diff options
Diffstat (limited to 'src/testcurl/https/test_https_session_info.c')
-rw-r--r-- | src/testcurl/https/test_https_session_info.c | 311 |
1 files changed, 224 insertions, 87 deletions
diff --git a/src/testcurl/https/test_https_session_info.c b/src/testcurl/https/test_https_session_info.c index c3ddae4f..c5c38742 100644 --- a/src/testcurl/https/test_https_session_info.c +++ b/src/testcurl/https/test_https_session_info.c | |||
@@ -35,7 +35,6 @@ | |||
35 | #include "tls_test_common.h" | 35 | #include "tls_test_common.h" |
36 | #include "tls_test_keys.h" | 36 | #include "tls_test_keys.h" |
37 | 37 | ||
38 | #if LIBCURL_VERSION_NUM >= 0x072200 | ||
39 | static struct MHD_Daemon *d; | 38 | static struct MHD_Daemon *d; |
40 | 39 | ||
41 | /* | 40 | /* |
@@ -43,45 +42,45 @@ static struct MHD_Daemon *d; | |||
43 | * used to query negotiated security parameters | 42 | * used to query negotiated security parameters |
44 | */ | 43 | */ |
45 | static enum MHD_Result | 44 | static enum MHD_Result |
46 | query_session_ahc (void *cls, struct MHD_Connection *connection, | 45 | query_info_ahc (void *cls, struct MHD_Connection *connection, |
47 | const char *url, const char *method, | 46 | const char *url, const char *method, |
48 | const char *version, const char *upload_data, | 47 | const char *version, const char *upload_data, |
49 | size_t *upload_data_size, void **req_cls) | 48 | size_t *upload_data_size, void **req_cls) |
50 | { | 49 | { |
51 | struct MHD_Response *response; | 50 | struct MHD_Response *response; |
52 | enum MHD_Result ret; | 51 | enum MHD_Result ret; |
53 | int gret; | 52 | const union MHD_ConnectionInfo *conn_info; |
54 | (void) cls; (void) url; (void) method; (void) version; /* Unused. Silent compiler warning. */ | 53 | enum know_gnutls_tls_id *used_tls_ver; |
55 | (void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */ | 54 | (void) url; (void) method; (void) version; /* Unused. Silent compiler warning. */ |
55 | (void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */ | ||
56 | used_tls_ver = (enum know_gnutls_tls_id *) cls; | ||
56 | 57 | ||
57 | if (NULL == *req_cls) | 58 | if (NULL == *req_cls) |
58 | { | 59 | { |
59 | *req_cls = (void *) &query_session_ahc; | 60 | *req_cls = (void *) &query_info_ahc; |
60 | return MHD_YES; | 61 | return MHD_YES; |
61 | } | 62 | } |
62 | 63 | ||
63 | if (GNUTLS_TLS1_1 != | 64 | conn_info = MHD_get_connection_info (connection, |
64 | (gret = MHD_get_connection_info | 65 | MHD_CONNECTION_INFO_PROTOCOL); |
65 | (connection, | 66 | if (NULL == conn_info) |
66 | MHD_CONNECTION_INFO_PROTOCOL)->protocol)) | ||
67 | { | 67 | { |
68 | if (GNUTLS_TLS1_2 == gret) | 68 | fflush (stderr); |
69 | { | 69 | fflush (stdout); |
70 | /* as usual, TLS implementations sometimes don't | 70 | fprintf (stderr, "MHD_get_connection_info() failed.\n"); |
71 | quite do what was asked, just mildly complain... */ | 71 | fflush (stderr); |
72 | fprintf (stderr, | 72 | return MHD_NO; |
73 | "Warning: requested TLS 1.1, got TLS 1.2\n"); | ||
74 | } | ||
75 | else | ||
76 | { | ||
77 | /* really different version... */ | ||
78 | fprintf (stderr, | ||
79 | "Error: requested protocol mismatch (wanted %d, got %d)\n", | ||
80 | GNUTLS_TLS1_1, | ||
81 | gret); | ||
82 | return MHD_NO; | ||
83 | } | ||
84 | } | 73 | } |
74 | if (0 == (unsigned int) conn_info->protocol) | ||
75 | { | ||
76 | fflush (stderr); | ||
77 | fflush (stdout); | ||
78 | fprintf (stderr, "MHD_get_connection_info()->protocol has " | ||
79 | "wrong zero value.\n"); | ||
80 | fflush (stderr); | ||
81 | return MHD_NO; | ||
82 | } | ||
83 | *used_tls_ver = (enum know_gnutls_tls_id) conn_info->protocol; | ||
85 | 84 | ||
86 | response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE), | 85 | response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE), |
87 | EMPTY_PAGE); | 86 | EMPTY_PAGE); |
@@ -95,30 +94,27 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
95 | * negotiate a secure connection with server & query negotiated security parameters | 94 | * negotiate a secure connection with server & query negotiated security parameters |
