C++ (Cpp) curl_uses_nss_ssl Examples

Example #1

0

Show file

File: test_https_get.c Project: Metaswitch/libmicrohttpd

int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  const char *aes256_sha_tlsv1   = "AES256-SHA";
  const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA";

  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error: %s\n", strerror (errno));
      return -1;
    }

  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha_tlsv1 = "rsa_aes_256_sha";
      des_cbc3_sha_tlsv1 = "rsa_aes_128_sha";
    }

  errorCount +=
    test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
  errorCount +=
    test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1);
  print_test_result (errorCount, argv[0]);

  curl_global_cleanup ();

  return errorCount != 0;
}

Example #2

0

Show file

File: test_https_get.c Project: Karlson2k/libmicrohttpd

int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  const char *aes256_sha_tlsv1   = "AES256-SHA";
  (void)argc;   /* Unused. Silent compiler warning. */

#ifdef MHD_HTTPS_REQUIRE_GRYPT
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
#endif /* MHD_HTTPS_REQUIRE_GRYPT */
  if (!testsuite_curl_global_init ())
    return 99;
  if (NULL == curl_version_info (CURLVERSION_NOW)->ssl_version)
    {
      fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
      curl_global_cleanup ();
      return 77;
    }

  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha_tlsv1 = "rsa_aes_256_sha";
    }

  errorCount +=
    test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
  print_test_result (errorCount, argv[0]);

  curl_global_cleanup ();

  return errorCount != 0 ? 1 : 0;
}

Example #3

0

Show file

File: test_https_get_parallel_threads.c Project: svn2github/libmicrohttpd

int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  const char *ssl_version;

  /* initialize random seed used by curl clients */
  unsigned int iseed = (unsigned int) time (NULL);

#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
  srand (iseed);
  ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
  if (NULL == ssl_version)
  {
    fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
    return 0;
  }
  if (0 != strncmp (ssl_version, "GnuTLS", 6))
  {
    fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
    return 0;
  }
  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error: %s\n", strerror (errno));
      return -1;
    }

  char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha = "rsa_aes_256_sha";
    }

  errorCount +=
    test_wrap ("multi threaded daemon, single client", &test_single_client,
               NULL,
               MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
               aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
               srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
               srv_self_signed_cert_pem, MHD_OPTION_END);

  errorCount +=
    test_wrap ("multi threaded daemon, parallel client",
               &test_parallel_clients, NULL,
               MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
               aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
               srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
               srv_self_signed_cert_pem, MHD_OPTION_END);

  if (errorCount != 0)
    fprintf (stderr, "Failed test: %s.\n", argv[0]);

  curl_global_cleanup ();
  return errorCount != 0;
}

Example #4

0

Show file

File: test_https_multi_daemon.c Project: Chris112/sep

int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  FILE *cert;

  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error (code: %u). l:%d f:%s\n", errorCount, __LINE__,
               __FUNCTION__);
      return -1;
    }
  if ((cert = setup_ca_cert ()) == NULL)
    {
      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
      return -1;
    }

  const char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha = "rsa_aes_256_sha";
    }
  
  errorCount +=
    test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3);

  print_test_result (errorCount, "concurent_daemon_pair");

  curl_global_cleanup ();
  fclose (cert);
  if (0 != remove (ca_cert_file_name))
    fprintf (stderr,
	     "Failed to remove `%s'\n",
	     ca_cert_file_name);
  return errorCount != 0;
}

Example #5

0

Show file

File: test_https_get_parallel.c Project: WilliamRen/libmicrohttpd

int
main (int argc, char *const *argv)
{
    unsigned int errorCount = 0;

    /* initialize random seed used by curl clients */
    unsigned int iseed = (unsigned int) time (NULL);
    srand (iseed);
    gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
    if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
        fprintf (stderr, "Error: %s\n", strerror (errno));
        return -1;
    }

    char *aes256_sha = "AES256-SHA";
    if (curl_uses_nss_ssl() == 0)
    {
        aes256_sha = "rsa_aes_256_sha";
    }

    errorCount +=
        test_wrap ("single threaded daemon, single client", &test_single_client,
                   NULL,
                   MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
                   aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
                   srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
                   srv_self_signed_cert_pem, MHD_OPTION_END);

    errorCount +=
        test_wrap ("single threaded daemon, parallel clients",
                   &test_parallel_clients, NULL,
                   MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
                   aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
                   srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
                   srv_self_signed_cert_pem, MHD_OPTION_END);

    curl_global_cleanup ();
    return errorCount != 0;
}

Example #6

0

Show file

File: test_tls_authentication.c Project: Chris112/sep

int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;

