extern "C"
#endif
#include <gnutls.h>
-#include <gnutls_cert.h>
#include "opencdk.h"
+#include <gnutls_cert.h>
/* Internal context to store the OpenPGP key. */
typedef struct gnutls_openpgp_crt_int
diff --git a/src/daemon/https/tests.c b/src/daemon/https/tests.c
@@ -1,1163 +0,0 @@
-/*
- * Copyright (C) 2004, 2006, 2007 Free Software Foundation
- * Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <gnutls.h>
-#include <extra.h>
-#include <x509.h>
-
-#ifndef _WIN32
-# include <unistd.h>
-# include <signal.h>
-#else
-# include <errno.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <common.h>
-#include <tests.h>
-
-extern gnutls_srp_client_credentials_t srp_cred;
-extern mhd_gtls_anon_client_credentials_t anon_cred;
-extern mhd_gtls_cert_credentials_t xcred;
-
-extern int verbose;
-
-int tls1_ok = 0;
-int ssl3_ok = 0;
-int tls1_1_ok = 0;
-
-/* keep session info */
-static char *session_data = NULL;
-static char session_id[32];
-static size_t session_data_size = 0, session_id_size = 0;
-static int sfree = 0;
-static int handshake_output = 0;
-
-int
-do_handshake (mhd_gtls_session_t session)
-{
- int ret, alert;
-
- do
- {
- ret = MHD_gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
-
- handshake_output = ret;
-
- if (ret < 0 && verbose > 1)
- {
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- alert = gnutls_alert_get (session);
- printf ("\n");
- printf ("*** Received alert [%d]: %s\n",
- alert, MHD_gnutls_alert_get_name (alert));
- }
- }
-
- if (ret < 0)
- return TEST_FAILED;
-
- gnutls_session_get_data (session, NULL, &session_data_size);
-
- if (sfree != 0)
- {
- free (session_data);
- sfree = 0;
- }
- session_data = malloc (session_data_size);
- sfree = 1;
- if (session_data == NULL)
- {
- fprintf (stderr, "Memory error\n");
- exit (1);
- }
- gnutls_session_get_data (session, session_data, &session_data_size);
-
- session_id_size = sizeof (session_id);
- MHD_gtls_session_get_id (session, session_id, &session_id_size);
-
- return TEST_SUCCEED;
-}
-
-static int protocol_priority[16] = { GNUTLS_TLS1, MHD_GNUTLS_SSL3, 0 };
-static const int kx_priority[16] =
- { MHD_GNUTLS_KX_RSA, MHD_GNUTLS_KX_DHE_DSS, MHD_GNUTLS_KX_DHE_RSA,
- MHD_GNUTLS_KX_ANON_DH,
- MHD_GNUTLS_KX_RSA_EXPORT, 0
-};
-static const int cipher_priority[16] =
- { MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128,
- MHD_GNUTLS_CIPHER_ARCFOUR_40, 0
-};
-static const int comp_priority[16] = { MHD_GNUTLS_COMP_NULL, 0 };
-static const int mac_priority[16] =
- { MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_MAC_MD5, 0 };
-static const int cert_type_priority[16] = { MHD_GNUTLS_CRT_X509, 0 };
-
-#define ADD_ALL_CIPHERS(session) MHD_gnutls_cipher_set_priority(session, cipher_priority)
-#define ADD_ALL_COMP(session) MHD_gnutls_compression_set_priority(session, comp_priority)
-#define ADD_ALL_MACS(session) MHD_gnutls_mac_set_priority(session, mac_priority)
-#define ADD_ALL_KX(session) MHD_gnutls_kx_set_priority(session, kx_priority)
-#define ADD_ALL_PROTOCOLS(session) MHD_gnutls_protocol_set_priority(session, protocol_priority)
-#define ADD_ALL_CERTTYPES(session) MHD_gnutls_certificate_type_set_priority(session, cert_type_priority)
-
-static void
-ADD_KX (mhd_gtls_session_t session, int kx)
-{
- static int _kx_priority[] = { 0, 0 };
- _kx_priority[0] = kx;
-
- MHD_gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_KX2 (mhd_gtls_session_t session, int kx1, int kx2)
-{
- static int _kx_priority[] = { 0, 0, 0 };
- _kx_priority[0] = kx1;
- _kx_priority[1] = kx2;
-
- MHD_gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_CIPHER (mhd_gtls_session_t session, int cipher)
-{
- static int _cipher_priority[] = { 0, 0 };
- _cipher_priority[0] = cipher;
-
- MHD_gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_CIPHER4 (mhd_gtls_session_t session, int cipher1, int cipher2, int cipher3,
- int cipher4)
-{
- static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
- _cipher_priority[0] = cipher1;
- _cipher_priority[1] = cipher2;
- _cipher_priority[2] = cipher3;
- _cipher_priority[3] = cipher4;
-
- MHD_gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_MAC (mhd_gtls_session_t session, int mac)
-{
- static int _mac_priority[] = { 0, 0 };
- _mac_priority[0] = mac;
-
- MHD_gnutls_mac_set_priority (session, _mac_priority);
-}
-
-static void
-ADD_COMP (mhd_gtls_session_t session, int c)
-{
- static int _comp_priority[] = { 0, 0 };
- _comp_priority[0] = c;
-
- MHD_gnutls_compression_set_priority (session, _comp_priority);
-}
-
-static void
-ADD_CERTTYPE (mhd_gtls_session_t session, int ctype)
-{
- static int _ct_priority[] = { 0, 0 };
- _ct_priority[0] = ctype;
-
- MHD_gnutls_certificate_type_set_priority (session, _ct_priority);
-}
-
-static void
-ADD_PROTOCOL (mhd_gtls_session_t session, int protocol)
-{
- static int _proto_priority[] = { 0, 0 };
- _proto_priority[0] = protocol;
-
- MHD_gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-static void
-ADD_PROTOCOL3 (mhd_gtls_session_t session, int p1, int p2, int p3)
-{
- static int _proto_priority[] = { 0, 0, 0, 0 };
- _proto_priority[0] = p1;
- _proto_priority[1] = p2;
- _proto_priority[2] = p3;
-
- MHD_gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-#ifdef ENABLE_SRP
-static int srp_detected;
-
-int
-_test_srp_username_callback (mhd_gtls_session_t session,
- char **username, char **password)
-{
- srp_detected = 1;
-
- return -1;
-}
-
-test_code_t
-test_srp (mhd_gtls_session_t session)
-{
- int ret;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX (session, MHD_GNUTLS_KX_SRP);
- srp_detected = 0;
-
- gnutls_srp_set_client_credentials_function (srp_cred,
- _test_srp_username_callback);
-
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_SRP, srp_cred);
-
- ret = do_handshake (session);
-
- gnutls_srp_set_client_credentials_function (srp_cred, NULL);
-
- if (srp_detected != 0)
- return TEST_SUCCEED;
- else
- return TEST_FAILED;
-}
-#endif
-
-test_code_t
-test_server (mhd_gtls_session_t session)
-{
- int ret, i = 0;
- char buf[5 * 1024];
- char *p;
- const char snd_buf[] = "GET / HTTP/1.0\n\n";
-
- if (verbose == 0)
- return TEST_UNSURE;
-
- buf[sizeof (buf) - 1] = 0;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
