bind option uses sockaddr - [ ! MHD_USE_IPv6 should be removed in favor of a generic addrlen argument ]

openpgp support currently disabled

configure.ac

@@ -226,9 +226,10 @@ AC_ARG_ENABLE([OpenPGP],
    [enable_openpgp=$enableval],
    [enable_openpgp="no"])
 AC_MSG_RESULT($enable_openpgp)
+# currently we ignore this option.
 if test "$enable_openpgp" = "yes"
 then
- AC_DEFINE([ENABLE_OPENPGP],[1],[Include OpenGPG support])
+ AC_DEFINE([ENABLE_OPENPGP],[0],[Include OpenGPG support])
 else
  AC_DEFINE([ENABLE_OPENPGP],[0],[Include OpenGPG support])
 fi
@@ -306,8 +307,6 @@ src/daemon/https/Makefile
 src/daemon/https/tls/Makefile
 src/daemon/https/x509/Makefile
 src/daemon/https/lgl/Makefile
-src/daemon/https/openpgp/Makefile
-src/daemon/https/opencdk/Makefile
 src/daemon/https/minitasn1/Makefile
 src/examples/Makefile
 src/testcurl/Makefile

src/daemon/connection.c

@@ -149,9 +149,9 @@ MHD_get_connection_values (struct MHD_Connection *connection,
 
 /**
  * This function can be used to add an entry to
- * the HTTP headers of a connection (so that the 
+ * the HTTP headers of a connection (so that the
  * MHD_get_connection_values function will return
- * them -- and the MHD PostProcessor will also 
+ * them -- and the MHD PostProcessor will also
  * see them).  This maybe required in certain
  * situations (see Mantis #1399) where (broken)
  * HTTP implementations fail to supply values needed
@@ -176,10 +176,10 @@ MHD_get_connection_values (struct MHD_Connection *connection,
  *         performed due to insufficient memory;
  *         MHD_YES on success
  */
-int 
+int
 MHD_set_connection_value (struct MHD_Connection *connection,
 			  enum MHD_ValueKind kind,
-			  const char *key, 
+			  const char *key,
 			  const char *value)
 {
   struct MHD_HTTP_Header * pos;

src/daemon/connection_https.c

@@ -32,7 +32,6 @@
 #include "response.h"
 #include "reason_phrase.h"
 
-#include "microhttpd.h"
 /* get opaque type */
 #include "gnutls_int.h"
 #include "gnutls_record.h"
@@ -45,15 +44,57 @@ int MHD_connection_handle_read (struct MHD_Connection *connection);
 int MHD_connection_handle_write (struct MHD_Connection *connection);
 int MHD_connection_handle_idle (struct MHD_Connection *connection);
 
-/*
+/**
+ * retrieve session info
+ *
+ * @param connection: from which to retrieve data
+ * @return: an appropriate 'union MHD_SessionInfo' with the requested connection data or 'null_info' in an invalid request has been received.
+ */
+union MHD_SessionInfo
+MHD_get_session_info ( struct MHD_Connection * connection, enum MHD_InfoType infoType)
+{
+  /* return NULL if this isn't a SSL/TLS type connection */
+  if (connection->tls_session == NULL)
+    {
+      /* TODO clean */
+      return (union MHD_SessionInfo) 0;
+    }
+  switch (infoType)
+    {
+#if HTTPS_SUPPORT
+    case MHS_INFO_CIPHER_ALGO:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        read_bulk_cipher_algorithm;
+    case MHD_INFO_KX_ALGO:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        kx_algorithm;
+    case MHD_INFO_CREDENTIALS_TYPE:
+      return (union MHD_SessionInfo) connection->tls_session->key->cred->algorithm;
+    case MHD_INFO_MAC_ALGO:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        read_mac_algorithm;
+    case MHD_INFO_COMPRESSION_METHOD:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        read_compression_algorithm;
+    case MHD_INFO_PROTOCOL:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        version;
+    case MHD_INFO_CERT_TYPE:
+      return (union MHD_SessionInfo) connection->tls_session->security_parameters.
+        cert_type;
+#endif
+    };
+  return (union MHD_SessionInfo) 0;
+}
+
+/**
  * This function is called once a secure connection has been marked
  * for closure.
  *
- * @param :
- * @return:
+ * @param connection: the connection to close
  */
 static void
-MHD_tls_connection_close (struct MHD_Connection *connection)
+MHD_tls_connection_close (struct MHD_Connection * connection)
 {
   MHD_gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
   connection->tls_session->internals.read_eof = 1;
@@ -72,7 +113,13 @@ MHD_tls_connection_close (struct MHD_Connection *connection)
                                           MHD_TLS_REQUEST_TERMINATED_COMPLETED_OK);
 }
 