  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
  if (setup_ca_cert () == NULL)
    {
      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
      return -1;
    }

  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error (code: %u)\n", errorCount);
      return -1;
    }

  char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha = "rsa_aes_256_sha";
    }

  errorCount +=
    test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);

  print_test_result (errorCount, argv[0]);

  curl_global_cleanup ();
  if (0 != remove (ca_cert_file_name))
    fprintf (stderr,
	     "Failed to remove `%s'\n",
	     ca_cert_file_name);
  return errorCount != 0;
}

Example #7

0

Show file

File: tls_daemon_options_test.c Project: carriercomm/uClinux

/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;

  int daemon_flags =
    MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
  if (curl_check_version (MHD_REQ_CURL_VERSION))
    {
      return 0;
    }

  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error: %s\n", strerror (errno));
      return 0; 
    }

  char *aes128_sha = "AES128-SHA";
  char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes128_sha = "rsa_aes_128_sha";
      aes256_sha = "rsa_aes_256_sha";
    }


  errorCount +=
    test_wrap ("TLS1.0-AES-SHA1",
	       &test_https_transfer, NULL, daemon_flags,
	       aes128_sha,
	       CURL_SSLVERSION_TLSv1,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END);
  errorCount +=
    test_wrap ("TLS1.0-AES-SHA1",
	       &test_https_transfer, NULL, daemon_flags,
	       aes128_sha,
	       CURL_SSLVERSION_SSLv3,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END);

  errorCount +=
    test_wrap ("SSL3.0-AES-SHA1",
	       &test_https_transfer, NULL, daemon_flags,
	       aes128_sha,
	       CURL_SSLVERSION_SSLv3,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END);
#if 0
  /* manual inspection of the handshake suggests that CURL will
     request TLSv1, we send back "SSL3" and CURL takes it *despite*
     being configured to speak SSL3-only.  Notably, the other way
     round (have curl request SSL3, respond with TLSv1 only)
     is properly refused by CURL.  Either way, this does NOT seem
     to be a bug in MHD/gnuTLS but rather in CURL; hence this
     test is commented out here... */
  errorCount +=
    test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
               NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
               MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
               MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
               MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif

  errorCount +=
    test_wrap ("TLS1.0 vs SSL3",
	       &test_unmatching_ssl_version, NULL, daemon_flags,
	       aes256_sha,
	       CURL_SSLVERSION_SSLv3,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END);
  curl_global_cleanup ();

  return errorCount != 0;
}

Example #8

0

Show file

File: mhds_get_test_select.c Project: dcolish/restpose

static int
testExternalGet ()
{
  struct MHD_Daemon *d;
  CURL *c;
  char buf[2048];
  struct CBC cbc;
  CURLM *multi;
  CURLMcode mret;
  fd_set rs;
  fd_set ws;
  fd_set es;
  int max;
  int running;
  struct CURLMsg *msg;
  time_t start;
  struct timeval tv;

  multi = NULL;
  cbc.buf = buf;
  cbc.size = 2048;
  cbc.pos = 0;
  d = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL,
                        1082, NULL, NULL, &ahc_echo, "GET", 
                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
			MHD_OPTION_END);
  if (d == NULL)
    return 256;

  char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha = "rsa_aes_256_sha";
    }

  c = curl_easy_init ();
  curl_easy_setopt (c, CURLOPT_URL, "https://localhost:1082/hello_world");
  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
  curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
  /* TLS options */
  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
  if (oneone)
    curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  else
    curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
  curl_easy_setopt (c, CURLOPT_TIMEOUT, 150L);
  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 15L);
  /* NOTE: use of CONNECTTIMEOUT without also
     setting NOSIGNAL results in really weird
     crashes on my system! */
  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);


