[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r12333 - in libmicrohttpd: . m4 src/daemon src/examples src
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r12333 - in libmicrohttpd: . m4 src/daemon src/examples src/include src/testcurl src/testcurl/https |
|
Date: |
Sat, 24 Jul 2010 17:24:50 +0200 |
Author: grothoff
Date: 2010-07-24 17:24:50 +0200 (Sat, 24 Jul 2010)
New Revision: 12333
Added:
libmicrohttpd/m4/libgnutls.m4
Removed:
libmicrohttpd/src/daemon/https/
Modified:
libmicrohttpd/README
libmicrohttpd/configure.ac
libmicrohttpd/m4/Makefile.am
libmicrohttpd/src/daemon/Makefile.am
libmicrohttpd/src/daemon/connection.c
libmicrohttpd/src/daemon/connection_https.c
libmicrohttpd/src/daemon/daemon.c
libmicrohttpd/src/daemon/internal.h
libmicrohttpd/src/examples/Makefile.am
libmicrohttpd/src/examples/https_fileserver_example.c
libmicrohttpd/src/include/microhttpd.h
libmicrohttpd/src/testcurl/Makefile.am
libmicrohttpd/src/testcurl/https/Makefile.am
libmicrohttpd/src/testcurl/https/mhds_get_test.c
libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
libmicrohttpd/src/testcurl/https/tls_alert_test.c
libmicrohttpd/src/testcurl/https/tls_cipher_change_test.c
libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c
libmicrohttpd/src/testcurl/https/tls_extension_test.c
libmicrohttpd/src/testcurl/https/tls_multi_thread_mode_test.c
libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
libmicrohttpd/src/testcurl/https/tls_test_common.c
libmicrohttpd/src/testcurl/https/tls_test_common.h
libmicrohttpd/src/testcurl/https/tls_thread_mode_test.c
Log:
towards using libgnutls directly
Modified: libmicrohttpd/README
===================================================================
--- libmicrohttpd/README 2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/README 2010-07-24 15:24:50 UTC (rev 12333)
@@ -74,21 +74,11 @@
Missing features:
=================
-- MHD_get_daemon_info options for SSL are not implemented (always return NULL)
- SSL support does not work with SELECT-based threading modes
(issue is that the gnutls state machine does not like EAGAIN/EINTR
return values from send/recv, despite having tons of
branches on those values).
-- SSL code is still too large:
- * libgcrypt is used, and is also bloated
- => integrate required portions of libgcrypt into our tree
- instead of linking against it
- * still some bloat in the SSL code;
- consider removing "client" functionality
- * most likely some headers declare functions, constants
- and types that are no longer present or used
- * possibly other dead code
-- Make sure SSL works on non-GNU/Linux platforms
+- SSL code is not working (GNUtls integration broken)
Untested features:
Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac 2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/configure.ac 2010-07-24 15:24:50 UTC (rev 12333)
@@ -233,6 +233,7 @@
MHD_GCRYPT_VERSION=1:1.2.2
AC_DEFINE_UNQUOTED([MHD_GCRYPT_VERSION], "$MHD_GCRYPT_VERSION", [gcrypt lib
version])
+AM_PATH_LIBGNUTLS(2.8.6, gnutls=true)
# optional: HTTPS support. Enabled by default
AC_MSG_CHECKING(whether to enable HTTPS support)
@@ -243,13 +244,13 @@
[enable_https="yes"])
if test "$enable_https" = "yes"
then
- if test "$gcrypt" = "true"
+ if test "$gcrypt" = "true" -a "$gnutls" = "true"
then
AC_DEFINE([HTTPS_SUPPORT],[1],[include HTTPS support])
MHD_LIBDEPS="$LIBGCRYPT_LIBS"
else
- AC_DEFINE([HTTPS_SUPPORT],[0],[no libgcrypt])
- enable_https="no (lacking libgcrypt)"
+ AC_DEFINE([HTTPS_SUPPORT],[0],[no libgcrypt or libgnutls])
+ enable_https="no (lacking libgcrypt or libgnutls)"
fi
else
AC_DEFINE([HTTPS_SUPPORT],[0],[disable HTTPS support])
@@ -270,29 +271,7 @@
esac
])
-# optional: compile TLS client side code [only for test running] ?
-AC_MSG_CHECKING(whether to compile TLS client side code)
-AC_ARG_ENABLE(client-side,
- [AS_HELP_STRING([--enable-client-side],
- [compile client side code])],
- [enable_client_side=$enableval],
- [enable_client_side="no"])
-AC_MSG_RESULT($enable_client_side)
-if test "$enable_client_side" = "no"
-then
- AC_DEFINE([MHD_DEBUG_TLS],[0],[Compile client side code. This will enable
running some test cases.])
- MSG_CLIENT_SIDE="disabled. running some test cases won't be possible"
- if test "x$gn_cv_export_symbols_regex_works" = "xyes"
- then
- MHD_LIB_LDFLAGS="$MHD_LIB_LDFLAGS -export-symbols \$(srcdir)/EXPORT.sym"
- fi
-else
- AC_DEFINE([MHD_DEBUG_TLS],[1],[Compile client side code. This will enable
running some test cases.])
