diff options
Diffstat (limited to 'src/testcurl/https/test_tls_options.c')
-rw-r--r-- | src/testcurl/https/test_tls_options.c | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/src/testcurl/https/test_tls_options.c b/src/testcurl/https/test_tls_options.c new file mode 100644 index 00000000..7dd01a72 --- /dev/null +++ b/src/testcurl/https/test_tls_options.c @@ -0,0 +1,155 @@ +/* + This file is part of libmicrohttpd + Copyright (C) 2007, 2010 Christian Grothoff + + libmicrohttpd is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 2, or (at your + option) any later version. + + libmicrohttpd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with libmicrohttpd; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +/** + * @file tls_daemon_options_test.c + * @brief Testcase for libmicrohttpd HTTPS GET operations + * @author Sagie Amir + */ + +#include "platform.h" +#include "microhttpd.h" +#include <sys/stat.h> +#include <limits.h> +#include <gcrypt.h> +#include "tls_test_common.h" + +extern const char srv_key_pem[]; +extern const char srv_self_signed_cert_pem[]; + +int curl_check_version (const char *req_version, ...); + +/** + * test server refuses to negotiate connections with unsupported protocol versions + * + */ +static int +test_unmatching_ssl_version (void * cls, const char *cipher_suite, + int curl_req_ssl_version) +{ + struct CBC cbc; + if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) + { + fprintf (stderr, "Error: failed to allocate: %s\n", + strerror (errno)); + return -1; + } + cbc.size = 256; + cbc.pos = 0; + + char url[255]; + if (gen_test_file_url (url, DEAMON_TEST_PORT)) + { + free (cbc.buf); + fprintf (stderr, "Internal error in gen_test_file_url\n"); + return -1; + } + + /* assert daemon *rejected* request */ + if (CURLE_OK == + send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version)) + { + free (cbc.buf); + fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n"); + return -1; + } + + free (cbc.buf); + return 0; +} + + +/* setup a temporary transfer test file */ +int +main (int argc, char *const *argv) +{ + unsigned int errorCount = 0; + const char *ssl_version; + int daemon_flags = + MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG; + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); +#ifdef GCRYCTL_INITIALIZATION_FINISHED + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); +#endif + if (curl_check_version (MHD_REQ_CURL_VERSION)) + { + return 0; + } + ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; + if (NULL == ssl_version) + { + fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); + return 0; + } + if (0 != strncmp (ssl_version, "GnuTLS", 6)) + { + fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); + return 0; + } + + if (0 != curl_global_init (CURL_GLOBAL_ALL)) + { + fprintf (stderr, "Error: %s\n", strerror (errno)); + return 0; + } + + const char *aes128_sha = "AES128-SHA"; + const char *aes256_sha = "AES256-SHA"; + if (curl_uses_nss_ssl() == 0) + { + aes128_sha = "rsa_aes_128_sha"; + aes256_sha = "rsa_aes_256_sha"; + } + + + if (0 != + test_wrap ("TLS1.0-AES-SHA1", + &test_https_transfer, NULL, daemon_flags, + aes128_sha, + CURL_SSLVERSION_TLSv1, + MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, + MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, + MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", + MHD_OPTION_END)) + { + fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); + errorCount++; + } + fprintf (stderr, + "The following handshake should fail (and print an error message)...\n"); + if (0 != + test_wrap ("TLS1.0 vs SSL3", + &test_unmatching_ssl_version, NULL, daemon_flags, + aes256_sha, + CURL_SSLVERSION_SSLv3, + MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, + MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, + MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", + MHD_OPTION_END)) + { + fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); + errorCount++; + } + curl_global_cleanup (); + + return errorCount != 0; +} |