removing broken and/or dead code

ChangeLog

@@ -1,3 +1,8 @@
+Sat Nov 15 00:31:33 MST 2008
+	 Removing (broken) support for HTTPS servers with
+	 anonymous (aka "no") certificates as well as
+	 various useless dead code. -CG
+
 Sat Nov  8 02:18:42 MST 2008
 	 Unset TCP_CORK at the end of transmitting a response
 	 to improve performance (on systems where this is

configure.ac

@@ -330,7 +330,6 @@ AM_CONDITIONAL(HAVE_LIBZ, test x$zlib = x1)
 AC_DEFINE([ENABLE_MINITASN1],[1],[Include minitasn1 support])
 AC_DEFINE([GNULIB_GC_HMAC_SHA1],[1],[GNULIB_GC_HMAC_SHA1])
 AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
-AC_DEFINE([ENABLE_ANON],[1],[Enable anonymous authentication])
 AC_DEFINE([ENABLE_PKI],[0],[Include PKI support])
 # gnutls debug support
 AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])

src/daemon/daemon.c

@@ -153,15 +153,6 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
 {
   switch (daemon->cred_type)
     {
-    case MHD_GNUTLS_CRD_ANON:
-      if ((0 !=
-           MHD__gnutls_anon_allocate_server_credentials (&daemon->anon_cred))
-          || (0 != MHD__gnutls_dh_params_init (&daemon->dh_params)))
-        return GNUTLS_E_MEMORY_ERROR;
-      MHD__gnutls_dh_params_generate2 (daemon->dh_params, 1024);
-      MHD__gnutls_anon_set_server_dh_params (daemon->anon_cred,
-                                             daemon->dh_params);
-      return 0;
     case MHD_GNUTLS_CRD_CERTIFICATE:
       if (0 !=
           MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred))
@@ -495,13 +486,6 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
                                        MHD_GNUTLS_CRD_CERTIFICATE,
                                        connection->daemon->x509_cred);
           break;
-        case MHD_GNUTLS_CRD_ANON:
-          /* set needed credentials for anonymous authentication. */
-          MHD__gnutls_credentials_set (connection->tls_session,
-                                       MHD_GNUTLS_CRD_ANON,
-                                       connection->daemon->anon_cred);
-          MHD__gnutls_dh_set_prime_bits (connection->tls_session, 1024);
-          break;
         default:
 #if HAVE_MESSAGES
           MHD_DLOG (connection->daemon,
@@ -1101,8 +1085,6 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
       MHD__gnutls_priority_deinit (daemon->priority_cache);
       if (daemon->x509_cred)
         MHD__gnutls_certificate_free_credentials (daemon->x509_cred);
-      if (daemon->anon_cred)
-        MHD__gnutls_anon_free_server_credentials (daemon->anon_cred);
       /* lock MHD_gnutls_global mutex since it uses reference counting */
       pthread_mutex_lock (&MHD_gnutls_init_mutex);
       MHD__gnutls_global_deinit ();

src/daemon/https/gnutls.h

@@ -448,35 +448,6 @@ extern "C"
   typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials;
   typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials;
 
-  typedef struct MHD_gtls_anon_server_credentials_st
-    *MHD_gtls_anon_server_credentials_t;
-  typedef struct MHD_gtls_anon_client_credentials_st
-    *MHD_gtls_anon_client_credentials_t;
-
-  void
-    MHD__gnutls_anon_free_server_credentials
-    (MHD_gtls_anon_server_credentials_t sc);
-  int
-    MHD__gnutls_anon_allocate_server_credentials
-    (MHD_gtls_anon_server_credentials_t * sc);
-
-  void
-    MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t
-                                           res,
-                                           MHD_gtls_dh_params_t dh_params);
-
-  void
-    MHD__gnutls_anon_set_server_params_function
-    (MHD_gtls_anon_server_credentials_t res,
-     MHD_gnutls_params_function * func);
-
-  void
-    MHD__gnutls_anon_free_client_credentials
-    (MHD_gtls_anon_client_credentials_t sc);
-  int
-    MHD__gnutls_anon_allocate_client_credentials
-    (MHD_gtls_anon_client_credentials_t * sc);
-
   void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t
                                                  sc);
   int
@@ -488,19 +459,6 @@ extern "C"
   void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
   void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc);
 
-  void MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
-                                              MHD_gtls_dh_params_t dh_params);
-  void
-    MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
-                                                   res,
-                                                   MHD_gtls_rsa_params_t
-                                                   rsa_params);
-  void MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
-                                                 res, unsigned int flags);
-  void MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
-                                                  res, unsigned int max_bits,
-                                                  unsigned int max_depth);
-
   int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t
                                                    res, const char *CAFILE,
                                                    MHD_gnutls_x509_crt_fmt_t
@@ -647,13 +605,6 @@ extern "C"
   void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr);
   void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session);
 
-/*
- * this function returns the hash of the given data.
- */
-  int MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
-                               const MHD_gnutls_datum_t * data, void *result,
-                               size_t * result_size);
-
   typedef enum MHD_gnutls_x509_subject_alt_name_t
   {
     GNUTLS_SAN_DNSNAME = 1,
@@ -714,23 +665,6 @@ extern "C"
    */
   void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session,
                                       unsigned int bits);
-  int MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session);
-  int MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session);
-  int MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session);
-
-  int MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
-                                MHD_gnutls_datum_t * raw_gen,
-                                MHD_gnutls_datum_t * raw_prime);
-  int MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
-                                 MHD_gnutls_datum_t * raw_key);
-
-  /*
-   * RSA
-   */
-  int MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
-                                      MHD_gnutls_datum_t * exponent,
-                                      MHD_gnutls_datum_t * modulus);
-  int MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session);
 
   /* External signing callback.  Experimental. */
   typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
@@ -761,20 +695,11 @@ extern "C"
                                                 req);
 
   /* get data from the session */
-  const MHD_gnutls_datum_t *MHD_gtls_certificate_get_peers (MHD_gtls_session_t
-                                                            session,
-                                                            unsigned int
-                                                            *list_size);
-  const MHD_gnutls_datum_t *MHD_gtls_certificate_get_ours (MHD_gtls_session_t
-                                                           session);
-
   time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t
                                                      session);
   time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t
                                                      session);
 
