diff options
Diffstat (limited to 'src')
26 files changed, 775 insertions, 889 deletions
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index d275bb19..d91e6b90 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c | |||
@@ -37,7 +37,7 @@ | |||
37 | #include "gnutls_int.h" | 37 | #include "gnutls_int.h" |
38 | #include "gnutls_record.h" | 38 | #include "gnutls_record.h" |
39 | 39 | ||
40 | /* TODO rm #include "gnutls_errors.h" */ | 40 | /* TODO #include rm "gnutls_errors.h" */ |
41 | #include "gnutls_errors.h" | 41 | #include "gnutls_errors.h" |
42 | 42 | ||
43 | /* forward declarations used when setting secure connection callbacks */ | 43 | /* forward declarations used when setting secure connection callbacks */ |
@@ -168,6 +168,9 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) | |||
168 | 168 | ||
169 | switch (connection->state) | 169 | switch (connection->state) |
170 | { | 170 | { |
171 | /* on newly created connections we might reach here before any reply has been received */ | ||
172 | case MHD_TLS_CONNECTION_INIT: | ||
173 | return MHD_YES; | ||
171 | /* close connection if necessary */ | 174 | /* close connection if necessary */ |
172 | case MHD_CONNECTION_CLOSED: | 175 | case MHD_CONNECTION_CLOSED: |
173 | MHD_tls_connection_close (connection); | 176 | MHD_tls_connection_close (connection); |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 34a9bac6..84662dbd 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #if HTTPS_SUPPORT | 32 | #if HTTPS_SUPPORT |
33 | #include "gnutls_int.h" | 33 | #include "gnutls_int.h" |
34 | #include "gnutls_global.h" | 34 | #include "gnutls_global.h" |
35 | #include "auth_anon.h" | ||
35 | #endif | 36 | #endif |
36 | 37 | ||
37 | /** | 38 | /** |
@@ -56,26 +57,14 @@ | |||
56 | */ | 57 | */ |
57 | #define DEBUG_CONNECT MHD_NO | 58 | #define DEBUG_CONNECT MHD_NO |
58 | 59 | ||
59 | #if HTTPS_SUPPORT | 60 | /* TODO unite with code in gnutls_priority.c */ |
60 | /* initialize security aspects of the HTTPS daemon */ | ||
61 | static int | 61 | static int |
62 | MHD_TLS_init (struct MHD_Daemon *daemon) | 62 | MHD_init_daemon_certificate (struct MHD_Daemon *daemon) |
63 | { | 63 | { |
64 | int i; | ||
65 | priority_st st; | ||
66 | gnutls_datum_t key; | 64 | gnutls_datum_t key; |
67 | gnutls_datum_t cert; | 65 | gnutls_datum_t cert; |
68 | 66 | ||
69 | gnutls_global_set_log_function (MHD_tls_log_func); | 67 | /* certificate & key loaded from file */ |
70 | |||
71 | /* setup server certificate */ | ||
72 | gnutls_certificate_allocate_credentials (&daemon->x509_cret); | ||
73 | |||
74 | /* TODO remove if unused | ||
75 | gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM); | ||
76 | gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM); */ | ||
77 | |||
78 | /* sets a certificate private key pair */ | ||
79 | if (daemon->https_cert_path && daemon->https_key_path) | 68 | if (daemon->https_cert_path && daemon->https_key_path) |
80 | { | 69 | { |
81 | /* test for private key & certificate file exsitance */ | 70 | /* test for private key & certificate file exsitance */ |
@@ -98,20 +87,21 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
98 | CLOSE (daemon->socket_fd); | 87 | CLOSE (daemon->socket_fd); |
99 | return -1; | 88 | return -1; |
100 | } | 89 | } |
101 | gnutls_certificate_set_x509_key_file (daemon->x509_cret, | 90 | return gnutls_certificate_set_x509_key_file (daemon->x509_cred, |
102 | daemon->https_cert_path, | 91 | daemon->https_cert_path, |
103 | daemon->https_key_path, | 92 | daemon->https_key_path, |
104 | GNUTLS_X509_FMT_PEM); | 93 | GNUTLS_X509_FMT_PEM); |
105 | } | 94 | } |
95 | /* certificate & key loaded from memory */ | ||
106 | else if (daemon->https_mem_cert && daemon->https_mem_key) | 96 | else if (daemon->https_mem_cert && daemon->https_mem_key) |
107 | { | 97 | { |
108 | key.data = (char *) daemon->https_mem_key; | 98 | key.data = (unsigned char *) daemon->https_mem_key; |
109 | key.size = strlen (daemon->https_mem_key); | 99 | key.size = strlen (daemon->https_mem_key); |
110 | cert.data = (char *) daemon->https_mem_cert; | 100 | cert.data = (unsigned char *) daemon->https_mem_cert; |
111 | cert.size = strlen (daemon->https_mem_cert); | 101 | cert.size = strlen (daemon->https_mem_cert); |
112 | 102 | ||
113 | gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key, | 103 | return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, &cert, |
114 | GNUTLS_X509_FMT_PEM); | 104 | &key, GNUTLS_X509_FMT_PEM); |
115 | } | 105 | } |
116 | else | 106 | else |
117 | { | 107 | { |
@@ -120,29 +110,44 @@ MHD_TLS_init (struct MHD_Daemon *daemon) | |||
120 | #endif | 110 | #endif |
121 | return MHD_NO; | 111 | return MHD_NO; |
122 | } | 112 | } |
113 | } | ||
123 | 114 | ||
124 | /* generate DH parameters if necessary */ | 115 | /* initialize security aspects of the HTTPS daemon */ |
125 | st = daemon->priority_cache->kx; | 116 | int |
126 | for (i = 0; i < st.algorithms; i++) | 117 | MHD_TLS_init (struct MHD_Daemon *daemon) |
118 | { | ||
119 | int ret; | ||
120 | |||
121 | switch (daemon->cred_type) | ||
127 | { | 122 | { |
128 | /* initialize Diffie Hellman parameters if necessary */ | 123 | case MHD_GNUTLS_CRD_ANON: |
129 | /* TODO add other cipher suits */ | 124 | ret = gnutls_anon_allocate_server_credentials (&daemon->anon_cred); |
130 | if (st.priority[i] == MHD_GNUTLS_KX_DHE_RSA) | 125 | ret += gnutls_dh_params_init (&daemon->dh_params); |
131 | { | 126 | if (ret != 0) { |
132 | gnutls_dh_params_init (&daemon->dh_params); | 127 | return GNUTLS_E_MEMORY_ERROR; |
133 | gnutls_dh_params_generate2 (daemon->dh_params, 1024); | 128 | } |
134 | break; | 129 | gnutls_dh_params_generate2 (daemon->dh_params, 1024); |
135 | } | 130 | gnutls_anon_set_server_dh_params (daemon->anon_cred, daemon->dh_params); |
131 | break; | ||
132 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
133 | ret = gnutls_certificate_allocate_credentials (&daemon->x509_cred) ; | ||
134 | if (ret != 0) { | ||
135 | return GNUTLS_E_MEMORY_ERROR; | ||
136 | } | ||
137 | if ((ret = MHD_init_daemon_certificate (daemon)) != 0) | ||
138 | return ret; | ||
139 | default: | ||
140 | #if HAVE_MESSAGES | ||
141 | MHD_DLOG (daemon, | ||
142 | "Error: no daemon credentials type found. f: %s, l: %d\n", | ||
143 | __FUNCTION__, __LINE__); | ||
144 | #endif | ||
145 | break; | ||
136 | } | 146 | } |
137 | 147 | ||
138 | gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params); | 148 | return MHD_NO; |
139 | |||
140 | /* TODO address error case return value */ | ||
141 | return MHD_YES; | ||
142 | } | 149 | } |
143 | 150 | ||
144 | /* TODO unite with code in gnutls_priority.c */ | ||
145 | /* this is used to set HTTPS related daemon priorities */ | ||
146 | inline static int | 151 | inline static int |
147 | _set_priority (priority_st * st, const int *list) | 152 | _set_priority (priority_st * st, const int *list) |
148 | { | 153 | { |
@@ -152,7 +157,7 @@ _set_priority (priority_st * st, const int *list) | |||
152 | num++; | 157 | num++; |
153 | if (num > MAX_ALGOS) | 158 | if (num > MAX_ALGOS) |
154 | num = MAX_ALGOS; | 159 | num = MAX_ALGOS; |
155 | st->algorithms = num; | 160 | st->num_algorithms = num; |
156 | 161 | ||
157 | for (i = 0; i < num; i++) | 162 | for (i = 0; i < num; i++) |
158 | { | 163 | { |
@@ -161,7 +166,6 @@ _set_priority (priority_st * st, const int *list) | |||
161 | 166 | ||
162 | return 0; | 167 | return 0; |
163 | } | 168 | } |
164 | #endif /* HTTPS_SUPPORT */ | ||
165 | 169 | ||
166 | /** | 170 | /** |
167 | * Obtain the select sets for this daemon. | 171 | * Obtain the select sets for this daemon. |
@@ -300,12 +304,13 @@ gnutls_push_param_adapter (void *connection, | |||
300 | } | 304 | } |
301 | #endif | 305 | #endif |
302 | 306 | ||
307 | |||
303 | /** | 308 | /** |
304 | * Handle an individual TLS connection. | 309 | * Handle an individual TLS connection. |
305 | */ | 310 | */ |
306 | #if HTTPS_SUPPORT | 311 | #if HTTPS_SUPPORT |
307 | static void * | 312 | static void * |
308 | MHD_TLS_handle_connection (void *data) | 313 | MHD_TLS_init_connection (void *data) |
309 | { | 314 | { |
310 | struct MHD_Connection *con = data; | 315 | struct MHD_Connection *con = data; |
311 | 316 | ||
@@ -320,16 +325,37 @@ MHD_TLS_handle_connection (void *data) | |||
320 | /* sets cipher priorities */ | 325 | /* sets cipher priorities */ |
321 | gnutls_priority_set (con->tls_session, con->daemon->priority_cache); | 326 | gnutls_priority_set (con->tls_session, con->daemon->priority_cache); |
322 | 327 | ||
323 | /* set needed credentials for certificate authentication. */ | 328 | switch (con->daemon->cred_type) |
324 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, | 329 | { |
325 | con->daemon->x509_cret); | 330 | /* set needed credentials for certificate authentication. */ |
331 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
332 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
333 | con->daemon->x509_cred); | ||
334 | break; | ||
335 | case MHD_GNUTLS_CRD_ANON: | ||
336 | /* set needed credentials for anonymous authentication. */ | ||
337 | gnutls_credentials_set (con->tls_session, MHD_GNUTLS_CRD_ANON, | ||
338 | con->daemon->anon_cred); | ||
339 | gnutls_dh_set_prime_bits (con->tls_session, 1024); | ||
340 | break; | ||
341 | default: | ||
342 | |||
343 | #if HAVE_MESSAGES | ||
344 | MHD_DLOG (con->daemon, | ||
345 | "Error: couldn't init HTTPS session. no appropriate KX algorithm found. f: %s, l: %d\n", | ||
346 | __FUNCTION__, __LINE__); | ||
347 | #endif | ||
348 | break; | ||
349 | } | ||
326 | 350 | ||
327 | /* TODO avoid gnutls blocking recv / write calls | 351 | /* TODO avoid gnutls blocking recv / write calls |
328 | gnutls_transport_set_pull_function(tls_session, &recv); | 352 | gnutls_transport_set_pull_function(tls_session, &recv); |
329 | gnutls_transport_set_push_function(tls_session, &send); | 353 | gnutls_transport_set_push_function(tls_session, &send); |
330 | */ | 354 | */ |
331 | 355 | ||
332 | gnutls_transport_set_ptr (con->tls_session, con->socket_fd); | 356 | gnutls_transport_set_ptr (con->tls_session, |
357 | (gnutls_transport_ptr_t) ((void *) con-> | ||
358 | socket_fd)); | ||
333 | 359 | ||
334 | return MHD_handle_connection (data); | 360 | return MHD_handle_connection (data); |
335 | } | 361 | } |
@@ -489,7 +515,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
489 | #if HTTPS_SUPPORT | 515 | #if HTTPS_SUPPORT |
490 | if (daemon->options & MHD_USE_SSL) | 516 | if (daemon->options & MHD_USE_SSL) |
491 | res_thread_create = pthread_create (&connection->pid, NULL, | 517 | res_thread_create = pthread_create (&connection->pid, NULL, |
492 | &MHD_TLS_handle_connection, | 518 | &MHD_TLS_init_connection, |
493 | connection); | 519 | connection); |
494 | else | 520 | else |
495 | #endif | 521 | #endif |
@@ -768,7 +794,7 @@ MHD_select_thread (void *cls) | |||
768 | */ | 794 | */ |
769 | struct MHD_Daemon * | 795 | struct MHD_Daemon * |
770 | MHD_start_daemon_va (unsigned int options, | 796 | MHD_start_daemon_va (unsigned int options, |
771 | unsigned short port, | 797 | unsigned short port, char *ip, |
772 | MHD_AcceptPolicyCallback apc, | 798 | MHD_AcceptPolicyCallback apc, |
773 | void *apc_cls, | 799 | void *apc_cls, |
774 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap) | 800 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap) |
@@ -875,6 +901,7 @@ MHD_start_daemon_va (unsigned int options, | |||
875 | pthread_mutex_unlock (&gnutls_init_mutex); | 901 | pthread_mutex_unlock (&gnutls_init_mutex); |
876 | /* set default priorities */ | 902 | /* set default priorities */ |
877 | gnutls_priority_init (&retVal->priority_cache, "", NULL); | 903 | gnutls_priority_init (&retVal->priority_cache, "", NULL); |
904 | retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE; | ||
878 | } | 905 | } |
879 | #endif | 906 | #endif |
880 | /* initializes the argument pointer variable */ | 907 | /* initializes the argument pointer variable */ |
@@ -906,7 +933,7 @@ MHD_start_daemon_va (unsigned int options, | |||
906 | #if HTTPS_SUPPORT | 933 | #if HTTPS_SUPPORT |
907 | case MHD_OPTION_PROTOCOL_VERSION: | 934 | case MHD_OPTION_PROTOCOL_VERSION: |
908 | _set_priority (&retVal->priority_cache->protocol, | 935 | _set_priority (&retVal->priority_cache->protocol, |
909 | va_arg (ap, const int *)); | 936 | va_arg (ap, const int *)); |
910 | break; | 937 | break; |
911 | case MHD_OPTION_HTTPS_KEY_PATH: | 938 | case MHD_OPTION_HTTPS_KEY_PATH: |
912 | retVal->https_key_path = va_arg (ap, const char *); | 939 | retVal->https_key_path = va_arg (ap, const char *); |
@@ -920,8 +947,11 @@ MHD_start_daemon_va (unsigned int options, | |||
920 | case MHD_OPTION_HTTPS_MEM_CERT: | 947 | case MHD_OPTION_HTTPS_MEM_CERT: |
921 | retVal->https_mem_cert = va_arg (ap, const char *); | 948 | retVal->https_mem_cert = va_arg (ap, const char *); |
922 | break; | 949 | break; |
950 | case MHD_OPTION_CRED_TYPE: | ||
951 | retVal->cred_type = va_arg (ap, const int); | ||
952 | break; | ||
923 | case MHD_OPTION_KX_PRIORITY: | 953 | case MHD_OPTION_KX_PRIORITY: |
924 | _set_priority (&retVal->priority_cache->cipher, | 954 | _set_priority (&retVal->priority_cache->kx, |
925 | va_arg (ap, const int *)); | 955 | va_arg (ap, const int *)); |
926 | break; | 956 | break; |
927 | case MHD_OPTION_CIPHER_ALGORITHM: | 957 | case MHD_OPTION_CIPHER_ALGORITHM: |
@@ -929,16 +959,17 @@ MHD_start_daemon_va (unsigned int options, | |||
929 | va_arg (ap, const int *)); | 959 | va_arg (ap, const int *)); |
930 | break; | 960 | break; |
931 | case MHD_OPTION_MAC_ALGO: | 961 | case MHD_OPTION_MAC_ALGO: |
932 | _set_priority (&retVal->priority_cache->mac, | 962 | _set_priority (&retVal->priority_cache->mac, |
933 | va_arg (ap, const int *)); | 963 | va_arg (ap, const int *)); |
934 | break; | 964 | break; |
935 | #endif | 965 | #endif |
936 | default: | 966 | default: |
937 | #if HAVE_MESSAGES | 967 | #if HAVE_MESSAGES |
938 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) | 968 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) |
939 | { | 969 | { |
940 | fprintf (stderr, | 970 | fprintf (stderr, |
941 | "Error: HTTPS option %d passed to non HTTPS daemon\n", opt); | 971 | "Error: HTTPS option %d passed to non HTTPS daemon\n", |
972 | opt); | ||
942 | } | 973 | } |
943 | else | 974 | else |
944 | { | 975 | { |
@@ -952,7 +983,7 @@ MHD_start_daemon_va (unsigned int options, | |||
952 | 983 | ||
953 | #if HTTPS_SUPPORT | 984 | #if HTTPS_SUPPORT |
954 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ | 985 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ |
955 | if (options & MHD_USE_SSL && MHD_NO == MHD_TLS_init (retVal)) | 986 | if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0) |
956 | { | 987 | { |
957 | #if HAVE_MESSAGES | 988 | #if HAVE_MESSAGES |
958 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); | 989 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); |
@@ -985,18 +1016,244 @@ MHD_start_daemon (unsigned int options, | |||
985 | unsigned short port, | 1016 | unsigned short port, |
986 | MHD_AcceptPolicyCallback apc, | 1017 | MHD_AcceptPolicyCallback apc, |
