testcurl/https: handle libcurl with missing custom CA support

4 files changed, 99 insertions, 19 deletions

diff --git a/src/testcurl/https/test_https_multi_daemon.c b/src/testcurl/https/test_https_multi_daemon.c
index 8ffef656..b7b9b065 100644
--- a/src/testcurl/https/test_https_multi_daemon.c
+++ b/src/testcurl/https/test_https_multi_daemon.c
@@ -47,12 +47,12 @@ test_concurent_daemon_pair (void *cls,
                             int proto_version)
 {
   unsigned int ret;
+  enum test_get_result res;
   struct MHD_Daemon *d1;
   struct MHD_Daemon *d2;
   uint16_t port1, port2;
   (void) cls;    /* Unused. Silent compiler warning. */
 
-
   if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
     port1 = port2 = 0;
   else
@@ -115,15 +115,42 @@ test_concurent_daemon_pair (void *cls,
     port2 = (int) dinfo->port;
   }
 
-  ret =
+  res =
     test_daemon_get (NULL, cipher_suite, proto_version, port1, 0);
-  ret +=
+  ret = (unsigned int) res;
+  if ((TEST_GET_HARD_ERROR == res) ||
+      (TEST_GET_CURL_GEN_ERROR == res))
+  {
+    fprintf (stderr, "libcurl error.\nTest aborted.\n");
+    MHD_stop_daemon (d2);
+    MHD_stop_daemon (d1);
+    return 99;
+  }
+
+  res =
     test_daemon_get (NULL, cipher_suite, proto_version,
                      port2, 0);
+  ret += (unsigned int) res;
+  if ((TEST_GET_HARD_ERROR == res) ||
+      (TEST_GET_CURL_GEN_ERROR == res))
+  {
+    fprintf (stderr, "libcurl error.\nTest aborted.\n");
+    MHD_stop_daemon (d2);
+    MHD_stop_daemon (d1);
+    return 99;
+  }
 
   MHD_stop_daemon (d2);
-  ret +=
+  res =
     test_daemon_get (NULL, cipher_suite, proto_version, port1, 0);
+  ret += (unsigned int) res;
+  if ((TEST_GET_HARD_ERROR == res) ||
+      (TEST_GET_CURL_GEN_ERROR == res))
+  {
+    fprintf (stderr, "libcurl error.\nTest aborted.\n");
+    MHD_stop_daemon (d1);
+    return 99;
+  }
   MHD_stop_daemon (d1);
   return ret;
 }
@@ -132,7 +159,7 @@ test_concurent_daemon_pair (void *cls,
 int
 main (int argc, char *const *argv)
 {
-  unsigned int errorCount = 0;
+  unsigned int errorCount;
   (void) argc; (void) argv;       /* Unused. Silent compiler warning. */
 
 #ifdef MHD_HTTPS_REQUIRE_GCRYPT
@@ -150,11 +177,14 @@ main (int argc, char *const *argv)
     return 77;
   }
 
-  errorCount +=
+  errorCount =
     test_concurent_daemon_pair (NULL, NULL, CURL_SSLVERSION_DEFAULT);
 
   print_test_result (errorCount, "concurent_daemon_pair");
 
   curl_global_cleanup ();
+  if (99 == errorCount)
+    return 99;
+
   return errorCount != 0 ? 1 : 0;
 }
diff --git a/src/testcurl/https/test_tls_authentication.c b/src/testcurl/https/test_tls_authentication.c
index 51c87c0e..5637eaaf 100644
--- a/src/testcurl/https/test_tls_authentication.c
+++ b/src/testcurl/https/test_tls_authentication.c
@@ -42,7 +42,7 @@
 static unsigned int
 test_secure_get (void *cls, const char *cipher_suite, int proto_version)
 {
-  unsigned int ret;
+  enum test_get_result ret;
   struct MHD_Daemon *d;
   uint16_t port;
   (void) cls;    /* Unused. Silent compiler warning. */
@@ -80,14 +80,28 @@ test_secure_get (void *cls, const char *cipher_suite, int proto_version)
   ret = test_daemon_get (NULL, cipher_suite, proto_version, port, 1);
 
   MHD_stop_daemon (d);
-  return ret;
+  if (TEST_GET_HARD_ERROR == ret)
+    return 99;
+  if (TEST_GET_CURL_GEN_ERROR == ret)
+  {
+    fprintf (stderr, "libcurl error.\nTest aborted.\n");
+    return 99;
+  }
+  if ((TEST_GET_CURL_CA_ERROR == ret) ||
+      (TEST_GET_CURL_NOT_IMPLT == ret))
+  {
+    fprintf (stderr, "libcurl TLS backend does not support custom CA.\n"
+             "Test skipped.\n");
+    return 77;
+  }
+  return TEST_GET_OK == ret ? 0 : 1;
 }
 
 
 int
 main (int argc, char *const *argv)
 {
-  unsigned int errorCount = 0;
+  unsigned int errorCount;
   (void) argc;
   (void) argv;       /* Unused. Silent compiler warning. */
 