- MSG_CLIENT_SIDE="enabled"
-fi
-AM_CONDITIONAL(MHD_DEBUG_TLS, test "$enable_client_side" != "no")
-
# Symbols required by GNU_TLS
AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
@@ -326,11 +305,6 @@
src/Makefile
src/include/Makefile
src/daemon/Makefile
-src/daemon/https/Makefile
-src/daemon/https/tls/Makefile
-src/daemon/https/x509/Makefile
-src/daemon/https/lgl/Makefile
-src/daemon/https/minitasn1/Makefile
src/examples/Makefile
src/testcurl/Makefile
src/testcurl/https/Makefile
@@ -368,7 +342,6 @@
if test "$enable_https" = "yes"
then
AC_MSG_NOTICE([HTTPS subsystem configuration:
- Client code dep.: ${MSG_CLIENT_SIDE}
License : LGPL only
])
else
Modified: libmicrohttpd/m4/Makefile.am
===================================================================
--- libmicrohttpd/m4/Makefile.am 2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/m4/Makefile.am 2010-07-24 15:24:50 UTC (rev 12333)
@@ -1 +1 @@
-EXTRA_DIST = libcurl.m4
\ No newline at end of file
+EXTRA_DIST = libcurl.m4 libgnutls.m4
Added: libmicrohttpd/m4/libgnutls.m4
===================================================================
--- libmicrohttpd/m4/libgnutls.m4 (rev 0)
+++ libmicrohttpd/m4/libgnutls.m4 2010-07-24 15:24:50 UTC (rev 12333)
@@ -0,0 +1,160 @@
+dnl Autoconf macros for libgnutls
+dnl $id$
+
+# Modified for LIBGNUTLS -- nmav
+# Configure paths for LIBGCRYPT
+# Shamelessly stolen from the one of XDELTA by Owen Taylor
+# Werner Koch 99-12-09
+
+dnl AM_PATH_LIBGNUTLS([MINIMUM-VERSION, [ACTION-IF-FOUND [,
ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgnutls, and define LIBGNUTLS_CFLAGS and LIBGNUTLS_LIBS
+dnl
+AC_DEFUN([AM_PATH_LIBGNUTLS],
+[dnl
+dnl Get the cflags and libraries from the libgnutls-config script
+dnl
+AC_ARG_WITH(libgnutls-prefix,
+ [ --with-libgnutls-prefix=PFX Prefix where libgnutls is installed
(optional)],
+ libgnutls_config_prefix="$withval", libgnutls_config_prefix="")
+
+ if test x$libgnutls_config_prefix != x ; then
+ if test x${LIBGNUTLS_CONFIG+set} != xset ; then
+ LIBGNUTLS_CONFIG=$libgnutls_config_prefix/bin/libgnutls-config
+ fi
+ fi
+
+ AC_PATH_PROG(LIBGNUTLS_CONFIG, libgnutls-config, no)
+ min_libgnutls_version=ifelse([$1], ,0.1.0,$1)
+ AC_MSG_CHECKING(for libgnutls - version >= $min_libgnutls_version)
+ no_libgnutls=""
+ if test "$LIBGNUTLS_CONFIG" = "no" ; then
+ no_libgnutls=yes
+ else
+ LIBGNUTLS_CFLAGS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --cflags`
+ LIBGNUTLS_LIBS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --libs`
+ libgnutls_config_version=`$LIBGNUTLS_CONFIG $libgnutls_config_args
--version`
+
+
+ ac_save_CFLAGS="$CFLAGS"
+ ac_save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
+ LIBS="$LIBS $LIBGNUTLS_LIBS"
+dnl
+dnl Now check if the installed libgnutls is sufficiently new. Also sanity
+dnl checks the results of libgnutls-config to some extent
+dnl
+ rm -f conf.libgnutlstest
+ AC_TRY_RUN([
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gnutls/gnutls.h>
+
+int
+main ()
+{
+ system ("touch conf.libgnutlstest");
+
+ if( strcmp( gnutls_check_version(NULL), "$libgnutls_config_version" ) )
+ {
+ printf("\n*** 'libgnutls-config --version' returned %s, but LIBGNUTLS
(%s)\n",
+ "$libgnutls_config_version", gnutls_check_version(NULL) );
+ printf("*** was found! If libgnutls-config was correct, then it is
best\n");
+ printf("*** to remove the old version of LIBGNUTLS. You may also be able
to fix the error\n");
+ printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by
editing\n");
+ printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that
is\n");
+ printf("*** required on your system.\n");
+ printf("*** If libgnutls-config was wrong, set the environment variable
LIBGNUTLS_CONFIG\n");
+ printf("*** to point to the correct copy of libgnutls-config, and remove
the file config.cache\n");
+ printf("*** before re-running configure\n");
+ }
+ else if ( strcmp(gnutls_check_version(NULL), LIBGNUTLS_VERSION ) )
+ {
+ printf("\n*** LIBGNUTLS header file (version %s) does not match\n",
LIBGNUTLS_VERSION);
+ printf("*** library (version %s)\n", gnutls_check_version(NULL) );
+ }
+ else
+ {
+ if ( gnutls_check_version( "$min_libgnutls_version" ) )
+ {
+ return 0;
+ }
+ else
+ {
+ printf("no\n*** An old version of LIBGNUTLS (%s) was found.\n",
+ gnutls_check_version(NULL) );
+ printf("*** You need a version of LIBGNUTLS newer than %s. The latest
version of\n",
+ "$min_libgnutls_version" );
+ printf("*** LIBGNUTLS is always available from
ftp://gnutls.hellug.gr/pub/gnutls.\n";);
+ printf("*** \n");
+ printf("*** If you have already installed a sufficiently new version,
this error\n");
+ printf("*** probably means that the wrong copy of the libgnutls-config
shell script is\n");
+ printf("*** being found. The easiest way to fix this is to remove the
old version\n");
+ printf("*** of LIBGNUTLS, but you can also set the LIBGNUTLS_CONFIG
environment to point to the\n");
+ printf("*** correct copy of libgnutls-config. (In this case, you will
have to\n");
+ printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit
/etc/ld.so.conf\n");
+ printf("*** so that the correct libraries are found at run-time))\n");
+ }
+ }
+ return 1;
+}
+],, no_libgnutls=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+ fi
+
+ if test "x$no_libgnutls" = x ; then
+ AC_MSG_RESULT(yes)
+ ifelse([$2], , :, [$2])
+ else
+ if test -f conf.libgnutlstest ; then
+ :
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test "$LIBGNUTLS_CONFIG" = "no" ; then
+ echo "*** The libgnutls-config script installed by LIBGNUTLS could not
be found"
+ echo "*** If LIBGNUTLS was installed in PREFIX, make sure PREFIX/bin is
in"
+ echo "*** your path, or set the LIBGNUTLS_CONFIG environment variable
to the"
+ echo "*** full path to libgnutls-config."
+ else
+ if test -f conf.libgnutlstest ; then
+ :
+ else
+ echo "*** Could not run libgnutls test program, checking why..."
+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
+ LIBS="$LIBS $LIBGNUTLS_LIBS"
+ AC_TRY_LINK([
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gnutls.h>
+], [ return !!gnutls_check_version(NULL); ],
+ [ echo "*** The test program compiled, but did not run. This usually
means"
+ echo "*** that the run-time linker is not finding LIBGNUTLS or
finding the wrong"
+ echo "*** version of LIBGNUTLS. If it is not finding LIBGNUTLS,
you'll need to set your"
+ echo "*** LD_LIBRARY_PATH environment variable, or edit
/etc/ld.so.conf to point"
+ echo "*** to the installed location Also, make sure you have run
ldconfig if that"
+ echo "*** is required on your system"
+ echo "***"
+ echo "*** If you have an old version installed, it is best to remove
it, although"
+ echo "*** you may also be able to get things to work by modifying
LD_LIBRARY_PATH"
+ echo "***" ],
+ [ echo "*** The test program failed to compile or link. See the file
config.log for the"
+ echo "*** exact error that occured. This usually means LIBGNUTLS was
incorrectly installed"
+ echo "*** or that you have moved LIBGNUTLS since it was installed.
In the latter case, you"
+ echo "*** may want to edit the libgnutls-config script:
$LIBGNUTLS_CONFIG" ])
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+ fi
+ fi
+ LIBGNUTLS_CFLAGS=""
+ LIBGNUTLS_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ rm -f conf.libgnutlstest
+ AC_SUBST(LIBGNUTLS_CFLAGS)
+ AC_SUBST(LIBGNUTLS_LIBS)
+])
+
+dnl *-*wedit:notab*-* Please keep this as the last line.
