diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-12-12 17:31:39 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-12-12 20:51:29 +0300 |
commit | 141a8e702c0d145de85abc7fd1f9d11363fa24a7 (patch) | |
tree | fac8484f23d9973c42347aacd6c6d89b874b05e2 | |
parent | 54e83ba5ee023873390e84b11bb6abddc6e4e373 (diff) | |
download | libmicrohttpd-141a8e702c0d145de85abc7fd1f9d11363fa24a7.tar.gz libmicrohttpd-141a8e702c0d145de85abc7fd1f9d11363fa24a7.zip |
test_https_time_out: additional fixes
Fixed possible abort on SIGPIPE.
Avoid meaningless test results reports (-1 was mapped to unsigned value).
Check GnuTLS functions results.
Correctly initialize GnuTLS session.
-rw-r--r-- | src/testcurl/https/test_https_time_out.c | 48 | ||||
-rw-r--r-- | src/testcurl/https/test_tls_extensions.c | 18 | ||||
-rw-r--r-- | src/testcurl/https/tls_test_common.c | 59 | ||||
-rw-r--r-- | src/testcurl/https/tls_test_common.h | 4 |
4 files changed, 59 insertions, 70 deletions
diff --git a/src/testcurl/https/test_https_time_out.c b/src/testcurl/https/test_https_time_out.c index c86aaccd..a6d1b3bb 100644 --- a/src/testcurl/https/test_https_time_out.c +++ b/src/testcurl/https/test_https_time_out.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | Copyright (C) 2007 Christian Grothoff | 3 | Copyright (C) 2007 Christian Grothoff |
4 | Copyright (C) 2014-2021 Karlson2k (Evgeny Grin) | ||
4 | 5 | ||
5 | libmicrohttpd is free software; you can redistribute it and/or modify | 6 | libmicrohttpd is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 7 | it under the terms of the GNU General Public License as published |
@@ -23,6 +24,7 @@ | |||
23 | * @brief: daemon TLS alert response test-case | 24 | * @brief: daemon TLS alert response test-case |
24 | * | 25 | * |
25 | * @author Sagie Amir | 26 | * @author Sagie Amir |
27 | * @author Karlson2k (Evgeny Grin) | ||
26 | */ | 28 | */ |
27 | 29 | ||
28 | #include "platform.h" | 30 | #include "platform.h" |
@@ -31,6 +33,9 @@ | |||
31 | #ifdef MHD_HTTPS_REQUIRE_GRYPT | 33 | #ifdef MHD_HTTPS_REQUIRE_GRYPT |
32 | #include <gcrypt.h> | 34 | #include <gcrypt.h> |
33 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ | 35 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ |
36 | #ifdef HAVE_SIGNAL_H | ||
37 | #include <signal.h> | ||
38 | #endif /* HAVE_SIGNAL_H */ | ||
34 | #include "mhd_sockets.h" /* only macros used */ | 39 | #include "mhd_sockets.h" /* only macros used */ |
35 | 40 | ||
36 | 41 | ||
@@ -83,7 +88,7 @@ test_tls_session_time_out (gnutls_session_t session, int port) | |||
83 | if (sd == MHD_INVALID_SOCKET) | 88 | if (sd == MHD_INVALID_SOCKET) |
84 | { | 89 | { |
85 | fprintf (stderr, "Failed to create socket: %s\n", strerror (errno)); | 90 | fprintf (stderr, "Failed to create socket: %s\n", strerror (errno)); |
86 | return -1; | 91 | return 2; |
87 | } | 92 | } |
88 | 93 | ||
89 | memset (&sa, '\0', sizeof (struct sockaddr_in)); | 94 | memset (&sa, '\0', sizeof (struct sockaddr_in)); |
@@ -91,33 +96,37 @@ test_tls_session_time_out (gnutls_session_t session, int port) | |||
91 | sa.sin_port = htons (port); | 96 | sa.sin_port = htons (port); |
92 | sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK); | 97 | sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK); |
93 | 98 | ||
94 | gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) sd); | ||
95 | |||
96 | ret = connect (sd, (struct sockaddr *) &sa, sizeof (struct sockaddr_in)); | 99 | ret = connect (sd, (struct sockaddr *) &sa, sizeof (struct sockaddr_in)); |
97 | 100 | ||
98 | if (ret < 0) | 101 | if (ret < 0) |
99 | { | 102 | { |
100 | fprintf (stderr, "Error: %s\n", MHD_E_FAILED_TO_CONNECT); | 103 | fprintf (stderr, "Error: %s\n", MHD_E_FAILED_TO_CONNECT); |
