|
Packit |
875988 |
/*
|
|
Packit |
875988 |
This file is part of libmicrohttpd
|
|
Packit |
875988 |
Copyright (C) 2007, 2016 Christian Grothoff
|
|
Packit |
875988 |
|
|
Packit |
875988 |
libmicrohttpd is free software; you can redistribute it and/or modify
|
|
Packit |
875988 |
it under the terms of the GNU General Public License as published
|
|
Packit |
875988 |
by the Free Software Foundation; either version 2, or (at your
|
|
Packit |
875988 |
option) any later version.
|
|
Packit |
875988 |
|
|
Packit |
875988 |
libmicrohttpd is distributed in the hope that it will be useful, but
|
|
Packit |
875988 |
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
875988 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
875988 |
General Public License for more details.
|
|
Packit |
875988 |
|
|
Packit |
875988 |
You should have received a copy of the GNU General Public License
|
|
Packit |
875988 |
along with libmicrohttpd; see the file COPYING. If not, write to the
|
|
Packit |
875988 |
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
Packit |
875988 |
Boston, MA 02110-1301, USA.
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/**
|
|
Packit |
875988 |
* @file mhds_session_info_test.c
|
|
Packit |
875988 |
* @brief Testcase for libmicrohttpd HTTPS connection querying operations
|
|
Packit |
875988 |
* @author Sagie Amir
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
|
|
Packit |
875988 |
#include "platform.h"
|
|
Packit |
875988 |
#include "microhttpd.h"
|
|
Packit |
875988 |
#include <curl/curl.h>
|
|
Packit |
875988 |
#ifdef MHD_HTTPS_REQUIRE_GRYPT
|
|
Packit |
875988 |
#include <gcrypt.h>
|
|
Packit |
875988 |
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
|
|
Packit |
875988 |
#include "tls_test_common.h"
|
|
Packit |
875988 |
|
|
Packit |
875988 |
extern const char srv_key_pem[];
|
|
Packit |
875988 |
extern const char srv_self_signed_cert_pem[];
|
|
Packit |
875988 |
|
|
Packit |
875988 |
struct MHD_Daemon *d;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/*
|
|
Packit |
875988 |
* HTTP access handler call back
|
|
Packit |
875988 |
* used to query negotiated security parameters
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
static int
|
|
Packit |
875988 |
query_session_ahc (void *cls, struct MHD_Connection *connection,
|
|
Packit |
875988 |
const char *url, const char *method,
|
|
Packit |
875988 |
const char *version, const char *upload_data,
|
|
Packit |
875988 |
size_t *upload_data_size, void **ptr)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
struct MHD_Response *response;
|
|
Packit |
875988 |
int ret;
|
|
Packit |
875988 |
(void)cls;(void)url;(void)method;(void)version; /* Unused. Silent compiler warning. */
|
|
Packit |
875988 |
(void)upload_data;(void)upload_data_size; /* Unused. Silent compiler warning. */
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (NULL == *ptr)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
*ptr = (void*)&query_session_ahc;
|
|
Packit |
875988 |
return MHD_YES;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (GNUTLS_TLS1_1 !=
|
|
Packit |
875988 |
(ret = MHD_get_connection_info
|
|
Packit |
875988 |
(connection,
|
|
Packit |
875988 |
MHD_CONNECTION_INFO_PROTOCOL)->protocol))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
if (GNUTLS_TLS1_2 == ret)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
/* as usual, TLS implementations sometimes don't
|
|
Packit |
875988 |
quite do what was asked, just mildly complain... */
|
|
Packit |
875988 |
fprintf (stderr,
|
|
Packit |
875988 |
"Warning: requested TLS 1.1, got TLS 1.2\n");
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
else
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
/* really different version... */
|
|
Packit |
875988 |
fprintf (stderr,
|
|
Packit |
875988 |
"Error: requested protocol mismatch (wanted %d, got %d)\n",
|
|
Packit |
875988 |
GNUTLS_TLS1_1,
|
|
Packit |
875988 |
ret);
|
|
Packit |
875988 |
return -1;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
response = MHD_create_response_from_buffer (strlen (EMPTY_PAGE),
|
|
Packit |
875988 |
(void *) EMPTY_PAGE,
|
|
Packit |
875988 |
MHD_RESPMEM_PERSISTENT);
|
|
Packit |
875988 |
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
|
|
Packit |
875988 |
MHD_destroy_response (response);
|
|
Packit |
875988 |
return ret;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/**
|
|
Packit |
875988 |
* negotiate a secure connection with server & query negotiated security parameters
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
#if LIBCURL_VERSION_NUM >= 0x072200
|
|
Packit |
875988 |
static int
|
|
Packit |
875988 |
test_query_session ()
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
CURL *c;
|
|
Packit |
875988 |
struct CBC cbc;
|
|
