aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorlv-426 <oxcafebaby@yahoo.com>2008-08-09 02:06:38 +0000
committerlv-426 <oxcafebaby@yahoo.com>2008-08-09 02:06:38 +0000
commitcafcdb1b08e18530b9a184a22c7655b3661701bb (patch)
tree5e4078feb14ae2ae01973ec24b96a39c33aef0c5 /src
parentdfd057b9b6e0b022f73c1bdb4b845230f29fae3a (diff)
downloadlibmicrohttpd-cafcdb1b08e18530b9a184a22c7655b3661701bb.tar.gz
libmicrohttpd-cafcdb1b08e18530b9a184a22c7655b3661701bb.zip
temporary IP binding option added to MHD_daemon_start_va
added support for initiating the daemon in anonymous authentication mode DH parameter initiation when using anonymous authentication added daemon credential type field added daemon option testing flexibility removed db support
Diffstat (limited to 'src')
-rw-r--r--src/daemon/connection_https.c5
-rw-r--r--src/daemon/daemon.c398
-rw-r--r--src/daemon/https/tls/Makefile.am1
-rw-r--r--src/daemon/https/tls/auth_cert.h9
-rw-r--r--src/daemon/https/tls/ext_cert_type.c4
-rw-r--r--src/daemon/https/tls/gnutls_alert.c4
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.c16
-rw-r--r--src/daemon/https/tls/gnutls_anon_cred.c3
-rw-r--r--src/daemon/https/tls/gnutls_db.c386
-rw-r--r--src/daemon/https/tls/gnutls_db.h37
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c13
-rw-r--r--src/daemon/https/tls/gnutls_int.h4
-rw-r--r--src/daemon/https/tls/gnutls_priority.c4
-rw-r--r--src/daemon/https/tls/gnutls_record.c33
-rw-r--r--src/daemon/https/tls/gnutls_session.c6
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.c330
-rw-r--r--src/daemon/https/tls/gnutls_state.c5
-rw-r--r--src/daemon/https/tls/gnutls_x509.c33
-rw-r--r--src/daemon/https/x509/pkcs12.h1
-rw-r--r--src/daemon/internal.h9
-rw-r--r--src/include/microhttpd.h23
-rw-r--r--src/testcurl/https/tls_alert_test.c2
-rw-r--r--src/testcurl/https/tls_authentication_test.c15
-rw-r--r--src/testcurl/https/tls_daemon_options_test.c137
-rw-r--r--src/testcurl/https/tls_session_time_out_test.c5
-rw-r--r--src/testcurl/https/tls_test_keys.h181
26 files changed, 775 insertions, 889 deletions
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c
index d275bb19..d91e6b90 100644
--- a/src/daemon/connection_https.c
+++ b/src/daemon/connection_https.c
@@ -37,7 +37,7 @@
37#include "gnutls_int.h" 37#include "gnutls_int.h"
38#include "gnutls_record.h" 38#include "gnutls_record.h"
39 39
40/* TODO rm #include "gnutls_errors.h" */ 40/* TODO #include rm "gnutls_errors.h" */
41#include "gnutls_errors.h" 41#include "gnutls_errors.h"
42 42
43/* forward declarations used when setting secure connection callbacks */ 43/* forward declarations used when setting secure connection callbacks */
@@ -168,6 +168,9 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
168 168
169 switch (connection->state) 169 switch (connection->state)
170 { 170 {
171 /* on newly created connections we might reach here before any reply has been received */
172 case MHD_TLS_CONNECTION_INIT:
173 return MHD_YES;
171 /* close connection if necessary */ 174 /* close connection if necessary */
172 case MHD_CONNECTION_CLOSED: 175 case MHD_CONNECTION_CLOSED:
173 MHD_tls_connection_close (connection); 176 MHD_tls_connection_close (connection);
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index 34a9bac6..84662dbd 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -32,6 +32,7 @@
32#if HTTPS_SUPPORT 32#if HTTPS_SUPPORT
33#include "gnutls_int.h" 33#include "gnutls_int.h"
34#include "gnutls_global.h" 34#include "gnutls_global.h"
35#include "auth_anon.h"
35#endif 36#endif
36 37
37/** 38/**
@@ -56,26 +57,14 @@
56 */ 57 */
57#define DEBUG_CONNECT MHD_NO 58#define DEBUG_CONNECT MHD_NO
58 59
59#if HTTPS_SUPPORT 60/* TODO unite with code in gnutls_priority.c */
60/* initialize security aspects of the HTTPS daemon */
61static int 61static int
62MHD_TLS_init (struct MHD_Daemon *daemon) 62MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
63{ 63{
64 int i;
65 priority_st st;
66 gnutls_datum_t key; 64 gnutls_datum_t key;
67 gnutls_datum_t cert; 65 gnutls_datum_t cert;
68 66
69 gnutls_global_set_log_function (MHD_tls_log_func); 67 /* certificate & key loaded from file */
70
71 /* setup server certificate */
72 gnutls_certificate_allocate_credentials (&daemon->x509_cret);
73
74 /* TODO remove if unused
75 gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM);
76 gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM); */
77
78 /* sets a certificate private key pair */
79 if (daemon->https_cert_path && daemon->https_key_path) 68 if (daemon->https_cert_path && daemon->https_key_path)
80 { 69 {
81 /* test for private key & certificate file exsitance */ 70 /* test for private key & certificate file exsitance */
@@ -98,20 +87,21 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
98 CLOSE (daemon->socket_fd); 87 CLOSE (daemon->socket_fd);
99 return -1; 88 return -1;
100 } 89 }
101 gnutls_certificate_set_x509_key_file (daemon->x509_cret, 90 return gnutls_certificate_set_x509_key_file (daemon->x509_cred,
102 daemon->https_cert_path, 91 daemon->https_cert_path,
103 daemon->https_key_path, 92 daemon->https_key_path,
104 GNUTLS_X509_FMT_PEM); 93 GNUTLS_X509_FMT_PEM);
105 } 94 }
95 /* certificate & key loaded from memory */
106 else if (daemon->https_mem_cert && daemon->https_mem_key) 96 else if (daemon->https_mem_cert && daemon->https_mem_key)
107 { 97 {
108 key.data = (char *) daemon->https_mem_key; 98 key.data = (unsigned char *) daemon->https_mem_key;
109 key.size = strlen (daemon->https_mem_key); 99 key.size = strlen (daemon->https_mem_key);
110 cert.data = (char *) daemon->https_mem_cert; 100 cert.data = (unsigned char *) daemon->https_mem_cert;
111 cert.size = strlen (daemon->https_mem_cert); 101 cert.size = strlen (daemon->https_mem_cert);
112 102
113 gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key, 103 return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert,
114 GNUTLS_X509_FMT_PEM); 104 &key, GNUTLS_X509_FMT_PEM);
115 } 105 }
116 else 106 else
117 { 107 {
@@ -120,29 +110,44 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
120#endif 110#endif
121 return MHD_NO; 111 return MHD_NO;
122 } 112 }
113}
123 114
124 /* generate DH parameters if necessary */ 115/* initialize security aspects of the HTTPS daemon */
125 st = daemon->priority_cache->kx; 116int
126 for (i = 0; i < st.algorithms; i++) 117MHD_TLS_init (struct MHD_Daemon *daemon)
118{
119 int ret;
120
121 switch (daemon->cred_type)
127 { 122 {
128 /* initialize Diffie Hellman parameters if necessary */ 123 case MHD_GNUTLS_CRD_ANON:
129 /* TODO add other cipher suits */ 124 ret = gnutls_anon_allocate_server_credentials (&daemon->anon_cred);
130 if (st.priority[i] == MHD_GNUTLS_KX_DHE_RSA) 125 ret += gnutls_dh_params_init (&daemon->dh_params);
131 { 126 if (ret != 0) {
132 gnutls_dh_params_init (&daemon->dh_params); 127 return GNUTLS_E_MEMORY_ERROR;
133 gnutls_dh_params_generate2 (daemon->dh_params, 1024); 128 }
134 break; 129 gnutls_dh_params_generate2 (daemon->dh_params, 1024);
135 } 130 gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params);
131 break;
132 case MHD_GNUTLS_CRD_CERTIFICATE:
133 ret = gnutls_certificate_allocate_credentials (&daemon->x509_cred) ;
134 if (ret != 0) {
135 return GNUTLS_E_MEMORY_ERROR;
136 }
137 if ((ret = MHD_init_daemon_certificate (daemon)) != 0)
138 return ret;
139 default:
140#if HAVE_MESSAGES
141 MHD_DLOG (daemon,
142 "Error: no daemon credentials type found. f: %s, l: %d\n",
143 __FUNCTION__, __LINE__);
144#endif
145 break;
136 } 146 }
137 147
138 gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params); 148 return MHD_NO;
139
140 /* TODO address error case return value */
141 return MHD_YES;
142} 149}
143 150
144/* TODO unite with code in gnutls_priority.c */
145/* this is used to set HTTPS related daemon priorities */
146inline static int 151inline static int
147_set_priority (priority_st * st, const int *list) 152_set_priority (priority_st * st, const int *list)
148{ 153{
@@ -152,7 +157,7 @@ _set_priority (priority_st * st, const int *list)
152 num++; 157 num++;
153 if (num > MAX_ALGOS) 158 if (num > MAX_ALGOS)
154 num = MAX_ALGOS; 159 num = MAX_ALGOS;
155 st->algorithms = num; 160 st->num_algorithms = num;
156 161
157 for (i = 0; i < num; i++) 162 for (i = 0; i < num; i++)
158 { 163 {
@@ -161,7 +166,6 @@ _set_priority (priority_st * st, const int *list)
161 166
162 return 0; 167 return 0;
163} 168}
164#endif /* HTTPS_SUPPORT */
165 169
166/** 170/**
167 * Obtain the select sets for this daemon. 171 * Obtain the select sets for this daemon.
@@ -300,12 +304,13 @@ gnutls_push_param_adapter (void *connection,
300} 304}
301#endif 305#endif
302 306
307
303/** 308/**
304 * Handle an individual TLS connection. 309 * Handle an individual TLS connection.
305 */ 310 */
306#if HTTPS_SUPPORT 311#if HTTPS_SUPPORT
307static void * 312static void *
308MHD_TLS_handle_connection (void *data) 313MHD_TLS_init_connection (void *data)
309{ 314{
310 struct MHD_Connection *con = data; 315 struct MHD_Connection *con = data;
311 316
@@ -320,16 +325,37 @@ MHD_TLS_handle_connection (void *data)
320 /* sets cipher priorities */ 325 /* sets cipher priorities */
321 gnutls_priority_set (con->tls_session, con->daemon->priority_cache); 326 gnutls_priority_set (con->tls_session, con->daemon->priority_cache);
322 327
323 /* set needed credentials for certificate authentication. */ 328 switch (con->daemon->cred_type)
324 gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, 329 {
325 con->daemon->x509_cret); 330 /* set needed credentials for certificate authentication. */
331 case MHD_GNUTLS_CRD_CERTIFICATE:
332 gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE,
333 con->daemon->x509_cred);
334 break;
335 case MHD_GNUTLS_CRD_ANON:
336 /* set needed credentials for anonymous authentication. */
337 gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON,
338 con->daemon->anon_cred);
339 gnutls_dh_set_prime_bits (con->tls_session, 1024);
340 break;
341 default:
342
343#if HAVE_MESSAGES
344 MHD_DLOG (con->daemon,
345 "Error: couldn't init HTTPS session. no appropriate KX algorithm found. f: %s, l: %d\n",
346 __FUNCTION__, __LINE__);
347#endif
348 break;
349 }
326 350
327 /* TODO avoid gnutls blocking recv / write calls 351 /* TODO avoid gnutls blocking recv / write calls
328 gnutls_transport_set_pull_function(tls_session, &recv); 352 gnutls_transport_set_pull_function(tls_session, &recv);
329 gnutls_transport_set_push_function(tls_session, &send); 353 gnutls_transport_set_push_function(tls_session, &send);
330 */ 354 */
331 355
332 gnutls_transport_set_ptr (con->tls_session, con->socket_fd); 356 gnutls_transport_set_ptr (con->tls_session,
357 (gnutls_transport_ptr_t) ((void *) con->
358 socket_fd));
333 359
334 return MHD_handle_connection (data); 360 return MHD_handle_connection (data);
335} 361}
@@ -489,7 +515,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
489#if HTTPS_SUPPORT 515#if HTTPS_SUPPORT
490 if (daemon->options & MHD_USE_SSL) 516 if (daemon->options & MHD_USE_SSL)
491 res_thread_create = pthread_create (&connection->pid, NULL, 517 res_thread_create = pthread_create (&connection->pid, NULL,
492 &MHD_TLS_handle_connection, 518 &MHD_TLS_init_connection,
493 connection); 519 connection);
494 else 520 else
495#endif 521#endif
@@ -768,7 +794,7 @@ MHD_select_thread (void *cls)
768 */ 794 */
769struct MHD_Daemon * 795struct MHD_Daemon *
770MHD_start_daemon_va (unsigned int options, 796MHD_start_daemon_va (unsigned int options,
771 unsigned short port, 797 unsigned short port, char *ip,
772 MHD_AcceptPolicyCallback apc, 798 MHD_AcceptPolicyCallback apc,
773 void *apc_cls, 799 void *apc_cls,
774 MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap) 800 MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap)
@@ -875,6 +901,7 @@ MHD_start_daemon_va (unsigned int options,
875 pthread_mutex_unlock (&gnutls_init_mutex); 901 pthread_mutex_unlock (&gnutls_init_mutex);
876 /* set default priorities */ 902 /* set default priorities */
877 gnutls_priority_init (&retVal->priority_cache, "", NULL); 903 gnutls_priority_init (&retVal->priority_cache, "", NULL);
904 retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
878 } 905 }
879#endif 906#endif
880 /* initializes the argument pointer variable */ 907 /* initializes the argument pointer variable */
@@ -906,7 +933,7 @@ MHD_start_daemon_va (unsigned int options,
906#if HTTPS_SUPPORT 933#if HTTPS_SUPPORT
907 case MHD_OPTION_PROTOCOL_VERSION: 934 case MHD_OPTION_PROTOCOL_VERSION:
908 _set_priority (&retVal->priority_cache->protocol, 935 _set_priority (&retVal->priority_cache->protocol,
909 va_arg (ap, const int *)); 936 va_arg (ap, const int *));
910 break; 937 break;
911 case MHD_OPTION_HTTPS_KEY_PATH: 938 case MHD_OPTION_HTTPS_KEY_PATH:
912 retVal->https_key_path = va_arg (ap, const char *); 939 retVal->https_key_path = va_arg (ap, const char *);
@@ -920,8 +947,11 @@ MHD_start_daemon_va (unsigned int options,
920 case MHD_OPTION_HTTPS_MEM_CERT: 947 case MHD_OPTION_HTTPS_MEM_CERT:
921 retVal->https_mem_cert = va_arg (ap, const char *); 948 retVal->https_mem_cert = va_arg (ap, const char *);
922 break; 949 break;
950 case MHD_OPTION_CRED_TYPE:
951 retVal->cred_type = va_arg (ap, const int);
952 break;
923 case MHD_OPTION_KX_PRIORITY: 953 case MHD_OPTION_KX_PRIORITY:
924 _set_priority (&retVal->priority_cache->cipher, 954 _set_priority (&retVal->priority_cache->kx,
925 va_arg (ap, const int *)); 955 va_arg (ap, const int *));
926 break; 956 break;
927 case MHD_OPTION_CIPHER_ALGORITHM: 957 case MHD_OPTION_CIPHER_ALGORITHM:
@@ -929,16 +959,17 @@ MHD_start_daemon_va (unsigned int options,
929 va_arg (ap, const int *)); 959 va_arg (ap, const int *));
930 break; 960 break;
931 case MHD_OPTION_MAC_ALGO: 961 case MHD_OPTION_MAC_ALGO:
932 _set_priority (&retVal->priority_cache->mac, 962 _set_priority (&retVal->priority_cache->mac,
933 va_arg (ap, const int *)); 963 va_arg (ap, const int *));
934 break; 964 break;
935#endif 965#endif
936 default: 966 default:
937#if HAVE_MESSAGES 967#if HAVE_MESSAGES
938 if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) 968 if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END)
939 { 969 {
940 fprintf (stderr, 970 fprintf (stderr,
941 "Error: HTTPS option %d passed to non HTTPS daemon\n", opt); 971 "Error: HTTPS option %d passed to non HTTPS daemon\n",
972 opt);
942 } 973 }
943 else 974 else
944 { 975 {
@@ -952,7 +983,7 @@ MHD_start_daemon_va (unsigned int options,
952 983
953#if HTTPS_SUPPORT 984#if HTTPS_SUPPORT
954 /* initialize HTTPS daemon certificate aspects & send / recv functions */ 985 /* initialize HTTPS daemon certificate aspects & send / recv functions */
955 if (options & MHD_USE_SSL && MHD_NO == MHD_TLS_init (retVal)) 986 if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0)