987 | void *apc_cls, | 1018 | void *apc_cls, |
988 | MHD_AccessHandlerCallback dh, void *dh_cls, ...){ | 1019 | MHD_AccessHandlerCallback dh, void *dh_cls, ...) |
989 | 1020 | { | |
990 | int ret; | 1021 | const int on = 1; |
991 | va_list ap; | 1022 | struct MHD_Daemon *retVal; |
992 | va_start (ap, dh_cls); | 1023 | |
993 | ret = MHD_start_daemon_va (options, | 1024 | /* listeningss sockets used by the daemon */ |
994 | port, | 1025 | int socket_fd; |
995 | apc, | 1026 | va_list ap; |
996 | apc_cls, | 1027 | |
997 | dh, dh_cls, ap); | 1028 | struct sockaddr_in servaddr4; |
998 | va_end (ap); | 1029 | struct sockaddr_in6 servaddr6; |
999 | return ret; | 1030 | const struct sockaddr *servaddr; |
1031 | socklen_t addrlen; | ||
1032 | enum MHD_OPTION opt; | ||
1033 | |||
1034 | if ((port == 0) || (dh == NULL)) | ||
1035 | return NULL; | ||
1036 | if ((options & MHD_USE_IPv6) != 0) | ||
1037 | socket_fd = SOCKET (PF_INET6, SOCK_STREAM, 0); | ||
1038 | else | ||
1039 | socket_fd = SOCKET (PF_INET, SOCK_STREAM, 0); | ||
1040 | if (socket_fd < 0) | ||
1041 | { | ||
1042 | #if HAVE_MESSAGES | ||
1043 | if ((options & MHD_USE_DEBUG) != 0) | ||
1044 | fprintf (stderr, "Call to socket failed: %s\n", STRERROR (errno)); | ||
1045 | #endif | ||
1046 | return NULL; | ||
1047 | } | ||
1048 | if ((SETSOCKOPT (socket_fd, | ||
1049 | SOL_SOCKET, | ||
1050 | SO_REUSEADDR, | ||
1051 | &on, sizeof (on)) < 0) && (options & MHD_USE_DEBUG) != 0) | ||
1052 | { | ||
1053 | #if HAVE_MESSAGES | ||
1054 | fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno)); | ||
1055 | #endif | ||
1056 | } | ||
1057 | if ((options & MHD_USE_IPv6) != 0) | ||
1058 | { | ||
1059 | memset (&servaddr6, 0, sizeof (struct sockaddr_in6)); | ||
1060 | servaddr6.sin6_family = AF_INET6; | ||
1061 | servaddr6.sin6_port = htons (port); | ||
1062 | servaddr = (struct sockaddr *) &servaddr6; | ||
1063 | addrlen = sizeof (struct sockaddr_in6); | ||
1064 | } | ||
1065 | else | ||
1066 | { | ||
1067 | memset (&servaddr4, 0, sizeof (struct sockaddr_in)); | ||
1068 | servaddr4.sin_family = AF_INET; | ||
1069 | servaddr4.sin_port = htons (port); | ||
1070 | servaddr = (struct sockaddr *) &servaddr4; | ||
1071 | addrlen = sizeof (struct sockaddr_in); | ||
1072 | } | ||
1073 | if (BIND (socket_fd, servaddr, addrlen) < 0) | ||
1074 | { | ||
1075 | #if HAVE_MESSAGES | ||
1076 | if ((options & MHD_USE_DEBUG) != 0) | ||
1077 | fprintf (stderr, | ||
1078 | "Failed to bind to port %u: %s\n", port, STRERROR (errno)); | ||
1079 | #endif | ||
1080 | CLOSE (socket_fd); | ||
1081 | return NULL; | ||
1082 | } | ||
1083 | if (LISTEN (socket_fd, 20) < 0) | ||
1084 | { | ||
1085 | #if HAVE_MESSAGES | ||
1086 | if ((options & MHD_USE_DEBUG) != 0) | ||
1087 | fprintf (stderr, | ||
1088 | "Failed to listen for connections: %s\n", STRERROR (errno)); | ||
1089 | #endif | ||
1090 | CLOSE (socket_fd); | ||
1091 | return NULL; | ||
1092 | } | ||
1093 | |||
1094 | /* allocate the mhd daemon */ | ||
1095 | |||
1096 | retVal = malloc (sizeof (struct MHD_Daemon)); | ||
1097 | |||
1098 | if (retVal == NULL) | ||
1099 | { | ||
1100 | CLOSE (socket_fd); | ||
1101 | return NULL; | ||
1102 | } | ||
1103 | |||
1104 | memset (retVal, 0, sizeof (struct MHD_Daemon)); | ||
1105 | retVal->options = options; | ||
1106 | retVal->port = port; | ||
1107 | retVal->apc = apc; | ||
1108 | retVal->apc_cls = apc_cls; | ||
1109 | retVal->socket_fd = socket_fd; | ||
1110 | retVal->default_handler = dh; | ||
1111 | retVal->default_handler_cls = dh_cls; | ||
1112 | retVal->max_connections = MHD_MAX_CONNECTIONS_DEFAULT; | ||
1113 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; | ||
1114 | retVal->connection_timeout = 0; /* no timeout */ | ||
1115 | #if HTTPS_SUPPORT | ||
1116 | if (options & MHD_USE_SSL) | ||
1117 | { | ||
1118 | /* lock gnutls_global mutex since it uses reference counting */ | ||
1119 | pthread_mutex_lock (&gnutls_init_mutex); | ||
1120 | gnutls_global_init (); | ||
1121 | pthread_mutex_unlock (&gnutls_init_mutex); | ||
1122 | /* set default priorities */ | ||
1123 | gnutls_priority_init (&retVal->priority_cache, "", NULL); | ||
1124 | retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE; | ||
1125 | } | ||
1126 | #endif | ||
1127 | /* initializes the argument pointer variable */ | ||
1128 | |||
1129 | va_start (ap, dh_cls); | ||
1130 | |||
1131 | /* | ||
1132 | * loop through daemon options | ||
1133 | */ | ||
1134 | while (MHD_OPTION_END != (opt = va_arg (ap, enum MHD_OPTION))) | ||
1135 | { | ||
1136 | switch (opt) | ||
1137 | { | ||
1138 | case MHD_OPTION_CONNECTION_MEMORY_LIMIT: | ||
1139 | retVal->pool_size = va_arg (ap, unsigned int); | ||
1140 | break; | ||
1141 | case MHD_OPTION_CONNECTION_LIMIT: | ||
1142 | retVal->max_connections = va_arg (ap, unsigned int); | ||
1143 | break; | ||
1144 | case MHD_OPTION_CONNECTION_TIMEOUT: | ||
1145 | retVal->connection_timeout = va_arg (ap, unsigned int); | ||
1146 | break; | ||
1147 | case MHD_OPTION_NOTIFY_COMPLETED: | ||
1148 | retVal->notify_completed = | ||
1149 | va_arg (ap, MHD_RequestCompletedCallback); | ||
1150 | retVal->notify_completed_cls = va_arg (ap, void *); | ||
1151 | break; | ||
1152 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: | ||
1153 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); | ||
1154 | break; | ||
1155 | #if HTTPS_SUPPORT | ||
1156 | case MHD_OPTION_PROTOCOL_VERSION: | ||
1157 | _set_priority (&retVal->priority_cache->protocol, | ||
1158 | va_arg (ap, const int *)); | ||
1159 | break; | ||
1160 | case MHD_OPTION_HTTPS_KEY_PATH: | ||
1161 | retVal->https_key_path = va_arg (ap, const char *); | ||
1162 | break; | ||
1163 | case MHD_OPTION_HTTPS_CERT_PATH: | ||
1164 | retVal->https_cert_path = va_arg (ap, const char *); | ||
1165 | break; | ||
1166 | case MHD_OPTION_HTTPS_MEM_KEY: | ||
1167 | retVal->https_mem_key = va_arg (ap, const char *); | ||
1168 | break; | ||
1169 | case MHD_OPTION_HTTPS_MEM_CERT: | ||
1170 | retVal->https_mem_cert = va_arg (ap, const char *); | ||
1171 | break; | ||
1172 | case MHD_OPTION_CRED_TYPE: | ||
1173 | retVal->cred_type = va_arg (ap, const int); | ||
1174 | break; | ||
1175 | case MHD_OPTION_KX_PRIORITY: | ||
1176 | _set_priority (&retVal->priority_cache->kx, | ||
1177 | va_arg (ap, const int *)); | ||
1178 | break; | ||
1179 | case MHD_OPTION_CIPHER_ALGORITHM: | ||
1180 | _set_priority (&retVal->priority_cache->cipher, | ||
1181 | va_arg (ap, const int *)); | ||
1182 | break; | ||
1183 | case MHD_OPTION_MAC_ALGO: | ||
1184 | _set_priority (&retVal->priority_cache->mac, | ||
1185 | va_arg (ap, const int *)); | ||
1186 | break; | ||
1187 | #endif | ||
1188 | default: | ||
1189 | #if HAVE_MESSAGES | ||
1190 | if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) | ||
1191 | { | ||
1192 | fprintf (stderr, | ||
1193 | "Error: HTTPS option %d passed to non HTTPS daemon\n", | ||
1194 | opt); | ||
1195 | } | ||
1196 | else | ||
1197 | { | ||
1198 | fprintf (stderr, | ||
1199 | "Invalid MHD_OPTION argument! (Did you terminate the list with MHD_OPTION_END?)\n"); | ||
1200 | } | ||
1201 | #endif | ||
1202 | abort (); | ||
1203 | } | ||
1204 | } | ||
1205 | va_end (ap); | ||
1206 | |||
1207 | /* initialize HTTPS daemon certificate aspects & send / recv functions */ | ||
1208 | if (options & MHD_USE_SSL && MHD_TLS_init (retVal) != 0) | ||
1209 | { | ||
1210 | #if HAVE_MESSAGES | ||
1211 | MHD_DLOG (retVal, "Failed to initialize HTTPS daemon\n"); | ||
1212 | #endif | ||
1213 | free (retVal); | ||
1214 | return NULL; | ||
1215 | } | ||
1216 | |||
1217 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options | ||
1218 | & | ||
1219 | MHD_USE_SELECT_INTERNALLY))) | ||
1220 | && (0 != | ||
1221 | pthread_create (&retVal->pid, NULL, &MHD_select_thread, retVal))) | ||
1222 | { | ||
1223 | #if HAVE_MESSAGES | ||
1224 | MHD_DLOG (retVal, "Failed to create listen thread: %s\n", | ||
1225 | STRERROR (errno)); | ||
1226 | #endif | ||
1227 | free (retVal); | ||
1228 | CLOSE (socket_fd); | ||
1229 | return NULL; | ||
1230 | } | ||
1231 | |||
1232 | return retVal; | ||
1233 | } | ||
1234 | |||
1235 | |||
1236 | /* | ||
1237 | * start the MHD_Daemon while binding to a specific ip address. | ||
1238 | * | ||
1239 | * TODO : address adding ip parameter to MHD_start_daemon | ||
1240 | */ | ||
1241 | struct MHD_Daemon * | ||
1242 | MHD_start_daemon_ip (unsigned int options, | ||
1243 | unsigned short port, char *ip, | ||
1244 | MHD_AcceptPolicyCallback apc, | ||
1245 | void *apc_cls, | ||
1246 | MHD_AccessHandlerCallback dh, void *dh_cls, ...) | ||
1247 | { | ||
1248 | |||
1249 | gnutls_global_set_log_level (5); | ||
1250 | |||
1251 | struct MHD_Daemon *ret; | ||
1252 | va_list ap; | ||
1253 | va_start (ap, dh_cls); | ||
1254 | ret = MHD_start_daemon_va (options, port, ip, apc, apc_cls, dh, dh_cls, ap); | ||
1255 | va_end (ap); | ||
1256 | return ret; | ||
1000 | } | 1257 | } |
1001 | 1258 | ||
1002 | /** | 1259 | /** |
@@ -1066,7 +1323,10 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
1066 | { | 1323 | { |
1067 | gnutls_priority_deinit (daemon->priority_cache); | 1324 | gnutls_priority_deinit (daemon->priority_cache); |
1068 | 1325 | ||
1069 | gnutls_certificate_free_credentials (daemon->x509_cret); | 1326 | if (daemon->x509_cred) |
1327 | gnutls_certificate_free_credentials (daemon->x509_cred); | ||
1328 | if (daemon->anon_cred) | ||
1329 | gnutls_anon_free_server_credentials (daemon->anon_cred); | ||
1070 | 1330 | ||
1071 | /* lock gnutls_global mutex since it uses reference counting */ | 1331 | /* lock gnutls_global mutex since it uses reference counting */ |
1072 | pthread_mutex_lock (&gnutls_init_mutex); | 1332 | pthread_mutex_lock (&gnutls_init_mutex); |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 40d49e08..3155e0bd 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -43,7 +43,6 @@ gnutls_compress.c \ | |||
43 | gnutls_compress_int.c \ | 43 | gnutls_compress_int.c \ |
44 | gnutls_constate.c \ | 44 | gnutls_constate.c \ |
45 | gnutls_datum.c \ | 45 | gnutls_datum.c \ |
46 | gnutls_db.c \ | ||
47 | gnutls_dh.c \ | 46 | gnutls_dh.c \ |
48 | gnutls_dh_primes.c \ | 47 | gnutls_dh_primes.c \ |
49 | gnutls_errors.c \ | 48 | gnutls_errors.c \ |
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h index 86e0230f..e49a6089 100644 --- a/src/daemon/https/tls/auth_cert.h +++ b/src/daemon/https/tls/auth_cert.h | |||
@@ -34,6 +34,7 @@ | |||
34 | /* This structure may be complex, but it's the only way to | 34 | /* This structure may be complex, but it's the only way to |
35 | * support a server that has multiple certificates | 35 | * support a server that has multiple certificates |
36 | */ | 36 | */ |
37 | |||
37 | typedef struct gnutls_certificate_credentials_st | 38 | typedef struct gnutls_certificate_credentials_st |
38 | { | 39 | { |
39 | gnutls_dh_params_t dh_params; | 40 | gnutls_dh_params_t dh_params; |
@@ -45,7 +46,7 @@ typedef struct gnutls_certificate_credentials_st | |||
45 | 46 | ||
46 | gnutls_cert **cert_list; | 47 | gnutls_cert **cert_list; |
47 | /* contains a list of a list of certificates. | 48 | /* contains a list of a list of certificates. |
48 | * eg (X509): [0] certificate1, certificate11, certificate111 | 49 | * eg (X509): [0] certificate1, certificate11, certificate111 |
49 | * (if more than one, one certificate certifies the one before) | 50 | * (if more than one, one certificate certifies the one before) |
50 | * [1] certificate2, certificate22, ... | 51 | * [1] certificate2, certificate22, ... |
51 | */ | 52 | */ |
@@ -75,14 +76,14 @@ typedef struct gnutls_certificate_credentials_st | |||
75 | /* X509 specific stuff */ | 76 | /* X509 specific stuff */ |
76 | 77 | ||
77 | gnutls_x509_crt_t *x509_ca_list; | 78 | gnutls_x509_crt_t *x509_ca_list; |
78 | unsigned x509_ncas; /* number of CAs in the ca_list | 79 | unsigned x509_ncas; /* number of CAs in the ca_list |
79 | */ | 80 | */ |
80 | 81 | ||
81 | gnutls_x509_crl_t *x509_crl_list; | 82 | gnutls_x509_crl_t *x509_crl_list; |
82 | unsigned x509_ncrls; /* number of CRLs in the crl_list | 83 | unsigned x509_ncrls; /* number of CRLs in the crl_list |
83 | */ | 84 | */ |
84 | 85 | ||
85 | unsigned int verify_flags; /* flags to be used at | 86 | unsigned int verify_flags; /* flags to be used at |
86 | * certificate verification. | 87 | * certificate verification. |
87 | */ | 88 | */ |
88 | unsigned int verify_depth; | 89 | unsigned int verify_depth; |
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 6f1c17bc..a1bec6a1 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c | |||
@@ -150,10 +150,10 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, | |||
150 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 150 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
151 | { | 151 | { |
152 | 152 | ||
153 | if (session->internals.priorities.cert_type.algorithms > 0) | 153 | if (session->internals.priorities.cert_type.num_algorithms > 0) |
154 | { | 154 | { |
155 | 155 | ||
156 | len = session->internals.priorities.cert_type.algorithms; | 156 | len = session->internals.priorities.cert_type.num_algorithms; |
157 | 157 | ||
158 | if (len == 1 && | 158 | if (len == 1 && |
159 | session->internals.priorities.cert_type.priority[0] == | 159 | session->internals.priorities.cert_type.priority[0] == |
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c index dfa35f85..29422dab 100644 --- a/src/daemon/https/tls/gnutls_alert.c +++ b/src/daemon/https/tls/gnutls_alert.c | |||
@@ -148,7 +148,7 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, | |||
148 | * alert should be sent to the peer indicating that no renegotiation will | 148 | * alert should be sent to the peer indicating that no renegotiation will |
149 | * be performed. | 149 | * be performed. |
150 | * | 150 | * |
151 | * If there is no mapping to a valid alert the alert to indicate internal error | 151 | * If there is no mapping to a valid alert the alert to indicate internal error |
152 | * is returned. | 152 | * is returned. |
153 | * | 153 | * |
154 | **/ | 154 | **/ |
@@ -163,7 +163,7 @@ gnutls_error_to_alert (int err, int *level) | |||
163 | /* GNUTLS_A_DECRYPTION_FAILED is not sent, because | 163 | /* GNUTLS_A_DECRYPTION_FAILED is not sent, because |
164 | * it is not defined in SSL3. Note that we must | 164 | * it is not defined in SSL3. Note that we must |
165 | * not distinguish Decryption failures from mac | 165 | * not distinguish Decryption failures from mac |
166 | * check failures, due to the possibility of some | 166 | * check failures, due to the possibility of some |
167 | * attacks. | 167 | * attacks. |
168 | */ | 168 | */ |
169 | ret = GNUTLS_A_BAD_RECORD_MAC; | 169 | ret = GNUTLS_A_BAD_RECORD_MAC; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 56435345..1809afda 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -767,7 +767,7 @@ _gnutls_mac_priority (gnutls_session_t session, | |||
767 | gnutls_mac_algorithm_t algorithm) | 767 | gnutls_mac_algorithm_t algorithm) |
768 | { /* actually returns the priority */ | 768 | { /* actually returns the priority */ |
769 | unsigned int i; | 769 | unsigned int i; |