96 | */ | 95 | */ |
97 | static unsigned int | 96 | static unsigned int |
98 | test_query_session (void) | 97 | test_query_session (enum know_gnutls_tls_id tls_ver, uint16_t *pport) |
99 | { | 98 | { |
100 | CURL *c; | 99 | CURL *c; |
101 | struct CBC cbc; | 100 | struct CBC cbc; |
102 | CURLcode errornum; | 101 | CURLcode errornum; |
103 | char url[256]; | 102 | char url[256]; |
104 | uint16_t port; | 103 | enum know_gnutls_tls_id found_tls_ver; |
105 | |||
106 | if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) | ||
107 | port = 0; | ||
108 | else | ||
109 | port = 3060; | ||
110 | 104 | ||
111 | if (NULL == (cbc.buf = malloc (sizeof (char) * 255))) | 105 | if (NULL == (cbc.buf = malloc (sizeof (char) * 255))) |
112 | return 16; | 106 | return 99; |
113 | cbc.size = 255; | 107 | cbc.size = 255; |
114 | cbc.pos = 0; | 108 | cbc.pos = 0; |
115 | 109 | ||
116 | /* setup test */ | 110 | /* setup test */ |
111 | found_tls_ver = KNOWN_BAD; | ||
117 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | 112 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION |
118 | | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | 113 | | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS |
119 | | MHD_USE_ERROR_LOG, port, | 114 | | MHD_USE_ERROR_LOG, *pport, |
120 | NULL, NULL, &query_session_ahc, NULL, | 115 | NULL, NULL, |
121 | MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128", | 116 | &query_info_ahc, &found_tls_ver, |
117 | MHD_OPTION_HTTPS_PRIORITIES, priorities_map[tls_ver], | ||
122 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 118 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
123 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 119 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
124 | MHD_OPTION_END); | 120 | MHD_OPTION_END); |
@@ -126,63 +122,219 @@ test_query_session (void) | |||
126 | if (d == NULL) | 122 | if (d == NULL) |
127 | { | 123 | { |
128 | free (cbc.buf); | 124 | free (cbc.buf); |
129 | return 2; | 125 | fflush (stderr); |
126 | fflush (stdout); | ||
127 | fprintf (stderr, "MHD_start_daemon() with %s failed.\n", | ||
128 | tls_names[tls_ver]); | ||
129 | fflush (stderr); | ||
130 | return 77; | ||
130 | } | 131 | } |
131 | if (0 == port) | 132 | if (0 == *pport) |
132 | { | 133 | { |
133 | const union MHD_DaemonInfo *dinfo; | 134 | const union MHD_DaemonInfo *dinfo; |
134 | dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT); | 135 | dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT); |
135 | if ((NULL == dinfo) || (0 == dinfo->port) ) | 136 | if ((NULL == dinfo) || (0 == dinfo->port) ) |
136 | { | 137 | { |
137 | MHD_stop_daemon (d); | 138 | MHD_stop_daemon (d); |
139 | fflush (stderr); | ||
140 | fflush (stdout); | ||
141 | fprintf (stderr, "MHD_get_daemon_info() failed.\n"); | ||
142 | fflush (stderr); | ||
138 | free (cbc.buf); | 143 | free (cbc.buf); |
139 | return 32; | 144 | return 10; |
140 | } | 145 | } |
141 | port = dinfo->port; | 146 | *pport = dinfo->port; /* Use the same port for rest of the checks */ |
142 | } | 147 | } |
143 | 148 | ||
144 | gen_test_uri (url, | 149 | gen_test_uri (url, |
145 | sizeof (url), | 150 | sizeof (url), |
146 | port); | 151 | *pport); |
147 | c = curl_easy_init (); | 152 | c = curl_easy_init (); |
148 | #ifdef _DEBUG | 153 | #ifdef _DEBUG |
149 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1L); | 154 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1L); |
150 | #endif | 155 | #endif |
151 | curl_easy_setopt (c, CURLOPT_URL, url); | 156 | |
152 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); | 157 | if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) || |
153 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); | 158 | (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION, |
154 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); | 159 | CURL_HTTP_VERSION_1_1))) || |
155 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 160 | (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) || |
156 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | 161 | (CURLE_OK != |