-  int MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t
-                                                      session);
   int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session,
                                           unsigned int *status);
 
@@ -796,16 +721,6 @@ extern "C"
                                         const MHD_gnutls_datum_t * b64_data,
                                         MHD_gnutls_datum_t * result);
 
-  //  void
-  //    MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t
-  //                                            res,
-  //                                            MHD_gnutls_params_function * func);
-  //  void MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
-  //                                        MHD_gnutls_params_function * func);
-  //  void MHD_gnutls_psk_set_params_function (MHD_gnutls_psk_server_credentials_t res,
-  //                                       MHD_gnutls_params_function * func);
-
-
   /* key_usage will be an OR of the following values: */
   /* when the key is to be used for signing: */
 #define GNUTLS_KEY_DIGITAL_SIGNATURE	128

src/daemon/https/tls/Makefile.am

@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \
  -L$(GCRYPT_LIB_PATH)
 
 libtls_la_SOURCES = \
-auth_anon.c \
 auth_cert.c \
 auth_dh_common.c \
 auth_dhe.c \
@@ -30,7 +29,6 @@ ext_oprfi.c \
 ext_server_name.c \
 gnutls_alert.c \
 gnutls_algorithms.c \
-gnutls_anon_cred.c \
 gnutls_asn1_tab.c \
 gnutls_auth.c \
 gnutls_buffers.c \
@@ -66,7 +64,6 @@ gnutls_ui.c \
 gnutls_x509.c \
 pkix_asn1_tab.c \
 x509_b64.c \
-auth_anon.h \
 auth_cert.h \
 auth_dh_common.h \
 debug.h \

src/daemon/https/tls/auth_anon.c

@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the Anonymous Diffie Hellman key exchange part of
- * the anonymous authentication. The functions here are used in the
- * handshake.
- */
-
-#include <gnutls_int.h>
-
-#ifdef ENABLE_ANON
-
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "auth_anon.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-
-static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **);
-static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *,
-                                         size_t);
-static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *,
-                                         size_t);
-
-const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = {
-  "ANON",
-  NULL,
-  NULL,
-  MHD_gtls_gen_anon_server_kx,
-  MHD_gtls_gen_dh_common_client_kx,     /* this can be shared */
-  NULL,
-  NULL,
-
-  NULL,
-  NULL,                         /* certificate */
-  MHD_gtls_proc_anon_server_kx,
-  MHD_gtls_proc_anon_client_kx,
-  NULL,
-  NULL
-};
-
-static int
-MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  mpi_t g, p;
-  const mpi_t *mpis;
-  int ret;
-  MHD_gtls_dh_params_t dh_params;
-  MHD_gtls_anon_server_credentials_t cred;
-
-  cred = (MHD_gtls_anon_server_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-
-  p = mpis[0];
-  g = mpis[1];
-
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                               sizeof (anon_auth_info_st), 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gtls_dh_set_group (session, g, p);
-
-  ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-    }
-
-  return ret;
-}
-
-
-static int
-MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data,
-                              size_t _data_size)
-{
-  MHD_gtls_anon_server_credentials_t cred;
-  int bits;
-  int ret;
-  mpi_t p, g;
-  MHD_gtls_dh_params_t dh_params;
-  const mpi_t *mpis;
-
-  bits = MHD_gtls_dh_get_allowed_prime_bits (session);
-
-  cred = (MHD_gtls_anon_server_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-
-  p = mpis[0];
-  g = mpis[1];
-
-  ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
-
-  return ret;
-
-}
-
-int
-MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data,
-                              size_t _data_size)
-{
-
-  int ret;
-
-  /* set auth_info */
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                               sizeof (anon_auth_info_st), 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
-#endif /* ENABLE_ANON */

src/daemon/https/tls/auth_anon.h

@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* this is not to be included by MHD_gnutls_anon.c */
-#include <gnutls_auth.h>
-#include <auth_dh_common.h>
-
-typedef struct MHD_gtls_anon_server_credentials_st
-{
-  MHD_gtls_dh_params_t dh_params;
-  /* this callback is used to retrieve the DH or RSA
-   * parameters.
-   */
-  MHD_gnutls_params_function *params_func;
-} mhd_anon_server_credentials_st;
-
-typedef struct MHD_gtls_anon_client_credentials_st
-{
-  int dummy;
-} mhd_anon_client_credentials_st;
-
-typedef struct MHD_gtls_anon_auth_info_st
-{
-  MHD_gtls_dh_info_st dh;
-} *mhd_anon_auth_info_t;
-
-typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st;

src/daemon/https/tls/gnutls_algorithms.c

@@ -42,9 +42,6 @@ typedef struct
 } MHD_gnutls_cred_map;
 
 static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
-  {MHD_GNUTLS_KX_ANON_DH,
-   MHD_GNUTLS_CRD_ANON,
-   MHD_GNUTLS_CRD_ANON},
   {MHD_GNUTLS_KX_RSA,
    MHD_GNUTLS_CRD_CERTIFICATE,
    MHD_GNUTLS_CRD_CERTIFICATE},
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct;
 extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct;
 extern MHD_gtls_mod_auth_st srp_auth_struct;
 extern MHD_gtls_mod_auth_st psk_auth_struct;
 extern MHD_gtls_mod_auth_st dhe_psk_auth_struct;
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry
 } MHD_gtls_kx_algo_entry_t;
 
 static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
-#ifdef ENABLE_ANON
-  {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0},
-#endif
   {"RSA",
    MHD_GNUTLS_KX_RSA,
    &MHD_gtls_rsa_auth_struct,
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
 /* Keep the contents of this struct the same as the previous one. */
 static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
 {
-#ifdef ENABLE_ANON
-  MHD_GNUTLS_KX_ANON_DH,
-#endif
   MHD_GNUTLS_KX_RSA,
   MHD_GNUTLS_KX_RSA_EXPORT,
   MHD_GNUTLS_KX_DHE_RSA,
@@ -498,20 +488,6 @@ typedef struct
  */
 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
 
