From 92b638cf8467f90b6e345046bedd627bf00b8707 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 18 Nov 2010 22:11:38 +0000 Subject: patch fixing #1619 --- ChangeLog | 3 +++ configure.ac | 2 ++ src/testcurl/curl_version_check.c | 12 ++++++++++++ src/testcurl/https/Makefile.am | 19 ++++++++++--------- src/testcurl/https/mhds_get_test.c | 19 ++++++++++++++++--- src/testcurl/https/mhds_get_test_select.c | 11 +++++++++++ src/testcurl/https/mhds_multi_daemon_test.c | 7 ++++++- src/testcurl/https/mhds_session_info_test.c | 8 +++++++- src/testcurl/https/tls_authentication_test.c | 10 ++++++++-- src/testcurl/https/tls_daemon_options_test.c | 18 ++++++++++++++---- src/testcurl/https/tls_multi_thread_mode_test.c | 10 ++++++++-- src/testcurl/https/tls_thread_mode_test.c | 10 ++++++++-- 12 files changed, 105 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index aa26d807..8df8f111 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +Thu Nov 18 23:10:36 CET 2010 + Fixing #1619 (testcases not working with NSS on Fedora). -CG/timn + Thu Nov 18 22:55:58 CET 2010 Fixing #1621 (socket not closed under certain circumstances). -CG/jaredc diff --git a/configure.ac b/configure.ac index fb8a1758..877eab1d 100644 --- a/configure.ac +++ b/configure.ac @@ -211,9 +211,11 @@ then MHD_REQ_CURL_VERSION=7.16.4 MHD_REQ_CURL_OPENSSL_VERSION=0.9.8 MHD_REQ_CURL_GNUTLS_VERSION=2.8.6 + MHD_REQ_CURL_NSS_VERSION=3.12.0 AC_DEFINE_UNQUOTED([MHD_REQ_CURL_VERSION], "$MHD_REQ_CURL_VERSION", [required cURL version to run tests]) AC_DEFINE_UNQUOTED([MHD_REQ_CURL_OPENSSL_VERSION], "$MHD_REQ_CURL_OPENSSL_VERSION", [required cURL SSL version to run tests]) AC_DEFINE_UNQUOTED([MHD_REQ_CURL_GNUTLS_VERSION], "$MHD_REQ_CURL_GNUTLS_VERSION", [gnuTLS lib version - used in conjunction with cURL]) + AC_DEFINE_UNQUOTED([MHD_REQ_CURL_NSS_VERSION], "$MHD_REQ_CURL_NSS_VERSION", [NSS lib version - used in conjunction with cURL]) fi LIBS=$SAVE_LIBS AM_CONDITIONAL(HAVE_CURL, test x$curl = x1) diff --git a/src/testcurl/curl_version_check.c b/src/testcurl/curl_version_check.c index 938f60bf..978ca83d 100644 --- a/src/testcurl/curl_version_check.c +++ b/src/testcurl/curl_version_check.c @@ -67,6 +67,13 @@ parse_version_string (const char *s, int *major, int *minor, int *micro) return s; } +#if HTTPS_SUPPORT +int +curl_uses_nss_ssl() +{ + return (strstr(curl_version(), " NSS/") != NULL) ? 0 : -1; +} +#endif /* * check local libcurl version matches required version @@ -135,6 +142,11 @@ curl_check_version (const char *req_version) ssl_ver = strchr (ssl_ver, '/'); req_ssl_ver = MHD_REQ_CURL_OPENSSL_VERSION; } + else if (strncmp ("NSS", ssl_ver, strlen ("NSS")) == 0) + { + ssl_ver = strchr (ssl_ver, '/'); + req_ssl_ver = MHD_REQ_CURL_NSS_VERSION; + } else { fprintf (stderr, "Error: unrecognized curl ssl library\n"); diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am index 4c6b742f..ae79809b 100644 --- a/src/testcurl/https/Makefile.am +++ b/src/testcurl/https/Makefile.am @@ -46,7 +46,7 @@ tls_session_time_out_test_SOURCES = \ tls_session_time_out_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ tls_daemon_options_test_SOURCES = \ tls_daemon_options_test.c \ @@ -54,7 +54,7 @@ tls_daemon_options_test_SOURCES = \ tls_daemon_options_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ tls_thread_mode_test_SOURCES = \ tls_thread_mode_test.c \ @@ -62,7 +62,7 @@ tls_thread_mode_test_SOURCES = \ tls_thread_mode_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ tls_multi_thread_mode_test_SOURCES = \ tls_multi_thread_mode_test.c \ @@ -70,7 +70,7 @@ tls_multi_thread_mode_test_SOURCES = \ tls_multi_thread_mode_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ tls_authentication_test_SOURCES = \ tls_authentication_test.c \ @@ -78,7 +78,7 @@ tls_authentication_test_SOURCES = \ tls_authentication_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ mhds_session_info_test_SOURCES = \ mhds_session_info_test.c \ @@ -86,7 +86,7 @@ mhds_session_info_test_SOURCES = \ mhds_session_info_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ mhds_multi_daemon_test_SOURCES = \ mhds_multi_daemon_test.c \ @@ -94,7 +94,7 @@ mhds_multi_daemon_test_SOURCES = \ mhds_multi_daemon_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ mhds_get_test_SOURCES = \ mhds_get_test.c \ @@ -102,7 +102,7 @@ mhds_get_test_SOURCES = \ mhds_get_test_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ mhds_get_test_select_SOURCES = \ @@ -111,4 +111,5 @@ mhds_get_test_select_SOURCES = \ mhds_get_test_select_LDADD = \ $(top_builddir)/src/testcurl/libcurl_version_check.a \ $(top_builddir)/src/daemon/libmicrohttpd.la \ - @LIBCURL@ + @LIBCURL@ -lgnutls @LIBGCRYPT_LIBS@ + diff --git a/src/testcurl/https/mhds_get_test.c b/src/testcurl/https/mhds_get_test.c index fd4df90b..4b065fae 100644 --- a/src/testcurl/https/mhds_get_test.c +++ b/src/testcurl/https/mhds_get_test.c @@ -33,6 +33,7 @@ #include "tls_test_common.h" int curl_check_version (const char *req_version, ...); +int curl_uses_nss_ssl (); extern const char srv_key_pem[]; extern const char srv_self_signed_cert_pem[]; extern const char srv_signed_cert_pem[]; @@ -101,12 +102,24 @@ main (int argc, char *const *argv) fprintf (stderr, "Error: %s\n", strerror (errno)); return -1; } + + char *aes256_sha_tlsv1 = "AES256-SHA"; + char *aes256_sha_sslv3 = "AES256-SHA"; + char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA"; + + if (curl_uses_nss_ssl() == 0) + { + aes256_sha_tlsv1 = "rsa_aes_256_sha"; + aes256_sha_sslv3 = "rsa_aes_256_sha"; + des_cbc3_sha_tlsv1 = "rsa_aes_128_sha"; + } + errorCount += - test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_TLSv1); + test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); errorCount += - test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_SSLv3); + test_secure_get (NULL, aes256_sha_sslv3, CURL_SSLVERSION_SSLv3); errorCount += - test_cipher_option (NULL, "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1); + test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1); print_test_result (errorCount, argv[0]); diff --git a/src/testcurl/https/mhds_get_test_select.c b/src/testcurl/https/mhds_get_test_select.c index 64ac88ac..323a18a1 100644 --- a/src/testcurl/https/mhds_get_test_select.c +++ b/src/testcurl/https/mhds_get_test_select.c @@ -33,6 +33,7 @@ #include "tls_test_common.h" int curl_check_version (const char *req_version, ...); +int curl_uses_nss_ssl (); extern const char srv_key_pem[]; extern const char srv_self_signed_cert_pem[]; extern const char srv_signed_cert_pem[]; @@ -100,10 +101,20 @@ testExternalGet () MHD_OPTION_END); if (d == NULL) return 256; + + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } + c = curl_easy_init (); curl_easy_setopt (c, CURLOPT_URL, "https://localhost:1082/hello_world"); curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); + /* TLS options */ + curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); + curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); diff --git a/src/testcurl/https/mhds_multi_daemon_test.c b/src/testcurl/https/mhds_multi_daemon_test.c index 51c90158..4713f1ea 100644 --- a/src/testcurl/https/mhds_multi_daemon_test.c +++ b/src/testcurl/https/mhds_multi_daemon_test.c @@ -106,9 +106,14 @@ main (int argc, char *const *argv) return -1; } + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } errorCount += - test_concurent_daemon_pair (NULL, "AES256-SHA", CURL_SSLVERSION_SSLv3); + test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3); print_test_result (errorCount, "concurent_daemon_pair"); diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c index eefc05fe..a5ff42f8 100644 --- a/src/testcurl/https/mhds_session_info_test.c +++ b/src/testcurl/https/mhds_session_info_test.c @@ -116,6 +116,12 @@ test_query_session () if (d == NULL) return 2; + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } + c = curl_easy_init (); #if DEBUG_HTTPS_TEST curl_easy_setopt (c, CURLOPT_VERBOSE, 1); @@ -128,7 +134,7 @@ test_query_session () curl_easy_setopt (c, CURLOPT_FILE, &cbc); /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); - curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, "AES256-SHA"); + curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); /* currently skip