1 files changed, 224 insertions, 87 deletions
diff --git a/src/testcurl/https/test_https_session_info.c b/src/testcurl/https/test_https_session_info.c
index c3ddae4f..c5c38742 100644
--- a/src/testcurl/https/test_https_session_info.c
+++ b/src/testcurl/https/test_https_session_info.c
@@ -35,7 +35,6 @@
 #include "tls_test_common.h"
 #include "tls_test_keys.h"
-#if LIBCURL_VERSION_NUM >= 0x072200
 static struct MHD_Daemon *d;
 /*
@@ -43,45 +42,45 @@ static struct MHD_Daemon *d;
 * used to query negotiated security parameters
 */
 static enum MHD_Result
-query_session_ahc (void *cls, struct MHD_Connection *connection,
+query_info_ahc (void *cls, struct MHD_Connection *connection,
-                   const char *url, const char *method,
+                const char *url, const char *method,
-                   const char *version, const char *upload_data,
+                const char *version, const char *upload_data,
-                   size_t *upload_data_size, void **req_cls)
+                size_t *upload_data_size, void **req_cls)
 {
  struct MHD_Response *response;
  enum MHD_Result ret;
-  int gret;
+  const union MHD_ConnectionInfo *conn_info;
-  (void) cls; (void) url; (void) method; (void) version;   /* Unused. Silent compiler warning. */
+  enum know_gnutls_tls_id *used_tls_ver;
-  (void) upload_data; (void) upload_data_size;             /* Unused. Silent compiler warning. */
+  (void) url; (void) method; (void) version;   /* Unused. Silent compiler warning. */
+  (void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */
+  used_tls_ver = (enum know_gnutls_tls_id *) cls;
  if (NULL == *req_cls)
  {
-    *req_cls = (void *) &query_session_ahc;
+    *req_cls = (void *) &query_info_ahc;
    return MHD_YES;
  }
-  if (GNUTLS_TLS1_1 !=
+  conn_info = MHD_get_connection_info (connection,
-      (gret = MHD_get_connection_info
+                                       MHD_CONNECTION_INFO_PROTOCOL);
-                (connection,
+  if (NULL == conn_info)
-                MHD_CONNECTION_INFO_PROTOCOL)->protocol))
  {
-    if (GNUTLS_TLS1_2 == gret)
+    fflush (stderr);
-    {
+    fflush (stdout);
-      /* as usual, TLS implementations sometimes don't
+    fprintf (stderr, "MHD_get_connection_info() failed.\n");
-         quite do what was asked, just mildly complain... */
+    fflush (stderr);
-      fprintf (stderr,
+    return MHD_NO;
-               "Warning: requested TLS 1.1, got TLS 1.2\n");
-    }
-    else
-    {
-      /* really different version... */
-      fprintf (stderr,
-               "Error: requested protocol mismatch (wanted %d, got %d)\n",
-               GNUTLS_TLS1_1,
-               gret);
-      return MHD_NO;
-    }
  }
+  if (0 == (unsigned int) conn_info->protocol)
+  {
+    fflush (stderr);
+    fflush (stdout);
+    fprintf (stderr, "MHD_get_connection_info()->protocol has "
+             "wrong zero value.\n");
+    fflush (stderr);
+    return MHD_NO;
+  }
+  *used_tls_ver = (enum know_gnutls_tls_id) conn_info->protocol;
  response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE),
                                                     EMPTY_PAGE);
@@ -95,30 +94,27 @@ query_session_ahc (void *cls, struct MHD_Connection *connection,
 * negotiate a secure connection with server & query negotiated security parameters
 */
 static unsigned int
-test_query_session (void)
+test_query_session (enum know_gnutls_tls_id tls_ver, uint16_t *pport)
 {
  CURL *c;
  struct CBC cbc;
  CURLcode errornum;
  char url[256];
-  uint16_t port;
+  enum know_gnutls_tls_id found_tls_ver;
-  if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
-    port = 0;
-  else
-    port = 3060;
  if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
-    return 16;
+    return 99;
  cbc.size = 255;
  cbc.pos = 0;
  /* setup test */
+  found_tls_ver = KNOWN_BAD;
  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
                        | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
-                        | MHD_USE_ERROR_LOG, port,
+                        | MHD_USE_ERROR_LOG, *pport,
-                        NULL, NULL, &query_session_ahc, NULL,
+                        NULL, NULL,
-                        MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128",