Modified: libmicrohttpd/src/daemon/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/Makefile.am 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/daemon/Makefile.am 2010-07-24 15:24:50 UTC (rev
12333)
@@ -1,12 +1,8 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon \
- -I$(top_srcdir)/src/daemon/https/lgl \
- -I$(top_srcdir)/src/daemon/https/x509 \
- -I$(top_srcdir)/src/daemon/https/minitasn1 \
- -I$(top_srcdir)/src/daemon/https/tls \
- -I$(top_srcdir)/src/daemon/https \
- @LIBGCRYPT_CFLAGS@
+ @LIBGCRYPT_CFLAGS@ \
+ @LIBGNUTLS_CFLAGS@
EXTRA_DIST = EXPORT.sym
@@ -31,14 +27,10 @@
if ENABLE_HTTPS
-SUBDIRS = https .
libmicrohttpd_la_SOURCES += \
connection_https.c connection_https.h
libmicrohttpd_la_LIBADD = \
- https/lgl/liblgl.la \
- https/x509/libx509.la \
- https/tls/libtls.la \
- https/minitasn1/libasn1.la
+ $(LIBGNUTLS_LIBS)
endif
check_PROGRAMS = \
Modified: libmicrohttpd/src/daemon/connection.c
===================================================================
--- libmicrohttpd/src/daemon/connection.c 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/daemon/connection.c 2010-07-24 15:24:50 UTC (rev
12333)
@@ -1793,7 +1793,7 @@
#if HTTPS_SUPPORT
if (connection->daemon->options & MHD_USE_SSL)
{
- ret = MHD__gnutls_record_send (connection->tls_session,
+ ret = gnutls_record_send (connection->tls_session,
&connection->response->data
[connection->
response_write_position -
@@ -2245,10 +2245,6 @@
connection->idle_handler = &MHD_connection_handle_idle;
}
-#if HTTPS_SUPPORT
-#include "gnutls_int.h"
-#include "gnutls_record.h"
-#endif
/**
* Obtain information about the given connection.
@@ -2269,13 +2265,13 @@
case MHD_CONNECTION_INFO_CIPHER_ALGO:
if (connection->tls_session == NULL)
return NULL;
- return (const union MHD_ConnectionInfo *) &connection->
- tls_session->security_parameters.read_bulk_cipher_algorithm;
+ connection->cipher = gnutls_cipher_get (connection->tls_session);
+ return (const union MHD_ConnectionInfo *) &connection->cipher;
case MHD_CONNECTION_INFO_PROTOCOL:
if (connection->tls_session == NULL)
return NULL;
- return (const union MHD_ConnectionInfo *) &connection->
- tls_session->security_parameters.version;
+ connection->protocol = gnutls_protocol_get_version
(connection->tls_session);
+ return (const union MHD_ConnectionInfo *) &connection->protocol;
#endif
case MHD_CONNECTION_INFO_CLIENT_ADDRESS:
return (const union MHD_ConnectionInfo *) &connection->addr;
Modified: libmicrohttpd/src/daemon/connection_https.c
===================================================================
--- libmicrohttpd/src/daemon/connection_https.c 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/daemon/connection_https.c 2010-07-24 15:24:50 UTC (rev
12333)
@@ -1,6 +1,6 @@
/*
This file is part of libmicrohttpd
- (C) 2007, 2008 Daniel Pittman and Christian Grothoff
+ (C) 2007, 2008, 2010 Daniel Pittman and Christian Grothoff
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -19,7 +19,7 @@
*/
/**
- * @file connection.c
+ * @file connection_https.c
* @brief Methods for managing SSL/TLS connections. This file is only
* compiled if ENABLE_HTTPS is set.
* @author Sagie Amir
@@ -31,14 +31,8 @@
#include "memorypool.h"
#include "response.h"
#include "reason_phrase.h"
+#include <gnutls/gnutls.h>
-/* get opaque type */
-#include "gnutls_int.h"
-#include "gnutls_record.h"
-
-/* TODO #include rm "gnutls_errors.h" */
-#include "gnutls_errors.h"
-
/**
* This function is called once a secure connection has been marked
* for closure.
@@ -53,8 +47,8 @@
MHD_tls_connection_close (struct MHD_Connection *connection,
enum MHD_RequestTerminationCode termination_code)
{
- MHD__gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
- connection->tls_session->internals.read_eof = 1;
+ gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+ /* connection->tls_session->internals.read_eof = 1; // FIXME_GHM: needed? */
MHD_connection_close (connection, termination_code);
}
@@ -107,6 +101,16 @@
return MHD_YES;
}
+/* FIXME_GHM: this is digging into gnutls/SSL internals
+ that is likely wrong... */
+/* Record Protocol */
+typedef enum content_type_t
+{
+ GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
+ GNUTLS_INNER_APPLICATION = 24
+} content_type_t;
+
/**
* This function handles a particular SSL/TLS connection when
* it has been determined that there is data to be read off a
@@ -157,7 +161,7 @@
if (connection->state == MHD_TLS_CONNECTION_INIT ||
connection->state == MHD_TLS_HELLO_REQUEST)
{
- ret = MHD__gnutls_handshake (connection->tls_session);
+ ret = gnutls_handshake (connection->tls_session);
if (ret == 0)
{
/* set connection state to enable HTTP processing */
@@ -194,13 +198,13 @@
return MHD_NO;
case GNUTLS_ALERT:
+#if FIXME_GHM
/*
* this call of MHD_gtls_recv_int expects 0 bytes read.
* done to decrypt alert message
*/
- MHD_gtls_recv_int (connection->tls_session, GNUTLS_ALERT,
- GNUTLS_HANDSHAKE_FINISHED, 0, 0);
-
+ gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE_FINISHED, 0, 0);
/* CLOSE_NOTIFY */
if (connection->tls_session->internals.last_alert ==
GNUTLS_A_CLOSE_NOTIFY)
@@ -209,7 +213,8 @@
return MHD_YES;
}
/* non FATAL or WARNING */
- else if (connection->tls_session->internals.last_alert_level !=
+ else
+ if (connection->tls_session->internals.last_alert_level !=
GNUTLS_AL_FATAL)
{
#if HAVE_MESSAGES
@@ -239,12 +244,12 @@
#endif
return MHD_NO;
}
+#endif
/* forward application level content to MHD */
case GNUTLS_APPLICATION_DATA:
return MHD_connection_handle_read (connection);
-
case GNUTLS_INNER_APPLICATION:
break;
default:
Modified: libmicrohttpd/src/daemon/daemon.c
===================================================================
--- libmicrohttpd/src/daemon/daemon.c 2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/daemon/daemon.c 2010-07-24 15:24:50 UTC (rev 12333)
@@ -32,8 +32,7 @@
#if HTTPS_SUPPORT
#include "connection_https.h"
-#include "gnutls_int.h"
-#include "gnutls_global.h"
+#include <gnutls/gnutls.h>
#endif
#ifdef HAVE_POLL_H
@@ -331,29 +330,9 @@
}
#if HTTPS_SUPPORT
-pthread_mutex_t MHD_gnutls_init_mutex;
+static pthread_mutex_t MHD_gnutls_init_mutex;
/**
- * Note: code duplication with code in MHD_gnutls_priority.c
- *
- * @return 0
- */
-static int
-_set_priority (MHD_gtls_priority_st * st, const int *list)
-{
- int num = 0;
-
- if (list == NULL)
- return 0;
- while ((list[num] != 0) && (num < MAX_ALGOS))
- num++;
- st->num_algorithms = num;
- memcpy (st->priority, list, num * sizeof (int));
- return 0;
-}
-
-
-/**
* Callback for receiving data from the socket.
