From 56077dce84615cf34c1d0651357eb970b329eb24 Mon Sep 17 00:00:00 2001 From: "Evgeny Grin (Karlson2k)" Date: Thu, 7 Dec 2017 16:00:22 +0300 Subject: https tests: completely exclude 3DES from tests as it considered as "unsafe" and could be disabled in libs --- ChangeLog | 5 +++- src/testcurl/https/test_https_get.c | 55 ------------------------------------- 2 files changed, 4 insertions(+), 56 deletions(-) diff --git a/ChangeLog b/ChangeLog index c83e47ab..39e88fe2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ -Mon Nov 04 15:43:00 MSK 2017 +Mon Dec 07 16:01:00 MSK 2017 + Fixed HTTPS tests on modern platforms. -EG + +Mon Dec 04 15:43:00 MSK 2017 Minor documentation installation fixes. -EG Mon Nov 27 22:58:38 CET 2017 diff --git a/src/testcurl/https/test_https_get.c b/src/testcurl/https/test_https_get.c index 8ed0028a..61c25643 100644 --- a/src/testcurl/https/test_https_get.c +++ b/src/testcurl/https/test_https_get.c @@ -34,54 +34,9 @@ #endif /* MHD_HTTPS_REQUIRE_GRYPT */ #include "tls_test_common.h" -extern const char srv_key_pem[]; -extern const char srv_self_signed_cert_pem[]; extern const char srv_signed_cert_pem[]; extern const char srv_signed_key_pem[]; - -static int -test_cipher_option (FILE * test_fd, - const char *cipher_suite, - int proto_version) -{ - int ret; - struct MHD_Daemon *d; - int port; - - if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT)) - port = 0; - else - port = 3040; - - d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | - MHD_USE_ERROR_LOG, port, - NULL, NULL, &http_ahc, NULL, - MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, - MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, - MHD_OPTION_END); - - if (d == NULL) - { - fprintf (stderr, MHD_E_SERVER_INIT); - return -1; - } - if (0 == port) - { - const union MHD_DaemonInfo *dinfo; - dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT); - if (NULL == dinfo || 0 == dinfo->port) - { MHD_stop_daemon (d); return -1; } - port = (int)dinfo->port; - } - - ret = test_https_transfer (test_fd, port, cipher_suite, proto_version); - - MHD_stop_daemon (d); - return ret; -} - - /* perform a HTTP GET request via SSL/TLS */ static int test_secure_get (FILE * test_fd, @@ -130,7 +85,6 @@ main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *aes256_sha_tlsv1 = "AES256-SHA"; - const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA"; (void)argc; /* Unused. Silent compiler warning. */ #ifdef MHD_HTTPS_REQUIRE_GRYPT @@ -151,19 +105,10 @@ main (int argc, char *const *argv) if (curl_uses_nss_ssl() == 0) { aes256_sha_tlsv1 = "rsa_aes_256_sha"; - des_cbc3_sha_tlsv1 = "rsa_aes_128_sha"; } errorCount += test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); -#if GNUTLS_VERSION_NUMBER < 0x030600 - /* '3DES' is disabled by default on GnuTLS > 3.6.0 */ - errorCount += - test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1); -#else /* GNUTLS_VERSION_NUMBER >= 0x030600 */ - (void)des_cbc3_sha_tlsv1; - (void)test_cipher_option; -#endif /* GNUTLS_VERSION_NUMBER >= 0x030600 */ print_test_result (errorCount, argv[0]); curl_global_cleanup (); -- cgit v1.2.3