770 | for (i = 0; i < session->internals.priorities.mac.algorithms; i++) | 770 | for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) |
771 | { | 771 | { |
772 | if (session->internals.priorities.mac.priority[i] == algorithm) | 772 | if (session->internals.priorities.mac.priority[i] == algorithm) |
773 | return i; | 773 | return i; |
@@ -893,7 +893,7 @@ _gnutls_compression_priority (gnutls_session_t session, | |||
893 | gnutls_compression_method_t algorithm) | 893 | gnutls_compression_method_t algorithm) |
894 | { /* actually returns the priority */ | 894 | { /* actually returns the priority */ |
895 | unsigned int i; | 895 | unsigned int i; |
896 | for (i = 0; i < session->internals.priorities.compression.algorithms; i++) | 896 | for (i = 0; i < session->internals.priorities.compression.num_algorithms; i++) |
897 | { | 897 | { |
898 | if (session->internals.priorities.compression.priority[i] == algorithm) | 898 | if (session->internals.priorities.compression.priority[i] == algorithm) |
899 | return i; | 899 | return i; |
@@ -1040,7 +1040,7 @@ _gnutls_cipher_priority (gnutls_session_t session, | |||
1040 | gnutls_cipher_algorithm_t algorithm) | 1040 | gnutls_cipher_algorithm_t algorithm) |
1041 | { | 1041 | { |
1042 | unsigned int i; | 1042 | unsigned int i; |
1043 | for (i = 0; i < session->internals.priorities.cipher.algorithms; i++) | 1043 | for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) |
1044 | { | 1044 | { |
1045 | if (session->internals.priorities.cipher.priority[i] == algorithm) | 1045 | if (session->internals.priorities.cipher.priority[i] == algorithm) |
1046 | return i; | 1046 | return i; |
@@ -1176,7 +1176,7 @@ _gnutls_kx_priority (gnutls_session_t session, | |||
1176 | gnutls_kx_algorithm_t algorithm) | 1176 | gnutls_kx_algorithm_t algorithm) |
1177 | { | 1177 | { |
1178 | unsigned int i; | 1178 | unsigned int i; |
1179 | for (i = 0; i < session->internals.priorities.kx.algorithms; i++) | 1179 | for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) |
1180 | { | 1180 | { |
1181 | if (session->internals.priorities.kx.priority[i] == algorithm) | 1181 | if (session->internals.priorities.kx.priority[i] == algorithm) |
1182 | return i; | 1182 | return i; |
@@ -1276,7 +1276,7 @@ _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version) | |||
1276 | return -1; | 1276 | return -1; |
1277 | } | 1277 | } |
1278 | 1278 | ||
1279 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1279 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1280 | { | 1280 | { |
1281 | if (session->internals.priorities.protocol.priority[i] == version) | 1281 | if (session->internals.priorities.protocol.priority[i] == version) |
1282 | return i; | 1282 | return i; |
@@ -1294,7 +1294,7 @@ _gnutls_version_lowest (gnutls_session_t session) | |||
1294 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1294 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1295 | } | 1295 | } |
1296 | else | 1296 | else |
1297 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1297 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1298 | { | 1298 | { |
1299 | if (session->internals.priorities.protocol.priority[i] < min) | 1299 | if (session->internals.priorities.protocol.priority[i] < min) |
1300 | min = session->internals.priorities.protocol.priority[i]; | 1300 | min = session->internals.priorities.protocol.priority[i]; |
@@ -1316,7 +1316,7 @@ _gnutls_version_max (gnutls_session_t session) | |||
1316 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1316 | return MHD_GNUTLS_VERSION_UNKNOWN; |
1317 | } | 1317 | } |
1318 | else | 1318 | else |
1319 | for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) | 1319 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) |
1320 | { | 1320 | { |
1321 | if (session->internals.priorities.protocol.priority[i] > max) | 1321 | if (session->internals.priorities.protocol.priority[i] > max) |
1322 | max = session->internals.priorities.protocol.priority[i]; | 1322 | max = session->internals.priorities.protocol.priority[i]; |
@@ -1886,7 +1886,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, | |||
1886 | 1886 | ||
1887 | /* returns the TLS numbers of the compression methods we support | 1887 | /* returns the TLS numbers of the compression methods we support |
1888 | */ | 1888 | */ |
1889 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms | 1889 | #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms |
1890 | int | 1890 | int |
1891 | _gnutls_supported_compression_methods (gnutls_session_t session, | 1891 | _gnutls_supported_compression_methods (gnutls_session_t session, |
1892 | uint8_t ** comp) | 1892 | uint8_t ** comp) |
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c index 919315ef..fd0917f8 100644 --- a/src/daemon/https/tls/gnutls_anon_cred.c +++ b/src/daemon/https/tls/gnutls_anon_cred.c | |||
@@ -62,8 +62,9 @@ int | |||
62 | gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * | 62 | gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * |
63 | sc) | 63 | sc) |
64 | { | 64 | { |
65 | |||
66 | *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); | 65 | *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); |
66 | if (*sc == NULL) | ||
67 | return GNUTLS_E_MEMORY_ERROR; | ||
67 | 68 | ||
68 | return 0; | 69 | return 0; |
69 | } | 70 | } |
diff --git a/src/daemon/https/tls/gnutls_db.c b/src/daemon/https/tls/gnutls_db.c deleted file mode 100644 index 806961c1..00000000 --- a/src/daemon/https/tls/gnutls_db.c +++ /dev/null | |||
@@ -1,386 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains functions that manipulate a database backend | ||
26 | * for resumed sessions. | ||
27 | */ | ||
28 | |||
29 | #include "gnutls_int.h" | ||
30 | #include "gnutls_errors.h" | ||
31 | // #include "gnutls_session.h" | ||
32 | #include <gnutls_db.h> | ||
33 | #include "debug.h" | ||
34 | #include <gnutls_session_pack.h> | ||
35 | #include <gnutls_datum.h> | ||
36 | |||
37 | /** | ||
38 | * gnutls_db_set_retrieve_function - Sets the function that will be used to get data | ||
39 | * @session: is a #gnutls_session_t structure. | ||
40 | * @retr_func: is the function. | ||
41 | * | ||
42 | * Sets the function that will be used to retrieve data from the resumed | ||
43 | * sessions database. This function must return a gnutls_datum_t containing the | ||
44 | * data on success, or a gnutls_datum_t containing null and 0 on failure. | ||
45 | * | ||
46 | * The datum's data must be allocated using the function | ||
47 | * gnutls_malloc(). | ||
48 | * | ||
49 | * The first argument to retr_func() will be null unless gnutls_db_set_ptr() | ||
50 | * has been called. | ||
51 | * | ||
52 | **/ | ||
53 | void | ||
54 | gnutls_db_set_retrieve_function (gnutls_session_t session, | ||
55 | gnutls_db_retr_func retr_func) | ||
56 | { | ||
57 | session->internals.db_retrieve_func = retr_func; | ||
58 | } | ||
59 | |||
60 | /** | ||
61 | * gnutls_db_set_remove_function - Sets the function that will be used to remove data | ||
62 | * @session: is a #gnutls_session_t structure. | ||
63 | * @rem_func: is the function. | ||
64 | * | ||
65 | * Sets the function that will be used to remove data from the resumed | ||
66 | * sessions database. This function must return 0 on success. | ||
67 | * | ||
68 | * The first argument to rem_func() will be null unless gnutls_db_set_ptr() | ||
69 | * has been called. | ||
70 | * | ||
71 | **/ | ||
72 | void | ||
73 | gnutls_db_set_remove_function (gnutls_session_t session, | ||
74 | gnutls_db_remove_func rem_func) | ||
75 | { | ||
76 | session->internals.db_remove_func = rem_func; | ||
77 | } | ||
78 | |||
79 | /** | ||
80 | * gnutls_db_set_store_function - Sets the function that will be used to put data | ||
81 | * @session: is a #gnutls_session_t structure. | ||
82 | * @store_func: is the function | ||
83 | * | ||
84 | * Sets the function that will be used to store data from the resumed | ||
85 | * sessions database. This function must remove 0 on success. | ||
86 | * | ||
87 | * The first argument to store_func() will be null unless gnutls_db_set_ptr() | ||
88 | * has been called. | ||
89 | * | ||
90 | **/ | ||
91 | void | ||
92 | gnutls_db_set_store_function (gnutls_session_t session, | ||
93 | gnutls_db_store_func store_func) | ||
94 | { | ||
95 | session->internals.db_store_func = store_func; | ||
96 | } | ||
97 | |||
98 | /** | ||
99 | * gnutls_db_set_ptr - Sets a pointer to be sent to db functions | ||
100 | * @session: is a #gnutls_session_t structure. | ||
101 | * @ptr: is the pointer | ||
102 | * | ||
103 | * Sets the pointer that will be provided to db store, retrieve and delete functions, as | ||
104 | * the first argument. | ||
105 | * | ||
106 | **/ | ||
107 | void | ||
108 | gnutls_db_set_ptr (gnutls_session_t session, void *ptr) | ||
109 | { | ||
110 | session->internals.db_ptr = ptr; | ||
111 | } | ||
112 | |||
113 | /** | ||
114 | * gnutls_db_get_ptr - Returns the pointer which is sent to db functions | ||
115 | * @session: is a #gnutls_session_t structure. | ||
116 | * | ||
117 | * Returns the pointer that will be sent to db store, retrieve and delete functions, as | ||
118 | * the first argument. | ||
119 | * | ||
120 | **/ | ||
121 | void * | ||
122 | gnutls_db_get_ptr (gnutls_session_t session) | ||
123 | { | ||
124 | return session->internals.db_ptr; | ||
125 | } | ||
126 | |||
127 | /** | ||
128 | * gnutls_db_set_cache_expiration - Sets the expiration time for resumed sessions. | ||
129 | * @session: is a #gnutls_session_t structure. | ||
130 | * @seconds: is the number of seconds. | ||
131 | * | ||
132 | * Sets the expiration time for resumed sessions. The default is 3600 (one hour) | ||
133 | * at the time writing this. | ||
134 | **/ | ||
135 | void | ||
136 | gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds) | ||
137 | { | ||
138 | session->internals.expire_time = seconds; | ||
139 | } | ||
140 | |||
141 | /** | ||
142 | * gnutls_db_check_entry - checks if the given db entry has expired | ||
143 | * @session: is a #gnutls_session_t structure. | ||
144 | * @session_entry: is the session data (not key) | ||
145 | * | ||
146 | * This function returns GNUTLS_E_EXPIRED, if the database entry | ||
147 | * has expired or 0 otherwise. This function is to be used when | ||
148 | * you want to clear unnesessary session which occupy space in your | ||
149 | * backend. | ||
150 | * | ||
151 | **/ | ||
152 | int | ||
153 | gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry) | ||
154 | { | ||
155 | time_t timestamp; | ||
156 | |||
157 | timestamp = time (0); | ||
158 | |||
159 | if (session_entry.data != NULL) | ||
160 | if (timestamp - | ||
161 | ((security_parameters_st *) (session_entry.data))->timestamp <= | ||
162 | session->internals.expire_time | ||
163 | || ((security_parameters_st *) (session_entry.data))-> | ||
164 | timestamp > timestamp | ||
165 | || ((security_parameters_st *) (session_entry.data))->timestamp == 0) | ||
166 | return GNUTLS_E_EXPIRED; | ||
167 | |||
168 | return 0; | ||
169 | } | ||
170 | |||
171 | /* The format of storing data is: | ||
172 | * (forget it). Check gnutls_session_pack.c | ||
173 | */ | ||
174 | int | ||
175 | _gnutls_server_register_current_session (gnutls_session_t session) | ||
176 | { | ||
177 | gnutls_datum_t key; | ||
178 | gnutls_datum_t content; | ||
179 | int ret = 0; | ||
180 | |||
181 | key.data = session->security_parameters.session_id; | ||
182 | key.size = session->security_parameters.session_id_size; | ||
183 | |||
184 | if (session->internals.resumable == RESUME_FALSE) | ||
185 | { | ||
186 | gnutls_assert (); | ||
187 | return GNUTLS_E_INVALID_SESSION; | ||
188 | } | ||
189 | |||
190 | if (session->security_parameters.session_id == NULL | ||
191 | || session->security_parameters.session_id_size == 0) | ||
192 | { | ||
193 | gnutls_assert (); | ||
194 | return GNUTLS_E_INVALID_SESSION; | ||
195 | } | ||
196 | |||
197 | /* copy data */ | ||
198 | ret = _gnutls_session_pack (session, &content); | ||
199 | if (ret < 0) | ||
200 | { | ||
201 | gnutls_assert (); | ||
202 | return ret; | ||
203 | } | ||
204 | |||
205 | ret = _gnutls_store_session (session, key, content); | ||
206 | _gnutls_free_datum (&content); | ||
207 | |||
208 | return ret; | ||
209 | } | ||
210 | |||
211 | /* Checks if both db_store and db_retrieve functions have | ||
212 | * been set up. | ||
213 | */ | ||
214 | static int | ||
215 | _gnutls_db_func_is_ok (gnutls_session_t session) | ||
216 | { | ||
217 | if (session->internals.db_store_func != NULL && | ||
218 | session->internals.db_retrieve_func != NULL && | ||
219 | session->internals.db_remove_func != NULL) | ||
220 | return 0; | ||
221 | else | ||
222 | return GNUTLS_E_DB_ERROR; | ||
223 | } | ||
224 | |||
225 | |||
226 | int | ||
227 | _gnutls_server_restore_session (gnutls_session_t session, | ||
228 | uint8_t * session_id, int session_id_size) | ||
229 | { | ||
230 | gnutls_datum_t data; | ||
231 | gnutls_datum_t key; | ||
232 | int ret; | ||
233 | |||
234 | key.data = session_id; | ||
235 | key.size = session_id_size; | ||
236 | |||
237 | if (_gnutls_db_func_is_ok (session) != 0) | ||
238 | { | ||
239 | gnutls_assert (); | ||
240 | return GNUTLS_E_INVALID_SESSION; | ||
241 | } | ||
242 | |||
243 | data = _gnutls_retrieve_session (session, key); | ||
244 | |||
245 | if (data.data == NULL) | ||
246 | { | ||
247 | gnutls_assert (); | ||
248 | return GNUTLS_E_INVALID_SESSION; | ||
249 | } | ||
250 | |||
251 | /* expiration check is performed inside */ | ||
252 | ret = gnutls_session_set_data (session, data.data, data.size); | ||
253 | if (ret < 0) | ||
254 | { | ||
255 | gnutls_assert (); | ||
256 | return ret; | ||
257 | } | ||
258 | |||
259 | gnutls_free (data.data); | ||
260 | |||
261 | return 0; | ||
262 | } | ||
263 | |||
264 | int | ||
265 | _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, | ||
266 | int session_id_size) | ||
267 | { | ||
268 | gnutls_datum_t key; | ||
269 | |||
270 | key.data = session_id; | ||
271 | key.size = session_id_size; | ||
272 | |||
273 | return _gnutls_remove_session (session, key); | ||
274 | } | ||
275 | |||
276 | |||
277 | /* Stores session data to the db backend. | ||
278 | */ | ||
279 | int | ||
280 | _gnutls_store_session (gnutls_session_t session, | ||
281 | gnutls_datum_t session_id, gnutls_datum_t session_data) | ||
282 | { | ||
283 | int ret = 0; | ||
284 | |||
285 | if (session->internals.resumable == RESUME_FALSE) | ||
286 | { | ||
287 | gnutls_assert (); | ||
288 | return GNUTLS_E_INVALID_SESSION; | ||
289 | } | ||
290 | |||
291 | if (_gnutls_db_func_is_ok (session) != 0) | ||
292 | { | ||
293 | return GNUTLS_E_DB_ERROR; | ||
294 | } | ||
295 | |||
296 | if (session_id.data == NULL || session_id.size == 0) | ||
297 | { | ||
298 | gnutls_assert (); | ||
299 | return GNUTLS_E_INVALID_SESSION; | ||
300 | } | ||
301 | |||
302 | if (session_data.data == NULL || session_data.size == 0) | ||
303 | { | ||
304 | gnutls_assert (); | ||
305 | return GNUTLS_E_INVALID_SESSION; | ||
306 | } | ||
307 | /* if we can't read why bother writing? */ | ||
308 | |||
309 | if (session->internals.db_store_func != NULL) | ||
310 | ret = | ||
