/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 77;
}
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
if (0 != strncmp (ssl_version, "GnuTLS", 6))
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
return 77;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 77;
}
const char *aes128_sha = "AES128-SHA";
const char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
if (0 !=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
errorCount++;
}
fprintf (stderr,
"The following handshake should fail (and print an error message)...\n");
if (0 !=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
errorCount++;
}
curl_global_cleanup ();
return errorCount != 0;
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 0;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 0;
}
char *aes128_sha = "AES128-SHA";
char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
errorCount +=
test_wrap ("SSL3.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
#if 0
/* manual inspection of the handshake suggests that CURL will
request TLSv1, we send back "SSL3" and CURL takes it *despite*
being configured to speak SSL3-only. Notably, the other way
round (have curl request SSL3, respond with TLSv1 only)
is properly refused by CURL. Either way, this does NOT seem
to be a bug in MHD/gnuTLS but rather in CURL; hence this
test is commented out here... */
errorCount +=
test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif
errorCount +=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
curl_global_cleanup ();
return errorCount != 0;
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 0;
}
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 0;
}
if (0 != strncmp (ssl_version, "GnuTLS", 6))
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
return 0;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 0;
}
const char *aes128_sha = "AES128-SHA";
const char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
if (0 !=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
errorCount++;
}
#if 0
/* this used to work, but somehow no longer. gnutls issue? */
if (0 !=
test_wrap ("SSL3.0-AES256-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
errorCount++;
}
if (0 !=
test_wrap ("SSL3.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
errorCount++;
}
#endif
#if 0
/* manual inspection of the handshake suggests that CURL will
request TLSv1, we send back "SSL3" and CURL takes it *despite*
being configured to speak SSL3-only. Notably, the other way
round (have curl request SSL3, respond with TLSv1 only)
is properly refused by CURL. Either way, this does NOT seem
to be a bug in MHD/gnuTLS but rather in CURL; hence this
test is commented out here... */
errorCount +=
test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif
fprintf (stderr,
"The following handshake should fail (and print an error message)...\n");
if (0 !=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
errorCount++;
}
curl_global_cleanup ();
return errorCount != 0;
}