+                        &query_info_ahc, &found_tls_ver,
+                        MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver],
                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                        MHD_OPTION_END);
@@ -126,63 +122,219 @@ test_query_session (void)
  if (d == NULL)
  {
    free (cbc.buf);
-    return 2;
+    fflush (stderr);
+    fflush (stdout);
+    fprintf (stderr, "MHD_start_daemon() with %s failed.\n",
+             tls_names[tls_ver]);
+    fflush (stderr);
+    return 77;
  }
-  if (0 == port)
+  if (0 == *pport)
  {
    const union MHD_DaemonInfo *dinfo;
    dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
    if ((NULL == dinfo) || (0 == dinfo->port) )
    {
      MHD_stop_daemon (d);
+      fflush (stderr);
+      fflush (stdout);
+      fprintf (stderr, "MHD_get_daemon_info() failed.\n");
+      fflush (stderr);
      free (cbc.buf);
-      return 32;
+      return 10;
    }
-    port = dinfo->port;
+    *pport = dinfo->port; /* Use the same port for rest of the checks */
  }
  gen_test_uri (url,
                sizeof (url),
-                port);
+                *pport);
  c = curl_easy_init ();
 #ifdef _DEBUG
  curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
 #endif
-  curl_easy_setopt (c, CURLOPT_URL, url);
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
+  if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) ||
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
+      (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
+                                                 CURL_HTTP_VERSION_1_1))) ||
-  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
+      (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) ||
-  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
+      (CURLE_OK !=
-  /* TLS options */
+       (errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
+      (CURLE_OK !=
-  /* currently skip any peer authentication */
+       (errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer))) ||
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
+      (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA,
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
+                                                 &cbc))) ||
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
+      /* TLS options */
+      /* currently skip any peer authentication */
-  /* NOTE: use of CONNECTTIMEOUT without also
+      (CURLE_OK !=
-   * setting NOSIGNAL results in really weird
+       (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
-   * crashes on my system! */
+      (CURLE_OK !=
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L);
+       (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) ||
-  if (CURLE_OK != (errornum = curl_easy_perform (c)))
+      (CURLE_OK !=
+       (errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
+      (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
  {
-    fprintf (stderr, "curl_easy_perform failed: `%s'\n",
+    fflush (stderr);
+    fflush (stdout);
+    fprintf (stderr, "Error setting libcurl option: %s.\n",
             curl_easy_strerror (errornum));
+    fflush (stderr);
+    return 99;
+  }
+  if (CURLE_OK != (errornum = curl_easy_perform (c)))
+  {
+    unsigned int ret;
    MHD_stop_daemon (d);
    curl_easy_cleanup (c);
    free (cbc.buf);
-    return 1;
+    fflush (stderr);
+    fflush (stdout);
+    if ((CURLE_SSL_CONNECT_ERROR == errornum) ||
+        (CURLE_SSL_CIPHER == errornum))
+    {
+      ret = 77;
+      fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n",
+               curl_easy_strerror (errornum));
+    }
+    else
+    {
+      ret = 1;
+      fprintf (stderr, "curl_easy_perform failed: '%s'\n",
+               curl_easy_strerror (errornum));
+    }
+    fflush (stderr);
+    return ret;
  }
  curl_easy_cleanup (c);
  MHD_stop_daemon (d);
  free (cbc.buf);
+  if (tls_ver != found_tls_ver)
+  {
+    fflush (stderr);
+    fflush (stdout);
+    fprintf (stderr, "MHD_get_connection_info (conn, "
+             "MHD_CONNECTION_INFO_PROTOCOL) returned unexpected "
+             "protocol version.\n"
+             "\tReturned: %s (%u)\tExpected: %s (%u)\n",
+             ((unsigned int) found_tls_ver) > KNOWN_TLS_MAX ?