-
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return TEST_FAILED;
-
- MHD_gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
- ret = MHD_gnutls_record_recv (session, buf, sizeof (buf) - 1);
- if (ret < 0)
- return TEST_FAILED;
-
- p = strstr (buf, "Server:");
- if (p != NULL)
- p = strchr (p, ':');
- if (p != NULL)
- {
- p++;
- while (*p != 0 && *p != '\r' && *p != '\n')
- {
- putc (*p, stdout);
- p++;
- i++;
- if (i > 128)
- break;
- }
- }
-
- return TEST_SUCCEED;
-}
-
-
-static int export_true = 0;
-static gnutls_datum_t exp = { NULL, 0 }, mod =
-
-{
-NULL, 0};
-
-test_code_t
-test_export (mhd_gtls_session_t session)
-{
- int ret;
-
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- if (ret == TEST_SUCCEED)
- {
- export_true = 1;
- MHD_gtls_rsa_export_get_pubkey (session, &exp, &mod);
- }
-
- return ret;
-}
-
-test_code_t
-test_export_info (mhd_gtls_session_t session)
-{
- int ret2, ret;
- gnutls_datum_t exp2, mod2;
- const char *print;
-
- if (verbose == 0 || export_true == 0)
- return TEST_IGNORE;
-
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT);
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- if (ret == TEST_SUCCEED)
- {
- ret2 = MHD_gtls_rsa_export_get_pubkey (session, &exp2, &mod2);
- if (ret2 >= 0)
- {
- printf ("\n");
-
- print = raw_to_string (exp2.data, exp2.size);
- if (print)
- printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
-
- print = raw_to_string (mod2.data, mod2.size);
- if (print)
- printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
-
- if (mod2.size != mod.size || exp2.size != exp.size ||
- memcmp (mod2.data, mod.data, mod.size) != 0 ||
- memcmp (exp2.data, exp.data, exp.size) != 0)
- {
- printf
- (" (server uses different public keys per connection)\n");
- }
- }
- }
-
- return ret;
-
-}
-
-static gnutls_datum_t pubkey = { NULL, 0 };
-
-test_code_t
-test_dhe (mhd_gtls_session_t session)
-{
- int ret;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- MHD_gnutls_dh_get_pubkey (session, &pubkey);
-
- return ret;
-}
-
-test_code_t
-test_dhe_group (mhd_gtls_session_t session)
-{
- int ret, ret2;
- gnutls_datum_t gen, prime, pubkey2;
- const char *print;
-
- if (verbose == 0 || pubkey.data == NULL)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
-
- ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- ret2 = MHD_gnutls_dh_get_group (session, &gen, &prime);
- if (ret2 >= 0)
- {
- printf ("\n");
-
- print = raw_to_string (gen.data, gen.size);
- if (print)
- printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
-
- print = raw_to_string (prime.data, prime.size);
- if (print)
- printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
-
- MHD_gnutls_dh_get_pubkey (session, &pubkey2);
- print = raw_to_string (pubkey2.data, pubkey2.size);
- if (print)
- printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
-
- if (pubkey2.data && pubkey2.size == pubkey.size &&
- memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
- {
- printf (" (public key seems to be static among sessions)\n");
- }
- }
- return ret;
-}
-
-test_code_t
-test_ssl3 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, MHD_GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- ssl3_ok = 1;
-
- return ret;
-}
-
-static int alrm = 0;
-void
-got_alarm (int k)
-{
- alrm = 1;
-}
-
-test_code_t
-test_bye (mhd_gtls_session_t session)
-{
- int ret;
- char data[20];
- int old, secs = 6;
-
-#ifndef _WIN32
- signal (SIGALRM, got_alarm);
-#endif
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- ret = MHD_gnutls_bye (session, GNUTLS_SHUT_WR);
- if (ret < 0)
- return TEST_FAILED;
-
-#ifndef _WIN32
- old = siginterrupt (SIGALRM, 1);
- alarm (secs);
-#else
- setsockopt (gnutls_transport_get_ptr (session), SOL_SOCKET, SO_RCVTIMEO,
- (char *) &secs, sizeof (int));
-#endif
-
- do
- {
- ret = MHD_gnutls_record_recv (session, data, sizeof (data));
- }
- while (ret > 0);
-
-#ifndef _WIN32
- siginterrupt (SIGALRM, old);
-#else
- if (WSAGetLastError () == WSAETIMEDOUT ||
- WSAGetLastError () == WSAECONNABORTED)
- alrm = 1;
-#endif
- if (ret == 0)
- return TEST_SUCCEED;
-
- if (alrm == 0)
- return TEST_UNSURE;
-
- return TEST_FAILED;
-}
-
-
-
-test_code_t
-test_aes (mhd_gtls_session_t session)
-{
- int ret;
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_AES_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-#ifdef ENABLE_CAMELLIA
-test_code_t
-test_camellia (mhd_gtls_session_t session)
-{
- int ret;
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-#endif
-
-test_code_t
-test_openpgp1 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_CERTTYPE (session, MHD_GNUTLS_CRT_OPENPGP);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- if (gnutls_certificate_type_get (session) == MHD_GNUTLS_CRT_OPENPGP)
- return TEST_SUCCEED;
-
- return TEST_FAILED;
-}
-
-test_code_t
-test_unknown_ciphersuites (mhd_gtls_session_t session)
-{
- int ret;
-#ifdef ENABLE_CAMELLIA
- ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
- MHD_GNUTLS_CIPHER_ARCFOUR_128);
-#else
- ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128, 0);
-#endif
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-test_code_t
-test_md5 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, MHD_GNUTLS_MAC_MD5);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-#ifdef HAVE_LIBZ
-test_code_t
-test_zlib (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, GNUTLS_COMP_ZLIB);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-#endif
-
-test_code_t
-test_lzo (mhd_gtls_session_t session)
-{
- int ret;
- MHD_gtls_handshake_set_private_extensions (session, 1);
-
- ADD_ALL_CIPHERS (session);
- ADD_COMP (session, MHD_GNUTLS_COMP_LZO);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
-
- return ret;
-}
-
-test_code_t
-test_sha (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_MAC (session, MHD_GNUTLS_MAC_SHA1);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-test_code_t
-test_3des (mhd_gtls_session_t session)
-{
- int ret;
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_3DES_CBC);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-test_code_t
-test_arcfour (mhd_gtls_session_t session)
