diff options
Diffstat (limited to 'src/testcurl/https/test_tls_options.c')
-rw-r--r-- | src/testcurl/https/test_tls_options.c | 114 |
1 files changed, 59 insertions, 55 deletions
diff --git a/src/testcurl/https/test_tls_options.c b/src/testcurl/https/test_tls_options.c index 703ae92a..f94834b5 100644 --- a/src/testcurl/https/test_tls_options.c +++ b/src/testcurl/https/test_tls_options.c | |||
@@ -43,17 +43,17 @@ int curl_check_version (const char *req_version, ...); | |||
43 | * | 43 | * |
44 | */ | 44 | */ |
45 | static int | 45 | static int |
46 | test_unmatching_ssl_version (void * cls, int port, const char *cipher_suite, | 46 | test_unmatching_ssl_version (void *cls, int port, const char *cipher_suite, |
47 | int curl_req_ssl_version) | 47 | int curl_req_ssl_version) |
48 | { | 48 | { |
49 | struct CBC cbc; | 49 | struct CBC cbc; |
50 | (void)cls; /* Unused. Silent compiler warning. */ | 50 | (void) cls; /* Unused. Silent compiler warning. */ |
51 | if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) | 51 | if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) |
52 | { | 52 | { |
53 | fprintf (stderr, "Error: failed to allocate: %s\n", | 53 | fprintf (stderr, "Error: failed to allocate: %s\n", |
54 | strerror (errno)); | 54 | strerror (errno)); |
55 | return -1; | 55 | return -1; |
56 | } | 56 | } |
57 | cbc.size = 256; | 57 | cbc.size = 256; |
58 | cbc.pos = 0; | 58 | cbc.pos = 0; |
59 | 59 | ||
@@ -61,21 +61,22 @@ test_unmatching_ssl_version (void * cls, int port, const char *cipher_suite, | |||
61 | if (gen_test_file_url (url, | 61 | if (gen_test_file_url (url, |
62 | sizeof (url), | 62 | sizeof (url), |
63 | port)) | 63 | port)) |
64 | { | 64 | { |
65 | free (cbc.buf); | 65 | free (cbc.buf); |
66 | fprintf (stderr, | 66 | fprintf (stderr, |
67 | "Internal error in gen_test_file_url\n"); | 67 | "Internal error in gen_test_file_url\n"); |
68 | return -1; | 68 | return -1; |
69 | } | 69 | } |
70 | 70 | ||
71 | /* assert daemon *rejected* request */ | 71 | /* assert daemon *rejected* request */ |
72 | if (CURLE_OK == | 72 | if (CURLE_OK == |
73 | send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version)) | 73 | send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version)) |
74 | { | 74 | { |
75 | free (cbc.buf); | 75 | free (cbc.buf); |
76 | fprintf (stderr, "cURL failed to reject request despite SSL version mismatch!\n"); | 76 | fprintf (stderr, |
77 | return -1; | 77 | "cURL failed to reject request despite SSL version mismatch!\n"); |
78 | } | 78 | return -1; |
79 | } | ||
79 | 80 | ||
80 | free (cbc.buf); | 81 | free (cbc.buf); |
81 | return 0; | 82 | return 0; |
@@ -89,9 +90,10 @@ main (int argc, char *const *argv) | |||
89 | unsigned int errorCount = 0; | 90 | unsigned int errorCount = 0; |
90 | const char *ssl_version; | 91 | const char *ssl_version; |
91 | int daemon_flags = | 92 | int daemon_flags = |
92 | MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | MHD_USE_ERROR_LOG; | 93 | MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD |
94 | | MHD_USE_TLS | MHD_USE_ERROR_LOG; | ||
93 | int port; | 95 | int port; |
94 | (void)argc; (void)argv; /* Unused. Silent compiler warning. */ | 96 | (void) argc; (void) argv; /* Unused. Silent compiler warning. */ |
95 | 97 | ||
96 | if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) | 98 | if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) |
97 | port = 0; | 99 | port = 0; |
@@ -105,10 +107,10 @@ main (int argc, char *const *argv) | |||
105 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | 107 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
106 | #endif | 108 | #endif |