*
* @param conn the MHD connection structure
@@ -364,7 +343,7 @@
static ssize_t
recv_tls_adapter (struct MHD_Connection *connection, void *other, size_t i)
{
- return MHD__gnutls_record_recv (connection->tls_session, other, i);
+ return gnutls_record_recv (connection->tls_session, other, i);
}
/**
@@ -379,7 +358,7 @@
send_tls_adapter (struct MHD_Connection *connection,
const void *other, size_t i)
{
- return MHD__gnutls_record_send (connection->tls_session, other, i);
+ return gnutls_record_send (connection->tls_session, other, i);
}
@@ -391,8 +370,8 @@
static int
MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
{
- MHD_gnutls_datum_t key;
- MHD_gnutls_datum_t cert;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
/* certificate & key loaded from memory */
if (daemon->https_mem_cert && daemon->https_mem_key)
@@ -402,7 +381,7 @@
cert.data = (unsigned char *) daemon->https_mem_cert;
cert.size = strlen (daemon->https_mem_cert);
- return MHD__gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
+ return gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
&cert, &key,
GNUTLS_X509_FMT_PEM);
}
@@ -422,9 +401,9 @@
{
switch (daemon->cred_type)
{
- case MHD_GNUTLS_CRD_CERTIFICATE:
+ case GNUTLS_CRD_CERTIFICATE:
if (0 !=
- MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred))
+ gnutls_certificate_allocate_credentials (&daemon->x509_cred))
return GNUTLS_E_MEMORY_ERROR;
return MHD_init_daemon_certificate (daemon);
default:
@@ -785,15 +764,13 @@
connection->send_cls = &send_tls_adapter;
connection->state = MHD_TLS_CONNECTION_INIT;
MHD_set_https_calbacks (connection);
- MHD__gnutls_init (&connection->tls_session, GNUTLS_SERVER);
- MHD__gnutls_priority_set (connection->tls_session,
- connection->daemon->priority_cache);
+ gnutls_init (&connection->tls_session, GNUTLS_SERVER);
switch (connection->daemon->cred_type)
{
/* set needed credentials for certificate authentication. */
- case MHD_GNUTLS_CRD_CERTIFICATE:
- MHD__gnutls_credentials_set (connection->tls_session,
- MHD_GNUTLS_CRD_CERTIFICATE,
+ case GNUTLS_CRD_CERTIFICATE:
+ gnutls_credentials_set (connection->tls_session,
+ GNUTLS_CRD_CERTIFICATE,
connection->daemon->x509_cred);
break;
default:
@@ -816,13 +793,13 @@
);
return MHD_NO;
}
- MHD__gnutls_transport_set_ptr (connection->tls_session,
- (MHD_gnutls_transport_ptr_t) connection);
- MHD__gnutls_transport_set_pull_function (connection->tls_session,
- (MHD_gtls_pull_func) &
+ gnutls_transport_set_ptr (connection->tls_session,
+ (gnutls_transport_ptr_t) connection);
+ gnutls_transport_set_pull_function (connection->tls_session,
+ (gnutls_pull_func) &
recv_param_adapter);
- MHD__gnutls_transport_set_push_function (connection->tls_session,
- (MHD_gtls_push_func) &
+ gnutls_transport_set_push_function (connection->tls_session,
+ (gnutls_push_func) &
send_param_adapter);
}
#endif
@@ -893,7 +870,7 @@
MHD_pool_destroy (pos->pool);
#if HTTPS_SUPPORT
if (pos->tls_session != NULL)
- MHD__gnutls_deinit (pos->tls_session);
+ gnutls_deinit (pos->tls_session);
#endif
MHD_ip_limit_del (daemon, (struct sockaddr*)pos->addr,
pos->addr_len);
free (pos->addr);
@@ -1265,9 +1242,8 @@
break;
#if HTTPS_SUPPORT
case MHD_OPTION_PROTOCOL_VERSION:
- if (daemon->options & MHD_USE_SSL)
- _set_priority (&daemon->priority_cache->protocol,
- va_arg (ap, const int *));
+ FPRINTF (stderr,
+ "Protocol version setting currently not supported.\n");
#if HAVE_MESSAGES
else
FPRINTF (stderr,
@@ -1296,9 +1272,8 @@
#endif
break;
case MHD_OPTION_CIPHER_ALGORITHM:
- if (daemon->options & MHD_USE_SSL)
- _set_priority (&daemon->priority_cache->cipher,
- va_arg (ap, const int *));
+ FPRINTF (stderr,
+ "CIPHER setting currently not supported\n");
#if HAVE_MESSAGES
else
FPRINTF (stderr,
@@ -1478,9 +1453,7 @@
#endif
mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL);
}
- /* set default priorities */
- MHD_tls_set_default_priority (&retVal->priority_cache, "", NULL);
- retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
+ retVal->cred_type = GNUTLS_CRD_CERTIFICATE;
}
#endif
@@ -1874,9 +1847,8 @@
#if HTTPS_SUPPORT
if (daemon->options & MHD_USE_SSL)
{
- MHD__gnutls_priority_deinit (daemon->priority_cache);
if (daemon->x509_cred)
- MHD__gnutls_certificate_free_credentials (daemon->x509_cred);
+ gnutls_certificate_free_credentials (daemon->x509_cred);
/* lock MHD_gnutls_global mutex since it uses reference counting */
if (0 != pthread_mutex_lock (&MHD_gnutls_init_mutex))
{
@@ -1993,7 +1965,7 @@
plibc_init ("GNU", "libmicrohttpd");
#endif
#if HTTPS_SUPPORT
- MHD__gnutls_global_init ();
+ gnutls_global_init ();
if (0 != pthread_mutex_init(&MHD_gnutls_init_mutex, NULL))
abort();
#endif
@@ -2002,7 +1974,7 @@
void ATTRIBUTE_DESTRUCTOR MHD_fini ()
{
#if HTTPS_SUPPORT
- MHD__gnutls_global_deinit ();
+ gnutls_global_deinit ();
if (0 != pthread_mutex_destroy(&MHD_gnutls_init_mutex))
mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL);
#endif
Modified: libmicrohttpd/src/daemon/internal.h
===================================================================
--- libmicrohttpd/src/daemon/internal.h 2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/daemon/internal.h 2010-07-24 15:24:50 UTC (rev 12333)
@@ -30,7 +30,7 @@
#include "platform.h"
#include "microhttpd.h"
#if HTTPS_SUPPORT
-#include "gnutls.h"
+#include <gnutls/gnutls.h>
#endif
#define EXTRA_CHECKS MHD_YES
@@ -660,7 +660,17 @@
/**
* State required for HTTPS/SSL/TLS support.
*/
- MHD_gtls_session_t tls_session;
+ gnutls_session_t tls_session;
+
+ /**
+ * Memory location to return for protocol session info.
+ */
+ int protocol;
+
+ /**
+ * Memory location to return for protocol session info.
+ */
+ int cipher;
#endif
};
@@ -799,22 +809,17 @@
* What kind of credentials are we offering
* for SSL/TLS?
