[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (9166f476 -> 386b21da)
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated (9166f476 -> 386b21da) |
|
Date: |
Thu, 10 Jun 2021 20:26:07 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from 9166f476 connection.c: log message typo fixed
new 77a30308 HTTPS tests: ensure that CURL options were applied
new 6c84bcf3 HTTPS tests: added new backend identification functions
new 6dbe969d tests: removed curl_uses_nss_ssl(), used new backend
identification functions
new 386b21da test_tls_options: multiple fixes
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/testcurl/curl_version_check.c | 10 -
src/testcurl/https/test_empty_response.c | 2 +-
src/testcurl/https/test_https_get.c | 2 +-
src/testcurl/https/test_https_get_iovec.c | 2 +-
src/testcurl/https/test_https_get_parallel.c | 2 +-
.../https/test_https_get_parallel_threads.c | 4 +-
src/testcurl/https/test_https_get_select.c | 2 +-
src/testcurl/https/test_https_multi_daemon.c | 2 +-
src/testcurl/https/test_https_session_info.c | 4 +-
src/testcurl/https/test_tls_authentication.c | 2 +-
src/testcurl/https/test_tls_options.c | 21 +-
src/testcurl/https/tls_test_common.c | 220 +++++++++++++++++----
src/testcurl/https/tls_test_common.h | 10 +-
13 files changed, 210 insertions(+), 73 deletions(-)
diff --git a/src/testcurl/curl_version_check.c
b/src/testcurl/curl_version_check.c
index 315c50ce..e77cf7d6 100644
--- a/src/testcurl/curl_version_check.c
+++ b/src/testcurl/curl_version_check.c
@@ -69,16 +69,6 @@ parse_version_string (const char *s, int *major, int *minor,
int *micro)
}
-#ifdef HTTPS_SUPPORT
-int
-curl_uses_nss_ssl ()
-{
- return (strstr (curl_version (), " NSS/") != NULL) ? 0 : -1;
-}
-
-
-#endif /* HTTPS_SUPPORT */
-
/*
* check local libcurl version matches required version
*/
diff --git a/src/testcurl/https/test_empty_response.c
b/src/testcurl/https/test_empty_response.c
index bf05baca..83f208b3 100644
--- a/src/testcurl/https/test_empty_response.c
+++ b/src/testcurl/https/test_empty_response.c
@@ -108,7 +108,7 @@ testInternalSelectGet ()
}
port = (int) dinfo->port;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_https_get.c
b/src/testcurl/https/test_https_get.c
index b3f2fbf7..d7e534ed 100644
--- a/src/testcurl/https/test_https_get.c
+++ b/src/testcurl/https/test_https_get.c
@@ -253,7 +253,7 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha_tlsv1 = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_https_get_iovec.c
b/src/testcurl/https/test_https_get_iovec.c
index 28d5cbfc..ab2bf35d 100644
--- a/src/testcurl/https/test_https_get_iovec.c
+++ b/src/testcurl/https/test_https_get_iovec.c
@@ -408,7 +408,7 @@ main (int argc, char *const *argv)
return 77;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha_tlsv1 = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_https_get_parallel.c
b/src/testcurl/https/test_https_get_parallel.c
index cce97fca..47f644d2 100644
--- a/src/testcurl/https/test_https_get_parallel.c
+++ b/src/testcurl/https/test_https_get_parallel.c
@@ -159,7 +159,7 @@ main (int argc, char *const *argv)
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
aes256_sha = "rsa_aes_256_sha";
#ifdef EPOLL_SUPPORT
errorCount +=
diff --git a/src/testcurl/https/test_https_get_parallel_threads.c
b/src/testcurl/https/test_https_get_parallel_threads.c
index 4a7d1b1d..4853e7eb 100644
--- a/src/testcurl/https/test_https_get_parallel_threads.c
+++ b/src/testcurl/https/test_https_get_parallel_threads.c
@@ -169,14 +169,14 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
- if (0 != strncmp (ssl_version, "GnuTLS", 6))
+ if (! curl_tls_is_gnutls ())
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
