diff options
author | lv-426 <oxcafebaby@yahoo.com> | 2008-08-09 02:06:38 +0000 |
---|---|---|
committer | lv-426 <oxcafebaby@yahoo.com> | 2008-08-09 02:06:38 +0000 |
commit | cafcdb1b08e18530b9a184a22c7655b3661701bb (patch) | |
tree | 5e4078feb14ae2ae01973ec24b96a39c33aef0c5 /src | |
parent | dfd057b9b6e0b022f73c1bdb4b845230f29fae3a (diff) | |
download | libmicrohttpd-cafcdb1b08e18530b9a184a22c7655b3661701bb.tar.gz libmicrohttpd-cafcdb1b08e18530b9a184a22c7655b3661701bb.zip |
temporary IP binding option added to MHD_daemon_start_va
added support for initiating the daemon in anonymous authentication mode
DH parameter initiation when using anonymous authentication
added daemon credential type field
added daemon option testing flexibility
removed db support
Diffstat (limited to 'src')
26 files changed, 775 insertions, 889 deletions
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index d275bb19..d91e6b90 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c | |||
@@ -37,7 +37,7 @@ | |||
37 | #include "gnutls_int.h" | 37 | #include "gnutls_int.h" |
38 | #include "gnutls_record.h" | 38 | #include "gnutls_record.h" |
39 | 39 | ||
40 | /* TODO rm #include "gnutls_errors.h" */ | 40 | /* TODO #include rm "gnutls_errors.h" */ |
41 | #include "gnutls_errors.h" | 41 | #include "gnutls_errors.h" |
42 | 42 | ||
43 | /* forward declarations used when setting secure connection callbacks */ | 43 | /* forward declarations used when setting secure connection callbacks */ |
@@ -168,6 +168,9 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) | |||
168 | 168 | ||
169 | switch (connection->state) | 169 | switch (connection->state) |
170 | { | 170 | { |
171 | /* on newly created connections we might reach here before any reply has been received */ | ||
172 | case MHD_TLS_CONNECTION_INIT: | ||
173 | return MHD_YES; | ||
171 | /* close connection if necessary */ | 174 | /* close connection if necessary */ |
172 | case MHD_CONNECTION_CLOSED: | 175 | case MHD_CONNECTION_CLOSED: |
173 | MHD_tls_connection_close (connection); | 176 | MHD_tls_connection_close (connection); |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 34a9bac6..84662dbd 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #if HTTPS_SUPPORT | 32 | #if HTTPS_SUPPORT |
33 | #include "gnutls_int.h" | 33 | #include "gnutls_int.h" |
34 | #include "gnutls_global.h" | 34 | #include "gnutls_global.h" |
35 | #include "auth_anon.h" | ||
35 | #endif | 36 | #endif |
36 | 37 | ||
37 | /** | 38 | /** |
@@ -56,26 +57,14 @@ | |||
56 | */ | 57 | */ |
57 | #define DEBUG_CONNECT MHD_NO | 58 | #define DEBUG_CONNECT MHD_NO |
58 | 59 | ||
59 | #if HTTPS_SUPPORT | 60 | /* TODO unite with code in gnutls_priority.c */ |
60 | /* initialize security aspects of the HTTPS daemon */ | ||
61 | static int | 61 | static int |
62 | MHD_TLS_init (struct MHD_Daemon *daemon) | 62 | MHD_init_daemon_certificate (struct MHD_Daemon *daemon) |
63 | { | 63 | { |
64 | int i; | ||
65 | priority_st st; | ||
66 | gnutls_datum_t key; | 64 | gnutls_datum_t key; |
67 | gnutls_datum_t cert; | 65 | gnutls_datum_t cert; |
68 | 66 | ||
69 | gnutls_global_set_log_function (MHD_tls_log_func); | 67 | /* certificate & key loaded from file */ |
70 | |||
71 | /* setup server certificate */ | ||
72 | gnutls_certificate_allocate_credentials (&daemon->x509_cret); | ||
73 | |||
74 | /* TODO remove if unused | ||
75 | gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM); | ||
76 | gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM); */ | ||
77 | |||
78 | /* sets a certificate private key pair */ | ||
79 | if (daemon->https_cert_path && daemon->https_key_path) | 68 | if (daemon->https_cert_path && daemon->https_key_path) |
80 | { | 69 | { |
81 | /* test for private key & certificate file exsitance */ | 70 | /* test for private key & certificate file exsitance */ |
@@ -98,20 +87,21 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
98 | CLOSE (daemon->socket_fd); | 87 | CLOSE (daemon->socket_fd); |
99 | return -1; | 88 | return -1; |
100 | } | 89 | } |
101 | gnutls_certificate_set_x509_key_file (daemon->x509_cret, | 90 | return gnutls_certificate_set_x509_key_file (daemon->x509_cred, |
102 | daemon->https_cert_path, | 91 | daemon->https_cert_path, |
103 | daemon->https_key_path, | 92 | daemon->https_key_path, |
104 | GNUTLS_X509_FMT_PEM); | 93 | GNUTLS_X509_FMT_PEM); |
105 | } | 94 | } |
95 | /* certificate & key loaded from memory */ | ||
106 | else if (daemon->https_mem_cert && daemon->https_mem_key) | 96 | else if (daemon->https_mem_cert && daemon->https_mem_key) |
107 | { | 97 | { |
108 | key.data = (char *) daemon->https_mem_key; | 98 | key.data = (unsigned char *) daemon->https_mem_key; |
109 | key.size = strlen (daemon->https_mem_key); | 99 | key.size = strlen (daemon->https_mem_key); |
110 | cert.data = (char *) daemon->https_mem_cert; | 100 | cert.data = (unsigned char *) daemon->https_mem_cert; |
111 | cert.size = strlen (daemon->https_mem_cert); | 101 | cert.size = strlen (daemon->https_mem_cert); |
112 | 102 | ||
113 | gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key, | 103 | return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert, |
114 | GNUTLS_X509_FMT_PEM); | 104 | &key, GNUTLS_X509_FMT_PEM); |
115 | } | 105 | } |
116 | else | 106 | else |
117 | { | 107 | { |
@@ -120,29 +110,44 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
120 | #endif | 110 | #endif |
121 | return MHD_NO; | 111 | return MHD_NO; |
122 | } | 112 | } |
113 | } | ||
123 | 114 | ||
124 | /* generate DH parameters if necessary */ | 115 | /* initialize security aspects of the HTTPS daemon */ |
125 | st = daemon->priority_cache->kx; | 116 | int |
126 | for (i = 0; i < st.algorithms; i++) | 117 | MHD_TLS_init (struct MHD_Daemon *daemon) |
118 | { | ||
119 | int ret; | ||
120 | |||
121 | switch (daemon->cred_type) | ||
127 | { | 122 | { |
128 | /* initialize Diffie Hellman parameters if necessary */ | 123 | case MHD_GNUTLS_CRD_ANON: |
129 | /* TODO add other cipher suits */ | 124 | ret = gnutls_anon_allocate_server_credentials (&daemon->anon_cred); |
130 | if (st.priority[i] == MHD_GNUTLS_KX_DHE_RSA) | 125 | ret += gnutls_dh_params_init (&daemon->dh_params); |
131 | { | 126 | if (ret != 0) { |
132 | gnutls_dh_params_init (&daemon->dh_params); | 127 | return GNUTLS_E_MEMORY_ERROR; |
133 | gnutls_dh_params_generate2 (daemon->dh_params, 1024); | 128 | } |
134 | break; | 129 | gnutls_dh_params_generate2 (daemon->dh_params, 1024); |
135 | } | 130 | gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params); |
131 | break; | ||
132 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
133 | ret = gnutls_certificate_allocate_credentials (&daemon->x509_cred) ; | ||
134 | if (ret != 0) { | ||
135 | return GNUTLS_E_MEMORY_ERROR; | ||
136 | } | ||
137 | if ((ret = MHD_init_daemon_certificate (daemon)) != 0) | ||
138 | return ret; | ||
139 | default: | ||
140 | #if HAVE_MESSAGES | ||
141 | MHD_DLOG (daemon, | ||
142 | "Error: no daemon credentials type found. f: %s, l: %d\n", | ||
143 | __FUNCTION__, __LINE__); | ||
144 | #endif | ||
145 | break; | ||
136 | } | 146 | } |
137 | 147 | ||
138 | gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params); | 148 | return MHD_NO; |
139 | |||
140 | /* TODO address error case return value */ | ||
141 | return MHD_YES; | ||
142 | } | 149 | } |
143 | 150 | ||
144 | /* TODO unite with code in gnutls_priority.c */ | ||
145 | /* this is used to set HTTPS related daemon priorities */ | ||
146 | inline static int | 151 | inline static int |
147 | _set_priority (priority_st * st, const int *list) | 152 | _set_priority (priority_st * st, const int *list) |
148 | { | 153 | { |
@@ -152,7 +157,7 @@ _set_priority (priority_st * st, const int *list) | |||
152 | num++; | 157 | num++; |
153 | if (num > MAX_ALGOS) | 158 | if (num > MAX_ALGOS) |
154 | num = MAX_ALGOS; | 159 | num = MAX_ALGOS; |
155 | st->algorithms = num; | 160 | st->num_algorithms = num; |
156 | 161 | ||
157 | for (i = 0; i < num; i++) | 162 | for (i = 0; i < num; i++) |
158 | { | 163 | { |
@@ -161,7 +166,6 @@ _set_priority (priority_st * st, const int *list) | |||
161 | 166 | ||
162 | return 0; | 167 | return 0; |
163 | } | 168 | } |
164 | #endif /* HTTPS_SUPPORT */ | ||
165 | 169 | ||
166 | /** | 170 | /** |
167 | * Obtain the select sets for this daemon. | 171 | * Obtain the select sets for this daemon. |
@@ -300,12 +304,13 @@ gnutls_push_param_adapter (void *connection, | |||
300 | } | 304 | } |
301 | #endif | 305 | #endif |
302 | 306 | ||
307 | |||
303 | /** | 308 | /** |
304 | * Handle an individual TLS connection. | 309 | * Handle an individual TLS connection. |
305 | */ | 310 | */ |
306 | #if HTTPS_SUPPORT | 311 | #if HTTPS_SUPPORT |
307 | static void * | 312 | static void * |
308 | MHD_TLS_handle_connection (void *data) | 313 | MHD_TLS_init_connection (void *data) |
309 | { | 314 | { |
310 | struct MHD_Connection *con = data; | 315 | struct MHD_Connection *con = data; |
311 | 316 | ||
@@ -320,16 +325,37 @@ MHD_TLS_handle_connection (void *data) | |||
320 | /* sets cipher priorities */ | 325 | /* sets cipher priorities */ |
321 | gnutls_priority_set (con->tls_session, con->daemon->priority_cache); | 326 | gnutls_priority_set (con->tls_session, con->daemon->priority_cache); |
322 | 327 | ||
323 | /* set needed credentials for certificate authentication. */ | 328 | switch (con->daemon->cred_type) |
324 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, | 329 | { |
325 | con->daemon->x509_cret); | 330 | /* set needed credentials for certificate authentication. */ |
331 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
332 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
333 | con->daemon->x509_cred); | ||
334 | break; | ||
335 | case MHD_GNUTLS_CRD_ANON: | ||
336 | /* set needed credentials for anonymous authentication. */ | ||
337 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, | ||
338 | con->daemon->anon_cred); | ||
339 | gnutls_dh_set_prime_bits (con->tls_session, 1024); | ||
340 | break; | ||
341 | default: | ||
342 | |||
343 | #if HAVE_MESSAGES | ||
344 | MHD_DLOG (con->daemon, | ||
345 | "Error: couldn't init HTTPS session. no appropriate KX algorithm found. f: %s, l: %d\n", | ||
346 | __FUNCTION__, __LINE__); | ||
347 | #endif | ||
348 | break; | ||
349 | } | ||
326 | 350 | ||
327 | /* TODO avoid gnutls blocking recv / write calls | 351 | /* TODO avoid gnutls blocking recv / write calls |
328 | gnutls_transport_set_pull_function(tls_session, &recv); | 352 | gnutls_transport_set_pull_function(tls_session, &recv); |
329 | gnutls_transport_set_push_function(tls_session, &send); | 353 | gnutls_transport_set_push_function(tls_session, &send); |
330 | */ | 354 | */ |
331 | 355 | ||
332 | gnutls_transport_set_ptr (con->tls_session, con->socket_fd); | 356 | gnutls_transport_set_ptr (con->tls_session, |
357 | (gnutls_transport_ptr_t) ((void *) con-> | ||
358 | socket_fd)); | ||
333 | 359 | ||
334 | return MHD_handle_connection (data); | 360 | return MHD_handle_connection (data); |
335 | } | 361 | } |
@@ -489,7 +515,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
489 | #if HTTPS_SUPPORT | 515 | #if HTTPS_SUPPORT |
490 | if (daemon->options & MHD_USE_SSL) | 516 | if (daemon->options & MHD_USE_SSL) |
491 | res_thread_create = pthread_create (&connection->pid, NULL, | 517 | res_thread_create = pthread_create (&connection->pid, NULL, |
492 | &MHD_TLS_handle_connection, | 518 | &MHD_TLS_init_connection, |
493 | connection); | 519 | connection); |
494 | else | 520 | else |
495 | #endif | 521 | #endif |
@@ -768,7 +794,7 @@ MHD_select_thread (void *cls) | |||
768 | */ | 794 | */ |
769 | struct MHD_Daemon * | 795 | struct MHD_Daemon * |
770 | MHD_start_daemon_va (unsigned int options, | 796 | MHD_start_daemon_va (unsigned int options, |
771 | unsigned short port, | 797 | unsigned short port, char *ip, |
772 | MHD_AcceptPolicyCallback apc, | 798 | MHD_AcceptPolicyCallback apc, |
773 | void *apc_cls, | 799 | void *apc_cls, |
774 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap) | 800 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap) |
@@ -875,6 +901,7 @@ MHD_start_daemon_va (unsigned int options, | |||
875 | pthread_mutex_unlock (&gnutls_init_mutex); | 901 | pthread_mutex_unlock (&gnutls_init_mutex); |
876 | /* set default priorities */ | 902 | /* set default priorities */ |
877 | gnutls_priority_init (&retVal->priority_cache, "", NULL); | 903 | gnutls_priority_init (&retVal->priority_cache, "", NULL); |
904 | retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE; | ||
878 | } | 905 | } |
879 | #endif | 906 | #endif |
880 | /* initializes the argument pointer variable */ | 907 | /* initializes the argument pointer variable */ |
@@ -906,7 +933,7 @@ MHD_start_daemon_va (unsigned int options, | |||
906 | #if HTTPS_SUPPORT | 933 | #if HTTPS_SUPPORT |
907 | case MHD_OPTION_PROTOCOL_VERSION: | 934 | case MHD_OPTION_PROTOCOL_VERSION: |
908 | _set_priority (&retVal->priority_cache->protocol, | 935 | _set_priority (&retVal->priority_cache->protocol, |
909 | va_arg (ap, const int *)); | 936 | va_arg (ap, const int *)); |
910 | break; | 937 | break; |
911 | case MHD_OPTION_HTTPS_KEY_PATH: | 938 | case MHD_OPTION_HTTPS_KEY_PATH: |
912 | retVal->https_key_path = va_arg (ap, const char *); | 939 | retVal->https_key_path = va_arg (ap, const char *); |
@@ -920,8 +947,11 @@ MHD_start_daemon_va (unsigned int options, | |||
920 | case MHD_OPTION_HTTPS_MEM_CERT: | 947 | case MHD_OPTION_HTTPS_MEM_CERT: |
921 | retVal->https_mem_cert = va_arg (ap, const char *); | 948 | retVal->https_mem_cert = va_arg (ap, const char *); |
922 | break; | 949 | break; |
950 | case MHD_OPTION_CRED_TYPE: | ||
951 | retVal->cred_type = va_arg (ap, const int); | ||
952 | break; | ||
923 | case MHD_OPTION_KX_PRIORITY: | 953 | case MHD_OPTION_KX_PRIORITY: |
924 | _set_priority (&retVal->priority_cache->cipher, | 954 | _set_priority (&retVal->priority_cache->kx, |
925 | va_arg (ap, const int *)); | 955 | va_arg (ap, const int *)); |
926 | break; | 956 | break; |
927 | case MHD_OPTION_CIPHER_ALGORITHM: | 957 | case MHD_OPTION_CIPHER_ALGORITHM: |
@@ -929,16 +959,17 @@ MHD_start_daemon_va (unsigned int options, | |||
929 | va_arg (ap, const int *)); | 959 | va_arg (ap, const int *)); |
930 | break; | 960 | break; |
931 | case MHD_OPTION_MAC_ALGO: | 961 | case MHD_OPTION_MAC_ALGO: |
932 | _set_priority (&retVal->priority_cache->mac, | 962 | _set_priority (&retVal->priority_cache->mac, |
933 | va_arg (ap, const int *)); | 963 | va_arg (ap, const int *)); |
934 | break; | 964 | break; |
935 | #endif | 965 | #endif |
936 | default: | 966 | default: |
937 | #if HAVE_MESSAGES | 967 | #if HAVE_MESSAGES |
938 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) | 968 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) |
939 | { | 969 | { |
940 | fprintf (stderr, | 970 | fprintf (stderr, |
941 | "Error: HTTPS option %d passed to non HTTPS daemon\n", opt); | 971 | "Error: HTTPS option %d passed to non HTTPS daemon\n", |
972 | opt); | ||
942 | } | 973 | } |