956 { 987 {
957#if HAVE_MESSAGES 988#if HAVE_MESSAGES
958 MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); 989 MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
@@ -985,18 +1016,244 @@ MHD_start_daemon (unsigned int options,
985 unsigned short port, 1016 unsigned short port,
986 MHD_AcceptPolicyCallback apc, 1017 MHD_AcceptPolicyCallback apc,
987 void *apc_cls, 1018 void *apc_cls,
988 MHD_AccessHandlerCallback dh, void *dh_cls, ...){ 1019 MHD_AccessHandlerCallback dh, void *dh_cls, ...)
989 1020{
990 int ret; 1021 const int on = 1;
991 va_list ap; 1022 struct MHD_Daemon *retVal;
992 va_start (ap, dh_cls); 1023
993 ret = MHD_start_daemon_va (options, 1024 /* listeningss sockets used by the daemon */
994 port, 1025 int socket_fd;
995 apc, 1026 va_list ap;
996 apc_cls, 1027
997 dh, dh_cls, ap); 1028 struct sockaddr_in servaddr4;
998 va_end (ap); 1029 struct sockaddr_in6 servaddr6;
999 return ret; 1030 const struct sockaddr *servaddr;
1031 socklen_t addrlen;
1032 enum MHD_OPTION opt;
1033
1034 if ((port == 0) || (dh == NULL))
1035 return NULL;
1036 if ((options & MHD_USE_IPv6) != 0)
1037 socket_fd = SOCKET (PF_INET6, SOCK_STREAM, 0);
1038 else
1039 socket_fd = SOCKET (PF_INET, SOCK_STREAM, 0);
1040 if (socket_fd < 0)
1041 {
1042#if HAVE_MESSAGES
1043 if ((options & MHD_USE_DEBUG) != 0)
1044 fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno));
1045#endif
1046 return NULL;
1047 }
1048 if ((SETSOCKOPT (socket_fd,
1049 SOL_SOCKET,
1050 SO_REUSEADDR,
1051 &on, sizeof (on)) < 0) && (options & MHD_USE_DEBUG) != 0)
1052 {
1053#if HAVE_MESSAGES
1054 fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno));
1055#endif
1056 }
1057 if ((options & MHD_USE_IPv6) != 0)
1058 {
1059 memset (&servaddr6, 0, sizeof (struct sockaddr_in6));
1060 servaddr6.sin6_family = AF_INET6;
1061 servaddr6.sin6_port = htons (port);
1062 servaddr = (struct sockaddr *) &servaddr6;
1063 addrlen = sizeof (struct sockaddr_in6);
1064 }
1065 else
1066 {
1067 memset (&servaddr4, 0, sizeof (struct sockaddr_in));
1068 servaddr4.sin_family = AF_INET;
1069 servaddr4.sin_port = htons (port);
1070 servaddr = (struct sockaddr *) &servaddr4;
1071 addrlen = sizeof (struct sockaddr_in);
1072 }
1073 if (BIND (socket_fd, servaddr, addrlen) < 0)
1074 {
1075#if HAVE_MESSAGES
1076 if ((options & MHD_USE_DEBUG) != 0)
1077 fprintf (stderr,
1078 "Failed to bind to port %u: %s\n", port, STRERROR (errno));
1079#endif
1080 CLOSE (socket_fd);
1081 return NULL;
1082 }
1083 if (LISTEN (socket_fd, 20) < 0)
1084 {
1085#if HAVE_MESSAGES
1086 if ((options & MHD_USE_DEBUG) != 0)
1087 fprintf (stderr,
1088 "Failed to listen for connections: %s\n", STRERROR (errno));
1089#endif
1090 CLOSE (socket_fd);
1091 return NULL;
1092 }
1093
1094 /* allocate the mhd daemon */
1095
1096 retVal = malloc (sizeof (struct MHD_Daemon));
1097
1098 if (retVal == NULL)
1099 {
1100 CLOSE (socket_fd);
1101 return NULL;
1102 }
1103
1104 memset (retVal, 0, sizeof (struct MHD_Daemon));
1105 retVal->options = options;
1106 retVal->port = port;
1107 retVal->apc = apc;
1108 retVal->apc_cls = apc_cls;
1109 retVal->socket_fd = socket_fd;
1110 retVal->default_handler = dh;
1111 retVal->default_handler_cls = dh_cls;
1112 retVal->max_connections = MHD_MAX_CONNECTIONS_DEFAULT;
1113 retVal->pool_size = MHD_POOL_SIZE_DEFAULT;
1114 retVal->connection_timeout = 0; /* no timeout */
1115#if HTTPS_SUPPORT
1116 if (options & MHD_USE_SSL)
1117 {
1118 /* lock gnutls_global mutex since it uses reference counting */
1119 pthread_mutex_lock (&gnutls_init_mutex);
1120 gnutls_global_init ();
1121 pthread_mutex_unlock (&gnutls_init_mutex);
1122 /* set default priorities */
1123 gnutls_priority_init (&retVal->priority_cache, "", NULL);
1124 retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
1125 }
1126#endif
1127 /* initializes the argument pointer variable */
1128
1129 va_start (ap, dh_cls);
1130
1131 /*
1132 * loop through daemon options
1133 */
1134 while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION)))
1135 {
1136 switch (opt)
1137 {
1138 case MHD_OPTION_CONNECTION_MEMORY_LIMIT:
1139 retVal->pool_size = va_arg (ap, unsigned int);
1140 break;
1141 case MHD_OPTION_CONNECTION_LIMIT:
1142 retVal->max_connections = va_arg (ap, unsigned int);
1143 break;
1144 case MHD_OPTION_CONNECTION_TIMEOUT:
1145 retVal->connection_timeout = va_arg (ap, unsigned int);
1146 break;
1147 case MHD_OPTION_NOTIFY_COMPLETED:
1148 retVal->notify_completed =
1149 va_arg (ap, MHD_RequestCompletedCallback);
1150 retVal->notify_completed_cls = va_arg (ap, void *);
1151 break;
1152 case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
1153 retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
1154 break;
1155#if HTTPS_SUPPORT
1156 case MHD_OPTION_PROTOCOL_VERSION:
1157 _set_priority (&retVal->priority_cache->protocol,
1158 va_arg (ap, const int *));
1159 break;
1160 case MHD_OPTION_HTTPS_KEY_PATH:
1161 retVal->https_key_path = va_arg (ap, const char *);
1162 break;
1163 case MHD_OPTION_HTTPS_CERT_PATH:
1164 retVal->https_cert_path = va_arg (ap, const char *);
1165 break;
1166 case MHD_OPTION_HTTPS_MEM_KEY:
1167 retVal->https_mem_key = va_arg (ap, const char *);
1168 break;
1169 case MHD_OPTION_HTTPS_MEM_CERT:
1170 retVal->https_mem_cert = va_arg (ap, const char *);
1171 break;
1172 case MHD_OPTION_CRED_TYPE:
1173 retVal->cred_type = va_arg (ap, const int);
1174 break;
1175 case MHD_OPTION_KX_PRIORITY:
1176 _set_priority (&retVal->priority_cache->kx,
1177 va_arg (ap, const int *));
1178 break;
1179 case MHD_OPTION_CIPHER_ALGORITHM:
1180 _set_priority (&retVal->priority_cache->cipher,
1181 va_arg (ap, const int *));
1182 break;
1183 case MHD_OPTION_MAC_ALGO:
1184 _set_priority (&retVal->priority_cache->mac,
1185 va_arg (ap, const int *));
1186 break;
1187#endif
1188 default:
1189#if HAVE_MESSAGES
1190 if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END)
1191 {
1192 fprintf (stderr,
1193 "Error: HTTPS option %d passed to non HTTPS daemon\n",
1194 opt);
1195 }
1196 else
1197 {
1198 fprintf (stderr,
1199 "Invalid MHD_OPTION argument! (Did you terminate the list with MHD_OPTION_END?)\n");
1200 }
1201#endif
1202 abort ();
1203 }
1204 }
1205 va_end (ap);
1206
1207 /* initialize HTTPS daemon certificate aspects & send / recv functions */
1208 if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0)
1209 {
1210#if HAVE_MESSAGES
1211 MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n");
1212#endif
1213 free (retVal);
1214 return NULL;
1215 }
1216
1217 if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options
1218 &
1219 MHD_USE_SELECT_INTERNALLY)))
1220 && (0 !=
1221 pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal)))
1222 {
1223#if HAVE_MESSAGES
1224 MHD_DLOG (retVal, "Failed to create listen thread: %s\n",
1225 STRERROR (errno));
1226#endif
1227 free (retVal);
1228 CLOSE (socket_fd);
1229 return NULL;
1230 }
1231
1232 return retVal;
1233}
1234
1235
1236/*
1237 * start the MHD_Daemon while binding to a specific ip address.
1238 *
1239 * TODO : address adding ip parameter to MHD_start_daemon
1240 */
1241struct MHD_Daemon *
1242MHD_start_daemon_ip (unsigned int options,
1243 unsigned short port, char *ip,
1244 MHD_AcceptPolicyCallback apc,
1245 void *apc_cls,
1246 MHD_AccessHandlerCallback dh, void *dh_cls, ...)
1247{
1248
1249 gnutls_global_set_log_level (5);
1250
1251 struct MHD_Daemon *ret;
1252 va_list ap;
1253 va_start (ap, dh_cls);
1254 ret = MHD_start_daemon_va (options, port, ip, apc, apc_cls, dh, dh_cls, ap);
1255 va_end (ap);
1256 return ret;
1000} 1257}
1001 1258
1002/** 1259/**
@@ -1066,7 +1323,10 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
1066 { 1323 {
1067 gnutls_priority_deinit (daemon->priority_cache); 1324 gnutls_priority_deinit (daemon->priority_cache);
1068 1325
1069 gnutls_certificate_free_credentials (daemon->x509_cret); 1326 if (daemon->x509_cred)
1327 gnutls_certificate_free_credentials (daemon->x509_cred);
1328 if (daemon->anon_cred)
1329 gnutls_anon_free_server_credentials (daemon->anon_cred);
1070 1330
1071 /* lock gnutls_global mutex since it uses reference counting */ 1331 /* lock gnutls_global mutex since it uses reference counting */
1072 pthread_mutex_lock (&gnutls_init_mutex); 1332 pthread_mutex_lock (&gnutls_init_mutex);
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index 40d49e08..3155e0bd 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -43,7 +43,6 @@ gnutls_compress.c \
43gnutls_compress_int.c \ 43gnutls_compress_int.c \
44gnutls_constate.c \ 44gnutls_constate.c \
45gnutls_datum.c \ 45gnutls_datum.c \
46gnutls_db.c \
47gnutls_dh.c \ 46gnutls_dh.c \
48gnutls_dh_primes.c \ 47gnutls_dh_primes.c \
49gnutls_errors.c \ 48gnutls_errors.c \
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h
index 86e0230f..e49a6089 100644
--- a/src/daemon/https/tls/auth_cert.h
+++ b/src/daemon/https/tls/auth_cert.h
@@ -34,6 +34,7 @@
34/* This structure may be complex, but it's the only way to 34/* This structure may be complex, but it's the only way to
35 * support a server that has multiple certificates 35 * support a server that has multiple certificates
36 */ 36 */
37
37typedef struct gnutls_certificate_credentials_st 38typedef struct gnutls_certificate_credentials_st
38{ 39{
39 gnutls_dh_params_t dh_params; 40 gnutls_dh_params_t dh_params;
@@ -45,7 +46,7 @@ typedef struct gnutls_certificate_credentials_st
45 46
46 gnutls_cert **cert_list; 47 gnutls_cert **cert_list;
47 /* contains a list of a list of certificates. 48 /* contains a list of a list of certificates.