  multi = curl_multi_init ();
  if (multi == NULL)
    {
      curl_easy_cleanup (c);
      MHD_stop_daemon (d);
      return 512;
    }
  mret = curl_multi_add_handle (multi, c);
  if (mret != CURLM_OK)
    {
      curl_multi_cleanup (multi);
      curl_easy_cleanup (c);
      MHD_stop_daemon (d);
      return 1024;
    }
  start = time (NULL);
  while ((time (NULL) - start < 5) && (multi != NULL))
    {
      max = 0;
      FD_ZERO (&rs);
      FD_ZERO (&ws);
      FD_ZERO (&es);
      curl_multi_perform (multi, &running);
      mret = curl_multi_fdset (multi, &rs, &ws, &es, &max);
      if (mret != CURLM_OK)
        {
          curl_multi_remove_handle (multi, c);
          curl_multi_cleanup (multi);
          curl_easy_cleanup (c);
          MHD_stop_daemon (d);
          return 2048;
        }
      if (MHD_YES != MHD_get_fdset (d, &rs, &ws, &es, &max))
        {
          curl_multi_remove_handle (multi, c);
          curl_multi_cleanup (multi);
          curl_easy_cleanup (c);
          MHD_stop_daemon (d);
          return 4096;
        }
      tv.tv_sec = 0;
      tv.tv_usec = 1000;
      select (max + 1, &rs, &ws, &es, &tv);
      curl_multi_perform (multi, &running);
      if (running == 0)
        {
          msg = curl_multi_info_read (multi, &running);
          if (msg == NULL)
            break;
          if (msg->msg == CURLMSG_DONE)
            {
              if (msg->data.result != CURLE_OK)
                printf ("%s failed at %s:%d: `%s'\n",
                        "curl_multi_perform",
                        __FILE__,
                        __LINE__, curl_easy_strerror (msg->data.result));
              curl_multi_remove_handle (multi, c);
              curl_multi_cleanup (multi);
              curl_easy_cleanup (c);
              c = NULL;
              multi = NULL;
            }
        }
      MHD_run (d);
    }
  if (multi != NULL)
    {
      curl_multi_remove_handle (multi, c);
      curl_easy_cleanup (c);
      curl_multi_cleanup (multi);
    }
  MHD_stop_daemon (d);
  if (cbc.pos != strlen ("/hello_world"))
    return 8192;
  if (0 != strncmp ("/hello_world", cbc.buf, strlen ("/hello_world")))
    return 16384;
  return 0;
}

Example #9

0

Show file

File: test_tls_options.c Project: Paxxi/libmicrohttpd

/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  const char *ssl_version;
  int daemon_flags =
    MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;

  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
 if (curl_check_version (MHD_REQ_CURL_VERSION))
    {
      return 77;
    }
  ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
  if (NULL == ssl_version)
  {
    fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
    return 77;
  }
  if (0 != strncmp (ssl_version, "GnuTLS", 6))
  {
    fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
    return 77;
  }

  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error: %s\n", strerror (errno));
      return 77;
    }

  const char *aes128_sha = "AES128-SHA";
  const char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes128_sha = "rsa_aes_128_sha";
      aes256_sha = "rsa_aes_256_sha";
    }


  if (0 !=
    test_wrap ("TLS1.0-AES-SHA1",
	       &test_https_transfer, NULL, daemon_flags,
	       aes128_sha,
	       CURL_SSLVERSION_TLSv1,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END))
    {
      fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
      errorCount++;
    }
  fprintf (stderr,
	   "The following handshake should fail (and print an error message)...\n");
  if (0 !=
    test_wrap ("TLS1.0 vs SSL3",
	       &test_unmatching_ssl_version, NULL, daemon_flags,
	       aes256_sha,
	       CURL_SSLVERSION_SSLv3,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END))
    {
      fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
      errorCount++;
    }
  curl_global_cleanup ();

  return errorCount != 0;
}

Example #10

0

Show file

File: test_tls_options.c Project: Chris112/sep

/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
  unsigned int errorCount = 0;
  const char *ssl_version;
  int daemon_flags =
    MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;