311 | session->internals.db_store_func (session->internals.db_ptr, | ||
312 | session_id, session_data); | ||
313 | |||
314 | return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); | ||
315 | |||
316 | } | ||
317 | |||
318 | /* Retrieves session data from the db backend. | ||
319 | */ | ||
320 | gnutls_datum_t | ||
321 | _gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id) | ||
322 | { | ||
323 | gnutls_datum_t ret = { NULL, 0 }; | ||
324 | |||
325 | if (session_id.data == NULL || session_id.size == 0) | ||
326 | { | ||
327 | gnutls_assert (); | ||
328 | return ret; | ||
329 | } | ||
330 | |||
331 | if (session->internals.db_retrieve_func != NULL) | ||
332 | ret = | ||
333 | session->internals.db_retrieve_func (session->internals.db_ptr, | ||
334 | session_id); | ||
335 | |||
336 | return ret; | ||
337 | |||
338 | } | ||
339 | |||
340 | /* Removes session data from the db backend. | ||
341 | */ | ||
342 | int | ||
343 | _gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id) | ||
344 | { | ||
345 | int ret = 0; | ||
346 | |||
347 | if (_gnutls_db_func_is_ok (session) != 0) | ||
348 | { | ||
349 | return GNUTLS_E_DB_ERROR; | ||
350 | } | ||
351 | |||
352 | if (session_id.data == NULL || session_id.size == 0) | ||
353 | return GNUTLS_E_INVALID_SESSION; | ||
354 | |||
355 | /* if we can't read why bother writing? */ | ||
356 | if (session->internals.db_remove_func != NULL) | ||
357 | ret = | ||
358 | session->internals.db_remove_func (session->internals.db_ptr, | ||
359 | session_id); | ||
360 | |||
361 | return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); | ||
362 | |||
363 | } | ||
364 | |||
365 | /** | ||
366 | * gnutls_db_remove_session - This function will remove the current session data from the database | ||
367 | * @session: is a #gnutls_session_t structure. | ||
368 | * | ||
369 | * This function will remove the current session data from the session | ||
370 | * database. This will prevent future handshakes reusing these session | ||
371 | * data. This function should be called if a session was terminated | ||
372 | * abnormally, and before gnutls_deinit() is called. | ||
373 | * | ||
374 | * Normally gnutls_deinit() will remove abnormally terminated sessions. | ||
375 | * | ||
376 | **/ | ||
377 | void | ||
378 | gnutls_db_remove_session (gnutls_session_t session) | ||
379 | { | ||
380 | /* if the session has failed abnormally it has | ||
381 | * to be removed from the db | ||
382 | */ | ||
383 | _gnutls_db_remove_session (session, | ||
384 | session->security_parameters.session_id, | ||
385 | session->security_parameters.session_id_size); | ||
386 | } | ||
diff --git a/src/daemon/https/tls/gnutls_db.h b/src/daemon/https/tls/gnutls_db.h deleted file mode 100644 index 9adece4e..00000000 --- a/src/daemon/https/tls/gnutls_db.h +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int _gnutls_server_register_current_session (gnutls_session_t session); | ||
26 | int _gnutls_server_restore_session (gnutls_session_t session, | ||
27 | uint8_t * session_id, | ||
28 | int session_id_size); | ||
29 | int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, | ||
30 | int session_id_size); | ||
31 | int _gnutls_store_session (gnutls_session_t session, | ||
32 | gnutls_datum_t session_id, | ||
33 | gnutls_datum_t session_data); | ||
34 | gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session, | ||
35 | gnutls_datum_t session_id); | ||
36 | int _gnutls_remove_session (gnutls_session_t session, | ||
37 | gnutls_datum_t session_id); | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index b304bdcb..5f56822e 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -37,7 +37,6 @@ | |||
37 | #include "gnutls_handshake.h" | 37 | #include "gnutls_handshake.h" |
38 | #include "gnutls_num.h" | 38 | #include "gnutls_num.h" |
39 | #include "gnutls_hash_int.h" | 39 | #include "gnutls_hash_int.h" |
40 | #include "gnutls_db.h" | ||
41 | #include "gnutls_extensions.h" | 40 | #include "gnutls_extensions.h" |
42 | #include "gnutls_supplemental.h" | 41 | #include "gnutls_supplemental.h" |
43 | #include "gnutls_auth_int.h" | 42 | #include "gnutls_auth_int.h" |
@@ -338,7 +337,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
338 | int datalen) | 337 | int datalen) |
339 | { | 338 | { |
340 | uint8_t session_id_len; | 339 | uint8_t session_id_len; |
341 | int pos = 0, ret; | 340 | int pos = 0, ret = 0; |
342 | uint16_t suite_size, comp_size; | 341 | uint16_t suite_size, comp_size; |
343 | gnutls_protocol_t adv_version; | 342 | gnutls_protocol_t adv_version; |
344 | int neg_version; | 343 | int neg_version; |
@@ -383,10 +382,10 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
383 | } | 382 | } |
384 | DECR_LEN (len, session_id_len); | 383 | DECR_LEN (len, session_id_len); |
385 | 384 | ||
386 | ret = _gnutls_server_restore_session (session, &data[pos], session_id_len); | ||
387 | pos += session_id_len; | 385 | pos += session_id_len; |
388 | 386 | ||
389 | if (ret == 0) | 387 | /* TODO rm if support for resumed sessions won't be supported */ |
388 | if (0) | ||
390 | { /* resumed! */ | 389 | { /* resumed! */ |
391 | resume_copy_required_values (session); | 390 | resume_copy_required_values (session); |
392 | session->internals.resumed = RESUME_TRUE; | 391 | session->internals.resumed = RESUME_TRUE; |
@@ -2647,12 +2646,6 @@ _gnutls_handshake_common (gnutls_session_t session) | |||
2647 | IMED_RET ("recv handshake final 2", ret); | 2646 | IMED_RET ("recv handshake final 2", ret); |
2648 | } | 2647 | } |
2649 | 2648 | ||
2650 | if (session->security_parameters.entity == GNUTLS_SERVER) | ||
2651 | { | ||
2652 | /* in order to support session resuming */ | ||
2653 | _gnutls_server_register_current_session (session); | ||
2654 | } | ||
2655 | |||
2656 | /* clear handshake buffer */ | 2649 | /* clear handshake buffer */ |
2657 | _gnutls_handshake_hash_buffers_clear (session); | 2650 | _gnutls_handshake_hash_buffers_clear (session); |
2658 | return ret; | 2651 | return ret; |
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h index 5d30ac58..7791b554 100644 --- a/src/daemon/https/tls/gnutls_int.h +++ b/src/daemon/https/tls/gnutls_int.h | |||
@@ -380,7 +380,7 @@ typedef struct | |||
380 | typedef struct | 380 | typedef struct |
381 | { | 381 | { |
382 | unsigned int priority[MAX_ALGOS]; | 382 | unsigned int priority[MAX_ALGOS]; |
383 | unsigned int algorithms; | 383 | unsigned int num_algorithms; |
384 | } priority_st; | 384 | } priority_st; |
385 | 385 | ||
386 | /* For the external api */ | 386 | /* For the external api */ |
@@ -391,6 +391,8 @@ struct gnutls_priority_st | |||
391 | priority_st kx; | 391 | priority_st kx; |
392 | priority_st compression; | 392 | priority_st compression; |
393 | priority_st protocol; | 393 | priority_st protocol; |
394 | |||
395 | /* certificate type : x509, OpenPGP, etc. */ | ||
394 | priority_st cert_type; | 396 | priority_st cert_type; |
395 | 397 | ||
396 | /* to disable record padding */ | 398 | /* to disable record padding */ |
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 0dfb27e3..cea6446b 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -56,7 +56,7 @@ gnutls_cipher_set_priority (gnutls_session_t session, const int *list) | |||
56 | num++; | 56 | num++; |
57 | if (num > MAX_ALGOS) | 57 | if (num > MAX_ALGOS) |
58 | num = MAX_ALGOS; | 58 | num = MAX_ALGOS; |
59 | session->internals.priorities.cipher.algorithms = num; | 59 | session->internals.priorities.cipher.num_algorithms = num; |
60 | 60 | ||
61 | for (i = 0; i < num; i++) | 61 | for (i = 0; i < num; i++) |
62 | { | 62 | { |
@@ -75,7 +75,7 @@ _set_priority (priority_st * st, const int *list) | |||
75 | num++; | 75 | num++; |
76 | if (num > MAX_ALGOS) | 76 | if (num > MAX_ALGOS) |
77 | num = MAX_ALGOS; | 77 | num = MAX_ALGOS; |
78 | st->algorithms = num; | 78 | st->num_algorithms = num; |
79 | 79 | ||
80 | for (i = 0; i < num; i++) | 80 | for (i = 0; i < num; i++) |
81 | { | 81 | { |
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index e52cf922..68c83330 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c | |||
@@ -35,7 +35,6 @@ | |||
35 | #include "gnutls_hash_int.h" | 35 | #include "gnutls_hash_int.h" |
36 | #include "gnutls_cipher_int.h" | 36 | #include "gnutls_cipher_int.h" |
37 | #include "gnutls_algorithms.h" | 37 | #include "gnutls_algorithms.h" |
38 | #include "gnutls_db.h" | ||
39 | #include "gnutls_auth_int.h" | 38 | #include "gnutls_auth_int.h" |
40 | #include "gnutls_num.h" | 39 | #include "gnutls_num.h" |
41 | #include "gnutls_record.h" | 40 | #include "gnutls_record.h" |
@@ -289,7 +288,7 @@ session_is_valid (gnutls_session_t session) | |||
289 | return 0; | 288 | return 0; |
290 | } | 289 | } |
291 | 290 | ||
292 | /* Copies the record version into the headers. The | 291 | /* Copies the record version into the headers. The |
293 | * version must have 2 bytes at least. | 292 | * version must have 2 bytes at least. |
294 | */ | 293 | */ |
295 | inline static void | 294 | inline static void |
@@ -316,7 +315,7 @@ copy_record_version (gnutls_session_t session, | |||
316 | /* This function behaves exactly like write(). The only difference is | 315 | /* This function behaves exactly like write(). The only difference is |
317 | * that it accepts, the gnutls_session_t and the content_type_t of data to | 316 | * that it accepts, the gnutls_session_t and the content_type_t of data to |
318 | * send (if called by the user the Content is specific) | 317 | * send (if called by the user the Content is specific) |
319 | * It is intended to transfer data, under the current session. | 318 | * It is intended to transfer data, under the current session. |
320 | * | 319 | * |
321 | * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. | 320 | * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. |
322 | * This makes the function much easier to read, and more error resistant | 321 | * This makes the function much easier to read, and more error resistant |
@@ -376,7 +375,7 @@ _gnutls_send_int (gnutls_session_t session, | |||
376 | else | 375 | else |
377 | data2send_size = sizeofdata; | 376 | data2send_size = sizeofdata; |
378 | 377 | ||
379 | /* Only encrypt if we don't have data to send | 378 | /* Only encrypt if we don't have data to send |
380 | * from the previous run. - probably interrupted. | 379 | * from the previous run. - probably interrupted. |
381 | */ | 380 | */ |
382 | if (session->internals.record_send_buffer.length > 0) | 381 | if (session->internals.record_send_buffer.length > 0) |
@@ -469,7 +468,7 @@ _gnutls_send_int (gnutls_session_t session, | |||
469 | return retval; | 468 | return retval; |
470 | } | 469 | } |
471 | 470 | ||
472 | /* This function is to be called if the handshake was successfully | 471 | /* This function is to be called if the handshake was successfully |
473 | * completed. This sends a Change Cipher Spec packet to the peer. | 472 | * completed. This sends a Change Cipher Spec packet to the peer. |
474 | */ | 473 | */ |
475 | ssize_t | 474 | ssize_t |
@@ -556,8 +555,8 @@ record_check_headers (gnutls_session_t session, | |||
556 | uint16_t * length, uint16_t * header_size) | 555 | uint16_t * length, uint16_t * header_size) |
557 | { | 556 | { |
558 | 557 | ||
559 | /* Read the first two bytes to determine if this is a | 558 | /* Read the first two bytes to determine if this is a |
560 | * version 2 message | 559 | * version 2 message |
561 | */ | 560 | */ |
562 | 561 | ||
563 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE | 562 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE |
@@ -565,7 +564,7 @@ record_check_headers (gnutls_session_t session, | |||
565 | { | 564 | { |
566 | 565 | ||
567 | /* if msb set and expecting handshake message | 566 | /* if msb set and expecting handshake message |
568 | * it should be SSL 2 hello | 567 | * it should be SSL 2 hello |
569 | */ | 568 | */ |
570 | version[0] = 3; /* assume SSL 3.0 */ | 569 | version[0] = 3; /* assume SSL 3.0 */ |
571 | version[1] = 0; | 570 | version[1] = 0; |
@@ -593,7 +592,7 @@ record_check_headers (gnutls_session_t session, | |||
593 | version[0] = headers[1]; | 592 | version[0] = headers[1]; |
594 | version[1] = headers[2]; | 593 | version[1] = headers[2]; |
595 | 594 | ||
596 | /* No DECR_LEN, since headers has enough size. | 595 | /* No DECR_LEN, since headers has enough size. |
597 | */ | 596 | */ |
598 | *length = _gnutls_read_uint16 (&headers[3]); | 597 | *length = _gnutls_read_uint16 (&headers[3]); |
599 | } | 598 | } |
@@ -676,7 +675,7 @@ record_check_type (gnutls_session_t session, | |||
676 | */ | 675 | */ |
677 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) | 676 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) |
678 | { | 677 | { |
679 | /* If we have been expecting for an alert do | 678 | /* If we have been expecting for an alert do |
680 | */ | 679 | */ |
681 | session->internals.read_eof = 1; | 680 | session->internals.read_eof = 1; |
682 | return GNUTLS_E_INT_RET_0; /* EOF */ | 681 | return GNUTLS_E_INT_RET_0; /* EOF */ |
@@ -911,7 +910,7 @@ begin: | |||
911 | } | 910 | } |
912 | 911 | ||
913 | /* Here we check if the Type of the received packet is | 912 | /* Here we check if the Type of the received packet is |
914 | * ok. | 913 | * ok. |
915 | */ | 914 | */ |
916 | if ((ret = check_recv_type (recv_type)) < 0) | 915 | if ((ret = check_recv_type (recv_type)) < 0) |
917 | { | 916 | { |
@@ -952,7 +951,7 @@ begin: | |||
952 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 951 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
953 | } | 952 | } |
954 | 953 | ||
955 | /* check if we have that data into buffer. | 954 | /* check if we have that data into buffer. |
956 | */ | 955 | */ |
957 | if ((ret = _gnutls_io_read_buffered (session, &recv_data, | 956 | if ((ret = _gnutls_io_read_buffered (session, &recv_data, |
958 | header_size + length, recv_type)) | 957 | header_size + length, recv_type)) |
@@ -1017,7 +1016,7 @@ begin: | |||
1017 | read_sequence_number), | 1016 | read_sequence_number), |
1018 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); | 1017 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); |
1019 | 1018 | ||
1020 | /* increase sequence number | 1019 | /* increase sequence number |
1021 | */ | 1020 | */ |
1022 | if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) | 1021 | if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) |
1023 | { | 1022 | { |
@@ -1037,7 +1036,7 @@ begin: | |||
1037 | return ret; | 1036 | return ret; |
1038 | } | 1037 | } |
1039 | 1038 | ||
1040 | /* Get Application data from buffer | 1039 | /* Get Application data from buffer |
1041 | */ | 1040 | */ |
1042 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | 1041 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type |
1043 | == GNUTLS_HANDSHAKE | 1042 | == GNUTLS_HANDSHAKE |
@@ -1051,7 +1050,7 @@ begin: | |||
1051 | return ret; | 1050 | return ret; |
1052 | } | 1051 | } |
1053 | 1052 | ||
1054 | /* if the buffer just got empty | 1053 | /* if the buffer just got empty |
1055 | */ | 1054 | */ |
1056 | if (_gnutls_record_buffer_get_size (type, session) == 0) | 1055 | if (_gnutls_record_buffer_get_size (type, session) == 0) |