-/* ANONymous cipher suites.
- */
-
-#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
-#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
-
-/* rfc3268: */
-#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
-#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
-
-/* rfc4132 */
-#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
-#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
-
 /* PSK (not in TLS 1.0)
  * draft-ietf-tls-psk:
  */
@@ -590,34 +566,6 @@ typedef struct
 #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
 
 static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
-  /* ANON_DH */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
-                             MHD_GNUTLS_CIPHER_ARCFOUR_128,
-                             MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_3DES_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_128_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_256_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef	ENABLE_CAMELLIA
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-                             MHD_GNUTLS_KX_ANON_DH,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
-
   /* SRP */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,

src/daemon/https/tls/gnutls_anon_cred.c

@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-
-#ifdef ENABLE_ANON
-
-#include "gnutls_errors.h"
-#include "auth_anon.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_mpi.h"
-
-static const int anon_dummy;
-
-/**
-  * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure
-  * @sc: is an #MHD_gtls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
-void
-MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t
-                                          sc)
-{
-
-  MHD_gnutls_free (sc);
-}
-
-/**
-  * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure
-  * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
-int
-  MHD__gnutls_anon_allocate_server_credentials
-  (MHD_gtls_anon_server_credentials_t * sc)
-{
-  *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st));
-  if (*sc == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  return 0;
-}
-
-
-/**
-  * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure
-  * @sc: is an #MHD_gtls_anon_client_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to free (deallocate) it.
-  **/
-void
-MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t
-                                          sc)
-{
-}
-
-/**
- * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure
- * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure.
- *
- * This structure is complex enough to manipulate directly thus
- * this helper function is provided in order to allocate it.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-int
-  MHD__gnutls_anon_allocate_client_credentials
-  (MHD_gtls_anon_client_credentials_t * sc)
-{
-  /* anon_dummy is only there for *sc not to be null.
-   * it is not used at all;
-   */
-  *sc = (void *) &anon_dummy;
-
-  return 0;
-}
-
-/**
-  * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
-  * @res: is a MHD_gtls_anon_server_credentials_t structure
-  * @dh_params: is a structure that holds diffie hellman parameters.
-  *
-  * This function will set the diffie hellman parameters for an
-  * anonymous server to use.  These parameters will be used in
-  * Anonymous Diffie Hellman cipher suites.
-  **/
-void
-MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res,
-                                       MHD_gtls_dh_params_t dh_params)
-{
-  res->dh_params = dh_params;
-}
-
-/**
-  * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback
-  * @res: is a MHD_gtls_cert_credentials_t structure
-  * @func: is the function to be called
-  *
-  * This function will set a callback in order for the server to get
-  * the diffie hellman parameters for anonymous authentication.  The
-  * callback should return zero on success.
-  **/
-void
-MHD__gnutls_anon_set_server_params_function
-  (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
-
-#endif

src/daemon/https/tls/gnutls_auth.c

@@ -30,7 +30,6 @@
 #include "auth_cert.h"
 #include <gnutls_datum.h>
 
-#include "auth_anon.h"
 /* The functions here are used in order for authentication algorithms
  * to be able to retrieve the needed credentials eg public and private
  * key etc.
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session)
   * structure. Thus you will have to keep the structure allocated until
   * you call MHD__gnutls_deinit(). ]
   *
-  * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client.
-  * In case of a server it should be MHD_gtls_anon_server_credentials_t.
-  *
   * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t
   * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case
   * of a server.
@@ -267,7 +263,6 @@ out:
   * is data obtained by the handshake protocol, the key exchange algorithm,
   * and the TLS extensions messages.
   *
-  * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
   * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
   * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
   -*/
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
     {
     case MHD_GNUTLS_CRD_SRP:
       break;
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
-
-        if (info == NULL)
-          break;
-
-        dh_info = &info->dh;
-        MHD_gtls_free_dh_info (dh_info);
-      }
-      break;
     case MHD_GNUTLS_CRD_CERTIFICATE:
       {
         unsigned int i;

src/daemon/https/tls/gnutls_handshake.c

@@ -47,7 +47,6 @@
 #include "gnutls_record.h"
 #include "gnutls_state.h"
 #include "gnutls_rsa_export.h"  /* for MHD_gnutls_get_rsa_params() */
-#include "auth_anon.h"          /* for MHD_gtls_anon_server_credentials_t */
 #include "gc.h"
 
 #ifdef HANDSHAKE_DEBUG
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session,
       if (delete == 1)
         return 1;
 
-#ifdef ENABLE_ANON
-    }
-  else if (cred_type == MHD_GNUTLS_CRD_ANON)
-    {
-      MHD_gtls_anon_server_credentials_t anon_cred =
-        (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key,
-                                                                cred_type,
-                                                                NULL);
-
-      if (anon_cred != NULL)
-        {
-          dh_params =
-            MHD_gtls_get_dh_params (anon_cred->dh_params,
-                                    anon_cred->params_func, session);
-        }
-#endif
 #ifdef ENABLE_PSK
     }
   else if (cred_type == MHD_GNUTLS_CRD_PSK)

src/daemon/https/tls/gnutls_session_pack.c

@@ -33,7 +33,6 @@
 #ifdef ENABLE_PSK
 # include <auth_psk.h>
 #endif
-#include <auth_anon.h>
 #include <auth_cert.h>
 #include <gnutls_errors.h>
 #include <gnutls_auth_int.h>
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session,
 static int pack_security_parameters (MHD_gtls_session_t session,
                                      MHD_gnutls_datum_t * packed_session);
 
