aboutsummaryrefslogtreecommitdiff
path: root/src/testcurl/https/tls_daemon_options_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/testcurl/https/tls_daemon_options_test.c')
-rw-r--r--src/testcurl/https/tls_daemon_options_test.c67
1 files changed, 45 insertions, 22 deletions
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c
index f1b1b7fd..1c604daf 100644
--- a/src/testcurl/https/tls_daemon_options_test.c
+++ b/src/testcurl/https/tls_daemon_options_test.c
@@ -58,6 +58,7 @@ test_unmatching_ssl_version (void * cls, const char *cipher_suite,
58 if (gen_test_file_url (url, DEAMON_TEST_PORT)) 58 if (gen_test_file_url (url, DEAMON_TEST_PORT))
59 { 59 {
60 free (cbc.buf); 60 free (cbc.buf);
61 fprintf (stderr, "Internal error in gen_test_file_url\n");
61 return -1; 62 return -1;
62 } 63 }
63 64
@@ -104,7 +105,7 @@ main (int argc, char *const *argv)
104 } 105 }
105 106
106 107
107 errorCount += 108 if (0 !=
108 test_wrap ("TLS1.0-AES-SHA1", 109 test_wrap ("TLS1.0-AES-SHA1",
109 &test_https_transfer, NULL, daemon_flags, 110 &test_https_transfer, NULL, daemon_flags,
110 aes128_sha, 111 aes128_sha,
@@ -112,26 +113,42 @@ main (int argc, char *const *argv)
112 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 113 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
113 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 114 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
114 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", 115 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
115 MHD_OPTION_END); 116 MHD_OPTION_END))
117 {
118 fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
119 errorCount++;
120 }
121#if 0
122 /* this used to work, but somehow no longer. gnutls issue? */
123 if (0 !=
124 test_wrap ("SSL3.0-AES256-SHA1",
125 &test_https_transfer, NULL, daemon_flags,
126 aes256_sha,
127 CURL_SSLVERSION_SSLv3,
128 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
129 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
130 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
131 MHD_OPTION_END))
132 {
133 fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
134 errorCount++;
135 }
136 if (0 !=
137 test_wrap ("SSL3.0-AES-SHA1",
138 &test_https_transfer, NULL, daemon_flags,
139 aes128_sha,
140 CURL_SSLVERSION_SSLv3,
141 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
142 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
143 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
144 MHD_OPTION_END))
145 {
146 fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
147 errorCount++;
148 }
149#endif
150
116 151
117 errorCount +=
118 test_wrap ("SSL3.0-AES256-SHA1",
119 &test_https_transfer, NULL, daemon_flags,
120 aes256_sha,
121 CURL_SSLVERSION_SSLv3,
122 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
123 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
124 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
125 MHD_OPTION_END);
126 errorCount +=
127 test_wrap ("SSL3.0-AES-SHA1",
128 &test_https_transfer, NULL, daemon_flags,
129 aes128_sha,
130 CURL_SSLVERSION_SSLv3,
131 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
132 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
133 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
134 MHD_OPTION_END);
135#if 0 152#if 0
136 /* manual inspection of the handshake suggests that CURL will 153 /* manual inspection of the handshake suggests that CURL will
137 request TLSv1, we send back "SSL3" and CURL takes it *despite* 154 request TLSv1, we send back "SSL3" and CURL takes it *despite*
@@ -148,7 +165,9 @@ main (int argc, char *const *argv)
148 MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); 165 MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
149#endif 166#endif
150 167
151 errorCount += 168 fprintf (stderr,
169 "The following handshake should fail (and print an error message)...\n");
170 if (0 !=
152 test_wrap ("TLS1.0 vs SSL3", 171 test_wrap ("TLS1.0 vs SSL3",
153 &test_unmatching_ssl_version, NULL, daemon_flags, 172 &test_unmatching_ssl_version, NULL, daemon_flags,
154 aes256_sha, 173 aes256_sha,
@@ -156,7 +175,11 @@ main (int argc, char *const *argv)
156 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 175 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
157 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 176 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
158 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", 177 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
159 MHD_OPTION_END); 178 MHD_OPTION_END))
179 {
180 fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
181 errorCount++;
182 }
160 curl_global_cleanup (); 183 curl_global_cleanup ();
161 184
162 return errorCount != 0; 185 return errorCount != 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 06:18:49 +0000