1 /*
2 This file is part of libmicrohttpd
3 Copyright (C) 2007, 2010 Christian Grothoff
4
5 libmicrohttpd is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 2, or (at your
8 option) any later version.
9
10 libmicrohttpd is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with libmicrohttpd; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
19 */
20
21 /**
22 * @file tls_daemon_options_test.c
23 * @brief Testcase for libmicrohttpd HTTPS GET operations
24 * @author Sagie Amir
25 */
26
27 #include "platform.h"
28 #include "microhttpd.h"
29 #include <sys/stat.h>
30 #include <limits.h>
31 #include <gcrypt.h>
32 #include "tls_test_common.h"
33
34 extern const char srv_key_pem[];
35 extern const char srv_self_signed_cert_pem[];
36
37 int curl_check_version (const char *req_version, ...);
38
39 /**
40 * test server refuses to negotiate connections with unsupported protocol versions
41 *
42 */
43 static int
test_unmatching_ssl_version(void * cls,const char * cipher_suite,int curl_req_ssl_version)44 test_unmatching_ssl_version (void * cls, const char *cipher_suite,
45 int curl_req_ssl_version)
46 {
47 struct CBC cbc;
48 if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
49 {
50 fprintf (stderr, "Error: failed to allocate: %s\n",
51 strerror (errno));
52 return -1;
53 }
54 cbc.size = 256;
55 cbc.pos = 0;
56
57 char url[255];
58 if (gen_test_file_url (url, DEAMON_TEST_PORT))
59 {
60 free (cbc.buf);
61 fprintf (stderr, "Internal error in gen_test_file_url\n");
62 return -1;
63 }
64
65 /* assert daemon *rejected* request */
66 if (CURLE_OK ==
67 send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
68 {
69 free (cbc.buf);
70 fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n");
71 return -1;
72 }
73
74 free (cbc.buf);
75 return 0;
76 }
77
78
79 /* setup a temporary transfer test file */
80 int
main(int argc,char * const * argv)81 main (int argc, char *const *argv)
82 {
83 unsigned int errorCount = 0;
84 const char *ssl_version;
85 int daemon_flags =
86 MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
87
88 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
89 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
90 #ifdef GCRYCTL_INITIALIZATION_FINISHED
91 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
92 #endif
93 if (curl_check_version (MHD_REQ_CURL_VERSION))
94 {
95 return 0;
96 }
97 ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
98 if (NULL == ssl_version)
99 {
100 fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
101 return 0;
102 }
103 if (0 != strncmp (ssl_version, "GnuTLS", 6))
104 {
105 fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
106 return 0;
107 }
108
109 if (0 != curl_global_init (CURL_GLOBAL_ALL))
110 {
111 fprintf (stderr, "Error: %s\n", strerror (errno));
112 return 0;
113 }
114
115 const char *aes128_sha = "AES128-SHA";
116 const char *aes256_sha = "AES256-SHA";
117 if (curl_uses_nss_ssl() == 0)
118 {
119 aes128_sha = "rsa_aes_128_sha";
120 aes256_sha = "rsa_aes_256_sha";
121 }
122
123
124 if (0 !=
125 test_wrap ("TLS1.0-AES-SHA1",
126 &test_https_transfer, NULL, daemon_flags,
127 aes128_sha,
128 CURL_SSLVERSION_TLSv1,
129 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
130 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
131 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
132 MHD_OPTION_END))
133 {
134 fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
135 errorCount++;
136 }
137 fprintf (stderr,
138 "The following handshake should fail (and print an error message)...\n");
139 if (0 !=
140 test_wrap ("TLS1.0 vs SSL3",
141 &test_unmatching_ssl_version, NULL, daemon_flags,
142 aes256_sha,
143 CURL_SSLVERSION_SSLv3,
144 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
145 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
146 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
147 MHD_OPTION_END))
148 {
149 fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
150 errorCount++;
151 }
152 curl_global_cleanup ();
153
154 return errorCount != 0;
155 }
156