107 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ | 109 | #endif /* MHD_HTTPS_REQUIRE_GRYPT */ |
108 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 110 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
109 | { | 111 | { |
110 | return 77; | 112 | return 77; |
111 | } | 113 | } |
112 | ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; | 114 | ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; |
113 | if (NULL == ssl_version) | 115 | if (NULL == ssl_version) |
114 | { | 116 | { |
@@ -121,46 +123,48 @@ main (int argc, char *const *argv) | |||
121 | return 77; | 123 | return 77; |
122 | } | 124 | } |
123 | 125 | ||
124 | if (!testsuite_curl_global_init ()) | 126 | if (! testsuite_curl_global_init ()) |
125 | return 99; | 127 | return 99; |
126 | 128 | ||
127 | const char *aes128_sha = "AES128-SHA"; | 129 | const char *aes128_sha = "AES128-SHA"; |
128 | const char *aes256_sha = "AES256-SHA"; | 130 | const char *aes256_sha = "AES256-SHA"; |
129 | if (curl_uses_nss_ssl() == 0) | 131 | if (curl_uses_nss_ssl () == 0) |
130 | { | 132 | { |
131 | aes128_sha = "rsa_aes_128_sha"; | 133 | aes128_sha = "rsa_aes_128_sha"; |
132 | aes256_sha = "rsa_aes_256_sha"; | 134 | aes256_sha = "rsa_aes_256_sha"; |
133 | } | 135 | } |
134 | 136 | ||
135 | 137 | ||
136 | if (0 != | 138 | if (0 != |
137 | test_wrap ("TLS1.0-AES-SHA1", | 139 | test_wrap ("TLS1.0-AES-SHA1", |
138 | &test_https_transfer, NULL, port, daemon_flags, | 140 | &test_https_transfer, NULL, port, daemon_flags, |
139 | aes128_sha, | 141 | aes128_sha, |
140 | CURL_SSLVERSION_TLSv1, | 142 | CURL_SSLVERSION_TLSv1, |
141 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 143 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
142 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 144 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
143 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", | 145 | MHD_OPTION_HTTPS_PRIORITIES, |
144 | MHD_OPTION_END)) | 146 | "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", |
145 | { | 147 | MHD_OPTION_END)) |
146 | fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); | 148 | { |
147 | errorCount++; | 149 | fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); |
148 | } | 150 | errorCount++; |
151 | } | ||
149 | fprintf (stderr, | 152 | fprintf (stderr, |
150 | "The following handshake should fail (and print an error message)...\n"); | 153 | "The following handshake should fail (and print an error message)...\n"); |
151 | if (0 != | 154 | if (0 != |
152 | test_wrap ("TLS1.0 vs SSL3", | 155 | test_wrap ("TLS1.0 vs SSL3", |
153 | &test_unmatching_ssl_version, NULL, port, daemon_flags, | 156 | &test_unmatching_ssl_version, NULL, port, daemon_flags, |
154 | aes256_sha, | 157 | aes256_sha, |
155 | CURL_SSLVERSION_SSLv3, | 158 | CURL_SSLVERSION_SSLv3, |
156 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 159 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
157 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 160 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
158 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", | 161 | MHD_OPTION_HTTPS_PRIORITIES, |
159 | MHD_OPTION_END)) | 162 | "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", |
160 | { | 163 | MHD_OPTION_END)) |
161 | fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); | 164 | { |
162 | errorCount++; | 165 | fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); |
163 | } | 166 | errorCount++; |
167 | } | ||
164 | curl_global_cleanup (); | 168 | curl_global_cleanup (); |
165 | 169 | ||
166 | return errorCount != 0 ? 1 : 0; | 170 | return errorCount != 0 ? 1 : 0; |