curl_global_cleanup ();
return 77;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_https_get_select.c
b/src/testcurl/https/test_https_get_select.c
index d42f4463..ce89ee42 100644
--- a/src/testcurl/https/test_https_get_select.c
+++ b/src/testcurl/https/test_https_get_select.c
@@ -125,7 +125,7 @@ testExternalGet (int flags)
port = (int) dinfo->port;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
aes256_sha = "rsa_aes_256_sha";
c = curl_easy_init ();
diff --git a/src/testcurl/https/test_https_multi_daemon.c
b/src/testcurl/https/test_https_multi_daemon.c
index 598d5592..6c6e2b5d 100644
--- a/src/testcurl/https/test_https_multi_daemon.c
+++ b/src/testcurl/https/test_https_multi_daemon.c
@@ -155,7 +155,7 @@ main (int argc, char *const *argv)
return 99;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_https_session_info.c
b/src/testcurl/https/test_https_session_info.c
index 9ca97b36..d594753e 100644
--- a/src/testcurl/https/test_https_session_info.c
+++ b/src/testcurl/https/test_https_session_info.c
@@ -143,7 +143,7 @@ test_query_session ()
port = (int) dinfo->port;
}
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha = "rsa_aes_256_sha";
}
@@ -217,7 +217,7 @@ main (int argc, char *const *argv)
curl_global_cleanup ();
return 77;
}
- if (0 != strncmp (ssl_version, "GnuTLS", 6))
+ if (! curl_tls_is_gnutls ())
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
curl_global_cleanup ();
diff --git a/src/testcurl/https/test_tls_authentication.c
b/src/testcurl/https/test_tls_authentication.c
index 7ca75138..7aedee72 100644
--- a/src/testcurl/https/test_tls_authentication.c
+++ b/src/testcurl/https/test_tls_authentication.c
@@ -114,7 +114,7 @@ main (int argc, char *const *argv)
return 99;
}
fclose (crt);
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes256_sha = "rsa_aes_256_sha";
}
diff --git a/src/testcurl/https/test_tls_options.c
b/src/testcurl/https/test_tls_options.c
index f42e324b..d5aa8310 100644
--- a/src/testcurl/https/test_tls_options.c
+++ b/src/testcurl/https/test_tls_options.c
@@ -109,6 +109,9 @@ main (int argc, char *const *argv)
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
+ if (! testsuite_curl_global_init ())
+ return 99;
+
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 77;
@@ -119,22 +122,20 @@ main (int argc, char *const *argv)
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
- if (0 != strncmp (ssl_version, "GnuTLS", 6))
+
+ if (curl_tls_is_schannel () || curl_tls_is_sectransport ())
{
- fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
+ fprintf (stderr,
+ "libcurl TLS backend does not support this test. Skipping.\n");
return 77;
}
- if (! testsuite_curl_global_init ())
- return 99;
-
- if (curl_uses_nss_ssl () == 0)
+ if (curl_tls_is_nss ())
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
-
if (0 !=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, port, daemon_flags,
@@ -152,17 +153,17 @@ main (int argc, char *const *argv)
fprintf (stderr,
"The following handshake should fail (and print an error
message)...\n");
if (0 !=
- test_wrap ("TLS1.0 vs SSL3",
+ test_wrap ("TLS1.1 vs TLS1.0",
&test_unmatching_ssl_version, NULL, port, daemon_flags,
aes256_sha,
- CURL_SSLVERSION_SSLv3,
+ CURL_SSLVERSION_TLSv1_1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES,
"NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
- fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
+ fprintf (stderr, "TLS1.1 vs TLS1.0 test failed\n");
errorCount++;
}
curl_global_cleanup ();
diff --git a/src/testcurl/https/tls_test_common.c
b/src/testcurl/https/tls_test_common.c
index fc998317..d082c9a1 100644
--- a/src/testcurl/https/tls_test_common.c