1057 | { | 1056 | { |
@@ -1066,11 +1065,11 @@ begin: | |||
1066 | { | 1065 | { |
1067 | gnutls_assert (); | 1066 | gnutls_assert (); |
1068 | return GNUTLS_E_UNEXPECTED_PACKET; | 1067 | return GNUTLS_E_UNEXPECTED_PACKET; |
1069 | /* we didn't get what we wanted to | 1068 | /* we didn't get what we wanted to |
1070 | */ | 1069 | */ |
1071 | } | 1070 | } |
1072 | 1071 | ||
1073 | /* (originally for) TLS 1.0 CBC protection. | 1072 | /* (originally for) TLS 1.0 CBC protection. |
1074 | * Actually this code is called if we just received | 1073 | * Actually this code is called if we just received |
1075 | * an empty packet. An empty TLS packet is usually | 1074 | * an empty packet. An empty TLS packet is usually |
1076 | * sent to protect some vulnerabilities in the CBC mode. | 1075 | * sent to protect some vulnerabilities in the CBC mode. |
diff --git a/src/daemon/https/tls/gnutls_session.c b/src/daemon/https/tls/gnutls_session.c index 541cc699..fb9b5e80 100644 --- a/src/daemon/https/tls/gnutls_session.c +++ b/src/daemon/https/tls/gnutls_session.c | |||
@@ -24,7 +24,7 @@ | |||
24 | #include "gnutls_int.h" | 24 | #include "gnutls_int.h" |
25 | #include "gnutls_errors.h" | 25 | #include "gnutls_errors.h" |
26 | #include "debug.h" | 26 | #include "debug.h" |
27 | #include <gnutls_session_pack.h> | 27 | #include "gnutls_session_pack.h" |
28 | #include <gnutls_datum.h> | 28 | #include <gnutls_datum.h> |
29 | 29 | ||
30 | /** | 30 | /** |
@@ -123,10 +123,10 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data) | |||
123 | * | 123 | * |
124 | * Returns the current session id. This can be used if you want to check if | 124 | * Returns the current session id. This can be used if you want to check if |
125 | * the next session you tried to resume was actually resumed. | 125 | * the next session you tried to resume was actually resumed. |
126 | * This is because resumed sessions have the same sessionID with the | 126 | * This is because resumed sessions have the same sessionID with the |
127 | * original session. | 127 | * original session. |
128 | * | 128 | * |
129 | * Session id is some data set by the server, that identify the current session. | 129 | * Session id is some data set by the server, that identify the current session. |
130 | * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. | 130 | * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. |
131 | * | 131 | * |
132 | * Returns zero on success. | 132 | * Returns zero on success. |
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index ed4945b6..3e549c4c 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -54,6 +54,169 @@ static int unpack_security_parameters (gnutls_session_t session, | |||
54 | static int pack_security_parameters (gnutls_session_t session, | 54 | static int pack_security_parameters (gnutls_session_t session, |
55 | gnutls_datum_t * packed_session); | 55 | gnutls_datum_t * packed_session); |
56 | 56 | ||
57 | /* Packs the ANON session authentication data. */ | ||
58 | #ifdef ENABLE_ANON | ||
59 | |||
60 | /* Format: | ||
61 | * 1 byte the credentials type | ||
62 | * 4 bytes the size of the whole structure | ||
63 | * 2 bytes the size of secret key in bits | ||
64 | * 4 bytes the size of the prime | ||
65 | * x bytes the prime | ||
66 | * 4 bytes the size of the generator | ||
67 | * x bytes the generator | ||
68 | * 4 bytes the size of the public key | ||
69 | * x bytes the public key | ||
70 | */ | ||
71 | static int | ||
72 | pack_anon_auth_info (gnutls_session_t session, gnutls_datum_t * packed_session) | ||
73 | { | ||
74 | anon_auth_info_t info = _gnutls_get_auth_info (session); | ||
75 | int pos = 0; | ||
76 | size_t pack_size; | ||
77 | |||
78 | if (info) | ||
79 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
80 | info->dh.generator.size + info->dh.public_key.size; | ||
81 | else | ||
82 | pack_size = 0; | ||
83 | |||
84 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
85 | |||
86 | /* calculate the size and allocate the data. | ||
87 | */ | ||
88 | packed_session->data = | ||
89 | gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
90 | |||
91 | if (packed_session->data == NULL) | ||
92 | { | ||
93 | gnutls_assert (); | ||
94 | return GNUTLS_E_MEMORY_ERROR; | ||
95 | } | ||
96 | |||
97 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
98 | _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
99 | pos += 4 + PACK_HEADER_SIZE; | ||
100 | |||
101 | if (pack_size > 0) | ||
102 | { | ||
103 | _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | ||
104 | pos += 2; | ||
105 | |||
106 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
107 | pos += 4 + info->dh.prime.size; | ||
108 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
109 | pos += 4 + info->dh.generator.size; | ||
110 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | ||
111 | pos += 4 + info->dh.public_key.size; | ||
112 | |||
113 | } | ||
114 | |||
115 | return 0; | ||
116 | } | ||
117 | |||
118 | /* Format: | ||
119 | * 1 byte the credentials type | ||
120 | * 4 bytes the size of the whole structure | ||
121 | * 2 bytes the size of secret key in bits | ||
122 | * 4 bytes the size of the prime | ||
123 | * x bytes the prime | ||
124 | * 4 bytes the size of the generator | ||
125 | * x bytes the generator | ||
126 | * 4 bytes the size of the public key | ||
127 | * x bytes the public key | ||
128 | */ | ||
129 | static int | ||
130 | unpack_anon_auth_info (gnutls_session_t session, | ||
131 | const gnutls_datum_t * packed_session) | ||
132 | { | ||
133 | size_t pack_size; | ||
134 | int pos = 0, size, ret; | ||
135 | anon_auth_info_t info; | ||
136 | |||
137 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
138 | { | ||
139 | gnutls_assert (); | ||
140 | return GNUTLS_E_INVALID_REQUEST; | ||
141 | } | ||
142 | |||
143 | pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
144 | pos += PACK_HEADER_SIZE + 4; | ||
145 | |||
146 | |||
147 | if (pack_size == 0) | ||
148 | return 0; /* nothing to be done */ | ||
149 | |||
150 | /* a simple check for integrity */ | ||
151 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
152 | { | ||
153 | gnutls_assert (); | ||
154 | return GNUTLS_E_INVALID_REQUEST; | ||
155 | } | ||
156 | |||
157 | /* client and serer have the same auth_info here | ||
158 | */ | ||
159 | ret = | ||
160 | _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
161 | sizeof (anon_auth_info_st), 1); | ||
162 | if (ret < 0) | ||
163 | { | ||
164 | gnutls_assert (); | ||
165 | return ret; | ||
166 | } | ||
167 | |||
168 | info = _gnutls_get_auth_info (session); | ||
169 | if (info == NULL) | ||
170 | { | ||
171 | gnutls_assert (); | ||
172 | return GNUTLS_E_INTERNAL_ERROR; | ||
173 | } | ||
174 | |||
175 | info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]); | ||
176 | pos += 2; | ||
177 | |||
178 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
179 | pos += 4; | ||
180 | ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
181 | if (ret < 0) | ||
182 | { | ||
183 | gnutls_assert (); | ||
184 | goto error; | ||
185 | } | ||
186 | pos += size; | ||
187 | |||
188 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
189 | pos += 4; | ||
190 | ret = | ||
191 | _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size); | ||
192 | if (ret < 0) | ||
193 | { | ||
194 | gnutls_assert (); | ||
195 | goto error; | ||
196 | } | ||
197 | pos += size; | ||
198 | |||
199 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
200 | pos += 4; | ||
201 | ret = | ||
202 | _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
203 | size); | ||
204 | if (ret < 0) | ||
205 | { | ||
206 | gnutls_assert (); | ||
207 | goto error; | ||
208 | } | ||
209 | pos += size; | ||
210 | |||
211 | return 0; | ||
212 | |||
213 | error: | ||
214 | _gnutls_free_datum (&info->dh.prime); | ||
215 | _gnutls_free_datum (&info->dh.generator); | ||
216 | _gnutls_free_datum (&info->dh.public_key); | ||
217 | return ret; | ||
218 | } | ||
219 | #endif /* ANON */ | ||
57 | 220 | ||
58 | /* Since auth_info structures contain malloced data, this function | 221 | /* Since auth_info structures contain malloced data, this function |
59 | * is required in order to pack these structures in a vector in | 222 | * is required in order to pack these structures in a vector in |
@@ -121,7 +284,7 @@ _gnutls_session_pack (gnutls_session_t session, | |||
121 | 284 | ||
122 | } | 285 | } |
123 | 286 | ||
124 | /* Auth_info structures copied. Now copy security_parameters_st. | 287 | /* Auth_info structures copied. Now copy security_parameters_st. |
125 | * packed_session must have allocated space for the security parameters. | 288 | * packed_session must have allocated space for the security parameters. |
126 | */ | 289 | */ |
127 | ret = pack_security_parameters (session, packed_session); | 290 | ret = pack_security_parameters (session, packed_session); |
@@ -201,7 +364,7 @@ _gnutls_session_unpack (gnutls_session_t session, | |||
201 | 364 | ||
202 | } | 365 | } |
203 | 366 | ||
204 | /* Auth_info structures copied. Now copy security_parameters_st. | 367 | /* Auth_info structures copied. Now copy security_parameters_st. |
205 | * packed_session must have allocated space for the security parameters. | 368 | * packed_session must have allocated space for the security parameters. |
206 | */ | 369 | */ |
207 | ret = unpack_security_parameters (session, packed_session); | 370 | ret = unpack_security_parameters (session, packed_session); |
@@ -477,7 +640,7 @@ error: | |||
477 | /* Packs the SRP session authentication data. | 640 | /* Packs the SRP session authentication data. |
478 | */ | 641 | */ |
479 | 642 | ||
480 | /* Format: | 643 | /* Format: |
481 | * 1 byte the credentials type | 644 | * 1 byte the credentials type |
482 | * 4 bytes the size of the SRP username (x) | 645 | * 4 bytes the size of the SRP username (x) |
483 | * x bytes the SRP username | 646 | * x bytes the SRP username |
@@ -569,167 +732,12 @@ unpack_srp_auth_info (gnutls_session_t session, | |||
569 | #endif | 732 | #endif |
570 | 733 | ||
571 | 734 | ||
572 | #ifdef ENABLE_ANON | ||
573 | /* Packs the ANON session authentication data. | ||
574 | */ | ||
575 | |||
576 | /* Format: | ||
577 | * 1 byte the credentials type | ||
578 | * 4 bytes the size of the whole structure | ||
579 | * 2 bytes the size of secret key in bits | ||
580 | * 4 bytes the size of the prime | ||
581 | * x bytes the prime | ||
582 | * 4 bytes the size of the generator | ||
583 | * x bytes the generator | ||
584 | * 4 bytes the size of the public key | ||
585 | * x bytes the public key | ||
586 | */ | ||
587 | static int | ||
588 | pack_anon_auth_info (gnutls_session_t session, | ||
589 | gnutls_datum_t * packed_session) | ||
590 | { | ||
591 | anon_auth_info_t info = _gnutls_get_auth_info (session); | ||
592 | int pos = 0; | ||
593 | size_t pack_size; | ||
594 | |||
595 | if (info) | ||
596 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
597 | info->dh.generator.size + info->dh.public_key.size; | ||
598 | else | ||
599 | pack_size = 0; | ||
600 | |||
601 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
602 | |||
603 | /* calculate the size and allocate the data. | ||
604 | */ | ||
605 | packed_session->data = | ||
606 | gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
607 | |||
608 | if (packed_session->data == NULL) | ||
609 | { | ||
610 | gnutls_assert (); | ||
611 | return GNUTLS_E_MEMORY_ERROR; | ||
612 | } | ||
613 | |||
614 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
615 | _gnutls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
616 | pos += 4 + PACK_HEADER_SIZE; | ||
617 | |||
618 | if (pack_size > 0) | ||
619 | { | ||
620 | _gnutls_write_uint16 (info->dh.secret_bits, &packed_session->data[pos]); | ||
621 | pos += 2; | ||
622 | |||
623 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
624 | pos += 4 + info->dh.prime.size; | ||
625 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
626 | pos += 4 + info->dh.generator.size; | ||
627 | _gnutls_write_datum32 (&packed_session->data[pos], info->dh.public_key); | ||
628 | pos += 4 + info->dh.public_key.size; | ||
629 | |||
630 | } | ||
631 | |||
632 | return 0; | ||
633 | } | ||
634 | |||
635 | |||
636 | static int | ||
637 | unpack_anon_auth_info (gnutls_session_t session, | ||
638 | const gnutls_datum_t * packed_session) | ||
639 | { | ||
640 | size_t pack_size; | ||
641 | int pos = 0, size, ret; | ||
642 | anon_auth_info_t info; | ||
643 | |||
644 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
645 | { | ||
646 | gnutls_assert (); | ||
647 | return GNUTLS_E_INVALID_REQUEST; | ||
648 | } | ||
649 | |||
650 | pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
651 | pos += PACK_HEADER_SIZE + 4; | ||
652 | |||
653 | |||
654 | if (pack_size == 0) | ||
655 | return 0; /* nothing to be done */ | ||
656 | |||
657 | /* a simple check for integrity */ | ||
658 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
659 | { | ||
660 | gnutls_assert (); | ||
661 | return GNUTLS_E_INVALID_REQUEST; | ||
662 | } | ||
663 | |||
664 | /* client and serer have the same auth_info here | ||
665 | */ | ||
666 | ret = | ||
667 | _gnutls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
668 | sizeof (anon_auth_info_st), 1); | ||
669 | if (ret < 0) | ||
670 | { | ||
671 | gnutls_assert (); | ||
672 | return ret; | ||
673 | } | ||
674 | |||
675 | info = _gnutls_get_auth_info (session); | ||
676 | if (info == NULL) | ||
677 | { | ||
678 | gnutls_assert (); | ||
679 | return GNUTLS_E_INTERNAL_ERROR; | ||
680 | } | ||
681 | |||
682 | info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]); | ||
683 | pos += 2; | ||
684 | |||
685 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
686 | pos += 4; | ||
687 | ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
688 | if (ret < 0) | ||
689 | { | ||
690 | gnutls_assert (); | ||
691 | goto error; | ||
692 | } | ||
693 | pos += size; | ||
694 | |||
695 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
696 | pos += 4; | ||
697 | ret = | ||
698 | _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size); | ||
699 | if (ret < 0) | ||
700 | { | ||
701 | gnutls_assert (); | ||
702 | goto error; | ||
703 | } | ||
704 | pos += size; | ||
705 | |||
706 | size = _gnutls_read_uint32 (&packed_session->data[pos]); | ||
707 | pos += 4; | ||
708 | ret = | ||
709 | _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
710 | size); | ||
711 | if (ret < 0) | ||
712 | { | ||
713 | gnutls_assert (); | ||
714 | goto error; | ||
715 | } | ||
716 | pos += size; | ||
717 | |||
718 | return 0; | ||
719 | |||
720 | error: | ||
721 | _gnutls_free_datum (&info->dh.prime); | ||
722 | _gnutls_free_datum (&info->dh.generator); | ||
723 | _gnutls_free_datum (&info->dh.public_key); | ||
724 | return ret; | ||
725 | } | ||
726 | #endif /* ANON */ | ||
727 | 735 | ||
728 | #ifdef ENABLE_PSK | 736 | #ifdef ENABLE_PSK |
729 | /* Packs the PSK session authentication data. | 737 | /* Packs the PSK session authentication data. |
730 | */ | 738 | */ |
731 | 739 | ||
732 | /* Format: | 740 | /* Format: |