-/* Packs the ANON session authentication data. */
-#ifdef ENABLE_ANON
-
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-pack_anon_auth_info (MHD_gtls_session_t session,
-                     MHD_gnutls_datum_t * packed_session)
-{
-  mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
-  int pos = 0;
-  size_t pack_size;
-
-  if (info)
-    pack_size = 2 + 4 * 3 + info->dh.prime.size +
-      info->dh.generator.size + info->dh.public_key.size;
-  else
-    pack_size = 0;
-
-  packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
-
-  /* calculate the size and allocate the data.
-   */
-  packed_session->data =
-    MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
-
-  if (packed_session->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
-  MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
-  pos += 4 + PACK_HEADER_SIZE;
-
-  if (pack_size > 0)
-    {
-      MHD_gtls_write_uint16 (info->dh.secret_bits,
-                             &packed_session->data[pos]);
-      pos += 2;
-
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
-      pos += 4 + info->dh.prime.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
-      pos += 4 + info->dh.generator.size;
-      MHD_gtls_write_datum32 (&packed_session->data[pos],
-                              info->dh.public_key);
-      pos += 4 + info->dh.public_key.size;
-
-    }
-
-  return 0;
-}
-
-/* Format:
- *      1 byte the credentials type
- *      4 bytes the size of the whole structure
- *      2 bytes the size of secret key in bits
- *      4 bytes the size of the prime
- *      x bytes the prime
- *      4 bytes the size of the generator
- *      x bytes the generator
- *      4 bytes the size of the public key
- *      x bytes the public key
- */
-static int
-unpack_anon_auth_info (MHD_gtls_session_t session,
-                       const MHD_gnutls_datum_t * packed_session)
-{
-  size_t pack_size;
-  int pos = 0, size, ret;
-  mhd_anon_auth_info_t info;
-
-  if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
-  pos += PACK_HEADER_SIZE + 4;
-
-
-  if (pack_size == 0)
-    return 0;                   /* nothing to be done */
-
-  /* a simple check for integrity */
-  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* client and serer have the same auth_info here
-   */
-  ret =
-    MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
-                            sizeof (anon_auth_info_st), 1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
-  pos += 2;
-
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
-  pos += 4;
-  ret =
-    MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
-                           size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-  pos += size;
-
-  return 0;
-
-error:
-  MHD__gnutls_free_datum (&info->dh.prime);
-  MHD__gnutls_free_datum (&info->dh.generator);
-  MHD__gnutls_free_datum (&info->dh.public_key);
-  return ret;
-}
-#endif /* ANON */
-
 /* Since auth_info structures contain malloced data, this function
  * is required in order to pack these structures in a vector in
  * order to store them to the DB.
@@ -266,16 +96,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session,
           return ret;
         }
       break;
-#endif
-#ifdef ENABLE_ANON
-    case MHD_GNUTLS_CRD_ANON:
-      ret = pack_anon_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
 #endif
     case MHD_GNUTLS_CRD_CERTIFICATE:
       ret = pack_certificate_auth_info (session, packed_session);
@@ -345,16 +165,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session,
           return ret;
         }
       break;
-#endif
-#ifdef ENABLE_ANON
-    case MHD_GNUTLS_CRD_ANON:
-      ret = unpack_anon_auth_info (session, packed_session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
 #endif
     case MHD_GNUTLS_CRD_CERTIFICATE:
       ret = unpack_certificate_auth_info (session, packed_session);

src/daemon/https/tls/gnutls_state.c

@@ -38,7 +38,6 @@
 #include <gnutls_buffers.h>
 #include <gnutls_state.h>
 #include <auth_cert.h>
-#include <auth_anon.h>
 #include <gnutls_algorithms.h>
 #include <gnutls_rsa_export.h>
 
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public)
 
   switch (MHD_gtls_auth_get_type (session))
     {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
     case MHD_GNUTLS_CRD_CERTIFICATE:
       {
         cert_auth_info_t info;
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits)
 {
   switch (MHD_gtls_auth_get_type (session))
     {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        info->dh.secret_bits = bits;
-        break;
-      }
     case MHD_GNUTLS_CRD_CERTIFICATE:
       {
         cert_auth_info_t info;
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime)
 
   switch (MHD_gtls_auth_get_type (session))
     {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
     case MHD_GNUTLS_CRD_CERTIFICATE:
       {
         cert_auth_info_t info;

src/daemon/https/tls/gnutls_ui.c

@@ -27,7 +27,6 @@
  */
 
 #include <gnutls_int.h>
-#include <auth_anon.h>
 #include <auth_cert.h>
 #include <gnutls_errors.h>
 #include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
   session->internals.dh_prime_bits = bits;
 }
 