@@ -105,12 +119,25 @@ main (int argc, char *const *argv)
     curl_global_cleanup ();
     return 77;
   }
+#if ! CURL_AT_LEAST_VERSION (7,60,0)
+  if (curl_tls_is_schannel ())
+  {
+    fprintf (stderr, "libcurl before version 7.60.0 does not support "
+             "custom CA with Schannel backend.\nTest skipped.\n");
+    curl_global_cleanup ();
+    return 77;
+  }
+#endif /* ! CURL_AT_LEAST_VERSION(7,60,0) */
 
-  errorCount +=
+  errorCount =
     test_secure_get (NULL, NULL, CURL_SSLVERSION_DEFAULT);
 
   print_test_result (errorCount, argv[0]);
 
   curl_global_cleanup ();
+  if (77 == errorCount)
+    return 77;
+  if (99 == errorCount)
+    return 77;
   return errorCount != 0 ? 1 : 0;
 }
diff --git a/src/testcurl/https/tls_test_common.c b/src/testcurl/https/tls_test_common.c
index 98d62482..044394b9 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -98,7 +98,7 @@ const long libcurl_tls_max_vers_map[KNOW_TLS_IDS_COUNT]  = {
 /*
  * test HTTPS transfer
  */
-unsigned int
+enum test_get_result
 test_daemon_get (void *cls,
                  const char *cipher_suite,
                  int proto_version,
@@ -117,7 +117,7 @@ test_daemon_get (void *cls,
   if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
   {
     fprintf (stderr, MHD_E_MEM);
-    return 1;
+    return TEST_GET_HARD_ERROR;
   }
   cbc.size = len;
   cbc.pos = 0;
@@ -146,7 +146,7 @@ test_daemon_get (void *cls,
              curl_easy_strerror (e));
     curl_easy_cleanup (c);
     free (cbc.buf);
-    return 1;
+    return TEST_GET_CURL_GEN_ERROR;
   }
 
   /* TLS options */
@@ -166,7 +166,7 @@ test_daemon_get (void *cls,
              curl_easy_strerror (e));
     curl_easy_cleanup (c);
     free (cbc.buf);
-    return 1;
+    return TEST_GET_CURL_GEN_ERROR;
   }
   if (ver_peer &&
       (CURLE_OK !=
@@ -176,7 +176,7 @@ test_daemon_get (void *cls,
              curl_easy_strerror (e));
     curl_easy_cleanup (c);
     free (cbc.buf);
-    return 1;
+    return TEST_GET_CURL_CA_ERROR;
   }
   if (CURLE_OK != (errornum = curl_easy_perform (c)))
   {
@@ -184,7 +184,15 @@ test_daemon_get (void *cls,
              curl_easy_strerror (errornum));
     curl_easy_cleanup (c);
     free (cbc.buf);
-    return 1;
+    if ((CURLE_SSL_CACERT_BADFILE == errornum)
+#if CURL_AT_LEAST_VERSION (7,21,5)
+        || (CURLE_NOT_BUILT_IN == errornum)
+#endif /* CURL_AT_LEAST_VERSION (7,21,5) */
+        )
+      return TEST_GET_CURL_CA_ERROR;
+    if (CURLE_OUT_OF_MEMORY == errornum)
+      return TEST_GET_HARD_ERROR;
+    return TEST_GET_ERROR;
   }
 
   curl_easy_cleanup (c);
@@ -193,11 +201,11 @@ test_daemon_get (void *cls,
   {
     fprintf (stderr, "Error: local data & received data differ.\n");
     free (cbc.buf);
-    return 1;
+    return TEST_GET_TRANSFER_ERROR;
   }
 
   free (cbc.buf);
-  return 0;
+  return TEST_GET_OK;
 }
 
 
diff --git a/src/testcurl/https/tls_test_common.h b/src/testcurl/https/tls_test_common.h
index dc4be451..863bab66 100644
--- a/src/testcurl/https/tls_test_common.h
+++ b/src/testcurl/https/tls_test_common.h
@@ -133,10 +133,25 @@ curl_tls_is_schannel (void);
 int
 curl_tls_is_sectransport (void);
 
+
+enum test_get_result
+{
+  TEST_GET_OK = 0,
+  TEST_GET_ERROR = 1,
+
+  TEST_GET_MHD_ERROR = 16,
+  TEST_GET_TRANSFER_ERROR = 17,
+
+  TEST_GET_CURL_GEN_ERROR = 32,
+  TEST_GET_CURL_CA_ERROR = 33,
+  TEST_GET_CURL_NOT_IMPLT = 34,
+
+  TEST_GET_HARD_ERROR = 999
+};
 /**
  * perform cURL request for file
  */
-unsigned int
+enum test_get_result
 test_daemon_get (void *cls,
                  const char *cipher_suite, int proto_version,
                  uint16_t port, int ver_peer);