*/
- enum MHD_GNUTLS_CredentialsType cred_type;
+ gnutls_credentials_type_t cred_type;
/**
* Server x509 credentials
*/
- MHD_gtls_cert_credentials_t x509_cred;
+ gnutls_certificate_credentials_t x509_cred;
/**
- * Cipher priority cache
- */
- MHD_gnutls_priority_t priority_cache;
-
- /**
* Diffie-Hellman parameters
*/
- MHD_gtls_dh_params_t dh_params;
+ gnutls_dh_params_t dh_params;
/**
* Pointer to our SSL/TLS key (in ASCII) in memory.
@@ -825,6 +830,7 @@
* Pointer to our SSL/TLS certificate (in ASCII) in memory.
*/
const char *https_mem_cert;
+
#endif
/**
Modified: libmicrohttpd/src/examples/Makefile.am
===================================================================
--- libmicrohttpd/src/examples/Makefile.am 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/examples/Makefile.am 2010-07-24 15:24:50 UTC (rev
12333)
@@ -2,7 +2,6 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
- -I$(top_srcdir)/src/daemon/https \
@LIBGCRYPT_CFLAGS@
if USE_COVERAGE
Modified: libmicrohttpd/src/examples/https_fileserver_example.c
===================================================================
--- libmicrohttpd/src/examples/https_fileserver_example.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/examples/https_fileserver_example.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -35,8 +35,7 @@
#include "platform.h"
#include <microhttpd.h>
#include <sys/stat.h>
-
-#include "gnutls.h"
+#include <gnutls/gnutls.h>
#include <gcrypt.h>
#define BUF_SIZE 1024
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/include/microhttpd.h 2010-07-24 15:24:50 UTC (rev
12333)
@@ -412,8 +412,8 @@
/**
* Daemon credentials type.
- * This option should be followed by one of the values listed in
- * "enum MHD_GNUTLS_CredentialsType".
+ * Followed by an argument of type
+ * "gnutls_credentials_type_t".
*/
MHD_OPTION_CRED_TYPE = 10,
@@ -587,37 +587,8 @@
};
-/**
- * List of symmetric ciphers.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_CipherAlgorithm
-{
- MHD_GNUTLS_CIPHER_UNKNOWN = 0,
- MHD_GNUTLS_CIPHER_NULL = 1,
- MHD_GNUTLS_CIPHER_ARCFOUR_128,
- MHD_GNUTLS_CIPHER_3DES_CBC,
- MHD_GNUTLS_CIPHER_AES_128_CBC,
- MHD_GNUTLS_CIPHER_AES_256_CBC
-};
/**
- * SSL/TLS Protocol types.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_Protocol
-{
- MHD_GNUTLS_PROTOCOL_END = 0,
- MHD_GNUTLS_PROTOCOL_SSL3 = 1,
- MHD_GNUTLS_PROTOCOL_TLS1_0,
- MHD_GNUTLS_PROTOCOL_TLS1_1,
- MHD_GNUTLS_PROTOCOL_TLS1_2,
- MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN = 0xff
-};
-
-/**
* Values of this enum are used to specify what
* information about a connection is desired.
*/
@@ -1234,14 +1205,16 @@
/* ********************** generic query functions ********************** */
-
/**
* Information about a connection.
*/
union MHD_ConnectionInfo
{
- enum MHD_GNUTLS_CipherAlgorithm cipher_algorithm;
- enum MHD_GNUTLS_Protocol protocol;
+
+ int /* enum gnutls_cipher_algorithm */ cipher_algorithm;
+
+ int /* enum gnutls_protocol */ protocol;
+
/**
* Address information for the client.
*/
Modified: libmicrohttpd/src/testcurl/Makefile.am
===================================================================
--- libmicrohttpd/src/testcurl/Makefile.am 2010-07-24 15:23:45 UTC (rev
12332)
+++ libmicrohttpd/src/testcurl/Makefile.am 2010-07-24 15:24:50 UTC (rev
12333)
@@ -5,10 +5,8 @@
endif
if ENABLE_HTTPS
-if MHD_DEBUG_TLS
SUBDIRS += https
endif
-endif
AM_CPPFLAGS = \
-I$(top_srcdir) \
Modified: libmicrohttpd/src/testcurl/https/Makefile.am
===================================================================
--- libmicrohttpd/src/testcurl/https/Makefile.am 2010-07-24 15:23:45 UTC
(rev 12332)
+++ libmicrohttpd/src/testcurl/https/Makefile.am 2010-07-24 15:24:50 UTC
(rev 12333)
@@ -6,10 +6,6 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
- -I$(top_srcdir)/src/daemon/https \
- -I$(top_srcdir)/src/daemon/https/tls \
- -I$(top_srcdir)/src/daemon/https/lgl \
- -I$(top_srcdir)/src/daemon/https/x509 \
-I$(top_srcdir)/src/daemon \
$(LIBCURL_CPPFLAGS)
@@ -23,8 +19,7 @@
tls_multi_thread_mode_test \
tls_session_time_out_test \
tls_cipher_change_test \
- tls_alert_test \
- tls_extension_test
+ tls_alert_test
EXTRA_DIST = cert.pem key.pem tls_test_keys.h tls_test_common.h
@@ -39,18 +34,9 @@
tls_session_time_out_test \
tls_cipher_change_test \
tls_alert_test \
- tls_extension_test \
tls_authentication_test
# cURL dependent tests
-tls_extension_test_SOURCES = \
- tls_extension_test.c \
- tls_test_common.c
-tls_extension_test_LDADD = \
- $(top_builddir)/src/testcurl/libcurl_version_check.a \
- $(top_builddir)/src/daemon/libmicrohttpd.la \
- @LIBCURL@
-
tls_session_time_out_test_SOURCES = \
tls_session_time_out_test.c \
tls_test_common.c
Modified: libmicrohttpd/src/testcurl/https/mhds_get_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_get_test.c 2010-07-24 15:23:45 UTC
(rev 12332)
+++ libmicrohttpd/src/testcurl/https/mhds_get_test.c 2010-07-24 15:24:50 UTC
(rev 12333)
@@ -26,13 +26,9 @@
#include "platform.h"
#include "microhttpd.h"
-
#include <limits.h>
#include <sys/stat.h>
-
-#include "gnutls.h"
#include <curl/curl.h>
-
#include "tls_test_common.h"
int curl_check_version (const char *req_version, ...);
@@ -46,7 +42,7 @@
{
int ret;
- int ciper[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
+ int ciper[] = { GNUTLS_CIPHER_3DES_CBC, 0 };
struct MHD_Daemon *d;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
MHD_USE_DEBUG, 42433,
Modified: libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -53,7 +53,7 @@
if (MHD_get_connection_info
(connection,
MHD_CONNECTION_INFO_CIPHER_ALGO)->cipher_algorithm !=
- MHD_GNUTLS_CIPHER_AES_256_CBC)
+ GNUTLS_CIPHER_AES_256_CBC)
{
fprintf (stderr, "Error: requested cipher mismatch. %s\n",
strerror (errno));
@@ -62,7 +62,7 @@
if (MHD_get_connection_info
(connection,
- MHD_CONNECTION_INFO_PROTOCOL)->protocol != MHD_GNUTLS_PROTOCOL_SSL3)
+ MHD_CONNECTION_INFO_PROTOCOL)->protocol != GNUTLS_SSL3)
{
fprintf (stderr, "Error: requested compression mismatch. %s\n",
strerror (errno));
Modified: libmicrohttpd/src/testcurl/https/tls_alert_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_alert_test.c 2010-07-24 15:23:45 UTC
(rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_alert_test.c 2010-07-24 15:24:50 UTC
(rev 12333)
@@ -19,7 +19,7 @@
*/
/**
- * @file mhds_get_test.c
+ * @file tls_alert_test.c
* @brief: daemon TLS alert response test-case
*
* @author Sagie Amir
@@ -27,11 +27,8 @@
#include "platform.h"
#include "microhttpd.h"
-#include "gnutls_int.h"
-#include "gnutls_datum.h"
-#include "gnutls_record.h"
-
#include "tls_test_common.h"
+
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
@@ -42,7 +39,7 @@
* @param session: an initialized TLS session
*/
static int
-test_alert_close_notify (MHD_gtls_session_t session)
+test_alert_close_notify (gnutls_session_t session)
{
int sd, ret;
struct sockaddr_in sa;
@@ -59,7 +56,7 @@
sa.sin_port = htons (DEAMON_TEST_PORT);
inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
- MHD__gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long)
sd);
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (long) sd);
ret = connect (sd, &sa, sizeof (struct sockaddr_in));
@@ -69,16 +66,17 @@
return -1;
}
- ret = MHD__gnutls_handshake (session);
+ ret = gnutls_handshake (session);
if (ret < 0)
{
return -1;
}
- MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_CLOSE_NOTIFY);
+ gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_CLOSE_NOTIFY);
+#if FIXME_GHM
/* check server responds with a 'close-notify' */
- MHD_gtls_recv_int (session, GNUTLS_ALERT, GNUTLS_HANDSHAKE_FINISHED, 0, 0);
+ gnutls_recv_int (session, GNUTLS_ALERT, GNUTLS_HANDSHAKE_FINISHED, 0, 0);
close (sd);
/* CLOSE_NOTIFY */
@@ -86,7 +84,7 @@
{
return -1;
}
-
+#endif
return 0;
}
@@ -97,7 +95,7 @@
* @param session: an initialized TLS session
*/
static int
-test_alert_unexpected_message (MHD_gtls_session_t session)
+test_alert_unexpected_message (gnutls_session_t session)
{
int sd, ret;
struct sockaddr_in sa;
@@ -113,8 +111,8 @@
sa.sin_port = htons (DEAMON_TEST_PORT);
inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
- MHD__gnutls_transport_set_ptr (session,
- (MHD_gnutls_transport_ptr_t) ((void *) (long)
sd));
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) ((void *) (long) sd));
ret = connect (sd, &sa, sizeof (struct sockaddr_in));
@@ -124,14 +122,14 @@
return -1;
}
- ret = MHD__gnutls_handshake (session);
+ ret = gnutls_handshake (session);
if (ret < 0)
{
return -1;
}
- MHD__gnutls_alert_send (session, GNUTLS_AL_FATAL,
- GNUTLS_A_UNEXPECTED_MESSAGE);
+ gnutls_alert_send (session, GNUTLS_AL_FATAL,
+ GNUTLS_A_UNEXPECTED_MESSAGE);
usleep (100);
/* TODO better RST trigger */
@@ -149,13 +147,13 @@
{
int errorCount = 0;;
struct MHD_Daemon *d;
- MHD_gtls_session_t session;
- MHD_gnutls_datum_t key;
- MHD_gnutls_datum_t cert;
- MHD_gtls_cert_credentials_t xcred;
+ gnutls_session_t session;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
+ gnutls_certificate_credentials_t xcred;
- MHD__gnutls_global_init ();
- MHD_gtls_global_set_log_level (11);
+ gnutls_global_init ();
+ gnutls_global_set_log_level (11);
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
MHD_USE_DEBUG, DEAMON_TEST_PORT,
@@ -181,7 +179,7 @@
print_test_result (errorCount, argv[0]);
MHD_stop_daemon (d);
- MHD__gnutls_global_deinit ();
+ gnutls_global_deinit ();
return errorCount != 0;
}
Modified: libmicrohttpd/src/testcurl/https/tls_cipher_change_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_cipher_change_test.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_cipher_change_test.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -28,11 +28,8 @@
#include "platform.h"
#include "microhttpd.h"
#include "internal.h"
-#include "gnutls_int.h"
-#include "gnutls_datum.h"
-#include "gnutls_record.h"
-
#include "tls_test_common.h"
+
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
@@ -47,7 +44,7 @@
{
int ret;
/* server side re-handshake request */
- ret = MHD__gnutls_rehandshake (connection->tls_session);
+ ret = gnutls_rehandshake (connection->tls_session);
if (ret < 0)
{
@@ -67,7 +64,7 @@
* @param session: initiallized TLS session
*/
static int
-test_out_of_context_cipher_change (MHD_gtls_session_t session)
+test_out_of_context_cipher_change (gnutls_session_t session)
{
int sd, ret;
struct sockaddr_in sa;
@@ -84,7 +81,7 @@
sa.sin_port = htons (DEAMON_TEST_PORT);
inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
- MHD__gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long)
sd);
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (long) sd);
ret = connect (sd, &sa, sizeof (struct sockaddr_in));
@@ -94,16 +91,17 @@
return -1;
}
- ret = MHD__gnutls_handshake (session);
+ ret = gnutls_handshake (session);
if (ret < 0)
{
return -1;
}
+#if FIXME_GHM
/* send an out of context cipher change spec */
- MHD_gtls_send_change_cipher_spec (session, 0);
+ gnutls_send_change_cipher_spec (session, 0);
+#endif
-
/* assert server has closed connection */
/* TODO better RST trigger */
if (send (sd, "", 1, 0) == 0)
@@ -120,13 +118,13 @@
{
int errorCount = 0;;
struct MHD_Daemon *d;
- MHD_gtls_session_t session;
- MHD_gnutls_datum_t key;
- MHD_gnutls_datum_t cert;
- MHD_gtls_cert_credentials_t xcred;
+ gnutls_session_t session;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
+ gnutls_certificate_credentials_t xcred;
- MHD__gnutls_global_init ();
- MHD_gtls_global_set_log_level (11);
+ gnutls_global_init ();
+ gnutls_global_set_log_level (11);
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
MHD_USE_DEBUG, DEAMON_TEST_PORT,
@@ -148,7 +146,7 @@
print_test_result (errorCount, argv[0]);
MHD_stop_daemon (d);
- MHD__gnutls_global_deinit ();
+ gnutls_global_deinit ();
return errorCount != 0;
}
Modified: libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_daemon_options_test.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -28,8 +28,6 @@
#include "microhttpd.h"
#include <sys/stat.h>
#include <limits.h>
-#include "gnutls.h"
-
#include "tls_test_common.h"
extern const char srv_key_pem[];
@@ -106,17 +104,17 @@
return -1;
}
- int p_ssl3[] = { MHD_GNUTLS_PROTOCOL_SSL3, 0 };
- int p_tls[] = { MHD_GNUTLS_PROTOCOL_TLS1_2,
- MHD_GNUTLS_PROTOCOL_TLS1_1,