-/* TODO - we might want to send raw RST packets here... */
+/**
+ * This function is called once a secure connection has been marked
+ * for closure.
+ *
+ * @param connection: the connection to close
+ * @param termination_code: the termination code with which the notify completed callback function is called.
+ */
 static void
 MHD_tls_connection_close_err (struct MHD_Connection *connection,
                               enum MHD_RequestTerminationCode
@@ -91,44 +138,19 @@ MHD_tls_connection_close_err (struct MHD_Connection *connection,
                                           termination_code);
 }
 
-union MHD_SessionInfo
-MHD_get_session_info (struct MHD_Connection *con, enum MHD_InfoType infoType)
-{
-  /* return NULL if this isn't a SSL/TLS type connection */
-  if (con->tls_session == NULL)
-    {
-      /* TODO clean */
-      return (union MHD_SessionInfo) 0;
-    }
-  switch (infoType)
-    {
-    case MHS_INFO_CIPHER_ALGO:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        read_bulk_cipher_algorithm;
-    case MHD_INFO_KX_ALGO:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        kx_algorithm;
-    case MHD_INFO_CREDENTIALS_TYPE:
-      return (union MHD_SessionInfo) con->tls_session->key->cred->algorithm;
-    case MHD_INFO_MAC_ALGO:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        read_mac_algorithm;
-    case MHD_INFO_COMPRESSION_METHOD:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        read_compression_algorithm;
-    case MHD_INFO_PROTOCOL:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        version;
-    case MHD_INFO_CERT_TYPE:
-      return (union MHD_SessionInfo) con->tls_session->security_parameters.
-        cert_type;
-    };
-  return (union MHD_SessionInfo) 0;
-}
 
+/**
+ * @name : MHDS_con_read
+ *
+ * reads data from the TLS record protocol
+ * @param connection: is a %MHD_Connection structure.
+ * @return: number of bytes received and zero on EOF.  A negative
+ * error code is returned in case of an error.
+ **/
 static ssize_t
-MHDS_con_read (struct MHD_Connection *connection)
+MHDS_con_read (struct MHD_Connection * connection)
 {
+  /* no special handling when GNUTLS_E_AGAIN is returned since this function is called from within a select loop */
   ssize_t size = MHD_gnutls_record_recv (connection->tls_session,
                                      &connection->read_buffer[connection->
                                                               read_buffer_offset],

src/daemon/daemon.c

@@ -818,14 +818,14 @@ MHD_start_daemon_va (unsigned int options,
 {
   const int on = 1;
   struct MHD_Daemon *retVal;
-  char * daemon_ip_addr = 0;
+  void * daemon_ip_addr;
 
   /* listeningss sockets used by the daemon */
   int socket_fd;
 
   struct sockaddr_in servaddr4;
   struct sockaddr_in6 servaddr6;
-  const struct sockaddr *servaddr;
+  const struct sockaddr *servaddr = 0;
   socklen_t addrlen;
   enum MHD_OPTION opt;
 
@@ -890,8 +890,8 @@ MHD_start_daemon_va (unsigned int options,
         case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
           retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
           break;
-        case  MHD_OPTION_IP_ADDR:
-          daemon_ip_addr = va_arg (ap, const char *);
+        case  MHD_OPTION_SOCK_ADDR:
+          servaddr = va_arg (ap, struct sockaddr *);
           break;
 #if HTTPS_SUPPORT
         case MHD_OPTION_PROTOCOL_VERSION:
@@ -965,19 +965,21 @@ MHD_start_daemon_va (unsigned int options,
       fprintf (stderr, "setsockopt failed: %s\n", STRERROR (errno));
 #endif
     }
-  if ((options & MHD_USE_IPv6) != 0)
+
+  /* check for user supplied sockaddr */
+  if (servaddr) {
+	  if (options & MHD_USE_IPv6){
+		  addrlen = sizeof (struct sockaddr_in6);
+	  }
+	  else{
+		  addrlen = sizeof (struct sockaddr_in);
+	  }
+  }
+  else if ((options & MHD_USE_IPv6) != 0)
     {
       memset (&servaddr6, 0, sizeof (struct sockaddr_in6));
       servaddr6.sin6_family = AF_INET6;
       servaddr6.sin6_port = htons (port);
-     if (daemon_ip_addr && inet_pton (AF_INET6, daemon_ip_addr, &servaddr6.sin6_addr) <= 0){
-     #if HAVE_MESSAGES
-           if ((options & MHD_USE_DEBUG) != 0)
-             fprintf (stderr,
-                      "Failed to parse given daemon ipv6 inet address: %s\n", daemon_ip_addr );
-           return NULL;
-     #endif
-     	  }
       servaddr = (struct sockaddr *) &servaddr6;
       addrlen = sizeof (struct sockaddr_in6);
     }
@@ -986,14 +988,6 @@ MHD_start_daemon_va (unsigned int options,
       memset (&servaddr4, 0, sizeof (struct sockaddr_in));
       servaddr4.sin_family = AF_INET;
       servaddr4.sin_port = htons (port);
-      if (daemon_ip_addr && inet_pton (AF_INET, daemon_ip_addr, &servaddr4.sin_addr) <= 0){
-#if HAVE_MESSAGES
-      if ((options & MHD_USE_DEBUG) != 0)
-        fprintf (stderr,
-        		"Failed to parse given daemon ipv4 inet address: %s\n", daemon_ip_addr );
-        return NULL;
-#endif
-	  }
       servaddr = (struct sockaddr *) &servaddr4;
       addrlen = sizeof (struct sockaddr_in);
     }