943 | else | 974 | else |
944 | { | 975 | { |
@@ -952,7 +983,7 @@ MHD_start_daemon_va (unsigned int options, | |||
952 | 983 | ||
953 | #if HTTPS_SUPPORT | 984 | #if HTTPS_SUPPORT |
954 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ | 985 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ |
955 | if (options & MHD_USE_SSL && MHD_NO == MHD_TLS_init (retVal)) | 986 | if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0) |
956 | { | 987 | { |
957 | #if HAVE_MESSAGES | 988 | #if HAVE_MESSAGES |
958 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); | 989 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); |
@@ -985,18 +1016,244 @@ MHD_start_daemon (unsigned int options, | |||
985 | unsigned short port, | 1016 | unsigned short port, |
986 | MHD_AcceptPolicyCallback apc, | 1017 | MHD_AcceptPolicyCallback apc, |
987 | void *apc_cls, | 1018 | void *apc_cls, |
988 | MHD_AccessHandlerCallback dh, void *dh_cls, ...){ | 1019 | MHD_AccessHandlerCallback dh, void *dh_cls, ...) |
989 | 1020 | { | |
990 | int ret; | 1021 | const int on = 1; |
991 | va_list ap; | 1022 | struct MHD_Daemon *retVal; |
992 | va_start (ap, dh_cls); | 1023 | |
993 | ret = MHD_start_daemon_va (options, | 1024 | /* listeningss sockets used by the daemon */ |
994 | port, | 1025 | int socket_fd; |
995 | apc, | 1026 | va_list ap; |
996 | apc_cls, | 1027 | |
997 | dh, dh_cls, ap); | 1028 | struct sockaddr_in servaddr4; |
998 | va_end (ap); | 1029 | struct sockaddr_in6 servaddr6; |
999 | return ret; | 1030 | const struct sockaddr *servaddr; |
1031 | socklen_t addrlen; | ||
1032 | enum MHD_OPTION opt; | ||
1033 | |||
1034 | if ((port == 0) || (dh == NULL)) | ||
1035 | return NULL; | ||
1036 | if ((options & MHD_USE_IPv6) != 0) | ||
1037 | socket_fd = SOCKET (PF_INET6, SOCK_STREAM, 0); | ||
1038 | else | ||
1039 | socket_fd = SOCKET (PF_INET, SOCK_STREAM, 0); | ||
1040 | if (socket_fd < 0) | ||
1041 | { | ||
1042 | #if HAVE_MESSAGES | ||
1043 | if ((options & MHD_USE_DEBUG) != 0) | ||
1044 | fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); | ||
1045 | #endif | ||
1046 | return NULL; | ||
1047 | } | ||
1048 | if ((SETSOCKOPT (socket_fd, | ||
1049 | SOL_SOCKET, | ||
1050 | SO_REUSEADDR, | ||
1051 | &on, sizeof (on)) < 0) && (options & MHD_USE_DEBUG) != 0) | ||
1052 | { | ||
1053 | #if HAVE_MESSAGES | ||
1054 | fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno)); | ||
1055 | #endif | ||
1056 | } | ||
1057 | if ((options & MHD_USE_IPv6) != 0) | ||
1058 | { | ||
1059 | memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); | ||
1060 | servaddr6.sin6_family = AF_INET6; | ||
1061 | servaddr6.sin6_port = htons (port); | ||
1062 | servaddr = (struct sockaddr *) &servaddr6; | ||
1063 | addrlen = sizeof (struct sockaddr_in6); | ||
1064 | } | ||
1065 | else | ||
1066 | { | ||
1067 | memset (&servaddr4, 0, sizeof (struct sockaddr_in)); | ||
1068 | servaddr4.sin_family = AF_INET; | ||
1069 | servaddr4.sin_port = htons (port); | ||
1070 | servaddr = (struct sockaddr *) &servaddr4; | ||
1071 | addrlen = sizeof (struct sockaddr_in); | ||
1072 | } | ||
1073 | if (BIND (socket_fd, servaddr, addrlen) < 0) | ||
1074 | { | ||
1075 | #if HAVE_MESSAGES | ||
1076 | if ((options & MHD_USE_DEBUG) != 0) | ||
1077 | fprintf (stderr, | ||
1078 | "Failed to bind to port %u: %s\n", port, STRERROR (errno)); | ||
1079 | #endif | ||
1080 | CLOSE (socket_fd); | ||
1081 | return NULL; | ||
1082 | } | ||
1083 | if (LISTEN (socket_fd, 20) < 0) | ||
1084 | { | ||
1085 | #if HAVE_MESSAGES | ||
1086 | if ((options & MHD_USE_DEBUG) != 0) | ||
1087 | fprintf (stderr, | ||
1088 | "Failed to listen for connections: %s\n", STRERROR (errno)); | ||
1089 | #endif | ||
1090 | CLOSE (socket_fd); | ||
1091 | return NULL; | ||
1092 | } | ||
1093 | |||
1094 | /* allocate the mhd daemon */ | ||
1095 | |||
1096 | retVal = malloc (sizeof (struct MHD_Daemon)); | ||
1097 | |||
1098 | if (retVal == NULL) | ||
1099 | { | ||
1100 | CLOSE (socket_fd); | ||
1101 | return NULL; | ||
1102 | } | ||
1103 | |||
1104 | memset (retVal, 0, sizeof (struct MHD_Daemon)); | ||
1105 | retVal->options = options; | ||
1106 | retVal->port = port; | ||
1107 | retVal->apc = apc; | ||
1108 | retVal->apc_cls = apc_cls; | ||
1109 | retVal->socket_fd = socket_fd; | ||
1110 | retVal->default_handler = dh; | ||
1111 | retVal->default_handler_cls = dh_cls; | ||
1112 | retVal->max_connections = MHD_MAX_CONNECTIONS_DEFAULT; | ||
1113 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; | ||
1114 | retVal->connection_timeout = 0; /* no timeout */ | ||
1115 | #if HTTPS_SUPPORT | ||
1116 | if (options & MHD_USE_SSL) | ||
1117 | { | ||
1118 | /* lock gnutls_global mutex since it uses reference counting */ | ||
1119 | pthread_mutex_lock (&gnutls_init_mutex); | ||
1120 | gnutls_global_init (); | ||
1121 | pthread_mutex_unlock (&gnutls_init_mutex); | ||
1122 | /* set default priorities */ | ||
1123 | gnutls_priority_init (&retVal->priority_cache, "", NULL); | ||
1124 | retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE; | ||
1125 | } | ||
1126 | #endif | ||
1127 | /* initializes the argument pointer variable */ | ||
1128 | |||
1129 | va_start (ap, dh_cls); | ||
1130 | |||
1131 | /* | ||
1132 | * loop through daemon options | ||
1133 | */ | ||
1134 | while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION))) | ||
1135 | { | ||
1136 | switch (opt) | ||
1137 | { | ||
1138 | case MHD_OPTION_CONNECTION_MEMORY_LIMIT: | ||
1139 | retVal->pool_size = va_arg (ap, unsigned int); | ||
1140 | break; | ||
1141 | case MHD_OPTION_CONNECTION_LIMIT: | ||
1142 | retVal->max_connections = va_arg (ap, unsigned int); | ||
1143 | break; | ||
1144 | case MHD_OPTION_CONNECTION_TIMEOUT: | ||
1145 | retVal->connection_timeout = va_arg (ap, unsigned int); | ||
1146 | break; | ||
1147 | case MHD_OPTION_NOTIFY_COMPLETED: | ||
1148 | retVal->notify_completed = | ||
1149 | va_arg (ap, MHD_RequestCompletedCallback); | ||
1150 | retVal->notify_completed_cls = va_arg (ap, void *); | ||
1151 | break; | ||
1152 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: | ||
1153 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); | ||
1154 | break; | ||
1155 | #if HTTPS_SUPPORT | ||
1156 | case MHD_OPTION_PROTOCOL_VERSION: | ||
1157 | _set_priority (&retVal->priority_cache->protocol, | ||
1158 | va_arg (ap, const int *)); | ||
1159 | break; | ||
1160 | case MHD_OPTION_HTTPS_KEY_PATH: | ||
1161 | retVal->https_key_path = va_arg (ap, const char *); | ||
1162 | break; | ||
1163 | case MHD_OPTION_HTTPS_CERT_PATH: | ||
1164 | retVal->https_cert_path = va_arg (ap, const char *); | ||
1165 | break; | ||
1166 | case MHD_OPTION_HTTPS_MEM_KEY: | ||
1167 | retVal->https_mem_key = va_arg (ap, const char *); | ||
1168 | break; | ||
1169 | case MHD_OPTION_HTTPS_MEM_CERT: | ||
1170 | retVal->https_mem_cert = va_arg (ap, const char *); | ||
1171 | break; | ||
1172 | case MHD_OPTION_CRED_TYPE: | ||
1173 | retVal->cred_type = va_arg (ap, const int); | ||
1174 | break; | ||
1175 | case MHD_OPTION_KX_PRIORITY: | ||
1176 | _set_priority (&retVal->priority_cache->kx, | ||
1177 | va_arg (ap, const int *)); | ||
1178 | break; | ||
1179 | case MHD_OPTION_CIPHER_ALGORITHM: | ||
1180 | _set_priority (&retVal->priority_cache->cipher, | ||
1181 | va_arg (ap, const int *)); | ||
1182 | break; | ||
1183 | case MHD_OPTION_MAC_ALGO: | ||
1184 | _set_priority (&retVal->priority_cache->mac, | ||
1185 | va_arg (ap, const int *)); | ||
1186 | break; | ||
1187 | #endif | ||
1188 | default: | ||
1189 | #if HAVE_MESSAGES | ||
1190 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) | ||
1191 | { | ||
1192 | fprintf (stderr, | ||
1193 | "Error: HTTPS option %d passed to non HTTPS daemon\n", | ||
1194 | opt); | ||
1195 | } | ||
1196 | else | ||
1197 | { | ||
1198 | fprintf (stderr, | ||
1199 | "Invalid MHD_OPTION argument! (Did you terminate the list with MHD_OPTION_END?)\n"); | ||
1200 | } | ||
1201 | #endif | ||
1202 | abort (); | ||
1203 | } | ||
1204 | } | ||
1205 | va_end (ap); | ||
1206 | |||
1207 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ | ||
1208 | if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0) | ||
1209 | { | ||
1210 | #if HAVE_MESSAGES | ||
1211 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); | ||
1212 | #endif | ||
1213 | free (retVal); | ||
1214 | return NULL; | ||
1215 | } | ||
1216 | |||
1217 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options | ||
1218 | & | ||
1219 | MHD_USE_SELECT_INTERNALLY))) | ||
1220 | && (0 != | ||
1221 | pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) | ||
1222 | { | ||
1223 | #if HAVE_MESSAGES | ||
1224 | MHD_DLOG (retVal, "Failed to create listen thread: %s\n", | ||
1225 | STRERROR (errno)); | ||
1226 | #endif | ||
1227 | free (retVal); | ||
1228 | CLOSE (socket_fd); | ||
1229 | return NULL; | ||
1230 | } | ||
1231 | |||
1232 | return retVal; | ||
1233 | } | ||
1234 | |||
1235 | |||
1236 | /* | ||
1237 | * start the MHD_Daemon while binding to a specific ip address. | ||
1238 | * | ||
1239 | * TODO : address adding ip parameter to MHD_start_daemon | ||
1240 | */ | ||
1241 | struct MHD_Daemon * | ||
1242 | MHD_start_daemon_ip (unsigned int options, | ||
1243 | unsigned short port, char *ip, | ||
1244 | MHD_AcceptPolicyCallback apc, | ||
1245 | void *apc_cls, | ||
1246 | MHD_AccessHandlerCallback dh, void *dh_cls, ...) | ||
1247 | { | ||
1248 | |||
1249 | gnutls_global_set_log_level (5); | ||
1250 | |||
1251 | struct MHD_Daemon *ret; | ||
1252 | va_list ap; | ||
1253 | va_start (ap, dh_cls); | ||
1254 | ret = MHD_start_daemon_va (options, port, ip, apc, apc_cls, dh, dh_cls, ap); | ||
1255 | va_end (ap); | ||
1256 | return ret; | ||
1000 | } | 1257 | } |
1001 | 1258 | ||
1002 | /** | 1259 | /** |
@@ -1066,7 +1323,10 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
1066 | { | 1323 | { |
1067 | gnutls_priority_deinit (daemon->priority_cache); | 1324 | gnutls_priority_deinit (daemon->priority_cache); |
1068 | 1325 | ||
1069 | gnutls_certificate_free_credentials (daemon->x509_cret); | 1326 | if (daemon->x509_cred) |
1327 | gnutls_certificate_free_credentials (daemon->x509_cred); | ||
1328 | if (daemon->anon_cred) | ||
1329 | gnutls_anon_free_server_credentials (daemon->anon_cred); | ||
1070 | 1330 | ||
1071 | /* lock gnutls_global mutex since it uses reference counting */ | 1331 | /* lock gnutls_global mutex since it uses reference counting */ |
1072 | pthread_mutex_lock (&gnutls_init_mutex); | 1332 | pthread_mutex_lock (&gnutls_init_mutex); |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 40d49e08..3155e0bd 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -43,7 +43,6 @@ gnutls_compress.c \ | |||
43 | gnutls_compress_int.c \ | 43 | gnutls_compress_int.c \ |
44 | gnutls_constate.c \ | 44 | gnutls_constate.c \ |
45 | gnutls_datum.c \ | 45 | gnutls_datum.c \ |
46 | gnutls_db.c \ | ||
47 | gnutls_dh.c \ | 46 | gnutls_dh.c \ |
48 | gnutls_dh_primes.c \ | 47 | gnutls_dh_primes.c \ |
49 | gnutls_errors.c \ | 48 | gnutls_errors.c \ |
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h index 86e0230f..e49a6089 100644 --- a/src/daemon/https/tls/auth_cert.h +++ b/src/daemon/https/tls/auth_cert.h | |||
@@ -34,6 +34,7 @@ | |||
34 | /* This structure may be complex, but it's the only way to | 34 | /* This structure may be complex, but it's the only way to |
35 | * support a server that has multiple certificates | 35 | * support a server that has multiple certificates |
36 | */ | 36 | */ |
37 | |||
37 | typedef struct gnutls_certificate_credentials_st | 38 | typedef struct gnutls_certificate_credentials_st |
38 | { | 39 | { |
39 | gnutls_dh_params_t dh_params; | 40 | gnutls_dh_params_t dh_params; |
@@ -45,7 +46,7 @@ typedef struct gnutls_certificate_credentials_st | |||
45 | 46 | ||
46 | gnutls_cert **cert_list; | 47 | gnutls_cert **cert_list; |
47 | /* contains a list of a list of certificates. | 48 | /* contains a list of a list of certificates. |
48 | * eg (X509): [0] certificate1, certificate11, certificate111 | 49 | * eg (X509): [0] certificate1, certificate11, certificate111 |
49 | * (if more than one, one certificate certifies the one before) | 50 | * (if more than one, one certificate certifies the one before) |
50 | * [1] certificate2, certificate22, ... | 51 | * [1] certificate2, certificate22, ... |
51 | */ | 52 | */ |
@@ -75,14 +76,14 @@ typedef struct gnutls_certificate_credentials_st | |||
75 | /* X509 specific stuff */ | 76 | /* X509 specific stuff */ |
76 | 77 | ||
77 | gnutls_x509_crt_t *x509_ca_list; | 78 | gnutls_x509_crt_t *x509_ca_list; |
78 | unsigned x509_ncas; /* number of CAs in the ca_list | 79 | unsigned x509_ncas; /* number of CAs in the ca_list |
79 | */ | 80 | */ |
80 | 81 | ||
81 | gnutls_x509_crl_t *x509_crl_list; | 82 | gnutls_x509_crl_t *x509_crl_list; |
82 | unsigned x509_ncrls; /* number of CRLs in the crl_list | 83 | unsigned x509_ncrls; /* number of CRLs in the crl_list |
83 | */ | 84 | */ |
84 | 85 | ||
85 | unsigned int verify_flags; /* flags to be used at | 86 | unsigned int verify_flags; /* flags to be used at |
86 | * certificate verification. | 87 | * certificate verification. |
87 | */ | 88 | */ |
88 | unsigned int verify_depth; | 89 | unsigned int verify_depth; |
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 6f1c17bc..a1bec6a1 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c | |||
@@ -150,10 +150,10 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, | |||
150 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 150 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
151 | { | 151 | { |
152 | 152 | ||
153 | if (session->internals.priorities.cert_type.algorithms > 0) | 153 | if (session->internals.priorities.cert_type.num_algorithms > 0) |
154 | { | 154 | { |
155 | 155 | ||
156 | len = session->internals.priorities.cert_type.algorithms; | 156 | len = session->internals.priorities.cert_type.num_algorithms; |
157 | 157 | ||
158 | if (len == 1 && | 158 | if (len == 1 && |
159 | session->internals.priorities.cert_type.priority[0] == | 159 | session->internals.priorities.cert_type.priority[0] == |
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c index dfa35f85..29422dab 100644 --- a/src/daemon/https/tls/gnutls_alert.c +++ b/src/daemon/https/tls/gnutls_alert.c | |||
@@ -148,7 +148,7 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, | |||
148 | * alert should be sent to the peer indicating that no renegotiation will | 148 | * alert should be sent to the peer indicating that no renegotiation will |
149 | * be performed. | 149 | * be performed. |
150 | * | 150 | * |
151 | * If there is no mapping to a valid alert the alert to indicate internal error | 151 | * If there is no mapping to a valid alert the alert to indicate internal error |
152 | * is returned. | 152 | * is returned. |
153 | * | 153 | * |
154 | **/ | 154 | **/ |
@@ -163,7 +163,7 @@ gnutls_error_to_alert (int err, int *level) | |||
163 | /* GNUTLS_A_DECRYPTION_FAILED is not sent, because | 163 | /* GNUTLS_A_DECRYPTION_FAILED is not sent, because |
