| /* |
| This file is part of libmicrohttpd |
| Copyright (C) 2007 Christian Grothoff |
| |
| libmicrohttpd is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published |
| by the Free Software Foundation; either version 2, or (at your |
| option) any later version. |
| |
| libmicrohttpd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with libmicrohttpd; see the file COPYING. If not, write to the |
| Free Software Foundation, Inc., 59 Temple Place - Suite 330, |
| Boston, MA 02111-1307, USA. |
| */ |
| |
| /** |
| * @file mhds_session_info_test.c |
| * @brief Testcase for libmicrohttpd HTTPS connection querying operations |
| * @author Sagie Amir |
| */ |
| |
| #include "platform.h" |
| #include "microhttpd.h" |
| #include <curl/curl.h> |
| #include <gcrypt.h> |
| #include "tls_test_common.h" |
| |
| extern int curl_check_version (const char *req_version, ...); |
| extern const char srv_key_pem[]; |
| extern const char srv_self_signed_cert_pem[]; |
| |
| struct MHD_Daemon *d; |
| |
| /* |
| * HTTP access handler call back |
| * used to query negotiated security parameters |
| */ |
| static int |
| query_session_ahc (void *cls, struct MHD_Connection *connection, |
| const char *url, const char *method, |
| const char *upload_data, const char *version, |
| size_t *upload_data_size, void **ptr) |
| { |
| struct MHD_Response *response; |
| int ret; |
| |
| if (NULL == *ptr) |
| { |
| *ptr = &query_session_ahc; |
| return MHD_YES; |
| } |
| |
| if (GNUTLS_TLS1_1 != |
| (ret = MHD_get_connection_info |
| (connection, |
| MHD_CONNECTION_INFO_PROTOCOL)->protocol)) |
| { |
| if (GNUTLS_TLS1_2 == ret) |
| { |
| /* as usual, TLS implementations sometimes don't |
| quite do what was asked, just mildly complain... */ |
| fprintf (stderr, |
| "Warning: requested TLS 1.1, got TLS 1.2\n"); |
| } |
| else |
| { |
| /* really different version... */ |
| fprintf (stderr, |
| "Error: requested protocol mismatch (wanted %d, got %d)\n", |
| GNUTLS_TLS1_1, |
| ret); |
| return -1; |
| } |
| } |
| |
| response = MHD_create_response_from_buffer (strlen (EMPTY_PAGE), |
| (void *) EMPTY_PAGE, |
| MHD_RESPMEM_PERSISTENT); |
| ret = MHD_queue_response (connection, MHD_HTTP_OK, response); |
| MHD_destroy_response (response); |
| return ret; |
| } |
| |
| |
| /** |
| * negotiate a secure connection with server & query negotiated security parameters |
| */ |
| static int |
| test_query_session () |
| { |
| CURL *c; |
| struct CBC cbc; |
| CURLcode errornum; |
| char url[256]; |
| |
| if (NULL == (cbc.buf = malloc (sizeof (char) * 255))) |
| return 16; |
| cbc.size = 255; |
| cbc.pos = 0; |
| |
| gen_test_file_url (url, DEAMON_TEST_PORT); |
| |
| /* setup test */ |
| d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | |
| MHD_USE_DEBUG, DEAMON_TEST_PORT, |
| NULL, NULL, &query_session_ahc, NULL, |
| MHD_OPTION_HTTPS_PRIORITIES, "NORMAL:+ARCFOUR-128", |
| MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem, |
| MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
| MHD_OPTION_END); |
| |
| if (d == NULL) |
| return 2; |
| |
| const char *aes256_sha = "AES256-SHA"; |
| if (curl_uses_nss_ssl() == 0) |
| { |
| aes256_sha = "rsa_aes_256_sha"; |
| } |
| |
| c = curl_easy_init (); |
| #if DEBUG_HTTPS_TEST |
| curl_easy_setopt (c, CURLOPT_VERBOSE, 1); |
| #endif |
| curl_easy_setopt (c, CURLOPT_URL, url); |
| curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); |
| curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L); |
| curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L); |
| curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer); |
| curl_easy_setopt (c, CURLOPT_FILE, &cbc); |
| /* TLS options */ |
| curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); |
| curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha); |
| /* currently skip any peer authentication */ |
| curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0); |
| curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0); |
| curl_easy_setopt (c, CURLOPT_FAILONERROR, 1); |
| |
| // NOTE: use of CONNECTTIMEOUT without also |
| // setting NOSIGNAL results in really weird |
| // crashes on my system! |
| curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1); |
| if (CURLE_OK != (errornum = curl_easy_perform (c))) |
| { |
| fprintf (stderr, "curl_easy_perform failed: `%s'\n", |
| curl_easy_strerror (errornum)); |
| |
| MHD_stop_daemon (d); |
| curl_easy_cleanup (c); |
| free (cbc.buf); |
| return -1; |
| } |
| |
| curl_easy_cleanup (c); |
| MHD_stop_daemon (d); |
| free (cbc.buf); |
| return 0; |
| } |
| |
| |
| int |
| main (int argc, char *const *argv) |
| { |
| unsigned int errorCount = 0; |
| |
| gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); |
| #ifdef GCRYCTL_INITIALIZATION_FINISHED |
| gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
| #endif |
| if (0 != curl_global_init (CURL_GLOBAL_ALL)) |
| { |
| fprintf (stderr, "Error (code: %u)\n", errorCount); |
| return -1; |
| } |
| errorCount += test_query_session (); |
| print_test_result (errorCount, argv[0]); |
| curl_global_cleanup (); |
| if (errorCount > 0) |
| fprintf (stderr, "Error (code: %u)\n", errorCount); |
| return errorCount; |
| } |