some test fixes

tls connection teardown upon unrecognized message type
connection state dictionary compiles based on 'enable_messages'

10 files changed, 55 insertions, 76 deletions

diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
index df91af10..20baa770 100644
--- a/src/daemon/connection_https.c
+++ b/src/daemon/connection_https.c
@@ -87,7 +87,7 @@ MHD_get_connection_info (struct MHD_Connection *connection,
 /**
  * This function is called once a secure connection has been marked
  * for closure.
- * 
+ *
  * NOTE: Some code duplication with connection_close_error
  * in connection.c
  *
@@ -216,6 +216,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
             {
               /* set connection state to enable HTTP processing */
               connection->state = MHD_CONNECTION_INIT;
+              break;
             }
           /* set connection as closed */
           else
@@ -227,7 +228,6 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
               connection->state = MHD_TLS_HANDSHAKE_FAILED;
               return MHD_NO;
             }
-          break;
         }
       /* a handshake message has been received out of bound */
       else
@@ -241,7 +241,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
           return MHD_NO;
         }
 
-      /* ignore any out of bound change chiper spec messages */
+    /* ignore any out of bound change chiper spec messages */
     case GNUTLS_CHANGE_CIPHER_SPEC:
       MHD_tls_connection_close (connection,
                                     MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
@@ -303,9 +303,12 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
     default:
 #if HAVE_MESSAGES
       MHD_DLOG (connection->daemon,
-                "Error: unrecognized TLS read message. con-state: %d. l: %d, f: %s\n",
-                connection->state, __LINE__, __FUNCTION__);
+                "Error: unrecognized TLS message type: %d, connection state: %s. l: %d, f: %s\n",
+                msg_type, MHD_state_to_string(connection->state), __LINE__, __FUNCTION__);
 #endif
+      /* close connection upon reception of unrecognized message type */
+      MHD_tls_connection_close (connection,
+                                    MHD_TLS_REQUEST_TERMINATED_WITH_ERROR);
       return MHD_NO;
     }
 
diff --git a/src/daemon/https/tls/gnutls_buffers.c b/src/daemon/https/tls/gnutls_buffers.c
index 16be8011..5ea95e5f 100644
--- a/src/daemon/https/tls/gnutls_buffers.c
+++ b/src/daemon/https/tls/gnutls_buffers.c
@@ -487,7 +487,6 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
   if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0)
     {
       gnutls_assert ();         /* internal error */
-      printf("AT %u\n", __LINE__);
       return GNUTLS_E_INVALID_REQUEST;
     }
 
@@ -538,7 +537,6 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
       > MAX_RECV_SIZE)
     {
       gnutls_assert ();         /* internal error */
-      printf("AT %u\n", __LINE__);
       return GNUTLS_E_INVALID_REQUEST;
     }
 
@@ -551,14 +549,12 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
   if (session->internals.record_recv_buffer.data == NULL)
     {
       gnutls_assert ();
-      printf("AT %u\n", __LINE__);
       return GNUTLS_E_MEMORY_ERROR;
     }
 
   buf_pos = session->internals.record_recv_buffer.length;
   buf = session->internals.record_recv_buffer.data;
   *iptr = buf;
-      printf("AT %u\n", __LINE__);
 
   /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */
   if (recvdata - recvlowat > 0)
@@ -570,7 +566,6 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
        */
       if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
         {
-      printf("AT %u\n", __LINE__);
           return ret;
         }
     }
@@ -598,7 +593,6 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
 
       if (ret2 < 0 && MHD_gtls_error_is_fatal (ret2) == 0)
         {
-      printf("AT %u\n", __LINE__);
           return ret2;
         }
 
@@ -618,7 +612,6 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
     {
       gnutls_assert ();
       /* that's because they are initialized to 0 */
-      printf("AT %u\n", __LINE__);
       return MIN (ret, ret2);
     }
 
@@ -627,14 +620,12 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
   if (ret > 0 && ret < recvlowat)
     {
       gnutls_assert ();
-      printf("AT %u\n", __LINE__);
       return GNUTLS_E_AGAIN;
     }
 
   if (ret == 0)
     {                           /* EOF */
       gnutls_assert ();
-      printf("AT %u\n", __LINE__);
       return 0;
     }
 
@@ -644,12 +635,10 @@ mhd_gtls_io_read_buffered (mhd_gtls_session_t session, opaque ** iptr,
     {
       /* Short Read */
       gnutls_assert ();
-      printf("AT %u\n", __LINE__);
       return GNUTLS_E_AGAIN;
     }
   else
     {
-      printf("AT %u\n", __LINE__);
       return ret;
     }
 }
@@ -1234,7 +1223,7 @@ mhd_gtls_handshake_buffer_get_ptr (mhd_gtls_session_t session,
   if (length != NULL)
     *length = session->internals.handshake_hash_buffer.length;
 