+++ b/src/testcurl/https/tls_test_common.c
@@ -70,6 +70,7 @@ test_daemon_get (void *cls,
CURL *c;
struct CBC cbc;
CURLcode errornum;
+ CURLcode e;
char url[255];
size_t len;
(void) cls; /* Unused. Silence compiler warning. */
@@ -92,29 +93,48 @@ test_daemon_get (void *cls,
#if DEBUG_HTTPS_TEST
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
- curl_easy_setopt (c, CURLOPT_URL, url);
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, &cbc);
+ if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_URL, url))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
+ CURL_HTTP_VERSION_1_0))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION,
+ ©Buffer))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FILE, &cbc))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
+ {
+ fprintf (stderr, "curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- /* perform peer authentication */
- /* TODO merge into send_curl_req */
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, ver_peer);
- if (ver_peer)
- curl_easy_setopt (c, CURLOPT_CAINFO, ca_cert_file_name);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
-
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L);
+ if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
+ proto_version))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite))) ||
+
+ /* perform peer authentication */
+ /* TODO merge into send_curl_req */
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER,
+ ver_peer))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))))
+ {
+ fprintf (stderr, "HTTPS curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
+ if (ver_peer &&
+ (CURLE_OK != curl_easy_setopt (c, CURLOPT_CAINFO, ca_cert_file_name)))
+ {
+ fprintf (stderr, "HTTPS curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
if (CURLE_OK != (errornum = curl_easy_perform (c)))
{
fprintf (stderr, "curl_easy_perform failed: `%s'\n",
@@ -250,35 +270,54 @@ send_curl_req (char *url,
{
CURL *c;
CURLcode errornum;
+ CURLcode e;
c = curl_easy_init ();
#if DEBUG_HTTPS_TEST
curl_easy_setopt (c, CURLOPT_VERBOSE, CURL_VERBOS_LEVEL);
#endif
- curl_easy_setopt (c, CURLOPT_URL, url);
- curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
- curl_easy_setopt (c, CURLOPT_TIMEOUT, 60L);
- curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 60L);
+ if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_URL, url))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
+ CURL_HTTP_VERSION_1_0))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_TIMEOUT, 60L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 60L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
+
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
+ {
+ fprintf (stderr, "curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
if (cbc != NULL)
{
- curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
- curl_easy_setopt (c, CURLOPT_FILE, cbc);
+ if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION,
+ ©Buffer))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_FILE, cbc))))
+ {
+ fprintf (stderr, "curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
}
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
- curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
- /* currently skip any peer authentication */
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L);
- curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L);
-
- curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L);
+ if ((CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSLVERSION,
+ proto_version))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST,
+ cipher_suite))) ||
+ /* currently skip any peer authentication */