+             "[wrong value]" : tls_names[found_tls_ver],
+             (unsigned int) found_tls_ver,
+             tls_names[tls_ver], (unsigned int) tls_ver);
+    fflush (stderr);
+    return 2;
+  }
  return 0;
 }
+static unsigned int
+test_all_supported_versions (void)
+{
+  enum know_gnutls_tls_id ver_for_test; /**< TLS version used for test */
+  const gnutls_protocol_t *vers_list;    /**< The list of GnuTLS supported TLS versions */
+  uint16_t port;
+  unsigned int num_success; /**< Number of tests succeeded */
+  unsigned int num_failed;  /**< Number of tests failed */
+  if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
+    port = 0;     /* Use system automatic assignment */
+  else
+    port = 3060;  /* Use predefined port, may break parallel testing of another MHD build */
+  vers_list = gnutls_protocol_list ();
+  if (NULL == vers_list)
+  {
+    fflush (stderr);
+    fflush (stdout);
+    fprintf (stderr, "Error getting GnuTLS supported TLS versions");
+    fflush (stdout);
+    return 99;
+  }
+  num_success = 0;
+  num_failed = 0;
+  for (ver_for_test = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_test;
+       ++ver_for_test)
+  {
+    const gnutls_protocol_t *ver_ptr;      /**< The pointer to the position on the @a vers_list */
+    unsigned int res;
+    for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr)
+    {
+      if (ver_for_test == (enum know_gnutls_tls_id) *ver_ptr)
+        break;
+    }
+    if (0 == *ver_ptr)
+    {
+      fflush (stderr);
+      printf ("%s is not supported by GnuTLS, skipping.\n\n",
+              tls_names[ver_for_test]);
+      fflush (stdout);
+      continue;
+    }
+    fflush (stderr);
+    printf ("Starting check for %s...\n",
+            tls_names[ver_for_test]);
+    fflush (stdout);
+    res = test_query_session (ver_for_test, &port);
+    if (99 == res)
+    {
+      fflush (stderr);
+      fflush (stdout);
+      fprintf (stderr, "Hard error. Test stopped.\n");
+      fflush (stderr);
+      return 99;
+    }
+    else if (77 == res)
+    {
+      fflush (stderr);
+      printf ("%s does not work with libcurl client and GnuTLS "
+              "server combination, skipping.\n",
+              tls_names[ver_for_test]);
+      fflush (stdout);
+    }
+    else if (0 != res)
+    {
+      fflush (stderr);
+      fflush (stdout);
+      fprintf (stderr, "Check failed for %s.\n",
+               tls_names[ver_for_test]);
+      fflush (stderr);
+      num_failed++;
+    }
+    else
+    {
+      fflush (stderr);
+      printf ("Check succeeded for %s.\n",
+              tls_names[ver_for_test]);
+      fflush (stdout);
+      num_success++;
+    }
+    printf ("\n");
+    fflush (stdout);
+  }
+  if (0 == num_failed)
+  {
+    if (0 == num_success)
+    {
+      fflush (stderr);
+      fflush (stdout);
+      fprintf (stderr, "No supported TLS version was found.\n");
+      fflush (stderr);
+      return 77;
+    }
+    return 0;
+  }
+  return num_failed;
+}
 int
 main (int argc, char *const *argv)
 {
@@ -206,29 +358,14 @@ main (int argc, char *const *argv)
    curl_global_cleanup ();
    return 77;
  }
-  if (! curl_tls_is_gnutls ())
+  errorCount = test_all_supported_versions ();
-  {
+  fflush (stderr);
-    fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
+  fflush (stdout);
-    curl_global_cleanup ();
+  curl_global_cleanup ();
+  if (77 == errorCount)
    return 77;
-  }
