Google Git
Sign in
nest-open-source / manifest_repos / libmicrohttpd / 18761039558e20879564e2ac691e1a64c12d1e56 / . / src / testcurl / https / test_https_session_info.c
blob: 084ffe676f17334e54d02b0322c9ea75b6b11b7d [file] [log] [blame]
/*
This file is part of libmicrohttpd
Copyright (C) 2007, 2016 Christian Grothoff
Copyright (C) 2016-2021 Evgeny Grin (Karlson2k)
libmicrohttpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2, or (at your
option) any later version.
libmicrohttpd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with libmicrohttpd; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
/**
* @file test_https_session_info.c
* @brief Testcase for libmicrohttpd HTTPS connection querying operations
* @author Sagie Amir
* @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "microhttpd.h"
#include <curl/curl.h>
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
#include <gcrypt.h>
#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
#include "tls_test_common.h"
#include "tls_test_keys.h"
static int test_append_prio;
/*
* HTTP access handler call back
* used to query negotiated security parameters
*/
static enum MHD_Result
query_info_ahc (void *cls, struct MHD_Connection *connection,
const char *url, const char *method,
const char *version, const char *upload_data,
size_t *upload_data_size, void **req_cls)
{
struct MHD_Response *response;
enum MHD_Result ret;
const union MHD_ConnectionInfo *conn_info;
enum know_gnutls_tls_id *used_tls_ver;
(void) url; (void) method; (void) version; /* Unused. Silent compiler warning. */
(void) upload_data; (void) upload_data_size; /* Unused. Silent compiler warning. */
used_tls_ver = (enum know_gnutls_tls_id *) cls;
if (NULL == *req_cls)
{
*req_cls = (void *) &query_info_ahc;
return MHD_YES;
}
conn_info = MHD_get_connection_info (connection,
MHD_CONNECTION_INFO_PROTOCOL);
if (NULL == conn_info)
{
fflush (stderr);
fflush (stdout);
fprintf (stderr, "MHD_get_connection_info() failed.\n");
fflush (stderr);
return MHD_NO;
}
if (0 == (unsigned int) conn_info->protocol)
{
fflush (stderr);
fflush (stdout);
fprintf (stderr, "MHD_get_connection_info()->protocol has "
"wrong zero value.\n");
fflush (stderr);
return MHD_NO;
}
*used_tls_ver = (enum know_gnutls_tls_id) conn_info->protocol;
response = MHD_create_response_from_buffer_static (strlen (EMPTY_PAGE),
EMPTY_PAGE);
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
MHD_destroy_response (response);
return ret;
}
/**
* negotiate a secure connection with server & query negotiated security parameters
*/
static unsigned int
test_query_session (enum know_gnutls_tls_id tls_ver, uint16_t *pport)
{
CURL *c;
struct CBC cbc;
CURLcode errornum;
char url[256];
enum know_gnutls_tls_id found_tls_ver;
struct MHD_Daemon *d;
if (NULL == (cbc.buf = malloc (sizeof (char) * 255)))
return 99;
cbc.size = 255;
cbc.pos = 0;
/* setup test */
found_tls_ver = KNOWN_BAD;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION
| MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS
| MHD_USE_ERROR_LOG, *pport,
NULL, NULL,
&query_info_ahc, &found_tls_ver,
test_append_prio ?
MHD_OPTION_HTTPS_PRIORITIES_APPEND :
MHD_OPTION_HTTPS_PRIORITIES,
test_append_prio ?
priorities_append_map[tls_ver] :
priorities_map[tls_ver],
MHD_OPTION_HTTPS_MEM_KEY, srv_self_signed_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
if (d == NULL)
{
free (cbc.buf);
fprintf (stderr, "MHD_start_daemon() with %s failed.\n",
tls_names[tls_ver]);
fflush (stderr);
return 77;
}
if (0 == *pport)
{
const union MHD_DaemonInfo *dinfo;
dinfo = MHD_get_daemon_info (d, MHD_DAEMON_INFO_BIND_PORT);
if ((NULL == dinfo) || (0 == dinfo->port) )
{
MHD_stop_daemon (d);
free (cbc.buf);
fprintf (stderr, "MHD_get_daemon_info() failed.\n");
fflush (stderr);
return 10;
}
*pport = dinfo->port; /* Use the same port for rest of the checks */
}
gen_test_uri (url,
sizeof (url),
*pport);
c = curl_easy_init ();
fflush (stderr);
if (NULL == c)
{
fprintf (stderr, "curl_easy_init() failed.\n");
fflush (stderr);
MHD_stop_daemon (d);
free (cbc.buf);
return 99;
}
#ifdef _DEBUG
curl_easy_setopt (c, CURLOPT_VERBOSE, 1L);
#endif
if ((CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_URL, url))) ||
(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_HTTP_VERSION,
CURL_HTTP_VERSION_1_1))) ||
(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L))) ||
(CURLE_OK !=
(errornum = curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L))) ||
(CURLE_OK !=