any peer authentication */ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/src/testcurl/https/tls_authentication_test.c b/src/testcurl/https/tls_authentication_test.c index 77b122f9..cb80475c 100644 --- a/src/testcurl/https/tls_authentication_test.c +++ b/src/testcurl/https/tls_authentication_test.c @@ -62,7 +62,7 @@ test_secure_get (void * cls, char *cipher_suite, int proto_version) return -1; } - ret = test_daemon_get (NULL, cipher_suite, proto_version, DEAMON_TEST_PORT, 1); + ret = test_daemon_get (NULL, cipher_suite, proto_version, DEAMON_TEST_PORT, 0); MHD_stop_daemon (d); return ret; @@ -86,8 +86,14 @@ main (int argc, char *const *argv) return -1; } + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } + errorCount += - test_secure_get (NULL, "AES256-SHA", CURL_SSLVERSION_TLSv1); + test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1); print_test_result (errorCount, argv[0]); diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index f4153011..d4c25232 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c @@ -94,10 +94,20 @@ main (int argc, char *const *argv) fprintf (stderr, "Error: %s\n", strerror (errno)); return 0; } + + char *aes128_sha = "AES128-SHA"; + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes128_sha = "rsa_aes_128_sha"; + aes256_sha = "rsa_aes_256_sha"; + } + + errorCount += test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, - "AES128-SHA1", + aes128_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, @@ -106,7 +116,7 @@ main (int argc, char *const *argv) errorCount += test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, - "AES128-SHA1", + aes128_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, @@ -116,7 +126,7 @@ main (int argc, char *const *argv) errorCount += test_wrap ("SSL3.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, - "AES128-SHA1", + aes128_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, @@ -141,7 +151,7 @@ main (int argc, char *const *argv) errorCount += test_wrap ("TLS1.0 vs SSL3", &test_unmatching_ssl_version, NULL, daemon_flags, - "AES256-SHA", + aes256_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, diff --git a/src/testcurl/https/tls_multi_thread_mode_test.c b/src/testcurl/https/tls_multi_thread_mode_test.c index 2bd32a25..42842cc0 100644 --- a/src/testcurl/https/tls_multi_thread_mode_test.c +++ b/src/testcurl/https/tls_multi_thread_mode_test.c @@ -136,11 +136,17 @@ main (int argc, char *const *argv) return -1; } + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } + errorCount += test_wrap ("multi threaded daemon, single client", &test_single_client, NULL, MHD_USE_SSL | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION, - "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, + aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); @@ -148,7 +154,7 @@ main (int argc, char *const *argv) test_wrap ("multi threaded daemon, parallel client", &test_parallel_clients, NULL, MHD_USE_SSL | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION, - "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, + aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); diff --git a/src/testcurl/https/tls_thread_mode_test.c b/src/testcurl/https/tls_thread_mode_test.c index 21bfc0a4..dc0edcab 100644 --- a/src/testcurl/https/tls_thread_mode_test.c +++ b/src/testcurl/https/tls_thread_mode_test.c @@ -137,11 +137,17 @@ main (int argc, char *const *argv) return -1; } + char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes256_sha = "rsa_aes_256_sha"; + } + errorCount += test_wrap ("single threaded daemon, single client", &test_single_client, NULL, MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG, - "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, + aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); @@ -149,7 +155,7 @@ main (int argc, char *const *argv) test_wrap ("single threaded daemon, parallel clients", &test_parallel_clients, NULL, MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG, - "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, + aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); -- cgit v1.2.3