48 * eg (X509): [0] certificate1, certificate11, certificate111 49 * eg (X509): [0] certificate1, certificate11, certificate111
49 * (if more than one, one certificate certifies the one before) 50 * (if more than one, one certificate certifies the one before)
50 * [1] certificate2, certificate22, ... 51 * [1] certificate2, certificate22, ...
51 */ 52 */
@@ -75,14 +76,14 @@ typedef struct gnutls_certificate_credentials_st
75 /* X509 specific stuff */ 76 /* X509 specific stuff */
76 77
77 gnutls_x509_crt_t *x509_ca_list; 78 gnutls_x509_crt_t *x509_ca_list;
78 unsigned x509_ncas; /* number of CAs in the ca_list 79 unsigned x509_ncas; /* number of CAs in the ca_list
79 */ 80 */
80 81
81 gnutls_x509_crl_t *x509_crl_list; 82 gnutls_x509_crl_t *x509_crl_list;
82 unsigned x509_ncrls; /* number of CRLs in the crl_list 83 unsigned x509_ncrls; /* number of CRLs in the crl_list
83 */ 84 */
84 85
85 unsigned int verify_flags; /* flags to be used at 86 unsigned int verify_flags; /* flags to be used at
86 * certificate verification. 87 * certificate verification.
87 */ 88 */
88 unsigned int verify_depth; 89 unsigned int verify_depth;
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c
index 6f1c17bc..a1bec6a1 100644
--- a/src/daemon/https/tls/ext_cert_type.c
+++ b/src/daemon/https/tls/ext_cert_type.c
@@ -150,10 +150,10 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
150 if (session->security_parameters.entity == GNUTLS_CLIENT) 150 if (session->security_parameters.entity == GNUTLS_CLIENT)
151 { 151 {
152 152
153 if (session->internals.priorities.cert_type.algorithms > 0) 153 if (session->internals.priorities.cert_type.num_algorithms > 0)
154 { 154 {
155 155
156 len = session->internals.priorities.cert_type.algorithms; 156 len = session->internals.priorities.cert_type.num_algorithms;
157 157
158 if (len == 1 && 158 if (len == 1 &&
159 session->internals.priorities.cert_type.priority[0] == 159 session->internals.priorities.cert_type.priority[0] ==
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c
index dfa35f85..29422dab 100644
--- a/src/daemon/https/tls/gnutls_alert.c
+++ b/src/daemon/https/tls/gnutls_alert.c
@@ -148,7 +148,7 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
148 * alert should be sent to the peer indicating that no renegotiation will 148 * alert should be sent to the peer indicating that no renegotiation will
149 * be performed. 149 * be performed.
150 * 150 *
151 * If there is no mapping to a valid alert the alert to indicate internal error 151 * If there is no mapping to a valid alert the alert to indicate internal error
152 * is returned. 152 * is returned.
153 * 153 *
154 **/ 154 **/
@@ -163,7 +163,7 @@ gnutls_error_to_alert (int err, int *level)
163 /* GNUTLS_A_DECRYPTION_FAILED is not sent, because 163 /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
164 * it is not defined in SSL3. Note that we must 164 * it is not defined in SSL3. Note that we must
165 * not distinguish Decryption failures from mac 165 * not distinguish Decryption failures from mac
166 * check failures, due to the possibility of some 166 * check failures, due to the possibility of some
167 * attacks. 167 * attacks.
168 */ 168 */
169 ret = GNUTLS_A_BAD_RECORD_MAC; 169 ret = GNUTLS_A_BAD_RECORD_MAC;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 56435345..1809afda 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -767,7 +767,7 @@ _gnutls_mac_priority (gnutls_session_t session,
767 gnutls_mac_algorithm_t algorithm) 767 gnutls_mac_algorithm_t algorithm)
768{ /* actually returns the priority */ 768{ /* actually returns the priority */
769 unsigned int i; 769 unsigned int i;
770 for (i = 0; i < session->internals.priorities.mac.algorithms; i++) 770 for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++)
771 { 771 {
772 if (session->internals.priorities.mac.priority[i] == algorithm) 772 if (session->internals.priorities.mac.priority[i] == algorithm)
773 return i; 773 return i;
@@ -893,7 +893,7 @@ _gnutls_compression_priority (gnutls_session_t session,
893 gnutls_compression_method_t algorithm) 893 gnutls_compression_method_t algorithm)
894{ /* actually returns the priority */ 894{ /* actually returns the priority */
895 unsigned int i; 895 unsigned int i;
896 for (i = 0; i < session->internals.priorities.compression.algorithms; i++) 896 for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++)
897 { 897 {
898 if (session->internals.priorities.compression.priority[i] == algorithm) 898 if (session->internals.priorities.compression.priority[i] == algorithm)
899 return i; 899 return i;
@@ -1040,7 +1040,7 @@ _gnutls_cipher_priority (gnutls_session_t session,
1040 gnutls_cipher_algorithm_t algorithm) 1040 gnutls_cipher_algorithm_t algorithm)
1041{ 1041{
1042 unsigned int i; 1042 unsigned int i;
1043 for (i = 0; i < session->internals.priorities.cipher.algorithms; i++) 1043 for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++)
1044 { 1044 {
1045 if (session->internals.priorities.cipher.priority[i] == algorithm) 1045 if (session->internals.priorities.cipher.priority[i] == algorithm)
1046 return i; 1046 return i;
@@ -1176,7 +1176,7 @@ _gnutls_kx_priority (gnutls_session_t session,
1176 gnutls_kx_algorithm_t algorithm) 1176 gnutls_kx_algorithm_t algorithm)
1177{ 1177{
1178 unsigned int i; 1178 unsigned int i;
1179 for (i = 0; i < session->internals.priorities.kx.algorithms; i++) 1179 for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++)
1180 { 1180 {
1181 if (session->internals.priorities.kx.priority[i] == algorithm) 1181 if (session->internals.priorities.kx.priority[i] == algorithm)
1182 return i; 1182 return i;
@@ -1276,7 +1276,7 @@ _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
1276 return -1; 1276 return -1;
1277 } 1277 }
1278 1278
1279 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) 1279 for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
1280 { 1280 {
1281 if (session->internals.priorities.protocol.priority[i] == version) 1281 if (session->internals.priorities.protocol.priority[i] == version)
1282 return i; 1282 return i;
@@ -1294,7 +1294,7 @@ _gnutls_version_lowest (gnutls_session_t session)
1294 return MHD_GNUTLS_VERSION_UNKNOWN; 1294 return MHD_GNUTLS_VERSION_UNKNOWN;
1295 } 1295 }
1296 else 1296 else
1297 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) 1297 for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
1298 { 1298 {
1299 if (session->internals.priorities.protocol.priority[i] < min) 1299 if (session->internals.priorities.protocol.priority[i] < min)
1300 min = session->internals.priorities.protocol.priority[i]; 1300 min = session->internals.priorities.protocol.priority[i];
@@ -1316,7 +1316,7 @@ _gnutls_version_max (gnutls_session_t session)
1316 return MHD_GNUTLS_VERSION_UNKNOWN; 1316 return MHD_GNUTLS_VERSION_UNKNOWN;
1317 } 1317 }
1318 else 1318 else
1319 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) 1319 for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
1320 { 1320 {
1321 if (session->internals.priorities.protocol.priority[i] > max) 1321 if (session->internals.priorities.protocol.priority[i] > max)
1322 max = session->internals.priorities.protocol.priority[i]; 1322 max = session->internals.priorities.protocol.priority[i];
@@ -1886,7 +1886,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
1886 1886
1887/* returns the TLS numbers of the compression methods we support 1887/* returns the TLS numbers of the compression methods we support
1888 */ 1888 */
1889#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms 1889#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms
1890int 1890int
1891_gnutls_supported_compression_methods (gnutls_session_t session, 1891_gnutls_supported_compression_methods (gnutls_session_t session,
1892 uint8_t ** comp) 1892 uint8_t ** comp)
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
index 919315ef..fd0917f8 100644
--- a/src/daemon/https/tls/gnutls_anon_cred.c
+++ b/src/daemon/https/tls/gnutls_anon_cred.c
@@ -62,8 +62,9 @@ int
62gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * 62gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
63 sc) 63 sc)
64{ 64{
65
66 *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); 65 *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
66 if (*sc == NULL)
67 return GNUTLS_E_MEMORY_ERROR;
67 68
68 return 0; 69 return 0;
69} 70}
diff --git a/src/daemon/https/tls/gnutls_db.c b/src/daemon/https/tls/gnutls_db.c
deleted file mode 100644
index 806961c1..00000000
--- a/src/daemon/https/tls/gnutls_db.c
+++ /dev/null
@@ -1,386 +0,0 @@
1/*
2 * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* This file contains functions that manipulate a database backend
26 * for resumed sessions.
27 */
28
29#include "gnutls_int.h"
30#include "gnutls_errors.h"
31// #include "gnutls_session.h"
32#include <gnutls_db.h>
33#include "debug.h"
34#include <gnutls_session_pack.h>
35#include <gnutls_datum.h>
36
37/**
38 * gnutls_db_set_retrieve_function - Sets the function that will be used to get data
39 * @session: is a #gnutls_session_t structure.
40 * @retr_func: is the function.
41 *
42 * Sets the function that will be used to retrieve data from the resumed
43 * sessions database. This function must return a gnutls_datum_t containing the
44 * data on success, or a gnutls_datum_t containing null and 0 on failure.
45 *
46 * The datum's data must be allocated using the function
47 * gnutls_malloc().
48 *
49 * The first argument to retr_func() will be null unless gnutls_db_set_ptr()
50 * has been called.
51 *
52 **/
53void
54gnutls_db_set_retrieve_function (gnutls_session_t session,
55 gnutls_db_retr_func retr_func)
56{
57 session->internals.db_retrieve_func = retr_func;
58}
59
60/**
61 * gnutls_db_set_remove_function - Sets the function that will be used to remove data
62 * @session: is a #gnutls_session_t structure.
63 * @rem_func: is the function.
64 *
65 * Sets the function that will be used to remove data from the resumed
66 * sessions database. This function must return 0 on success.
67 *
68 * The first argument to rem_func() will be null unless gnutls_db_set_ptr()
69 * has been called.
70 *
71 **/
72void
73gnutls_db_set_remove_function (gnutls_session_t session,
74 gnutls_db_remove_func rem_func)
75{
76 session->internals.db_remove_func = rem_func;
77}
78
79/**
80 * gnutls_db_set_store_function - Sets the function that will be used to put data
81 * @session: is a #gnutls_session_t structure.
82 * @store_func: is the function
83 *
84 * Sets the function that will be used to store data from the resumed
85 * sessions database. This function must remove 0 on success.
86 *
87 * The first argument to store_func() will be null unless gnutls_db_set_ptr()
88 * has been called.
89 *
90 **/
91void
92gnutls_db_set_store_function (gnutls_session_t session,
93 gnutls_db_store_func store_func)
94{
95 session->internals.db_store_func = store_func;
96}
97
98/**
99 * gnutls_db_set_ptr - Sets a pointer to be sent to db functions
100 * @session: is a #gnutls_session_t structure.
101 * @ptr: is the pointer
102 *
103 * Sets the pointer that will be provided to db store, retrieve and delete functions, as
104 * the first argument.
105 *
106 **/
107void
108gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
109{
110 session->internals.db_ptr = ptr;
111}
112
113/**
114 * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
115 * @session: is a #gnutls_session_t structure.
116 *
117 * Returns the pointer that will be sent to db store, retrieve and delete functions, as
118 * the first argument.
119 *
120 **/
121void *
122gnutls_db_get_ptr (gnutls_session_t session)
123{
124 return session->internals.db_ptr;
125}
126
127/**
128 * gnutls_db_set_cache_expiration - Sets the expiration time for resumed sessions.
129 * @session: is a #gnutls_session_t structure.
130 * @seconds: is the number of seconds.
131 *
132 * Sets the expiration time for resumed sessions. The default is 3600 (one hour)
133 * at the time writing this.
134 **/
135void
136gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
137{
138 session->internals.expire_time = seconds;
139}
140
141/**
142 * gnutls_db_check_entry - checks if the given db entry has expired
143 * @session: is a #gnutls_session_t structure.
144 * @session_entry: is the session data (not key)
145 *
146 * This function returns GNUTLS_E_EXPIRED, if the database entry
147 * has expired or 0 otherwise. This function is to be used when
148 * you want to clear unnesessary session which occupy space in your
149 * backend.
150 *
151 **/
152int
153gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
154{
155 time_t timestamp;
156
157 timestamp = time (0);
158
159 if (session_entry.data != NULL)
160 if (timestamp -
161 ((security_parameters_st *) (session_entry.data))->timestamp <=
162 session->internals.expire_time
163 || ((security_parameters_st *) (session_entry.data))->
164 timestamp > timestamp
165 || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
166 return GNUTLS_E_EXPIRED;
167
168 return 0;
169}
170
171/* The format of storing data is:
172 * (forget it). Check gnutls_session_pack.c
173 */
174int
175_gnutls_server_register_current_session (gnutls_session_t session)
176{
177 gnutls_datum_t key;
178 gnutls_datum_t content;
179 int ret = 0;
180
181 key.data = session->security_parameters.session_id;
182 key.size = session->security_parameters.session_id_size;
183
184 if (session->internals.resumable == RESUME_FALSE)
185 {
186 gnutls_assert ();
187 return GNUTLS_E_INVALID_SESSION;
188 }
189
190 if (session->security_parameters.session_id == NULL
191 || session->security_parameters.session_id_size == 0)
192 {
193 gnutls_assert ();
194 return GNUTLS_E_INVALID_SESSION;
195 }
196
197/* copy data */
198 ret = _gnutls_session_pack (session, &content);
199 if (ret < 0)
200 {
201 gnutls_assert ();
202 return ret;
203 }
204
205 ret = _gnutls_store_session (session, key, content);
206 _gnutls_free_datum (&content);
207
208 return ret;
209}
210
211/* Checks if both db_store and db_retrieve functions have
212 * been set up.
