diff options
Diffstat (limited to 'src/testcurl/https')
-rw-r--r-- | src/testcurl/https/mhds_session_info_test.c | 13 | ||||
-rw-r--r-- | src/testcurl/https/tls_daemon_options_test.c | 67 |
2 files changed, 52 insertions, 28 deletions
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c index 3cfb39c4..d77add8f 100644 --- a/src/testcurl/https/mhds_session_info_test.c +++ b/src/testcurl/https/mhds_session_info_test.c | |||
@@ -56,13 +56,13 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
56 | } | 56 | } |
57 | 57 | ||
58 | /* assert actual connection cipher is the one negotiated */ | 58 | /* assert actual connection cipher is the one negotiated */ |
59 | if (GNUTLS_CIPHER_AES_256_CBC != | 59 | if (GNUTLS_CIPHER_ARCFOUR_128 != |
60 | (ret = MHD_get_connection_info | 60 | (ret = MHD_get_connection_info |
61 | (connection, | 61 | (connection, |
62 | MHD_CONNECTION_INFO_CIPHER_ALGO)->cipher_algorithm)) | 62 | MHD_CONNECTION_INFO_CIPHER_ALGO)->cipher_algorithm)) |
63 | { | 63 | { |
64 | fprintf (stderr, "Error: requested cipher mismatch (wanted %d, got %d)\n", | 64 | fprintf (stderr, "Error: requested cipher mismatch (wanted %d, got %d)\n", |
65 | GNUTLS_CIPHER_AES_256_CBC, | 65 | GNUTLS_CIPHER_ARCFOUR_128, |
66 | ret); | 66 | ret); |
67 | return -1; | 67 | return -1; |
68 | } | 68 | } |
@@ -86,7 +86,8 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
86 | return ret; | 86 | return ret; |
87 | } | 87 | } |
88 | 88 | ||
89 | /* | 89 | |
90 | /** | ||
90 | * negotiate a secure connection with server & query negotiated security parameters | 91 | * negotiate a secure connection with server & query negotiated security parameters |
91 | */ | 92 | */ |
92 | static int | 93 | static int |
@@ -108,7 +109,7 @@ test_query_session () | |||
108 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 109 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
109 | MHD_USE_DEBUG, DEAMON_TEST_PORT, | 110 | MHD_USE_DEBUG, DEAMON_TEST_PORT, |
110 | NULL, NULL, &query_session_ahc, NULL, | 111 | NULL, NULL, &query_session_ahc, NULL, |
111 | MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:-AES-128-CBC", | 112 | MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128", |
112 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 113 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
113 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 114 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
114 | MHD_OPTION_END); | 115 | MHD_OPTION_END); |
@@ -116,7 +117,7 @@ test_query_session () | |||
116 | if (d == NULL) | 117 | if (d == NULL) |
117 | return 2; | 118 | return 2; |
118 | 119 | ||
119 | char *aes256_sha = "AES256-SHA"; | 120 | const char *aes256_sha = "AES256-SHA"; |
120 | if (curl_uses_nss_ssl() == 0) | 121 | if (curl_uses_nss_ssl() == 0) |
121 | { | 122 | { |
122 | aes256_sha = "rsa_aes_256_sha"; | 123 | aes256_sha = "rsa_aes_256_sha"; |
@@ -155,8 +156,8 @@ test_query_session () | |||
155 | return -1; | 156 | return -1; |
156 | } | 157 | } |
157 | 158 | ||
158 | MHD_stop_daemon (d); | ||
159 | curl_easy_cleanup (c); | 159 | curl_easy_cleanup (c); |
160 | MHD_stop_daemon (d); | ||
160 | free (cbc.buf); | 161 | free (cbc.buf); |
161 | return 0; | 162 | return 0; |
162 | } | 163 | } |
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index f1b1b7fd..1c604daf 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -58,6 +58,7 @@ test_unmatching_ssl_version (void * cls, const char *cipher_suite, | |||
58 | if (gen_test_file_url (url, DEAMON_TEST_PORT)) | 58 | if (gen_test_file_url (url, DEAMON_TEST_PORT)) |
59 | { | 59 | { |
60 | free (cbc.buf); | 60 | free (cbc.buf); |
61 | fprintf (stderr, "Internal error in gen_test_file_url\n"); | ||
61 | return -1; | 62 | return -1; |
62 | } | 63 | } |
63 | 64 | ||
@@ -104,7 +105,7 @@ main (int argc, char *const *argv) | |||
104 | } | 105 | } |
105 | 106 | ||
106 | 107 | ||
107 | errorCount += | 108 | if (0 != |
108 | test_wrap ("TLS1.0-AES-SHA1", | 109 | test_wrap ("TLS1.0-AES-SHA1", |
109 | &test_https_transfer, NULL, daemon_flags, | 110 | &test_https_transfer, NULL, daemon_flags, |
110 | aes128_sha, | 111 | aes128_sha, |