157 | /* TLS options */ | 162 | (errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) || |
158 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); | 163 | (CURLE_OK != |
159 | /* currently skip any peer authentication */ | 164 | (errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer))) || |
160 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L); | 165 | (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA, |
161 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L); | 166 | &cbc))) || |
162 | curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L); | 167 | /* TLS options */ |
163 | 168 | /* currently skip any peer authentication */ | |
164 | /* NOTE: use of CONNECTTIMEOUT without also | 169 | (CURLE_OK != |
165 | * setting NOSIGNAL results in really weird | 170 | (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) || |
166 | * crashes on my system! */ | 171 | (CURLE_OK != |
167 | curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L); | 172 | (errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) || |
168 | if (CURLE_OK != (errornum = curl_easy_perform (c))) | 173 | (CURLE_OK != |
174 | (errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) || | ||
175 | (CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L)))) | ||
169 | { | 176 | { |
170 | fprintf (stderr, "curl_easy_perform failed: `%s'\n", | 177 | fflush (stderr); |
178 | fflush (stdout); | ||
179 | fprintf (stderr, "Error setting libcurl option: %s.\n", | ||
171 | curl_easy_strerror (errornum)); | 180 | curl_easy_strerror (errornum)); |
181 | fflush (stderr); | ||
182 | return 99; | ||
183 | } | ||
172 | 184 | ||
185 | if (CURLE_OK != (errornum = curl_easy_perform (c))) | ||
186 | { | ||
187 | unsigned int ret; | ||
173 | MHD_stop_daemon (d); | 188 | MHD_stop_daemon (d); |
174 | curl_easy_cleanup (c); | 189 | curl_easy_cleanup (c); |
175 | free (cbc.buf); | 190 | free (cbc.buf); |
176 | return 1; | 191 | |
192 | fflush (stderr); | ||
193 | fflush (stdout); | ||
194 | if ((CURLE_SSL_CONNECT_ERROR == errornum) || | ||
195 | (CURLE_SSL_CIPHER == errornum)) | ||
196 | { | ||
197 | ret = 77; | ||
198 | fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n", | ||
199 | curl_easy_strerror (errornum)); | ||
200 | |||
201 | } | ||
202 | else | ||
203 | { | ||
204 | ret = 1; | ||
205 | fprintf (stderr, "curl_easy_perform failed: '%s'\n", | ||
206 | curl_easy_strerror (errornum)); | ||
207 | } | ||
208 | fflush (stderr); | ||
209 | |||
210 | return ret; | ||
177 | } | 211 | } |
178 | 212 | ||
179 | curl_easy_cleanup (c); | 213 | curl_easy_cleanup (c); |
180 | MHD_stop_daemon (d); | 214 | MHD_stop_daemon (d); |
181 | free (cbc.buf); | 215 | free (cbc.buf); |
216 | |||
217 | if (tls_ver != found_tls_ver) | ||
218 | { | ||
219 | fflush (stderr); | ||
220 | fflush (stdout); | ||
221 | fprintf (stderr, "MHD_get_connection_info (conn, " | ||
222 | "MHD_CONNECTION_INFO_PROTOCOL) returned unexpected " | ||
223 | "protocol version.\n" | ||
224 | "\tReturned: %s (%u)\tExpected: %s (%u)\n", | ||
225 | ((unsigned int) found_tls_ver) > KNOWN_TLS_MAX ? | ||
226 | "[wrong value]" : tls_names[found_tls_ver], | ||
227 | (unsigned int) found_tls_ver, | ||
228 | tls_names[tls_ver], (unsigned int) tls_ver); | ||
229 | fflush (stderr); | ||
230 | return 2; | ||
231 | } | ||
182 | return 0; | 232 | return 0; |
183 | } | 233 | } |
184 | 234 | ||
185 | 235 | ||
236 | static unsigned int | ||
237 | test_all_supported_versions (void) | ||
238 | { | ||
239 | enum know_gnutls_tls_id ver_for_test; /**< TLS version used for test */ | ||
240 | const gnutls_protocol_t *vers_list; /**< The list of GnuTLS supported TLS versions */ | ||
241 | uint16_t port; | ||
242 | unsigned int num_success; /**< Number of tests succeeded */ | ||
243 | unsigned int num_failed; /**< Number of tests failed */ | ||
244 | |||
245 | if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) | ||
246 | port = 0; /* Use system automatic assignment */ | ||
247 | else | ||
248 | port = 3060; /* Use predefined port, may break parallel testing of another MHD build */ | ||
249 | |||