-/**
- * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
- * @session: is a gnutls session
- * @raw_gen: will hold the generator.
- * @raw_prime: will hold the prime.
- *
- * This function will return the group parameters used in the last Diffie Hellman
- * authentication with the peer. These are the prime and the generator used.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
-                          MHD_gnutls_datum_t * raw_gen,
-                          MHD_gnutls_datum_t * raw_prime)
-{
-  MHD_gtls_dh_info_st *dh;
-  int ret;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      anon_info = MHD_gtls_get_auth_info (session);
-      if (anon_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &anon_info->dh;
-      break;
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      cert_info = MHD_gtls_get_auth_info (session);
-      if (cert_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &cert_info->dh;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret =
-    MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (raw_prime);
-      return ret;
-    }
-
-  return 0;
-}
-
-/**
- * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
- * @session: is a gnutls session
- * @raw_key: will hold the public key.
- *
- * This function will return the peer's public key used in the last Diffie Hellman authentication.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
-                           MHD_gnutls_datum_t * raw_key)
-{
-  MHD_gtls_dh_info_st *dh;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-  cert_auth_info_t psk_info;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        anon_info = MHD_gtls_get_auth_info (session);
-        if (anon_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &anon_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_PSK:
-      {
-        psk_info = MHD_gtls_get_auth_info (session);
-        if (psk_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &psk_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-
-        cert_info = MHD_gtls_get_auth_info (session);
-        if (cert_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &cert_info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
-                                dh->public_key.size);
-}
-
-/**
- * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
- * @session: is a gnutls session
- * @exponent: will hold the exponent.
- * @modulus: will hold the modulus.
- *
- * This function will return the peer's public key exponent and
- * modulus used in the last RSA-EXPORT authentication.  The output
- * parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
-                                MHD_gnutls_datum_t * exponent,
-                                MHD_gnutls_datum_t * modulus)
-{
-  cert_auth_info_t info;
-  int ret;
-
-  if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
-    {
-      info = MHD_gtls_get_auth_info (session);
-      if (info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-
-      ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
-                                   info->rsa_export.modulus.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
-                                   info->rsa_export.exponent.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_free_datum (modulus);
-          return ret;
-        }
-
-      return 0;
-    }
-
-  return GNUTLS_E_INVALID_REQUEST;
-}
-
-/**
- * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
-{
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        return info->dh.secret_bits;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        return info->dh.secret_bits;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-}
-
-/**
- * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits of the prime used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return (dh->prime.size) * 8;
-
-}
-
-/**
- * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last RSA-EXPORT key exchange
- * with the peer.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-
-  return info->rsa_export.modulus.size * 8;
-}
-
-/**
- * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return dh->public_key.size * 8;
-
-}
-
-/* CERTIFICATE STUFF */
-
-/**
- * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
- * @session: is a gnutls session
- *
- * This function will return the certificate as sent to the peer,
- * in the last handshake. These certificates are in raw format.
- * In X.509 this is a certificate list. In OpenPGP this is a single
- * certificate.
- * Returns NULL in case of an error, or if no certificate was used.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
-{
-  MHD_gtls_cert_credentials_t cred;
-
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-
-  cred
-    = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                       MHD_GNUTLS_CRD_CERTIFICATE,
-                                                       NULL);
-  if (cred == NULL || cred->cert_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  if (session->internals.selected_cert_list == NULL)
-    return NULL;
-
-  return &session->internals.selected_cert_list[0].raw;
-}
-
-/**
- * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
- * @session: is a gnutls session
- * @list_size: is the length of the certificate list
- *
- * This function will return the peer's raw certificate (chain) as
- * sent by the peer. These certificates are in raw format (DER encoded
- * for X.509). In case of a X.509 then a certificate list may be present.
- * The first certificate in the list is the peer's certificate,
- * following the issuer's certificate, then the issuer's issuer etc.
- *
- * In case of OpenPGP keys a single key will be returned
- * in raw format.
- *
- * Returns NULL in case of an error, or if no certificate was sent.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_peers (MHD_gtls_session_t
-                                session, unsigned int *list_size)
-{
-  cert_auth_info_t info;
-
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return NULL;
-
-  *list_size = info->ncerts;
-  return info->raw_certificate_list;
-}
-
-/**
- * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
- * @session: is a gnutls session
- *
- * This function will return 0 if the peer (server) did not request client
- * authentication or 1 otherwise.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-  return info->certificate_requested;
-}
-
-/**
- * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
- * @algo: is a digest algorithm
- * @data: is the data
- * @result: is the place where the result will be copied (may be null).
- * @result_size: should hold the size of the result. The actual size
- * of the returned result will also be copied there.
- *
- * This function will calculate a fingerprint (actually a hash), of the
- * given data. The result is not printable data. You should convert it
- * to hex, or to something else printable.
- *
- * This is the usual way to calculate a fingerprint of an X.509
- * DER encoded certificate. Note however that the fingerprint
- * of an OpenPGP is not just a hash and cannot be calculated with
- * this function.
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
-                         const MHD_gnutls_datum_t * data,
-                         void *result, size_t * result_size)
-{
-  GNUTLS_HASH_HANDLE td;
-  int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
-
-  if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
-    {
-      *result_size = hash_len;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  *result_size = hash_len;
-
-  if (result)
-    {
-      td = MHD_gtls_hash_init (HASH2MAC (algo));
-      if (td == NULL)
-        return GNUTLS_E_HASH_FAILED;
-
-      MHD_gnutls_hash (td, data->data, data->size);
-
-      MHD_gnutls_hash_deinit (td, result);
-    }
-
-  return 0;
-}
-
-/**
- * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @dh_params: is a structure that holds diffie hellman parameters.
- *
- * This function will set the diffie hellman parameters for a
- * certificate server to use. These parameters will be used in
- * Ephemeral Diffie Hellman cipher suites.  Note that only a pointer
- * to the parameters are stored in the certificate handle, so if you
- * deallocate the parameters before the certificate is deallocated,
- * you must change the parameters stored in the certificate first.
- *
- **/
-void
-MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
-                                       MHD_gtls_dh_params_t dh_params)
-{
-  res->dh_params = dh_params;
-}
-
-/**
- * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for certificate authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
-                                            MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
-
-/**
- * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @flags: are the flags
- *
- * This function will set the flags to be used at verification of the
- * certificates.  Flags must be OR of the
- * #MHD_gnutls_certificate_verify_flags enumerations.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
-                                          res, unsigned int flags)
-{
-  res->verify_flags = flags;
-}
-
-/**
- * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
- * @res: is a MHD_gnutls_certificate_credentials structure
- * @max_bits: is the number of bits of an acceptable certificate (default 8200)
- * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
- *
- * This function will set some upper limits for the default verification function,
- * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
- * You can set them to zero to disable limits.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
-                                           res,
-                                           unsigned int max_bits,
-                                           unsigned int max_depth)
-{
-  res->verify_depth = max_depth;
-  res->verify_bits = max_bits;
-}
-
-/**
- * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @rsa_params: is a structure that holds temporary RSA parameters.
- *
- * This function will set the temporary RSA parameters for a certificate
- * server to use. These parameters will be used in RSA-EXPORT
- * cipher suites.
- *
- **/
-void
-MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
-                                               res,
-                                               MHD_gtls_rsa_params_t
-                                               rsa_params)
-{
-  res->rsa_params = rsa_params;
-}
-
-/**
- * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for anonymous authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
-                                     MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}

src/daemon/internal.h

@@ -652,9 +652,6 @@ struct MHD_Daemon
   /* server x509 credintials */
   MHD_gtls_cert_credentials_t x509_cred;
 
-  /* credentials used for anonymous authentication */
-  MHD_gtls_anon_server_credentials_t anon_cred;
-
   /* cipher priority cache */
   MHD_gnutls_priority_t priority_cache;
 

src/include/microhttpd.h

@@ -365,8 +365,8 @@ enum MHD_OPTION
   MHD_OPTION_HTTPS_MEM_CERT = 10,
 
   /**
-   * Daemon credentials type.  Either certificate or anonymous,
-   * this option should be followed by one of the values listed in
+   * Daemon credentials type. 
+   * This option should be followed by one of the values listed in
    * "enum MHD_GNUTLS_CredentialsType".
    */
   MHD_OPTION_CRED_TYPE = 11,
@@ -530,7 +530,6 @@ enum MHD_GNUTLS_KeyExchangeAlgorithm
   MHD_GNUTLS_KX_RSA = 1,
   MHD_GNUTLS_KX_DHE_DSS,
   MHD_GNUTLS_KX_DHE_RSA,
-  MHD_GNUTLS_KX_ANON_DH,
   MHD_GNUTLS_KX_SRP,
   MHD_GNUTLS_KX_RSA_EXPORT,
   MHD_GNUTLS_KX_SRP_RSA,
@@ -548,11 +547,6 @@ enum MHD_GNUTLS_CredentialsType
    */
   MHD_GNUTLS_CRD_CERTIFICATE = 1,
 