213 */
214static int
215_gnutls_db_func_is_ok (gnutls_session_t session)
216{
217 if (session->internals.db_store_func != NULL &&
218 session->internals.db_retrieve_func != NULL &&
219 session->internals.db_remove_func != NULL)
220 return 0;
221 else
222 return GNUTLS_E_DB_ERROR;
223}
224
225
226int
227_gnutls_server_restore_session (gnutls_session_t session,
228 uint8_t * session_id, int session_id_size)
229{
230 gnutls_datum_t data;
231 gnutls_datum_t key;
232 int ret;
233
234 key.data = session_id;
235 key.size = session_id_size;
236
237 if (_gnutls_db_func_is_ok (session) != 0)
238 {
239 gnutls_assert ();
240 return GNUTLS_E_INVALID_SESSION;
241 }
242
243 data = _gnutls_retrieve_session (session, key);
244
245 if (data.data == NULL)
246 {
247 gnutls_assert ();
248 return GNUTLS_E_INVALID_SESSION;
249 }
250
251 /* expiration check is performed inside */
252 ret = gnutls_session_set_data (session, data.data, data.size);
253 if (ret < 0)
254 {
255 gnutls_assert ();
256 return ret;
257 }
258
259 gnutls_free (data.data);
260
261 return 0;
262}
263
264int
265_gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
266 int session_id_size)
267{
268 gnutls_datum_t key;
269
270 key.data = session_id;
271 key.size = session_id_size;
272
273 return _gnutls_remove_session (session, key);
274}
275
276
277/* Stores session data to the db backend.
278 */
279int
280_gnutls_store_session (gnutls_session_t session,
281 gnutls_datum_t session_id, gnutls_datum_t session_data)
282{
283 int ret = 0;
284
285 if (session->internals.resumable == RESUME_FALSE)
286 {
287 gnutls_assert ();
288 return GNUTLS_E_INVALID_SESSION;
289 }
290
291 if (_gnutls_db_func_is_ok (session) != 0)
292 {
293 return GNUTLS_E_DB_ERROR;
294 }
295
296 if (session_id.data == NULL || session_id.size == 0)
297 {
298 gnutls_assert ();
299 return GNUTLS_E_INVALID_SESSION;
300 }
301
302 if (session_data.data == NULL || session_data.size == 0)
303 {
304 gnutls_assert ();
305 return GNUTLS_E_INVALID_SESSION;
306 }
307 /* if we can't read why bother writing? */
308
309 if (session->internals.db_store_func != NULL)
310 ret =
311 session->internals.db_store_func (session->internals.db_ptr,
312 session_id, session_data);
313
314 return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
315
316}
317
318/* Retrieves session data from the db backend.
319 */
320gnutls_datum_t
321_gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id)
322{
323 gnutls_datum_t ret = { NULL, 0 };
324
325 if (session_id.data == NULL || session_id.size == 0)
326 {
327 gnutls_assert ();
328 return ret;
329 }
330
331 if (session->internals.db_retrieve_func != NULL)
332 ret =
333 session->internals.db_retrieve_func (session->internals.db_ptr,
334 session_id);
335
336 return ret;
337
338}
339
340/* Removes session data from the db backend.
341 */
342int
343_gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id)
344{
345 int ret = 0;
346
347 if (_gnutls_db_func_is_ok (session) != 0)
348 {
349 return GNUTLS_E_DB_ERROR;
350 }
351
352 if (session_id.data == NULL || session_id.size == 0)
353 return GNUTLS_E_INVALID_SESSION;
354
355 /* if we can't read why bother writing? */
356 if (session->internals.db_remove_func != NULL)
357 ret =
358 session->internals.db_remove_func (session->internals.db_ptr,
359 session_id);
360
361 return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
362
363}
364
365/**
366 * gnutls_db_remove_session - This function will remove the current session data from the database
367 * @session: is a #gnutls_session_t structure.
368 *
369 * This function will remove the current session data from the session
370 * database. This will prevent future handshakes reusing these session
371 * data. This function should be called if a session was terminated
372 * abnormally, and before gnutls_deinit() is called.
373 *
374 * Normally gnutls_deinit() will remove abnormally terminated sessions.
375 *
376 **/
377void
378gnutls_db_remove_session (gnutls_session_t session)
379{
380 /* if the session has failed abnormally it has
381 * to be removed from the db
382 */
383 _gnutls_db_remove_session (session,
384 session->security_parameters.session_id,
385 session->security_parameters.session_id_size);
386}
diff --git a/src/daemon/https/tls/gnutls_db.h b/src/daemon/https/tls/gnutls_db.h
deleted file mode 100644
index 9adece4e..00000000
--- a/src/daemon/https/tls/gnutls_db.h
+++ /dev/null
@@ -1,37 +0,0 @@
1/*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25int _gnutls_server_register_current_session (gnutls_session_t session);
26int _gnutls_server_restore_session (gnutls_session_t session,
27 uint8_t * session_id,
28 int session_id_size);
29int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
30 int session_id_size);
31int _gnutls_store_session (gnutls_session_t session,
32 gnutls_datum_t session_id,
33 gnutls_datum_t session_data);
34gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session,
35 gnutls_datum_t session_id);
36int _gnutls_remove_session (gnutls_session_t session,
37 gnutls_datum_t session_id);
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index b304bdcb..5f56822e 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -37,7 +37,6 @@
37#include "gnutls_handshake.h" 37#include "gnutls_handshake.h"
38#include "gnutls_num.h" 38#include "gnutls_num.h"
39#include "gnutls_hash_int.h" 39#include "gnutls_hash_int.h"
40#include "gnutls_db.h"
41#include "gnutls_extensions.h" 40#include "gnutls_extensions.h"
42#include "gnutls_supplemental.h" 41#include "gnutls_supplemental.h"
43#include "gnutls_auth_int.h" 42#include "gnutls_auth_int.h"
@@ -338,7 +337,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
338 int datalen) 337 int datalen)
339{ 338{
340 uint8_t session_id_len; 339 uint8_t session_id_len;
341 int pos = 0, ret; 340 int pos = 0, ret = 0;
342 uint16_t suite_size, comp_size; 341 uint16_t suite_size, comp_size;
343 gnutls_protocol_t adv_version; 342 gnutls_protocol_t adv_version;
344 int neg_version; 343 int neg_version;
@@ -383,10 +382,10 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data,
383 } 382 }
384 DECR_LEN (len, session_id_len); 383 DECR_LEN (len, session_id_len);
385 384
386 ret = _gnutls_server_restore_session (session, &data[pos], session_id_len);
387 pos += session_id_len; 385 pos += session_id_len;
388 386
389 if (ret == 0) 387 /* TODO rm if support for resumed sessions won't be supported */
388 if (0)
390 { /* resumed! */ 389 { /* resumed! */
391 resume_copy_required_values (session); 390 resume_copy_required_values (session);
392 session->internals.resumed = RESUME_TRUE; 391 session->internals.resumed = RESUME_TRUE;
@@ -2647,12 +2646,6 @@ _gnutls_handshake_common (gnutls_session_t session)
2647 IMED_RET ("recv handshake final 2", ret); 2646 IMED_RET ("recv handshake final 2", ret);
2648 } 2647 }
2649 2648
2650 if (session->security_parameters.entity == GNUTLS_SERVER)
2651 {
2652 /* in order to support session resuming */
2653 _gnutls_server_register_current_session (session);
2654 }
2655
2656 /* clear handshake buffer */ 2649 /* clear handshake buffer */
2657 _gnutls_handshake_hash_buffers_clear (session); 2650 _gnutls_handshake_hash_buffers_clear (session);
2658 return ret; 2651 return ret;
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h
index 5d30ac58..7791b554 100644
--- a/src/daemon/https/tls/gnutls_int.h
+++ b/src/daemon/https/tls/gnutls_int.h
@@ -380,7 +380,7 @@ typedef struct
380typedef struct 380typedef struct
381 { 381 {
382 unsigned int priority[MAX_ALGOS]; 382 unsigned int priority[MAX_ALGOS];
383 unsigned int algorithms; 383 unsigned int num_algorithms;
384 } priority_st; 384 } priority_st;
385 385
386/* For the external api */ 386/* For the external api */
@@ -391,6 +391,8 @@ struct gnutls_priority_st
391 priority_st kx; 391 priority_st kx;
392 priority_st compression; 392 priority_st compression;
393 priority_st protocol; 393 priority_st protocol;
394
395 /* certificate type : x509, OpenPGP, etc. */
394 priority_st cert_type; 396 priority_st cert_type;
395 397
396 /* to disable record padding */ 398 /* to disable record padding */
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c
index 0dfb27e3..cea6446b 100644
--- a/src/daemon/https/tls/gnutls_priority.c
+++ b/src/daemon/https/tls/gnutls_priority.c
@@ -56,7 +56,7 @@ gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
56 num++; 56 num++;
57 if (num > MAX_ALGOS) 57 if (num > MAX_ALGOS)
58 num = MAX_ALGOS; 58 num = MAX_ALGOS;
59 session->internals.priorities.cipher.algorithms = num; 59 session->internals.priorities.cipher.num_algorithms = num;
60 60
61 for (i = 0; i < num; i++) 61 for (i = 0; i < num; i++)
62 { 62 {
@@ -75,7 +75,7 @@ _set_priority (priority_st * st, const int *list)
75 num++; 75 num++;
76 if (num > MAX_ALGOS) 76 if (num > MAX_ALGOS)
77 num = MAX_ALGOS; 77 num = MAX_ALGOS;
78 st->algorithms = num; 78 st->num_algorithms = num;
79 79
80 for (i = 0; i < num; i++) 80 for (i = 0; i < num; i++)
81 { 81 {
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index e52cf922..68c83330 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -35,7 +35,6 @@
35#include "gnutls_hash_int.h" 35#include "gnutls_hash_int.h"
36#include "gnutls_cipher_int.h" 36#include "gnutls_cipher_int.h"
37#include "gnutls_algorithms.h" 37#include "gnutls_algorithms.h"
38#include "gnutls_db.h"
39#include "gnutls_auth_int.h" 38#include "gnutls_auth_int.h"
40#include "gnutls_num.h" 39#include "gnutls_num.h"
41#include "gnutls_record.h" 40#include "gnutls_record.h"
@@ -289,7 +288,7 @@ session_is_valid (gnutls_session_t session)
289 return 0; 288 return 0;
290} 289}
291 290
292/* Copies the record version into the headers. The 291/* Copies the record version into the headers. The
293 * version must have 2 bytes at least. 292 * version must have 2 bytes at least.
294 */ 293 */
295inline static void 294inline static void
@@ -316,7 +315,7 @@ copy_record_version (gnutls_session_t session,
316/* This function behaves exactly like write(). The only difference is 315/* This function behaves exactly like write(). The only difference is
317 * that it accepts, the gnutls_session_t and the content_type_t of data to 316 * that it accepts, the gnutls_session_t and the content_type_t of data to
318 * send (if called by the user the Content is specific) 317 * send (if called by the user the Content is specific)
319 * It is intended to transfer data, under the current session. 318 * It is intended to transfer data, under the current session.
320 * 319 *
321 * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. 320 * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
322 * This makes the function much easier to read, and more error resistant 321 * This makes the function much easier to read, and more error resistant
@@ -376,7 +375,7 @@ _gnutls_send_int (gnutls_session_t session,
376 else 375 else
377 data2send_size = sizeofdata; 376 data2send_size = sizeofdata;
378 377
379 /* Only encrypt if we don't have data to send 378 /* Only encrypt if we don't have data to send
380 * from the previous run. - probably interrupted. 379 * from the previous run. - probably interrupted.
381 */ 380 */
382 if (session->internals.record_send_buffer.length > 0) 381 if (session->internals.record_send_buffer.length > 0)
@@ -469,7 +468,7 @@ _gnutls_send_int (gnutls_session_t session,
469 return retval; 468 return retval;
470} 469}
471 470
472/* This function is to be called if the handshake was successfully 471/* This function is to be called if the handshake was successfully
473 * completed. This sends a Change Cipher Spec packet to the peer. 472 * completed. This sends a Change Cipher Spec packet to the peer.
474 */ 473 */
475ssize_t 474ssize_t
@@ -556,8 +555,8 @@ record_check_headers (gnutls_session_t session,
556 uint16_t * length, uint16_t * header_size) 555 uint16_t * length, uint16_t * header_size)
557{ 556{
558 557
559 /* Read the first two bytes to determine if this is a 558 /* Read the first two bytes to determine if this is a
560 * version 2 message 559 * version 2 message
561 */ 560 */
562 561
563 if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE 562 if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
@@ -565,7 +564,7 @@ record_check_headers (gnutls_session_t session,
565 { 564 {
566 565
567 /* if msb set and expecting handshake message 566 /* if msb set and expecting handshake message
568 * it should be SSL 2 hello 567 * it should be SSL 2 hello
569 */ 568 */
570 version[0] = 3; /* assume SSL 3.0 */ 569 version[0] = 3; /* assume SSL 3.0 */
571 version[1] = 0; 570 version[1] = 0;
@@ -593,7 +592,7 @@ record_check_headers (gnutls_session_t session,
593 version[0] = headers[1]; 592 version[0] = headers[1];
594 version[1] = headers[2]; 593 version[1] = headers[2];
595 594
596 /* No DECR_LEN, since headers has enough size. 595 /* No DECR_LEN, since headers has enough size.