101 | MHD_socket_close_chk_ (sd); | 104 | MHD_socket_close_chk_ (sd); |
102 | return -1; | 105 | return 2; |
103 | } | 106 | } |
104 | 107 | ||
108 | #if (GNUTLS_VERSION_NUMBER + 0 >= 0x030109) && ! defined(_WIN64) | ||
109 | gnutls_transport_set_int (session, (int) (sd)); | ||
110 | #else /* GnuTLS before 3.1.9 or Win64 */ | ||
111 | gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) (sd)); | ||
112 | #endif /* GnuTLS before 3.1.9 or Win64 */ | ||
113 | |||
105 | ret = gnutls_handshake (session); | 114 | ret = gnutls_handshake (session); |
106 | if (ret < 0) | 115 | if (ret < 0) |
107 | { | 116 | { |
108 | fprintf (stderr, "Handshake failed\n"); | 117 | fprintf (stderr, "Handshake failed\n"); |
109 | MHD_socket_close_chk_ (sd); | 118 | MHD_socket_close_chk_ (sd); |
110 | return -1; | 119 | return 2; |
111 | } | 120 | } |
112 | 121 | ||
113 | (void) sleep (TIME_OUT + 1); | 122 | (void) sleep (TIME_OUT + 2); |
114 | 123 | ||
115 | /* check that server has closed the connection */ | 124 | /* check that server has closed the connection */ |
116 | if (1 == num_disconnects) | 125 | if (1 == num_disconnects) |
117 | { | 126 | { |
118 | fprintf (stderr, "Connection failed to time-out\n"); | 127 | fprintf (stderr, "Connection failed to time-out\n"); |
119 | MHD_socket_close_chk_ (sd); | 128 | MHD_socket_close_chk_ (sd); |
120 | return -1; | 129 | return 1; |
121 | } | 130 | } |
122 | else if (0 != num_disconnects) | 131 | else if (0 != num_disconnects) |
123 | abort (); | 132 | abort (); |
@@ -133,8 +142,6 @@ main (int argc, char *const *argv) | |||
133 | int errorCount = 0; | 142 | int errorCount = 0; |
134 | struct MHD_Daemon *d; | 143 | struct MHD_Daemon *d; |
135 | gnutls_session_t session; | 144 | gnutls_session_t session; |
136 | gnutls_datum_t key; | ||
137 | gnutls_datum_t cert; | ||
138 | gnutls_certificate_credentials_t xcred; | 145 | gnutls_certificate_credentials_t xcred; |
139 | int port; | 146 | int port; |
140 | (void) argc; /* Unused. Silent compiler warning. */ | 147 | (void) argc; /* Unused. Silent compiler warning. */ |
@@ -144,13 +151,30 @@ main (int argc, char *const *argv) | |||
144 | else | 151 | else |
145 | port = 3070; | 152 | port = 3070; |
146 | 153 | ||
154 | #ifdef MHD_SEND_SPIPE_SUPPRESS_NEEDED | ||
155 | #if defined(HAVE_SIGNAL_H) && defined(SIGPIPE) | ||
156 | if (SIG_ERR == signal (SIGPIPE, SIG_IGN)) | ||
157 | { | ||
158 | fprintf (stderr, "Error suppressing SIGPIPE signal.\n"); | ||
159 | exit (99); | ||
160 | } | ||
161 | #else /* ! HAVE_SIGNAL_H || ! SIGPIPE */ | ||
162 | fprintf (stderr, "Cannot suppress SIGPIPE signal.\n"); | ||
163 | /* exit (77); */ | ||
164 | #endif | ||
165 | #endif /* MHD_SEND_SPIPE_SUPPRESS_NEEDED */ | ||
166 | |||
147 | #ifdef MHD_HTTPS_REQUIRE_GRYPT | 167 | #ifdef MHD_HTTPS_REQUIRE_GRYPT |
148 | gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); | 168 | gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); |
149 | #ifdef GCRYCTL_INITIALIZATION_FINISHED | 169 | #ifdef GCRYCTL_INITIALIZATION_FINISHED |
150 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | 170 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
151 | #endif | 171 | #endif |
152 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ | 172 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ |
153 | gnutls_global_init (); | 173 | if (GNUTLS_E_SUCCESS != gnutls_global_init ()) |
174 | { | ||
175 | fprintf (stderr, "Cannot initialize GnuTLS.\n"); | ||
176 | exit (99); | ||
177 | } | ||
154 | gnutls_global_set_log_level (11); | 178 | gnutls_global_set_log_level (11); |
155 | 179 | ||
156 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | 180 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION |
@@ -178,13 +202,13 @@ main (int argc, char *const *argv) | |||