-{
- int ret;
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_128);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-test_code_t
-test_arcfour_40 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- return ret;
-}
-
-test_code_t
-test_tls1 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, GNUTLS_TLS1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- tls1_ok = 1;
-
- return ret;
-
-}
-
-test_code_t
-test_tls1_1 (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL (session, MHD_GNUTLS_TLS1_1);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_SUCCEED)
- tls1_1_ok = 1;
-
- return ret;
-
-}
-
-test_code_t
-test_tls1_1_fallback (mhd_gtls_session_t session)
-{
- int ret;
- if (tls1_1_ok)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_PROTOCOL3 (session, MHD_GNUTLS_TLS1_1, GNUTLS_TLS1, MHD_GNUTLS_SSL3);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return TEST_FAILED;
-
- if (MHD_gnutls_protocol_get_version (session) == GNUTLS_TLS1)
- return TEST_SUCCEED;
- else if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
- return TEST_UNSURE;
-
- return TEST_FAILED;
-
-}
-
-/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
- * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
- */
-test_code_t
-test_tls_disable (mhd_gtls_session_t session)
-{
- int ret;
- if (tls1_ok != 0)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- {
- /* disable TLS 1.0 */
- if (ssl3_ok != 0)
- {
- protocol_priority[0] = MHD_GNUTLS_SSL3;
- protocol_priority[1] = 0;
- }
- }
- return ret;
-
-}
-
-test_code_t
-test_rsa_pms (mhd_gtls_session_t session)
-{
- int ret;
-
- /* here we enable both SSL 3.0 and TLS 1.0
- * and try to connect and use rsa authentication.
- * If the server is old, buggy and only supports
- * SSL 3.0 then the handshake will fail.
- */
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, MHD_GNUTLS_KX_RSA);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return TEST_FAILED;
-
- if (MHD_gnutls_protocol_get_version (session) == GNUTLS_TLS1)
- return TEST_SUCCEED;
- return TEST_UNSURE;
-}
-
-test_code_t
-test_max_record_size (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- MHD_gnutls_record_set_max_size (session, 512);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- ret = MHD_gnutls_record_get_max_size (session);
- if (ret == 512)
- return TEST_SUCCEED;
-
- return TEST_FAILED;
-}
-
-test_code_t
-test_hello_extension (mhd_gtls_session_t session)
-{
- int ret;
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- MHD_gnutls_record_set_max_size (session, 512);
-
- ret = do_handshake (session);
- return ret;
-}
-
-void _gnutls_record_set_default_version (mhd_gtls_session_t session,
- unsigned char major,
- unsigned char minor);
-
-test_code_t
-test_version_rollback (mhd_gtls_session_t session)
-{
- int ret;
- if (tls1_ok == 0)
- return TEST_IGNORE;
-
- /* here we enable both SSL 3.0 and TLS 1.0
- * and we connect using a 3.1 client hello version,
- * and a 3.0 record version. Some implementations
- * are buggy (and vulnerable to man in the middle
- * attacks which allow a version downgrade) and this
- * connection will fail.
- */
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_record_set_default_version (session, 3, 0);
-
- ret = do_handshake (session);
- if (ret != TEST_SUCCEED)
- return ret;
-
- if (tls1_ok != 0
- && MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
- return TEST_FAILED;
-
- return TEST_SUCCEED;
-}
-
-/* See if the server tolerates out of bounds
- * record layer versions in the first client hello
- * message.
- */
-test_code_t
-test_version_oob (mhd_gtls_session_t session)
-{
- int ret;
- /* here we enable both SSL 3.0 and TLS 1.0
- * and we connect using a 5.5 record version.
- */
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_record_set_default_version (session, 5, 5);
-
- ret = do_handshake (session);
- return ret;
-}
-
-void _gnutls_rsa_pms_set_version (mhd_gtls_session_t session,
- unsigned char major, unsigned char minor);
-
-test_code_t
-test_rsa_pms_version_check (mhd_gtls_session_t session)
-{
- int ret;
- /* here we use an arbitary version in the RSA PMS
- * to see whether to server will check this version.
- *
- * A normal server would abort this handshake.
- */
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */
-
- ret = do_handshake (session);
- return ret;
-
-}
-
-#ifdef ENABLE_ANON
-test_code_t
-test_anonymous (mhd_gtls_session_t session)
-{
- int ret;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_KX (session, MHD_GNUTLS_KX_ANON_DH);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred);
-
- ret = do_handshake (session);
-
- if (ret == TEST_SUCCEED)
- MHD_gnutls_dh_get_pubkey (session, &pubkey);
-
- return ret;
-}
-#endif
-
-test_code_t
-test_session_resume2 (mhd_gtls_session_t session)
-{
- int ret;
- char tmp_session_id[32];
- int tmp_session_id_size;
-
- if (session == NULL)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
-
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred);
-
- gnutls_session_set_data (session, session_data, session_data_size);
-
- memcpy (tmp_session_id, session_id, session_id_size);
- tmp_session_id_size = session_id_size;
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- /* check if we actually resumed the previous session */
-
- session_id_size = sizeof (session_id);
- MHD_gtls_session_get_id (session, session_id, &session_id_size);
-
- if (session_id_size == 0)
- return TEST_FAILED;
-
- if (MHD_gtls_session_is_resumed (session))
- return TEST_SUCCEED;
-
- if (tmp_session_id_size == session_id_size &&
- memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
- return TEST_SUCCEED;
- else
- return TEST_FAILED;
-}
-
-extern char *hostname;
-
-test_code_t
-test_certificate (mhd_gtls_session_t session)
-{
- int ret;
-
- if (verbose == 0)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
-
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
- ret = do_handshake (session);
- if (ret == TEST_FAILED)
- return ret;
-
- printf ("\n");
- print_cert_info (session, hostname);
-
- return TEST_SUCCEED;
-}
-
-/* A callback function to be used at the certificate selection time.