733 | * 1 byte the credentials type | 741 | * 1 byte the credentials type |
734 | * 4 bytes the size of the whole structure | 742 | * 4 bytes the size of the whole structure |
735 | * 4 bytes the size of the PSK username (x) | 743 | * 4 bytes the size of the PSK username (x) |
@@ -909,7 +917,7 @@ error: | |||
909 | /* Packs the security parameters. | 917 | /* Packs the security parameters. |
910 | */ | 918 | */ |
911 | 919 | ||
912 | /* Format: | 920 | /* Format: |
913 | * 4 bytes the total security data size | 921 | * 4 bytes the total security data size |
914 | * 1 byte the entity type (client/server) | 922 | * 1 byte the entity type (client/server) |
915 | * 1 byte the key exchange algorithm used | 923 | * 1 byte the key exchange algorithm used |
@@ -947,7 +955,7 @@ error: | |||
947 | * | 955 | * |
948 | * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) | 956 | * 2 bytes the number of server name extensions (up to MAX_SERVER_NAME_EXTENSIONS) |
949 | * 1 byte the first name type | 957 | * 1 byte the first name type |
950 | * 2 bytes the size of the first name | 958 | * 2 bytes the size of the first name |
951 | * x bytes the first name (MAX_SERVER_NAME_SIZE) | 959 | * x bytes the first name (MAX_SERVER_NAME_SIZE) |
952 | * and so on... | 960 | * and so on... |
953 | * | 961 | * |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 3fde3db4..3931b393 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -32,7 +32,6 @@ | |||
32 | #include <gnutls_auth_int.h> | 32 | #include <gnutls_auth_int.h> |
33 | #include <gnutls_num.h> | 33 | #include <gnutls_num.h> |
34 | #include <gnutls_datum.h> | 34 | #include <gnutls_datum.h> |
35 | #include <gnutls_db.h> | ||
36 | #include <gnutls_record.h> | 35 | #include <gnutls_record.h> |
37 | #include <gnutls_handshake.h> | 36 | #include <gnutls_handshake.h> |
38 | #include <gnutls_dh.h> | 37 | #include <gnutls_dh.h> |
@@ -154,11 +153,11 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, | |||
154 | } | 153 | } |
155 | } | 154 | } |
156 | 155 | ||
157 | if (session->internals.priorities.cert_type.algorithms == 0 && cert_type | 156 | if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type |
158 | == DEFAULT_CERT_TYPE) | 157 | == DEFAULT_CERT_TYPE) |
159 | return 0; | 158 | return 0; |
160 | 159 | ||
161 | for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++) | 160 | for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++) |
162 | { | 161 | { |
163 | if (session->internals.priorities.cert_type.priority[i] == cert_type) | 162 | if (session->internals.priorities.cert_type.priority[i] == cert_type) |
164 | { | 163 | { |
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 7c84fa0a..a9b6829d 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -93,9 +93,9 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits) | |||
93 | * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status | 93 | * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status |
94 | * @session: is a gnutls session | 94 | * @session: is a gnutls session |
95 | * | 95 | * |
96 | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). | 96 | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). |
97 | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. | 97 | * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. |
98 | * However you must also check the peer's name in order to check if the verified certificate belongs to the | 98 | * However you must also check the peer's name in order to check if the verified certificate belongs to the |
99 | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. | 99 | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. |
100 | * | 100 | * |
101 | -*/ | 101 | -*/ |
@@ -178,7 +178,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, | |||
178 | 178 | ||
179 | } | 179 | } |
180 | 180 | ||
181 | /* Verify certificate | 181 | /* Verify certificate |
182 | */ | 182 | */ |
183 | ret = | 183 | ret = |
184 | gnutls_x509_crt_list_verify (peer_certificate_list, | 184 | gnutls_x509_crt_list_verify (peer_certificate_list, |
@@ -522,7 +522,7 @@ parse_pem_cert_mem (gnutls_cert ** cert_list, unsigned *ncerts, | |||
522 | } | 522 | } |
523 | _gnutls_free_datum (&tmp); /* free ptr2 */ | 523 | _gnutls_free_datum (&tmp); /* free ptr2 */ |
524 | 524 | ||
525 | /* now we move ptr after the pem header | 525 | /* now we move ptr after the pem header |
526 | */ | 526 | */ |
527 | ptr++; | 527 | ptr++; |
528 | /* find the next certificate (if any) | 528 | /* find the next certificate (if any) |
@@ -794,18 +794,18 @@ read_key_file (gnutls_certificate_credentials_t res, | |||
794 | * @key: is the private key, or %NULL | 794 | * @key: is the private key, or %NULL |
795 | * @type: is PEM or DER | 795 | * @type: is PEM or DER |
796 | * | 796 | * |
797 | * This function sets a certificate/private key pair in the | 797 | * This function sets a certificate/private key pair in the |
798 | * gnutls_certificate_credentials_t structure. This function may be called | 798 | * gnutls_certificate_credentials_t structure. This function may be called |
799 | * more than once (in case multiple keys/certificates exist for the | 799 | * more than once (in case multiple keys/certificates exist for the |
800 | * server). | 800 | * server). |
801 | * | 801 | * |
802 | * Currently are supported: RSA PKCS-1 encoded private keys, | 802 | * Currently are supported: RSA PKCS-1 encoded private keys, |
803 | * DSA private keys. | 803 | * DSA private keys. |
804 | * | 804 | * |
805 | * DSA private keys are encoded the OpenSSL way, which is an ASN.1 | 805 | * DSA private keys are encoded the OpenSSL way, which is an ASN.1 |
806 | * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. | 806 | * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. |
807 | * | 807 | * |
808 | * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates | 808 | * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates |
809 | * is supported. This means that certificates intended for signing cannot | 809 | * is supported. This means that certificates intended for signing cannot |
810 | * be used for ciphersuites that require encryption. | 810 | * be used for ciphersuites that require encryption. |
811 | * | 811 | * |
@@ -825,7 +825,7 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t | |||
825 | { | 825 | { |
826 | int ret; | 826 | int ret; |
827 | 827 | ||
828 | /* this should be first | 828 | /* this should be first |
829 | */ | 829 | */ |
830 | if ((ret = read_key_mem (res, key ? key->data : NULL, | 830 | if ((ret = read_key_mem (res, key ? key->data : NULL, |
831 | key ? key->size : 0, type)) < 0) | 831 | key ? key->size : 0, type)) < 0) |
@@ -867,7 +867,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, | |||
867 | { | 867 | { |
868 | int ret, i; | 868 | int ret, i; |
869 | 869 | ||
870 | /* this should be first | 870 | /* this should be first |
871 | */ | 871 | */ |
872 | 872 | ||
873 | res->pkey = | 873 | res->pkey = |
@@ -956,7 +956,7 @@ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t | |||
956 | { | 956 | { |
957 | int ret; | 957 | int ret; |
958 | 958 | ||
959 | /* this should be first | 959 | /* this should be first |
960 | */ | 960 | */ |
961 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) | 961 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) |
962 | return ret; | 962 | return ret; |
@@ -983,7 +983,7 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) | |||
983 | unsigned size, i; | 983 | unsigned size, i; |
984 | opaque *pdata; | 984 | opaque *pdata; |
985 | 985 | ||
986 | /* Generate the RDN sequence | 986 | /* Generate the RDN sequence |
987 | * This will be sent to clients when a certificate | 987 | * This will be sent to clients when a certificate |
988 | * request message is sent. | 988 | * request message is sent. |
989 | */ | 989 | */ |
@@ -1036,11 +1036,8 @@ generate_rdn_seq (gnutls_certificate_credentials_t res) | |||
1036 | return 0; | 1036 | return 0; |
1037 | } | 1037 | } |
1038 | 1038 | ||
1039 | 1039 | /* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this | |
1040 | 1040 | * certificate (uses the KeyUsage field). | |
1041 | |||
1042 | /* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this | ||
1043 | * certificate (uses the KeyUsage field). | ||
1044 | */ | 1041 | */ |
1045 | int | 1042 | int |
1046 | _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) | 1043 | _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) |
@@ -1158,7 +1155,7 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
1158 | return ret; | 1155 | return ret; |
1159 | } | 1156 | } |
1160 | 1157 | ||
1161 | /* now we move ptr after the pem header | 1158 | /* now we move ptr after the pem header |
1162 | */ | 1159 | */ |
1163 | ptr++; | 1160 | ptr++; |
1164 | size--; | 1161 | size--; |
@@ -1452,7 +1449,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1452 | return ret; | 1449 | return ret; |
1453 | } | 1450 | } |
1454 | 1451 | ||
1455 | /* now we move ptr after the pem header | 1452 | /* now we move ptr after the pem header |
1456 | */ | 1453 | */ |
1457 | ptr++; | 1454 | ptr++; |
1458 | /* find the next certificate (if any) | 1455 | /* find the next certificate (if any) |
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h index 41878ff2..3c75dff5 100644 --- a/src/daemon/https/x509/pkcs12.h +++ b/src/daemon/https/x509/pkcs12.h | |||
@@ -23,7 +23,6 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* TODO clean */ | 25 | /* TODO clean */ |
26 | |||
27 | #ifndef GNUTLS_PKCS12_H | 26 | #ifndef GNUTLS_PKCS12_H |
28 | #define GNUTLS_PKCS12_H | 27 | #define GNUTLS_PKCS12_H |
29 | 28 | ||
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 612b18da..796e5ad1 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -627,8 +627,13 @@ struct MHD_Daemon | |||
627 | unsigned short port; | 627 | unsigned short port; |
628 | 628 | ||
629 | #if HTTPS_SUPPORT | 629 | #if HTTPS_SUPPORT |
630 | /* server credintials */ | 630 | gnutls_credentials_type_t cred_type; |
631 | gnutls_certificate_credentials_t x509_cret; | 631 | |
632 | /* server x509 credintials */ | ||
633 | gnutls_certificate_credentials_t x509_cred; | ||
634 | |||
635 | /* credentials used for anonymous authentication */ | ||
636 | gnutls_anon_server_credentials_t anon_cred; | ||
632 | 637 | ||
633 | /* cipher priority cache */ | 638 | /* cipher priority cache */ |
634 | gnutls_priority_t priority_cache; | 639 | gnutls_priority_t priority_cache; |
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index a934c16e..8a1fe022 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -64,8 +64,6 @@ | |||
64 | * depend on your platform; for possible suggestions consult | 64 | * depend on your platform; for possible suggestions consult |
65 | * "platform.h" in the MHD distribution). | 65 | * "platform.h" in the MHD distribution). |
66 | * | 66 | * |
67 | * TODO: | ||
68 | * - Add option codes for SSL support | ||
69 | */ | 67 | */ |
70 | 68 | ||
71 | #ifndef MHD_MICROHTTPD_H | 69 | #ifndef MHD_MICROHTTPD_H |
@@ -380,6 +378,13 @@ enum MHD_OPTION | |||
380 | MHD_OPTION_HTTPS_MEM_CERT, | 378 | MHD_OPTION_HTTPS_MEM_CERT, |
381 | 379 | ||
382 | /* | 380 | /* |
381 | * daemon credentials type. either certificate or anonymous, | ||
382 | * this option should be followed by one of the values listed in | ||
383 | * gnutls_credentials_type_t. | ||
384 | */ | ||
385 | MHD_OPTION_CRED_TYPE, | ||
386 | |||
387 | /* | ||
383 | * SSL/TLS protocol version | 388 | * SSL/TLS protocol version |
384 | * | 389 | * |
385 | * Memory pointer to a zero terminated int array representing the | 390 | * Memory pointer to a zero terminated int array representing the |
@@ -714,11 +719,17 @@ typedef int | |||
714 | */ | 719 | */ |
715 | struct MHD_Daemon * | 720 | struct MHD_Daemon * |
716 | MHD_start_daemon_va (unsigned int options, | 721 | MHD_start_daemon_va (unsigned int options, |
717 | unsigned short port, | 722 | unsigned short port, char * ip, |
718 | MHD_AcceptPolicyCallback apc, | 723 | MHD_AcceptPolicyCallback apc, |
719 | void *apc_cls, | 724 | void *apc_cls, |
720 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); | 725 | MHD_AccessHandlerCallback dh, void *dh_cls, va_list ap); |
721 | 726 | ||
727 | struct MHD_Daemon * | ||
728 | MHD_start_daemon_ip (unsigned int options, | ||
729 | unsigned short port, char *ip, | ||
730 | MHD_AcceptPolicyCallback apc, | ||
731 | void *apc_cls, | ||
732 | MHD_AccessHandlerCallback dh, void *dh_cls, ...); | ||
722 | 733 | ||
723 | /* | 734 | /* |
724 | * Variadic version of MHD_start_daemon_va. This function will delegate calls | 735 | * Variadic version of MHD_start_daemon_va. This function will delegate calls |
@@ -1025,6 +1036,7 @@ typedef enum | |||
1025 | MHD_GNUTLS_KX_SRP_DSS | 1036 | MHD_GNUTLS_KX_SRP_DSS |
1026 | } gnutls_kx_algorithm_t; | 1037 | } gnutls_kx_algorithm_t; |
1027 | 1038 | ||
1039 | /* server credentials type */ | ||
1028 | typedef enum | 1040 | typedef enum |
1029 | { | 1041 | { |
1030 | MHD_GNUTLS_CRD_CERTIFICATE = 1, | 1042 | MHD_GNUTLS_CRD_CERTIFICATE = 1, |
@@ -1034,6 +1046,7 @@ typedef enum | |||
1034 | MHD_GNUTLS_CRD_IA | 1046 | MHD_GNUTLS_CRD_IA |
1035 | } gnutls_credentials_type_t; | 1047 | } gnutls_credentials_type_t; |
1036 | 1048 | ||
1049 | /* mac algorithm */ | ||
1037 | typedef enum | 1050 | typedef enum |
1038 | { | 1051 | { |
1039 | MHD_GNUTLS_MAC_UNKNOWN = 0, | 1052 | MHD_GNUTLS_MAC_UNKNOWN = 0, |
@@ -1056,7 +1069,7 @@ typedef enum | |||
1056 | MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 | 1069 | MHD_GNUTLS_DIG_SHA256 = MHD_GNUTLS_MAC_SHA256 |
1057 | } gnutls_digest_algorithm_t; | 1070 | } gnutls_digest_algorithm_t; |
1058 | 1071 | ||
1059 | 1072 | /* compression method */ | |
1060 | typedef enum | 1073 | typedef enum |
1061 | { | 1074 | { |
1062 | MHD_GNUTLS_COMP_UNKNOWN = 0, | 1075 | MHD_GNUTLS_COMP_UNKNOWN = 0, |
@@ -1067,6 +1080,7 @@ typedef enum | |||
1067 | */ | 1080 | */ |
1068 | } gnutls_compression_method_t; | 1081 | } gnutls_compression_method_t; |
1069 | 1082 | ||
1083 | /* protocol type */ | ||
1070 | typedef enum | 1084 | typedef enum |
1071 | { | 1085 | { |
1072 | MHD_GNUTLS_SSL3 = 1, | 1086 | MHD_GNUTLS_SSL3 = 1, |
@@ -1076,6 +1090,7 @@ typedef enum | |||
1076 | MHD_GNUTLS_VERSION_UNKNOWN = 0xff | 1090 | MHD_GNUTLS_VERSION_UNKNOWN = 0xff |
1077 | } gnutls_protocol_t; | 1091 | } gnutls_protocol_t; |
1078 | 1092 | ||
1093 | /* certificate_type */ | ||
1079 | typedef enum | 1094 | typedef enum |
1080 | { | 1095 | { |
1081 | MHD_GNUTLS_CRT_UNKNOWN = 0, | 1096 | MHD_GNUTLS_CRT_UNKNOWN = 0, |
diff --git a/src/testcurl/https/tls_alert_test.c b/src/testcurl/https/tls_alert_test.c index 67b489b7..4c8b482d 100644 --- a/src/testcurl/https/tls_alert_test.c +++ b/src/testcurl/https/tls_alert_test.c | |||
@@ -62,7 +62,7 @@ setup (gnutls_session_t * session, | |||
62 | gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) | 62 | gnutls_datum_t * cert, gnutls_certificate_credentials_t * xcred) |
63 | { | 63 | { |
64 | int ret; | 64 | int ret; |
65 | const char **err_pos; | 65 | const char ** err_pos; |
66 | 66 | ||
67 | gnutls_certificate_allocate_credentials (xcred); | 67 | gnutls_certificate_allocate_credentials (xcred); |