250 | vers_list = gnutls_protocol_list (); | ||
251 | if (NULL == vers_list) | ||
252 | { | ||
253 | fflush (stderr); | ||
254 | fflush (stdout); | ||
255 | fprintf (stderr, "Error getting GnuTLS supported TLS versions"); | ||
256 | fflush (stdout); | ||
257 | return 99; | ||
258 | } | ||
259 | num_success = 0; | ||
260 | num_failed = 0; | ||
261 | |||
262 | for (ver_for_test = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_test; | ||
263 | ++ver_for_test) | ||
264 | { | ||
265 | const gnutls_protocol_t *ver_ptr; /**< The pointer to the position on the @a vers_list */ | ||
266 | unsigned int res; | ||
267 | for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr) | ||
268 | { | ||
269 | if (ver_for_test == (enum know_gnutls_tls_id) *ver_ptr) | ||
270 | break; | ||
271 | } | ||
272 | if (0 == *ver_ptr) | ||
273 | { | ||
274 | fflush (stderr); | ||
275 | printf ("%s is not supported by GnuTLS, skipping.\n\n", | ||
276 | tls_names[ver_for_test]); | ||
277 | fflush (stdout); | ||
278 | continue; | ||
279 | } | ||
280 | fflush (stderr); | ||
281 | printf ("Starting check for %s...\n", | ||
282 | tls_names[ver_for_test]); | ||
283 | fflush (stdout); | ||
284 | res = test_query_session (ver_for_test, &port); | ||
285 | if (99 == res) | ||
286 | { | ||
287 | fflush (stderr); | ||
288 | fflush (stdout); | ||
289 | fprintf (stderr, "Hard error. Test stopped.\n"); | ||
290 | fflush (stderr); | ||
291 | return 99; | ||
292 | } | ||
293 | else if (77 == res) | ||
294 | { | ||
295 | fflush (stderr); | ||
296 | printf ("%s does not work with libcurl client and GnuTLS " | ||
297 | "server combination, skipping.\n", | ||
298 | tls_names[ver_for_test]); | ||
299 | fflush (stdout); | ||
300 | } | ||
301 | else if (0 != res) | ||
302 | { | ||
303 | fflush (stderr); | ||
304 | fflush (stdout); | ||
305 | fprintf (stderr, "Check failed for %s.\n", | ||
306 | tls_names[ver_for_test]); | ||
307 | fflush (stderr); | ||
308 | num_failed++; | ||
309 | } | ||
310 | else | ||
311 | { | ||
312 | fflush (stderr); | ||
313 | printf ("Check succeeded for %s.\n", | ||
314 | tls_names[ver_for_test]); | ||
315 | fflush (stdout); | ||
316 | num_success++; | ||
317 | } | ||
318 | printf ("\n"); | ||
319 | fflush (stdout); | ||
320 | } | ||
321 | |||
322 | if (0 == num_failed) | ||
323 | { | ||
324 | if (0 == num_success) | ||
325 | { | ||
326 | fflush (stderr); | ||
327 | fflush (stdout); | ||
328 | fprintf (stderr, "No supported TLS version was found.\n"); | ||
329 | fflush (stderr); | ||
330 | return 77; | ||
331 | } | ||
332 | return 0; | ||
333 | } | ||
334 | return num_failed; | ||
335 | } | ||
336 | |||
337 | |||
186 | int | 338 | int |
187 | main (int argc, char *const *argv) | 339 | main (int argc, char *const *argv) |
188 | { | 340 | { |
@@ -206,29 +358,14 @@ main (int argc, char *const *argv) | |||
206 | curl_global_cleanup (); | 358 | curl_global_cleanup (); |
207 | return 77; | 359 | return 77; |
208 | } | 360 | } |
209 | if (! curl_tls_is_gnutls ()) | 361 | errorCount = test_all_supported_versions (); |
210 | { | 362 | fflush (stderr); |
211 | fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); | 363 | fflush (stdout); |
212 | curl_global_cleanup (); | 364 | curl_global_cleanup (); |
365 | if (77 == errorCount) | ||
213 | return 77; | 366 | return 77; |
214 | } | 367 | else if (99 == errorCount) |
215 | errorCount += test_query_session (); | 368 | return 99; |
216 | print_test_result (errorCount, argv[0]); | 369 | print_test_result (errorCount, argv[0]); |
217 | curl_global_cleanup (); | ||
218 | return errorCount != 0 ? 1 : 0; | 370 | return errorCount != 0 ? 1 : 0; |
219 | } | 371 | } |
220 | |||
221 | |||
222 | #else /* LIBCURL_VERSION_NUM < 0x072200 */ | ||
223 | |||
224 | int | ||
225 | main (int argc, char *const *argv) | ||
226 | { | ||
227 | (void) argc; (void) argv; /* Unused. Silent compiler warning. */ | ||
228 | fprintf (stderr, "libcurl version 7.34.0 or later is required.\n" \ | ||
229 | "Cannot run the test.\n"); | ||
230 | return 77; | ||
231 | } | ||
232 | |||
233 | |||
234 | #endif /* LIBCURL_VERSION_NUM < 0x072200 */ | ||