• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2   This file is part of libmicrohttpd
3   Copyright (C) 2007, 2010 Christian Grothoff
4 
5   libmicrohttpd is free software; you can redistribute it and/or modify
6   it under the terms of the GNU General Public License as published
7   by the Free Software Foundation; either version 2, or (at your
8   option) any later version.
9 
10   libmicrohttpd is distributed in the hope that it will be useful, but
11   WITHOUT ANY WARRANTY; without even the implied warranty of
12   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13   General Public License for more details.
14 
15   You should have received a copy of the GNU General Public License
16   along with libmicrohttpd; see the file COPYING.  If not, write to the
17   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18   Boston, MA 02111-1307, USA.
19 */
20 
21 /**
22  * @file tls_daemon_options_test.c
23  * @brief  Testcase for libmicrohttpd HTTPS GET operations
24  * @author Sagie Amir
25  */
26 
27 #include "platform.h"
28 #include "microhttpd.h"
29 #include <sys/stat.h>
30 #include <limits.h>
31 #include <gcrypt.h>
32 #include "tls_test_common.h"
33 
34 extern const char srv_key_pem[];
35 extern const char srv_self_signed_cert_pem[];
36 
37 int curl_check_version (const char *req_version, ...);
38 
39 /**
40  * test server refuses to negotiate connections with unsupported protocol versions
41  *
42  */
43 static int
test_unmatching_ssl_version(void * cls,const char * cipher_suite,int curl_req_ssl_version)44 test_unmatching_ssl_version (void * cls, const char *cipher_suite,
45                              int curl_req_ssl_version)
46 {
47   struct CBC cbc;
48   if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
49     {
50       fprintf (stderr, "Error: failed to allocate: %s\n",
51                strerror (errno));
52       return -1;
53     }
54   cbc.size = 256;
55   cbc.pos = 0;
56 
57   char url[255];
58   if (gen_test_file_url (url, DEAMON_TEST_PORT))
59     {
60       free (cbc.buf);
61       fprintf (stderr, "Internal error in gen_test_file_url\n");
62       return -1;
63     }
64 
65   /* assert daemon *rejected* request */
66   if (CURLE_OK ==
67       send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
68     {
69       free (cbc.buf);
70       fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n");
71       return -1;
72     }
73 
74   free (cbc.buf);
75   return 0;
76 }
77 
78 
79 /* setup a temporary transfer test file */
80 int
main(int argc,char * const * argv)81 main (int argc, char *const *argv)
82 {
83   unsigned int errorCount = 0;
84   const char *ssl_version;
85   int daemon_flags =
86     MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
87 
88   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
89   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
90 #ifdef GCRYCTL_INITIALIZATION_FINISHED
91   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
92 #endif
93  if (curl_check_version (MHD_REQ_CURL_VERSION))
94     {
95       return 0;
96     }
97   ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
98   if (NULL == ssl_version)
99   {
100     fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
101     return 0;
102   }
103   if (0 != strncmp (ssl_version, "GnuTLS", 6))
104   {
105     fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
106     return 0;
107   }
108 
109   if (0 != curl_global_init (CURL_GLOBAL_ALL))
110     {
111       fprintf (stderr, "Error: %s\n", strerror (errno));
112       return 0;
113     }
114 
115   const char *aes128_sha = "AES128-SHA";
116   const char *aes256_sha = "AES256-SHA";
117   if (curl_uses_nss_ssl() == 0)
118     {
119       aes128_sha = "rsa_aes_128_sha";
120       aes256_sha = "rsa_aes_256_sha";
121     }
122 
123 
124   if (0 !=
125     test_wrap ("TLS1.0-AES-SHA1",
126 	       &test_https_transfer, NULL, daemon_flags,
127 	       aes128_sha,
128 	       CURL_SSLVERSION_TLSv1,
129 	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
130 	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
131 	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
132 	       MHD_OPTION_END))
133     {
134       fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
135       errorCount++;
136     }
137   fprintf (stderr,
138 	   "The following handshake should fail (and print an error message)...\n");
139   if (0 !=
140     test_wrap ("TLS1.0 vs SSL3",
141 	       &test_unmatching_ssl_version, NULL, daemon_flags,
142 	       aes256_sha,
143 	       CURL_SSLVERSION_SSLv3,
144 	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
145 	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
146 	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
147 	       MHD_OPTION_END))
148     {
149       fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
150       errorCount++;
151     }
152   curl_global_cleanup ();
153 
154   return errorCount != 0;
155 }
156