164 | * it is not defined in SSL3. Note that we must | 164 | * it is not defined in SSL3. Note that we must |
165 | * not distinguish Decryption failures from mac | 165 | * not distinguish Decryption failures from mac |
166 | * check failures, due to the possibility of some | 166 | * check failures, due to the possibility of some |
167 | * attacks. | 167 | * attacks. |
168 | */ | 168 | */ |
169 | ret = GNUTLS_A_BAD_RECORD_MAC; | 169 | ret = GNUTLS_A_BAD_RECORD_MAC; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 56435345..1809afda 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -767,7 +767,7 @@ _gnutls_mac_priority (gnutls_session_t session, | |||
767 | gnutls_mac_algorithm_t algorithm) | 767 | gnutls_mac_algorithm_t algorithm) |
768 | { /* actually returns the priority */ | 768 | { /* actually returns the priority */ |
769 | unsigned int i; | 769 | unsigned int i; |
770 | for (i = 0; i < session->internals.priorities.mac.algorithms; i++) | 770 | for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) |
771 | { | 771 | { |
772 | if (session->internals.priorities.mac.priority[i] == algorithm) | 772 | if (session->internals.priorities.mac.priority[i] == algorithm) |
773 | return i; | 773 | return i; |
@@ -893,7 +893,7 @@ _gnutls_compression_priority (gnutls_session_t session, | |||
893 | gnutls_compression_method_t algorithm) | 893 | gnutls_compression_method_t algorithm) |
894 | { /* actually returns the priority */ | 894 | { /* actually returns the priority */ |
895 | unsigned int i; | 895 | unsigned int i; |
896 | for (i = 0; i < session->internals.priorities.compression.algorithms; i++) | 896 | for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++) |
897 | { | 897 | { |
898 | if (session->internals.priorities.compression.priority[i] == algorithm) | 898 | if (session->internals.priorities.compression.priority[i] == algorithm) |
899 | return i; | 899 | return i; |
@@ -1040,7 +1040,7 @@ _gnutls_cipher_priority (gnutls_session_t session, | |||
1040 | gnutls_cipher_algorithm_t algorithm) | 1040 | gnutls_cipher_algorithm_t algorithm) |
1041 | { | 1041 | { |
1042 | unsigned int i; | 1042 | unsigned int i; |
1043 | for (i = 0; i < session->internals.priorities.cipher.algorithms; i++) | 1043 | for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) |
1044 | { | 1044 | { |
1045 | if (session->internals.priorities.cipher.priority[i] == algorithm) | 1045 | if (session->internals.priorities.cipher.priority[i] == algorithm) |
1046 | return i; | 1046 | return i; |
@@ -1176,7 +1176,7 @@ _gnutls_kx_priority (gnutls_session_t session, | |||
1176 | gnutls_kx_algorithm_t algorithm) | 1176 | gnutls_kx_algorithm_t algorithm) |
1177 | { | 1177 | { |
1178 | unsigned int i; | 1178 | unsigned int i; |
1179 | for (i = 0; i < session->internals.priorities.kx.algorithms; i++) | 1179 | for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) |
1180 | { | 1180 | { |
1181 | if (session->internals.priorities.kx.priority[i] == algorithm) | 1181 | if (session->internals.priorities.kx.priority[i] == algorithm) |
1182 | return i; | 1182 | return i; |
@@ -1276,7 +1276,7 @@ _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version) | |||
1276 | return -1; | 1276 | return -1; |
1277 | } | 1277 | } |
1278 | 1278 | ||
1279 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1279 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1280 | { | 1280 | { |
1281 | if (session->internals.priorities.protocol.priority[i] == version) | 1281 | if (session->internals.priorities.protocol.priority[i] == version) |
1282 | return i; | 1282 | return i; |
@@ -1294,7 +1294,7 @@ _gnutls_version_lowest (gnutls_session_t session) | |||
1294 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1294 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1295 | } | 1295 | } |
1296 | else | 1296 | else |
1297 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1297 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1298 | { | 1298 | { |
1299 | if (session->internals.priorities.protocol.priority[i] < min) | 1299 | if (session->internals.priorities.protocol.priority[i] < min) |
1300 | min = session->internals.priorities.protocol.priority[i]; | 1300 | min = session->internals.priorities.protocol.priority[i]; |
@@ -1316,7 +1316,7 @@ _gnutls_version_max (gnutls_session_t session) | |||
1316 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1316 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1317 | } | 1317 | } |
1318 | else | 1318 | else |
1319 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1319 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1320 | { | 1320 | { |
1321 | if (session->internals.priorities.protocol.priority[i] > max) | 1321 | if (session->internals.priorities.protocol.priority[i] > max) |
1322 | max = session->internals.priorities.protocol.priority[i]; | 1322 | max = session->internals.priorities.protocol.priority[i]; |
@@ -1886,7 +1886,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, | |||
1886 | 1886 | ||
1887 | /* returns the TLS numbers of the compression methods we support | 1887 | /* returns the TLS numbers of the compression methods we support |
1888 | */ | 1888 | */ |
1889 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms | 1889 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms |
1890 | int | 1890 | int |
1891 | _gnutls_supported_compression_methods (gnutls_session_t session, | 1891 | _gnutls_supported_compression_methods (gnutls_session_t session, |
1892 | uint8_t ** comp) | 1892 | uint8_t ** comp) |
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c index 919315ef..fd0917f8 100644 --- a/src/daemon/https/tls/gnutls_anon_cred.c +++ b/src/daemon/https/tls/gnutls_anon_cred.c | |||
@@ -62,8 +62,9 @@ int | |||
62 | gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * | 62 | gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * |
63 | sc) | 63 | sc) |
64 | { | 64 | { |
65 | |||
66 | *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); | 65 | *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); |
66 | if (*sc == NULL) | ||
67 | return GNUTLS_E_MEMORY_ERROR; | ||
67 | 68 | ||
68 | return 0; | 69 | return 0; |
69 | } | 70 | } |
diff --git a/src/daemon/https/tls/gnutls_db.c b/src/daemon/https/tls/gnutls_db.c deleted file mode 100644 index 806961c1..00000000 --- a/src/daemon/https/tls/gnutls_db.c +++ /dev/null | |||
@@ -1,386 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains functions that manipulate a database backend | ||
26 | * for resumed sessions. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | // #include "gnutls_session.h" | ||
32 | #include <gnutls_db.h> | ||
33 | #include "debug.h" | ||
34 | #include <gnutls_session_pack.h> | ||
35 | #include <gnutls_datum.h> | ||
36 | |||
37 | /** | ||
38 | * gnutls_db_set_retrieve_function - Sets the function that will be used to get data | ||
39 | * @session: is a #gnutls_session_t structure. | ||
40 | * @retr_func: is the function. | ||
41 | * | ||
42 | * Sets the function that will be used to retrieve data from the resumed | ||
43 | * sessions database. This function must return a gnutls_datum_t containing the | ||
44 | * data on success, or a gnutls_datum_t containing null and 0 on failure. | ||
45 | * | ||
46 | * The datum's data must be allocated using the function | ||
47 | * gnutls_malloc(). | ||
48 | * | ||
49 | * The first argument to retr_func() will be null unless gnutls_db_set_ptr() | ||
50 | * has been called. | ||
51 | * | ||
52 | **/ | ||
53 | void | ||
54 | gnutls_db_set_retrieve_function (gnutls_session_t session, | ||
55 | gnutls_db_retr_func retr_func) | ||
56 | { | ||
57 | session->internals.db_retrieve_func = retr_func; | ||
58 | } | ||
59 | |||
60 | /** | ||
61 | * gnutls_db_set_remove_function - Sets the function that will be used to remove data | ||
62 | * @session: is a #gnutls_session_t structure. | ||
63 | * @rem_func: is the function. | ||
64 | * | ||
65 | * Sets the function that will be used to remove data from the resumed | ||
66 | * sessions database. This function must return 0 on success. | ||
67 | * | ||
68 | * The first argument to rem_func() will be null unless gnutls_db_set_ptr() | ||
69 | * has been called. | ||
70 | * | ||
71 | **/ | ||
72 | void | ||
73 | gnutls_db_set_remove_function (gnutls_session_t session, | ||
74 | gnutls_db_remove_func rem_func) | ||
75 | { | ||
76 | session->internals.db_remove_func = rem_func; | ||
77 | } | ||
78 | |||
79 | /** | ||
80 | * gnutls_db_set_store_function - Sets the function that will be used to put data | ||
81 | * @session: is a #gnutls_session_t structure. | ||
82 | * @store_func: is the function | ||
83 | * | ||
84 | * Sets the function that will be used to store data from the resumed | ||
85 | * sessions database. This function must remove 0 on success. | ||
86 | * | ||
87 | * The first argument to store_func() will be null unless gnutls_db_set_ptr() | ||
88 | * has been called. | ||
89 | * | ||
90 | **/ | ||
91 | void | ||
92 | gnutls_db_set_store_function (gnutls_session_t session, | ||
93 | gnutls_db_store_func store_func) | ||
94 | { | ||
95 | session->internals.db_store_func = store_func; | ||
96 | } | ||
97 | |||
98 | /** | ||
99 | * gnutls_db_set_ptr - Sets a pointer to be sent to db functions | ||
100 | * @session: is a #gnutls_session_t structure. | ||
101 | * @ptr: is the pointer | ||
102 | * | ||
103 | * Sets the pointer that will be provided to db store, retrieve and delete functions, as | ||
104 | * the first argument. | ||
105 | * | ||
106 | **/ | ||
107 | void | ||
108 | gnutls_db_set_ptr (gnutls_session_t session, void *ptr) | ||
109 | { | ||
110 | session->internals.db_ptr = ptr; | ||
111 | } | ||
112 | |||
113 | /** | ||
114 | * gnutls_db_get_ptr - Returns the pointer which is sent to db functions | ||
115 | * @session: is a #gnutls_session_t structure. | ||
116 | * | ||
117 | * Returns the pointer that will be sent to db store, retrieve and delete functions, as | ||
118 | * the first argument. | ||
119 | * | ||
120 | **/ | ||
121 | void * | ||
122 | gnutls_db_get_ptr (gnutls_session_t session) | ||
123 | { | ||
124 | return session->internals.db_ptr; | ||
125 | } | ||
126 | |||
127 | /** | ||
128 | * gnutls_db_set_cache_expiration - Sets the expiration time for resumed sessions. | ||
129 | * @session: is a #gnutls_session_t structure. | ||
130 | * @seconds: is the number of seconds. | ||
131 | * | ||
132 | * Sets the expiration time for resumed sessions. The default is 3600 (one hour) | ||
133 | * at the time writing this. | ||
134 | **/ | ||
135 | void | ||
136 | gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds) | ||
137 | { | ||
138 | session->internals.expire_time = seconds; | ||
139 | } | ||
140 | |||
141 | /** | ||
142 | * gnutls_db_check_entry - checks if the given db entry has expired | ||
143 | * @session: is a #gnutls_session_t structure. | ||
144 | * @session_entry: is the session data (not key) | ||
145 | * | ||
146 | * This function returns GNUTLS_E_EXPIRED, if the database entry | ||
147 | * has expired or 0 otherwise. This function is to be used when | ||
148 | * you want to clear unnesessary session which occupy space in your | ||
149 | * backend. | ||
150 | * | ||
151 | **/ | ||
152 | int | ||
153 | gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry) | ||
154 | { | ||
155 | time_t timestamp; | ||
156 | |||
157 | timestamp = time (0); | ||
158 | |||
159 | if (session_entry.data != NULL) | ||
160 | if (timestamp - | ||
161 | ((security_parameters_st *) (session_entry.data))->timestamp <= | ||
162 | session->internals.expire_time | ||
163 | || ((security_parameters_st *) (session_entry.data))-> | ||
164 | timestamp > timestamp | ||
165 | || ((security_parameters_st *) (session_entry.data))->timestamp == 0) | ||
166 | return GNUTLS_E_EXPIRED; | ||
167 | |||
168 | return 0; | ||
169 | } | ||
170 | |||
171 | /* The format of storing data is: | ||
172 | * (forget it). Check gnutls_session_pack.c | ||
173 | */ | ||
174 | int | ||
175 | _gnutls_server_register_current_session (gnutls_session_t session) | ||
176 | { | ||
177 | gnutls_datum_t key; | ||
178 | gnutls_datum_t content; | ||
179 | int ret = 0; | ||
180 | |||
181 | key.data = session->security_parameters.session_id; | ||
182 | key.size = session->security_parameters.session_id_size; | ||
183 | |||
184 | if (session->internals.resumable == RESUME_FALSE) | ||
185 | { | ||
186 | gnutls_assert (); | ||
187 | return GNUTLS_E_INVALID_SESSION; | ||
188 | } | ||
189 | |||
190 | if (session->security_parameters.session_id == NULL | ||
191 | || session->security_parameters.session_id_size == 0) | ||
192 | { | ||
193 | gnutls_assert (); | ||
194 | return GNUTLS_E_INVALID_SESSION; | ||
195 | } | ||
196 | |||
197 | /* copy data */ | ||
198 | ret = _gnutls_session_pack (session, &content); | ||
199 | if (ret < 0) | ||
200 | { | ||
201 | gnutls_assert (); | ||
202 | return ret; | ||
203 | } | ||
204 | |||
205 | ret = _gnutls_store_session (session, key, content); | ||
206 | _gnutls_free_datum (&content); | ||
207 | |||
208 | return ret; | ||
209 | } | ||
210 | |||
211 | /* Checks if both db_store and db_retrieve functions have | ||
212 | * been set up. | ||
213 | */ | ||
214 | static int | ||
215 | _gnutls_db_func_is_ok (gnutls_session_t session) | ||
216 | { | ||
217 | if (session->internals.db_store_func != NULL && | ||
218 | session->internals.db_retrieve_func != NULL && | ||
219 | session->internals.db_remove_func != NULL) | ||
220 | return 0; | ||
221 | else | ||
222 | return GNUTLS_E_DB_ERROR; | ||
223 | } | ||
224 | |||
225 | |||
226 | int | ||
227 | _gnutls_server_restore_session (gnutls_session_t session, | ||
228 | uint8_t * session_id, int session_id_size) | ||
229 | { | ||
230 | gnutls_datum_t data; | ||
231 | gnutls_datum_t key; | ||
232 | int ret; | ||
233 | |||
234 | key.data = session_id; | ||
235 | key.size = session_id_size; | ||
236 | |||
237 | if (_gnutls_db_func_is_ok (session) != 0) | ||
238 | { | ||
239 | gnutls_assert (); | ||
240 | return GNUTLS_E_INVALID_SESSION; | ||
241 | } | ||
242 | |||
243 | data = _gnutls_retrieve_session (session, key); | ||
244 | |||
245 | if (data.data == NULL) | ||
246 | { | ||
247 | gnutls_assert (); | ||
248 | return GNUTLS_E_INVALID_SESSION; | ||
249 | } | ||
250 | |||
251 | /* expiration check is performed inside */ | ||
252 | ret = gnutls_session_set_data (session, data.data, data.size); | ||
253 | if (ret < 0) | ||
254 | { | ||
255 | gnutls_assert (); | ||
256 | return ret; | ||
257 | } | ||
258 | |||
259 | gnutls_free (data.data); | ||
260 | |||
261 | return 0; | ||
262 | } | ||
263 | |||
264 | int | ||
265 | _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, | ||
266 | int session_id_size) | ||
267 | { | ||
268 | gnutls_datum_t key; | ||
269 | |||
270 | key.data = session_id; | ||
271 | key.size = session_id_size; | ||
272 | |||
273 | return _gnutls_remove_session (session, key); | ||
274 | } | ||
275 | |||
276 | |||
277 | /* Stores session data to the db backend. | ||
278 | */ | ||
279 | int | ||
280 | _gnutls_store_session (gnutls_session_t session, | ||