Packit |
875988 |
CURLcode errornum;
|
|
Packit |
875988 |
char url[256];
|
|
Packit |
875988 |
int port;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
|
|
Packit |
875988 |
port = 0;
|
|
Packit |
875988 |
else
|
|
Packit |
875988 |
port = 3060;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
|
|
Packit |
875988 |
return 16;
|
|
Packit |
875988 |
cbc.size = 255;
|
|
Packit |
875988 |
cbc.pos = 0;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/* setup test */
|
|
Packit |
875988 |
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS |
|
|
Packit |
875988 |
MHD_USE_ERROR_LOG, port,
|
|
Packit |
875988 |
NULL, NULL, &query_session_ahc, NULL,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128",
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
|
|
Packit |
875988 |
MHD_OPTION_END);
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (d == NULL)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
return 2;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
if (0 == port)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
const union MHD_DaemonInfo *dinfo;
|
|
Packit |
875988 |
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
|
|
Packit |
875988 |
if (NULL == dinfo || 0 == dinfo->port)
|
|
Packit |
875988 |
{ MHD_stop_daemon (d); return 32; }
|
|
Packit |
875988 |
port = (int)dinfo->port;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
const char *aes256_sha = "AES256-SHA";
|
|
Packit |
875988 |
if (curl_uses_nss_ssl() == 0)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
aes256_sha = "rsa_aes_256_sha";
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
gen_test_file_url (url,
|
|
Packit |
875988 |
sizeof (url),
|
|
Packit |
875988 |
port);
|
|
Packit |
875988 |
c = curl_easy_init ();
|
|
Packit |
875988 |
#if DEBUG_HTTPS_TEST
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
|
|
Packit |
875988 |
#endif
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_URL, url);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
|
|
Packit |
875988 |
/* TLS options */
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
|
|
Packit |
875988 |
/* currently skip any peer authentication */
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/* NOTE: use of CONNECTTIMEOUT without also
|
|
Packit |
875988 |
* setting NOSIGNAL results in really weird
|
|
Packit |
875988 |
* crashes on my system! */
|
|
Packit |
875988 |
curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
|
|
Packit |
875988 |
if (CURLE_OK != (errornum = curl_easy_perform (c)))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "curl_easy_perform failed: `%s'\n",
|
|
Packit |
875988 |
curl_easy_strerror (errornum));
|
|
Packit |
875988 |
|
|
Packit |
875988 |
MHD_stop_daemon (d);
|
|
Packit |
875988 |
curl_easy_cleanup (c);
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
return -1;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
curl_easy_cleanup (c);
|
|
Packit |
875988 |
MHD_stop_daemon (d);
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
return 0;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
#endif
|
|
Packit |
875988 |
|
|
Packit |
875988 |
int
|
|
Packit |
875988 |
main (int argc, char *const *argv)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
#if LIBCURL_VERSION_NUM >= 0x072200
|
|
Packit |
875988 |
unsigned int errorCount = 0;
|
|
Packit |
875988 |
const char *ssl_version;
|
|
Packit |
875988 |
(void)argc; /* Unused. Silent compiler warning. */
|
|
Packit |
875988 |
|
|
Packit |
875988 |
#ifdef MHD_HTTPS_REQUIRE_GRYPT
|
|
Packit |
875988 |
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
|
Packit |
875988 |
#ifdef GCRYCTL_INITIALIZATION_FINISHED
|
|
Packit |
875988 |
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
Packit |
875988 |
#endif
|
|
Packit |
875988 |
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
|
|
Packit |
875988 |
if (!testsuite_curl_global_init ())
|
|
Packit |
875988 |
return 99;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
|
|
Packit |
875988 |
if (NULL == ssl_version)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
|
|
Packit |
875988 |
curl_global_cleanup ();
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
if (0 != strncmp (ssl_version, "GnuTLS", 6))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
|
|
Packit |
875988 |
curl_global_cleanup ();
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
errorCount += test_query_session ();
|
|
Packit |
875988 |
print_test_result (errorCount, argv[0]);
|
|
Packit |
875988 |
curl_global_cleanup ();
|
|
Packit |
875988 |
return errorCount != 0 ? 1 : 0;
|
|
Packit |
875988 |
#else /* LIBCURL_VERSION_NUM < 0x072200 */
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
#endif /* LIBCURL_VERSION_NUM < 0x072200 */
|
|
Packit |
875988 |
}
|