- MHD_GNUTLS_PROTOCOL_TLS1_0, 0
+ int p_ssl3[] = { GNUTLS_SSL3, 0 };
+ int p_tls[] = { GNUTLS_TLS1_2,
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_0, 0
};
struct CipherDef ciphers[] = {
- {{MHD_GNUTLS_CIPHER_AES_128_CBC, 0}, "AES128-SHA"},
- {{MHD_GNUTLS_CIPHER_ARCFOUR_128, 0}, "RC4-SHA"},
- {{MHD_GNUTLS_CIPHER_3DES_CBC, 0}, "3DES-SHA"},
- {{MHD_GNUTLS_CIPHER_AES_256_CBC, 0}, "AES256-SHA"},
+ {{GNUTLS_CIPHER_AES_128_CBC, 0}, "AES128-SHA"},
+ {{GNUTLS_CIPHER_ARCFOUR_128, 0}, "RC4-SHA"},
+ {{GNUTLS_CIPHER_3DES_CBC, 0}, "3DES-SHA"},
+ {{GNUTLS_CIPHER_AES_256_CBC, 0}, "AES256-SHA"},
{{0, 0}, NULL}
};
fprintf (stderr, "SHA/TLS tests:\n");
Modified: libmicrohttpd/src/testcurl/https/tls_extension_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_extension_test.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_extension_test.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -27,19 +27,9 @@
#include "platform.h"
#include "microhttpd.h"
-#include "gnutls_int.h"
-#include "gnutls_handshake.h" // MHD_gtls_send_handshake
-#include "gnutls_num.h" // MHD_gtls_write_x
-#include "common.h" // MHD_gtls_version_x
-
-
#include "tls_test_common.h"
#define MAX_EXT_DATA_LENGTH 256
-extern int
-MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session,
- opaque * ret_data, size_t ret_data_size);
-
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
@@ -53,7 +43,7 @@
* @return 0 on successful test completion, -1 otherwise
*/
static int
-test_hello_extension (MHD_gtls_session_t session, extensions_t exten_t,
+test_hello_extension (gnutls_session_t session, extensions_t exten_t,
int ext_count, int ext_length)
{
int i, sd, ret = 0, pos = 0;
@@ -117,7 +107,7 @@
/* generate session client random */
memset (session->security_parameters.client_random, 0, TLS_RANDOM_SIZE);
- MHD_gtls_write_uint32 (time (NULL), rnd);
+ gnutls_write_uint32 (time (NULL), rnd);
if (GC_OK != MHD_gc_nonce ((char *) &rnd[4], TLS_RANDOM_SIZE - 4)) abort ();
memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
@@ -144,14 +134,14 @@
pos += 2;
/* set extensions length = 2 type bytes + 2 length bytes + extension length
*/
- MHD_gtls_write_uint16 (exten_data_len, &data[pos]);
+ gnutls_write_uint16 (exten_data_len, &data[pos]);
pos += 2;
for (i = 0; i < ext_count; ++i)
{
/* write extension type */
- MHD_gtls_write_uint16 (exten_t, &data[pos]);
+ gnutls_write_uint16 (exten_t, &data[pos]);
pos += 2;
- MHD_gtls_write_uint16 (ext_length, &data[pos]);
+ gnutls_write_uint16 (ext_length, &data[pos]);
pos += 2;
/* we might want to generate random data here */
memset (&data[pos], 0, ext_length);
@@ -165,7 +155,7 @@
goto cleanup;
}
- MHD__gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long)
sd);
+ gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long) sd);
if (gen_test_file_url (url, DEAMON_TEST_PORT))
{
@@ -174,15 +164,15 @@
}
/* this should crash the server */
- ret = MHD_gtls_send_handshake (session, data, datalen,
- GNUTLS_HANDSHAKE_CLIENT_HELLO);
+ ret = gnutls_send_handshake (session, data, datalen,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO);
/* advance to STATE2 */
session->internals.handshake_state = STATE2;
- ret = MHD__gnutls_handshake (session);
- ret = MHD__gnutls_bye (session, GNUTLS_SHUT_WR);
+ ret = gnutls_handshake (session);
+ ret = gnutls_bye (session, GNUTLS_SHUT_WR);
- MHD_gnutls_free (data);
+ gnutls_free (data);
/* make sure daemon is still functioning */
if (CURLE_OK != send_curl_req (url, &cbc, "AES128-SHA",
@@ -195,7 +185,7 @@
cleanup:
if (sd != -1)
close (sd);
- MHD_gnutls_free (cbc.buf);
+ gnutls_free (cbc.buf);
return ret;
}
@@ -205,10 +195,10 @@
int i, errorCount = 0;
FILE *test_fd;
struct MHD_Daemon *d;
- MHD_gtls_session_t session;
- MHD_gnutls_datum_t key;
- MHD_gnutls_datum_t cert;
- MHD_gtls_cert_credentials_t xcred;
+ gnutls_session_t session;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
+ gnutls_certificate_credentials_t xcred;
int ext_arr[] = { GNUTLS_EXTENSION_SERVER_NAME,
-1
Modified: libmicrohttpd/src/testcurl/https/tls_multi_thread_mode_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_multi_thread_mode_test.c
2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_multi_thread_mode_test.c
2010-07-24 15:24:50 UTC (rev 12333)
@@ -29,13 +29,11 @@
#include "platform.h"
#include "microhttpd.h"
-
#include <sys/stat.h>
#include <limits.h>
-#include "gnutls.h"
#include <curl/curl.h>
-
#include "tls_test_common.h"
+
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
Modified: libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
2010-07-24 15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_session_time_out_test.c
2010-07-24 15:24:50 UTC (rev 12333)
@@ -28,11 +28,8 @@
#include "platform.h"
#include "microhttpd.h"
#include "internal.h"
-#include "gnutls_int.h"
-#include "gnutls_datum.h"
-#include "gnutls_record.h"
-
#include "tls_test_common.h"
+
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
@@ -41,52 +38,8 @@
char *http_get_req = "GET / HTTP/1.1\r\n\r\n";
static int
-setup_timeout_test (MHD_gtls_session_t * session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert,
- MHD_gtls_cert_credentials_t * xcred)
+test_tls_session_time_out (gnutls_session_t session)
{
- int ret;
-
- MHD__gnutls_certificate_allocate_credentials (xcred);
-
- MHD_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc);
- MHD_gtls_set_datum_m (cert, srv_self_signed_cert_pem,
- strlen (srv_self_signed_cert_pem), &malloc);
-
- MHD__gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
- GNUTLS_X509_FMT_PEM);
-
- MHD__gnutls_init (session, GNUTLS_CLIENT);
- ret = MHD__gnutls_priority_set_direct (*session, "NORMAL", NULL);
- if (ret < 0)
- {
- return -1;
- }
-
- MHD__gnutls_credentials_set (*session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
- return 0;
-}
-
-static int
-teardown_timeout_test (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert,
- MHD_gtls_cert_credentials_t xcred)
-{
-
- MHD_gtls_free_datum_m (key, free);
- MHD_gtls_free_datum_m (cert, free);
-
- MHD__gnutls_deinit (session);
-
- MHD__gnutls_certificate_free_credentials (xcred);