-  /**
-   * We have no certificate ("anonymous").
-   */
-  MHD_GNUTLS_CRD_ANON,
-
   /**
    * Use SRP (password-based authentication).
    */

src/testcurl/https/Makefile.am

@@ -11,8 +11,6 @@ $(LIBCURL_CPPFLAGS)
 
 check_PROGRAMS = \
   tls_daemon_options_test \
-  tls_daemon_options_adh_test \
-  tls_daemon_options_dh_test \
   tls_authentication_test \
   mhds_multi_daemon_test \
   mhds_session_info_test
@@ -55,20 +53,6 @@ tls_daemon_options_test_LDADD = \
   $(top_builddir)/src/daemon/libmicrohttpd.la \
   @LIBCURL@
 
-tls_daemon_options_dh_test_SOURCES = \
-  tls_daemon_options_dh_test.c
-tls_daemon_options_dh_test_LDADD = \
-  $(top_builddir)/src/testcurl/libcurl_version_check.a \
-  $(top_builddir)/src/daemon/libmicrohttpd.la \
-  @LIBCURL@
-
-tls_daemon_options_adh_test_SOURCES = \
-  tls_daemon_options_adh_test.c
-tls_daemon_options_adh_test_LDADD = \
-  $(top_builddir)/src/testcurl/libcurl_version_check.a \
-  $(top_builddir)/src/daemon/libmicrohttpd.la \
-  @LIBCURL@
-
 tls_authentication_test_SOURCES = \
   tls_authentication_test.c
 tls_authentication_test_LDADD  = \

src/testcurl/https/tls_daemon_options_adh_test.c

@@ -1,395 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING.  If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file tls_daemon_options_adh_test.c
- * @brief  Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-
-#include <sys/stat.h>
-
-#include "gnutls.h"
-#include <curl/curl.h>
-
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-
-#include "tls_test_keys.h"
-
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-
-int curl_check_version (const char *req_version, ...);
-
-struct CBC
-{
-  char *buf;
-  size_t pos;
-  size_t size;
-};
-
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
-  struct CBC *cbc = ctx;
-
-  if (cbc->pos + size * nmemb > cbc->size)
-    return 0;                   /* overflow */
-  memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
-  cbc->pos += size * nmemb;
-  return size * nmemb;
-}
-
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
-  FILE *file = cls;
-  fseek (file, pos, SEEK_SET);
-  return fread (buf, 1, max, file);
-}
-
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
-          const char *url, const char *method, const char *upload_data,
-          const char *version, unsigned int *upload_data_size, void **ptr)
-{
-  static int aptr;
-  struct MHD_Response *response;
-  int ret;
-  FILE *file;
-  struct stat buf;
-
-  if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
-    return MHD_NO;              /* unexpected method */
-  if (&aptr != *ptr)
-    {
-      /* do never respond on first call */
-      *ptr = &aptr;
-      return MHD_YES;
-    }
-  *ptr = NULL;                  /* reset when done */
-
-  file = fopen (url, "r");
-  if (file == NULL)
-    {
-      response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
-                                                (void *) PAGE_NOT_FOUND,
-                                                MHD_NO, MHD_NO);
-      ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
-      MHD_destroy_response (response);
-    }
-  else
-    {
-      stat (url, &buf);
-      response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,     /* 32k PAGE_NOT_FOUND size */
-                                                    &file_reader, file,
-                                                    (MHD_ContentReaderFreeCallback)
-                                                    & fclose);
-      ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
-      MHD_destroy_response (response);
-    }
-  return ret;
-}
-
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  struct CBC cbc;
-  char *doc_path;
-  char url[255];
-  struct stat statb;
-
-  stat (test_file_name, &statb);
-
-  int len = statb.st_size;
-
-  /* used to memcmp local copy & deamon supplied copy */
-  unsigned char *mem_test_file_local;
-
-  /* setup test file path, url */
-  doc_path = get_current_dir_name ();
-
-  if (NULL == (mem_test_file_local = malloc (len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-
-  fseek (test_fd, 0, SEEK_SET);
-  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
-    {
-      fclose (test_fd);
-      fprintf (stderr, "Error: failed to read test file. %s\n",
-               strerror (errno));
-      return -1;
-    }
-
-  if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  cbc.size = len;
-  cbc.pos = 0;
-
-  /* construct url - this might use doc_path */
-  sprintf (url, "%s%s/%s", "https://localhost:42433",
-           doc_path, test_file_name);
-
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, url);
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
-  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
-  /* currently skip any peer authentication */
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  if (CURLE_OK != (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return errornum;
-    }
-
-  curl_easy_cleanup (c);
-
-  if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
-    {
-      fprintf (stderr, "Error: local file & received file differ.\n");
-      free (cbc.buf);
-      free (mem_test_file_local);
-      return -1;
-    }
-
-  free (mem_test_file_local);
-  free (cbc.buf);
-  free (doc_path);
-  return 0;
-}
-
-static FILE *
-setupTestFile ()
-{
-  FILE *test_fd;
-
-  if (NULL == (test_fd = fopen (test_file_name, "w+")))
-    {
-      fprintf (stderr, "Error: failed to open `%s': %s\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
-      != strlen (test_file_data))
-    {
-      fprintf (stderr, "Error: failed to write `%s. %s'\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fflush (test_fd))
-    {
-      fprintf (stderr, "Error: failed to flush test file stream. %s\n",
-               strerror (errno));
-      return NULL;
-    }
-
-  return test_fd;
-}
-
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
-  *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
-                            MHD_USE_DEBUG, 42433,
-                            NULL, NULL, &http_ahc, NULL, arg_list);
-
-  if (*d == NULL)
-    {
-      fprintf (stderr, MHD_E_SERVER_INIT);
-      return -1;
-    }
-
-  return 0;
-}
-
-static void
-teardown (struct MHD_Daemon *d)
-{
-  MHD_stop_daemon (d);
-}
-
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
-           (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
-           FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
-  int ret;
-  va_list arg_list;
-  struct MHD_Daemon *d;
-
-  va_start (arg_list, proto_version);
-  if (setup (&d, arg_list) != 0)
-    {
-      va_end (arg_list);
-      return -1;
-    }
-
-  fprintf (stdout, "running test: %s ", test_name);
-  ret = test (test_fd, cipher_suite, proto_version);
-
-  if (ret == 0)
-    {
-      fprintf (stdout, "[pass]\n");
-    }
-  else
-    {
-      fprintf (stdout, "[fail]\n");
-    }
-
-  teardown (d);
-  va_end (arg_list);
-  return ret;
-}
-
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
-                       int curl_proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-
-  /* assert daemon rejected request */
-  if (CURLE_OK == (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return -1;
-    }
-
-  return 0;
-}
-
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
-  FILE *test_fd;
-  unsigned int errorCount = 0;
-
-  MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-
-  if (curl_check_version (MHD_REQ_CURL_VERSION))
-    {
-      return -1;
-    }
-
-  if ((test_fd = setupTestFile ()) == NULL)
-    {
-      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
-      return -1;
-    }
-
-  if (0 != curl_global_init (CURL_GLOBAL_ALL))
-    {
-      fprintf (stderr, "Error: %s\n", strerror (errno));
-      return -1;
-    }
-
-  int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-  errorCount +=
-    test_wrap ("ADH-AES256-SHA", &test_https_transfer, test_fd,
-               "ADH-AES256-SHA", CURL_SSLVERSION_TLSv1,
-               MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
-               MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
-
-  if (errorCount != 0)
-    fprintf (stderr, "Failed test: %s.\n", argv[0]);
-
-  curl_global_cleanup ();
-  fclose (test_fd);
-
-  remove (test_file_name);
-
-  return errorCount != 0;
-}