281 | gnutls_datum_t session_id, gnutls_datum_t session_data) | ||
282 | { | ||
283 | int ret = 0; | ||
284 | |||
285 | if (session->internals.resumable == RESUME_FALSE) | ||
286 | { | ||
287 | gnutls_assert (); | ||
288 | return GNUTLS_E_INVALID_SESSION; | ||
289 | } | ||
290 | |||
291 | if (_gnutls_db_func_is_ok (session) != 0) | ||
292 | { | ||
293 | return GNUTLS_E_DB_ERROR; | ||
294 | } | ||
295 | |||
296 | if (session_id.data == NULL || session_id.size == 0) | ||
297 | { | ||
298 | gnutls_assert (); | ||
299 | return GNUTLS_E_INVALID_SESSION; | ||
300 | } | ||
301 | |||
302 | if (session_data.data == NULL || session_data.size == 0) | ||
303 | { | ||
304 | gnutls_assert (); | ||
305 | return GNUTLS_E_INVALID_SESSION; | ||
306 | } | ||
307 | /* if we can't read why bother writing? */ | ||
308 | |||
309 | if (session->internals.db_store_func != NULL) | ||
310 | ret = | ||
311 | session->internals.db_store_func (session->internals.db_ptr, | ||
312 | session_id, session_data); | ||
313 | |||
314 | return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); | ||
315 | |||
316 | } | ||
317 | |||
318 | /* Retrieves session data from the db backend. | ||
319 | */ | ||
320 | gnutls_datum_t | ||
321 | _gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id) | ||
322 | { | ||
323 | gnutls_datum_t ret = { NULL, 0 }; | ||
324 | |||
325 | if (session_id.data == NULL || session_id.size == 0) | ||
326 | { | ||
327 | gnutls_assert (); | ||
328 | return ret; | ||
329 | } | ||
330 | |||
331 | if (session->internals.db_retrieve_func != NULL) | ||
332 | ret = | ||
333 | session->internals.db_retrieve_func (session->internals.db_ptr, | ||
334 | session_id); | ||
335 | |||
336 | return ret; | ||
337 | |||
338 | } | ||
339 | |||
340 | /* Removes session data from the db backend. | ||
341 | */ | ||
342 | int | ||
343 | _gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id) | ||
344 | { | ||
345 | int ret = 0; | ||
346 | |||
347 | if (_gnutls_db_func_is_ok (session) != 0) | ||
348 | { | ||
349 | return GNUTLS_E_DB_ERROR; | ||
350 | } | ||
351 | |||
352 | if (session_id.data == NULL || session_id.size == 0) | ||
353 | return GNUTLS_E_INVALID_SESSION; | ||
354 | |||
355 | /* if we can't read why bother writing? */ | ||
356 | if (session->internals.db_remove_func != NULL) | ||
357 | ret = | ||
358 | session->internals.db_remove_func (session->internals.db_ptr, | ||
359 | session_id); | ||
360 | |||
361 | return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); | ||
362 | |||
363 | } | ||
364 | |||
365 | /** | ||
366 | * gnutls_db_remove_session - This function will remove the current session data from the database | ||
367 | * @session: is a #gnutls_session_t structure. | ||
368 | * | ||
369 | * This function will remove the current session data from the session | ||
370 | * database. This will prevent future handshakes reusing these session | ||
371 | * data. This function should be called if a session was terminated | ||
372 | * abnormally, and before gnutls_deinit() is called. | ||
373 | * | ||
374 | * Normally gnutls_deinit() will remove abnormally terminated sessions. | ||
375 | * | ||
376 | **/ | ||
377 | void | ||
378 | gnutls_db_remove_session (gnutls_session_t session) | ||
379 | { | ||
380 | /* if the session has failed abnormally it has | ||
381 | * to be removed from the db | ||
382 | */ | ||
383 | _gnutls_db_remove_session (session, | ||
384 | session->security_parameters.session_id, | ||
385 | session->security_parameters.session_id_size); | ||
386 | } | ||
diff --git a/src/daemon/https/tls/gnutls_db.h b/src/daemon/https/tls/gnutls_db.h deleted file mode 100644 index 9adece4e..00000000 --- a/src/daemon/https/tls/gnutls_db.h +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int _gnutls_server_register_current_session (gnutls_session_t session); | ||
26 | int _gnutls_server_restore_session (gnutls_session_t session, | ||
27 | uint8_t * session_id, | ||
28 | int session_id_size); | ||
29 | int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, | ||
30 | int session_id_size); | ||
31 | int _gnutls_store_session (gnutls_session_t session, | ||
32 | gnutls_datum_t session_id, | ||
33 | gnutls_datum_t session_data); | ||
34 | gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session, | ||
35 | gnutls_datum_t session_id); | ||
36 | int _gnutls_remove_session (gnutls_session_t session, | ||
37 | gnutls_datum_t session_id); | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index b304bdcb..5f56822e 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -37,7 +37,6 @@ | |||
37 | #include "gnutls_handshake.h" | 37 | #include "gnutls_handshake.h" |
38 | #include "gnutls_num.h" | 38 | #include "gnutls_num.h" |
39 | #include "gnutls_hash_int.h" | 39 | #include "gnutls_hash_int.h" |
40 | #include "gnutls_db.h" | ||
41 | #include "gnutls_extensions.h" | 40 | #include "gnutls_extensions.h" |
42 | #include "gnutls_supplemental.h" | 41 | #include "gnutls_supplemental.h" |
43 | #include "gnutls_auth_int.h" | 42 | #include "gnutls_auth_int.h" |
@@ -338,7 +337,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
338 | int datalen) | 337 | int datalen) |
339 | { | 338 | { |
340 | uint8_t session_id_len; | 339 | uint8_t session_id_len; |
341 | int pos = 0, ret; | 340 | int pos = 0, ret = 0; |
342 | uint16_t suite_size, comp_size; | 341 | uint16_t suite_size, comp_size; |
343 | gnutls_protocol_t adv_version; | 342 | gnutls_protocol_t adv_version; |
344 | int neg_version; | 343 | int neg_version; |
@@ -383,10 +382,10 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
383 | } | 382 | } |
384 | DECR_LEN (len, session_id_len); | 383 | DECR_LEN (len, session_id_len); |
385 | 384 | ||
386 | ret = _gnutls_server_restore_session (session, &data[pos], session_id_len); | ||
387 | pos += session_id_len; | 385 | pos += session_id_len; |
388 | 386 | ||
389 | if (ret == 0) | 387 | /* TODO rm if support for resumed sessions won't be supported */ |
388 | if (0) | ||
390 | { /* resumed! */ | 389 | { /* resumed! */ |
391 | resume_copy_required_values (session); | 390 | resume_copy_required_values (session); |
392 | session->internals.resumed = RESUME_TRUE; | 391 | session->internals.resumed = RESUME_TRUE; |
@@ -2647,12 +2646,6 @@ _gnutls_handshake_common (gnutls_session_t session) | |||
2647 | IMED_RET ("recv handshake final 2", ret); | 2646 | IMED_RET ("recv handshake final 2", ret); |
2648 | } | 2647 | } |
2649 | 2648 | ||
2650 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
2651 | { | ||
2652 | /* in order to support session resuming */ | ||
2653 | _gnutls_server_register_current_session (session); | ||
2654 | } | ||
2655 | |||
2656 | /* clear handshake buffer */ | 2649 | /* clear handshake buffer */ |
2657 | _gnutls_handshake_hash_buffers_clear (session); | 2650 | _gnutls_handshake_hash_buffers_clear (session); |
2658 | return ret; | 2651 | return ret; |
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h index 5d30ac58..7791b554 100644 --- a/src/daemon/https/tls/gnutls_int.h +++ b/src/daemon/https/tls/gnutls_int.h | |||
@@ -380,7 +380,7 @@ typedef struct | |||
380 | typedef struct | 380 | typedef struct |
381 | { | 381 | { |
382 | unsigned int priority[MAX_ALGOS]; | 382 | unsigned int priority[MAX_ALGOS]; |
383 | unsigned int algorithms; | 383 | unsigned int num_algorithms; |
384 | } priority_st; | 384 | } priority_st; |
385 | 385 | ||
386 | /* For the external api */ | 386 | /* For the external api */ |
@@ -391,6 +391,8 @@ struct gnutls_priority_st | |||
391 | priority_st kx; | 391 | priority_st kx; |
392 | priority_st compression; | 392 | priority_st compression; |
393 | priority_st protocol; | 393 | priority_st protocol; |
394 | |||
395 | /* certificate type : x509, OpenPGP, etc. */ | ||
394 | priority_st cert_type; | 396 | priority_st cert_type; |
395 | 397 | ||
396 | /* to disable record padding */ | 398 | /* to disable record padding */ |
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 0dfb27e3..cea6446b 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -56,7 +56,7 @@ gnutls_cipher_set_priority (gnutls_session_t session, const int *list) | |||
56 | num++; | 56 | num++; |
57 | if (num > MAX_ALGOS) | 57 | if (num > MAX_ALGOS) |
58 | num = MAX_ALGOS; | 58 | num = MAX_ALGOS; |
59 | session->internals.priorities.cipher.algorithms = num; | 59 | session->internals.priorities.cipher.num_algorithms = num; |
60 | 60 | ||
61 | for (i = 0; i < num; i++) | 61 | for (i = 0; i < num; i++) |
62 | { | 62 | { |
@@ -75,7 +75,7 @@ _set_priority (priority_st * st, const int *list) | |||
75 | num++; | 75 | num++; |
76 | if (num > MAX_ALGOS) | 76 | if (num > MAX_ALGOS) |
77 | num = MAX_ALGOS; | 77 | num = MAX_ALGOS; |
78 | st->algorithms = num; | 78 | st->num_algorithms = num; |
79 | 79 | ||
80 | for (i = 0; i < num; i++) | 80 | for (i = 0; i < num; i++) |
81 | { | 81 | { |
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index e52cf922..68c83330 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c | |||
@@ -35,7 +35,6 @@ | |||
35 | #include "gnutls_hash_int.h" | 35 | #include "gnutls_hash_int.h" |
36 | #include "gnutls_cipher_int.h" | 36 | #include "gnutls_cipher_int.h" |
37 | #include "gnutls_algorithms.h" | 37 | #include "gnutls_algorithms.h" |
38 | #include "gnutls_db.h" | ||
39 | #include "gnutls_auth_int.h" | 38 | #include "gnutls_auth_int.h" |
40 | #include "gnutls_num.h" | 39 | #include "gnutls_num.h" |
41 | #include "gnutls_record.h" | 40 | #include "gnutls_record.h" |
@@ -289,7 +288,7 @@ session_is_valid (gnutls_session_t session) | |||
289 | return 0; | 288 | return 0; |
290 | } | 289 | } |
291 | 290 | ||
292 | /* Copies the record version into the headers. The | 291 | /* Copies the record version into the headers. The |
293 | * version must have 2 bytes at least. | 292 | * version must have 2 bytes at least. |
294 | */ | 293 | */ |
295 | inline static void | 294 | inline static void |
@@ -316,7 +315,7 @@ copy_record_version (gnutls_session_t session, | |||
316 | /* This function behaves exactly like write(). The only difference is | 315 | /* This function behaves exactly like write(). The only difference is |
317 | * that it accepts, the gnutls_session_t and the content_type_t of data to | 316 | * that it accepts, the gnutls_session_t and the content_type_t of data to |
318 | * send (if called by the user the Content is specific) | 317 | * send (if called by the user the Content is specific) |
319 | * It is intended to transfer data, under the current session. | 318 | * It is intended to transfer data, under the current session. |
320 | * | 319 | * |
321 | * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. | 320 | * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. |
322 | * This makes the function much easier to read, and more error resistant | 321 | * This makes the function much easier to read, and more error resistant |
@@ -376,7 +375,7 @@ _gnutls_send_int (gnutls_session_t session, | |||
376 | else | 375 | else |
377 | data2send_size = sizeofdata; | 376 | data2send_size = sizeofdata; |
378 | 377 | ||
379 | /* Only encrypt if we don't have data to send | 378 | /* Only encrypt if we don't have data to send |
380 | * from the previous run. - probably interrupted. | 379 | * from the previous run. - probably interrupted. |
381 | */ | 380 | */ |
382 | if (session->internals.record_send_buffer.length > 0) | 381 | if (session->internals.record_send_buffer.length > 0) |
@@ -469,7 +468,7 @@ _gnutls_send_int (gnutls_session_t session, | |||
469 | return retval; | 468 | return retval; |
470 | } | 469 | } |
471 | 470 | ||
472 | /* This function is to be called if the handshake was successfully | 471 | /* This function is to be called if the handshake was successfully |
473 | * completed. This sends a Change Cipher Spec packet to the peer. | 472 | * completed. This sends a Change Cipher Spec packet to the peer. |
474 | */ | 473 | */ |
475 | ssize_t | 474 | ssize_t |
@@ -556,8 +555,8 @@ record_check_headers (gnutls_session_t session, | |||
556 | uint16_t * length, uint16_t * header_size) | 555 | uint16_t * length, uint16_t * header_size) |
557 | { | 556 | { |
558 | 557 | ||
559 | /* Read the first two bytes to determine if this is a | 558 | /* Read the first two bytes to determine if this is a |
560 | * version 2 message | 559 | * version 2 message |
561 | */ | 560 | */ |
562 | 561 | ||
563 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE | 562 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE |
@@ -565,7 +564,7 @@ record_check_headers (gnutls_session_t session, | |||
565 | { | 564 | { |
566 | 565 | ||
567 | /* if msb set and expecting handshake message | 566 | /* if msb set and expecting handshake message |
568 | * it should be SSL 2 hello | 567 | * it should be SSL 2 hello |
569 | */ | 568 | */ |
570 | version[0] = 3; /* assume SSL 3.0 */ | 569 | version[0] = 3; /* assume SSL 3.0 */ |
571 | version[1] = 0; | 570 | version[1] = 0; |
@@ -593,7 +592,7 @@ record_check_headers (gnutls_session_t session, | |||
593 | version[0] = headers[1]; | 592 | version[0] = headers[1]; |
594 | version[1] = headers[2]; | 593 | version[1] = headers[2]; |
595 | 594 | ||
596 | /* No DECR_LEN, since headers has enough size. | 595 | /* No DECR_LEN, since headers has enough size. |
597 | */ | 596 | */ |
598 | *length = _gnutls_read_uint16 (&headers[3]); | 597 | *length = _gnutls_read_uint16 (&headers[3]); |
599 | } | 598 | } |
@@ -676,7 +675,7 @@ record_check_type (gnutls_session_t session, | |||
676 | */ | 675 | */ |
677 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) | 676 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) |
678 | { | 677 | { |
679 | /* If we have been expecting for an alert do | 678 | /* If we have been expecting for an alert do |
680 | */ | 679 | */ |
681 | session->internals.read_eof = 1; | 680 | session->internals.read_eof = 1; |
682 | return GNUTLS_E_INT_RET_0; /* EOF */ | 681 | return GNUTLS_E_INT_RET_0; /* EOF */ |
@@ -911,7 +910,7 @@ begin: | |||
911 | } | 910 | } |
912 | 911 | ||
913 | /* Here we check if the Type of the received packet is | 912 | /* Here we check if the Type of the received packet is |
914 | * ok. | 913 | * ok. |
915 | */ | 914 | */ |
916 | if ((ret = check_recv_type (recv_type)) < 0) | 915 | if ((ret = check_recv_type (recv_type)) < 0) |
917 | { | 916 | { |
@@ -952,7 +951,7 @@ begin: | |||
952 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 951 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
953 | } | 952 | } |
954 | 953 | ||
955 | /* check if we have that data into buffer. | 954 | /* check if we have that data into buffer. |
956 | */ | 955 | */ |
957 | if ((ret = _gnutls_io_read_buffered (session, &recv_data, | 956 | if ((ret = _gnutls_io_read_buffered (session, &recv_data, |
958 | header_size + length, recv_type)) | 957 | header_size + length, recv_type)) |
@@ -1017,7 +1016,7 @@ begin: | |||
1017 | read_sequence_number), | 1016 | read_sequence_number), |
1018 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); | 1017 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); |