597 */ 596 */
598 *length = _gnutls_read_uint16 (&headers[3]); 597 *length = _gnutls_read_uint16 (&headers[3]);
599 } 598 }
@@ -676,7 +675,7 @@ record_check_type (gnutls_session_t session,
676 */ 675 */
677 if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) 676 if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
678 { 677 {
679 /* If we have been expecting for an alert do 678 /* If we have been expecting for an alert do
680 */ 679 */
681 session->internals.read_eof = 1; 680 session->internals.read_eof = 1;
682 return GNUTLS_E_INT_RET_0; /* EOF */ 681 return GNUTLS_E_INT_RET_0; /* EOF */
@@ -911,7 +910,7 @@ begin:
911 } 910 }
912 911
913 /* Here we check if the Type of the received packet is 912 /* Here we check if the Type of the received packet is
914 * ok. 913 * ok.
915 */ 914 */
916 if ((ret = check_recv_type (recv_type)) < 0) 915 if ((ret = check_recv_type (recv_type)) < 0)
917 { 916 {
@@ -952,7 +951,7 @@ begin:
952 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; 951 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
953 } 952 }
954 953
955 /* check if we have that data into buffer. 954 /* check if we have that data into buffer.
956 */ 955 */
957 if ((ret = _gnutls_io_read_buffered (session, &recv_data, 956 if ((ret = _gnutls_io_read_buffered (session, &recv_data,
958 header_size + length, recv_type)) 957 header_size + length, recv_type))
@@ -1017,7 +1016,7 @@ begin:
1017 read_sequence_number), 1016 read_sequence_number),
1018 _gnutls_packet2str (recv_type), recv_type, decrypted_length); 1017 _gnutls_packet2str (recv_type), recv_type, decrypted_length);
1019 1018
1020 /* increase sequence number 1019 /* increase sequence number
1021 */ 1020 */
1022 if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) 1021 if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0)
1023 { 1022 {
@@ -1037,7 +1036,7 @@ begin:
1037 return ret; 1036 return ret;
1038 } 1037 }
1039 1038
1040 /* Get Application data from buffer 1039 /* Get Application data from buffer
1041 */ 1040 */
1042 if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type 1041 if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type
1043 == GNUTLS_HANDSHAKE 1042 == GNUTLS_HANDSHAKE
@@ -1051,7 +1050,7 @@ begin:
1051 return ret; 1050 return ret;
1052 } 1051 }
1053 1052
1054 /* if the buffer just got empty 1053 /* if the buffer just got empty
1055 */ 1054 */
1056 if (_gnutls_record_buffer_get_size (type, session) == 0) 1055 if (_gnutls_record_buffer_get_size (type, session) == 0)
1057 { 1056 {
@@ -1066,11 +1065,11 @@ begin:
1066 { 1065 {
1067 gnutls_assert (); 1066 gnutls_assert ();
1068 return GNUTLS_E_UNEXPECTED_PACKET; 1067 return GNUTLS_E_UNEXPECTED_PACKET;
1069 /* we didn't get what we wanted to 1068 /* we didn't get what we wanted to
1070 */ 1069 */
1071 } 1070 }
1072 1071
1073 /* (originally for) TLS 1.0 CBC protection. 1072 /* (originally for) TLS 1.0 CBC protection.
1074 * Actually this code is called if we just received 1073 * Actually this code is called if we just received
1075 * an empty packet. An empty TLS packet is usually 1074 * an empty packet. An empty TLS packet is usually
1076 * sent to protect some vulnerabilities in the CBC mode. 1075 * sent to protect some vulnerabilities in the CBC mode.
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c
index 541cc699..fb9b5e80 100644
--- a/src/daemon/https/tls/gnutls_session.c
+++ b/src/daemon/https/tls/gnutls_session.c
@@ -24,7 +24,7 @@
24#include "gnutls_int.h" 24#include "gnutls_int.h"
25#include "gnutls_errors.h" 25#include "gnutls_errors.h"
26#include "debug.h" 26#include "debug.h"
27#include <gnutls_session_pack.h> 27#include "gnutls_session_pack.h"
28#include <gnutls_datum.h> 28#include <gnutls_datum.h>
29 29
30/** 30/**
@@ -123,10 +123,10 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
123 * 123 *
124 * Returns the current session id. This can be used if you want to check if 124 * Returns the current session id. This can be used if you want to check if
125 * the next session you tried to resume was actually resumed. 125 * the next session you tried to resume was actually resumed.
126 * This is because resumed sessions have the same sessionID with the 126 * This is because resumed sessions have the same sessionID with the
127 * original session. 127 * original session.
128 * 128 *
129 * Session id is some data set by the server, that identify the current session. 129 * Session id is some data set by the server, that identify the current session.
130 * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. 130 * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.
131 * 131 *
132 * Returns zero on success. 132 * Returns zero on success.
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index ed4945b6..3e549c4c 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -54,6 +54,169 @@ static int unpack_security_parameters (gnutls_session_t session,
54static int pack_security_parameters (gnutls_session_t session, 54static int pack_security_parameters (gnutls_session_t session,
55 gnutls_datum_t * packed_session); 55 gnutls_datum_t * packed_session);
56 56
57/* Packs the ANON session authentication data. */
58#ifdef ENABLE_ANON
59
60/* Format:
61 * 1 byte the credentials type
62 * 4 bytes the size of the whole structure
63 * 2 bytes the size of secret key in bits
64 * 4 bytes the size of the prime
65 * x bytes the prime
66 * 4 bytes the size of the generator
67 * x bytes the generator
68 * 4 bytes the size of the public key
69 * x bytes the public key
70 */
71static int
72pack_anon_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session)
73{
74 anon_auth_info_t info = _gnutls_get_auth_info (session);
75 int pos = 0;
76 size_t pack_size;
77
78 if (info)
79 pack_size = 2 + 4 * 3 + info->dh.prime.size +
80 info->dh.generator.size + info->dh.public_key.size;
81 else
82 pack_size = 0;
83
84 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
85
86 /* calculate the size and allocate the data.
87 */
88 packed_session->data =
89 gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
90
91 if (packed_session->data == NULL)
92 {
93 gnutls_assert ();
94 return GNUTLS_E_MEMORY_ERROR;
95 }
96
97 packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
98 _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
99 pos += 4 + PACK_HEADER_SIZE;
100
101 if (pack_size > 0)
102 {
103 _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
104 pos += 2;
105
106 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
107 pos += 4 + info->dh.prime.size;
108 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
109 pos += 4 + info->dh.generator.size;
110 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
111 pos += 4 + info->dh.public_key.size;
112
113 }
114
115 return 0;
116}
117
118/* Format:
119 * 1 byte the credentials type
120 * 4 bytes the size of the whole structure
121 * 2 bytes the size of secret key in bits
122 * 4 bytes the size of the prime
123 * x bytes the prime
124 * 4 bytes the size of the generator
125 * x bytes the generator
126 * 4 bytes the size of the public key
127 * x bytes the public key
128 */
129static int
130unpack_anon_auth_info (gnutls_session_t session,
131 const gnutls_datum_t * packed_session)
132{
133 size_t pack_size;
134 int pos = 0, size, ret;
135 anon_auth_info_t info;
136
137 if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
138 {
139 gnutls_assert ();
140 return GNUTLS_E_INVALID_REQUEST;
141 }
142
143 pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
144 pos += PACK_HEADER_SIZE + 4;
145
146
147 if (pack_size == 0)
148 return 0; /* nothing to be done */
149
150 /* a simple check for integrity */
151 if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
152 {
153 gnutls_assert ();
154 return GNUTLS_E_INVALID_REQUEST;
155 }
156
157 /* client and serer have the same auth_info here
158 */
159 ret =
160 _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
161 sizeof (anon_auth_info_st), 1);
162 if (ret < 0)
163 {
164 gnutls_assert ();
165 return ret;
166 }
167
168 info = _gnutls_get_auth_info (session);
169 if (info == NULL)
170 {
171 gnutls_assert ();
172 return GNUTLS_E_INTERNAL_ERROR;
173 }
174
175 info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
176 pos += 2;
177
178 size = _gnutls_read_uint32 (&packed_session->data[pos]);
179 pos += 4;
180 ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
181 if (ret < 0)
182 {
183 gnutls_assert ();
184 goto error;
185 }
186 pos += size;
187
188 size = _gnutls_read_uint32 (&packed_session->data[pos]);
189 pos += 4;
190 ret =
191 _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
192 if (ret < 0)
193 {
194 gnutls_assert ();
195 goto error;
196 }
197 pos += size;
198
199 size = _gnutls_read_uint32 (&packed_session->data[pos]);
200 pos += 4;
201 ret =
202 _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
203 size);
204 if (ret < 0)
205 {
206 gnutls_assert ();
207 goto error;
208 }
209 pos += size;
210
211 return 0;
212
213error:
214 _gnutls_free_datum (&info->dh.prime);
215 _gnutls_free_datum (&info->dh.generator);
216 _gnutls_free_datum (&info->dh.public_key);
217 return ret;
218}
219#endif /* ANON */
57 220
58/* Since auth_info structures contain malloced data, this function 221/* Since auth_info structures contain malloced data, this function
59 * is required in order to pack these structures in a vector in 222 * is required in order to pack these structures in a vector in
@@ -121,7 +284,7 @@ _gnutls_session_pack (gnutls_session_t session,
121 284
122 } 285 }
123 286
124 /* Auth_info structures copied. Now copy security_parameters_st. 287 /* Auth_info structures copied. Now copy security_parameters_st.
125 * packed_session must have allocated space for the security parameters. 288 * packed_session must have allocated space for the security parameters.
126 */ 289 */
127 ret = pack_security_parameters (session, packed_session); 290 ret = pack_security_parameters (session, packed_session);
@@ -201,7 +364,7 @@ _gnutls_session_unpack (gnutls_session_t session,
201 364
202 } 365 }
203 366
204 /* Auth_info structures copied. Now copy security_parameters_st. 367 /* Auth_info structures copied. Now copy security_parameters_st.
205 * packed_session must have allocated space for the security parameters. 368 * packed_session must have allocated space for the security parameters.
206 */ 369 */
207 ret = unpack_security_parameters (session, packed_session); 370 ret = unpack_security_parameters (session, packed_session);
@@ -477,7 +640,7 @@ error:
477/* Packs the SRP session authentication data. 640/* Packs the SRP session authentication data.
478 */ 641 */
479 642
480/* Format: 643/* Format:
481 * 1 byte the credentials type 644 * 1 byte the credentials type
482 * 4 bytes the size of the SRP username (x) 645 * 4 bytes the size of the SRP username (x)
483 * x bytes the SRP username 646 * x bytes the SRP username
@@ -569,167 +732,12 @@ unpack_srp_auth_info (gnutls_session_t session,
569#endif 732#endif
570 733
571 734
572#ifdef ENABLE_ANON
573/* Packs the ANON session authentication data.
574 */
575
576/* Format:
577 * 1 byte the credentials type
578 * 4 bytes the size of the whole structure
579 * 2 bytes the size of secret key in bits
580 * 4 bytes the size of the prime
581 * x bytes the prime
582 * 4 bytes the size of the generator
583 * x bytes the generator
584 * 4 bytes the size of the public key
585 * x bytes the public key
586 */
587static int
588pack_anon_auth_info (gnutls_session_t session,
589 gnutls_datum_t * packed_session)
590{
591 anon_auth_info_t info = _gnutls_get_auth_info (session);
592 int pos = 0;
593 size_t pack_size;
594
595 if (info)
596 pack_size = 2 + 4 * 3 + info->dh.prime.size +
597 info->dh.generator.size + info->dh.public_key.size;
598 else
599 pack_size = 0;
600
601 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
602
603 /* calculate the size and allocate the data.
604 */
605 packed_session->data =
606 gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
607
608 if (packed_session->data == NULL)
609 {
610 gnutls_assert ();
611 return GNUTLS_E_MEMORY_ERROR;
612 }
613
614 packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
615 _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
616 pos += 4 + PACK_HEADER_SIZE;
617
618 if (pack_size > 0)
619 {
620 _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]);
621 pos += 2;
622
623 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime);
624 pos += 4 + info->dh.prime.size;
625 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator);
626 pos += 4 + info->dh.generator.size;
627 _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key);
628 pos += 4 + info->dh.public_key.size;
629
630 }
631
632 return 0;
633}
634
635
636static int
637unpack_anon_auth_info (gnutls_session_t session,
638 const gnutls_datum_t * packed_session)
639{
640 size_t pack_size;
641 int pos = 0, size, ret;
642 anon_auth_info_t info;
643
644 if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
645 {
646 gnutls_assert ();
647 return GNUTLS_E_INVALID_REQUEST;
648 }
649
650 pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
651 pos += PACK_HEADER_SIZE + 4;
652
653
654 if (pack_size == 0)
655 return 0; /* nothing to be done */
656
657 /* a simple check for integrity */
658 if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
659 {
660 gnutls_assert ();
661 return GNUTLS_E_INVALID_REQUEST;
662 }
663
664 /* client and serer have the same auth_info here
665 */
666 ret =
667 _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
668 sizeof (anon_auth_info_st), 1);
669 if (ret < 0)
670 {
671 gnutls_assert ();
672 return ret;
673 }
674
675 info = _gnutls_get_auth_info (session);
676 if (info == NULL)
677 {
678 gnutls_assert ();
679 return GNUTLS_E_INTERNAL_ERROR;
680 }
681
682 info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
683 pos += 2;
684
685 size = _gnutls_read_uint32 (&packed_session->data[pos]);
686 pos += 4;
687 ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
688 if (ret < 0)
689 {
690 gnutls_assert ();
691 goto error;
692 }
693 pos += size;
694
695 size = _gnutls_read_uint32 (&packed_session->data[pos]);
696 pos += 4;
697 ret =
698 _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
699 if (ret < 0)
700 {
701 gnutls_assert ();
702 goto error;
703 }
704 pos += size;
705
706 size = _gnutls_read_uint32 (&packed_session->data[pos]);
707 pos += 4;
708 ret =
709 _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
710 size);
711 if (ret < 0)
712 {
713 gnutls_assert ();
714 goto error;
715 }
716 pos += size;
717
718 return 0;
719
720error:
721 _gnutls_free_datum (&info->dh.prime);
722 _gnutls_free_datum (&info->dh.generator);
723 _gnutls_free_datum (&info->dh.public_key);
724 return ret;
725}
726#endif /* ANON */
727 735
728#ifdef ENABLE_PSK 736#ifdef ENABLE_PSK
729/* Packs the PSK session authentication data. 737/* Packs the PSK session authentication data.