-  _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", 
+  _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n",
                        session->internals.handshake_hash_buffer.length);
 
   if (data_ptr != NULL)
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c
index 4bd09b96..38f04738 100644
--- a/src/daemon/https/tls/gnutls_str.c
+++ b/src/daemon/https/tls/gnutls_str.c
@@ -227,33 +227,6 @@ mhd_gtls_string_append_data (mhd_gtls_string * dest,
     }
 }
 
-int
-mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt, ...)
-{
-  va_list args;
-  int len;
-  char *str;
-
-  va_start (args, fmt);
-  len = vsnprintf (NULL, 0, fmt, args);
-  va_end (args);
-  if (len < 0)
-    return -1;
-  str = malloc(len + 1);
-  if (! str)
-    return -1;
-
-  va_start (args, fmt);
-  len = vsprintf (str, fmt, args);
-  va_end (args);
-
-  len = mhd_gtls_string_append_str (dest, str);
-
-  free (str);
-
-  return len;
-}
-
 /* Converts the given string (old) to hex. A buffer must be provided
  * to hold the new hex string. The new string will be null terminated.
  * If the buffer does not have enough space to hold the string, a
diff --git a/src/daemon/https/tls/gnutls_str.h b/src/daemon/https/tls/gnutls_str.h
index 45ad33ae..ead7ba2a 100644
--- a/src/daemon/https/tls/gnutls_str.h
+++ b/src/daemon/https/tls/gnutls_str.h
@@ -55,9 +55,6 @@ int mhd_gtls_string_copy_str (mhd_gtls_string * dest, const char *src);
 int mhd_gtls_string_append_str (mhd_gtls_string *, const char *str);
 int mhd_gtls_string_append_data (mhd_gtls_string *, const void *data,
                                  size_t data_size);
-int mhd_gtls_string_append_printf (mhd_gtls_string * dest, const char *fmt,
-                                   ...);
-
 char *mhd_gtls_bin2hex (const void *old, size_t oldlen, char *buffer,
                         size_t buffer_size);
 int mhd_gtls_hex2bin (const opaque * hex_data, int hex_size,
diff --git a/src/daemon/internal.c b/src/daemon/internal.c
index 38fd5771..9d0f3d7d 100644
--- a/src/daemon/internal.c
+++ b/src/daemon/internal.c
@@ -26,7 +26,10 @@
 
 #include "internal.h"
 
-#if DEBUG_STATES
+#if HAVE_MESSAGES
+/**
+ * State to string dictionary.
+ */
 char *
 MHD_state_to_string (enum MHD_CONNECTION_STATE state)
 {
@@ -80,8 +83,9 @@ MHD_state_to_string (enum MHD_CONNECTION_STATE state)
       return "secure handshake failed";
     case MHD_TLS_HANDSHAKE_COMPLETE:
       return "secure handshake _complete";
+    default:
+      return "unrecognized connection state";
     }
-  return "unrecognized connection state";
 }
 #endif
 
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 76c17dbc..39886187 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -301,7 +301,7 @@ enum MHD_CONNECTION_STATE
  */
 #define DEBUG_STATES MHD_NO
 
-#if DEBUG_STATES
+#if HAVE_MESSAGES
 char *MHD_state_to_string (enum MHD_CONNECTION_STATE state);
 #endif
 
@@ -568,7 +568,7 @@ struct MHD_Connection
   ReceiveCallback recv_cls;
 
   TransmitCallback send_cls;
-  
+
 #if HTTPS_SUPPORT
   /* TODO rename as this might be an SSL connection */
   mhd_gtls_session_t tls_session;
diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am
index bd25184d..a06f7e1f 100644
--- a/src/examples/Makefile.am
+++ b/src/examples/Makefile.am
@@ -14,7 +14,7 @@ fileserver_example_external_select \
 refuse_post_example
 
 if ENABLE_HTTPS
-noinst_PROGRAMS += https_server_example 
+noinst_PROGRAMS += https_fileserver_example 
 endif
 
 minimal_example_SOURCES = \
@@ -47,7 +47,7 @@ fileserver_example_external_select_SOURCES = \
 fileserver_example_external_select_LDADD = \
  $(top_builddir)/src/daemon/libmicrohttpd.la 
 