- */
-static int
-cert_callback (mhd_gtls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_retr_st * st)
-{
- char issuer_dn[256];
- int i, ret;
- size_t len;
-
- if (verbose == 0)
- return -1;
-
- /* Print the server's trusted CAs
- */
- printf ("\n");
- if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
- else
- printf ("- Server did not send us any trusted authorities names.\n");
-
- /* print the names (if any) */
- for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
- }
- }
-
- return -1;
-
-}
-
-/* Prints the trusted server's CAs. This is only
- * if the server sends a certificate request packet.
- */
-test_code_t
-test_server_cas (mhd_gtls_session_t session)
-{
- int ret;
-
- if (verbose == 0)
- return TEST_IGNORE;
-
- ADD_ALL_CIPHERS (session);
- ADD_ALL_COMP (session);
- ADD_ALL_CERTTYPES (session);
- ADD_ALL_PROTOCOLS (session);
- ADD_ALL_MACS (session);
- ADD_ALL_KX (session);
-
- MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- MHD_gtls_certificate_client_set_retrieve_function (xcred, cert_callback);
-
- ret = do_handshake (session);
- MHD_gtls_certificate_client_set_retrieve_function (xcred, NULL);
-
- if (ret == TEST_FAILED)
- return ret;
- return TEST_SUCCEED;
-}
diff --git a/src/daemon/https/tests.h b/src/daemon/https/tests.h
@@ -1,42 +0,0 @@
-typedef enum
-{
- TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
-} test_code_t;
-
-test_code_t test_srp (mhd_gtls_session_t state);
-test_code_t test_server (mhd_gtls_session_t state);
-test_code_t test_export (mhd_gtls_session_t state);
-test_code_t test_export_info (mhd_gtls_session_t state);
-test_code_t test_hello_extension (mhd_gtls_session_t state);
-test_code_t test_dhe (mhd_gtls_session_t state);
-test_code_t test_dhe_group (mhd_gtls_session_t state);
-test_code_t test_ssl3 (mhd_gtls_session_t state);
-test_code_t test_aes (mhd_gtls_session_t state);
-#ifdef ENABLE_CAMELLIA
-test_code_t test_camellia (mhd_gtls_session_t state);
-#endif
-test_code_t test_md5 (mhd_gtls_session_t state);
-test_code_t test_sha (mhd_gtls_session_t state);
-test_code_t test_3des (mhd_gtls_session_t state);
-test_code_t test_arcfour (mhd_gtls_session_t state);
-test_code_t test_arcfour_40 (mhd_gtls_session_t state);
-test_code_t test_tls1 (mhd_gtls_session_t state);
-test_code_t test_tls1_1 (mhd_gtls_session_t state);
-test_code_t test_tls1_1_fallback (mhd_gtls_session_t state);
-test_code_t test_tls_disable (mhd_gtls_session_t state);
-test_code_t test_rsa_pms (mhd_gtls_session_t state);
-test_code_t test_max_record_size (mhd_gtls_session_t state);
-test_code_t test_version_rollback (mhd_gtls_session_t state);
-test_code_t test_anonymous (mhd_gtls_session_t state);
-test_code_t test_unknown_ciphersuites (mhd_gtls_session_t state);
-test_code_t test_openpgp1 (mhd_gtls_session_t state);
-test_code_t test_bye (mhd_gtls_session_t state);
-test_code_t test_certificate (mhd_gtls_session_t state);
-test_code_t test_server_cas (mhd_gtls_session_t state);
-test_code_t test_session_resume2 (mhd_gtls_session_t state);
-test_code_t test_rsa_pms_version_check (mhd_gtls_session_t session);
-test_code_t test_version_oob (mhd_gtls_session_t session);
-test_code_t test_zlib (mhd_gtls_session_t session);
-test_code_t test_lzo (mhd_gtls_session_t session);
-int _test_srp_username_callback (mhd_gtls_session_t session,
- char **username, char **password);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -26,10 +26,10 @@ auth_rsa.c \
auth_rsa_export.c \
debug.c \
ext_cert_type.c \
-ext_inner_application.c \
ext_max_record.c \
ext_oprfi.c \
ext_server_name.c \
+ext_inner_application.c \
gnutls_alert.c \
gnutls_algorithms.c \
gnutls_anon_cred.c \
@@ -68,6 +68,4 @@ gnutls_supplemental.c \
gnutls_ui.c \
gnutls_x509.c \
pkix_asn1_tab.c \
-x509_b64.c
-
-
+x509_b64.c
+\ No newline at end of file
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h
@@ -23,13 +23,14 @@
*/
#ifndef AUTH_CERT_H
-# define AUTH_CERT_H
-
-# include "gnutls_cert.h"
-# include "gnutls_auth.h"
-# include "auth_dh_common.h"
-# include "x509.h"
-# include "openpgp.h"
+#define AUTH_CERT_H
+
+#include "gnutls_cert.h"
+#include "gnutls_auth.h"
+#include "auth_dh_common.h"
+#include "x509.h"
+#include "openpgp.h"
+#include "extra.h"
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c
@@ -63,7 +63,8 @@ mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session,
}
-/* returns data_size or a negative number on failure
+/**
+ * returns data_size or a negative number on failure
*/
int
mhd_gtls_inner_app_send_params (mhd_gtls_session_t session,
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
@@ -314,11 +314,11 @@ MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session,
* This function sets a callback to be called in order to retrieve the certificate
* to be used in the handshake.
* The callback's function prototype is:
- * int (*callback)(mhd_gtls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
+ * int (*callback)(mhd_gtls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
* const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
*
- * @req_ca_cert is only used in X.509 certificates.
- * Contains a list with the CA names that the server considers trusted.
+ * @req_ca_cert is only used in X.509 certificates.
+ * Contains a list with the CA names that the server considers trusted.
* Normally we should send a certificate that is signed
* by one of these CAs. These names are DER encoded. To get a more
* meaningful value use the function gnutls_x509_rdn_get().
