diff options
Diffstat (limited to 'src/testcurl/https/tls_daemon_options_test.c')
-rw-r--r-- | src/testcurl/https/tls_daemon_options_test.c | 137 |
1 files changed, 82 insertions, 55 deletions
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 95accebb..59205199 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include "gnutls.h" | 32 | #include "gnutls.h" |
33 | #include <curl/curl.h> | 33 | #include <curl/curl.h> |
34 | 34 | ||
35 | #define DEBUG_CURL_VERBOSE 0 | ||
35 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" | 36 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" |
36 | 37 | ||
37 | #define MHD_E_MEM "Error: memory error\n" | 38 | #define MHD_E_MEM "Error: memory error\n" |
@@ -42,6 +43,7 @@ | |||
42 | 43 | ||
43 | #include "tls_test_keys.h" | 44 | #include "tls_test_keys.h" |
44 | 45 | ||
46 | const int DEBUG_GNUTLS_LOG_LEVEL = 0; | ||
45 | const char *test_file_name = "https_test_file"; | 47 | const char *test_file_name = "https_test_file"; |
46 | const char test_file_data[] = "Hello World\n"; | 48 | const char test_file_data[] = "Hello World\n"; |
47 | 49 | ||
@@ -123,7 +125,7 @@ http_ahc (void *cls, struct MHD_Connection *connection, | |||
123 | * @param test_fd: file to attempt transfering | 125 | * @param test_fd: file to attempt transfering |
124 | */ | 126 | */ |
125 | static int | 127 | static int |
126 | test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | 128 | test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) |
127 | { | 129 | { |
128 | CURL *c; | 130 | CURL *c; |
129 | CURLcode errornum; | 131 | CURLcode errornum; |
@@ -172,7 +174,7 @@ test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | |||
172 | doc_path, test_file_name); | 174 | doc_path, test_file_name); |
173 | 175 | ||
174 | c = curl_easy_init (); | 176 | c = curl_easy_init (); |
175 | #ifdef DEBUG | 177 | #if DEBUG_CURL_VERBOSE |
176 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 178 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
177 | #endif | 179 | #endif |
178 | curl_easy_setopt (c, CURLOPT_URL, url); | 180 | curl_easy_setopt (c, CURLOPT_URL, url); |
@@ -249,14 +251,11 @@ setupTestFile () | |||
249 | } | 251 | } |
250 | 252 | ||
251 | static int | 253 | static int |
252 | setup (struct MHD_Daemon **d, enum MHD_OPTION option, void * value ) | 254 | setup (struct MHD_Daemon **d, va_list arg_list) |
253 | { | 255 | { |
254 | *d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 256 | *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
255 | MHD_USE_DEBUG, 42433, | 257 | MHD_USE_DEBUG, 42433, "127.0.0.1", |
256 | NULL, NULL, &http_ahc, NULL, | 258 | NULL, NULL, &http_ahc, NULL, arg_list); |
257 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
258 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
259 | option, value, MHD_OPTION_END); | ||
260 | 259 | ||
261 | if (*d == NULL) | 260 | if (*d == NULL) |
262 | { | 261 | { |
@@ -273,19 +272,37 @@ teardown (struct MHD_Daemon *d) | |||
273 | MHD_stop_daemon (d); | 272 | MHD_stop_daemon (d); |
274 | } | 273 | } |
275 | 274 | ||
275 | /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */ | ||
276 | int | 276 | int |
277 | test_wrap (int | 277 | test_wrap (char *test_name, int |
278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), | 278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), |
279 | FILE * test_fd, char *cipher_suite, int proto_version, | 279 | FILE * test_fd, char *cipher_suite, int proto_version, ...) |
280 | enum MHD_OPTION option, void * value) | ||
281 | { | 280 | { |
282 | int ret; | 281 | int ret; |
282 | va_list arg_list; | ||
283 | struct MHD_Daemon *d; | 283 | struct MHD_Daemon *d; |
284 | 284 | ||
285 | if (setup (&d, option, value) != 0) | 285 | va_start (arg_list, proto_version); |
286 | return -1; | 286 | if (setup (&d, arg_list) != 0) |
287 | { | ||
288 | va_end (arg_list); | ||
289 | return -1; | ||
290 | } | ||
291 | |||
292 | fprintf (stdout, "running test: %s ", test_name); | ||
287 | ret = test (test_fd, cipher_suite, proto_version); | 293 | ret = test (test_fd, cipher_suite, proto_version); |
294 | |||
295 | if (ret == 0) | ||
296 | { | ||
297 | fprintf (stdout, "[pass]\n"); | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | fprintf (stdout, "[fail]\n"); | ||
302 | } | ||
303 | |||
288 | teardown (d); | 304 | teardown (d); |
305 | va_end (arg_list); | ||
289 | return ret; | 306 | return ret; |
290 | } | 307 | } |
291 | 308 | ||
@@ -336,6 +353,9 @@ test_file_certificates (FILE * test_fd, char *cipher_suite, int proto_version) | |||
336 | return ret; | 353 | return ret; |
337 | } | 354 | } |
338 | 355 | ||
356 | /* | ||
357 | * test server refuses to negotiate connections with unsupported protocol versions | ||
358 | */ | ||
339 | int | 359 | int |
340 | test_protocol_version (FILE * test_fd, char *cipher_suite, | 360 | test_protocol_version (FILE * test_fd, char *cipher_suite, |
341 | int curl_proto_version) | 361 | int curl_proto_version) |
@@ -344,7 +364,7 @@ test_protocol_version (FILE * test_fd, char *cipher_suite, | |||
344 | CURLcode errornum; | 364 | CURLcode errornum; |
345 | 365 | ||
346 | c = curl_easy_init (); | 366 | c = curl_easy_init (); |
347 | #ifdef DEBUG | 367 | #if DEBUG_CURL_VERBOSE |
348 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 368 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
349 | #endif | 369 | #endif |
