int main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *aes256_sha_tlsv1 = "AES256-SHA"; const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA"; gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return -1; } if (curl_uses_nss_ssl() == 0) { aes256_sha_tlsv1 = "rsa_aes_256_sha"; des_cbc3_sha_tlsv1 = "rsa_aes_128_sha"; } errorCount += test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); errorCount += test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1); print_test_result (errorCount, argv[0]); curl_global_cleanup (); return errorCount != 0; }
int main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *aes256_sha_tlsv1 = "AES256-SHA"; (void)argc; /* Unused. Silent compiler warning. */ #ifdef MHD_HTTPS_REQUIRE_GRYPT gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif #endif /* MHD_HTTPS_REQUIRE_GRYPT */ if (!testsuite_curl_global_init ()) return 99; if (NULL == curl_version_info (CURLVERSION_NOW)->ssl_version) { fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); curl_global_cleanup (); return 77; } if (curl_uses_nss_ssl() == 0) { aes256_sha_tlsv1 = "rsa_aes_256_sha"; } errorCount += test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1); print_test_result (errorCount, argv[0]); curl_global_cleanup (); return errorCount != 0 ? 1 : 0; }
int main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *ssl_version; /* initialize random seed used by curl clients */ unsigned int iseed = (unsigned int) time (NULL); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif srand (iseed); ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; if (NULL == ssl_version) { fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); return 0; } if (0 != strncmp (ssl_version, "GnuTLS", 6)) { fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); return 0; } if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return -1; } char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } errorCount += test_wrap ("multi threaded daemon, single client", &test_single_client, NULL, MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION, aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); errorCount += test_wrap ("multi threaded daemon, parallel client", &test_parallel_clients, NULL, MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION, aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); if (errorCount != 0) fprintf (stderr, "Failed test: %s.\n", argv[0]); curl_global_cleanup (); return errorCount != 0; }
int main (int argc, char *const *argv) { unsigned int errorCount = 0; FILE *cert; gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error (code: %u). l:%d f:%s\n", errorCount, __LINE__, __FUNCTION__); return -1; } if ((cert = setup_ca_cert ()) == NULL) { fprintf (stderr, MHD_E_TEST_FILE_CREAT); return -1; } const char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } errorCount += test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3); print_test_result (errorCount, "concurent_daemon_pair"); curl_global_cleanup (); fclose (cert); if (0 != remove (ca_cert_file_name)) fprintf (stderr, "Failed to remove `%s'\n", ca_cert_file_name); return errorCount != 0; }
int main (int argc, char *const *argv) { unsigned int errorCount = 0; /* initialize random seed used by curl clients */ unsigned int iseed = (unsigned int) time (NULL); srand (iseed); gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return -1; } char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } errorCount += test_wrap ("single threaded daemon, single client", &test_single_client, NULL, MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG, aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); errorCount += test_wrap ("single threaded daemon, parallel clients", &test_parallel_clients, NULL, MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG, aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); curl_global_cleanup (); return errorCount != 0; }
int main (int argc, char *const *argv) { unsigned int errorCount = 0; gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif if (setup_ca_cert () == NULL) { fprintf (stderr, MHD_E_TEST_FILE_CREAT); return -1; } if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error (code: %u)\n", errorCount); return -1; } char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } errorCount += test_secure_get (NULL, aes256_sha, CURL_SSLVERSION_TLSv1); print_test_result (errorCount, argv[0]); curl_global_cleanup (); if (0 != remove (ca_cert_file_name)) fprintf (stderr, "Failed to remove `%s'\n", ca_cert_file_name); return errorCount != 0; }