(errornum = curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer))) ||
(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_WRITEDATA,
&cbc))) ||
/* TLS options */
/* currently skip any peer authentication */
(CURLE_OK !=
(errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0L))) ||
(CURLE_OK !=
(errornum = curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0L))) ||
(CURLE_OK !=
(errornum = curl_easy_setopt (c, CURLOPT_FAILONERROR, 1L))) ||
(CURLE_OK != (errornum = curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1L))))
{
curl_easy_cleanup (c);
free (cbc.buf);
MHD_stop_daemon (d);
fflush (stderr);
fflush (stdout);
fprintf (stderr, "Error setting libcurl option: %s.\n",
curl_easy_strerror (errornum));
fflush (stderr);
return 99;
}
if (CURLE_OK != (errornum = curl_easy_perform (c)))
{
unsigned int ret;
curl_easy_cleanup (c);
free (cbc.buf);
MHD_stop_daemon (d);
fflush (stderr);
fflush (stdout);
if ((CURLE_SSL_CONNECT_ERROR == errornum) ||
(CURLE_SSL_CIPHER == errornum))
{
ret = 77;
fprintf (stderr, "libcurl request failed due to TLS error: '%s'\n",
curl_easy_strerror (errornum));
}
else
{
ret = 1;
fprintf (stderr, "curl_easy_perform failed: '%s'\n",
curl_easy_strerror (errornum));
}
fflush (stderr);
return ret;
}
curl_easy_cleanup (c);
free (cbc.buf);
MHD_stop_daemon (d);
if (tls_ver != found_tls_ver)
{
fflush (stderr);
fflush (stdout);
fprintf (stderr, "MHD_get_connection_info (conn, "
"MHD_CONNECTION_INFO_PROTOCOL) returned unexpected "
"protocol version.\n"
"\tReturned: %s (%u)\tExpected: %s (%u)\n",
((unsigned int) found_tls_ver) > KNOWN_TLS_MAX ?
"[wrong value]" : tls_names[found_tls_ver],
(unsigned int) found_tls_ver,
tls_names[tls_ver], (unsigned int) tls_ver);
fflush (stderr);
return 2;
}
return 0;
}
static unsigned int
test_all_supported_versions (void)
{
enum know_gnutls_tls_id ver_for_test; /**< TLS version used for test */
const gnutls_protocol_t *vers_list; /**< The list of GnuTLS supported TLS versions */
uint16_t port;
unsigned int num_success; /**< Number of tests succeeded */
unsigned int num_failed; /**< Number of tests failed */
if (MHD_NO != MHD_is_feature_supported (MHD_FEATURE_AUTODETECT_BIND_PORT))
port = 0; /* Use system automatic assignment */
else
port = 3060; /* Use predefined port, may break parallel testing of another MHD build */
vers_list = gnutls_protocol_list ();
if (NULL == vers_list)
{
fprintf (stderr, "Error getting GnuTLS supported TLS versions");
return 99;
}
num_success = 0;
num_failed = 0;
for (ver_for_test = KNOWN_TLS_MIN; KNOWN_TLS_MAX >= ver_for_test;
++ver_for_test)
{
const gnutls_protocol_t *ver_ptr; /**< The pointer to the position on the @a vers_list */
unsigned int res;
for (ver_ptr = vers_list; 0 != *ver_ptr; ++ver_ptr)
{
if (ver_for_test == (enum know_gnutls_tls_id) *ver_ptr)
break;
}
if (0 == *ver_ptr)
{
printf ("%s is not supported by GnuTLS, skipping.\n\n",
tls_names[ver_for_test]);
fflush (stdout);
continue;
}
printf ("Starting check for %s...\n",
tls_names[ver_for_test]);
fflush (stdout);
res = test_query_session (ver_for_test, &port);
fflush (stderr);
fflush (stdout);
if (99 == res)
{
fprintf (stderr, "Hard error. Test stopped.\n");
fflush (stderr);
return 99;
}
else if (77 == res)
{
printf ("%s does not work with libcurl client and GnuTLS "
"server combination, skipping.\n",
tls_names[ver_for_test]);
fflush (stdout);
}
else if (0 != res)
{
fprintf (stderr, "Check failed for %s.\n",
tls_names[ver_for_test]);
fflush (stderr);
num_failed++;
}
else
{
printf ("Check succeeded for %s.\n",
tls_names[ver_for_test]);
fflush (stdout);
num_success++;
}
printf ("\n");
fflush (stdout);
}
if (0 == num_failed)
{
if (0 == num_success)
{
fprintf (stderr, "No supported TLS version was found.\n");
fflush (stderr);
return 77;
}
return 0;
}
return num_failed;
}
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
(void) argc; /* Unused. Silent compiler warning. */
#ifdef MHD_HTTPS_REQUIRE_GCRYPT
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
#endif /* MHD_HTTPS_REQUIRE_GCRYPT */
test_append_prio = has_in_name (argv[0], "_append");
if (! testsuite_curl_global_init ())
return 99;
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
curl_global_cleanup ();
return 77;
}
errorCount = test_all_supported_versions ();
fflush (stderr);
fflush (stdout);
curl_global_cleanup ();
if (77 == errorCount)
return 77;
else if (99 == errorCount)
return 99;
print_test_result (errorCount, argv[0]);
return errorCount != 0 ? 1 : 0;
}