350 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); | 370 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); |
@@ -384,7 +404,7 @@ main (int argc, char *const *argv) | |||
384 | FILE *test_fd; | 404 | FILE *test_fd; |
385 | unsigned int errorCount = 0; | 405 | unsigned int errorCount = 0; |
386 | 406 | ||
387 | gnutls_global_set_log_level(11); | 407 | gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
388 | 408 | ||
389 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 409 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
390 | { | 410 | { |
@@ -403,54 +423,61 @@ main (int argc, char *const *argv) | |||
403 | return -1; | 423 | return -1; |
404 | } | 424 | } |
405 | 425 | ||
406 | int mac[] = {MHD_GNUTLS_MAC_SHA1, 0}; | 426 | int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; |
407 | int p [] = {MHD_GNUTLS_SSL3, 0}; | 427 | int p[] = { MHD_GNUTLS_SSL3, 0 }; |
408 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | 428 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; |
409 | int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; | 429 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; |
410 | |||
411 | |||
412 | // errorCount += | ||
413 | // test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
414 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
415 | // errorCount += | ||
416 | // test_wrap (&test_file_certificates, test_fd, "AES256-SHA", | ||
417 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
418 | // | ||
419 | // errorCount += | ||
420 | // test_wrap (&test_protocol_version, test_fd, "AES256-SHA", | ||
421 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_PROTOCOL_VERSION, p); | ||
422 | // | ||
423 | // errorCount += | ||
424 | // test_wrap (&test_https_transfer, test_fd, "DES-CBC3-SHA", | ||
425 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_CIPHER_ALGORITHM, cipher); | ||
426 | 430 | ||
427 | errorCount += | 431 | errorCount += |
428 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | 432 | test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA", |
429 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, mac); | 433 | CURL_SSLVERSION_TLSv1, |
430 | 434 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | |
431 | // errorCount += | 435 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
432 | // test_wrap (&test_https_transfer, test_fd, "EDH-RSA-DES-CBC3-SHA", | 436 | MHD_OPTION_END); |
433 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_KX_PRIORITY, kx); | 437 | errorCount += |
438 | test_wrap ("file certificates", &test_file_certificates, test_fd, | ||
439 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
440 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
441 | srv_self_signed_cert_pem, MHD_OPTION_END); | ||
442 | errorCount += | ||
443 | test_wrap ("protocol_version", &test_protocol_version, test_fd, | ||
444 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
445 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
446 | srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p, | ||
447 | MHD_OPTION_END); | ||
448 | errorCount += | ||
449 | test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd, | ||
450 | "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
451 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
452 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
453 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_END); | ||
454 | errorCount += | ||
455 | test_wrap ("mac SH1", &test_https_transfer, test_fd, "AES256-SHA", | ||
456 | CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
457 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
458 | MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END); | ||
459 | errorCount += | ||
460 | test_wrap ("kx ANON_DH", &test_https_transfer, test_fd, | ||
461 | "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
462 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
463 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
464 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | ||
465 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, | ||
466 | kx, MHD_OPTION_END); | ||
434 | 467 | ||
435 | /*gnutls_mac_algorithm_t mac[] = { | 468 | /*gnutls_mac_algorithm_t mac[] = { |
436 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; | 469 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; |
437 | gnutls_mac_algorithm_t * cur_mac; | 470 | gnutls_mac_algorithm_t * cur_mac; |
438 | |||
439 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
440 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
441 | errorCount += | ||
442 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
443 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
444 | }*/ | ||
445 | |||
446 | 471 | ||
472 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
473 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
474 | errorCount += | ||
475 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
476 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
477 | } */ | ||
447 | 478 | ||
448 | if (errorCount != 0) | 479 | if (errorCount != 0) |
449 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 480 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
450 | else | ||
451 | { | ||
452 | fprintf (stderr, "ok\n"); | ||
453 | } | ||
454 | 481 | ||
455 | curl_global_cleanup (); | 482 | curl_global_cleanup (); |
456 | fclose (test_fd); | 483 | fclose (test_fd); |