commit f069ee365d4cedb9854924ab2f6b96476b64319f
parent 0be4e8c2a74bc70683aff1f8af9f225d2090d0c2
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Tue, 4 Oct 2022 18:49:35 +0300
testcurl/https: removed explicit cipher setting
Explicit ciphers are not required and not future-proof.
Diffstat:
12 files changed, 21 insertions(+), 71 deletions(-)
diff --git a/src/testcurl/https/test_empty_response.c b/src/testcurl/https/test_empty_response.c
@@ -75,7 +75,6 @@ testInternalSelectGet (void)
time_t start;
struct timeval tv;
uint16_t port;
- const char *aes256_sha = "AES256-SHA";
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -105,10 +104,6 @@ testInternalSelectGet (void)
}
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
c = curl_easy_init ();
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world");
@@ -117,7 +112,6 @@ testInternalSelectGet (void)
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_get.c b/src/testcurl/https/test_https_get.c
@@ -232,7 +232,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -249,13 +248,8 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
-
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_iovec.c b/src/testcurl/https/test_https_get_iovec.c
@@ -390,7 +390,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha_tlsv1 = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -408,12 +407,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha_tlsv1 = "rsa_aes_256_sha";
- }
errorCount +=
- test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
errorCount += testEmptyGet (0);
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_https_get_parallel.c b/src/testcurl/https/test_https_get_parallel.c
@@ -134,7 +134,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
uint16_t port;
unsigned int iseed;
(void) argc; /* Unused. Silent compiler warning. */
@@ -155,8 +154,6 @@ main (int argc, char *const *argv)
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
#ifdef EPOLL_SUPPORT
errorCount +=
test_wrap ("single threaded daemon, single client, epoll",
@@ -164,7 +161,7 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
@@ -173,7 +170,7 @@ main (int argc, char *const *argv)
NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#ifdef EPOLL_SUPPORT
@@ -182,7 +179,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG | MHD_USE_EPOLL,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
#endif
@@ -191,7 +188,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
diff --git a/src/testcurl/https/test_https_get_parallel_threads.c b/src/testcurl/https/test_https_get_parallel_threads.c
@@ -139,7 +139,6 @@ main (int argc, char *const *argv)
const char *ssl_version;
uint16_t port;
unsigned int iseed;
- const char *aes256_sha = "AES256-SHA";
(void) argc; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -172,17 +171,12 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
test_wrap ("multi threaded daemon, single client", &test_single_client,
NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
@@ -191,7 +185,7 @@ main (int argc, char *const *argv)
&test_parallel_clients, NULL, port,
MHD_USE_TLS | MHD_USE_ERROR_LOG | MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD,
- aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+ NULL, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
diff --git a/src/testcurl/https/test_https_get_select.c b/src/testcurl/https/test_https_get_select.c
@@ -92,7 +92,6 @@ testExternalGet (unsigned int flags)
struct CURLMsg *msg;
time_t start;
struct timeval tv;
- const char *aes256_sha = "AES256-SHA";
uint16_t port;
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -122,9 +121,6 @@ testExternalGet (unsigned int flags)
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- aes256_sha = "rsa_aes_256_sha";
-
c = curl_easy_init ();
curl_easy_setopt (c, CURLOPT_URL, "https://127.0.0.1/hello_world");
curl_easy_setopt (c, CURLOPT_PORT, (long) port);
@@ -132,7 +128,6 @@ testExternalGet (unsigned int flags)
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
diff --git a/src/testcurl/https/test_https_multi_daemon.c b/src/testcurl/https/test_https_multi_daemon.c
@@ -131,7 +131,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -149,13 +148,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
- test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_concurent_daemon_pair (NULL, NULL, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, "concurent_daemon_pair");
diff --git a/src/testcurl/https/test_https_session_info.c b/src/testcurl/https/test_https_session_info.c
@@ -102,7 +102,6 @@ test_query_session (void)
CURLcode errornum;
char url[256];
uint16_t port;
- const char *aes256_sha = "AES256-SHA";
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0;
@@ -142,11 +141,6 @@ test_query_session (void)
port = dinfo->port;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
gen_test_file_url (url,
sizeof (url),
port);
@@ -162,7 +156,6 @@ test_query_session (void)
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
/* TLS options */
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
/* currently skip any peer authentication */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
diff --git a/src/testcurl/https/test_tls_authentication.c b/src/testcurl/https/test_tls_authentication.c
@@ -86,7 +86,6 @@ int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
- const char *aes256_sha = "AES256-SHA";
(void) argc;
(void) argv; /* Unused. Silent compiler warning. */
@@ -105,13 +104,8 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_tls_is_nss ())
- {
- aes256_sha = "rsa_aes_256_sha";
- }
-
errorCount +=
- test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
+ test_secure_get (NULL, NULL, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, argv[0]);
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c
@@ -187,7 +187,7 @@ test_hello_extension (gnutls_session_t session, uint16_t port,
gnutls_free (data);
/* make sure daemon is still functioning */
- if (CURLE_OK != send_curl_req (url, &cbc, "AES128-SHA",
+ if (CURLE_OK != send_curl_req (url, &cbc, NULL,
MHD_GNUTLS_PROTOCOL_TLS1_2))
{
ret = -1;
diff --git a/src/testcurl/https/test_tls_options.c b/src/testcurl/https/test_tls_options.c
@@ -89,8 +89,6 @@ main (int argc, char *const *argv)
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD
| MHD_USE_TLS | MHD_USE_ERROR_LOG;
uint16_t port;
- const char *aes128_sha = "AES128-SHA";
- const char *aes256_sha = "AES256-SHA";
(void) argc; (void) argv; /* Unused. Silent compiler warning. */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
@@ -139,9 +137,9 @@ main (int argc, char *const *argv)
}
if (0 !=
- test_wrap ("TLS1.0-AES-SHA1",
+ test_wrap ("TLS1.0",
&test_https_transfer, NULL, port, daemon_flags,
- aes128_sha,
+ NULL,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -149,7 +147,7 @@ main (int argc, char *const *argv)
"NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
- fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
+ fprintf (stderr, "TLS1.0 test failed\n");
errorCount++;
}
fprintf (stderr,
@@ -157,7 +155,7 @@ main (int argc, char *const *argv)
if (0 !=
test_wrap ("TLS1.1 vs TLS1.0",
&test_unmatching_ssl_version, NULL, port, daemon_flags,
- aes256_sha,
+ NULL,
CURL_SSLVERSION_TLSv1_1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
diff --git a/src/testcurl/https/tls_test_common.c b/src/testcurl/https/tls_test_common.c
@@ -84,8 +84,9 @@ test_daemon_get (void *cls,
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* perform peer authentication */
/* TODO merge into send_curl_req */
@@ -280,8 +281,9 @@ send_curl_req (char *url,
/* TLS options */
if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
proto_version))) ||
- (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
- cipher_suite))) ||
+ ((NULL != cipher_suite) &&
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite)))) ||
/* currently skip any peer authentication */
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
(CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))))