@@ -441,7 +441,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
* _gnutls_openpgp_crt_verify_peers - This function returns the peer's certificate status
* @session: is a gnutls session
*
- * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
* Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
*
-*/
@@ -484,7 +484,7 @@ _gnutls_openpgp_crt_verify_peers (mhd_gtls_session_t session,
return GNUTLS_E_INTERNAL_ERROR;
}
- /* Verify certificate
+ /* Verify certificate
*/
if (_E_gnutls_openpgp_verify_key == NULL)
{
@@ -715,6 +715,7 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
{
case MHD_GNUTLS_CRT_X509:
return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
+#if ENABLE_OPENPGP
case MHD_GNUTLS_CRT_OPENPGP:
if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL)
{
@@ -724,6 +725,7 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
return _E_gnutls_openpgp_raw_privkey_to_gkey (key, raw_key,
(gnutls_openpgp_crt_fmt_t)
key_enc);
+#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
@@ -733,11 +735,11 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
/* This function will convert a der certificate to a format
* (structure) that gnutls can understand and use. Actually the
- * important thing on this function is that it extracts the
+ * important thing on this function is that it extracts the
* certificate's (public key) parameters.
*
* The noext flag is used to complete the handshake even if the
- * extensions found in the certificate are unsupported and critical.
+ * extensions found in the certificate are unsupported and critical.
* The critical extensions will be catched by the verification functions.
*/
int
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -301,7 +301,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session,
}
int
-mhd_gtls_user_hello_func (gnutls_session session,
+mhd_gtls_user_hello_func (mhd_gtls_session_t session,
gnutls_protocol_t adv_version)
{
int ret;
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h
@@ -50,7 +50,7 @@ int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data,
int datalen);
int mhd_gtls_negotiate_version( mhd_gtls_session_t session, gnutls_protocol_t adv_version);
-int mhd_gtls_user_hello_func( gnutls_session, gnutls_protocol_t adv_version);
+int mhd_gtls_user_hello_func( mhd_gtls_session_t, gnutls_protocol_t adv_version);
#if MHD_DEBUG_TLS
int mhd_gtls_handshake_client (mhd_gtls_session_t session);
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
@@ -28,9 +28,9 @@
#include <defines.h>
#include "gnutls.h"
+#include "extra.h"
#include "microhttpd.h"
-#include "extra.h"
#include "gnutls_mem.h"
/* FIXME: delete this once opencdk has reentrant keyring functions
@@ -599,11 +599,6 @@ typedef struct
*/
int direction;
- /* This callback will be used (if set) to receive an
- * openpgp key. (if the peer sends a fingerprint)
- */
- mhd_gtls_openpgp_recv_key_func openpgp_recv_key_func;
-
/* If non zero the server will not advertize the CA's he
* trusts (do not send an RDN sequence).
*/
diff --git a/src/daemon/https/tls_test.c b/src/daemon/https/tls_test.c
@@ -1,348 +0,0 @@
-/*
- * Copyright (C) 2000,2001,2002,2003,2006,2007 Nikos Mavrogiannopoulos
- * Copyright (C) 2004,2005 Free Software Foundation
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <string.h>
-#include <gnutls.h>
-#include <extra.h>
-#include <sys/time.h>
-#include <tests.h>
-#include <common.h>
-#include <tls_test-gaa.h>
-
-#ifndef SHUT_WR
-# define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-# define SHUT_RDWR 2
-#endif
-
-#define SA struct sockaddr
-#define ERR(err,s) if (err==-1) {perror(s);return(1);}
-#define MAX_BUF 4096
-
-/* global stuff here */
-int resume;
-char *hostname = NULL;
-int port;
-int record_max_size;
-int fingerprint;
-static int debug;
-
-gnutls_srp_client_credentials_t srp_cred;
-gnutls_anon_client_credentials_t anon_cred;
-gnutls_certificate_credentials_t xcred;
-
-/* end of global stuff */
-
-
-int verbose = 0;
-
-extern int tls1_ok;
-extern int tls1_1_ok;
-extern int ssl3_ok;
-
-static void
-tls_log_func (int level, const char *str)
-{
- fprintf (stderr, "|<%d>| %s", level, str);
-}
-
-typedef test_code_t (*TEST_FUNC) (gnutls_session_t);
-
-typedef struct
-{
- char *test_name;
- TEST_FUNC func;
- char *suc_str;
- char *fail_str;
- char *unsure_str;
-} TLS_TEST;
-
-static const TLS_TEST tls_tests[] = {
- {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
- {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
- "SSL 3.0"},
- {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
- {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
- {"for HTTPS server name", test_server, "", "failed", "not checked"},
- {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
- "dunno"},
- {"for version rollback bug in Client Hello", test_version_rollback,
- "no", "yes", "dunno"},
-
- /* this test will disable TLS 1.0 if the server is
- * buggy */
- {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
- "dunno"},
-
- {"whether the server ignores the RSA PMS version",
- test_rsa_pms_version_check, "yes", "no", "dunno"},
- {"whether the server can accept Hello Extensions",
- test_hello_extension, "yes", "no", "dunno"},
- {"whether the server can accept cipher suites not in SSL 3.0 spec",
- test_unknown_ciphersuites, "yes", "no", "dunno"},
- {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
- {"for certificate information", test_certificate, "", "", ""},
- {"for trusted CAs", test_server_cas, "", "", ""},
- {"whether the server understands TLS closure alerts", test_bye, "yes",
- "no", "partially"},
- /* the fact that is after the closure alert test does matter.