1019 | 1018 | ||
1020 | /* increase sequence number | 1019 | /* increase sequence number |
1021 | */ | 1020 | */ |
1022 | if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) | 1021 | if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) |
1023 | { | 1022 | { |
@@ -1037,7 +1036,7 @@ begin: | |||
1037 | return ret; | 1036 | return ret; |
1038 | } | 1037 | } |
1039 | 1038 | ||
1040 | /* Get Application data from buffer | 1039 | /* Get Application data from buffer |
1041 | */ | 1040 | */ |
1042 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | 1041 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type |
1043 | == GNUTLS_HANDSHAKE | 1042 | == GNUTLS_HANDSHAKE |
@@ -1051,7 +1050,7 @@ begin: | |||
1051 | return ret; | 1050 | return ret; |
1052 | } | 1051 | } |
1053 | 1052 | ||
1054 | /* if the buffer just got empty | 1053 | /* if the buffer just got empty |
1055 | */ | 1054 | */ |
1056 | if (_gnutls_record_buffer_get_size (type, session) == 0) | 1055 | if (_gnutls_record_buffer_get_size (type, session) == 0) |
1057 | { | 1056 | { |
@@ -1066,11 +1065,11 @@ begin: | |||
1066 | { | 1065 | { |
1067 | gnutls_assert (); | 1066 | gnutls_assert (); |
1068 | return GNUTLS_E_UNEXPECTED_PACKET; | 1067 | return GNUTLS_E_UNEXPECTED_PACKET; |
1069 | /* we didn't get what we wanted to | 1068 | /* we didn't get what we wanted to |
1070 | */ | 1069 | */ |
1071 | } | 1070 | } |
1072 | 1071 | ||
1073 | /* (originally for) TLS 1.0 CBC protection. | 1072 | /* (originally for) TLS 1.0 CBC protection. |
1074 | * Actually this code is called if we just received | 1073 | * Actually this code is called if we just received |
1075 | * an empty packet. An empty TLS packet is usually | 1074 | * an empty packet. An empty TLS packet is usually |
1076 | * sent to protect some vulnerabilities in the CBC mode. | 1075 | * sent to protect some vulnerabilities in the CBC mode. |
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c index 541cc699..fb9b5e80 100644 --- a/src/daemon/https/tls/gnutls_session.c +++ b/src/daemon/https/tls/gnutls_session.c | |||
@@ -24,7 +24,7 @@ | |||
24 | #include "gnutls_int.h" | 24 | #include "gnutls_int.h" |
25 | #include "gnutls_errors.h" | 25 | #include "gnutls_errors.h" |
26 | #include "debug.h" | 26 | #include "debug.h" |
27 | #include <gnutls_session_pack.h> | 27 | #include "gnutls_session_pack.h" |
28 | #include <gnutls_datum.h> | 28 | #include <gnutls_datum.h> |
29 | 29 | ||
30 | /** | 30 | /** |
@@ -123,10 +123,10 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data) | |||
123 | * | 123 | * |
124 | * Returns the current session id. This can be used if you want to check if | 124 | * Returns the current session id. This can be used if you want to check if |
125 | * the next session you tried to resume was actually resumed. | 125 | * the next session you tried to resume was actually resumed. |
126 | * This is because resumed sessions have the same sessionID with the | 126 | * This is because resumed sessions have the same sessionID with the |
127 | * original session. | 127 | * original session. |
128 | * | 128 | * |
129 | * Session id is some data set by the server, that identify the current session. | 129 | * Session id is some data set by the server, that identify the current session. |
130 | * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. | 130 | * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. |
131 | * | 131 | * |
132 | * Returns zero on success. | 132 | * Returns zero on success. |
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index ed4945b6..3e549c4c 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -54,6 +54,169 @@ static int unpack_security_parameters (gnutls_session_t session, | |||
54 | static int pack_security_parameters (gnutls_session_t session, | 54 | static int pack_security_parameters (gnutls_session_t session, |
55 | gnutls_datum_t * packed_session); | 55 | gnutls_datum_t * packed_session); |
56 | 56 | ||
57 | /* Packs the ANON session authentication data. */ | ||
58 | #ifdef ENABLE_ANON | ||
59 | |||
60 | /* Format: | ||
61 | * 1 byte the credentials type | ||
62 | * 4 bytes the size of the whole structure | ||
63 | * 2 bytes the size of secret key in bits | ||
64 | * 4 bytes the size of the prime | ||
65 | * x bytes the prime | ||
66 | * 4 bytes the size of the generator | ||
67 | * x bytes the generator | ||
68 | * 4 bytes the size of the public key | ||
69 | * x bytes the public key | ||
70 | */ | ||
71 | static int | ||
72 | pack_anon_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) | ||
73 | { | ||
74 | anon_auth_info_t info = _gnutls_get_auth_info (session); | ||
75 | int pos = 0; | ||
76 | size_t pack_size; | ||
77 | |||
78 | if (info) | ||
79 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
80 | info->dh.generator.size + info->dh.public_key.size; | ||
81 | else | ||
82 | pack_size = 0; | ||
83 | |||
84 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
85 | |||
86 | /* calculate the size and allocate the data. | ||
87 | */ | ||
88 | packed_session->data = | ||
89 | gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
90 | |||
91 | if (packed_session->data == NULL) | ||
92 | { | ||
93 | gnutls_assert (); | ||
94 | return GNUTLS_E_MEMORY_ERROR; | ||
95 | } | ||
96 | |||
97 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
98 | _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
99 | pos += 4 + PACK_HEADER_SIZE; | ||
100 | |||
101 | if (pack_size > 0) | ||
102 | { | ||
103 | _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | ||
104 | pos += 2; | ||
105 | |||
106 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
107 | pos += 4 + info->dh.prime.size; | ||
108 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
109 | pos += 4 + info->dh.generator.size; | ||
110 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | ||
111 | pos += 4 + info->dh.public_key.size; | ||
112 | |||
113 | } | ||
114 | |||
115 | return 0; | ||
116 | } | ||
117 | |||
118 | /* Format: | ||
119 | * 1 byte the credentials type | ||
120 | * 4 bytes the size of the whole structure | ||
121 | * 2 bytes the size of secret key in bits | ||
122 | * 4 bytes the size of the prime | ||
123 | * x bytes the prime | ||
124 | * 4 bytes the size of the generator | ||
125 | * x bytes the generator | ||
126 | * 4 bytes the size of the public key | ||
127 | * x bytes the public key | ||
128 | */ | ||
129 | static int | ||
130 | unpack_anon_auth_info (gnutls_session_t session, | ||
131 | const gnutls_datum_t * packed_session) | ||
132 | { | ||
133 | size_t pack_size; | ||
134 | int pos = 0, size, ret; | ||
135 | anon_auth_info_t info; | ||
136 | |||
137 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
138 | { | ||
139 | gnutls_assert (); | ||
140 | return GNUTLS_E_INVALID_REQUEST; | ||
141 | } | ||
142 | |||
143 | pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
144 | pos += PACK_HEADER_SIZE + 4; | ||
145 | |||
146 | |||
147 | if (pack_size == 0) | ||
148 | return 0; /* nothing to be done */ | ||
149 | |||
150 | /* a simple check for integrity */ | ||
151 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
152 | { | ||
153 | gnutls_assert (); | ||
154 | return GNUTLS_E_INVALID_REQUEST; | ||
155 | } | ||
156 | |||
157 | /* client and serer have the same auth_info here | ||
158 | */ | ||
159 | ret = | ||
160 | _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
161 | sizeof (anon_auth_info_st), 1); | ||
162 | if (ret < 0) | ||
163 | { | ||
164 | gnutls_assert (); | ||
165 | return ret; | ||
166 | } | ||
167 | |||
168 | info = _gnutls_get_auth_info (session); | ||
169 | if (info == NULL) | ||
170 | { | ||
171 | gnutls_assert (); | ||
172 | return GNUTLS_E_INTERNAL_ERROR; | ||
173 | } | ||
174 | |||
175 | info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]); | ||
176 | pos += 2; | ||
177 | |||
178 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
179 | pos += 4; | ||
180 | ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
181 | if (ret < 0) | ||
182 | { | ||
183 | gnutls_assert (); | ||
184 | goto error; | ||
185 | } | ||
186 | pos += size; | ||
187 | |||
188 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
189 | pos += 4; | ||
190 | ret = | ||
191 | _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size); | ||
192 | if (ret < 0) | ||
193 | { | ||
194 | gnutls_assert (); | ||
195 | goto error; | ||
196 | } | ||
197 | pos += size; | ||
198 | |||
199 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
200 | pos += 4; | ||
201 | ret = | ||
202 | _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
203 | size); | ||
204 | if (ret < 0) | ||
205 | { | ||
206 | gnutls_assert (); | ||
207 | goto error; | ||
208 | } | ||
209 | pos += size; | ||
210 | |||
211 | return 0; | ||
212 | |||
213 | error: | ||
214 | _gnutls_free_datum (&info->dh.prime); | ||
215 | _gnutls_free_datum (&info->dh.generator); | ||
216 | _gnutls_free_datum (&info->dh.public_key); | ||
217 | return ret; | ||
218 | } | ||
219 | #endif /* ANON */ | ||
57 | 220 | ||
58 | /* Since auth_info structures contain malloced data, this function | 221 | /* Since auth_info structures contain malloced data, this function |
59 | * is required in order to pack these structures in a vector in | 222 | * is required in order to pack these structures in a vector in |
@@ -121,7 +284,7 @@ _gnutls_session_pack (gnutls_session_t session, | |||
121 | 284 | ||
122 | } | 285 | } |
123 | 286 | ||
124 | /* Auth_info structures copied. Now copy security_parameters_st. | 287 | /* Auth_info structures copied. Now copy security_parameters_st. |
125 | * packed_session must have allocated space for the security parameters. | 288 | * packed_session must have allocated space for the security parameters. |
126 | */ | 289 | */ |
127 | ret = pack_security_parameters (session, packed_session); | 290 | ret = pack_security_parameters (session, packed_session); |
@@ -201,7 +364,7 @@ _gnutls_session_unpack (gnutls_session_t session, | |||
201 | 364 | ||
202 | } | 365 | } |
203 | 366 | ||
204 | /* Auth_info structures copied. Now copy security_parameters_st. | 367 | /* Auth_info structures copied. Now copy security_parameters_st. |
205 | * packed_session must have allocated space for the security parameters. | 368 | * packed_session must have allocated space for the security parameters. |
206 | */ | 369 | */ |
207 | ret = unpack_security_parameters (session, packed_session); | 370 | ret = unpack_security_parameters (session, packed_session); |
@@ -477,7 +640,7 @@ error: | |||
477 | /* Packs the SRP session authentication data. | 640 | /* Packs the SRP session authentication data. |
478 | */ | 641 | */ |
479 | 642 | ||
480 | /* Format: | 643 | /* Format: |
481 | * 1 byte the credentials type | 644 | * 1 byte the credentials type |
482 | * 4 bytes the size of the SRP username (x) | 645 | * 4 bytes the size of the SRP username (x) |
483 | * x bytes the SRP username | 646 | * x bytes the SRP username |
@@ -569,167 +732,12 @@ unpack_srp_auth_info (gnutls_session_t session, | |||
569 | #endif | 732 | #endif |
570 | 733 | ||
571 | 734 | ||
572 | #ifdef ENABLE_ANON | ||
573 | /* Packs the ANON session authentication data. | ||
574 | */ | ||
575 | |||
576 | /* Format: | ||
577 | * 1 byte the credentials type | ||
578 | * 4 bytes the size of the whole structure | ||
579 | * 2 bytes the size of secret key in bits | ||
580 | * 4 bytes the size of the prime | ||
581 | * x bytes the prime | ||
582 | * 4 bytes the size of the generator | ||
583 | * x bytes the generator | ||
584 | * 4 bytes the size of the public key | ||
585 | * x bytes the public key | ||
586 | */ | ||
587 | static int | ||
588 | pack_anon_auth_info (gnutls_session_t session, | ||
589 | gnutls_datum_t * packed_session) | ||
590 | { | ||
591 | anon_auth_info_t info = _gnutls_get_auth_info (session); | ||
592 | int pos = 0; | ||
593 | size_t pack_size; | ||
594 | |||
595 | if (info) | ||
596 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
597 | info->dh.generator.size + info->dh.public_key.size; | ||
598 | else | ||
599 | pack_size = 0; | ||
600 | |||
601 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
602 | |||
603 | /* calculate the size and allocate the data. | ||
604 | */ | ||
605 | packed_session->data = | ||
606 | gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
607 | |||
608 | if (packed_session->data == NULL) | ||
609 | { | ||
610 | gnutls_assert (); | ||
611 | return GNUTLS_E_MEMORY_ERROR; | ||
612 | } | ||
613 | |||
614 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
615 | _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
616 | pos += 4 + PACK_HEADER_SIZE; | ||
617 | |||
618 | if (pack_size > 0) | ||
619 | { | ||
620 | _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | ||
621 | pos += 2; | ||
622 | |||
623 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
624 | pos += 4 + info->dh.prime.size; | ||
625 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
626 | pos += 4 + info->dh.generator.size; | ||
627 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | ||
628 | pos += 4 + info->dh.public_key.size; | ||
629 | |||
630 | } | ||
631 | |||
632 | return 0; | ||
633 | } | ||
634 | |||
635 | |||
636 | static int | ||
637 | unpack_anon_auth_info (gnutls_session_t session, | ||
638 | const gnutls_datum_t * packed_session) | ||
639 | { | ||
640 | size_t pack_size; | ||
641 | int pos = 0, size, ret; | ||
642 | anon_auth_info_t info; | ||
643 | |||
644 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
645 | { | ||
646 | gnutls_assert (); | ||
647 | return GNUTLS_E_INVALID_REQUEST; | ||
648 | } | ||
649 | |||
650 | pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
651 | pos += PACK_HEADER_SIZE + 4; | ||
652 | |||
653 | |||
654 | if (pack_size == 0) | ||
655 | return 0; /* nothing to be done */ | ||
656 | |||
657 | /* a simple check for integrity */ | ||
658 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
659 | { | ||
660 | gnutls_assert (); | ||
661 | return GNUTLS_E_INVALID_REQUEST; | ||
662 | } | ||
663 | |||
664 | /* client and serer have the same auth_info here | ||
665 | */ | ||
666 | ret = | ||
667 | _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
668 | sizeof (anon_auth_info_st), 1); | ||
669 | if (ret < 0) | ||
670 | { | ||
671 | gnutls_assert (); | ||
672 | return ret; | ||
673 | } | ||
674 | |||
675 | info = _gnutls_get_auth_info (session); | ||
676 | if (info == NULL) | ||
677 | { | ||
678 | gnutls_assert (); | ||
679 | return GNUTLS_E_INTERNAL_ERROR; | ||
680 | } | ||
681 | |||
682 | info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]); | ||
683 | pos += 2; | ||
684 | |||
685 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
686 | pos += 4; | ||
687 | ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
688 | if (ret < 0) | ||
689 | { | ||
690 | gnutls_assert (); | ||
691 | goto error; | ||
692 | } | ||
693 | pos += size; | ||
694 | |||
695 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
696 | pos += 4; | ||
697 | ret = | ||