src/daemon/https/Makefile.am

@@ -2,18 +2,5 @@
 SUBDIRS = minitasn1 lgl x509 tls 
 
 if ENABLE_OPENPGP
-SUBDIRS += opencdk openpgp
+# SUBDIRS += opencdk openpgp
 endif
-
-#noinst_PROGRAMS = errcodes
-#errcodes_SOURCES = errcodes.c
-#errcodes_LDADD = ../lib/libgnutls.la $(LIBGCRYPT_LIBS) $(LIBTASN1_LIBS)
-
-# gnutls_serv_SOURCES = serv.gaa serv-gaa.h serv-gaa.c list.h serv.c common.h common.c select.c
-# srptool_SOURCES = crypt.gaa crypt-gaa.h crypt-gaa.c crypt.c
-# gnutls_cli_debug_SOURCES = tls_test.gaa tls_test-gaa.h tls_test-gaa.c	\
-#	tls_test.c tests.h tests.c common.h common.c
-# certtool_SOURCES = certtool.gaa certtool-gaa.h certtool-cfg.h \
-# certtool-gaa.c certtool.c prime.c certtool-cfg.c
-
-EXTRA_DIST = gnutls.h

src/daemon/https/compat.h

@@ -1,98 +0,0 @@
-/* Typedefs to be fully compatible with the types of
- * GnuTLS 1.0.x.
- */
-
-#include "gnutls.h"
-
-#ifndef GCOMPAT_H
-# define GCOMPAT_H
-
-#ifdef __GNUC__
-
-#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)  
-
-#if _GNUTLS_GCC_VERSION >= 30100
-#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
-#endif
-
-#endif /* __GNUC__ */
-
-#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
-#define _GNUTLS_GCC_ATTR_DEPRECATED
-#endif
-
-#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
-#define gnutls_kx_algorithm gnutls_kx_algorithm_t
-#define gnutls_paramsype gnutls_paramsype_t
-#define gnutls_mac_algorithm gnutls_mac_algorithm_t
-#define gnutls_digest_algorithm gnutls_digest_algorithm_t
-#define gnutls_compression_method gnutls_compression_method_t
-#define gnutls_connection_end gnutls_connection_end_t
-#define gnutls_credentialsype gnutls_credentialsype_t
-#define gnutls_certificateype gnutls_certificateype_t
-#define gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t
-#define gnutls_openpgp_key_fmt gnutls_openpgp_key_fmt_t
-#define gnutls_pk_algorithm gnutls_pk_algorithm_t
-#define gnutls_sign_algorithm gnutls_sign_algorithm_t
-#define gnutls_server_name gnutls_server_nameype_t
-#define gnutls_protocol gnutls_protocol_version_t
-#define gnutls_close_request gnutls_close_request_t
-#define gnutls_openpgp_key_status gnutls_openpgp_key_status_t
-#define gnutls_certificate_request gnutls_certificate_request_t
-#define gnutls_certificate_status gnutls_certificate_status_t
-#define gnutls_session mhd_gtls_session_t
-#define gnutls_alert_level gnutls_alert_level_t
-#define gnutls_alert_description gnutls_alert_description_t
-#define gnutls_x509_subject_alt_name gnutls_x509_subject_alt_name_t
-#define gnutls_openpgp_key gnutls_openpgp_key_t
-#define gnutls_openpgp_privkey gnutls_openpgp_privkey_t
-#define gnutls_openpgp_keyring gnutls_openpgp_keyring_t
-#define gnutls_x509_crt gnutls_x509_crt_t
-#define gnutls_x509_privkey gnutls_x509_privkey_t
-#define gnutls_x509_crl gnutls_x509_crl_t
-#define gnutls_pkcs7 gnutls_pkcs7_t
-#define gnutls_x509_crq gnutls_x509_crq_t
-#define gnutls_pkcs_encrypt_flags gnutls_pkcs_encrypt_flags_t
-#define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
-#define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
-#define gnutls_pkcs12 gnutls_pkcs12_t
-#define gnutls_certificate_credentials mhd_gtls_cert_credentials_t
-#define gnutls_anon_server_credentials mhd_gtls_anon_server_credentials_t
-#define gnutls_anon_client_credentials mhd_gtls_anon_client_credentials_t
-#define gnutls_srp_client_credentials gnutls_srp_client_credentials_t
-#define gnutls_srp_server_credentials gnutls_srp_server_credentials_t
-#define gnutls_dh_params mhd_gtls_dh_params_t
-#define gnutls_rsa_params mhd_gtls_rsa_params_t
-#define gnutls_params_type gnutls_params_type_t
-#define gnutls_credentials_type gnutls_credentials_type_t
-#define gnutls_certificate_type gnutls_certificate_type_t
-#define gnutls_datum gnutls_datum_t
-#define gnutls_transport_ptr gnutls_transport_ptr_t
-
-/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
-   modified to use the PSK alert. */
-#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
-#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
-
-/* OpenPGP stuff renamed in 2.1.x. */
-#define gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
-#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
-#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
-#define gnutls_openpgp_send_key MHD_gtls_openpgp_send_cert
-#define gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
-#define gnutls_openpgp_key_t gnutls_openpgp_crt_t
-#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
-#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
-#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
-#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
-#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
-#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
-#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
-#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
-#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
-#define gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
-#define gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
-#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
-#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
-
-#endif /* GCOMPAT_H */