730 */ 738 */
731 739
732/* Format: 740/* Format:
733 * 1 byte the credentials type 741 * 1 byte the credentials type
734 * 4 bytes the size of the whole structure 742 * 4 bytes the size of the whole structure
735 * 4 bytes the size of the PSK username (x) 743 * 4 bytes the size of the PSK username (x)
@@ -909,7 +917,7 @@ error:
909/* Packs the security parameters. 917/* Packs the security parameters.
910 */ 918 */
911 919
912/* Format: 920/* Format:
913 * 4 bytes the total security data size 921 * 4 bytes the total security data size
914 * 1 byte the entity type (client/server) 922 * 1 byte the entity type (client/server)
915 * 1 byte the key exchange algorithm used 923 * 1 byte the key exchange algorithm used
@@ -947,7 +955,7 @@ error:
947 * 955 *
948 * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) 956 * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS)
949 * 1 byte the first name type 957 * 1 byte the first name type
950 * 2 bytes the size of the first name 958 * 2 bytes the size of the first name
951 * x bytes the first name (MAX_SERVER_NAME_SIZE) 959 * x bytes the first name (MAX_SERVER_NAME_SIZE)
952 * and so on... 960 * and so on...
953 * 961 *
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 3fde3db4..3931b393 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -32,7 +32,6 @@
32#include <gnutls_auth_int.h> 32#include <gnutls_auth_int.h>
33#include <gnutls_num.h> 33#include <gnutls_num.h>
34#include <gnutls_datum.h> 34#include <gnutls_datum.h>
35#include <gnutls_db.h>
36#include <gnutls_record.h> 35#include <gnutls_record.h>
37#include <gnutls_handshake.h> 36#include <gnutls_handshake.h>
38#include <gnutls_dh.h> 37#include <gnutls_dh.h>
@@ -154,11 +153,11 @@ _gnutls_session_cert_type_supported (gnutls_session_t session,
154 } 153 }
155 } 154 }
156 155
157 if (session->internals.priorities.cert_type.algorithms == 0 && cert_type 156 if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type
158 == DEFAULT_CERT_TYPE) 157 == DEFAULT_CERT_TYPE)
159 return 0; 158 return 0;
160 159
161 for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++) 160 for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++)
162 { 161 {
163 if (session->internals.priorities.cert_type.priority[i] == cert_type) 162 if (session->internals.priorities.cert_type.priority[i] == cert_type)
164 { 163 {
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 7c84fa0a..a9b6829d 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -93,9 +93,9 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits)
93 * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status 93 * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status
94 * @session: is a gnutls session 94 * @session: is a gnutls session
95 * 95 *
96 * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). 96 * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
97 * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. 97 * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements.
98 * However you must also check the peer's name in order to check if the verified certificate belongs to the 98 * However you must also check the peer's name in order to check if the verified certificate belongs to the
99 * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. 99 * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
100 * 100 *
101 -*/ 101 -*/
@@ -178,7 +178,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
178 178
179 } 179 }
180 180
181 /* Verify certificate 181 /* Verify certificate
182 */ 182 */
183 ret = 183 ret =
184 gnutls_x509_crt_list_verify (peer_certificate_list, 184 gnutls_x509_crt_list_verify (peer_certificate_list,
@@ -522,7 +522,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts,
522 } 522 }
523 _gnutls_free_datum (&tmp); /* free ptr2 */ 523 _gnutls_free_datum (&tmp); /* free ptr2 */
524 524
525 /* now we move ptr after the pem header 525 /* now we move ptr after the pem header
526 */ 526 */
527 ptr++; 527 ptr++;
528 /* find the next certificate (if any) 528 /* find the next certificate (if any)
@@ -794,18 +794,18 @@ read_key_file (gnutls_certificate_credentials_t res,
794 * @key: is the private key, or %NULL 794 * @key: is the private key, or %NULL
795 * @type: is PEM or DER 795 * @type: is PEM or DER
796 * 796 *
797 * This function sets a certificate/private key pair in the 797 * This function sets a certificate/private key pair in the
798 * gnutls_certificate_credentials_t structure. This function may be called 798 * gnutls_certificate_credentials_t structure. This function may be called
799 * more than once (in case multiple keys/certificates exist for the 799 * more than once (in case multiple keys/certificates exist for the
800 * server). 800 * server).
801 * 801 *
802 * Currently are supported: RSA PKCS-1 encoded private keys, 802 * Currently are supported: RSA PKCS-1 encoded private keys,
803 * DSA private keys. 803 * DSA private keys.
804 * 804 *
805 * DSA private keys are encoded the OpenSSL way, which is an ASN.1 805 * DSA private keys are encoded the OpenSSL way, which is an ASN.1
806 * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. 806 * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
807 * 807 *
808 * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates 808 * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
809 * is supported. This means that certificates intended for signing cannot 809 * is supported. This means that certificates intended for signing cannot
810 * be used for ciphersuites that require encryption. 810 * be used for ciphersuites that require encryption.
811 * 811 *
@@ -825,7 +825,7 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
825{ 825{
826 int ret; 826 int ret;
827 827
828 /* this should be first 828 /* this should be first
829 */ 829 */
830 if ((ret = read_key_mem (res, key ? key->data : NULL, 830 if ((ret = read_key_mem (res, key ? key->data : NULL,
831 key ? key->size : 0, type)) < 0) 831 key ? key->size : 0, type)) < 0)
@@ -867,7 +867,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
867{ 867{
868 int ret, i; 868 int ret, i;
869 869
870 /* this should be first 870 /* this should be first
871 */ 871 */
872 872
873 res->pkey = 873 res->pkey =
@@ -956,7 +956,7 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
956{ 956{
957 int ret; 957 int ret;
958 958
959 /* this should be first 959 /* this should be first
960 */ 960 */
961 if ((ret = read_key_file (res, KEYFILE, type)) < 0) 961 if ((ret = read_key_file (res, KEYFILE, type)) < 0)
962 return ret; 962 return ret;
@@ -983,7 +983,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
983 unsigned size, i; 983 unsigned size, i;
984 opaque *pdata; 984 opaque *pdata;
985 985
986 /* Generate the RDN sequence 986 /* Generate the RDN sequence
987 * This will be sent to clients when a certificate 987 * This will be sent to clients when a certificate
988 * request message is sent. 988 * request message is sent.
989 */ 989 */
@@ -1036,11 +1036,8 @@ generate_rdn_seq (gnutls_certificate_credentials_t res)
1036 return 0; 1036 return 0;
1037} 1037}
1038 1038
1039 1039/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
1040 1040 * certificate (uses the KeyUsage field).
1041
1042/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
1043 * certificate (uses the KeyUsage field).
1044 */ 1041 */
1045int 1042int
1046_gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) 1043_gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg)
@@ -1158,7 +1155,7 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
1158 return ret; 1155 return ret;
1159 } 1156 }
1160 1157
1161 /* now we move ptr after the pem header 1158 /* now we move ptr after the pem header
1162 */ 1159 */
1163 ptr++; 1160 ptr++;
1164 size--; 1161 size--;
@@ -1452,7 +1449,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
1452 return ret; 1449 return ret;
1453 } 1450 }
1454 1451
1455 /* now we move ptr after the pem header 1452 /* now we move ptr after the pem header
1456 */ 1453 */
1457 ptr++; 1454 ptr++;
1458 /* find the next certificate (if any) 1455 /* find the next certificate (if any)
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h
index 41878ff2..3c75dff5 100644
--- a/src/daemon/https/x509/pkcs12.h
+++ b/src/daemon/https/x509/pkcs12.h
@@ -23,7 +23,6 @@
23 */ 23 */
24 24
25/* TODO clean */ 25/* TODO clean */
26
27#ifndef GNUTLS_PKCS12_H 26#ifndef GNUTLS_PKCS12_H
28#define GNUTLS_PKCS12_H 27#define GNUTLS_PKCS12_H
29 28
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 612b18da..796e5ad1 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -627,8 +627,13 @@ struct MHD_Daemon
627 unsigned short port; 627 unsigned short port;
628 628
629#if HTTPS_SUPPORT 629#if HTTPS_SUPPORT
630 /* server credintials */ 630 gnutls_credentials_type_t cred_type;
631 gnutls_certificate_credentials_t x509_cret; 631
632 /* server x509 credintials */
633 gnutls_certificate_credentials_t x509_cred;
634
635 /* credentials used for anonymous authentication */
636 gnutls_anon_server_credentials_t anon_cred;
632 637
633 /* cipher priority cache */ 638 /* cipher priority cache */
634 gnutls_priority_t priority_cache; 639 gnutls_priority_t priority_cache;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index a934c16e..8a1fe022 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -64,8 +64,6 @@
64 * depend on your platform; for possible suggestions consult 64 * depend on your platform; for possible suggestions consult
65 * "platform.h" in the MHD distribution). 65 * "platform.h" in the MHD distribution).
66 * 66 *
67 * TODO:
68 * - Add option codes for SSL support
69 */ 67 */
70 68
71#ifndef MHD_MICROHTTPD_H 69#ifndef MHD_MICROHTTPD_H
@@ -380,6 +378,13 @@ enum MHD_OPTION
380 MHD_OPTION_HTTPS_MEM_CERT, 378 MHD_OPTION_HTTPS_MEM_CERT,
381 379
382 /* 380 /*
381 * daemon credentials type. either certificate or anonymous,
382 * this option should be followed by one of the values listed in
383 * gnutls_credentials_type_t.
384 */
385 MHD_OPTION_CRED_TYPE,
386
387 /*
383 * SSL/TLS protocol version 388 * SSL/TLS protocol version
384 * 389 *
385 * Memory pointer to a zero terminated int array representing the 390 * Memory pointer to a zero terminated int array representing the
@@ -714,11 +719,17 @@ typedef int
714 */ 719 */
715struct MHD_Daemon * 720struct MHD_Daemon *
716MHD_start_daemon_va (unsigned int options, 721MHD_start_daemon_va (unsigned int options,
717 unsigned short port, 722 unsigned short port, char * ip,
718 MHD_AcceptPolicyCallback apc, 723 MHD_AcceptPolicyCallback apc,
719 void *apc_cls, 724 void *apc_cls,
720 MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); 725 MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap);
721 726
727struct MHD_Daemon *
728MHD_start_daemon_ip (unsigned int options,
729 unsigned short port, char *ip,
730 MHD_AcceptPolicyCallback apc,
731 void *apc_cls,
732 MHD_AccessHandlerCallback dh, void *dh_cls, ...);
722 733
723/* 734/*
724 * Variadic version of MHD_start_daemon_va. This function will delegate calls 735 * Variadic version of MHD_start_daemon_va. This function will delegate calls
@@ -1025,6 +1036,7 @@ typedef enum
1025 MHD_GNUTLS_KX_SRP_DSS 1036 MHD_GNUTLS_KX_SRP_DSS
1026} gnutls_kx_algorithm_t; 1037} gnutls_kx_algorithm_t;
1027 1038
1039/* server credentials type */
1028typedef enum 1040typedef enum
1029{ 1041{
1030 MHD_GNUTLS_CRD_CERTIFICATE = 1, 1042 MHD_GNUTLS_CRD_CERTIFICATE = 1,
@@ -1034,6 +1046,7 @@ typedef enum
1034 MHD_GNUTLS_CRD_IA 1046 MHD_GNUTLS_CRD_IA
1035} gnutls_credentials_type_t; 1047} gnutls_credentials_type_t;
1036 1048
1049/* mac algorithm */
1037typedef enum 1050typedef enum
1038{ 1051{
1039 MHD_GNUTLS_MAC_UNKNOWN = 0, 1052 MHD_GNUTLS_MAC_UNKNOWN = 0,
@@ -1056,7 +1069,7 @@ typedef enum
1056 MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 1069 MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256
1057} gnutls_digest_algorithm_t; 1070} gnutls_digest_algorithm_t;
1058 1071
1059 1072/* compression method */
1060typedef enum 1073typedef enum
1061{ 1074{
1062 MHD_GNUTLS_COMP_UNKNOWN = 0, 1075 MHD_GNUTLS_COMP_UNKNOWN = 0,
@@ -1067,6 +1080,7 @@ typedef enum
1067 */ 1080 */
1068} gnutls_compression_method_t; 1081} gnutls_compression_method_t;
1069 1082
1083/* protocol type */
1070typedef enum 1084typedef enum
1071{ 1085{
1072 MHD_GNUTLS_SSL3 = 1, 1086 MHD_GNUTLS_SSL3 = 1,
@@ -1076,6 +1090,7 @@ typedef enum
1076 MHD_GNUTLS_VERSION_UNKNOWN = 0xff 1090 MHD_GNUTLS_VERSION_UNKNOWN = 0xff
1077} gnutls_protocol_t; 1091} gnutls_protocol_t;
1078 1092
1093/* certificate_type */
1079typedef enum 1094typedef enum
1080{ 1095{
1081 MHD_GNUTLS_CRT_UNKNOWN = 0, 1096 MHD_GNUTLS_CRT_UNKNOWN = 0,
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c
index 67b489b7..4c8b482d 100644
--- a/src/testcurl/https/tls_alert_test.c
+++ b/src/testcurl/https/tls_alert_test.c
@@ -62,7 +62,7 @@ setup (gnutls_session_t * session,
62 gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) 62 gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred)
63{ 63{
64 int ret; 64 int ret;
65 const char **err_pos; 65 const char ** err_pos;
66 66
67 gnutls_certificate_allocate_credentials (xcred); 67 gnutls_certificate_allocate_credentials (xcred);
68 68
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c
