test_https_time_out: additional fixes

Fixed possible abort on SIGPIPE.
Avoid meaningless test results reports (-1 was mapped to unsigned value).
Check GnuTLS functions results.
Correctly initialize GnuTLS session.

4 files changed, 59 insertions, 70 deletions

diff --git a/src/testcurl/https/test_https_time_out.c b/src/testcurl/https/test_https_time_out.c
index c86aaccd..a6d1b3bb 100644
--- a/src/testcurl/https/test_https_time_out.c
+++ b/src/testcurl/https/test_https_time_out.c
@@ -1,6 +1,7 @@
 /*
  This file is part of libmicrohttpd
  Copyright (C) 2007 Christian Grothoff
+ Copyright (C) 2014-2021 Karlson2k (Evgeny Grin)
 
  libmicrohttpd is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published
@@ -23,6 +24,7 @@
  * @brief: daemon TLS alert response test-case
  *
  * @author Sagie Amir
+ * @author Karlson2k (Evgeny Grin)
  */
 
 #include "platform.h"
@@ -31,6 +33,9 @@
 #ifdef MHD_HTTPS_REQUIRE_GRYPT
 #include <gcrypt.h>
 #endif /* MHD_HTTPS_REQUIRE_GRYPT */
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif /* HAVE_SIGNAL_H */
 #include "mhd_sockets.h" /* only macros used */
 
 
@@ -83,7 +88,7 @@ test_tls_session_time_out (gnutls_session_t session, int port)
   if (sd == MHD_INVALID_SOCKET)
   {
     fprintf (stderr, "Failed to create socket: %s\n", strerror (errno));
-    return -1;
+    return 2;
   }
 
   memset (&sa, '\0', sizeof (struct sockaddr_in));
@@ -91,33 +96,37 @@ test_tls_session_time_out (gnutls_session_t session, int port)
   sa.sin_port = htons (port);
   sa.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
 
-  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) sd);
-
   ret = connect (sd, (struct sockaddr *) &sa, sizeof (struct sockaddr_in));
 
   if (ret < 0)
   {
     fprintf (stderr, "Error: %s\n", MHD_E_FAILED_TO_CONNECT);
     MHD_socket_close_chk_ (sd);
-    return -1;
+    return 2;
   }
 
+#if (GNUTLS_VERSION_NUMBER + 0 >= 0x030109) && ! defined(_WIN64)
+  gnutls_transport_set_int (session, (int) (sd));
+#else  /* GnuTLS before 3.1.9 or Win64 */
+  gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (intptr_t) (sd));
+#endif /* GnuTLS before 3.1.9 or Win64 */
+
   ret = gnutls_handshake (session);
   if (ret < 0)
   {
     fprintf (stderr, "Handshake failed\n");
     MHD_socket_close_chk_ (sd);
-    return -1;
+    return 2;
   }
 
-  (void) sleep (TIME_OUT + 1);
+  (void) sleep (TIME_OUT + 2);
 
   /* check that server has closed the connection */
   if (1 == num_disconnects)
   {
     fprintf (stderr, "Connection failed to time-out\n");
     MHD_socket_close_chk_ (sd);
-    return -1;
+    return 1;
   }
   else if (0 != num_disconnects)
     abort ();
@@ -133,8 +142,6 @@ main (int argc, char *const *argv)
   int errorCount = 0;
   struct MHD_Daemon *d;
   gnutls_session_t session;
-  gnutls_datum_t key;
-  gnutls_datum_t cert;
   gnutls_certificate_credentials_t xcred;
   int port;
   (void) argc;   /* Unused. Silent compiler warning. */
@@ -144,13 +151,30 @@ main (int argc, char *const *argv)
   else
     port = 3070;
 
+#ifdef MHD_SEND_SPIPE_SUPPRESS_NEEDED
+#if defined(HAVE_SIGNAL_H) && defined(SIGPIPE)
+  if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
+  {
+    fprintf (stderr, "Error suppressing SIGPIPE signal.\n");
+    exit (99);
+  }
+#else /* ! HAVE_SIGNAL_H || ! SIGPIPE */
+  fprintf (stderr, "Cannot suppress SIGPIPE signal.\n");
+  /* exit (77); */
+#endif
+#endif /* MHD_SEND_SPIPE_SUPPRESS_NEEDED */
+
 #ifdef MHD_HTTPS_REQUIRE_GRYPT
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
 #ifdef GCRYCTL_INITIALIZATION_FINISHED
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 #endif
 #endif /* MHD_HTTPS_REQUIRE_GRYPT */
-  gnutls_global_init ();
+  if (GNUTLS_E_SUCCESS != gnutls_global_init ())
+  {
+    fprintf (stderr, "Cannot initialize GnuTLS.\n");
+    exit (99);
+  }
   gnutls_global_set_log_level (11);
 
   d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
@@ -178,13 +202,13 @@ main (int argc, char *const *argv)
     port = (int) dinfo->port;
   }
 