178 | port = (int) dinfo->port; | 202 | port = (int) dinfo->port; |
179 | } | 203 | } |
180 | 204 | ||
181 | if (0 != setup_session (&session, &key, &cert, &xcred)) | 205 | if (0 != setup_session (&session, &xcred)) |
182 | { | 206 | { |
183 | fprintf (stderr, "failed to setup session\n"); | 207 | fprintf (stderr, "failed to setup session\n"); |
184 | return 1; | 208 | return 1; |
185 | } | 209 | } |
186 | errorCount += test_tls_session_time_out (session, port); | 210 | errorCount += test_tls_session_time_out (session, port); |
187 | teardown_session (session, &key, &cert, xcred); | 211 | teardown_session (session, xcred); |
188 | 212 | ||
189 | print_test_result (errorCount, argv[0]); | 213 | print_test_result (errorCount, argv[0]); |
190 | 214 | ||
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c index 4754632a..19b98e7e 100644 --- a/src/testcurl/https/test_tls_extensions.c +++ b/src/testcurl/https/test_tls_extensions.c | |||
@@ -210,8 +210,6 @@ main (int argc, char *const *argv) | |||
210 | FILE *test_fd; | 210 | FILE *test_fd; |
211 | struct MHD_Daemon *d; | 211 | struct MHD_Daemon *d; |
212 | gnutls_session_t session; | 212 | gnutls_session_t session; |
213 | gnutls_datum_t key; | ||
214 | gnutls_datum_t cert; | ||
215 | gnutls_certificate_credentials_t xcred; | 213 | gnutls_certificate_credentials_t xcred; |
216 | const int ext_arr[] = { | 214 | const int ext_arr[] = { |
217 | GNUTLS_EXTENSION_SERVER_NAME, | 215 | GNUTLS_EXTENSION_SERVER_NAME, |
@@ -266,25 +264,25 @@ main (int argc, char *const *argv) | |||
266 | } | 264 | } |
267 | 265 | ||
268 | i = 0; | 266 | i = 0; |
269 | setup_session (&session, &key, &cert, &xcred); | 267 | setup_session (&session, &xcred); |
270 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); | 268 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); |
271 | teardown_session (session, &key, &cert, xcred); | 269 | teardown_session (session, xcred); |
272 | #if 1 | 270 | #if 1 |
273 | i = 0; | 271 | i = 0; |
274 | while (ext_arr[i] != -1) | 272 | while (ext_arr[i] != -1) |
275 | { | 273 | { |
276 | setup_session (&session, &key, &cert, &xcred); | 274 | setup_session (&session, &xcred); |
277 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); | 275 | errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16); |
278 | teardown_session (session, &key, &cert, xcred); | 276 | teardown_session (session, xcred); |
279 | 277 | ||
280 | setup_session (&session, &key, &cert, &xcred); | 278 | setup_session (&session, &xcred); |
281 | errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8); | 279 | errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8); |
282 | teardown_session (session, &key, &cert, xcred); | 280 | teardown_session (session, xcred); |
283 | 281 | ||
284 | /* this test specifically tests the issue raised in CVE-2008-1948 */ | 282 | /* this test specifically tests the issue raised in CVE-2008-1948 */ |
285 | setup_session (&session, &key, &cert, &xcred); | 283 | setup_session (&session, &xcred); |
286 | errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0); | 284 | errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0); |
287 | teardown_session (session, &key, &cert, xcred); | 285 | teardown_session (session, xcred); |
288 | i++; | 286 | i++; |
289 | } | 287 | } |
290 | #endif | 288 | #endif |
diff --git a/src/testcurl/https/tls_test_common.c b/src/testcurl/https/tls_test_common.c index cf500034..9cce3d94 100644 --- a/src/testcurl/https/tls_test_common.c +++ b/src/testcurl/https/tls_test_common.c | |||
@@ -504,62 +504,33 @@ teardown_testcase (struct MHD_Daemon *d) | |||
504 | 504 | ||
505 | int | 505 | int |
506 | setup_session (gnutls_session_t *session, | 506 | setup_session (gnutls_session_t *session, |