68 | 68 | ||
diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c index a12ce93f..58d95cf1 100644 --- a/src/testcurl/https/tls_authentication_test.c +++ b/src/testcurl/https/tls_authentication_test.c | |||
@@ -39,10 +39,12 @@ | |||
39 | 39 | ||
40 | extern int curl_check_version (const char *req_version, ...); | 40 | extern int curl_check_version (const char *req_version, ...); |
41 | 41 | ||
42 | const int DEBUG_GNUTLS_LOG_LEVEL = 6; | ||
42 | const char *ca_cert_file_name = "ca_cert_pem"; | 43 | const char *ca_cert_file_name = "ca_cert_pem"; |
43 | const char *test_file_name = "https_test_file"; | 44 | const char *test_file_name = "https_test_file"; |
44 | const char test_file_data[] = "Hello World\n"; | 45 | const char test_file_data[] = "Hello World\n"; |
45 | 46 | ||
47 | |||
46 | struct CBC | 48 | struct CBC |
47 | { | 49 | { |
48 | char *buf; | 50 | char *buf; |
@@ -173,8 +175,8 @@ test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version) | |||
173 | #endif | 175 | #endif |
174 | curl_easy_setopt (c, CURLOPT_URL, url); | 176 | curl_easy_setopt (c, CURLOPT_URL, url); |
175 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); | 177 | curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); |
176 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 3L); | 178 | curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); |
177 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 3L); | 179 | curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); |
178 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); | 180 | curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
179 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); | 181 | curl_easy_setopt (c, CURLOPT_FILE, &cbc); |
180 | 182 | ||
@@ -224,14 +226,13 @@ test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version) | |||
224 | { | 226 | { |
225 | int ret; | 227 | int ret; |
226 | struct MHD_Daemon *d; | 228 | struct MHD_Daemon *d; |
227 | int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; | ||
228 | 229 | ||
229 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 230 | d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
230 | MHD_USE_DEBUG, 42433, | 231 | MHD_USE_DEBUG, 42433, |
231 | NULL, NULL, &http_ahc, NULL, | 232 | NULL, NULL, &http_ahc, NULL, |
232 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, | 233 | MHD_OPTION_HTTPS_MEM_KEY, srv_signed_key_pem, |
233 | MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem, | 234 | MHD_OPTION_HTTPS_MEM_CERT, srv_signed_cert_pem, |
234 | MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END); | 235 | MHD_OPTION_END); |
235 | 236 | ||
236 | if (d == NULL) | 237 | if (d == NULL) |
237 | { | 238 | { |
@@ -308,7 +309,7 @@ main (int argc, char *const *argv) | |||
308 | FILE *test_fd; | 309 | FILE *test_fd; |
309 | unsigned int errorCount = 0; | 310 | unsigned int errorCount = 0; |
310 | 311 | ||
311 | /* gnutls_global_set_log_level (11); */ | 312 | gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
312 | 313 | ||
313 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 314 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
314 | { | 315 | { |
@@ -330,7 +331,7 @@ main (int argc, char *const *argv) | |||
330 | } | 331 | } |
331 | 332 | ||
332 | errorCount += | 333 | errorCount += |
333 | test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3); | 334 | test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1); |
334 | 335 | ||
335 | if (errorCount != 0) | 336 | if (errorCount != 0) |
336 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 337 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 95accebb..59205199 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include "gnutls.h" | 32 | #include "gnutls.h" |
33 | #include <curl/curl.h> | 33 | #include <curl/curl.h> |
34 | 34 | ||
35 | #define DEBUG_CURL_VERBOSE 0 | ||
35 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" | 36 | #define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>" |
36 | 37 | ||
37 | #define MHD_E_MEM "Error: memory error\n" | 38 | #define MHD_E_MEM "Error: memory error\n" |
@@ -42,6 +43,7 @@ | |||
42 | 43 | ||
43 | #include "tls_test_keys.h" | 44 | #include "tls_test_keys.h" |
44 | 45 | ||
46 | const int DEBUG_GNUTLS_LOG_LEVEL = 0; | ||
45 | const char *test_file_name = "https_test_file"; | 47 | const char *test_file_name = "https_test_file"; |
46 | const char test_file_data[] = "Hello World\n"; | 48 | const char test_file_data[] = "Hello World\n"; |
47 | 49 | ||
@@ -123,7 +125,7 @@ http_ahc (void *cls, struct MHD_Connection *connection, | |||
123 | * @param test_fd: file to attempt transfering | 125 | * @param test_fd: file to attempt transfering |
124 | */ | 126 | */ |
125 | static int | 127 | static int |
126 | test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | 128 | test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version) |
127 | { | 129 | { |
128 | CURL *c; | 130 | CURL *c; |
129 | CURLcode errornum; | 131 | CURLcode errornum; |
@@ -172,7 +174,7 @@ test_https_transfer (FILE * test_fd, char * cipher_suite, int proto_version) | |||
172 | doc_path, test_file_name); | 174 | doc_path, test_file_name); |
173 | 175 | ||
174 | c = curl_easy_init (); | 176 | c = curl_easy_init (); |
175 | #ifdef DEBUG | 177 | #if DEBUG_CURL_VERBOSE |
176 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 178 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
177 | #endif | 179 | #endif |
178 | curl_easy_setopt (c, CURLOPT_URL, url); | 180 | curl_easy_setopt (c, CURLOPT_URL, url); |
@@ -249,14 +251,11 @@ setupTestFile () | |||
249 | } | 251 | } |
250 | 252 | ||
251 | static int | 253 | static int |
252 | setup (struct MHD_Daemon **d, enum MHD_OPTION option, void * value ) | 254 | setup (struct MHD_Daemon **d, va_list arg_list) |
253 | { | 255 | { |
254 | *d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 256 | *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
255 | MHD_USE_DEBUG, 42433, | 257 | MHD_USE_DEBUG, 42433, "127.0.0.1", |
256 | NULL, NULL, &http_ahc, NULL, | 258 | NULL, NULL, &http_ahc, NULL, arg_list); |
257 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
258 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
259 | option, value, MHD_OPTION_END); | ||
260 | 259 | ||
261 | if (*d == NULL) | 260 | if (*d == NULL) |
262 | { | 261 | { |
@@ -273,19 +272,37 @@ teardown (struct MHD_Daemon *d) | |||
273 | MHD_stop_daemon (d); | 272 | MHD_stop_daemon (d); |
274 | } | 273 | } |
275 | 274 | ||
275 | /* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */ | ||
276 | int | 276 | int |
277 | test_wrap (int | 277 | test_wrap (char *test_name, int |
278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), | 278 | (*test) (FILE * test_fd, char *cipher_suite, int proto_version), |
279 | FILE * test_fd, char *cipher_suite, int proto_version, | 279 | FILE * test_fd, char *cipher_suite, int proto_version, ...) |
280 | enum MHD_OPTION option, void * value) | ||
281 | { | 280 | { |
282 | int ret; | 281 | int ret; |
282 | va_list arg_list; | ||
283 | struct MHD_Daemon *d; | 283 | struct MHD_Daemon *d; |
284 | 284 | ||
285 | if (setup (&d, option, value) != 0) | 285 | va_start (arg_list, proto_version); |
286 | return -1; | 286 | if (setup (&d, arg_list) != 0) |
287 | { | ||
288 | va_end (arg_list); | ||
289 | return -1; | ||
290 | } | ||
291 | |||
292 | fprintf (stdout, "running test: %s ", test_name); | ||
287 | ret = test (test_fd, cipher_suite, proto_version); | 293 | ret = test (test_fd, cipher_suite, proto_version); |
294 | |||
295 | if (ret == 0) | ||
296 | { | ||
297 | fprintf (stdout, "[pass]\n"); | ||
298 | } | ||
299 | else | ||
300 | { | ||
301 | fprintf (stdout, "[fail]\n"); | ||
302 | } | ||
303 | |||
288 | teardown (d); | 304 | teardown (d); |
305 | va_end (arg_list); | ||
289 | return ret; | 306 | return ret; |
290 | } | 307 | } |
291 | 308 | ||
@@ -336,6 +353,9 @@ test_file_certificates (FILE * test_fd, char *cipher_suite, int proto_version) | |||
336 | return ret; | 353 | return ret; |
337 | } | 354 | } |
338 | 355 | ||
356 | /* | ||
357 | * test server refuses to negotiate connections with unsupported protocol versions | ||
358 | */ | ||
339 | int | 359 | int |
340 | test_protocol_version (FILE * test_fd, char *cipher_suite, | 360 | test_protocol_version (FILE * test_fd, char *cipher_suite, |
341 | int curl_proto_version) | 361 | int curl_proto_version) |
@@ -344,7 +364,7 @@ test_protocol_version (FILE * test_fd, char *cipher_suite, | |||
344 | CURLcode errornum; | 364 | CURLcode errornum; |
345 | 365 | ||
346 | c = curl_easy_init (); | 366 | c = curl_easy_init (); |
347 | #ifdef DEBUG | 367 | #if DEBUG_CURL_VERBOSE |
348 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); | 368 | curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
349 | #endif | 369 | #endif |
350 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); | 370 | curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/"); |
@@ -384,7 +404,7 @@ main (int argc, char *const *argv) | |||
384 | FILE *test_fd; | 404 | FILE *test_fd; |
385 | unsigned int errorCount = 0; | 405 | unsigned int errorCount = 0; |
386 | 406 | ||
387 | gnutls_global_set_log_level(11); | 407 | gnutls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
388 | 408 | ||
389 | if (curl_check_version (MHD_REQ_CURL_VERSION)) | 409 | if (curl_check_version (MHD_REQ_CURL_VERSION)) |
390 | { | 410 | { |
@@ -403,54 +423,61 @@ main (int argc, char *const *argv) | |||
403 | return -1; | 423 | return -1; |
404 | } | 424 | } |
405 | 425 | ||
406 | int mac[] = {MHD_GNUTLS_MAC_SHA1, 0}; | 426 | int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; |
407 | int p [] = {MHD_GNUTLS_SSL3, 0}; | 427 | int p[] = { MHD_GNUTLS_SSL3, 0 }; |
408 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | 428 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; |
409 | int kx[] = { MHD_GNUTLS_KX_DHE_RSA, 0 }; | 429 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; |
410 | |||
411 | |||
412 | // errorCount += | ||
413 | // test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
414 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
415 | // errorCount += | ||
416 | // test_wrap (&test_file_certificates, test_fd, "AES256-SHA", | ||
417 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_END, 0); | ||
418 | // | ||
419 | // errorCount += | ||
420 | // test_wrap (&test_protocol_version, test_fd, "AES256-SHA", | ||
421 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_PROTOCOL_VERSION, p); | ||
422 | // | ||
423 | // errorCount += | ||
424 | // test_wrap (&test_https_transfer, test_fd, "DES-CBC3-SHA", | ||
425 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_CIPHER_ALGORITHM, cipher); | ||
426 | 430 | ||
427 | errorCount += | 431 | errorCount += |
428 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | 432 | test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA", |
429 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, mac); | 433 | CURL_SSLVERSION_TLSv1, |
430 | 434 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | |
431 | // errorCount += | 435 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
432 | // test_wrap (&test_https_transfer, test_fd, "EDH-RSA-DES-CBC3-SHA", | 436 | MHD_OPTION_END); |
433 | // CURL_SSLVERSION_TLSv1, MHD_OPTION_KX_PRIORITY, kx); | 437 | errorCount += |
438 | test_wrap ("file certificates", &test_file_certificates, test_fd, | ||
439 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
440 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
441 | srv_self_signed_cert_pem, MHD_OPTION_END); | ||
442 | errorCount += | ||
443 | test_wrap ("protocol_version", &test_protocol_version, test_fd, | ||
444 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | ||
445 | srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, | ||
446 | srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p, | ||
447 | MHD_OPTION_END); | ||
448 | errorCount += | ||
449 | test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd, | ||
450 | "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
451 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
452 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
453 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_END); | ||
454 | errorCount += | ||
455 | test_wrap ("mac SH1", &test_https_transfer, test_fd, "AES256-SHA", | ||
456 | CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
457 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
458 | MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END); | ||
459 | errorCount += | ||
460 | test_wrap ("kx ANON_DH", &test_https_transfer, test_fd, | ||
461 | "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1, | ||
462 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | ||
463 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | ||
464 | MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON, | ||
465 | MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY, | ||
466 | kx, MHD_OPTION_END); | ||
434 | 467 | ||
435 | /*gnutls_mac_algorithm_t mac[] = { | 468 | /*gnutls_mac_algorithm_t mac[] = { |
436 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; | 469 | {MHD_GNUTLS_MAC_MD5, 0}, 0}; |
437 | gnutls_mac_algorithm_t * cur_mac; | 470 | gnutls_mac_algorithm_t * cur_mac; |
438 | |||
439 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
440 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
441 | errorCount += | ||
442 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
443 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
444 | }*/ | ||
445 | |||
446 | 471 | ||
472 | for ( cur_mac = &mac[0]; (*cur_mac) != 0; cur_mac++ ){ | ||
473 | option[0] = MHD_GNUTLS_MAC_SHA1; | ||
474 | errorCount += | ||
475 | test_wrap (&test_https_transfer, test_fd, "AES256-SHA", | ||
476 | CURL_SSLVERSION_TLSv1, MHD_OPTION_MAC_ALGO, option); | ||
477 | } */ | ||
447 | 478 | ||
448 | if (errorCount != 0) | 479 | if (errorCount != 0) |
449 | fprintf (stderr, "Failed test: %s.\n", argv[0]); | 480 | fprintf (stderr, "Failed test: %s.\n", argv[0]); |
450 | else | ||
451 | { | ||
452 | fprintf (stderr, "ok\n"); | ||
453 | } | ||
454 | 481 | ||
455 | curl_global_cleanup (); | 482 | curl_global_cleanup (); |
456 | fclose (test_fd); | 483 | fclose (test_fd); |
diff --git a/src/testcurl/https/tls_session_time_out_test.c b/src/testcurl/https/tls_session_time_out_test.c index 846bdd10..745c8d53 100644 --- a/src/testcurl/https/tls_session_time_out_test.c +++ b/src/testcurl/https/tls_session_time_out_test.c | |||
@@ -101,7 +101,6 @@ static int | |||
101 | test_tls_session_time_out (gnutls_session_t session) | 101 | test_tls_session_time_out (gnutls_session_t session) |
102 | { | 102 | { |
103 | int sd, ret; | 103 | int sd, ret; |
104 | char *url = "https://localhost:42433/"; | ||
105 | struct sockaddr_in sa; | 104 | struct sockaddr_in sa; |
106 | 105 | ||
107 | sd = socket (AF_INET, SOCK_STREAM, 0); | 106 | sd = socket (AF_INET, SOCK_STREAM, 0); |
@@ -153,8 +152,8 @@ main (int argc, char *const *argv) | |||
153 | gnutls_global_init (); | 152 | gnutls_global_init (); |
