diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/testcurl/https/test_empty_response.c | 2 | ||||
| -rw-r--r-- | src/testcurl/https/test_https_get.c | 4 | ||||
| -rw-r--r-- | src/testcurl/https/test_https_get_select.c | 2 | ||||
| -rw-r--r-- | src/testcurl/https/test_https_multi_daemon.c | 2 | ||||
| -rw-r--r-- | src/testcurl/https/test_https_session_info.c | 4 | ||||
| -rw-r--r-- | src/testcurl/https/test_tls_options.c | 47 |
6 files changed, 5 insertions, 56 deletions
diff --git a/src/testcurl/https/test_empty_response.c b/src/testcurl/https/test_empty_response.c index c67fd221..f9f8001f 100644 --- a/src/testcurl/https/test_empty_response.c +++ b/src/testcurl/https/test_empty_response.c | |||
| @@ -99,7 +99,7 @@ testInternalSelectGet () | |||
| 99 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 99 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
| 100 | curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); | 100 | curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); |
| 101 | /* TLS options */ | 101 | /* TLS options */ |
| 102 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); | 102 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); |
| 103 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); | 103 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); |
| 104 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | 104 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); |
| 105 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | 105 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); |
diff --git a/src/testcurl/https/test_https_get.c b/src/testcurl/https/test_https_get.c index 6cbe1d70..f7957c33 100644 --- a/src/testcurl/https/test_https_get.c +++ b/src/testcurl/https/test_https_get.c | |||
| @@ -100,7 +100,6 @@ main (int argc, char *const *argv) | |||
| 100 | { | 100 | { |
| 101 | unsigned int errorCount = 0; | 101 | unsigned int errorCount = 0; |
| 102 | const char *aes256_sha_tlsv1 = "AES256-SHA"; | 102 | const char *aes256_sha_tlsv1 = "AES256-SHA"; |
| 103 | const char *aes256_sha_sslv3 = "AES256-SHA"; | ||
| 104 | const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA"; | 103 | const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA"; |
| 105 | 104 | ||
| 106 | gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); | 105 | gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); |
| @@ -116,15 +115,12 @@ main (int argc, char *const *argv) | |||
| 116 | if (curl_uses_nss_ssl() == 0) | 115 | if (curl_uses_nss_ssl() == 0) |
| 117 | { | 116 | { |
| 118 | aes256_sha_tlsv1 = "rsa_aes_256_sha"; | 117 | aes256_sha_tlsv1 = "rsa_aes_256_sha"; |
| 119 | aes256_sha_sslv3 = "rsa_aes_256_sha"; | ||
| 120 | des_cbc3_sha_tlsv1 = "rsa_aes_128_sha"; | 118 | des_cbc3_sha_tlsv1 = "rsa_aes_128_sha"; |
| 121 | } | 119 | } |
| 122 | 120 | ||
| 123 | errorCount += | 121 | errorCount += |
| 124 | test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); | 122 | test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); |
| 125 | errorCount += | 123 | errorCount += |
| 126 | test_secure_get (NULL, aes256_sha_sslv3, CURL_SSLVERSION_SSLv3); | ||
| 127 | errorCount += | ||
| 128 | test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1); | 124 | test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1); |
| 129 | print_test_result (errorCount, argv[0]); | 125 | print_test_result (errorCount, argv[0]); |
| 130 | 126 | ||
diff --git a/src/testcurl/https/test_https_get_select.c b/src/testcurl/https/test_https_get_select.c index dca9d166..9f9ba99f 100644 --- a/src/testcurl/https/test_https_get_select.c +++ b/src/testcurl/https/test_https_get_select.c | |||
| @@ -111,7 +111,7 @@ testExternalGet (int flags) | |||
| 111 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 111 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
| 112 | curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); | 112 | curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); |
| 113 | /* TLS options */ | 113 | /* TLS options */ |
| 114 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); | 114 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); |
| 115 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); | 115 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); |
| 116 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | 116 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); |
| 117 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); | 117 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); |
diff --git a/src/testcurl/https/test_https_multi_daemon.c b/src/testcurl/https/test_https_multi_daemon.c index 27614f91..293aff4e 100644 --- a/src/testcurl/https/test_https_multi_daemon.c +++ b/src/testcurl/https/test_https_multi_daemon.c | |||
