1/* 2 This file is part of libmicrohttpd 3 Copyright (C) 2007, 2010 Christian Grothoff 4 5 libmicrohttpd is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published 7 by the Free Software Foundation; either version 2, or (at your 8 option) any later version. 9 10 libmicrohttpd is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 General Public License for more details. 14 15 You should have received a copy of the GNU General Public License 16 along with libmicrohttpd; see the file COPYING. If not, write to the 17 Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 Boston, MA 02111-1307, USA. 19*/ 20 21/** 22 * @file tls_daemon_options_test.c 23 * @brief Testcase for libmicrohttpd HTTPS GET operations 24 * @author Sagie Amir 25 */ 26 27#include "platform.h" 28#include "microhttpd.h" 29#include <sys/stat.h> 30#include <limits.h> 31#include <gcrypt.h> 32#include "tls_test_common.h" 33 34extern const char srv_key_pem[]; 35extern const char srv_self_signed_cert_pem[]; 36 37int curl_check_version (const char *req_version, ...); 38 39/** 40 * test server refuses to negotiate connections with unsupported protocol versions 41 * 42 */ 43static int 44test_unmatching_ssl_version (void * cls, const char *cipher_suite, 45 int curl_req_ssl_version) 46{ 47 struct CBC cbc; 48 if (NULL == (cbc.buf = malloc (sizeof (char) * 256))) 49 { 50 fprintf (stderr, "Error: failed to allocate: %s\n", 51 strerror (errno)); 52 return -1; 53 } 54 cbc.size = 256; 55 cbc.pos = 0; 56 57 char url[255]; 58 if (gen_test_file_url (url, DEAMON_TEST_PORT)) 59 { 60 free (cbc.buf); 61 fprintf (stderr, "Internal error in gen_test_file_url\n"); 62 return -1; 63 } 64 65 /* assert daemon *rejected* request */ 66 if (CURLE_OK == 67 send_curl_req (url, &cbc, cipher_suite, curl_req_ssl_version)) 68 { 69 free (cbc.buf); 70 fprintf (stderr, "cURL failed to reject request despite SSL version missmatch!\n"); 71 return -1; 72 } 73 74 free (cbc.buf); 75 return 0; 76} 77 78 79/* setup a temporary transfer test file */ 80int 81main (int argc, char *const *argv) 82{ 83 unsigned int errorCount = 0; 84 const char *ssl_version; 85 int daemon_flags = 86 MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG; 87 88 gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 89 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); 90#ifdef GCRYCTL_INITIALIZATION_FINISHED 91 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 92#endif 93 if (curl_check_version (MHD_REQ_CURL_VERSION)) 94 { 95 return 0; 96 } 97 ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; 98 if (NULL == ssl_version) 99 { 100 fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); 101 return 0; 102 } 103 if (0 != strncmp (ssl_version, "GnuTLS", 6)) 104 { 105 fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); 106 return 0; 107 } 108 109 if (0 != curl_global_init (CURL_GLOBAL_ALL)) 110 { 111 fprintf (stderr, "Error: %s\n", strerror (errno)); 112 return 0; 113 } 114 115 const char *aes128_sha = "AES128-SHA"; 116 const char *aes256_sha = "AES256-SHA"; 117 if (curl_uses_nss_ssl() == 0) 118 { 119 aes128_sha = "rsa_aes_128_sha"; 120 aes256_sha = "rsa_aes_256_sha"; 121 } 122 123 124 if (0 != 125 test_wrap ("TLS1.0-AES-SHA1", 126 &test_https_transfer, NULL, daemon_flags, 127 aes128_sha, 128 CURL_SSLVERSION_TLSv1, 129 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 130 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 131 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", 132 MHD_OPTION_END)) 133 { 134 fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); 135 errorCount++; 136 } 137 fprintf (stderr, 138 "The following handshake should fail (and print an error message)...\n"); 139 if (0 != 140 test_wrap ("TLS1.0 vs SSL3", 141 &test_unmatching_ssl_version, NULL, daemon_flags, 142 aes256_sha, 143 CURL_SSLVERSION_SSLv3, 144 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, 145 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, 146 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", 147 MHD_OPTION_END)) 148 { 149 fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); 150 errorCount++; 151 } 152 curl_global_cleanup (); 153 154 return errorCount != 0; 155} 156