/* setup a temporary transfer test file */ int main (int argc, char *const *argv) { unsigned int errorCount = 0; int daemon_flags = MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); if (curl_check_version (MHD_REQ_CURL_VERSION)) { return 0; } if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return 0; } char *aes128_sha = "AES128-SHA"; char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes128_sha = "rsa_aes_128_sha"; aes256_sha = "rsa_aes_256_sha"; } errorCount += test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END); errorCount += test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END); errorCount += test_wrap ("SSL3.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END); #if 0 /* manual inspection of the handshake suggests that CURL will request TLSv1, we send back "SSL3" and CURL takes it *despite* being configured to speak SSL3-only. Notably, the other way round (have curl request SSL3, respond with TLSv1 only) is properly refused by CURL. Either way, this does NOT seem to be a bug in MHD/gnuTLS but rather in CURL; hence this test is commented out here... */ errorCount += test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version, NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); #endif errorCount += test_wrap ("TLS1.0 vs SSL3", &test_unmatching_ssl_version, NULL, daemon_flags, aes256_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END); curl_global_cleanup (); return errorCount != 0; }
static int testExternalGet () { struct MHD_Daemon *d; CURL *c; char buf[2048]; struct CBC cbc; CURLM *multi; CURLMcode mret; fd_set rs; fd_set ws; fd_set es; int max; int running; struct CURLMsg *msg; time_t start; struct timeval tv; multi = NULL; cbc.buf = buf; cbc.size = 2048; cbc.pos = 0; d = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL, 1082, NULL, NULL, &ahc_echo, "GET", MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); if (d == NULL) return 256; char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } c = curl_easy_init (); curl_easy_setopt (c, CURLOPT_URL, "https://localhost:1082/hello_world"); curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc); /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); if (oneone) curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); else curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); curl_easy_setopt (c, CURLOPT_TIMEOUT, 150L); curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 15L); /* NOTE: use of CONNECTTIMEOUT without also setting NOSIGNAL results in really weird crashes on my system! */ curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); multi = curl_multi_init (); if (multi == NULL) { curl_easy_cleanup (c); MHD_stop_daemon (d); return 512; } mret = curl_multi_add_handle (multi, c); if (mret != CURLM_OK) { curl_multi_cleanup (multi); curl_easy_cleanup (c); MHD_stop_daemon (d); return 1024; } start = time (NULL); while ((time (NULL) - start < 5) && (multi != NULL)) { max = 0; FD_ZERO (&rs); FD_ZERO (&ws); FD_ZERO (&es); curl_multi_perform (multi, &running); mret = curl_multi_fdset (multi, &rs, &ws, &es, &max); if (mret != CURLM_OK) { curl_multi_remove_handle (multi, c); curl_multi_cleanup (multi); curl_easy_cleanup (c); MHD_stop_daemon (d); return 2048; } if (MHD_YES != MHD_get_fdset (d, &rs, &ws, &es, &max)) { curl_multi_remove_handle (multi, c); curl_multi_cleanup (multi); curl_easy_cleanup (c); MHD_stop_daemon (d); return 4096; } tv.tv_sec = 0; tv.tv_usec = 1000; select (max + 1, &rs, &ws, &es, &tv); curl_multi_perform (multi, &running); if (running == 0) { msg = curl_multi_info_read (multi, &running); if (msg == NULL) break; if (msg->msg == CURLMSG_DONE) { if (msg->data.result != CURLE_OK) printf ("%s failed at %s:%d: `%s'\n", "curl_multi_perform", __FILE__, __LINE__, curl_easy_strerror (msg->data.result)); curl_multi_remove_handle (multi, c); curl_multi_cleanup (multi); curl_easy_cleanup (c); c = NULL; multi = NULL; } } MHD_run (d); } if (multi != NULL) { curl_multi_remove_handle (multi, c); curl_easy_cleanup (c); curl_multi_cleanup (multi); } MHD_stop_daemon (d); if (cbc.pos != strlen ("/hello_world")) return 8192; if (0 != strncmp ("/hello_world", cbc.buf, strlen ("/hello_world"))) return 16384; return 0; }