154 | gnutls_global_set_log_level (11); | 153 | gnutls_global_set_log_level (11); |
155 | 154 | ||
156 | d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | | 155 | d = MHD_start_daemon_ip(MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
157 | MHD_USE_DEBUG, 42433, | 156 | MHD_USE_DEBUG, 42433, "127.0.0.1", |
158 | NULL, NULL, &http_ahc, NULL, | 157 | NULL, NULL, &http_ahc, NULL, |
159 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, | 158 | MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT, |
160 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, | 159 | MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
diff --git a/src/testcurl/https/tls_test_keys.h b/src/testcurl/https/tls_test_keys.h index aca0639c..871f99b1 100644 --- a/src/testcurl/https/tls_test_keys.h +++ b/src/testcurl/https/tls_test_keys.h | |||
@@ -24,105 +24,106 @@ | |||
24 | 24 | ||
25 | /* Certificate Authority key */ | 25 | /* Certificate Authority key */ |
26 | const char ca_key_pem[] = | 26 | const char ca_key_pem[] = |
27 | "-----BEGIN RSA PRIVATE KEY-----\n" | 27 | "-----BEGIN RSA PRIVATE KEY-----\n" |
28 | "MIIEpAIBAAKCAQEA3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eB\n" | 28 | "MIIEowIBAAKCAQEAthkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3\n" |
29 | "jiMegQJsJWFQT/CW8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCv\n" | 29 | "JeszCWwDgzw5Ac4o2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdu\n" |
30 | "nQ73wCIdCJoVyJbRN0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbq\n" | 30 | "jxdJPGfakZTktRAA3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqV\n" |
31 | "r9oVciRCQGgrmwEJdPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo1\n" | 31 | "FXRaDmoLWkmxplKz6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlY\n" |
32 | "1cSmRbv5dkCHbx+youLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS\n" | 32 | "JhjkTk1u75HP41yQC6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb\n" |
33 | "0Zo+njEW6vRbmSMkrA1kH45+alN50X11mSgfoQIDAQABAoIBAAmLu+4Ushpdi5Sd\n" | 33 | "625+lHQpH4nfzGcna/RFok6xRpjZu7mB3t7XGwIDAQABAoIBABhD2x5/RHn5uFsI\n" |
34 | "P1cidjDFXfDaao5I2LTroghpnNyfaiT+zbj1jctu7K1luuX+Lh7+ZKIGH6RhVP8g\n" | 34 | "bwv07SwXhsnyAmoru89rjphYe1FOVBDcsa2W2tUtlIY/VyVbcGw0j+APnvy9EUJ6\n" |
35 | "R9eYBeyWHDsWJwPqCQJkrHR7LCkEfgkRAkaUZsSgzTqCWqUAeFa/xaQcdDcOu/nR\n" | 35 | "cMrwsKEBgk1oT4CIwkmGmjpXUCCkF8Wl99CPfM3U1PZDTfqmqEbCRx+KktP8Sq+m\n" |
36 | "DKMUexYmz4ZU+VJxPhWHzGuxhxM85uJOPK3rCaYCJoo1vMpF7MeFFvVljhSdyht5\n" | 36 | "/YryyNjbracnNilmIMq9V6+YWbm7kJHRLVQWHqh/ljji+kCx5y9VII7HYz4217Er\n" |
37 | "KD0w6qP0Y+vDe4cD/4W3wq82qXCFPA5oImjSJveEIJumPIjOyLFF+9p9V6hzg8Em\n" | 37 | "I5HrnPJodmYrH5Tj8Hj9NY7Ok/IeqD186fPuYH/qf9zWcyg7aa0rTPt/E4XjeOjU\n" |
38 | "48cpXcV3SsbaqTr6mSQl6b15zVwWq4CCt4mkeu6vK9PGzdnBiUmWaSXfprDwHaB3\n" | 38 | "kxb68+Ybozm0EY1ypa1Yxf3B4hkyrlQ5lfzDSBKqvQkGA92yNDPYiZX71nDHDj9H\n" |
39 | "t1N0GRECgYEA5gP0gmZQDDJTlaGK9Z6pWiwpMBUoYcnqvCn8MQ5uPQn+KZir19AJ\n" | 39 | "wf8tWlECgYEAxN8bnMXzmGLbNJUQFuEFBCDFE/tAMhBWcN6eyupIwyXXNA8/xGnJ\n" |
40 | "PkVLfWT9Dcaf3+2d0kBBgGYFWL+wK8DgrqALiLJfM6gP3Ts7G6Bis4GFdWY9aUnT\n" | 40 | "rYO4U08YrgvQ6d71xLXAJnsypeJ3FsyIXDar21o5DwVj1ON0nW6xuXsfQWYGEsXm\n" |
41 | "6ZhRYdzetVArhTZBRKh8ERQNPy4TmzWDtjVUAfezUcvXqOjl9H5Q01ECgYEA+C2b\n" | 41 | "fDVf4LVO+P58uAnM3+lKXWMwsw7/ja9VECrOvfTlf7CwwIPfmRzxZEMCgYEA7Mn+\n" |
42 | "i05t/RYcU0eFVYK8Yfl3jZJiopMdYwXCSCO21Ag2i0fjKC89rCmLlliffSSuDtNk\n" | 42 | "PBO352EXzXbGTuLY9iFXo3GL4EXB2nbkXBdTxEbPl+ICjg/1MPtRN9l03y8l06/G\n" |
43 | "xFsaSjns8Vyl7sjMcAOfsGokiUIcFnK/LyVoc3ie2NCiLVzw6zKK8lJ4bhn4afnv\n" | 43 | "MpbxkpPnSXdjXQ1fgXfG9FuKS89BNUfoEfG/3015w49ZAcBYRmvCSGTspu/hshdQ\n" |
44 | "N9RKXP76emb8MaZroKlKkhMR8f2BvzXbv2NyU1ECgYEAtJeAXu1zhc/xnjaiQqxa\n" | 44 | "iom2AFy2aRXfvsoUlePRccs1/7RKclK7ahfdwEkCgYBXQOLGCt25rialGWO2ICjO\n" |
45 | "rMilYfIKrZR571hLgDyjQttYqVIMAbp9t11yorYqlKlRFuCaG9yFUQlIw2BlMkUS\n" | 45 | "+Y8fGf4Lsj39bE1IdammBAFrK08ByDkAVB6/nZC8orQG0zBt7HerFnMOHl7VlfTh\n" |
46 | "YyiXRbE+W/Fk2z7I7qzjMarMnNsz9jmX3vzPULW4ScTzFnj9j6l1F3eV2vgTPrYq\n" | 46 | "mcF1SHl9dNAYLG8kz0ipgi4KGCOc8mUCq81AlFrZ9EBmeMF6g7TXyvxsf7s3mnvC\n" |
47 | "fmGqXo0bRmp0HVMWUPrn/LECgYEA3qHTQkHGS16VZGPpiY8xPVbUV8z07NC6cQVO\n" | 47 | "3JYgjoegnjjYOhpBjBhYbQKBgQCpwJmBakVyG/obcyXx0dDmirqwUquLaZbyzj8i\n" |
48 | "hvZ64XTIsWN4tKjEU3glf2bbFCFef3BFmhv71pBmLRMmy7GYK/gkPdbKFdOXbM/d\n" | 48 | "AhssX/NdGErqm2gU6GauWjfd9IfyvVWiWPHwOhYaZfuW7wpj34GDFskLVhaSYu1t\n" |
49 | "EAcnz0ZqgSeQBM+2U9dQbBdtb5+eiDsszNGFMC2QN1PBcyzOqh6UBbxTwdjfls9S\n" | 49 | "R9lc9cbwOqj9h24Bdik/CxNZDinIKcy0tMsEcXLX3TWdKnQdjMhPAvbATPj+Am+X\n" |
50 | "5Trp6TECgYAzCZmmJuBW6WDK5ttOF/do6r0aurHr2mOr8oYxmBkhI3wphyUMNuaH\n" | 50 | "PGrd+QKBgF5U2i0d2Mgw/JmlVCY79uD9eERivF5HLOYv3XUr9N1/bgIqKSQnrKJC\n" |
51 | "rUk+R8LAmC1U4MbvvqoZH27xe+xd25mn6whitgZBH3DIetN7myDJep8wEG6aW4R5\n" | 51 | "pXC+ZHP9yTmcznwFkbMbJ9cTwMVU1n+hguvyjIJHmmeGrpBuaiT4HwPgV6IZY3N2\n" |
52 | "S82zk+LQJ7LTa1nPVPMS10qUXSH9cjShhszfeRIQM+lWbPoaEuo3yQ==\n" | 52 | "a05cOyYYE3I7h9fQs1MfZRK44rRiXycwb+HA4lwuFWTI7h5qdc/U\n" |
53 | "-----END RSA PRIVATE KEY-----\n"; | 53 | "-----END RSA PRIVATE KEY-----\n"; |
54 | 54 | ||
55 | /* Certificate Authority cert */ | 55 | /* Certificate Authority cert */ |
56 | const char ca_cert_pem[] = | 56 | const char ca_cert_pem[] = |
57 | "-----BEGIN CERTIFICATE-----\n" | 57 | "-----BEGIN CERTIFICATE-----\n" |
58 | "MIIC6DCCAdKgAwIBAgIESHv2uDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 58 | "MIIC6DCCAdKgAwIBAgIESJ2sXDALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
59 | "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMDA0MFoXDTA5MDcxNTAxMDA0MFowFzEVMBMG\n" | 59 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAyOFoXDTA5MDgwOTE0NDAyOFowFzEVMBMG\n" |
60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" | 60 | "A1UEAxMMdGVzdF9jYV9jZXJ0MIIBHzALBgkqhkiG9w0BAQEDggEOADCCAQkCggEA\n" |
61 | "3vzPUd2yRjeHy9Yi22uX1vGnUPmB5zS+77/B9LubTqnNJ9eBjiMegQJsJWFQT/CW\n" | 61 | "thkEJMVt/l06gPJQCfdMKJdYXdQZGSBkOroWGZfs0oYBcSU3JeszCWwDgzw5Ac4o\n" |
62 | "8FurYiSMXIuTBirZX7NO6/rlcqifdfKLotSUuXLu5DBvMLCvnQ73wCIdCJoVyJbR\n" | 62 | "2no9/P7FLVm6+zaIO9gexVi2p1fDhT1+6Lir7O6waS94vLdujxdJPGfakZTktRAA\n" |
63 | "N0ExHsyGwCDCxaHuY8FlkIsfYo17SNmJNaMSUqdoAZoelmbqr9oVciRCQGgrmwEJ\n" | 63 | "3MBbC1XuMYPYXZ6nUrRkmHLeG6Oj+L0U3iVq0ZjLYjekCmqVFXRaDmoLWkmxplKz\n" |
64 | "dPj7EAofWSudV77y85j5rV/t51eNy5liS2qXnoFEmeqTuBo11cSmRbv5dkCHbx+y\n" | 64 | "6UyzUXmNlyU4EzLpek2NjTtEUxh0Te+wD4RivBhCPGr7PRlYJhjkTk1u75HP41yQ\n" |
65 | "ouLyZG39KxB0MZ124Na3qbUY41BPNj1XBljyAoHyY0J1iDqS0Zo+njEW6vRbmSMk\n" | 65 | "C6MnnfY3IALWwuabBQsreR0W0h17lB3YHdHKjP5xJfEeJPtb625+lHQpH4nfzGcn\n" |
66 | "rA1kH45+alN50X11mSgfoQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" | 66 | "a/RFok6xRpjZu7mB3t7XGwIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" |
67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFB3x03+3Qa2SDwRF6RkNcjg9zRHJMAsGCSqG\n" | 67 | "DwEB/wQFAwMHBAAwHQYDVR0OBBYEFGTWojUUrKbS/Uid9S3hPxmgKeaxMAsGCSqG\n" |
68 | "SIb3DQEBBQOCAQEAjPoKMve8aqtL8fFXfSkYwLJUwuTG4E4mX804O5dsdvOEWR2/\n" | 68 | "SIb3DQEBBQOCAQEAWP1f/sfNsvA/oz7OJSBCsQxAnjrKMIXgbVnop+4bEWPxk4e9\n" |
69 | "UQm5IDiAZ3fnHE8zh0C1Kg+dWnCv0i1Q5CYZJ5sSY3tKikG5UBPVJGV1tT0vDfmJ\n" | 69 | "TETSk5MMXt2BfaCtaLZw19Zbqlh4ZFuVw+QC1GTa0xlagHiRgXU2DOvPT5+y+XUR\n" |
70 | "X7b52y35eN8qe5DsdyDAcF2GNRBU8opkLkyXb8U095AQiCHzTPpiesZd5phJlMPm\n" | 70 | "TSy0Pqou7spgEkLcFxlXYlx3tpDu+Awmx9DBGHMCysVynnEzeBYW4woCfBG2UiVA\n" |
71 | "AJaB4VtHAykDMeKd7HJAeelRi/1dP8xsYNc1z67cSrkt2f+B0WAyuAUBBr1NdYmS\n" | 71 | "iHVz6jBc4bBkylKVkA42GiroExuPc+W9qtHGuVX045R7gz78KK0CMIObdySbogBe\n" |
72 | "duegptXCh8OeGEL/v6mbIWoszDbOjk/0zwsgW8BD/eXaZgPPEUtmHizYPIRPdeW1\n" | 72 | "gYZUbyVvPVHINEc929PoV12dHP7wrKnqPbiwb+h1SHui8bVinE+1JY3mRB1VGVTa\n" |
73 | "MSCwccjl/XjDkIoN8kKss4Ftt+Wyajjjxeh6YA==\n" "-----END CERTIFICATE-----\n"; | 73 | "rgvlVGs2S+Zq48XMs4aeLgHkGWFAIXbpX34HSw==\n" |
74 | "-----END CERTIFICATE-----\n"; | ||
74 | 75 | ||
75 | /* test server CA signed certificates */ | 76 | /* test server CA signed certificates */ |
76 | const char srv_signed_cert_pem[] = | 77 | const char srv_signed_cert_pem[] = |
77 | "-----BEGIN CERTIFICATE-----\n" | 78 | "-----BEGIN CERTIFICATE-----\n" |
78 | "MIIDHzCCAgmgAwIBAgIESHv6kTALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" | 79 | "MIIDBDCCAe6gAwIBAgIESJ2sXzALBgkqhkiG9w0BAQUwFzEVMBMGA1UEAxMMdGVz\n" |
79 | "dF9jYV9jZXJ0MB4XDTA4MDcxNTAxMTcwNVoXDTA5MDcxNTAxMTcwNVowGzEZMBcG\n" | 80 | "dF9jYV9jZXJ0MB4XDTA4MDgwOTE0NDAzMloXDTA5MDgwOTE0NDAzNVowADCCAR8w\n" |
80 | "A1UEAxMQdGVzdF9zZXJ2ZXJfY2VydDCCAR8wCwYJKoZIhvcNAQEBA4IBDgAwggEJ\n" | 81 | "CwYJKoZIhvcNAQEBA4IBDgAwggEJAoIBAOb6G6WJrrNC48NSh5i4eT7J1BCqlMB4\n" |
81 | "AoIBAJIY2+Wn+TRHIJ92tpNvCIE6FOsGclRxOFJwK0T6k3SK68LwQ9PkQTTB/DJu\n" | 82 | "e0No+td/PQf+sPywbQToYGiPfOFfMyge1G6SyRpXavKbPwuw1BN183WoYzID5mtz\n" |
82 | "+hU2u6w6lt1+Q8PHTDMLtnkEeXnxPn1uQZnnMEBcHAGY1U99iJh0At68AyoG7nkb\n" | 83 | "shAOl/JRhdusScFijS3pITiNK4G5NLToCP4KZhqguqHUzEdanifSb/D4x54Rq/Tc\n" |
83 | "AzgzxxjMom+dEhGEFHOg9JKmJp138RzIWcMN2l4pKIryiBUh5AWt/7uqtA+9fQMq\n" | 84 | "A7oHGp0wjdWC/AMtGWv6v55xMe00ALZ1zDxCOi8nri9W7mLy+hyduETCq+1Y7uHl\n" |
84 | "nOeO8OU5FM3eKevl3VSZ6usptbePbUDNs5uEmG+PTR0bc2rYgGeC4+wExWcJ+CAq\n" | 85 | "mqbAk8D7ruu0JtNU2N8WuJJcAtxgZhCCfIHTgAUWqepeRBM8cy8uu0tywgxcJiyt\n" |
85 | "voNVPno//MoMeJjWgXqF4wTBFdfsewngkflwRDPuZuLsxVrKnIx6jsBKIMuhVuxT\n" | 86 | "Uu1wXQHnnpWrr/9r6IfhjFpc9pr5giHBeM4KdlU49UsYgaS1tAZsDJcCAwEAAaN2\n" |
86 | "66vnEmuR34TUIzLlVPcJ5wmby2UCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNV\n" | 87 | "MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E\n" |
87 | "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBSHX75y\n" | 88 | "BQMDB6AAMB0GA1UdDgQWBBSxP229okDqlKyMCyg0cnzbf+eb4DAfBgNVHSMEGDAW\n" |
88 | "gpEjstognUu4If50qWXQaDAfBgNVHSMEGDAWgBQd8dN/t0Gtkg8ERekZDXI4Pc0R\n" | 89 | "gBRk1qI1FKym0v1InfUt4T8ZoCnmsTALBgkqhkiG9w0BAQUDggEBAEabY4FLsFQr\n" |
89 | "yTALBgkqhkiG9w0BAQUDggEBAF56YMCdp0C88ZF9yaXJZ4PMuTpW83Mhg5Ar0a9H\n" | 90 | "PACNe3p5tU3hWvvQ9S1pRlfnc/z1o+k9NDWTHlNjXfVTl6/6cIKHA+r8SvRks27+\n" |
90 | "DasF58p8eeRLhsTJPi+NpFSMTujEabGS3+8l6Iu5F5stFgvbvnjLHdYu2Pjakos8\n" | 91 | "lScfxFkiCi22YC7uPbn8fW1nWcsqEkK4e0TDekSUi1o6SDx6cU07kMpx3iKvpLs3\n" |
91 | "NjZCCkuEmIO4PLd6h5ToOZf3ZXNHmFjRTtKHQKNrYizlHlgnEDcUbU4gB5KOg3jU\n" | 92 | "5QiCFjivMjrY8pEFJIke/ucI8QuLVZLLUSdTHb9Ck128PtPKA4y2uZA/MmYS/OtR\n" |
92 | "rv/Mtar+5LRK7KvByswp26nRH1ijGV23sy9StK7tV/cJPe/UkxyUfSQwUmQzzWe6\n" | 93 | "/UZN67pJ+BqcQBE5vNolWQTM+NxfMzb48IV9q32HRT4HErvUjLIWV0nwwedUSdDG\n" |
93 | "QGAQtppUjGabWXjuLuOUyiG5LReYC5ri7XZuVekCAfUHbOdPYTHPczvpKBnUyKIv\n" | 94 | "63tr9jp0GF6b5Eum0MTVV/zbBxfyRFg+Q8xRn70zJlB/W7byaFq/95Rpfqjdnta2\n" |
94 | "BRKOarmNfNc3w5G7Ast3jNOE2JfiJ8+x9+rMWI01PlWVYvQ=\n" | 95 | "aO/omlvGHrI=\n" |
95 | "-----END CERTIFICATE-----\n"; | 96 | "-----END CERTIFICATE-----\n"; |
96 | 97 | ||
97 | /* test server key */ | 98 | /* test server key */ |
98 | const char srv_signed_key_pem[] = | 99 | const char srv_signed_key_pem[] = |
99 | "-----BEGIN RSA PRIVATE KEY-----\n" | 100 | "-----BEGIN RSA PRIVATE KEY-----\n" |
100 | "MIIEpAIBAAKCAQEAkhjb5af5NEcgn3a2k28IgToU6wZyVHE4UnArRPqTdIrrwvBD\n" | 101 | "MIIEowIBAAKCAQEA5vobpYmus0Ljw1KHmLh5PsnUEKqUwHh7Q2j61389B/6w/LBt\n" |
101 | "0+RBNMH8Mm76FTa7rDqW3X5Dw8dMMwu2eQR5efE+fW5BmecwQFwcAZjVT32ImHQC\n" | 102 | "BOhgaI984V8zKB7UbpLJGldq8ps/C7DUE3XzdahjMgPma3OyEA6X8lGF26xJwWKN\n" |
102 | "3rwDKgbueRsDODPHGMyib50SEYQUc6D0kqYmnXfxHMhZww3aXikoivKIFSHkBa3/\n" | 103 | "LekhOI0rgbk0tOgI/gpmGqC6odTMR1qeJ9Jv8PjHnhGr9NwDugcanTCN1YL8Ay0Z\n" |
103 | "u6q0D719Ayqc547w5TkUzd4p6+XdVJnq6ym1t49tQM2zm4SYb49NHRtzatiAZ4Lj\n" | 104 | "a/q/nnEx7TQAtnXMPEI6LyeuL1buYvL6HJ24RMKr7Vju4eWapsCTwPuu67Qm01TY\n" |
104 | "7ATFZwn4ICq+g1U+ej/8ygx4mNaBeoXjBMEV1+x7CeCR+XBEM+5m4uzFWsqcjHqO\n" | 105 | "3xa4klwC3GBmEIJ8gdOABRap6l5EEzxzLy67S3LCDFwmLK1S7XBdAeeelauv/2vo\n" |
105 | "wEogy6FW7FPrq+cSa5HfhNQjMuVU9wnnCZvLZQIDAQABAoIBABISPh0FrocfZzMi\n" | 106 | "h+GMWlz2mvmCIcF4zgp2VTj1SxiBpLW0BmwMlwIDAQABAoIBACJGvGKQ74V3qDAc\n" |
106 | "YYoSGWi2sQCzTvAQAyn7UvbY0eWAC5KU2qb6nHA0sIfif0+hcgxnQOML68DrRYso\n" | 107 | "p7WwroF0Vw2QGtoDJxumUQ84uRheIeqlzc/cIi5yGLCjPYa3KIQuMTzA+0R8aFs2\n" |
107 | "3zzP52DEjPjB6x5o4OiNHC+8YmJPQlatPu+jLPcFXXkgdMD+cpmoMk2BDcuZ3VfC\n" | 108 | "RwqKRvJPZkUOUhvhA+whFkhl86zZQOq7UsMc5Qqs3Gd4UguEoYz9gxBxiLCqURRH\n" |
108 | "KI59O9iNjgcD50p/y6uLBsdNIbUPSMe8ONWT7f5DN/DqEL+3tVZaRAOL+C8iKYf4\n" | 109 | "rM+xCV6jtI/PBIsmOUFae4cXJP0pljUXyYmwwb/WrsvnJXf9Gz8/VLZGBMchMH7R\n" |
109 | "EPI5z6gOyL0aEpulbMKc0YoZZ2kDmu5IyMLgkF3DJV440Y/6IGan88ZSjk6i/d7f\n" | 110 | "MwD7xdwc/ht2XfZ0TuDntpJDtj0JrW9i/Cxt8PnNhQjgLsAe+oUUZt7Bo+vXBxhu\n" |
110 | "ciKVtzIIbr5ubbuGe3htphTpRP0aA5WuVTzHrKk83/u3hG1RFv1q/cRD28tVUIII\n" | 111 | "JPKj6BHcj768l+gDn5zzaXKq0eF7mMXc7fgAp0u8lJkC0LxLq/WmIfqw4Z4mEjkX\n" |
111 | "0pcwLmECgYEAwMdaR5Y2NqBk/fOvU/oCDAQ6w8jmIa4zMxskvq9Pr753jhT13j+T\n" | 112 | "DremIoUCgYEA53vX9Hd8V85hCfeaTDf3B5q6g9kIliR+Y2tX2aSqN06df9J/KOdL\n" |
112 | "eQ1A590PF4PPvGFTqJ2vl3kj6JT5dzu7mGKoJLFsnttpw+0NYUgp0waPPZx010pp\n" | 113 | "G/lEQn4rsOOtOwyTU2luPmcr0XgbXA1T1kj56+UZrxtRducsdsVbVixzD2KswtJO\n" |
113 | "QGeyQ/cPsZEZkCehh9c5CsfO1YpjKLV/wdpBQ2xAnkV5dfFmzlzLOTECgYEAwgJf\n" | 114 | "wUH6XAJNdpI++64TuZadnKAaKiqim7CPzQYrBXYKKRFGSDd50urkTRMCgYEA/3CG\n" |
114 | "gxlR9Jgv7Qg/6Prs+SarqT4xDsJKKbD7wH2jveGFXVnkYTPVstwLCAus4LaLFKZ9\n" | 115 | "NMaG3qtzQceQUw7BBAhey387MR+1FUQHQ7xoq2jc3yAx4H2NEyGa6wL5CtFKn5In\n" |
115 | "1POQDUgO24E1GzuL7mqSuvymdl5gZICfpkHstOAfpqep96pUv4aI9BY/g5l4Lvep\n" | 116 | "BP6f30sk2ilXRv5pbIIiS8Xzngxy3m17GH33YrSc3ff/u+LWgR/EOVpa9F+sMAjp\n" |
116 | "9c52tgQGwz0qgBUJBi6AvzxqRkBsxrXjX2m7KHUCgYEAtjx94ohkTXWIouy2xFrl\n" | 117 | "ohDgI8iH8GtahrRA0BxQKfNIo2zUTqNwFP88xu0CgYADOY1zoWqBCqX9bo6euzTc\n" |
117 | "jnh9GNGUgyhK7Dfvn3bYjJkwKZc06dkNzvQxdD5r4t3PBhS3YgFWmYmB4X7a6NUF\n" | 118 | "zUIF7jMZbF66Yddyd8HLTXQSQMt2tWotdJaH2pwfNbzHEtDGm7RmeCd7HpI7ARCG\n" |
118 | "vMMekjlLJkziib1Q1bLDHuLni+WYKmEEaEbepRMrub8h/D0KnQBewwspQoJkxHn3\n" | 119 | "7rNUnvdxog7LekL7UJqKI8pij3xapnVkadfkCkAsA7OO7AjoT/nYIb7bkYZ8ZsRK\n" |
119 | "AMkSwurVlwi0DkOa3N+pmTECgYBXyCUZN1qqtjVxJXttWiPg88tWD2q5B9XwmUC/\n" | 120 | "FejphZB0rAHvpZ4z2wPdMwKBgQCfkr70RzVH81lcNXwutt/TUhtOCxyCMqmgMFBN\n" |
120 | "rtlor+LdAzBffsmhXQiswkOdhVrWpCJpOS8jo0f9r6+su7ury5LKgkh7ZGZu8vfJ\n" | 121 | "e2zz791TMjyWXjh8RBkQSVok7NwuVVI055AeIUZTV1IjkplvZNhh97aZ/HLiCwjE\n" |
121 | "jSiiCoqnqFMyWWJxKllLP8nLLKSBc9P2AU4bOyUoL8PMIjhsEJx2asqXMM1G98OC\n" | 122 | "IyUhL21zqRLEYA/auGqP3adGVGIv29GAIgSztfleMuJplj+LArT9j/LHzRvQSH+j\n" |
122 | "R1/EhQKBgQCmSkabsj8u5iEScicyJU87/sVkRIRE0GhjU8uuvcTe+dRiHuj2CENx\n" | 123 | "TlO8fQKBgE5og4pTfPrD0A7W/Li1HDGf8Ylb+DZlxoyMriW82Z/zCBvYvn1UvQRi\n" |
123 | "hh967E0nUCiJzx3is0/nYByDles9W4BLEA8JSuM5r6E7UifHR4XwIi2tQcNhCWIu\n" | 124 | "b8f3IQFXuXdf3Bx4C91kQJPovxDp14FOHJxO7F32fGMnJaU2kyp4sf4WAJZZOLnd\n" |
124 | "vGbfvxwqcm7Uj3XHb1GbYK5nnaRNailoJ7iyqHWxB1Q3iFIiMipcfg==\n" | 125 | "l64hMUsgYPI8qfsanAudD4gTAsLEP+ueWqkcb3SJNLSoQAtcGzYs\n" |
125 | "-----END RSA PRIVATE KEY-----\n"; | 126 | "-----END RSA PRIVATE KEY-----\n"; |
126 | 127 | ||
127 | /* test server self signed certificates */ | 128 | /* test server self signed certificates */ |
128 | const char srv_self_signed_cert_pem[] = | 129 | const char srv_self_signed_cert_pem[] = |