+  else if (99 == errorCount)
-  errorCount += test_query_session ();
+    return 99;
  print_test_result (errorCount, argv[0]);
-  curl_global_cleanup ();
  return errorCount != 0 ? 1 : 0;
 }
-#else  /* LIBCURL_VERSION_NUM < 0x072200 */
-int
-main (int argc, char *const *argv)
-{
-  (void) argc; (void) argv;   /* Unused. Silent compiler warning. */
-  fprintf (stderr, "libcurl version 7.34.0 or later is required.\n" \
-           "Cannot run the test.\n");
-  return 77;
-}
-#endif /* LIBCURL_VERSION_NUM < 0x072200 */

diff --git a/src/testcurl/https/test_https_session_info.c b/src/testcurl/https/test_https_session_info.c index c3ddae4f..c5c38742 100644 --- a/src/testcurl/https/test_https_session_info.c +++ b/src/testcurl/https/test_https_session_info.c
@@ -35,7 +35,6 @@
35	#include "tls_test_common.h"	35	#include "tls_test_common.h"
36	#include "tls_test_keys.h"	36	#include "tls_test_keys.h"
37		37
38	#if LIBCURL_VERSION_NUM >= 0x072200
39	static struct MHD_Daemon *d;	38	static struct MHD_Daemon *d;
40		39
41	/*	40	/*
@@ -43,45 +42,45 @@ static struct MHD_Daemon *d;
43	* used to query negotiated security parameters	42	* used to query negotiated security parameters
44	*/	43	*/
45	static enum MHD_Result	44	static enum MHD_Result
46	query_session_ahc (void cls, struct MHD_Connection connection,	45	query_info_ahc (void cls, struct MHD_Connection connection,
47	const char url, const char method,	46	const char url, const char method,
48	const char version, const char upload_data,	47	const char version, const char upload_data,
49	size_t upload_data_size, void *req_cls)	48	size_t upload_data_size, void *req_cls)
50	{	49	{
51	struct MHD_Response *response;	50	struct MHD_Response *response;
52	enum MHD_Result ret;	51	enum MHD_Result ret;
53	int gret;	52	const union MHD_ConnectionInfo *conn_info;
54	(void) cls; (void) url; (void) method; (void) version; /* Unused. Silent compiler warning. */	53	enum know_gnutls_tls_id *used_tls_ver;
55	(void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */	54	(void) url; (void) method; (void) version; /* Unused. Silent compiler warning. */
		55	(void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */
		56	used_tls_ver = (enum know_gnutls_tls_id *) cls;
56		57
57	if (NULL == *req_cls)	58	if (NULL == *req_cls)
58	{	59	{
59	req_cls = (void ) &query_session_ahc;	60	req_cls = (void ) &query_info_ahc;
60	return MHD_YES;	61	return MHD_YES;
61	}	62	}
62		63
63	if (GNUTLS_TLS1_1 !=	64	conn_info = MHD_get_connection_info (connection,
64	(gret = MHD_get_connection_info	65	MHD_CONNECTION_INFO_PROTOCOL);
65	(connection,	66	if (NULL == conn_info)
66	MHD_CONNECTION_INFO_PROTOCOL)->protocol))
67	{	67	{
68	if (GNUTLS_TLS1_2 == gret)	68	fflush (stderr);
69	{	69	fflush (stdout);
70	/* as usual, TLS implementations sometimes don't	70	fprintf (stderr, "MHD_get_connection_info() failed.\n");
71	quite do what was asked, just mildly complain... */	71	fflush (stderr);
72	fprintf (stderr,	72	return MHD_NO;
73	"Warning: requested TLS 1.1, got TLS 1.2\n");
74	}
75	else
76	{
77	/* really different version... */
78	fprintf (stderr,
79	"Error: requested protocol mismatch (wanted %d, got %d)\n",
80	GNUTLS_TLS1_1,
81	gret);
82	return MHD_NO;
83	}
84	}	73	}
		74	if (0 == (unsigned int) conn_info->protocol)
		75	{
		76	fflush (stderr);
		77	fflush (stdout);
		78	fprintf (stderr, "MHD_get_connection_info()->protocol has "
		79	"wrong zero value.\n");
		80	fflush (stderr);