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
+ (CURLE_OK != (e = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))))
+ {
+ fprintf (stderr, "HTTPS curl_easy_setopt failed: `%s'\n",
+ curl_easy_strerror (e));
+ curl_easy_cleanup (c);
+ return e;
+ }
- /* NOTE: use of CONNECTTIMEOUT without also
- setting NOSIGNAL results in really weird
- crashes on my system! */
- curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L);
if (CURLE_OK != (errornum = curl_easy_perform (c)))
{
fprintf (stderr, "curl_easy_perform failed: `%s'\n",
@@ -565,6 +604,100 @@ test_wrap (const char *test_name, int
}
+static int inited_tls_is_gnutls = 0;
+static int inited_tls_is_openssl = 0;
+
+int
+curl_tls_is_gnutls (void)
+{
+ const char *tlslib;
+ if (inited_tls_is_gnutls)
+ return 1;
+ if (inited_tls_is_openssl)
+ return 0;
+
+ tlslib = curl_version_info (CURLVERSION_NOW)->ssl_version;
+ if (NULL == tlslib)
+ return 0;
+ if (0 == strncmp (tlslib, "GnuTLS/", 7))
+ return 1;
+
+ /* Multi-backends handled during initialization by setting variable */
+ return 0;
+}
+
+
+int
+curl_tls_is_nss (void)
+{
+ const char *tlslib;
+ if (inited_tls_is_gnutls)
+ return 0;
+ if (inited_tls_is_openssl)
+ return 0;
+
+ tlslib = curl_version_info (CURLVERSION_NOW)->ssl_version;
+ if (NULL == tlslib)
+ return 0;
+ if (0 == strncmp (tlslib, "NSS/", 4))
+ return 1;
+
+ /* Handle multi-backends with selected backend */
+ if (NULL != strstr (tlslib," NSS/"))
+ return 1;
+
+ return 0;
+}
+
+
+int
+curl_tls_is_schannel (void)
+{
+ const char *tlslib;
+ if (inited_tls_is_gnutls)
+ return 0;
+ if (inited_tls_is_openssl)
+ return 0;
+
+ tlslib = curl_version_info (CURLVERSION_NOW)->ssl_version;
+ if (NULL == tlslib)
+ return 0;
+ if ((0 == strncmp (tlslib, "Schannel", 8)) || (0 == strncmp (tlslib,
"WinSSL",
+ 6)))
+ return 1;
+
+ /* Handle multi-backends with selected backend */
+ if ((NULL != strstr (tlslib," Schannel")) || (NULL != strstr (tlslib,
+ " WinSSL")))
+ return 1;
+
+ return 0;
+}
+
+
+int
+curl_tls_is_sectransport (void)
+{
+ const char *tlslib;
+ if (inited_tls_is_gnutls)
+ return 0;
+ if (inited_tls_is_openssl)
+ return 0;
+
+ tlslib = curl_version_info (CURLVERSION_NOW)->ssl_version;
+ if (NULL == tlslib)
+ return 0;
+ if (0 == strncmp (tlslib, "SecureTransport", 15))
+ return 1;
+
+ /* Handle multi-backends with selected backend */
+ if (NULL != strstr (tlslib," SecureTransport"))
+ return 1;
+
+ return 0;
+}
+
+
int
testsuite_curl_global_init (void)
{
@@ -572,10 +705,15 @@ testsuite_curl_global_init (void)
#if LIBCURL_VERSION_NUM >= 0x073800
if (CURLSSLSET_OK != curl_global_sslset (CURLSSLBACKEND_GNUTLS, NULL, NULL))
{
- if (CURLSSLSET_TOO_LATE == curl_global_sslset (CURLSSLBACKEND_OPENSSL,
NULL,
- NULL))
+ CURLsslset e;
+ e = curl_global_sslset (CURLSSLBACKEND_OPENSSL, NULL, NULL);
+ if (CURLSSLSET_TOO_LATE == e)
fprintf (stderr, "WARNING: libcurl was already initialised.\n");
+ else if (CURLSSLSET_OK == e)
+ inited_tls_is_openssl = 1;
}
+ else
+ inited_tls_is_gnutls = 1;
#endif /* LIBCURL_VERSION_NUM >= 0x07380 */
res = curl_global_init (CURL_GLOBAL_ALL);
if (CURLE_OK != res)
diff --git a/src/testcurl/https/tls_test_common.h
b/src/testcurl/https/tls_test_common.h
index fd2a47b1..02f0f0fa 100644
--- a/src/testcurl/https/tls_test_common.h
+++ b/src/testcurl/https/tls_test_common.h
@@ -75,8 +75,16 @@ int
curl_check_version (const char *req_version, ...);
int
-curl_uses_nss_ssl (void);
+curl_tls_is_gnutls (void);
+int
+curl_tls_is_nss (void);
+
+int
+curl_tls_is_schannel (void);
+
+int
+curl_tls_is_sectransport (void);
FILE *
setup_ca_cert (void);
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (9166f476 -> 386b21da),
gnunet <=