-  if (0 != setup_session (&session, &key, &cert, &xcred))
+  if (0 != setup_session (&session, &xcred))
   {
     fprintf (stderr, "failed to setup session\n");
     return 1;
   }
   errorCount += test_tls_session_time_out (session, port);
-  teardown_session (session, &key, &cert, xcred);
+  teardown_session (session, xcred);
 
   print_test_result (errorCount, argv[0]);
 
diff --git a/src/testcurl/https/test_tls_extensions.c b/src/testcurl/https/test_tls_extensions.c
index 4754632a..19b98e7e 100644
--- a/src/testcurl/https/test_tls_extensions.c
+++ b/src/testcurl/https/test_tls_extensions.c
@@ -210,8 +210,6 @@ main (int argc, char *const *argv)
   FILE *test_fd;
   struct MHD_Daemon *d;
   gnutls_session_t session;
-  gnutls_datum_t key;
-  gnutls_datum_t cert;
   gnutls_certificate_credentials_t xcred;
   const int ext_arr[] = {
     GNUTLS_EXTENSION_SERVER_NAME,
@@ -266,25 +264,25 @@ main (int argc, char *const *argv)
   }
 
   i = 0;
-  setup_session (&session, &key, &cert, &xcred);
+  setup_session (&session, &xcred);
   errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
-  teardown_session (session, &key, &cert, xcred);
+  teardown_session (session, xcred);
 #if 1
   i = 0;
   while (ext_arr[i] != -1)
   {
-    setup_session (&session, &key, &cert, &xcred);
+    setup_session (&session, &xcred);
     errorCount += test_hello_extension (session, port, ext_arr[i], 1, 16);
-    teardown_session (session, &key, &cert, xcred);
+    teardown_session (session, xcred);
 
-    setup_session (&session, &key, &cert, &xcred);
+    setup_session (&session, &xcred);
     errorCount += test_hello_extension (session, port, ext_arr[i], 3, 8);
-    teardown_session (session, &key, &cert, xcred);
+    teardown_session (session, xcred);
 
     /* this test specifically tests the issue raised in CVE-2008-1948 */
-    setup_session (&session, &key, &cert, &xcred);
+    setup_session (&session, &xcred);
     errorCount += test_hello_extension (session, port, ext_arr[i], 6, 0);
-    teardown_session (session, &key, &cert, xcred);
+    teardown_session (session, xcred);
     i++;
   }
 #endif
diff --git a/src/testcurl/https/tls_test_common.c b/src/testcurl/https/tls_test_common.c
index cf500034..9cce3d94 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -504,62 +504,33 @@ teardown_testcase (struct MHD_Daemon *d)
 
 int
 setup_session (gnutls_session_t *session,
-               gnutls_datum_t *key,
-               gnutls_datum_t *cert,
                gnutls_certificate_credentials_t *xcred)
 {
-  int ret;
-  const char *err_pos;
-
-  gnutls_certificate_allocate_credentials (xcred);
-  key->size = strlen (srv_key_pem) + 1;
-  key->data = malloc (key->size);
-  if (NULL == key->data)
-  {
-    gnutls_certificate_free_credentials (*xcred);
-    return -1;
-  }
-  memcpy (key->data, srv_key_pem, key->size);
-  cert->size = strlen (srv_self_signed_cert_pem) + 1;
-  cert->data = malloc (cert->size);
-  if (NULL == cert->data)
-  {
-    gnutls_certificate_free_credentials (*xcred);
-    free (key->data);
-    return -1;
-  }
-  memcpy (cert->data, srv_self_signed_cert_pem, cert->size);
-  gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
-                                       GNUTLS_X509_FMT_PEM);
-  gnutls_init (session, GNUTLS_CLIENT);
-  ret = gnutls_priority_set_direct (*session,
-                                    "NORMAL", &err_pos);
-  if (ret < 0)
+  if (GNUTLS_E_SUCCESS == gnutls_init (session, GNUTLS_CLIENT))
   {
+    if (GNUTLS_E_SUCCESS == gnutls_set_default_priority (*session))
+    {
+      if (GNUTLS_E_SUCCESS == gnutls_certificate_allocate_credentials (xcred))
+      {
+        if (GNUTLS_E_SUCCESS == gnutls_credentials_set (*session,
+                                                        GNUTLS_CRD_CERTIFICATE,
+                                                        *xcred))
+        {
+          return 0;
+        }
+        gnutls_certificate_free_credentials (*xcred);
+      }
+    }
     gnutls_deinit (*session);
-    gnutls_certificate_free_credentials (*xcred);
-    free (key->data);
-    return -1;
   }
-  gnutls_credentials_set (*session,
-                          GNUTLS_CRD_CERTIFICATE,
-                          *xcred);
-  return 0;
+  return -1;
 }
 
 
 int
 teardown_session (gnutls_session_t session,
-                  gnutls_datum_t *key,
-                  gnutls_datum_t *cert,
                   gnutls_certificate_credentials_t xcred)
 {
-  free (key->data);
-  key->data = NULL;
-  key->size = 0;
-  free (cert->data);
-  cert->data = NULL;
-  cert->size = 0;
   gnutls_deinit (session);
   gnutls_certificate_free_credentials (xcred);
   return 0;
diff --git a/src/testcurl/https/tls_test_common.h b/src/testcurl/https/tls_test_common.h
index 02f0f0fa..a9af504d 100644
--- a/src/testcurl/https/tls_test_common.h
+++ b/src/testcurl/https/tls_test_common.h
@@ -146,14 +146,10 @@ teardown_testcase (struct MHD_Daemon *d);
 
 int
 setup_session (gnutls_session_t *session,
-               gnutls_datum_t *key,
-               gnutls_datum_t *cert,
                gnutls_certificate_credentials_t *xcred);
 
 int
 teardown_session (gnutls_session_t session,
-                  gnutls_datum_t *key,
-                  gnutls_datum_t *cert,
                   gnutls_certificate_credentials_t xcred);
 
 int