		81	return MHD_NO;
		82	}
		83	*used_tls_ver = (enum know_gnutls_tls_id) conn_info->protocol;
85		84
86	response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE),	85	response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE),
87	EMPTY_PAGE);	86	EMPTY_PAGE);
@@ -95,30 +94,27 @@ query_session_ahc (void cls, struct MHD_Connection connection,
95	* negotiate a secure connection with server & query negotiated security parameters	94	* negotiate a secure connection with server & query negotiated security parameters
96	*/	95	*/
97	static unsigned int	96	static unsigned int
98	test_query_session (void)	97	test_query_session (enum know_gnutls_tls_id tls_ver, uint16_t *pport)
99	{	98	{
100	CURL *c;	99	CURL *c;
101	struct CBC cbc;	100	struct CBC cbc;
102	CURLcode errornum;	101	CURLcode errornum;
103	char url[256];	102	char url[256];
104	uint16_t port;	103	enum know_gnutls_tls_id found_tls_ver;
105
106	if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
107	port = 0;
108	else
109	port = 3060;
110		104
111	if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))	105	if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
112	return 16;	106	return 99;
113	cbc.size = 255;	107	cbc.size = 255;
114	cbc.pos = 0;	108	cbc.pos = 0;
115		109
116	/* setup test */	110	/* setup test */
		111	found_tls_ver = KNOWN_BAD;
117	d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION	112	d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
118	\| MHD_USE_INTERNAL_POLLING_THREAD \| MHD_USE_TLS	113	\| MHD_USE_INTERNAL_POLLING_THREAD \| MHD_USE_TLS
119	\| MHD_USE_ERROR_LOG, port,	114	\| MHD_USE_ERROR_LOG, *pport,
120	NULL, NULL, &query_session_ahc, NULL,	115	NULL, NULL,
121	MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128",	116	&query_info_ahc, &found_tls_ver,
		117	MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver],
122	MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,	118	MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
123	MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,	119	MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
124	MHD_OPTION_END);	120	MHD_OPTION_END);
@@ -126,63 +122,219 @@ test_query_session (void)
126	if (d == NULL)	122	if (d == NULL)
127	{	123	{
128	free (cbc.buf);	124	free (cbc.buf);
129	return 2;	125	fflush (stderr);
		126	fflush (stdout);
		127	fprintf (stderr, "MHD_start_daemon() with %s failed.\n",
		128	tls_names[tls_ver]);
		129	fflush (stderr);
		130	return 77;
130	}	131	}
131	if (0 == port)	132	if (0 == *pport)
132	{	133	{
133	const union MHD_DaemonInfo *dinfo;	134	const union MHD_DaemonInfo *dinfo;
134	dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);	135	dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
135	if ((NULL == dinfo) \|\| (0 == dinfo->port) )	136	if ((NULL == dinfo) \|\| (0 == dinfo->port) )
136	{	137	{
137	MHD_stop_daemon (d);	138	MHD_stop_daemon (d);
		139	fflush (stderr);
		140	fflush (stdout);
		141	fprintf (stderr, "MHD_get_daemon_info() failed.\n");
		142	fflush (stderr);
138	free (cbc.buf);	143	free (cbc.buf);
139	return 32;	144	return 10;
140	}	145	}
141	port = dinfo->port;	146	pport = dinfo->port; / Use the same port for rest of the checks */
142	}	147	}
143		148
144	gen_test_uri (url,	149	gen_test_uri (url,
145	sizeof (url),	150	sizeof (url),
146	port);	151	*pport);
147	c = curl_easy_init ();	152	c = curl_easy_init ();
148	#ifdef _DEBUG	153	#ifdef _DEBUG