src/testcurl/https/tls_daemon_options_dh_test.c

@@ -1,397 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007 Christian Grothoff
-
- libmicrohttpd is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
-
- libmicrohttpd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with libmicrohttpd; see the file COPYING.  If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
- */
-
-/**
- * @file tls_daemon_options_dh_test.c
- * @brief  Testcase for libmicrohttpd HTTPS GET operations
- * @author Sagie Amir
- */
-
-#include "platform.h"
-#include "microhttpd.h"
-
-#include <sys/stat.h>
-
-#include "gnutls.h"
-#include <curl/curl.h>
-
-#define DEBUG_CURL_VERBOSE 0
-#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
-
-#define MHD_E_MEM "Error: memory error\n"
-#define MHD_E_SERVER_INIT "Error: failed to start server\n"
-#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
-#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
-#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
-
-#include "tls_test_keys.h"
-
-const int DEBUG_GNUTLS_LOG_LEVEL = 0;
-const char *test_file_name = "https_test_file";
-const char test_file_data[] = "Hello World\n";
-
-int curl_check_version (const char *req_version, ...);
-
-struct CBC
-{
-  char *buf;
-  size_t pos;
-  size_t size;
-};
-
-static size_t
-copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
-{
-  struct CBC *cbc = ctx;
-
-  if (cbc->pos + size * nmemb > cbc->size)
-    return 0;                   /* overflow */
-  memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
-  cbc->pos += size * nmemb;
-  return size * nmemb;
-}
-
-static int
-file_reader (void *cls, size_t pos, char *buf, int max)
-{
-  FILE *file = cls;
-  fseek (file, pos, SEEK_SET);
-  return fread (buf, 1, max, file);
-}
-
-/* HTTP access handler call back */
-static int
-http_ahc (void *cls, struct MHD_Connection *connection,
-          const char *url, const char *method, const char *upload_data,
-          const char *version, unsigned int *upload_data_size, void **ptr)
-{
-  static int aptr;
-  struct MHD_Response *response;
-  int ret;
-  FILE *file;
-  struct stat buf;
-
-  if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
-    return MHD_NO;              /* unexpected method */
-  if (&aptr != *ptr)
-    {
-      /* do never respond on first call */
-      *ptr = &aptr;
-      return MHD_YES;
-    }
-  *ptr = NULL;                  /* reset when done */
-
-  file = fopen (url, "r");
-  if (file == NULL)
-    {
-      response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
-                                                (void *) PAGE_NOT_FOUND,
-                                                MHD_NO, MHD_NO);
-      ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
-      MHD_destroy_response (response);
-    }
-  else
-    {
-      stat (url, &buf);
-      response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,     /* 32k PAGE_NOT_FOUND size */
-                                                    &file_reader, file,
-                                                    (MHD_ContentReaderFreeCallback)
-                                                    & fclose);
-      ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
-      MHD_destroy_response (response);
-    }
-  return ret;
-}
-
-/*
- * test HTTPS transfer
- * @param test_fd: file to attempt transfering
- */
-static int
-test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-  struct CBC cbc;
-  char *doc_path;
-  char url[255];
-  struct stat statb;
-
-  stat (test_file_name, &statb);
-
-  int len = statb.st_size;
-
-  /* used to memcmp local copy & deamon supplied copy */
-  unsigned char *mem_test_file_local;
-
-  /* setup test file path, url */
-  doc_path = get_current_dir_name ();
-
-  if (NULL == (mem_test_file_local = malloc (len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-
-  fseek (test_fd, 0, SEEK_SET);
-  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
-    {
-      fclose (test_fd);
-      fprintf (stderr, "Error: failed to read test file. %s\n",
-               strerror (errno));
-      return -1;
-    }
-
-  if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
-    {
-      fclose (test_fd);
-      fprintf (stderr, MHD_E_MEM);
-      return -1;
-    }
-  cbc.size = len;
-  cbc.pos = 0;
-
-  /* construct url - this might use doc_path */
-  sprintf (url, "%s%s/%s", "https://localhost:42433",
-           doc_path, test_file_name);
-
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, url);
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
-  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
-
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
-  /* currently skip any peer authentication */
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-  if (CURLE_OK != (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return errornum;
-    }
-
-  curl_easy_cleanup (c);
-
-  if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
-    {
-      fprintf (stderr, "Error: local file & received file differ.\n");
-      free (cbc.buf);
-      free (mem_test_file_local);
-      return -1;
-    }
-
-  free (mem_test_file_local);
-  free (cbc.buf);
-  free (doc_path);
-  return 0;
-}
-
-FILE *
-setupTestFile ()
-{
-  FILE *test_fd;
-
-  if (NULL == (test_fd = fopen (test_file_name, "w+")))
-    {
-      fprintf (stderr, "Error: failed to open `%s': %s\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