698 | _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size); | ||
699 | if (ret < 0) | ||
700 | { | ||
701 | gnutls_assert (); | ||
702 | goto error; | ||
703 | } | ||
704 | pos += size; | ||
705 | |||
706 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
707 | pos += 4; | ||
708 | ret = | ||
709 | _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
710 | size); | ||
711 | if (ret < 0) | ||
712 | { | ||
713 | gnutls_assert (); | ||
714 | goto error; | ||
715 | } | ||
716 | pos += size; | ||
717 | |||
718 | return 0; | ||
719 | |||
720 | error: | ||
721 | _gnutls_free_datum (&info->dh.prime); | ||
722 | _gnutls_free_datum (&info->dh.generator); | ||
723 | _gnutls_free_datum (&info->dh.public_key); | ||
724 | return ret; | ||
725 | } | ||
726 | #endif /* ANON */ | ||
727 | 735 | ||
728 | #ifdef ENABLE_PSK | 736 | #ifdef ENABLE_PSK |
729 | /* Packs the PSK session authentication data. | 737 | /* Packs the PSK session authentication data. |
730 | */ | 738 | */ |
731 | 739 | ||
732 | /* Format: | 740 | /* Format: |
733 | * 1 byte the credentials type | 741 | * 1 byte the credentials type |
734 | * 4 bytes the size of the whole structure | 742 | * 4 bytes the size of the whole structure |
735 | * 4 bytes the size of the PSK username (x) | 743 | * 4 bytes the size of the PSK username (x) |
@@ -909,7 +917,7 @@ error: | |||
909 | /* Packs the security parameters. | 917 | /* Packs the security parameters. |
910 | */ | 918 | */ |
911 | 919 | ||
912 | /* Format: | 920 | /* Format: |
913 | * 4 bytes the total security data size | 921 | * 4 bytes the total security data size |
914 | * 1 byte the entity type (client/server) | 922 | * 1 byte the entity type (client/server) |
915 | * 1 byte the key exchange algorithm used | 923 | * 1 byte the key exchange algorithm used |
@@ -947,7 +955,7 @@ error: | |||
947 | * | 955 | * |
948 | * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) | 956 | * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) |
949 | * 1 byte the first name type | 957 | * 1 byte the first name type |
950 | * 2 bytes the size of the first name | 958 | * 2 bytes the size of the first name |
951 | * x bytes the first name (MAX_SERVER_NAME_SIZE) | 959 | * x bytes the first name (MAX_SERVER_NAME_SIZE) |
952 | * and so on... | 960 | * and so on... |
953 | * | 961 | * |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 3fde3db4..3931b393 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -32,7 +32,6 @@ | |||
32 | #include <gnutls_auth_int.h> | 32 | #include <gnutls_auth_int.h> |
33 | #include <gnutls_num.h> | 33 | #include <gnutls_num.h> |
34 | #include <gnutls_datum.h> | 34 | #include <gnutls_datum.h> |
35 | #include <gnutls_db.h> | ||
36 | #include <gnutls_record.h> | 35 | #include <gnutls_record.h> |
37 | #include <gnutls_handshake.h> | 36 | #include <gnutls_handshake.h> |
38 | #include <gnutls_dh.h> | 37 | #include <gnutls_dh.h> |
@@ -154,11 +153,11 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, | |||
154 | } | 153 | } |
155 | } | 154 | } |
156 | 155 | ||
157 | if (session->internals.priorities.cert_type.algorithms == 0 && cert_type | 156 | if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type |
158 | == DEFAULT_CERT_TYPE) | 157 | == DEFAULT_CERT_TYPE) |
159 | return 0; | 158 | return 0; |
160 | 159 | ||
161 | for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++) | 160 | for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++) |
162 | { | 161 | { |
163 | if (session->internals.priorities.cert_type.priority[i] == cert_type) | 162 | if (session->internals.priorities.cert_type.priority[i] == cert_type) |
164 | { | 163 | { |
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 7c84fa0a..a9b6829d 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -93,9 +93,9 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits) | |||
93 | * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status | 93 | * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status |
94 | * @session: is a gnutls session | 94 | * @session: is a gnutls session |
95 | * | 95 | * |
96 | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). | 96 | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). |
97 | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. | 97 | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. |
98 | * However you must also check the peer's name in order to check if the verified certificate belongs to the | 98 | * However you must also check the peer's name in order to check if the verified certificate belongs to the |
99 | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. | 99 | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. |
100 | * | 100 | * |
101 | -*/ | 101 | -*/ |
@@ -178,7 +178,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, | |||
178 | 178 | ||
179 | } | 179 | } |
180 | 180 | ||
181 | /* Verify certificate | 181 | /* Verify certificate |
182 | */ | 182 | */ |
183 | ret = | 183 | ret = |
184 | gnutls_x509_crt_list_verify (peer_certificate_list, | 184 | gnutls_x509_crt_list_verify (peer_certificate_list, |
@@ -522,7 +522,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, | |||
522 | } | 522 | } |
523 | _gnutls_free_datum (&tmp); /* free ptr2 */ | 523 | _gnutls_free_datum (&tmp); /* free ptr2 */ |
524 | 524 | ||
525 | /* now we move ptr after the pem header | 525 | /* now we move ptr after the pem header |
526 | */ | 526 | */ |
527 | ptr++; | 527 | ptr++; |
528 | /* find the next certificate (if any) | 528 | /* find the next certificate (if any) |
@@ -794,18 +794,18 @@ read_key_file (gnutls_certificate_credentials_t res, | |||
794 | * @key: is the private key, or %NULL | 794 | * @key: is the private key, or %NULL |
795 | * @type: is PEM or DER | 795 | * @type: is PEM or DER |
796 | * | 796 | * |
797 | * This function sets a certificate/private key pair in the | 797 | * This function sets a certificate/private key pair in the |
798 | * gnutls_certificate_credentials_t structure. This function may be called | 798 | * gnutls_certificate_credentials_t structure. This function may be called |
799 | * more than once (in case multiple keys/certificates exist for the | 799 | * more than once (in case multiple keys/certificates exist for the |
800 | * server). | 800 | * server). |
801 | * | 801 | * |
802 | * Currently are supported: RSA PKCS-1 encoded private keys, | 802 | * Currently are supported: RSA PKCS-1 encoded private keys, |
803 | * DSA private keys. | 803 | * DSA private keys. |
804 | * | 804 | * |
805 | * DSA private keys are encoded the OpenSSL way, which is an ASN.1 | 805 | * DSA private keys are encoded the OpenSSL way, which is an ASN.1 |
806 | * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. | 806 | * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. |
807 | * | 807 | * |
808 | * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates | 808 | * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates |
809 | * is supported. This means that certificates intended for signing cannot | 809 | * is supported. This means that certificates intended for signing cannot |
810 | * be used for ciphersuites that require encryption. | 810 | * be used for ciphersuites that require encryption. |
811 | * | 811 | * |
@@ -825,7 +825,7 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t | |||
825 | { | 825 | { |
826 | int ret; | 826 | int ret; |
827 | 827 | ||
828 | /* this should be first | 828 | /* this should be first |
829 | */ | 829 | */ |
830 | if ((ret = read_key_mem (res, key ? key->data : NULL, | 830 | if ((ret = read_key_mem (res, key ? key->data : NULL, |
831 | key ? key->size : 0, type)) < 0) | 831 | key ? key->size : 0, type)) < 0) |
@@ -867,7 +867,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, | |||
867 | { | 867 | { |
868 | int ret, i; | 868 | int ret, i; |
869 | 869 | ||
870 | /* this should be first | 870 | /* this should be first |
871 | */ | 871 | */ |
872 | 872 | ||
873 | res->pkey = | 873 | res->pkey = |
@@ -956,7 +956,7 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t | |||
956 | { | 956 | { |
957 | int ret; | 957 | int ret; |
958 | 958 | ||
959 | /* this should be first | 959 | /* this should be first |
960 | */ | 960 | */ |
961 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) | 961 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) |
962 | return ret; | 962 | return ret; |
@@ -983,7 +983,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) | |||
983 | unsigned size, i; | 983 | unsigned size, i; |
984 | opaque *pdata; | 984 | opaque *pdata; |
985 | 985 | ||
986 | /* Generate the RDN sequence | 986 | /* Generate the RDN sequence |
987 | * This will be sent to clients when a certificate | 987 | * This will be sent to clients when a certificate |
988 | * request message is sent. | 988 | * request message is sent. |
989 | */ | 989 | */ |
@@ -1036,11 +1036,8 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) | |||
1036 | return 0; | 1036 | return 0; |
1037 | } | 1037 | } |
1038 | 1038 | ||
1039 | 1039 | /* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this | |
1040 | 1040 | * certificate (uses the KeyUsage field). | |
1041 | |||
1042 | /* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this | ||
1043 | * certificate (uses the KeyUsage field). | ||
1044 | */ | 1041 | */ |
1045 | int | 1042 | int |
1046 | _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) | 1043 | _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) |
@@ -1158,7 +1155,7 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
1158 | return ret; | 1155 | return ret; |
1159 | } | 1156 | } |
1160 | 1157 | ||
1161 | /* now we move ptr after the pem header | 1158 | /* now we move ptr after the pem header |
1162 | */ | 1159 | */ |
1163 | ptr++; | 1160 | ptr++; |
1164 | size--; | 1161 | size--; |
@@ -1452,7 +1449,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1452 | return ret; | 1449 | return ret; |
1453 | } | 1450 | } |
1454 | 1451 | ||
1455 | /* now we move ptr after the pem header | 1452 | /* now we move ptr after the pem header |
1456 | */ | 1453 | */ |
1457 | ptr++; | 1454 | ptr++; |
1458 | /* find the next certificate (if any) | 1455 | /* find the next certificate (if any) |
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h index 41878ff2..3c75dff5 100644 --- a/src/daemon/https/x509/pkcs12.h +++ b/src/daemon/https/x509/pkcs12.h | |||
@@ -23,7 +23,6 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* TODO clean */ | 25 | /* TODO clean */ |
26 | |||
27 | #ifndef GNUTLS_PKCS12_H | 26 | #ifndef GNUTLS_PKCS12_H |
28 | #define GNUTLS_PKCS12_H | 27 | #define GNUTLS_PKCS12_H |
29 | 28 | ||
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 612b18da..796e5ad1 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -627,8 +627,13 @@ struct MHD_Daemon | |||
627 | unsigned short port; | 627 | unsigned short port; |
628 | 628 | ||
629 | #if HTTPS_SUPPORT | 629 | #if HTTPS_SUPPORT |
630 | /* server credintials */ | 630 | gnutls_credentials_type_t cred_type; |
631 | gnutls_certificate_credentials_t x509_cret; | 631 | |
632 | /* server x509 credintials */ | ||
633 | gnutls_certificate_credentials_t x509_cred; | ||
634 | |||
635 | /* credentials used for anonymous authentication */ | ||
636 | gnutls_anon_server_credentials_t anon_cred; | ||
632 | 637 | ||
633 | /* cipher priority cache */ | 638 | /* cipher priority cache */ |
634 | gnutls_priority_t priority_cache; | 639 | gnutls_priority_t priority_cache; |
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index a934c16e..8a1fe022 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -64,8 +64,6 @@ | |||
64 | * depend on your platform; for possible suggestions consult | 64 | * depend on your platform; for possible suggestions consult |
65 | * "platform.h" in the MHD distribution). | 65 | * "platform.h" in the MHD distribution). |
66 | * | 66 | * |
67 | * TODO: | ||
68 | * - Add option codes for SSL support | ||
69 | */ | 67 | */ |
70 | 68 | ||
71 | #ifndef MHD_MICROHTTPD_H | 69 | #ifndef MHD_MICROHTTPD_H |
@@ -380,6 +378,13 @@ enum MHD_OPTION | |||
380 | MHD_OPTION_HTTPS_MEM_CERT, | 378 | MHD_OPTION_HTTPS_MEM_CERT, |
381 | 379 | ||
382 | /* | 380 | /* |
381 | * daemon credentials type. either certificate or anonymous, | ||
382 | * this option should be followed by one of the values listed in | ||
383 | * gnutls_credentials_type_t. | ||
384 | */ | ||
385 | MHD_OPTION_CRED_TYPE, | ||
386 | |||
387 | /* | ||
383 | * SSL/TLS protocol version | 388 | * SSL/TLS protocol version |
384 | * | 389 | * |
385 | * Memory pointer to a zero terminated int array representing the | 390 | * Memory pointer to a zero terminated int array representing the |
@@ -714,11 +719,17 @@ typedef int | |||
714 | */ | 719 | */ |
715 | struct MHD_Daemon * | 720 | struct MHD_Daemon * |
716 | MHD_start_daemon_va (unsigned int options, | 721 | MHD_start_daemon_va (unsigned int options, |
717 | unsigned short port, | 722 | unsigned short port, char * ip, |
718 | MHD_AcceptPolicyCallback apc, | 723 | MHD_AcceptPolicyCallback apc, |
719 | void *apc_cls, | 724 | void *apc_cls, |
720 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); | 725 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); |
721 | 726 | ||
727 | struct MHD_Daemon * | ||
728 | MHD_start_daemon_ip (unsigned int options, | ||
729 | unsigned short port, char *ip, | ||
730 | MHD_AcceptPolicyCallback apc, | ||
731 | void *apc_cls, | ||
732 | MHD_AccessHandlerCallback dh, void *dh_cls, ...); | ||
722 | 733 | ||
723 | /* | 734 | /* |
724 | * Variadic version of MHD_start_daemon_va. This function will delegate calls | 735 | * Variadic version of MHD_start_daemon_va. This function will delegate calls |
@@ -1025,6 +1036,7 @@ typedef enum | |||
1025 | MHD_GNUTLS_KX_SRP_DSS | 1036 | MHD_GNUTLS_KX_SRP_DSS |
1026 | } gnutls_kx_algorithm_t; | 1037 | } gnutls_kx_algorithm_t; |
1027 | 1038 | ||
1039 | /* server credentials type */ | ||
1028 | typedef enum | 1040 | typedef enum |
1029 | { | 1041 | { |
1030 | MHD_GNUTLS_CRD_CERTIFICATE = 1, | 1042 | MHD_GNUTLS_CRD_CERTIFICATE = 1, |
@@ -1034,6 +1046,7 @@ typedef enum | |||
1034 | MHD_GNUTLS_CRD_IA | 1046 | MHD_GNUTLS_CRD_IA |
1035 | } gnutls_credentials_type_t; | 1047 | } gnutls_credentials_type_t; |
1036 | 1048 | ||
1049 | /* mac algorithm */ | ||
1037 | typedef enum | 1050 | typedef enum |
1038 | { | 1051 | { |
1039 | MHD_GNUTLS_MAC_UNKNOWN = 0, | 1052 | MHD_GNUTLS_MAC_UNKNOWN = 0, |
@@ -1056,7 +1069,7 @@ typedef enum | |||
1056 | MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 | 1069 | MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 |
1057 | } gnutls_digest_algorithm_t; | 1070 | } gnutls_digest_algorithm_t; |
1058 | 1071 | ||
1059 | 1072 | /* compression method */ | |
1060 | typedef enum | 1073 | typedef enum |
1061 | { | 1074 | { |
1062 | MHD_GNUTLS_COMP_UNKNOWN = 0, | 1075 | MHD_GNUTLS_COMP_UNKNOWN = 0, |
@@ -1067,6 +1080,7 @@ typedef enum | |||
1067 | */ | 1080 | */ |
1068 | } gnutls_compression_method_t; | 1081 | } gnutls_compression_method_t; |
1069 | 1082 | ||
1083 | /* protocol type */ | ||
