aboutsummaryrefslogtreecommitdiff
path: root/src/testcurl/https/test_tls_options.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/testcurl/https/test_tls_options.c')
-rw-r--r--src/testcurl/https/test_tls_options.c114
1 files changed, 59 insertions, 55 deletions
diff --git a/src/testcurl/https/test_tls_options.c b/src/testcurl/https/test_tls_options.c
index 703ae92a..f94834b5 100644
--- a/src/testcurl/https/test_tls_options.c
+++ b/src/testcurl/https/test_tls_options.c
@@ -43,17 +43,17 @@ int curl_check_version (const char *req_version, ...);
43 * 43 *
44 */ 44 */
45static int 45static int
46test_unmatching_ssl_version (void * cls, int port, const char *cipher_suite, 46test_unmatching_ssl_version (void *cls, int port, const char *cipher_suite,
47 int curl_req_ssl_version) 47 int curl_req_ssl_version)
48{ 48{
49 struct CBC cbc; 49 struct CBC cbc;
50 (void)cls; /* Unused. Silent compiler warning. */ 50 (void) cls; /* Unused. Silent compiler warning. */
51 if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) 51 if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
52 { 52 {
53 fprintf (stderr, "Error: failed to allocate: %s\n", 53 fprintf (stderr, "Error: failed to allocate: %s\n",
54 strerror (errno)); 54 strerror (errno));
55 return -1; 55 return -1;
56 } 56 }
57 cbc.size = 256; 57 cbc.size = 256;
58 cbc.pos = 0; 58 cbc.pos = 0;
59 59
@@ -61,21 +61,22 @@ test_unmatching_ssl_version (void * cls, int port, const char *cipher_suite,
61 if (gen_test_file_url (url, 61 if (gen_test_file_url (url,
62 sizeof (url), 62 sizeof (url),
63 port)) 63 port))
64 { 64 {
65 free (cbc.buf); 65 free (cbc.buf);
66 fprintf (stderr, 66 fprintf (stderr,
67 "Internal error in gen_test_file_url\n"); 67 "Internal error in gen_test_file_url\n");
68 return -1; 68 return -1;
69 } 69 }
70 70
71 /* assert daemon *rejected* request */ 71 /* assert daemon *rejected* request */
72 if (CURLE_OK == 72 if (CURLE_OK ==
73 send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version)) 73 send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
74 { 74 {
75 free (cbc.buf); 75 free (cbc.buf);
76 fprintf (stderr, "cURL failed to reject request despite SSL version mismatch!\n"); 76 fprintf (stderr,
77 return -1; 77 "cURL failed to reject request despite SSL version mismatch!\n");
78 } 78 return -1;
79 }
79 80
80 free (cbc.buf); 81 free (cbc.buf);
81 return 0; 82 return 0;
@@ -89,9 +90,10 @@ main (int argc, char *const *argv)
89 unsigned int errorCount = 0; 90 unsigned int errorCount = 0;
90 const char *ssl_version; 91 const char *ssl_version;
91 int daemon_flags = 92 int daemon_flags =
92 MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | MHD_USE_ERROR_LOG; 93 MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD
94 | MHD_USE_TLS | MHD_USE_ERROR_LOG;
93 int port; 95 int port;
94 (void)argc; (void)argv; /* Unused. Silent compiler warning. */ 96 (void) argc; (void) argv; /* Unused. Silent compiler warning. */
95 97
96 if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) 98 if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
97 port = 0; 99 port = 0;
@@ -105,10 +107,10 @@ main (int argc, char *const *argv)
105 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 107 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
106#endif 108#endif
107#endif /* MHD_HTTPS_REQUIRE_GRYPT */ 109#endif /* MHD_HTTPS_REQUIRE_GRYPT */
108 if (curl_check_version (MHD_REQ_CURL_VERSION)) 110 if (curl_check_version (MHD_REQ_CURL_VERSION))
109 { 111 {
110 return 77; 112 return 77;
111 } 113 }
112 ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; 114 ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
113 if (NULL == ssl_version) 115 if (NULL == ssl_version)
114 { 116 {
@@ -121,46 +123,48 @@ main (int argc, char *const *argv)
121 return 77; 123 return 77;
122 } 124 }
123 125
124 if (!testsuite_curl_global_init ()) 126 if (! testsuite_curl_global_init ())
125 return 99; 127 return 99;
126 128
127 const char *aes128_sha = "AES128-SHA"; 129 const char *aes128_sha = "AES128-SHA";
128 const char *aes256_sha = "AES256-SHA"; 130 const char *aes256_sha = "AES256-SHA";
129 if (curl_uses_nss_ssl() == 0) 131 if (curl_uses_nss_ssl () == 0)
130 { 132 {
131 aes128_sha = "rsa_aes_128_sha"; 133 aes128_sha = "rsa_aes_128_sha";
132 aes256_sha = "rsa_aes_256_sha"; 134 aes256_sha = "rsa_aes_256_sha";
133 } 135 }
134 136
135 137
136 if (0 != 138 if (0 !=
137 test_wrap ("TLS1.0-AES-SHA1", 139 test_wrap ("TLS1.0-AES-SHA1",
138 &test_https_transfer, NULL, port, daemon_flags, 140 &test_https_transfer, NULL, port, daemon_flags,
139 aes128_sha, 141 aes128_sha,
140 CURL_SSLVERSION_TLSv1, 142 CURL_SSLVERSION_TLSv1,
141 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 143 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
142 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 144 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
143 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", 145 MHD_OPTION_HTTPS_PRIORITIES,
144 MHD_OPTION_END)) 146 "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
145 { 147 MHD_OPTION_END))
146 fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); 148 {
147 errorCount++; 149 fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
148 } 150 errorCount++;
151 }
149 fprintf (stderr, 152 fprintf (stderr,
150 "The following handshake should fail (and print an error message)...\n"); 153 "The following handshake should fail (and print an error message)...\n");
151 if (0 != 154 if (0 !=
152 test_wrap ("TLS1.0 vs SSL3", 155 test_wrap ("TLS1.0 vs SSL3",
153 &test_unmatching_ssl_version, NULL, port, daemon_flags, 156 &test_unmatching_ssl_version, NULL, port, daemon_flags,
154 aes256_sha, 157 aes256_sha,
155 CURL_SSLVERSION_SSLv3, 158 CURL_SSLVERSION_SSLv3,
156 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 159 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
157 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 160 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
158 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", 161 MHD_OPTION_HTTPS_PRIORITIES,
159 MHD_OPTION_END)) 162 "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
160 { 163 MHD_OPTION_END))
161 fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); 164 {
162 errorCount++; 165 fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
163 } 166 errorCount++;
167 }
164 curl_global_cleanup (); 168 curl_global_cleanup ();
165 169
166 return errorCount != 0 ? 1 : 0; 170 return errorCount != 0 ? 1 : 0;