index a12ce93f..58d95cf1 100644
--- a/src/testcurl/https/tls_authentication_test.c
+++ b/src/testcurl/https/tls_authentication_test.c
@@ -39,10 +39,12 @@
39 39
40extern int curl_check_version (const char *req_version, ...); 40extern int curl_check_version (const char *req_version, ...);
41 41
42const int DEBUG_GNUTLS_LOG_LEVEL = 6;
42const char *ca_cert_file_name = "ca_cert_pem"; 43const char *ca_cert_file_name = "ca_cert_pem";
43const char *test_file_name = "https_test_file"; 44const char *test_file_name = "https_test_file";
44const char test_file_data[] = "Hello World\n"; 45const char test_file_data[] = "Hello World\n";
45 46
47
46struct CBC 48struct CBC
47{ 49{
48 char *buf; 50 char *buf;
@@ -173,8 +175,8 @@ test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version)
173#endif 175#endif
174 curl_easy_setopt (c, CURLOPT_URL, url); 176 curl_easy_setopt (c, CURLOPT_URL, url);
175 curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); 177 curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
176 curl_easy_setopt (c, CURLOPT_TIMEOUT, 3L); 178 curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
177 curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 3L); 179 curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
178 curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer); 180 curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
179 curl_easy_setopt (c, CURLOPT_FILE, &cbc); 181 curl_easy_setopt (c, CURLOPT_FILE, &cbc);
180 182
@@ -224,14 +226,13 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version)
224{ 226{
225 int ret; 227 int ret;
226 struct MHD_Daemon *d; 228 struct MHD_Daemon *d;
227 int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 };
228 229
229 d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | 230 d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
230 MHD_USE_DEBUG, 42433, 231 MHD_USE_DEBUG, 42433,
231 NULL, NULL, &http_ahc, NULL, 232 NULL, NULL, &http_ahc, NULL,
232 MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, 233 MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem,
233 MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem, 234 MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem,
234 MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); 235 MHD_OPTION_END);
235 236
236 if (d == NULL) 237 if (d == NULL)
237 { 238 {
@@ -308,7 +309,7 @@ main (int argc, char *const *argv)
308 FILE *test_fd; 309 FILE *test_fd;
309 unsigned int errorCount = 0; 310 unsigned int errorCount = 0;
310 311
311 /* gnutls_global_set_log_level (11); */ 312 gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
312 313
313 if (curl_check_version (MHD_REQ_CURL_VERSION)) 314 if (curl_check_version (MHD_REQ_CURL_VERSION))
314 { 315 {
@@ -330,7 +331,7 @@ main (int argc, char *const *argv)
330 } 331 }
331 332
332 errorCount += 333 errorCount +=
333 test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); 334 test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
334 335
335 if (errorCount != 0) 336 if (errorCount != 0)
336 fprintf (stderr, "Failed test: %s.\n", argv[0]); 337 fprintf (stderr, "Failed test: %s.\n", argv[0]);
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index 95accebb..59205199 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -32,6 +32,7 @@
32#include "gnutls.h" 32#include "gnutls.h"
33#include <curl/curl.h> 33#include <curl/curl.h>
34 34
35#define DEBUG_CURL_VERBOSE 0
35#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" 36#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
36 37
37#define MHD_E_MEM "Error: memory error\n" 38#define MHD_E_MEM "Error: memory error\n"
@@ -42,6 +43,7 @@
42 43
43#include "tls_test_keys.h" 44#include "tls_test_keys.h"
44 45
46const int DEBUG_GNUTLS_LOG_LEVEL = 0;
45const char *test_file_name = "https_test_file"; 47const char *test_file_name = "https_test_file";
46const char test_file_data[] = "Hello World\n"; 48const char test_file_data[] = "Hello World\n";
47 49
@@ -123,7 +125,7 @@ http_ahc (void *cls, struct MHD_Connection *connection,
123 * @param test_fd: file to attempt transfering 125 * @param test_fd: file to attempt transfering
124 */ 126 */
125static int 127static int
126test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) 128test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
127{ 129{
128 CURL *c; 130 CURL *c;
129 CURLcode errornum; 131 CURLcode errornum;
@@ -172,7 +174,7 @@ test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version)
172 doc_path, test_file_name); 174 doc_path, test_file_name);
173 175
174 c = curl_easy_init (); 176 c = curl_easy_init ();
175#ifdef DEBUG 177#if DEBUG_CURL_VERBOSE
176 curl_easy_setopt (c, CURLOPT_VERBOSE, 1); 178 curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
177#endif 179#endif
178 curl_easy_setopt (c, CURLOPT_URL, url); 180 curl_easy_setopt (c, CURLOPT_URL, url);
@@ -249,14 +251,11 @@ setupTestFile ()
249} 251}
250 252
251static int 253static int
252setup (struct MHD_Daemon **d, enum MHD_OPTION option, void * value ) 254setup (struct MHD_Daemon **d, va_list arg_list)
253{ 255{
254 *d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | 256 *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
255 MHD_USE_DEBUG, 42433, 257 MHD_USE_DEBUG, 42433, "127.0.0.1",
256 NULL, NULL, &http_ahc, NULL, 258 NULL, NULL, &http_ahc, NULL, arg_list);
257 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
258 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
259 option, value, MHD_OPTION_END);
260 259
261 if (*d == NULL) 260 if (*d == NULL)
262 { 261 {
@@ -273,19 +272,37 @@ teardown (struct MHD_Daemon *d)
273 MHD_stop_daemon (d); 272 MHD_stop_daemon (d);
274} 273}
275 274
275/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
276int 276int
277test_wrap (int 277test_wrap (char *test_name, int
278 (*test) (FILE * test_fd, char *cipher_suite, int proto_version), 278 (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
279 FILE * test_fd, char *cipher_suite, int proto_version, 279 FILE * test_fd, char *cipher_suite, int proto_version, ...)
280 enum MHD_OPTION option, void * value)
281{ 280{
282 int ret; 281 int ret;
282 va_list arg_list;
283 struct MHD_Daemon *d; 283 struct MHD_Daemon *d;
284 284
285 if (setup (&d, option, value) != 0) 285 va_start (arg_list, proto_version);
286 return -1; 286 if (setup (&d, arg_list) != 0)
287 {
288 va_end (arg_list);
289 return -1;
290 }
291
292 fprintf (stdout, "running test: %s ", test_name);
287 ret = test (test_fd, cipher_suite, proto_version); 293 ret = test (test_fd, cipher_suite, proto_version);
294
295 if (ret == 0)
296 {
297 fprintf (stdout, "[pass]\n");
298 }
299 else
300 {
301 fprintf (stdout, "[fail]\n");
302 }
303
288 teardown (d); 304 teardown (d);
305 va_end (arg_list);
289 return ret; 306 return ret;
290} 307}
291 308
@@ -336,6 +353,9 @@ test_file_certificates (FILE * test_fd, char *cipher_suite, int proto_version)
336 return ret; 353 return ret;
337} 354}
338 355
356/*
357 * test server refuses to negotiate connections with unsupported protocol versions
358 */
339int 359int
340test_protocol_version (FILE * test_fd, char *cipher_suite, 360test_protocol_version (FILE * test_fd, char *cipher_suite,
341 int curl_proto_version) 361 int curl_proto_version)
@@ -344,7 +364,7 @@ test_protocol_version (FILE * test_fd, char *cipher_suite,
344 CURLcode errornum; 364 CURLcode errornum;
345 365
346 c = curl_easy_init (); 366 c = curl_easy_init ();
347#ifdef DEBUG 367#if DEBUG_CURL_VERBOSE
348 curl_easy_setopt (c, CURLOPT_VERBOSE, 1); 368 curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
349#endif 369#endif
350 curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); 370 curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
@@ -384,7 +404,7 @@ main (int argc, char *const *argv)
384 FILE *test_fd; 404 FILE *test_fd;
385 unsigned int errorCount = 0; 405 unsigned int errorCount = 0;
386 406
387 gnutls_global_set_log_level(11); 407 gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
388 408
389 if (curl_check_version (MHD_REQ_CURL_VERSION)) 409 if (curl_check_version (MHD_REQ_CURL_VERSION))
390 { 410 {
@@ -403,54 +423,61 @@ main (int argc, char *const *argv)
403 return -1; 423 return -1;
404 } 424 }
405 425
406 int mac[] = {MHD_GNUTLS_MAC_SHA1, 0}; 426 int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 };
407 int p [] = {MHD_GNUTLS_SSL3, 0}; 427 int p[] = { MHD_GNUTLS_SSL3, 0 };
408 int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; 428 int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
409 int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; 429 int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
410
411
412// errorCount +=
413// test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
414// CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0);
415// errorCount +=
416// test_wrap (&test_file_certificates, test_fd, "AES256-SHA",
417// CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0);
418//
419// errorCount +=
420// test_wrap (&test_protocol_version, test_fd, "AES256-SHA",
421// CURL_SSLVERSION_TLSv1, MHD_OPTION_PROTOCOL_VERSION, p);
422//
423// errorCount +=
424// test_wrap (&test_https_transfer, test_fd, "DES-CBC3-SHA",
425// CURL_SSLVERSION_TLSv1, MHD_OPTION_CIPHER_ALGORITHM, cipher);
426 430
427 errorCount += 431 errorCount +=
428 test_wrap (&test_https_transfer, test_fd, "AES256-SHA", 432 test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA",
429 CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, mac); 433 CURL_SSLVERSION_TLSv1,
430 434 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
431 // errorCount += 435 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
432 // test_wrap (&test_https_transfer, test_fd, "EDH-RSA-DES-CBC3-SHA", 436 MHD_OPTION_END);
433 // CURL_SSLVERSION_TLSv1, MHD_OPTION_KX_PRIORITY, kx); 437 errorCount +=
438 test_wrap ("file certificates", &test_file_certificates, test_fd,
439 "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
440 srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
441 srv_self_signed_cert_pem, MHD_OPTION_END);
442 errorCount +=
443 test_wrap ("protocol_version", &test_protocol_version, test_fd,
444 "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
445 srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
446 srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p,
447 MHD_OPTION_END);
448 errorCount +=
449 test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd,
450 "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
451 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
452 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
453 MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_END);
454 errorCount +=
455 test_wrap ("mac SH1", &test_https_transfer, test_fd, "AES256-SHA",
456 CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
457 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
458 MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END);
459 errorCount +=
460 test_wrap ("kx ANON_DH", &test_https_transfer, test_fd,
461 "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
462 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
463 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
464 MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
465 MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
466 kx, MHD_OPTION_END);
434 467
435 /*gnutls_mac_algorithm_t mac[] = { 468 /*gnutls_mac_algorithm_t mac[] = {
436 {MHD_GNUTLS_MAC_MD5, 0}, 0}; 469 {MHD_GNUTLS_MAC_MD5, 0}, 0};
437 gnutls_mac_algorithm_t * cur_mac; 470 gnutls_mac_algorithm_t * cur_mac;
438
439 for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){
440 option[0] = MHD_GNUTLS_MAC_SHA1;
441 errorCount +=
442 test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
443 CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option);
444 }*/
445
446 471
472 for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){
473 option[0] = MHD_GNUTLS_MAC_SHA1;
474 errorCount +=
475 test_wrap (&test_https_transfer, test_fd, "AES256-SHA",
476 CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option);
477 } */
447 478
448 if (errorCount != 0) 479 if (errorCount != 0)
449 fprintf (stderr, "Failed test: %s.\n", argv[0]); 480 fprintf (stderr, "Failed test: %s.\n", argv[0]);
450 else
451 {
452 fprintf (stderr, "ok\n");
453 }
454 481
455 curl_global_cleanup (); 482 curl_global_cleanup ();
456 fclose (test_fd); 483 fclose (test_fd);
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c
index 846bdd10..745c8d53 100644
--- a/src/testcurl/https/tls_session_time_out_test.c
+++ b/src/testcurl/https/tls_session_time_out_test.c
@@ -101,7 +101,6 @@ static int
101test_tls_session_time_out (gnutls_session_t session) 101test_tls_session_time_out (gnutls_session_t session)
102{ 102{
103 int sd, ret; 103 int sd, ret;
104 char *url = "https://localhost:42433/";
105 struct sockaddr_in sa; 104 struct sockaddr_in sa;
106 105
107 sd = socket (AF_INET, SOCK_STREAM, 0); 106 sd = socket (AF_INET, SOCK_STREAM, 0);
@@ -153,8 +152,8 @@ main (int argc, char *const *argv)
153 gnutls_global_init (); 152 gnutls_global_init ();
154 gnutls_global_set_log_level (11); 153 gnutls_global_set_log_level (11);