- */
- {"whether the server supports session resumption",
- test_session_resume2, "yes", "no", "dunno"},
- {"for export-grade ciphersuite support", test_export, "yes", "no",
- "dunno"},
- {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"},
-#ifdef ENABLE_ANON
- {"for anonymous authentication support", test_anonymous, "yes", "no",
- "dunno"},
- {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A",
- "N/A"},
-#endif
- {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no",
- "dunno"},
- {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A",
- "N/A"},
- {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
- "dunno"},
-#ifdef ENABLE_CAMELLIA
- {"for CAMELLIA cipher support (TLS extension)", test_camellia, "yes", "no",
- "dunno"},
-#endif
- {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
- {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
- {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
- "dunno"},
- {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
- {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
-#ifdef HAVE_LIBZ
- {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
- "no", "dunno"},
-#endif
- {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
- "no", "dunno"},
- {"for max record size (TLS extension)", test_max_record_size, "yes",
- "no", "dunno"},
-#ifdef ENABLE_SRP
- {"for SRP authentication support (TLS extension)", test_srp, "yes",
- "no", "dunno"},
-#endif
- {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
- "yes", "no", "dunno"},
- {NULL, NULL, NULL, NULL, NULL}
-};
-
-static int tt = 0;
-const char *ip;
-
-static void gaa_parser (int argc, char **argv);
-
-int
-main (int argc, char **argv)
-{
- int err, ret;
- int sd, i;
- gnutls_session_t state;
- char buffer[MAX_BUF + 1];
- char portname[6];
- struct addrinfo hints, *res, *ptr;
-
- gaa_parser (argc, argv);
-
-#ifndef _WIN32
- signal (SIGPIPE, SIG_IGN);
-#endif
-
- sockets_init ();
-
- if (gnutls_global_init () < 0)
- {
- fprintf (stderr, "global state initialization error\n");
- exit (1);
- }
-
- gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (debug);
-
- if (gnutls_global_init_extra () < 0)
- {
- fprintf (stderr, "global state initialization error\n");
- exit (1);
- }
-
- printf ("Resolving '%s'...\n", hostname);
- /* get server name */
- memset (&hints, 0, sizeof (hints));
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = 0;
- snprintf (portname, sizeof (portname), "%d", port);
- if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
- {
- fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
- gai_strerror (err));
- exit (1);
- }
-
- /* X509 stuff */
- if (gnutls_certificate_allocate_credentials (&xcred) < 0)
- { /* space for 2 certificates */
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-
- /* SRP stuff */
-#ifdef ENABLE_SRP
- if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-#endif
-
-#ifdef ENABLE_ANON
- /* ANON stuff */
- if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
- {
- fprintf (stderr, "memory error\n");
- exit (1);
- }
-#endif
-
- i = 0;
-
- do
- {
-
- if (tls_tests[i].test_name == NULL)
- break; /* finished */
-
- /* if neither of SSL3 and TLSv1 are supported, exit
- */
- if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
- {
- fprintf (stderr,
- "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
- break;
- }
-
- sd = -1;
- for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
- {
- sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
- if (sd == -1)
- {
- continue;
- }
-
- getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
- NULL, 0, NI_NUMERICHOST);
- if (tt++ == 0)
- printf ("Connecting to '%s:%d'...\n", buffer, port);
- if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
- {
- close (sd);
- sd = -1;
- continue;
- }
- }
- ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT);
- gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t) sd);
-
- do
- {
- printf ("Checking %s...", tls_tests[i].test_name);
-
- ret = tls_tests[i].func (state);
-
- if (ret == TEST_SUCCEED)
- printf (" %s\n", tls_tests[i].suc_str);
- else if (ret == TEST_FAILED)
- printf (" %s\n", tls_tests[i].fail_str);
- else if (ret == TEST_UNSURE)
- printf (" %s\n", tls_tests[i].unsure_str);
- else if (ret == TEST_IGNORE)
- {
- printf (" N/A\n");
- i++;
- }
- }
- while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
-
- gnutls_deinit (state);
-
- shutdown (sd, SHUT_RDWR); /* no more receptions */
- close (sd);
-
- i++;
- }
- while (1);
-
- freeaddrinfo (res);
-
-#ifdef ENABLE_SRP
- gnutls_srp_free_client_credentials (srp_cred);
-#endif
- gnutls_certificate_free_credentials (xcred);
-#ifdef ENABLE_ANON
- gnutls_anon_free_client_credentials (anon_cred);
-#endif
- gnutls_global_deinit ();
-
- return 0;
-}
-
-static gaainfo info;
-void
-gaa_parser (int argc, char **argv)
-{
- if (gaa (argc, argv, &info) != -1)
- {
- fprintf (stderr,
- "Error in the arguments. Use the -h or --help parameters to get more info.\n");
- exit (1);
- }
-
- port = info.pp;
- if (info.rest_args == NULL)
- hostname = "localhost";
- else
- hostname = info.rest_args;
-
- debug = info.debug;
-
- verbose = info.more_info;
-
-}
-
-void
-tls_test_version (void)
-{
- const char *v = gnutls_check_version (NULL);
-
- printf ("gnutls-cli-debug (GnuTLS) %s\n", LIBGNUTLS_VERSION);
- if (strcmp (v, LIBGNUTLS_VERSION) != 0)
- printf ("libgnutls %s\n", v);
-}
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c
@@ -210,7 +210,7 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
{
int result;
int pk_algorithm;
- gnutls_datum tmp = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
/* Read the algorithm's OID
*/
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c
@@ -130,7 +130,7 @@ check_schema (const char *oid)
* an ASN.1 INTEGER of the x value.
*/
inline static int
-_encode_privkey (gnutls_x509_privkey pkey, gnutls_datum * raw)
+_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
{
size_t size = 0;
opaque *data = NULL;
@@ -193,8 +193,8 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey,
int result, len;
opaque null = 0;
const char *oid;
- gnutls_datum algo_params = { NULL, 0 };
- gnutls_datum algo_privkey = { NULL, 0 };
+ gnutls_datum_t algo_params = { NULL, 0 };
+ gnutls_datum_t algo_privkey = { NULL, 0 };
if (pkey->pk_algorithm == MHD_GNUTLS_PK_RSA)
{
@@ -810,10 +810,10 @@ error:
/* Decodes an RSA privateKey from a PKCS8 structure.
*/
static int
-_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey)
+_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
{
int ret;
- gnutls_datum tmp;
+ gnutls_datum_t tmp;
ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
if (ret < 0)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -342,13 +342,11 @@ enum MHD_OPTION
MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5,
/**
- * Bind daemon to the supplied ip address. this option should be followed by a
- * ip address string. Addresses should be supplied in the number & dot notation
- * [ie. '127.0.0.1' for IPv4 & '::ffff:127.0.0.1' for IPv6 ]. Supplying an
- * IPv6 address * must be done in conjunction with supplying the daemon with
- * the 'MHD_USE_IPv6' option.
+ * Bind daemon to the supplied sockaddr. this option should be followed by a
+ * 'struct sockaddr'. Supplying an IPv6 address must be done in conjunction with
+ * with the 'MHD_USE_IPv6' option.