@@ -112,26 +113,42 @@ main (int argc, char *const *argv) | |||
112 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 113 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
113 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 114 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
114 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", | 115 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", |
115 | MHD_OPTION_END); | 116 | MHD_OPTION_END)) |
117 | { | ||
118 | fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); | ||
119 | errorCount++; | ||
120 | } | ||
121 | #if 0 | ||
122 | /* this used to work, but somehow no longer. gnutls issue? */ | ||
123 | if (0 != | ||
124 | test_wrap ("SSL3.0-AES256-SHA1", | ||
125 | &test_https_transfer, NULL, daemon_flags, | ||
126 | aes256_sha, | ||
127 | CURL_SSLVERSION_SSLv3, | ||
128 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
129 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
130 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", | ||
131 | MHD_OPTION_END)) | ||
132 | { | ||
133 | fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n"); | ||
134 | errorCount++; | ||
135 | } | ||
136 | if (0 != | ||
137 | test_wrap ("SSL3.0-AES-SHA1", | ||
138 | &test_https_transfer, NULL, daemon_flags, | ||
139 | aes128_sha, | ||
140 | CURL_SSLVERSION_SSLv3, | ||
141 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
142 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
143 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", | ||
144 | MHD_OPTION_END)) | ||
145 | { | ||
146 | fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n"); | ||
147 | errorCount++; | ||
148 | } | ||
149 | #endif | ||
150 | |||
116 | 151 | ||
117 | errorCount += | ||
118 | test_wrap ("SSL3.0-AES256-SHA1", | ||
119 | &test_https_transfer, NULL, daemon_flags, | ||
120 | aes256_sha, | ||
121 | CURL_SSLVERSION_SSLv3, | ||
122 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
123 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
124 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", | ||
125 | MHD_OPTION_END); | ||
126 | errorCount += | ||
127 | test_wrap ("SSL3.0-AES-SHA1", | ||
128 | &test_https_transfer, NULL, daemon_flags, | ||
129 | aes128_sha, | ||
130 | CURL_SSLVERSION_SSLv3, | ||
131 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
132 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
133 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", | ||
134 | MHD_OPTION_END); | ||
135 | #if 0 | 152 | #if 0 |
136 | /* manual inspection of the handshake suggests that CURL will | 153 | /* manual inspection of the handshake suggests that CURL will |
137 | request TLSv1, we send back "SSL3" and CURL takes it *despite* | 154 | request TLSv1, we send back "SSL3" and CURL takes it *despite* |
@@ -148,7 +165,9 @@ main (int argc, char *const *argv) | |||
148 | MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); | 165 | MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); |
149 | #endif | 166 | #endif |
150 | 167 | ||
151 | errorCount += | 168 | fprintf (stderr, |
169 | "The following handshake should fail (and print an error message)...\n"); | ||
170 | if (0 != | ||
152 | test_wrap ("TLS1.0 vs SSL3", | 171 | test_wrap ("TLS1.0 vs SSL3", |
153 | &test_unmatching_ssl_version, NULL, daemon_flags, | 172 | &test_unmatching_ssl_version, NULL, daemon_flags, |
154 | aes256_sha, | 173 | aes256_sha, |
@@ -156,7 +175,11 @@ main (int argc, char *const *argv) | |||
156 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 175 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
157 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 176 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
158 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", | 177 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", |
159 | MHD_OPTION_END); | 178 | MHD_OPTION_END)) |
179 | { | ||
180 | fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); | ||
181 | errorCount++; | ||
182 | } | ||
160 | curl_global_cleanup (); | 183 | curl_global_cleanup (); |
161 | 184 | ||
162 | return errorCount != 0; | 185 | return errorCount != 0; |