| @@ -120,7 +120,7 @@ main (int argc, char *const *argv) | |||
| 120 | } | 120 | } |
| 121 | 121 | ||
| 122 | errorCount += | 122 | errorCount += |
| 123 | test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3); | 123 | test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1); |
| 124 | 124 | ||
| 125 | print_test_result (errorCount, "concurent_daemon_pair"); | 125 | print_test_result (errorCount, "concurent_daemon_pair"); |
| 126 | 126 | ||
diff --git a/src/testcurl/https/test_https_session_info.c b/src/testcurl/https/test_https_session_info.c index ac4c5aba..366fabdb 100644 --- a/src/testcurl/https/test_https_session_info.c +++ b/src/testcurl/https/test_https_session_info.c | |||
| @@ -55,7 +55,7 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
| 55 | return MHD_YES; | 55 | return MHD_YES; |
| 56 | } | 56 | } |
| 57 | 57 | ||
| 58 | if (GNUTLS_SSL3 != | 58 | if (GNUTLS_TLS1_1 != |
| 59 | (ret = MHD_get_connection_info | 59 | (ret = MHD_get_connection_info |
| 60 | (connection, | 60 | (connection, |
| 61 | MHD_CONNECTION_INFO_PROTOCOL)->protocol)) | 61 | MHD_CONNECTION_INFO_PROTOCOL)->protocol)) |
| @@ -122,7 +122,7 @@ test_query_session () | |||
| 122 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 122 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
| 123 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | 123 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); |
| 124 | /* TLS options */ | 124 | /* TLS options */ |
| 125 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); | 125 | curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); |
| 126 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); | 126 | curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); |
| 127 | /* currently skip any peer authentication */ | 127 | /* currently skip any peer authentication */ |
| 128 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); | 128 | curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); |
diff --git a/src/testcurl/https/test_tls_options.c b/src/testcurl/https/test_tls_options.c index edf32d94..7dd01a72 100644 --- a/src/testcurl/https/test_tls_options.c +++ b/src/testcurl/https/test_tls_options.c | |||
| @@ -134,53 +134,6 @@ main (int argc, char *const *argv) | |||
| 134 | fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); | 134 | fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); |
| 135 | errorCount++; | 135 | errorCount++; |
| 136 | } | 136 | } |
| 137 | #if 0 | ||
| 138 | /* this used to work, but somehow no longer. gnutls issue? */ | ||
| 139 | if (0 != | ||
| 140 | test_wrap ("SSL3.0-AES256-SHA1", | ||
| 141 | &test_https_transfer, NULL, daemon_flags, | ||
| 142 | aes256_sha, | ||
| 143 | CURL_SSLVERSION_SSLv3, | ||
| 144 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
| 145 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
| 146 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", | ||
| 147 | MHD_OPTION_END)) | ||
| 148 | { | ||
| 149 | fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n"); | ||
| 150 | errorCount++; | ||
| 151 | } | ||
| 152 | if (0 != | ||
| 153 | test_wrap ("SSL3.0-AES-SHA1", | ||
| 154 | &test_https_transfer, NULL, daemon_flags, | ||
| 155 | aes128_sha, | ||
| 156 | CURL_SSLVERSION_SSLv3, | ||
| 157 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
| 158 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
| 159 | MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", | ||
| 160 | MHD_OPTION_END)) | ||
| 161 | { | ||
| 162 | fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n"); | ||
| 163 | errorCount++; | ||
| 164 | } | ||
| 165 | #endif | ||
| 166 | |||
| 167 | |||
| 168 | #if 0 | ||
| 169 | /* manual inspection of the handshake suggests that CURL will | ||
| 170 | request TLSv1, we send back "SSL3" and CURL takes it *despite* | ||
| 171 | being configured to speak SSL3-only. Notably, the other way | ||
| 172 | round (have curl request SSL3, respond with TLSv1 only) | ||
| 173 | is properly refused by CURL. Either way, this does NOT seem | ||
| 174 | to be a bug in MHD/gnuTLS but rather in CURL; hence this | ||
| 175 | test is commented out here... */ | ||
| 176 | errorCount += | ||
| 177 | test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version, | ||
| 178 | NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1, | ||
| 179 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
| 180 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
| 181 | MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); | ||
| 182 | #endif | ||
| 183 | |||
| 184 | fprintf (stderr, | 137 | fprintf (stderr, |
| 185 | "The following handshake should fail (and print an error message)...\n"); | 138 | "The following handshake should fail (and print an error message)...\n"); |
| 186 | if (0 != | 139 | if (0 != |