-      != strlen (test_file_data))
-    {
-      fprintf (stderr, "Error: failed to write `%s. %s'\n",
-               test_file_name, strerror (errno));
-      return NULL;
-    }
-  if (fflush (test_fd))
-    {
-      fprintf (stderr, "Error: failed to flush test file stream. %s\n",
-               strerror (errno));
-      return NULL;
-    }
-
-  return test_fd;
-}
-
-static int
-setup (struct MHD_Daemon **d, va_list arg_list)
-{
-  *d = MHD_start_daemon_va (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
-                            MHD_USE_DEBUG, 42433,
-                            NULL, NULL, &http_ahc, NULL, arg_list);
-
-  if (*d == NULL)
-    {
-      fprintf (stderr, MHD_E_SERVER_INIT);
-      return -1;
-    }
-
-  return 0;
-}
-
-static void
-teardown (struct MHD_Daemon *d)
-{
-  MHD_stop_daemon (d);
-}
-
-/* TODO test_wrap: change sig to (setup_func, test, va_list test_arg) & move to test_util.c */
-int
-test_wrap (char *test_name, int
-           (*test) (FILE * test_fd, char *cipher_suite, int proto_version),
-           FILE * test_fd, char *cipher_suite, int proto_version, ...)
-{
-  int ret;
-  va_list arg_list;
-  struct MHD_Daemon *d;
-
-  va_start (arg_list, proto_version);
-  if (setup (&d, arg_list) != 0)
-    {
-      va_end (arg_list);
-      return -1;
-    }
-
-  fprintf (stdout, "running test: %s ", test_name);
-  ret = test (test_fd, cipher_suite, proto_version);
-
-  if (ret == 0)
-    {
-      fprintf (stdout, "[pass]\n");
-    }
-  else
-    {
-      fprintf (stdout, "[fail]\n");
-    }
-
-  teardown (d);
-  va_end (arg_list);
-  return ret;
-}
-
-/*
- * test server refuses to negotiate connections with unsupported protocol versions
- */
-int
-test_protocol_version (FILE * test_fd, char *cipher_suite,
-                       int curl_proto_version)
-{
-  CURL *c;
-  CURLcode errornum;
-
-  c = curl_easy_init ();
-#if DEBUG_CURL_VERBOSE
-  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
-#endif
-  curl_easy_setopt (c, CURLOPT_URL, "https://localhost:42433/");
-  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
-  curl_easy_setopt (c, CURLOPT_TIMEOUT, 5L);
-  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 5L);
-
-  /* TLS options */
-  curl_easy_setopt (c, CURLOPT_SSLVERSION, curl_proto_version);
-  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
-
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
-  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
-  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
-
-  /* NOTE: use of CONNECTTIMEOUT without also
-     setting NOSIGNAL results in really weird
-     crashes on my system! */
-  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
-
-  /* assert daemon rejected request */
-  if (CURLE_OK == (errornum = curl_easy_perform (c)))
-    {
-      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
-               curl_easy_strerror (errornum));
-      curl_easy_cleanup (c);
-      return -1;
-    }
-
-  return 0;
-}
-
-/* setup a temporary transfer test file */
-int
-main (int argc, char *const *argv)
-{
-  FILE *test_fd;
-  unsigned int errorCount = 0;
-
-  MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL);
-
-  if (curl_check_version (MHD_REQ_CURL_VERSION))
-    {
-      return -1;
-    }
-
-  if ((test_fd = setupTestFile ()) == NULL)
-    {
-      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
-      return -1;
-    }
-
-  if (0 != curl_global_init (CURL_GLOBAL_ALL))
-    {
-      fprintf (stderr, "Error: %s\n", strerror (errno));
-      return -1;
-    }
-
-  int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
-  int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 };
-
-  errorCount +=
-    test_wrap ("kx ANON_DH", &test_https_transfer, test_fd,
-               "ADH-DES-CBC3-SHA", CURL_SSLVERSION_TLSv1,
-               MHD_OPTION_CRED_TYPE, MHD_GNUTLS_CRD_ANON,
-               MHD_OPTION_CIPHER_ALGORITHM, cipher, MHD_OPTION_KX_PRIORITY,
-               kx, MHD_OPTION_END);
-  if (errorCount != 0)
-    fprintf (stderr, "Failed test: %s.\n", argv[0]);
-
-  curl_global_cleanup ();
-  fclose (test_fd);
-
-  remove (test_file_name);
-
-  return errorCount != 0;
-}

src/testcurl/https/tls_daemon_options_test.c

@@ -222,7 +222,7 @@ test_https_transfer (FILE * test_fd, char *cipher_suite, int proto_version)
   return 0;
 }
 
-FILE *
+static FILE *
 setupTestFile ()
 {
   FILE *test_fd;
@@ -381,7 +381,8 @@ main (int argc, char *const *argv)
   int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
 
   errorCount +=
-    test_wrap ("https_transfer", &test_https_transfer, test_fd, "AES256-SHA",
+    test_wrap ("https_transfer", &test_https_transfer, 
+	       test_fd, "AES256-SHA",
                CURL_SSLVERSION_TLSv1,
                MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
@@ -389,9 +390,11 @@ main (int argc, char *const *argv)
 
   errorCount +=
     test_wrap ("protocol_version", &test_protocol_version, test_fd,
-               "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
+               "AES256-SHA", CURL_SSLVERSION_TLSv1,
+	       MHD_OPTION_HTTPS_MEM_KEY,
                srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
-               srv_self_signed_cert_pem, MHD_OPTION_PROTOCOL_VERSION, p,
+               srv_self_signed_cert_pem, 
+	       MHD_OPTION_PROTOCOL_VERSION, p,
                MHD_OPTION_END);
   errorCount +=
     test_wrap ("cipher DES-CBC3-SHA", &test_https_transfer, test_fd,