1/*
2  This file is part of libmicrohttpd
3  Copyright (C) 2007, 2010 Christian Grothoff
4
5  libmicrohttpd is free software; you can redistribute it and/or modify
6  it under the terms of the GNU General Public License as published
7  by the Free Software Foundation; either version 2, or (at your
8  option) any later version.
9
10  libmicrohttpd is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  General Public License for more details.
14
15  You should have received a copy of the GNU General Public License
16  along with libmicrohttpd; see the file COPYING.  If not, write to the
17  Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18  Boston, MA 02111-1307, USA.
19*/
20
21/**
22 * @file tls_daemon_options_test.c
23 * @brief  Testcase for libmicrohttpd HTTPS GET operations
24 * @author Sagie Amir
25 */
26
27#include "platform.h"
28#include "microhttpd.h"
29#include <sys/stat.h>
30#include <limits.h>
31#include <gcrypt.h>
32#include "tls_test_common.h"
33
34extern const char srv_key_pem[];
35extern const char srv_self_signed_cert_pem[];
36
37int curl_check_version (const char *req_version, ...);
38
39/**
40 * test server refuses to negotiate connections with unsupported protocol versions
41 *
42 */
43static int
44test_unmatching_ssl_version (void * cls, const char *cipher_suite,
45                             int curl_req_ssl_version)
46{
47  struct CBC cbc;
48  if (NULL == (cbc.buf = malloc (sizeof (char) * 256)))
49    {
50      fprintf (stderr, "Error: failed to allocate: %s\n",
51               strerror (errno));
52      return -1;
53    }
54  cbc.size = 256;
55  cbc.pos = 0;
56
57  char url[255];
58  if (gen_test_file_url (url, DEAMON_TEST_PORT))
59    {
60      free (cbc.buf);
61      fprintf (stderr, "Internal error in gen_test_file_url\n");
62      return -1;
63    }
64
65  /* assert daemon *rejected* request */
66  if (CURLE_OK ==
67      send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version))
68    {
69      free (cbc.buf);
70      fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n");
71      return -1;
72    }
73
74  free (cbc.buf);
75  return 0;
76}
77
78
79/* setup a temporary transfer test file */
80int
81main (int argc, char *const *argv)
82{
83  unsigned int errorCount = 0;
84  const char *ssl_version;
85  int daemon_flags =
86    MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
87
88  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
89  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
90#ifdef GCRYCTL_INITIALIZATION_FINISHED
91  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
92#endif
93 if (curl_check_version (MHD_REQ_CURL_VERSION))
94    {
95      return 0;
96    }
97  ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
98  if (NULL == ssl_version)
99  {
100    fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
101    return 0;
102  }
103  if (0 != strncmp (ssl_version, "GnuTLS", 6))
104  {
105    fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
106    return 0;
107  }
108
109  if (0 != curl_global_init (CURL_GLOBAL_ALL))
110    {
111      fprintf (stderr, "Error: %s\n", strerror (errno));
112      return 0;
113    }
114
115  const char *aes128_sha = "AES128-SHA";
116  const char *aes256_sha = "AES256-SHA";
117  if (curl_uses_nss_ssl() == 0)
118    {
119      aes128_sha = "rsa_aes_128_sha";
120      aes256_sha = "rsa_aes_256_sha";
121    }
122
123
124  if (0 !=
125    test_wrap ("TLS1.0-AES-SHA1",
126	       &test_https_transfer, NULL, daemon_flags,
127	       aes128_sha,
128	       CURL_SSLVERSION_TLSv1,
129	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
130	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
131	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
132	       MHD_OPTION_END))
133    {
134      fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
135      errorCount++;
136    }
137  fprintf (stderr,
138	   "The following handshake should fail (and print an error message)...\n");
139  if (0 !=
140    test_wrap ("TLS1.0 vs SSL3",
141	       &test_unmatching_ssl_version, NULL, daemon_flags,
142	       aes256_sha,
143	       CURL_SSLVERSION_SSLv3,
144	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
145	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
146	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
147	       MHD_OPTION_END))
148    {
149      fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
150      errorCount++;
151    }
152  curl_global_cleanup ();
153
154  return errorCount != 0;
155}
156