-https_server_example_SOURCES = \
-https_server_example.c
-https_server_example_LDADD = \
+https_fileserver_example_SOURCES = \
+https_fileserver_example.c
+https_fileserver_example_LDADD = \
  $(top_builddir)/src/daemon/libmicrohttpd.la
diff --git a/src/examples/https_server_example.c b/src/examples/https_fileserver_example.c
index 06d82a52..55201ce2 100644
--- a/src/examples/https_server_example.c
+++ b/src/examples/https_fileserver_example.c
@@ -20,16 +20,14 @@
  * @file https_server_example.c
  * @brief a simple HTTPS file server using TLS.
  *
- * Server may be supplied either with included hard coded certificates or using
- * external ones, which are to be supplied through command line arguments.
- * A private key file named "key.pem" and a server certificate file named "cert.pem".
- * are necessary to run the server in this way.
+ * Usage :
  *
- * 'certtool' may be used to generate these if required.
+ *  'http_fileserver_example HTTP-PORT SECONDS-TO-RUN [CERTIFICATE PATH, KEY PATH]'
  *
- * Access server with your browser of choice or with curl :
+ * The certificate & key are required by the server to operate,  Omitting the
+ * path arguments will cause the server to use the hard coded example certificate & key.
  *
- *   curl --insecure --tlsv1 --ciphers AES256-SHA <url>
+ * 'certtool' may be used to generate these if required.
  *
  * @author Sagie Amir
  */
@@ -159,31 +157,43 @@ main (int argc, char *const *argv)
 {
   struct MHD_Daemon *TLS_daemon;
 
-  /* look for HTTPS arguments */
-  if (argc < 5)
-    {
-      printf
-        ("Usage : %s HTTP-PORT SECONDS-TO-RUN KEY-FILE CERT-FILE\n", argv[0]);
-      return 1;
-    }
-
+  if (argc == 3){
   /* TODO check if this is truly necessary -  disallow usage of the blocking /dev/random */
   /* gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); */
-
   TLS_daemon = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG
-                                 | MHD_USE_SSL, atoi (argv[3]),
+                                 | MHD_USE_SSL, atoi (argv[1]),
                                  NULL,
                                  NULL, &http_ahc,
                                  NULL, MHD_OPTION_CONNECTION_TIMEOUT, 256,
                                  MHD_OPTION_HTTPS_MEM_KEY, key_pem,
                                  MHD_OPTION_HTTPS_MEM_CERT, cert_pem,
+
                                  MHD_OPTION_END);
+  }
+  else if (argc == 5){
+          TLS_daemon = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG
+          | MHD_USE_SSL, atoi (argv[1]),
+          NULL,
+          NULL, &http_ahc,
+          NULL, MHD_OPTION_CONNECTION_TIMEOUT, 256,
+          MHD_OPTION_HTTPS_CERT_PATH, argv[3],
+          MHD_OPTION_HTTPS_KEY_PATH, argv[4],
+          MHD_OPTION_END);
+  }
+  else {
+          printf
+                  ("Usage : %s HTTP-PORT SECONDS-TO-RUN [CERTIFICATE PATH, KEY PATH]\n", argv[0]);
+                return 1;
+  }
 
   if (TLS_daemon == NULL)
     {
       printf ("Error: failed to start TLS_daemon");
       return 1;
     }
+  else {
+          printf ("MHD daemon listening on port %d\n", atoi (argv[1]));
+  }
 
   sleep (atoi (argv[2]));
 
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index 556d6684..412f65f2 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -403,6 +403,7 @@ main (int argc, char *const *argv)
 {
   FILE *test_fd;
   unsigned int errorCount = 0;
+  char * cur_dir;
 
   MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
 
@@ -434,11 +435,14 @@ main (int argc, char *const *argv)
                MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                MHD_OPTION_END);
+
+  cur_dir = get_current_dir_name ();
   errorCount +=
     test_wrap ("file certificates", &test_file_certificates, test_fd,
-               "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
-               srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
-               srv_self_signed_cert_pem, MHD_OPTION_END);
+               "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_CERT_PATH, cur_dir,
+               MHD_OPTION_HTTPS_KEY_PATH, cur_dir, MHD_OPTION_END);
+  free (cur_dir);
+
   errorCount +=
     test_wrap ("protocol_version", &test_protocol_version, test_fd,
                "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c
index 37d28656..f0f43dbc 100644
--- a/src/testcurl/https/tls_session_time_out_test.c
+++ b/src/testcurl/https/tls_session_time_out_test.c
@@ -156,7 +156,6 @@ main (int argc, char *const *argv)
                         MHD_USE_DEBUG, 42433,
                         NULL, NULL, &http_ahc, NULL,
                         MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
-                        MHD_OPTION_SOCK_ADDR, "127.0.0.1",
                         MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                         MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                         MHD_OPTION_END);