155 154
156 d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | 155 d = MHD_start_daemon_ip(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
157 MHD_USE_DEBUG, 42433, 156 MHD_USE_DEBUG, 42433, "127.0.0.1",
158 NULL, NULL, &http_ahc, NULL, 157 NULL, NULL, &http_ahc, NULL,
159 MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, 158 MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
160 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 159 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h
index aca0639c..871f99b1 100644
--- a/src/testcurl/https/tls_test_keys.h
+++ b/src/testcurl/https/tls_test_keys.h
@@ -24,105 +24,106 @@
24 24
25/* Certificate Authority key */ 25/* Certificate Authority key */
26const char ca_key_pem[] = 26const char ca_key_pem[] =
27 "-----BEGIN RSA PRIVATE KEY-----\n" 27 "-----BEGIN RSA PRIVATE KEY-----\n"
28 "MIIEpAIBAAKCAQEA3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eB\n" 28 "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n"
29 "jiMegQJsJWFQT/CW8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCv\n" 29 "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n"
30 "nQ73wCIdCJoVyJbRN0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbq\n" 30 "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n"
31 "r9oVciRCQGgrmwEJdPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo1\n" 31 "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n"
32 "1cSmRbv5dkCHbx+youLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS\n" 32 "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n"
33 "0Zo+njEW6vRbmSMkrA1kH45+alN50X11mSgfoQIDAQABAoIBAAmLu+4Ushpdi5Sd\n" 33 "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n"
34 "P1cidjDFXfDaao5I2LTroghpnNyfaiT+zbj1jctu7K1luuX+Lh7+ZKIGH6RhVP8g\n" 34 "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n"
35 "R9eYBeyWHDsWJwPqCQJkrHR7LCkEfgkRAkaUZsSgzTqCWqUAeFa/xaQcdDcOu/nR\n" 35 "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n"
36 "DKMUexYmz4ZU+VJxPhWHzGuxhxM85uJOPK3rCaYCJoo1vMpF7MeFFvVljhSdyht5\n" 36 "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n"
37 "KD0w6qP0Y+vDe4cD/4W3wq82qXCFPA5oImjSJveEIJumPIjOyLFF+9p9V6hzg8Em\n" 37 "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n"
38 "48cpXcV3SsbaqTr6mSQl6b15zVwWq4CCt4mkeu6vK9PGzdnBiUmWaSXfprDwHaB3\n" 38 "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n"
39 "t1N0GRECgYEA5gP0gmZQDDJTlaGK9Z6pWiwpMBUoYcnqvCn8MQ5uPQn+KZir19AJ\n" 39 "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n"
40 "PkVLfWT9Dcaf3+2d0kBBgGYFWL+wK8DgrqALiLJfM6gP3Ts7G6Bis4GFdWY9aUnT\n" 40 "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n"
41 "6ZhRYdzetVArhTZBRKh8ERQNPy4TmzWDtjVUAfezUcvXqOjl9H5Q01ECgYEA+C2b\n" 41 "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n"
42 "i05t/RYcU0eFVYK8Yfl3jZJiopMdYwXCSCO21Ag2i0fjKC89rCmLlliffSSuDtNk\n" 42 "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n"
43 "xFsaSjns8Vyl7sjMcAOfsGokiUIcFnK/LyVoc3ie2NCiLVzw6zKK8lJ4bhn4afnv\n" 43 "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n"
44 "N9RKXP76emb8MaZroKlKkhMR8f2BvzXbv2NyU1ECgYEAtJeAXu1zhc/xnjaiQqxa\n" 44 "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n"
45 "rMilYfIKrZR571hLgDyjQttYqVIMAbp9t11yorYqlKlRFuCaG9yFUQlIw2BlMkUS\n" 45 "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n"
46 "YyiXRbE+W/Fk2z7I7qzjMarMnNsz9jmX3vzPULW4ScTzFnj9j6l1F3eV2vgTPrYq\n" 46 "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n"
47 "fmGqXo0bRmp0HVMWUPrn/LECgYEA3qHTQkHGS16VZGPpiY8xPVbUV8z07NC6cQVO\n" 47 "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n"
48 "hvZ64XTIsWN4tKjEU3glf2bbFCFef3BFmhv71pBmLRMmy7GYK/gkPdbKFdOXbM/d\n" 48 "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n"
49 "EAcnz0ZqgSeQBM+2U9dQbBdtb5+eiDsszNGFMC2QN1PBcyzOqh6UBbxTwdjfls9S\n" 49 "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n"
50 "5Trp6TECgYAzCZmmJuBW6WDK5ttOF/do6r0aurHr2mOr8oYxmBkhI3wphyUMNuaH\n" 50 "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n"
51 "rUk+R8LAmC1U4MbvvqoZH27xe+xd25mn6whitgZBH3DIetN7myDJep8wEG6aW4R5\n" 51 "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n"
52 "S82zk+LQJ7LTa1nPVPMS10qUXSH9cjShhszfeRIQM+lWbPoaEuo3yQ==\n" 52 "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n"
53 "-----END RSA PRIVATE KEY-----\n"; 53 "-----END RSA PRIVATE KEY-----\n";
54 54
55/* Certificate Authority cert */ 55/* Certificate Authority cert */
56const char ca_cert_pem[] = 56const char ca_cert_pem[] =
57 "-----BEGIN CERTIFICATE-----\n" 57 "-----BEGIN CERTIFICATE-----\n"
58 "MIIC6DCCAdKgAwIBAgIESHv2uDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" 58 "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
59 "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMDA0MFoXDTA5MDcxNTAxMDA0MFowFzEVMBMG\n" 59 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n"
60 "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" 60 "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n"
61 "3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eBjiMegQJsJWFQT/CW\n" 61 "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n"
62 "8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCvnQ73wCIdCJoVyJbR\n" 62 "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n"
63 "N0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbqr9oVciRCQGgrmwEJ\n" 63 "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n"
64 "dPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo11cSmRbv5dkCHbx+y\n" 64 "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n"
65 "ouLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS0Zo+njEW6vRbmSMk\n" 65 "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n"
66 "rA1kH45+alN50X11mSgfoQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" 66 "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n"
67 "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFB3x03+3Qa2SDwRF6RkNcjg9zRHJMAsGCSqG\n" 67 "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n"
68 "SIb3DQEBBQOCAQEAjPoKMve8aqtL8fFXfSkYwLJUwuTG4E4mX804O5dsdvOEWR2/\n" 68 "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n"
69 "UQm5IDiAZ3fnHE8zh0C1Kg+dWnCv0i1Q5CYZJ5sSY3tKikG5UBPVJGV1tT0vDfmJ\n" 69 "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n"
70 "X7b52y35eN8qe5DsdyDAcF2GNRBU8opkLkyXb8U095AQiCHzTPpiesZd5phJlMPm\n" 70 "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n"
71 "AJaB4VtHAykDMeKd7HJAeelRi/1dP8xsYNc1z67cSrkt2f+B0WAyuAUBBr1NdYmS\n" 71 "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n"
72 "duegptXCh8OeGEL/v6mbIWoszDbOjk/0zwsgW8BD/eXaZgPPEUtmHizYPIRPdeW1\n" 72 "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n"
73 "MSCwccjl/XjDkIoN8kKss4Ftt+Wyajjjxeh6YA==\n" "-----END CERTIFICATE-----\n"; 73 "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n"
74 "-----END CERTIFICATE-----\n";
74 75
75/* test server CA signed certificates */ 76/* test server CA signed certificates */
76const char srv_signed_cert_pem[] = 77const char srv_signed_cert_pem[] =
77 "-----BEGIN CERTIFICATE-----\n" 78 "-----BEGIN CERTIFICATE-----\n"
78 "MIIDHzCCAgmgAwIBAgIESHv6kTALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" 79 "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n"
79 "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMTcwNVoXDTA5MDcxNTAxMTcwNVowGzEZMBcG\n" 80 "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n"
80 "A1UEAxMQdGVzdF9zZXJ2ZXJfY2VydDCCAR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJ\n" 81 "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n"
81 "AoIBAJIY2+Wn+TRHIJ92tpNvCIE6FOsGclRxOFJwK0T6k3SK68LwQ9PkQTTB/DJu\n" 82 "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n"
82 "+hU2u6w6lt1+Q8PHTDMLtnkEeXnxPn1uQZnnMEBcHAGY1U99iJh0At68AyoG7nkb\n" 83 "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n"
83 "AzgzxxjMom+dEhGEFHOg9JKmJp138RzIWcMN2l4pKIryiBUh5AWt/7uqtA+9fQMq\n" 84 "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n"
84 "nOeO8OU5FM3eKevl3VSZ6usptbePbUDNs5uEmG+PTR0bc2rYgGeC4+wExWcJ+CAq\n" 85 "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n"
85 "voNVPno//MoMeJjWgXqF4wTBFdfsewngkflwRDPuZuLsxVrKnIx6jsBKIMuhVuxT\n" 86 "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n"
86 "66vnEmuR34TUIzLlVPcJ5wmby2UCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNV\n" 87 "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n"
87 "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBSHX75y\n" 88 "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n"
88 "gpEjstognUu4If50qWXQaDAfBgNVHSMEGDAWgBQd8dN/t0Gtkg8ERekZDXI4Pc0R\n" 89 "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n"
89 "yTALBgkqhkiG9w0BAQUDggEBAF56YMCdp0C88ZF9yaXJZ4PMuTpW83Mhg5Ar0a9H\n" 90 "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n"
90 "DasF58p8eeRLhsTJPi+NpFSMTujEabGS3+8l6Iu5F5stFgvbvnjLHdYu2Pjakos8\n" 91 "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n"
91 "NjZCCkuEmIO4PLd6h5ToOZf3ZXNHmFjRTtKHQKNrYizlHlgnEDcUbU4gB5KOg3jU\n" 92 "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n"
92 "rv/Mtar+5LRK7KvByswp26nRH1ijGV23sy9StK7tV/cJPe/UkxyUfSQwUmQzzWe6\n" 93 "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n"
93 "QGAQtppUjGabWXjuLuOUyiG5LReYC5ri7XZuVekCAfUHbOdPYTHPczvpKBnUyKIv\n" 94 "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n"
94 "BRKOarmNfNc3w5G7Ast3jNOE2JfiJ8+x9+rMWI01PlWVYvQ=\n" 95 "aO/omlvGHrI=\n"
95 "-----END CERTIFICATE-----\n"; 96 "-----END CERTIFICATE-----\n";
96 97
97/* test server key */ 98/* test server key */
98const char srv_signed_key_pem[] = 99const char srv_signed_key_pem[] =
99 "-----BEGIN RSA PRIVATE KEY-----\n" 100 "-----BEGIN RSA PRIVATE KEY-----\n"
100 "MIIEpAIBAAKCAQEAkhjb5af5NEcgn3a2k28IgToU6wZyVHE4UnArRPqTdIrrwvBD\n" 101 "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n"
101 "0+RBNMH8Mm76FTa7rDqW3X5Dw8dMMwu2eQR5efE+fW5BmecwQFwcAZjVT32ImHQC\n" 102 "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n"
102 "3rwDKgbueRsDODPHGMyib50SEYQUc6D0kqYmnXfxHMhZww3aXikoivKIFSHkBa3/\n" 103 "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n"
103 "u6q0D719Ayqc547w5TkUzd4p6+XdVJnq6ym1t49tQM2zm4SYb49NHRtzatiAZ4Lj\n" 104 "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n"
104 "7ATFZwn4ICq+g1U+ej/8ygx4mNaBeoXjBMEV1+x7CeCR+XBEM+5m4uzFWsqcjHqO\n" 105 "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n"
105 "wEogy6FW7FPrq+cSa5HfhNQjMuVU9wnnCZvLZQIDAQABAoIBABISPh0FrocfZzMi\n" 106 "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n"
106 "YYoSGWi2sQCzTvAQAyn7UvbY0eWAC5KU2qb6nHA0sIfif0+hcgxnQOML68DrRYso\n" 107 "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n"
107 "3zzP52DEjPjB6x5o4OiNHC+8YmJPQlatPu+jLPcFXXkgdMD+cpmoMk2BDcuZ3VfC\n" 108 "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n"
108 "KI59O9iNjgcD50p/y6uLBsdNIbUPSMe8ONWT7f5DN/DqEL+3tVZaRAOL+C8iKYf4\n" 109 "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n"
109 "EPI5z6gOyL0aEpulbMKc0YoZZ2kDmu5IyMLgkF3DJV440Y/6IGan88ZSjk6i/d7f\n" 110 "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n"
110 "ciKVtzIIbr5ubbuGe3htphTpRP0aA5WuVTzHrKk83/u3hG1RFv1q/cRD28tVUIII\n" 111 "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n"
111 "0pcwLmECgYEAwMdaR5Y2NqBk/fOvU/oCDAQ6w8jmIa4zMxskvq9Pr753jhT13j+T\n" 112 "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n"
112 "eQ1A590PF4PPvGFTqJ2vl3kj6JT5dzu7mGKoJLFsnttpw+0NYUgp0waPPZx010pp\n" 113 "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n"
113 "QGeyQ/cPsZEZkCehh9c5CsfO1YpjKLV/wdpBQ2xAnkV5dfFmzlzLOTECgYEAwgJf\n" 114 "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n"
114 "gxlR9Jgv7Qg/6Prs+SarqT4xDsJKKbD7wH2jveGFXVnkYTPVstwLCAus4LaLFKZ9\n" 115 "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n"
115 "1POQDUgO24E1GzuL7mqSuvymdl5gZICfpkHstOAfpqep96pUv4aI9BY/g5l4Lvep\n" 116 "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n"
116 "9c52tgQGwz0qgBUJBi6AvzxqRkBsxrXjX2m7KHUCgYEAtjx94ohkTXWIouy2xFrl\n" 117 "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n"
117 "jnh9GNGUgyhK7Dfvn3bYjJkwKZc06dkNzvQxdD5r4t3PBhS3YgFWmYmB4X7a6NUF\n" 118 "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n"
118 "vMMekjlLJkziib1Q1bLDHuLni+WYKmEEaEbepRMrub8h/D0KnQBewwspQoJkxHn3\n" 119 "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n"
119 "AMkSwurVlwi0DkOa3N+pmTECgYBXyCUZN1qqtjVxJXttWiPg88tWD2q5B9XwmUC/\n" 120 "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n"
120 "rtlor+LdAzBffsmhXQiswkOdhVrWpCJpOS8jo0f9r6+su7ury5LKgkh7ZGZu8vfJ\n" 121 "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n"
121 "jSiiCoqnqFMyWWJxKllLP8nLLKSBc9P2AU4bOyUoL8PMIjhsEJx2asqXMM1G98OC\n" 122 "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n"
122 "R1/EhQKBgQCmSkabsj8u5iEScicyJU87/sVkRIRE0GhjU8uuvcTe+dRiHuj2CENx\n" 123 "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n"
123 "hh967E0nUCiJzx3is0/nYByDles9W4BLEA8JSuM5r6E7UifHR4XwIi2tQcNhCWIu\n" 124 "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n"
124 "vGbfvxwqcm7Uj3XHb1GbYK5nnaRNailoJ7iyqHWxB1Q3iFIiMipcfg==\n" 125 "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n"
125 "-----END RSA PRIVATE KEY-----\n"; 126 "-----END RSA PRIVATE KEY-----\n";
126 127
127/* test server self signed certificates */ 128/* test server self signed certificates */
128const char srv_self_signed_cert_pem[] = 129const char srv_self_signed_cert_pem[] =
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 14:31:31 +0000