*/
- MHD_OPTION_IP_ADDR = 6,
+ MHD_OPTION_SOCK_ADDR = 6,
MHD_HTTPS_OPTION_START = 7,
@@ -1131,8 +1129,8 @@ enum MHD_InfoType
MHD_INFO_CERT_TYPE
};
-union MHD_SessionInfo MHD_get_session_info (struct MHD_Connection *con,
- enum MHD_InfoType infoType);
+union MHD_SessionInfo
+MHD_get_session_info ( struct MHD_Connection * connection, enum MHD_InfoType infoType);
/* TODO impl */
size_t MHDS_get_key_size (struct MHD_Daemon *daemon,
diff --git a/src/testcurl/Makefile.am b/src/testcurl/Makefile.am
@@ -24,7 +24,8 @@ check_PROGRAMS = \
daemontest_large_put11 \
daemontest_long_header \
daemontest_get_chunked \
- daemontest_put_chunked \
+ daemontest_put_chunked
+noinst_PROGRAMS = \
daemon_options_test
TESTS = $(check_PROGRAMS)
diff --git a/src/testcurl/daemon_options_test.c b/src/testcurl/daemon_options_test.c
@@ -47,7 +47,7 @@ ahc_echo (void *cls,
}
int
-test_wrap (char *test_name, int (*test) (void ))
+test_wrap (char *test_name, int (*test) (void))
{
int ret;
va_list arg_list;
@@ -67,34 +67,47 @@ test_wrap (char *test_name, int (*test) (void ))
return ret;
}
+
+/**
+ * Test daemon initialization with the MHD_OPTION_SOCK_ADDR option
+ */
static int
-test_ipv4_option ()
+test_ip_addr_option ()
{
- struct MHD_Daemon * d;
+ struct MHD_Daemon *d;
+ struct sockaddr_in daemon_ip_addr;
+ struct sockaddr_in6 daemon_ip_addr6;
- d = MHD_start_daemon ( MHD_USE_DEBUG, 42433,
- NULL, NULL, &ahc_echo, NULL, MHD_OPTION_IP_ADDR, "127.0.0.1", MHD_OPTION_END);
+ memset (&daemon_ip_addr, 0, sizeof (struct sockaddr_in));
+ daemon_ip_addr.sin_family = AF_INET;
+ daemon_ip_addr.sin_port = htons (42433);
- if (d == 0)
- return -1;
+ memset (&daemon_ip_addr6, 0, sizeof (struct sockaddr_in6));
+ daemon_ip_addr6.sin6_family = AF_INET6;
+ daemon_ip_addr6.sin6_port = htons (42433);
- MHD_stop_daemon (d);
- return 0;
-}
+ inet_pton (AF_INET, "127.0.0.1", &daemon_ip_addr.sin_addr);
+ inet_pton (AF_INET6, "::ffff:127.0.0.1", &daemon_ip_addr6.sin6_addr);
-static int
-test_ipv6_option ()
-{
- struct MHD_Daemon * d;
+ d = MHD_start_daemon (MHD_USE_DEBUG, 42433,
+ NULL, NULL, &ahc_echo, NULL, MHD_OPTION_SOCK_ADDR,
+ &daemon_ip_addr, MHD_OPTION_END);
+
+ if (d == 0)
+ return -1;
+
+ MHD_stop_daemon (d);
- d = MHD_start_daemon ( MHD_USE_DEBUG | MHD_USE_IPv6, 42433,
- NULL, NULL, &ahc_echo, NULL, MHD_OPTION_IP_ADDR, "::ffff:127.0.0.1", MHD_OPTION_END);
+ d = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_IPv6, 42433,
+ NULL, NULL, &ahc_echo, NULL, MHD_OPTION_SOCK_ADDR,
+ &daemon_ip_addr6, MHD_OPTION_END);
- if (d == 0)
- return -1;
+ if (d == 0)
+ return -1;
- MHD_stop_daemon (d);
- return 0;
+ MHD_stop_daemon (d);
+
+ return 0;
}
/* setup a temporary transfer test file */
@@ -103,8 +116,7 @@ main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- errorCount += test_wrap("test_ipv4_option", &test_ipv4_option);
- errorCount += test_wrap("test_ipv6_option", &test_ipv6_option);
+ errorCount += test_wrap ("ip addr option", &test_ip_addr_option);
return errorCount != 0;
}
diff --git a/src/testcurl/https/bug-test.c b/src/testcurl/https/bug-test.c
@@ -0,0 +1,349 @@
+/*
+ This file is part of libmicrohttpd
+ (C) 2007 Christian Grothoff
+
+ libmicrohttpd is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 2, or (at your
+ option) any later version.