- return 0;
-}
-
-static int
-test_tls_session_time_out (MHD_gtls_session_t session)
-{
int sd, ret;
struct sockaddr_in sa;
@@ -102,7 +55,7 @@
sa.sin_port = htons (DEAMON_TEST_PORT);
inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
- MHD__gnutls_transport_set_ptr (session, (MHD_gnutls_transport_ptr_t) (long)
sd);
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (long) sd);
ret = connect (sd, &sa, sizeof (struct sockaddr_in));
@@ -112,7 +65,7 @@
return -1;
}
- ret = MHD__gnutls_handshake (session);
+ ret = gnutls_handshake (session);
if (ret < 0)
{
return -1;
@@ -136,13 +89,13 @@
{
int errorCount = 0;;
struct MHD_Daemon *d;
- MHD_gtls_session_t session;
- MHD_gnutls_datum_t key;
- MHD_gnutls_datum_t cert;
- MHD_gtls_cert_credentials_t xcred;
+ gnutls_session_t session;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
+ gnutls_certificate_credentials_t xcred;
- MHD__gnutls_global_init ();
- MHD_gtls_global_set_log_level (11);
+ gnutls_global_init ();
+ gnutls_global_set_log_level (11);
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
MHD_USE_DEBUG, DEAMON_TEST_PORT,
@@ -158,14 +111,14 @@
return -1;
}
- setup_timeout_test (&session, &key, &cert, &xcred);
+ setup_session (&session, &key, &cert, &xcred);
errorCount += test_tls_session_time_out (session);
- teardown_timeout_test (session, &key, &cert, xcred);
+ teardown_session (session, &key, &cert, xcred);
print_test_result (errorCount, argv[0]);
MHD_stop_daemon (d);
- MHD__gnutls_global_deinit ();
+ gnutls_global_deinit ();
return errorCount != 0;
}
Modified: libmicrohttpd/src/testcurl/https/tls_test_common.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_test_common.c 2010-07-24 15:23:45 UTC
(rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_test_common.c 2010-07-24 15:24:50 UTC
(rev 12333)
@@ -19,14 +19,12 @@
*/
/**
- * @file tls_daemon_options_test.c
+ * @file tls_test_common.c
* @brief Common tls test functions
* @author Sagie Amir
*/
#include "tls_test_common.h"
#include "tls_test_keys.h"
-#include "gnutls.h"
-#include "gnutls_datum.h"
const char test_file_data[] = "Hello World\n";
@@ -344,46 +342,48 @@
}
int
-setup_session (MHD_gtls_session_t * session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert, MHD_gtls_cert_credentials_t * xcred)
+setup_session (gnutls_session_t * session,
+ gnutls_datum_t * key,
+ gnutls_datum_t * cert,
+ gnutls_certificate_credentials_t * xcred)
{
int ret;
const char *err_pos;
- MHD__gnutls_certificate_allocate_credentials (xcred);
-
- MHD_gtls_set_datum_m (key, srv_key_pem, strlen (srv_key_pem), &malloc);
- MHD_gtls_set_datum_m (cert, srv_self_signed_cert_pem,
- strlen (srv_self_signed_cert_pem), &malloc);
-
- MHD__gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
- GNUTLS_X509_FMT_PEM);
-
- MHD__gnutls_init (session, GNUTLS_CLIENT);
- ret = MHD__gnutls_priority_set_direct (*session, "NORMAL", &err_pos);
+ gnutls_certificate_allocate_credentials (xcred);
+ key->size = strlen (srv_key_pem);
+ key->data = malloc (key->size);
+ memcpy (key->data, srv_key_pem, key->size);
+ cert->size = strlen (srv_self_signed_cert_pem);
+ cert->data = malloc (cert->size);
+ memcpy (cert->data, srv_self_signed_cert_pem, cert->size);
+ gnutls_certificate_set_x509_key_mem (*xcred, cert, key,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_init (session, GNUTLS_CLIENT);
+ ret = gnutls_priority_set_direct (*session,
+ "NORMAL", &err_pos);
if (ret < 0)
- {
- return -1;
- }
-
- MHD__gnutls_credentials_set (*session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
+ return -1;
+ gnutls_credentials_set (*session,
+ GNUTLS_CRD_CERTIFICATE,
+ xcred);
return 0;
}
int
-teardown_session (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert,
- MHD_gtls_cert_credentials_t xcred)
+teardown_session (gnutls_session_t session,
+ gnutls_datum_t * key,
+ gnutls_datum_t * cert,
+ gnutls_certificate_credentials_t xcred)
{
-
- MHD_gtls_free_datum_m (key, free);
- MHD_gtls_free_datum_m (cert, free);
-
- MHD__gnutls_deinit (session);
-
- MHD__gnutls_certificate_free_credentials (xcred);
+ free (key->data);
+ key->data = NULL;
+ key->size = 0;
+ free (cert->data);
+ cert->data = NULL;
+ cert->size = 0;
+ gnutls_deinit (session);
+ gnutls_certificate_free_credentials (xcred);
return 0;
}
Modified: libmicrohttpd/src/testcurl/https/tls_test_common.h
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_test_common.h 2010-07-24 15:23:45 UTC
(rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_test_common.h 2010-07-24 15:24:50 UTC
(rev 12333)
@@ -26,7 +26,7 @@
#include <curl/curl.h>
#include <sys/stat.h>
#include <limits.h>
-#include "gnutls.h"
+#include <gnutls/gnutls.h>
/* this enables verbos CURL version checking */
#define DEBUG_HTTPS_TEST 0
@@ -99,16 +99,16 @@
void teardown_testcase (struct MHD_Daemon *d);
int
-setup_session (MHD_gtls_session_t * session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert,
- MHD_gtls_cert_credentials_t * xcred);
+setup_session (gnutls_session_t * session,
+ gnutls_datum_t * key,
+ gnutls_datum_t * cert,
+ gnutls_certificate_credentials_t * xcred);
int
-teardown_session (MHD_gtls_session_t session,
- MHD_gnutls_datum_t * key,
- MHD_gnutls_datum_t * cert,
- MHD_gtls_cert_credentials_t xcred);
+teardown_session (gnutls_session_t session,
+ gnutls_datum_t * key,
+ gnutls_datum_t * cert,
+ gnutls_certificate_credentials_t xcred);
int
test_wrap (char *test_name, int
Modified: libmicrohttpd/src/testcurl/https/tls_thread_mode_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_thread_mode_test.c 2010-07-24
15:23:45 UTC (rev 12332)
+++ libmicrohttpd/src/testcurl/https/tls_thread_mode_test.c 2010-07-24
15:24:50 UTC (rev 12333)
@@ -29,13 +29,11 @@
#include "platform.h"
#include "microhttpd.h"
-
#include <sys/stat.h>
#include <limits.h>
-#include "gnutls.h"
#include <curl/curl.h>
-
#include "tls_test_common.h"
+
extern const char srv_key_pem[];
extern const char srv_self_signed_cert_pem[];
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r12333 - in libmicrohttpd: . m4 src/daemon src/examples src/include src/testcurl src/testcurl/https,
gnunet <=