149	curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);	154	curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
150	#endif	155	#endif
151	curl_easy_setopt (c, CURLOPT_URL, url);	156
152	curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);	157	if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) \|\|
153	curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);	158	(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
154	curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);	159	CURL_HTTP_VERSION_1_1))) \|\|
155	curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);	160	(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) \|\|
156	curl_easy_setopt (c, CURLOPT_FILE, &cbc);	161	(CURLE_OK !=
157	/* TLS options */	162	(errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) \|\|
158	curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);	163	(CURLE_OK !=
159	/* currently skip any peer authentication */	164	(errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer))) \|\|
160	curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);	165	(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA,
161	curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);	166	&cbc))) \|\|
162	curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);	167	/* TLS options */
163		168	/* currently skip any peer authentication */
164	/* NOTE: use of CONNECTTIMEOUT without also	169	(CURLE_OK !=
165	* setting NOSIGNAL results in really weird	170	(errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) \|\|
166	* crashes on my system! */	171	(CURLE_OK !=
167	curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L);	172	(errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) \|\|
168	if (CURLE_OK != (errornum = curl_easy_perform (c)))	173	(CURLE_OK !=
		174	(errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) \|\|
		175	(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
169	{	176	{
170	fprintf (stderr, "curl_easy_perform failed: `%s'\n",	177	fflush (stderr);
		178	fflush (stdout);
		179	fprintf (stderr, "Error setting libcurl option: %s.\n",
171	curl_easy_strerror (errornum));	180	curl_easy_strerror (errornum));
		181	fflush (stderr);
		182	return 99;
		183	}
172		184
		185	if (CURLE_OK != (errornum = curl_easy_perform (c)))
		186	{
		187	unsigned int ret;
173	MHD_stop_daemon (d);	188	MHD_stop_daemon (d);
174	curl_easy_cleanup (c);	189	curl_easy_cleanup (c);
175	free (cbc.buf);	190	free (cbc.buf);
176	return 1;	191
		192	fflush (stderr);
		193	fflush (stdout);
		194	if ((CURLE_SSL_CONNECT_ERROR == errornum) \|\|
		195	(CURLE_SSL_CIPHER == errornum))
		196	{
		197	ret = 77;
		198	fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n",
		199	curl_easy_strerror (errornum));
		200
		201	}
		202	else
		203	{
		204	ret = 1;
		205	fprintf (stderr, "curl_easy_perform failed: '%s'\n",
		206	curl_easy_strerror (errornum));
		207	}
		208	fflush (stderr);
		209
		210	return ret;
177	}	211	}
178		212
179	curl_easy_cleanup (c);	213	curl_easy_cleanup (c);
180	MHD_stop_daemon (d);	214	MHD_stop_daemon (d);
181	free (cbc.buf);	215	free (cbc.buf);
		216
		217	if (tls_ver != found_tls_ver)
		218	{
		219	fflush (stderr);
		220	fflush (stdout);
		221	fprintf (stderr, "MHD_get_connection_info (conn, "
		222	"MHD_CONNECTION_INFO_PROTOCOL) returned unexpected "
		223	"protocol version.\n"
		224	"\tReturned: %s (%u)\tExpected: %s (%u)\n",
		225	((unsigned int) found_tls_ver) > KNOWN_TLS_MAX ?