  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
 if (curl_check_version (MHD_REQ_CURL_VERSION))
    {
      return 0;
    }
  ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
  if (NULL == ssl_version)
  {
    fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
    return 0;
  }
  if (0 != strncmp (ssl_version, "GnuTLS", 6))
  {
    fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
    return 0;
  }

  if (0 != curl_global_init (CURL_GLOBAL_ALL))
    {
      fprintf (stderr, "Error: %s\n", strerror (errno));
      return 0; 
    }

  const char *aes128_sha = "AES128-SHA";
  const char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes128_sha = "rsa_aes_128_sha";
      aes256_sha = "rsa_aes_256_sha";
    }
  

  if (0 != 
    test_wrap ("TLS1.0-AES-SHA1",
	       &test_https_transfer, NULL, daemon_flags,
	       aes128_sha,
	       CURL_SSLVERSION_TLSv1,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END))
    {
      fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
      errorCount++;
    }
#if 0
  /* this used to work, but somehow no longer.  gnutls issue? */
  if (0 != 
      test_wrap ("SSL3.0-AES256-SHA1", 
		 &test_https_transfer, NULL, daemon_flags,
		 aes256_sha,
		 CURL_SSLVERSION_SSLv3,
		 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
		 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
		 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END))
    {
      fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
      errorCount++;
    }
  if (0 !=
      test_wrap ("SSL3.0-AES-SHA1",
		 &test_https_transfer, NULL, daemon_flags,
		 aes128_sha,
		 CURL_SSLVERSION_SSLv3,
		 MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
		 MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
		 MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
		 MHD_OPTION_END))
    {
      fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
      errorCount++;
    }
#endif


#if 0
  /* manual inspection of the handshake suggests that CURL will
     request TLSv1, we send back "SSL3" and CURL takes it *despite*
     being configured to speak SSL3-only.  Notably, the other way
     round (have curl request SSL3, respond with TLSv1 only)
     is properly refused by CURL.  Either way, this does NOT seem
     to be a bug in MHD/gnuTLS but rather in CURL; hence this
     test is commented out here... */
  errorCount +=
    test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
               NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
               MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
               MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
               MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif

  fprintf (stderr,
	   "The following handshake should fail (and print an error message)...\n");
  if (0 !=
    test_wrap ("TLS1.0 vs SSL3",
	       &test_unmatching_ssl_version, NULL, daemon_flags,
	       aes256_sha,
	       CURL_SSLVERSION_SSLv3,
	       MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
	       MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
	       MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
	       MHD_OPTION_END))
    {
      fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
      errorCount++;
    }
  curl_global_cleanup ();

  return errorCount != 0;
}

Example #11

0

Show file

File: mhds_session_info_test.c Project: morria/CoffeeD

/*
 * negotiate a secure connection with server & query negotiated security parameters
 */
static int
test_query_session ()
{
  CURL *c;
  struct CBC cbc;
  CURLcode errornum;
  char url[256];

  if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
    return 16;
  cbc.size = 255;
  cbc.pos = 0;

  gen_test_file_url (url, DEAMON_TEST_PORT);

  /* setup test */
  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
                        MHD_USE_DEBUG, DEAMON_TEST_PORT,
                        NULL, NULL, &query_session_ahc, NULL,
			MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:-AES-128-CBC",
                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                        MHD_OPTION_END);

  if (d == NULL)
    return 2;

  char *aes256_sha = "AES256-SHA";
  if (curl_uses_nss_ssl() == 0)
    {
      aes256_sha = "rsa_aes_256_sha";
    }

  c = curl_easy_init ();
#if DEBUG_HTTPS_TEST
  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
#endif
  curl_easy_setopt (c, CURLOPT_URL, url);
  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
  curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
  /* TLS options */
  curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
  /* currently skip any peer authentication */
  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);

  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);

  // NOTE: use of CONNECTTIMEOUT without also
  //   setting NOSIGNAL results in really weird
  //   crashes on my system!
  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
  if (CURLE_OK != (errornum = curl_easy_perform (c)))
    {
      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
               curl_easy_strerror (errornum));

      MHD_stop_daemon (d);
      curl_easy_cleanup (c);
      free (cbc.buf);
      return -1;
    }

  MHD_stop_daemon (d);
  curl_easy_cleanup (c);
  free (cbc.buf);
  return 0;
}