/* setup a temporary transfer test file */ int main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *ssl_version; int daemon_flags = MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif if (curl_check_version (MHD_REQ_CURL_VERSION)) { return 77; } ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; if (NULL == ssl_version) { fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); return 77; } if (0 != strncmp (ssl_version, "GnuTLS", 6)) { fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); return 77; } if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return 77; } const char *aes128_sha = "AES128-SHA"; const char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes128_sha = "rsa_aes_128_sha"; aes256_sha = "rsa_aes_256_sha"; } if (0 != test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); errorCount++; } fprintf (stderr, "The following handshake should fail (and print an error message)...\n"); if (0 != test_wrap ("TLS1.0 vs SSL3", &test_unmatching_ssl_version, NULL, daemon_flags, aes256_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); errorCount++; } curl_global_cleanup (); return errorCount != 0; }
/* setup a temporary transfer test file */ int main (int argc, char *const *argv) { unsigned int errorCount = 0; const char *ssl_version; int daemon_flags = MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef GCRYCTL_INITIALIZATION_FINISHED gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); #endif if (curl_check_version (MHD_REQ_CURL_VERSION)) { return 0; } ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version; if (NULL == ssl_version) { fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n"); return 0; } if (0 != strncmp (ssl_version, "GnuTLS", 6)) { fprintf (stderr, "This test can be run only with libcurl-gnutls.\n"); return 0; } if (0 != curl_global_init (CURL_GLOBAL_ALL)) { fprintf (stderr, "Error: %s\n", strerror (errno)); return 0; } const char *aes128_sha = "AES128-SHA"; const char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes128_sha = "rsa_aes_128_sha"; aes256_sha = "rsa_aes_256_sha"; } if (0 != test_wrap ("TLS1.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n"); errorCount++; } #if 0 /* this used to work, but somehow no longer. gnutls issue? */ if (0 != test_wrap ("SSL3.0-AES256-SHA1", &test_https_transfer, NULL, daemon_flags, aes256_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n"); errorCount++; } if (0 != test_wrap ("SSL3.0-AES-SHA1", &test_https_transfer, NULL, daemon_flags, aes128_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n"); errorCount++; } #endif #if 0 /* manual inspection of the handshake suggests that CURL will request TLSv1, we send back "SSL3" and CURL takes it *despite* being configured to speak SSL3-only. Notably, the other way round (have curl request SSL3, respond with TLSv1 only) is properly refused by CURL. Either way, this does NOT seem to be a bug in MHD/gnuTLS but rather in CURL; hence this test is commented out here... */ errorCount += test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version, NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END); #endif fprintf (stderr, "The following handshake should fail (and print an error message)...\n"); if (0 != test_wrap ("TLS1.0 vs SSL3", &test_unmatching_ssl_version, NULL, daemon_flags, aes256_sha, CURL_SSLVERSION_SSLv3, MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL", MHD_OPTION_END)) { fprintf (stderr, "TLS1.0 vs SSL3 test failed\n"); errorCount++; } curl_global_cleanup (); return errorCount != 0; }
/* * negotiate a secure connection with server & query negotiated security parameters */ static int test_query_session () { CURL *c; struct CBC cbc; CURLcode errornum; char url[256]; if (NULL == (cbc.buf = malloc (sizeof (char) * 255))) return 16; cbc.size = 255; cbc.pos = 0; gen_test_file_url (url, DEAMON_TEST_PORT); /* setup test */ d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG, DEAMON_TEST_PORT, NULL, NULL, &query_session_ahc, NULL, MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:-AES-128-CBC", MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); if (d == NULL) return 2; char *aes256_sha = "AES256-SHA"; if (curl_uses_nss_ssl() == 0) { aes256_sha = "rsa_aes_256_sha"; } c = curl_easy_init (); #if DEBUG_HTTPS_TEST curl_easy_setopt (c, CURLOPT_VERBOSE, 1); #endif curl_easy_setopt (c, CURLOPT_URL, url); curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); curl_easy_setopt (c, CURLOPT_FILE, &cbc); /* TLS options */ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); /* currently skip any peer authentication */ curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); // NOTE: use of CONNECTTIMEOUT without also // setting NOSIGNAL results in really weird // crashes on my system! curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); if (CURLE_OK != (errornum = curl_easy_perform (c))) { fprintf (stderr, "curl_easy_perform failed: `%s'\n", curl_easy_strerror (errornum)); MHD_stop_daemon (d); curl_easy_cleanup (c); free (cbc.buf); return -1; } MHD_stop_daemon (d); curl_easy_cleanup (c); free (cbc.buf); return 0; }