507 | gnutls_datum_t *key, | ||
508 | gnutls_datum_t *cert, | ||
509 | gnutls_certificate_credentials_t *xcred) | 507 | gnutls_certificate_credentials_t *xcred) |
510 | { | 508 | { |
511 | int ret; | 509 | if (GNUTLS_E_SUCCESS == gnutls_init (session, GNUTLS_CLIENT)) |
512 | const char *err_pos; | ||
513 | |||
514 | gnutls_certificate_allocate_credentials (xcred); | ||
515 | key->size = strlen (srv_key_pem) + 1; | ||
516 | key->data = malloc (key->size); | ||
517 | if (NULL == key->data) | ||
518 | { | ||
519 | gnutls_certificate_free_credentials (*xcred); | ||
520 | return -1; | ||
521 | } | ||
522 | memcpy (key->data, srv_key_pem, key->size); | ||
523 | cert->size = strlen (srv_self_signed_cert_pem) + 1; | ||
524 | cert->data = malloc (cert->size); | ||
525 | if (NULL == cert->data) | ||
526 | { | ||
527 | gnutls_certificate_free_credentials (*xcred); | ||
528 | free (key->data); | ||
529 | return -1; | ||
530 | } | ||
531 | memcpy (cert->data, srv_self_signed_cert_pem, cert->size); | ||
532 | gnutls_certificate_set_x509_key_mem (*xcred, cert, key, | ||
533 | GNUTLS_X509_FMT_PEM); | ||
534 | gnutls_init (session, GNUTLS_CLIENT); | ||
535 | ret = gnutls_priority_set_direct (*session, | ||
536 | "NORMAL", &err_pos); | ||
537 | if (ret < 0) | ||
538 | { | 510 | { |
511 | if (GNUTLS_E_SUCCESS == gnutls_set_default_priority (*session)) | ||
512 | { | ||
513 | if (GNUTLS_E_SUCCESS == gnutls_certificate_allocate_credentials (xcred)) | ||
514 | { | ||
515 | if (GNUTLS_E_SUCCESS == gnutls_credentials_set (*session, | ||
516 | GNUTLS_CRD_CERTIFICATE, | ||
517 | *xcred)) | ||
518 | { | ||
519 | return 0; | ||
520 | } | ||
521 | gnutls_certificate_free_credentials (*xcred); | ||
522 | } | ||
523 | } | ||
539 | gnutls_deinit (*session); | 524 | gnutls_deinit (*session); |
540 | gnutls_certificate_free_credentials (*xcred); | ||
541 | free (key->data); | ||
542 | return -1; | ||
543 | } | 525 | } |
544 | gnutls_credentials_set (*session, | 526 | return -1; |
545 | GNUTLS_CRD_CERTIFICATE, | ||
546 | *xcred); | ||
547 | return 0; | ||
548 | } | 527 | } |
549 | 528 | ||
550 | 529 | ||
551 | int | 530 | int |
552 | teardown_session (gnutls_session_t session, | 531 | teardown_session (gnutls_session_t session, |
553 | gnutls_datum_t *key, | ||
554 | gnutls_datum_t *cert, | ||
555 | gnutls_certificate_credentials_t xcred) | 532 | gnutls_certificate_credentials_t xcred) |
556 | { | 533 | { |
557 | free (key->data); | ||
558 | key->data = NULL; | ||
559 | key->size = 0; | ||
560 | free (cert->data); | ||
561 | cert->data = NULL; | ||
562 | cert->size = 0; | ||
563 | gnutls_deinit (session); | 534 | gnutls_deinit (session); |
564 | gnutls_certificate_free_credentials (xcred); | 535 | gnutls_certificate_free_credentials (xcred); |
565 | return 0; | 536 | return 0; |
diff --git a/src/testcurl/https/tls_test_common.h b/src/testcurl/https/tls_test_common.h index 02f0f0fa..a9af504d 100644 --- a/src/testcurl/https/tls_test_common.h +++ b/src/testcurl/https/tls_test_common.h | |||
@@ -146,14 +146,10 @@ teardown_testcase (struct MHD_Daemon *d); | |||
146 | 146 | ||
147 | int | 147 | int |
148 | setup_session (gnutls_session_t *session, | 148 | setup_session (gnutls_session_t *session, |
149 | gnutls_datum_t *key, | ||
150 | gnutls_datum_t *cert, | ||
151 | gnutls_certificate_credentials_t *xcred); | 149 | gnutls_certificate_credentials_t *xcred); |
152 | 150 | ||
153 | int | 151 | int |
154 | teardown_session (gnutls_session_t session, | 152 | teardown_session (gnutls_session_t session, |
155 | gnutls_datum_t *key, | ||
156 | gnutls_datum_t *cert, | ||
157 | gnutls_certificate_credentials_t xcred); | 153 | gnutls_certificate_credentials_t xcred); |
158 | 154 | ||
159 | int | 155 | int |