1070 | typedef enum | 1084 | typedef enum |
1071 | { | 1085 | { |
1072 | MHD_GNUTLS_SSL3 = 1, | 1086 | MHD_GNUTLS_SSL3 = 1, |
@@ -1076,6 +1090,7 @@ typedef enum | |||
1076 | MHD_GNUTLS_VERSION_UNKNOWN = 0xff | 1090 | MHD_GNUTLS_VERSION_UNKNOWN = 0xff |
1077 | } gnutls_protocol_t; | 1091 | } gnutls_protocol_t; |
1078 | 1092 | ||
1093 | /* certificate_type */ | ||
1079 | typedef enum | 1094 | typedef enum |
1080 | { | 1095 | { |
1081 | MHD_GNUTLS_CRT_UNKNOWN = 0, | 1096 | MHD_GNUTLS_CRT_UNKNOWN = 0, |
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c index 67b489b7..4c8b482d 100644 --- a/src/testcurl/https/tls_alert_test.c +++ b/src/testcurl/https/tls_alert_test.c | |||
@@ -62,7 +62,7 @@ setup (gnutls_session_t * session, | |||
62 | gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) | 62 | gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) |
63 | { | 63 | { |
64 | int ret; | 64 | int ret; |
65 | const char **err_pos; | 65 | const char ** err_pos; |
66 | 66 | ||
67 | gnutls_certificate_allocate_credentials (xcred); | 67 | gnutls_certificate_allocate_credentials (xcred); |
68 | 68 | ||
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c index a12ce93f..58d95cf1 100644 --- a/src/testcurl/https/tls_authentication_test.c +++ b/src/testcurl/https/tls_authentication_test.c | |||
@@ -39,10 +39,12 @@ | |||
39 | 39 | ||
40 | extern int curl_check_version (const char *req_version, ...); | 40 | extern int curl_check_version (const char *req_version, ...); |
41 | 41 | ||
42 | const int DEBUG_GNUTLS_LOG_LEVEL = 6; | ||
42 | const char *ca_cert_file_name = "ca_cert_pem"; | 43 | const char *ca_cert_file_name = "ca_cert_pem"; |
43 | const char *test_file_name = "https_test_file"; | 44 | const char *test_file_name = "https_test_file"; |
44 | const char test_file_data[] = "Hello World\n"; | 45 | const char test_file_data[] = "Hello World\n"; |
45 | 46 | ||
47 | |||
46 | struct CBC | 48 | struct CBC |
47 | { | 49 | { |
48 | char *buf; | 50 | char *buf; |
@@ -173,8 +175,8 @@ test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version) | |||
173 | #endif | 175 | #endif |
174 | curl_easy_setopt (c, CURLOPT_URL, url); | 176 | curl_easy_setopt (c, CURLOPT_URL, url); |
175 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | 177 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); |
176 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 3L); | 178 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); |
177 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 3L); | 179 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); |
178 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 180 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
179 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | 181 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); |
180 | 182 | ||
@@ -224,14 +226,13 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version) | |||
224 | { | 226 | { |
225 | int ret; | 227 | int ret; |
226 | struct MHD_Daemon *d; | 228 | struct MHD_Daemon *d; |
227 | int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; | ||
228 | 229 | ||
229 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 230 | d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
230 | MHD_USE_DEBUG, 42433, | 231 | MHD_USE_DEBUG, 42433, |
231 | NULL, NULL, &http_ahc, NULL, | 232 | NULL, NULL, &http_ahc, NULL, |
232 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, | 233 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, |
233 | MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem, | 234 | MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem, |
234 | MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); | 235 | MHD_OPTION_END); |
235 | 236 | ||
236 | if (d == NULL) | 237 | if (d == NULL) |
237 | { | 238 | { |
@@ -308,7 +309,7 @@ main (int argc, char *const *argv) | |||
308 | FILE *test_fd; | 309 | FILE *test_fd; |
309 | unsigned int errorCount = 0; | 310 | unsigned int errorCount = 0; |
310 | 311 | ||
311 | /* gnutls_global_set_log_level (11); */ | 312 | gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
312 | 313 | ||
313 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 314 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
314 | { | 315 | { |
@@ -330,7 +331,7 @@ main (int argc, char *const *argv) | |||
330 | } | 331 | } |
331 | 332 | ||
332 | errorCount += | 333 | errorCount += |
333 | test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); | 334 | test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1); |
334 | 335 | ||
335 | if (errorCount != 0) | 336 | if (errorCount != 0) |
336 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 337 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 95accebb..59205199 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include "gnutls.h" | 32 | #include "gnutls.h" |
33 | #include <curl/curl.h> | 33 | #include <curl/curl.h> |
34 | 34 | ||
35 | #define DEBUG_CURL_VERBOSE 0 | ||
35 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" | 36 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" |
36 | 37 | ||
37 | #define MHD_E_MEM "Error: memory error\n" | 38 | #define MHD_E_MEM "Error: memory error\n" |
@@ -42,6 +43,7 @@ | |||
42 | 43 | ||
43 | #include "tls_test_keys.h" | 44 | #include "tls_test_keys.h" |
44 | 45 | ||
46 | const int DEBUG_GNUTLS_LOG_LEVEL = 0; | ||
45 | const char *test_file_name = "https_test_file"; | 47 | const char *test_file_name = "https_test_file"; |
46 | const char test_file_data[] = "Hello World\n"; | 48 | const char test_file_data[] = "Hello World\n"; |
47 | 49 | ||
@@ -123,7 +125,7 @@ http_ahc (void *cls, struct MHD_Connection *connection, | |||
123 | * @param test_fd: file to attempt transfering | 125 | * @param test_fd: file to attempt transfering |
124 | */ | 126 | */ |
125 | static int | 127 | static int |
126 | test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | 128 | test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) |
127 | { | 129 | { |
128 | CURL *c; | 130 | CURL *c; |
129 | CURLcode errornum; | 131 | CURLcode errornum; |
@@ -172,7 +174,7 @@ test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | |||
172 | doc_path, test_file_name); | 174 | doc_path, test_file_name); |
173 | 175 | ||
174 | c = curl_easy_init (); | 176 | c = curl_easy_init (); |
175 | #ifdef DEBUG | 177 | #if DEBUG_CURL_VERBOSE |
176 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 178 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
177 | #endif | 179 | #endif |
178 | curl_easy_setopt (c, CURLOPT_URL, url); | 180 | curl_easy_setopt (c, CURLOPT_URL, url); |
@@ -249,14 +251,11 @@ setupTestFile () | |||
249 | } | 251 | } |
250 | 252 | ||
251 | static int | 253 | static int |
252 | setup (struct MHD_Daemon **d, enum MHD_OPTION option, void * value ) | 254 | setup (struct MHD_Daemon **d, va_list arg_list) |
253 | { | 255 | { |
254 | *d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 256 | *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
255 | MHD_USE_DEBUG, 42433, | 257 | MHD_USE_DEBUG, 42433, "127.0.0.1", |
256 | NULL, NULL, &http_ahc, NULL, | 258 | NULL, NULL, &http_ahc, NULL, arg_list); |
257 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
258 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
259 | option, value, MHD_OPTION_END); | ||
260 | 259 | ||
261 | if (*d == NULL) | 260 | if (*d == NULL) |
262 | { | 261 | { |
@@ -273,19 +272,37 @@ teardown (struct MHD_Daemon *d) | |||
273 | MHD_stop_daemon (d); | 272 | MHD_stop_daemon (d); |
274 | } | 273 | } |
275 | 274 | ||
275 | /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */ | ||
276 | int | 276 | int |
277 | test_wrap (int | 277 | test_wrap (char *test_name, int |
278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), | 278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), |
279 | FILE * test_fd, char *cipher_suite, int proto_version, | 279 | FILE * test_fd, char *cipher_suite, int proto_version, ...) |
280 | enum MHD_OPTION option, void * value) | ||
281 | { | 280 | { |
282 | int ret; | 281 | int ret; |
282 | va_list arg_list; | ||
283 | struct MHD_Daemon *d; | 283 | struct MHD_Daemon *d; |
284 | 284 | ||
285 | if (setup (&d, option, value) != 0) | 285 | va_start (arg_list, proto_version); |
286 | return -1; | 286 | if (setup (&d, arg_list) != 0) |
287 | { | ||
288 | va_end (arg_list); | ||
289 | return -1; | ||
290 | } | ||
291 | |||
292 | fprintf (stdout, "running test: %s ", test_name); | ||
287 | ret = test (test_fd, cipher_suite, proto_version); | 293 | ret = test (test_fd, cipher_suite, proto_version); |
294 | |||
295 | if (ret == 0) | ||
296 | { | ||
297 | fprintf (stdout, "[pass]\n"); | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | fprintf (stdout, "[fail]\n"); | ||
302 | } | ||
303 | |||
288 | teardown (d); | 304 | teardown (d); |
305 | va_end (arg_list); | ||
289 | return ret; | 306 | return ret; |
290 | } | 307 | } |
291 | 308 | ||
@@ -336,6 +353,9 @@ test_file_certificates (FILE * test_fd, char *cipher_suite, int proto_version) | |||
336 | return ret; | 353 | return ret; |
337 | } | 354 | } |
338 | 355 | ||
356 | /* | ||
357 | * test server refuses to negotiate connections with unsupported protocol versions | ||
358 | */ | ||
339 | int | 359 | int |
340 | test_protocol_version (FILE * test_fd, char *cipher_suite, | 360 | test_protocol_version (FILE * test_fd, char *cipher_suite, |
341 | int curl_proto_version) | 361 | int curl_proto_version) |
@@ -344,7 +364,7 @@ test_protocol_version (FILE * test_fd, char *cipher_suite, | |||
344 | CURLcode errornum; | 364 | CURLcode errornum; |
345 | 365 | ||
346 | c = curl_easy_init (); | 366 | c = curl_easy_init (); |
347 | #ifdef DEBUG | 367 | #if DEBUG_CURL_VERBOSE |
348 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 368 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
349 | #endif | 369 | #endif |
350 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); | 370 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); |
@@ -384,7 +404,7 @@ main (int argc, char *const *argv) | |||
384 | FILE *test_fd; | 404 | FILE *test_fd; |
385 | unsigned int errorCount = 0; | 405 | unsigned int errorCount = 0; |
386 | 406 | ||
387 | gnutls_global_set_log_level(11); | 407 | gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
388 | 408 | ||
389 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 409 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
390 | { | 410 | { |
@@ -403,54 +423,61 @@ main (int argc, char *const *argv) | |||
403 | return -1; | 423 | return -1; |
404 | } | 424 | } |
405 | 425 | ||
406 | int mac[] = {MHD_GNUTLS_MAC_SHA1, 0}; | 426 | int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; |
407 | int p [] = {MHD_GNUTLS_SSL3, 0}; | 427 | int p[] = { MHD_GNUTLS_SSL3, 0 }; |
408 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | 428 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; |
409 | int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; | 429 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; |
410 | |||
411 | |||
412 | // errorCount += | ||
413 | // test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
414 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
415 | // errorCount += | ||
416 | // test_wrap (&test_file_certificates, test_fd, "AES256-SHA", | ||
417 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
418 | // | ||
419 | // errorCount += | ||
420 | // test_wrap (&test_protocol_version, test_fd, "AES256-SHA", | ||
421 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_PROTOCOL_VERSION, p); | ||
422 | // | ||
423 | // errorCount += | ||
424 | // test_wrap (&test_https_transfer, test_fd, "DES-CBC3-SHA", | ||
425 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_CIPHER_ALGORITHM, cipher); | ||
426 | 430 | ||
427 | errorCount += | 431 | errorCount += |
428 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | 432 | test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA", |
429 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, mac); | 433 | CURL_SSLVERSION_TLSv1, |
430 | 434 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | |
431 | // errorCount += | 435 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
432 | // test_wrap (&test_https_transfer, test_fd, "EDH-RSA-DES-CBC3-SHA", | 436 | MHD_OPTION_END); |
433 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_KX_PRIORITY, kx); | 437 | errorCount += |
438 | test_wrap ("file certificates", &test_file_certificates, test_fd, | ||
439 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
440 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
441 | srv_self_signed_cert_pem, MHD_OPTION_END); | ||
442 | errorCount += | ||
443 | test_wrap ("protocol_version", &test_protocol_version, test_fd, | ||
444 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
445 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
446 | srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p, | ||
447 | MHD_OPTION_END); | ||
448 | errorCount += | ||
449 | test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd, | ||
450 | "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
451 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
452 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
453 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_END); | ||
454 | errorCount += | ||
455 | test_wrap ("mac SH1", &test_https_transfer, test_fd, "AES256-SHA", | ||
456 | CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
457 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
458 | MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END); | ||
459 | errorCount += | ||
460 | test_wrap ("kx ANON_DH", &test_https_transfer, test_fd, | ||
461 | "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
462 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
463 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
464 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | ||
465 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, | ||
466 | kx, MHD_OPTION_END); | ||
434 | 467 | ||
435 | /*gnutls_mac_algorithm_t mac[] = { | 468 | /*gnutls_mac_algorithm_t mac[] = { |
436 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; | 469 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; |
437 | gnutls_mac_algorithm_t * cur_mac; | 470 | gnutls_mac_algorithm_t * cur_mac; |
438 | |||
439 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
440 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
441 | errorCount += | ||
442 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
443 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
444 | }*/ | ||
445 | |||
446 | 471 | ||
472 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
473 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
474 | errorCount += | ||
475 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
476 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
477 | } */ | ||
447 | 478 | ||
448 | if (errorCount != 0) | 479 | if (errorCount != 0) |
449 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 480 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
