|
Packit |
875988 |
/*
|
|
Packit |
875988 |
This file is part of libmicrohttpd
|
|
Packit |
875988 |
Copyright (C) 2007, 2010, 2016 Christian Grothoff
|
|
Packit |
875988 |
|
|
Packit |
875988 |
libmicrohttpd is free software; you can redistribute it and/or modify
|
|
Packit |
875988 |
it under the terms of the GNU General Public License as published
|
|
Packit |
875988 |
by the Free Software Foundation; either version 2, or (at your
|
|
Packit |
875988 |
option) any later version.
|
|
Packit |
875988 |
|
|
Packit |
875988 |
libmicrohttpd is distributed in the hope that it will be useful, but
|
|
Packit |
875988 |
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
875988 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
875988 |
General Public License for more details.
|
|
Packit |
875988 |
|
|
Packit |
875988 |
You should have received a copy of the GNU General Public License
|
|
Packit |
875988 |
along with libmicrohttpd; see the file COPYING. If not, write to the
|
|
Packit |
875988 |
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
Packit |
875988 |
Boston, MA 02110-1301, USA.
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/**
|
|
Packit |
875988 |
* @file tls_daemon_options_test.c
|
|
Packit |
875988 |
* @brief Testcase for libmicrohttpd HTTPS GET operations
|
|
Packit |
875988 |
* @author Sagie Amir
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
|
|
Packit |
875988 |
#include "platform.h"
|
|
Packit |
875988 |
#include "microhttpd.h"
|
|
Packit |
875988 |
#include <sys/stat.h>
|
|
Packit |
875988 |
#include <limits.h>
|
|
Packit |
875988 |
#ifdef MHD_HTTPS_REQUIRE_GRYPT
|
|
Packit |
875988 |
#include <gcrypt.h>
|
|
Packit |
875988 |
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
|
|
Packit |
875988 |
#include "tls_test_common.h"
|
|
Packit |
875988 |
|
|
Packit |
875988 |
extern const char srv_key_pem[];
|
|
Packit |
875988 |
extern const char srv_self_signed_cert_pem[];
|
|
Packit |
875988 |
|
|
Packit |
875988 |
int curl_check_version (const char *req_version, ...);
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/**
|
|
Packit |
875988 |
* test server refuses to negotiate connections with unsupported protocol versions
|
|
Packit |
875988 |
*
|
|
Packit |
875988 |
*/
|
|
Packit |
875988 |
static int
|
|
Packit |
875988 |
test_unmatching_ssl_version (void * cls, int port, const char *cipher_suite,
|
|
Packit |
875988 |
int curl_req_ssl_version)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
struct CBC cbc;
|
|
Packit |
875988 |
(void)cls; /* Unused. Silent compiler warning. */
|
|
Packit |
875988 |
if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "Error: failed to allocate: %s\n",
|
|
Packit |
875988 |
strerror (errno));
|
|
Packit |
875988 |
return -1;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
cbc.size = 256;
|
|
Packit |
875988 |
cbc.pos = 0;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
char url[255];
|
|
Packit |
875988 |
if (gen_test_file_url (url,
|
|
Packit |
875988 |
sizeof (url),
|
|
Packit |
875988 |
port))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
fprintf (stderr,
|
|
Packit |
875988 |
"Internal error in gen_test_file_url\n");
|
|
Packit |
875988 |
return -1;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/* assert daemon *rejected* request */
|
|
Packit |
875988 |
if (CURLE_OK ==
|
|
Packit |
875988 |
send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n");
|
|
Packit |
875988 |
return -1;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
free (cbc.buf);
|
|
Packit |
875988 |
return 0;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
|
|
Packit |
875988 |
/* setup a temporary transfer test file */
|
|
Packit |
875988 |
int
|
|
Packit |
875988 |
main (int argc, char *const *argv)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
unsigned int errorCount = 0;
|
|
Packit |
875988 |
const char *ssl_version;
|
|
Packit |
875988 |
int daemon_flags =
|
|
Packit |
875988 |
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | MHD_USE_ERROR_LOG;
|
|
Packit |
875988 |
int port;
|
|
Packit |
875988 |
(void)argc; (void)argv; /* Unused. Silent compiler warning. */
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
|
|
Packit |
875988 |
port = 0;
|
|
Packit |
875988 |
else
|
|
Packit |
875988 |
port = 3010;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
#ifdef MHD_HTTPS_REQUIRE_GRYPT
|
|
Packit |
875988 |
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
|
|
Packit |
875988 |
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
|
Packit |
875988 |
#ifdef GCRYCTL_INITIALIZATION_FINISHED
|
|
Packit |
875988 |
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
Packit |
875988 |
#endif
|
|
Packit |
875988 |
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
|
|
Packit |
875988 |
if (curl_check_version (MHD_REQ_CURL_VERSION))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
|
|
Packit |
875988 |
if (NULL == ssl_version)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
if (0 != strncmp (ssl_version, "GnuTLS", 6))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
|
|
Packit |
875988 |
return 77;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (!testsuite_curl_global_init ())
|
|
Packit |
875988 |
return 99;
|
|
Packit |
875988 |
|
|
Packit |
875988 |
const char *aes128_sha = "AES128-SHA";
|
|
Packit |
875988 |
const char *aes256_sha = "AES256-SHA";
|
|
Packit |
875988 |
if (curl_uses_nss_ssl() == 0)
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
aes128_sha = "rsa_aes_128_sha";
|
|
Packit |
875988 |
aes256_sha = "rsa_aes_256_sha";
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
|
|
Packit |
875988 |
|
|
Packit |
875988 |
if (0 !=
|
|
Packit |
875988 |
test_wrap ("TLS1.0-AES-SHA1",
|
|
Packit |
875988 |
&test_https_transfer, NULL, port, daemon_flags,
|
|
Packit |
875988 |
aes128_sha,
|
|
Packit |
875988 |
CURL_SSLVERSION_TLSv1,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
|
|
Packit |
875988 |
MHD_OPTION_END))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
|
|
Packit |
875988 |
errorCount++;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
fprintf (stderr,
|
|
Packit |
875988 |
"The following handshake should fail (and print an error message)...\n");
|
|
Packit |
875988 |
if (0 !=
|
|
Packit |
875988 |
test_wrap ("TLS1.0 vs SSL3",
|
|
Packit |
875988 |
&test_unmatching_ssl_version, NULL, port, daemon_flags,
|
|
Packit |
875988 |
aes256_sha,
|
|
Packit |
875988 |
CURL_SSLVERSION_SSLv3,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
|
|
Packit |
875988 |
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
|
|
Packit |
875988 |
MHD_OPTION_END))
|
|
Packit |
875988 |
{
|
|
Packit |
875988 |
fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
|
|
Packit |
875988 |
errorCount++;
|
|
Packit |
875988 |
}
|
|
Packit |
875988 |
curl_global_cleanup ();
|
|
Packit |
875988 |
|
|
Packit |
875988 |
return errorCount != 0 ? 1 : 0;
|
|
Packit |
875988 |
}
|