+
+ libmicrohttpd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with libmicrohttpd; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+
+/**
+ * @file mhds_get_test.c
+ * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @author Sagie Amir
+ */
+
+#include "platform.h"
+#include "microhttpd.h"
+
+#include <sys/stat.h>
+
+#include "gnutls.h"
+#include <curl/curl.h>
+
+#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
+
+#define MHD_E_MEM "Error: memory error\n"
+#define MHD_E_SERVER_INIT "Error: failed to start server\n"
+#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
+#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
+#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
+
+#include "tls_test_keys.h"
+
+const char *test_file_name = "https_test_file";
+const char test_file_data[] = "Hello World\n";
+
+int curl_check_version (const char *req_version, ...);
+
+struct CBC
+{
+ char *buf;
+ size_t pos;
+ size_t size;
+};
+
+static size_t
+copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
+{
+ struct CBC *cbc = ctx;
+
+ if (cbc->pos + size * nmemb > cbc->size)
+ return 0; /* overflow */
+ memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
+ cbc->pos += size * nmemb;
+ return size * nmemb;
+}
+
+static int
+file_reader (void *cls, size_t pos, char *buf, int max)
+{
+ FILE *file = cls;
+ fseek (file, pos, SEEK_SET);
+ return fread (buf, 1, max, file);
+}
+
+/* HTTP access handler call back */
+static int
+http_ahc (void *cls, struct MHD_Connection *connection,
+ const char *url, const char *method, const char *upload_data,
+ const char *version, unsigned int *upload_data_size, void **ptr)
+{
+ static int aptr;
+ struct MHD_Response *response;
+ int ret;
+ FILE *file;
+ struct stat buf;
+
+ if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
+ return MHD_NO; /* unexpected method */
+ if (&aptr != *ptr)
+ {
+ /* do never respond on first call */
+ *ptr = &aptr;
+ return MHD_YES;
+ }
+ *ptr = NULL; /* reset when done */
+
+ file = fopen (url, "r");
+ if (file == NULL)
+ {
+ response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
+ (void *) PAGE_NOT_FOUND,
+ MHD_NO, MHD_NO);
+ ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
+ MHD_destroy_response (response);
+ }
+ else
+ {
+ stat (url, &buf);
+ response = MHD_create_response_from_callback (buf.st_size, 32 * 1024, /* 32k PAGE_NOT_FOUND size */
+ &file_reader, file,
+ (MHD_ContentReaderFreeCallback)
+ & fclose);
+ ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
+ MHD_destroy_response (response);
+ }
+ return ret;
+}
+
+/*
+ * test HTTPS transfer
+ * @param test_fd: file to attempt transfering
+ */
+static int
+test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+ CURL *c;
+ struct CBC cbc;
+ CURLcode errornum;
+ char *doc_path;
+ char url[255];
+ struct stat statb;
+
+ stat (test_file_name, &statb);
+
+ int len = statb.st_size;
+
+ /* used to memcmp local copy & deamon supplied copy */
+ unsigned char *mem_test_file_local;
+
+ /* setup test file path, url */
+ doc_path = get_current_dir_name ();
+
+ if (NULL == (mem_test_file_local = malloc (len)))
+ {
+ fclose (test_fd);
+ fprintf (stderr, MHD_E_MEM);
+ return -1;
+ }
+
+ fseek (test_fd, 0, SEEK_SET);
+ if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
+ {
+ fclose (test_fd);
+ fprintf (stderr, "Error: failed to read test file. %s\n",
+ strerror (errno));
+ return -1;
+ }
+
+ if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
+ {
+ fclose (test_fd);
+ fprintf (stderr, MHD_E_MEM);
+ return -1;
+ }
+ cbc.size = len;
+ cbc.pos = 0;
+
+ /* construct url - this might use doc_path */
+ sprintf (url, "%s%s/%s", "https://localhost:42433",
+ doc_path, test_file_name);
+
+ c = curl_easy_init ();
+#ifdef DEBUG
+ curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
+#endif
+ curl_easy_setopt (c, CURLOPT_URL, url);
+ curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+ curl_easy_setopt (c, CURLOPT_TIMEOUT, 2L);
+ curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 2L);
+ curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
+ curl_easy_setopt (c, CURLOPT_FILE, &cbc);
+
+ /* TLS options */
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
+ curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
+
+ /* currently skip any peer authentication */
+ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
+
+ curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
+
+ /* NOTE: use of CONNECTTIMEOUT without also
+ setting NOSIGNAL results in really weird
+ crashes on my system! */
+ curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
+ if (CURLE_OK != (errornum = curl_easy_perform (c)))
+ {
+ fprintf (stderr, "curl_easy_perform failed: `%s'\n",
+ curl_easy_strerror (errornum));
+ curl_easy_cleanup (c);
+ return errornum;
+ }
+
+ curl_easy_cleanup (c);
+
+ if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
+ {
+ fprintf (stderr, "Error: local file & received file differ.\n");
+ free (cbc.buf);
+ free (mem_test_file_local);
+ return -1;
+ }
+
+ free (mem_test_file_local);
+ free (cbc.buf);
+ free (doc_path);
+ return 0;
+}
+
+int
+test_cipher_option (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+ int ret;
+ int ciper[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
+ struct MHD_Daemon *d;
+ d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433,
+ NULL, NULL, &http_ahc, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_CIPHER_ALGORITHM, ciper, MHD_OPTION_END);
+
+ if (d == NULL)
+ {
+ fprintf (stderr, MHD_E_SERVER_INIT);
+ return -1;
+ }
+
+ ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+
+ MHD_stop_daemon (d);
+ return ret;
+}
+
+int
+test_mac_option (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+ int ret;
+ int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 };
+ struct MHD_Daemon *d;
+
+ d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433,
+ NULL, NULL, &http_ahc, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END);
+
+ if (d == NULL)
+ {
+ fprintf (stderr, MHD_E_SERVER_INIT);
+ return -1;
+ }
+
+ ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+
+ MHD_stop_daemon (d);
+ return ret;
+}
+
+/* setup a temporary transfer test file */
+FILE *
+setupTestFile ()
+{
+ FILE *test_fd;
+
+ if (NULL == (test_fd = fopen (test_file_name, "w+")))
+ {
+ fprintf (stderr, "Error: failed to open `%s': %s\n",
+ test_file_name, strerror (errno));
+ return NULL;
+ }
+ if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
+ != strlen (test_file_data))
+ {
+ fprintf (stderr, "Error: failed to write `%s. %s'\n",
+ test_file_name, strerror (errno));
+ return NULL;
+ }
+ if (fflush (test_fd))
+ {
+ fprintf (stderr, "Error: failed to flush test file stream. %s\n",
+ strerror (errno));
+ return NULL;
+ }
+
+ return test_fd;
+}
+
+int
+main (int argc, char *const *argv)
+{
+ FILE *test_fd;
+ unsigned int errorCount = 0;
+
+ /* gnutls_global_set_log_level(11); */
+
+ if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION))
+ {
+ return -1;
+ }
+
+ if ((test_fd = setupTestFile ()) == NULL)
+ {
+ fprintf (stderr, MHD_E_TEST_FILE_CREAT);
+ return -1;
+ }
+
+ if (0 != curl_global_init (CURL_GLOBAL_ALL))
+ {
+ fprintf (stderr, "Error: %s\n", strerror (errno));
+ return -1;
+ }
+
+// errorCount +=
+// test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+// errorCount +=
+// test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+// errorCount +=
+// test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+ /* TODO resolve cipher setting issue when compiling against GNU TLS */
+ errorCount +=
+ test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1);
+/* errorCount +=
+ test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3); */
+
+
+ curl_global_cleanup ();
+ fclose (test_fd);
+
+ remove (test_file_name);
+
+ return errorCount != 0;
+}
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c
@@ -156,7 +156,7 @@ main (int argc, char *const *argv)
MHD_USE_DEBUG, 42433,
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
- MHD_OPTION_IP_ADDR, "127.0.0.1",
+ MHD_OPTION_SOCK_ADDR, "127.0.0.1",
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