450 | else | ||
451 | { | ||
452 | fprintf (stderr, "ok\n"); | ||
453 | } | ||
454 | 481 | ||
455 | curl_global_cleanup (); | 482 | curl_global_cleanup (); |
456 | fclose (test_fd); | 483 | fclose (test_fd); |
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c index 846bdd10..745c8d53 100644 --- a/src/testcurl/https/tls_session_time_out_test.c +++ b/src/testcurl/https/tls_session_time_out_test.c | |||
@@ -101,7 +101,6 @@ static int | |||
101 | test_tls_session_time_out (gnutls_session_t session) | 101 | test_tls_session_time_out (gnutls_session_t session) |
102 | { | 102 | { |
103 | int sd, ret; | 103 | int sd, ret; |
104 | char *url = "https://localhost:42433/"; | ||
105 | struct sockaddr_in sa; | 104 | struct sockaddr_in sa; |
106 | 105 | ||
107 | sd = socket (AF_INET, SOCK_STREAM, 0); | 106 | sd = socket (AF_INET, SOCK_STREAM, 0); |
@@ -153,8 +152,8 @@ main (int argc, char *const *argv) | |||
153 | gnutls_global_init (); | 152 | gnutls_global_init (); |
154 | gnutls_global_set_log_level (11); | 153 | gnutls_global_set_log_level (11); |
155 | 154 | ||
156 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 155 | d = MHD_start_daemon_ip(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
157 | MHD_USE_DEBUG, 42433, | 156 | MHD_USE_DEBUG, 42433, "127.0.0.1", |
158 | NULL, NULL, &http_ahc, NULL, | 157 | NULL, NULL, &http_ahc, NULL, |
159 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, | 158 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, |
160 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 159 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h index aca0639c..871f99b1 100644 --- a/src/testcurl/https/tls_test_keys.h +++ b/src/testcurl/https/tls_test_keys.h | |||
@@ -24,105 +24,106 @@ | |||
24 | 24 | ||
25 | /* Certificate Authority key */ | 25 | /* Certificate Authority key */ |
26 | const char ca_key_pem[] = | 26 | const char ca_key_pem[] = |
27 | "-----BEGIN RSA PRIVATE KEY-----\n" | 27 | "-----BEGIN RSA PRIVATE KEY-----\n" |
28 | "MIIEpAIBAAKCAQEA3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eB\n" | 28 | "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" |
29 | "jiMegQJsJWFQT/CW8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCv\n" | 29 | "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" |
30 | "nQ73wCIdCJoVyJbRN0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbq\n" | 30 | "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" |
31 | "r9oVciRCQGgrmwEJdPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo1\n" | 31 | "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" |
32 | "1cSmRbv5dkCHbx+youLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS\n" | 32 | "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" |
33 | "0Zo+njEW6vRbmSMkrA1kH45+alN50X11mSgfoQIDAQABAoIBAAmLu+4Ushpdi5Sd\n" | 33 | "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" |
34 | "P1cidjDFXfDaao5I2LTroghpnNyfaiT+zbj1jctu7K1luuX+Lh7+ZKIGH6RhVP8g\n" | 34 | "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" |
35 | "R9eYBeyWHDsWJwPqCQJkrHR7LCkEfgkRAkaUZsSgzTqCWqUAeFa/xaQcdDcOu/nR\n" | 35 | "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" |
36 | "DKMUexYmz4ZU+VJxPhWHzGuxhxM85uJOPK3rCaYCJoo1vMpF7MeFFvVljhSdyht5\n" | 36 | "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" |
37 | "KD0w6qP0Y+vDe4cD/4W3wq82qXCFPA5oImjSJveEIJumPIjOyLFF+9p9V6hzg8Em\n" | 37 | "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" |
38 | "48cpXcV3SsbaqTr6mSQl6b15zVwWq4CCt4mkeu6vK9PGzdnBiUmWaSXfprDwHaB3\n" | 38 | "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" |
39 | "t1N0GRECgYEA5gP0gmZQDDJTlaGK9Z6pWiwpMBUoYcnqvCn8MQ5uPQn+KZir19AJ\n" | 39 | "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" |
40 | "PkVLfWT9Dcaf3+2d0kBBgGYFWL+wK8DgrqALiLJfM6gP3Ts7G6Bis4GFdWY9aUnT\n" | 40 | "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" |
41 | "6ZhRYdzetVArhTZBRKh8ERQNPy4TmzWDtjVUAfezUcvXqOjl9H5Q01ECgYEA+C2b\n" | 41 | "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" |
42 | "i05t/RYcU0eFVYK8Yfl3jZJiopMdYwXCSCO21Ag2i0fjKC89rCmLlliffSSuDtNk\n" | 42 | "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" |
43 | "xFsaSjns8Vyl7sjMcAOfsGokiUIcFnK/LyVoc3ie2NCiLVzw6zKK8lJ4bhn4afnv\n" | 43 | "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" |
44 | "N9RKXP76emb8MaZroKlKkhMR8f2BvzXbv2NyU1ECgYEAtJeAXu1zhc/xnjaiQqxa\n" | 44 | "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" |
45 | "rMilYfIKrZR571hLgDyjQttYqVIMAbp9t11yorYqlKlRFuCaG9yFUQlIw2BlMkUS\n" | 45 | "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" |
46 | "YyiXRbE+W/Fk2z7I7qzjMarMnNsz9jmX3vzPULW4ScTzFnj9j6l1F3eV2vgTPrYq\n" | 46 | "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" |
47 | "fmGqXo0bRmp0HVMWUPrn/LECgYEA3qHTQkHGS16VZGPpiY8xPVbUV8z07NC6cQVO\n" | 47 | "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" |
48 | "hvZ64XTIsWN4tKjEU3glf2bbFCFef3BFmhv71pBmLRMmy7GYK/gkPdbKFdOXbM/d\n" | 48 | "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" |
49 | "EAcnz0ZqgSeQBM+2U9dQbBdtb5+eiDsszNGFMC2QN1PBcyzOqh6UBbxTwdjfls9S\n" | 49 | "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" |
50 | "5Trp6TECgYAzCZmmJuBW6WDK5ttOF/do6r0aurHr2mOr8oYxmBkhI3wphyUMNuaH\n" | 50 | "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" |
51 | "rUk+R8LAmC1U4MbvvqoZH27xe+xd25mn6whitgZBH3DIetN7myDJep8wEG6aW4R5\n" | 51 | "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" |
52 | "S82zk+LQJ7LTa1nPVPMS10qUXSH9cjShhszfeRIQM+lWbPoaEuo3yQ==\n" | 52 | "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" |
53 | "-----END RSA PRIVATE KEY-----\n"; | 53 | "-----END RSA PRIVATE KEY-----\n"; |
54 | 54 | ||
55 | /* Certificate Authority cert */ | 55 | /* Certificate Authority cert */ |
56 | const char ca_cert_pem[] = | 56 | const char ca_cert_pem[] = |
57 | "-----BEGIN CERTIFICATE-----\n" | 57 | "-----BEGIN CERTIFICATE-----\n" |
58 | "MIIC6DCCAdKgAwIBAgIESHv2uDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 58 | "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
59 | "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMDA0MFoXDTA5MDcxNTAxMDA0MFowFzEVMBMG\n" | 59 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" |
60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" | 60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" |
61 | "3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eBjiMegQJsJWFQT/CW\n" | 61 | "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" |
62 | "8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCvnQ73wCIdCJoVyJbR\n" | 62 | "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" |
63 | "N0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbqr9oVciRCQGgrmwEJ\n" | 63 | "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" |
64 | "dPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo11cSmRbv5dkCHbx+y\n" | 64 | "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" |
65 | "ouLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS0Zo+njEW6vRbmSMk\n" | 65 | "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" |
66 | "rA1kH45+alN50X11mSgfoQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" | 66 | "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" |
67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFB3x03+3Qa2SDwRF6RkNcjg9zRHJMAsGCSqG\n" | 67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" |
68 | "SIb3DQEBBQOCAQEAjPoKMve8aqtL8fFXfSkYwLJUwuTG4E4mX804O5dsdvOEWR2/\n" | 68 | "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" |
69 | "UQm5IDiAZ3fnHE8zh0C1Kg+dWnCv0i1Q5CYZJ5sSY3tKikG5UBPVJGV1tT0vDfmJ\n" | 69 | "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" |
70 | "X7b52y35eN8qe5DsdyDAcF2GNRBU8opkLkyXb8U095AQiCHzTPpiesZd5phJlMPm\n" | 70 | "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" |
71 | "AJaB4VtHAykDMeKd7HJAeelRi/1dP8xsYNc1z67cSrkt2f+B0WAyuAUBBr1NdYmS\n" | 71 | "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" |
72 | "duegptXCh8OeGEL/v6mbIWoszDbOjk/0zwsgW8BD/eXaZgPPEUtmHizYPIRPdeW1\n" | 72 | "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" |
73 | "MSCwccjl/XjDkIoN8kKss4Ftt+Wyajjjxeh6YA==\n" "-----END CERTIFICATE-----\n"; | 73 | "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" |
74 | "-----END CERTIFICATE-----\n"; | ||
74 | 75 | ||
75 | /* test server CA signed certificates */ | 76 | /* test server CA signed certificates */ |
76 | const char srv_signed_cert_pem[] = | 77 | const char srv_signed_cert_pem[] = |
77 | "-----BEGIN CERTIFICATE-----\n" | 78 | "-----BEGIN CERTIFICATE-----\n" |
78 | "MIIDHzCCAgmgAwIBAgIESHv6kTALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 79 | "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
79 | "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMTcwNVoXDTA5MDcxNTAxMTcwNVowGzEZMBcG\n" | 80 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" |
80 | "A1UEAxMQdGVzdF9zZXJ2ZXJfY2VydDCCAR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJ\n" | 81 | "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" |
81 | "AoIBAJIY2+Wn+TRHIJ92tpNvCIE6FOsGclRxOFJwK0T6k3SK68LwQ9PkQTTB/DJu\n" | 82 | "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" |
82 | "+hU2u6w6lt1+Q8PHTDMLtnkEeXnxPn1uQZnnMEBcHAGY1U99iJh0At68AyoG7nkb\n" | 83 | "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" |
83 | "AzgzxxjMom+dEhGEFHOg9JKmJp138RzIWcMN2l4pKIryiBUh5AWt/7uqtA+9fQMq\n" | 84 | "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" |
84 | "nOeO8OU5FM3eKevl3VSZ6usptbePbUDNs5uEmG+PTR0bc2rYgGeC4+wExWcJ+CAq\n" | 85 | "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" |
85 | "voNVPno//MoMeJjWgXqF4wTBFdfsewngkflwRDPuZuLsxVrKnIx6jsBKIMuhVuxT\n" | 86 | "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" |
86 | "66vnEmuR34TUIzLlVPcJ5wmby2UCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNV\n" | 87 | "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" |
87 | "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBSHX75y\n" | 88 | "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" |
88 | "gpEjstognUu4If50qWXQaDAfBgNVHSMEGDAWgBQd8dN/t0Gtkg8ERekZDXI4Pc0R\n" | 89 | "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" |
89 | "yTALBgkqhkiG9w0BAQUDggEBAF56YMCdp0C88ZF9yaXJZ4PMuTpW83Mhg5Ar0a9H\n" | 90 | "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" |
90 | "DasF58p8eeRLhsTJPi+NpFSMTujEabGS3+8l6Iu5F5stFgvbvnjLHdYu2Pjakos8\n" | 91 | "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" |
91 | "NjZCCkuEmIO4PLd6h5ToOZf3ZXNHmFjRTtKHQKNrYizlHlgnEDcUbU4gB5KOg3jU\n" | 92 | "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" |
92 | "rv/Mtar+5LRK7KvByswp26nRH1ijGV23sy9StK7tV/cJPe/UkxyUfSQwUmQzzWe6\n" | 93 | "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" |
93 | "QGAQtppUjGabWXjuLuOUyiG5LReYC5ri7XZuVekCAfUHbOdPYTHPczvpKBnUyKIv\n" | 94 | "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" |
94 | "BRKOarmNfNc3w5G7Ast3jNOE2JfiJ8+x9+rMWI01PlWVYvQ=\n" | 95 | "aO/omlvGHrI=\n" |
95 | "-----END CERTIFICATE-----\n"; | 96 | "-----END CERTIFICATE-----\n"; |
96 | 97 | ||
97 | /* test server key */ | 98 | /* test server key */ |
98 | const char srv_signed_key_pem[] = | 99 | const char srv_signed_key_pem[] = |
99 | "-----BEGIN RSA PRIVATE KEY-----\n" | 100 | "-----BEGIN RSA PRIVATE KEY-----\n" |
100 | "MIIEpAIBAAKCAQEAkhjb5af5NEcgn3a2k28IgToU6wZyVHE4UnArRPqTdIrrwvBD\n" | 101 | "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" |
101 | "0+RBNMH8Mm76FTa7rDqW3X5Dw8dMMwu2eQR5efE+fW5BmecwQFwcAZjVT32ImHQC\n" | 102 | "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" |
102 | "3rwDKgbueRsDODPHGMyib50SEYQUc6D0kqYmnXfxHMhZww3aXikoivKIFSHkBa3/\n" | 103 | "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" |
103 | "u6q0D719Ayqc547w5TkUzd4p6+XdVJnq6ym1t49tQM2zm4SYb49NHRtzatiAZ4Lj\n" | 104 | "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" |
104 | "7ATFZwn4ICq+g1U+ej/8ygx4mNaBeoXjBMEV1+x7CeCR+XBEM+5m4uzFWsqcjHqO\n" | 105 | "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" |
105 | "wEogy6FW7FPrq+cSa5HfhNQjMuVU9wnnCZvLZQIDAQABAoIBABISPh0FrocfZzMi\n" | 106 | "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" |
106 | "YYoSGWi2sQCzTvAQAyn7UvbY0eWAC5KU2qb6nHA0sIfif0+hcgxnQOML68DrRYso\n" | 107 | "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" |
107 | "3zzP52DEjPjB6x5o4OiNHC+8YmJPQlatPu+jLPcFXXkgdMD+cpmoMk2BDcuZ3VfC\n" | 108 | "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" |
108 | "KI59O9iNjgcD50p/y6uLBsdNIbUPSMe8ONWT7f5DN/DqEL+3tVZaRAOL+C8iKYf4\n" | 109 | "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" |
109 | "EPI5z6gOyL0aEpulbMKc0YoZZ2kDmu5IyMLgkF3DJV440Y/6IGan88ZSjk6i/d7f\n" | 110 | "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" |
110 | "ciKVtzIIbr5ubbuGe3htphTpRP0aA5WuVTzHrKk83/u3hG1RFv1q/cRD28tVUIII\n" | 111 | "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" |
111 | "0pcwLmECgYEAwMdaR5Y2NqBk/fOvU/oCDAQ6w8jmIa4zMxskvq9Pr753jhT13j+T\n" | 112 | "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" |
112 | "eQ1A590PF4PPvGFTqJ2vl3kj6JT5dzu7mGKoJLFsnttpw+0NYUgp0waPPZx010pp\n" | 113 | "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" |
113 | "QGeyQ/cPsZEZkCehh9c5CsfO1YpjKLV/wdpBQ2xAnkV5dfFmzlzLOTECgYEAwgJf\n" | 114 | "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" |
114 | "gxlR9Jgv7Qg/6Prs+SarqT4xDsJKKbD7wH2jveGFXVnkYTPVstwLCAus4LaLFKZ9\n" | 115 | "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" |
115 | "1POQDUgO24E1GzuL7mqSuvymdl5gZICfpkHstOAfpqep96pUv4aI9BY/g5l4Lvep\n" | 116 | "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" |
116 | "9c52tgQGwz0qgBUJBi6AvzxqRkBsxrXjX2m7KHUCgYEAtjx94ohkTXWIouy2xFrl\n" | 117 | "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" |
117 | "jnh9GNGUgyhK7Dfvn3bYjJkwKZc06dkNzvQxdD5r4t3PBhS3YgFWmYmB4X7a6NUF\n" | 118 | "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" |
118 | "vMMekjlLJkziib1Q1bLDHuLni+WYKmEEaEbepRMrub8h/D0KnQBewwspQoJkxHn3\n" | 119 | "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" |
119 | "AMkSwurVlwi0DkOa3N+pmTECgYBXyCUZN1qqtjVxJXttWiPg88tWD2q5B9XwmUC/\n" | 120 | "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" |
120 | "rtlor+LdAzBffsmhXQiswkOdhVrWpCJpOS8jo0f9r6+su7ury5LKgkh7ZGZu8vfJ\n" | 121 | "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" |
121 | "jSiiCoqnqFMyWWJxKllLP8nLLKSBc9P2AU4bOyUoL8PMIjhsEJx2asqXMM1G98OC\n" | 122 | "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" |
122 | "R1/EhQKBgQCmSkabsj8u5iEScicyJU87/sVkRIRE0GhjU8uuvcTe+dRiHuj2CENx\n" | 123 | "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" |
123 | "hh967E0nUCiJzx3is0/nYByDles9W4BLEA8JSuM5r6E7UifHR4XwIi2tQcNhCWIu\n" | 124 | "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" |
124 | "vGbfvxwqcm7Uj3XHb1GbYK5nnaRNailoJ7iyqHWxB1Q3iFIiMipcfg==\n" | 125 | "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" |
125 | "-----END RSA PRIVATE KEY-----\n"; | 126 | "-----END RSA PRIVATE KEY-----\n"; |
126 | 127 | ||
127 | /* test server self signed certificates */ | 128 | /* test server self signed certificates */ |
128 | const char srv_self_signed_cert_pem[] = | 129 | const char srv_self_signed_cert_pem[] = |