		226	"[wrong value]" : tls_names[found_tls_ver],
		227	(unsigned int) found_tls_ver,
		228	tls_names[tls_ver], (unsigned int) tls_ver);
		229	fflush (stderr);
		230	return 2;
		231	}
182	return 0;	232	return 0;
183	}	233	}
184		234
185		235
		236	static unsigned int
		237	test_all_supported_versions (void)
		238	{
		239	enum know_gnutls_tls_id ver_for_test; /*< TLS version used for test /
		240	const gnutls_protocol_t vers_list; /< The list of GnuTLS supported TLS versions /
		241	uint16_t port;
		242	unsigned int num_success; /*< Number of tests succeeded /
		243	unsigned int num_failed; /*< Number of tests failed /
		244
		245	if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
		246	port = 0; /* Use system automatic assignment */
		247	else
		248	port = 3060; /* Use predefined port, may break parallel testing of another MHD build */
		249
		250	vers_list = gnutls_protocol_list ();
		251	if (NULL == vers_list)
		252	{
		253	fflush (stderr);
		254	fflush (stdout);
		255	fprintf (stderr, "Error getting GnuTLS supported TLS versions");
		256	fflush (stdout);
		257	return 99;
		258	}
		259	num_success = 0;
		260	num_failed = 0;
		261
		262	for (ver_for_test = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_test;
		263	++ver_for_test)
		264	{
		265	const gnutls_protocol_t ver_ptr; /< The pointer to the position on the @a vers_list /
		266	unsigned int res;
		267	for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr)
		268	{
		269	if (ver_for_test == (enum know_gnutls_tls_id) *ver_ptr)
		270	break;
		271	}
		272	if (0 == *ver_ptr)
		273	{
		274	fflush (stderr);
		275	printf ("%s is not supported by GnuTLS, skipping.\n\n",
		276	tls_names[ver_for_test]);
		277	fflush (stdout);
		278	continue;
		279	}
		280	fflush (stderr);
		281	printf ("Starting check for %s...\n",
		282	tls_names[ver_for_test]);
		283	fflush (stdout);
		284	res = test_query_session (ver_for_test, &port);
		285	if (99 == res)
		286	{
		287	fflush (stderr);
		288	fflush (stdout);
		289	fprintf (stderr, "Hard error. Test stopped.\n");
		290	fflush (stderr);
		291	return 99;
		292	}
		293	else if (77 == res)
		294	{
		295	fflush (stderr);
		296	printf ("%s does not work with libcurl client and GnuTLS "
		297	"server combination, skipping.\n",
		298	tls_names[ver_for_test]);
		299	fflush (stdout);
		300	}
		301	else if (0 != res)
		302	{
		303	fflush (stderr);
		304	fflush (stdout);
		305	fprintf (stderr, "Check failed for %s.\n",
		306	tls_names[ver_for_test]);
		307	fflush (stderr);
		308	num_failed++;
		309	}
		310	else
		311	{
		312	fflush (stderr);
		313	printf ("Check succeeded for %s.\n",
		314	tls_names[ver_for_test]);
		315	fflush (stdout);
		316	num_success++;
		317	}
		318	printf ("\n");
		319	fflush (stdout);
		320	}
		321
		322	if (0 == num_failed)
		323	{
		324	if (0 == num_success)
		325	{
		326	fflush (stderr);
		327	fflush (stdout);
		328	fprintf (stderr, "No supported TLS version was found.\n");
		329	fflush (stderr);
		330	return 77;
		331	}
		332	return 0;
		333	}
		334	return num_failed;
		335	}
		336
		337
186	int	338	int
187	main (int argc, char const argv)	339	main (int argc, char const argv)
188	{	340	{
@@ -206,29 +358,14 @@ main (int argc, char const argv)
206	curl_global_cleanup ();	358	curl_global_cleanup ();
207	return 77;	359	return 77;
208	}	360	}
209	if (! curl_tls_is_gnutls ())	361	errorCount = test_all_supported_versions ();
210	{	362	fflush (stderr);
211	fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");	363	fflush (stdout);
212	curl_global_cleanup ();	364	curl_global_cleanup ();
		365	if (77 == errorCount)
213	return 77;	366	return 77;
214	}	367	else if (99 == errorCount)
215	errorCount += test_query_session ();	368	return 99;
216	print_test_result (errorCount, argv[0]);	369	print_test_result (errorCount, argv[0]);
217	curl_global_cleanup ();
218	return errorCount != 0 ? 1 : 0;	370	return errorCount != 0 ? 1 : 0;
219	}	371	}
220
221
222	#else /* LIBCURL_VERSION_NUM < 0x072200 */
223
224	int
225	main (int argc, char const argv)
226	{
227	(void) argc; (void) argv; /* Unused. Silent compiler warning. */
228	fprintf (stderr, "libcurl version 7.34.0 or later is required.\n" \
229	"Cannot run the test.\n");
230	return 77;
231	}
232
233
234	#endif /* LIBCURL_VERSION_NUM < 0x072200 */