src/daemon/https/extra.h

@@ -60,22 +60,23 @@ extern "C"
  *
  */
   typedef int (*mhd_gtls_openpgp_recv_key_func) (mhd_gtls_session_t session,
-					       const unsigned char *keyfpr,
-					       unsigned int keyfpr_length,
-					       gnutls_datum_t * key);
+                                                 const unsigned char *keyfpr,
+                                                 unsigned int keyfpr_length,
+                                                 gnutls_datum_t * key);
 
   void gnutls_openpgp_set_recv_key_function (mhd_gtls_session_t session,
-					     mhd_gtls_openpgp_recv_key_func
-					     func);
+                                             mhd_gtls_openpgp_recv_key_func
+                                             func);
 
   int
     gnutls_certificate_set_openpgp_key_file (mhd_gtls_cert_credentials_t
-					     res, const char *CERTFILE,
-					     const char *KEYFILE, gnutls_openpgp_crt_fmt_t);
-  int gnutls_certificate_set_openpgp_key_mem (mhd_gtls_cert_credentials_t
-					      res,
-					      const gnutls_datum_t * CERT,
-					      const gnutls_datum_t * KEY, gnutls_openpgp_crt_fmt_t);
+                                             res, const char *CERTFILE,
+                                             const char *KEYFILE,
+                                             gnutls_openpgp_crt_fmt_t);
+  int gnutls_certificate_set_openpgp_key_mem (mhd_gtls_cert_credentials_t res,
+                                              const gnutls_datum_t * CERT,
+                                              const gnutls_datum_t * KEY,
+                                              gnutls_openpgp_crt_fmt_t);
 
   int
     gnutls_certificate_set_openpgp_keyring_mem
@@ -84,11 +85,12 @@ extern "C"
 
   int
     gnutls_certificate_set_openpgp_keyring_file
-    (mhd_gtls_cert_credentials_t c, const char *file, gnutls_openpgp_crt_fmt_t);
+    (mhd_gtls_cert_credentials_t c, const char *file,
+     gnutls_openpgp_crt_fmt_t);
 
-  /* TLS/IA stuff
+  /*
+   * TLS/IA stuff
    */
-
   typedef enum
   {
     GNUTLS_IA_APPLICATION_PAYLOAD = 0,
@@ -96,12 +98,12 @@ extern "C"
     GNUTLS_IA_FINAL_PHASE_FINISHED = 2
   } gnutls_ia_apptype_t;
 
-  /* TLS/IA credential
+  /*
+   * TLS/IA credential
    */
-
   typedef int (*gnutls_ia_avp_func) (mhd_gtls_session_t session, void *ptr,
-				     const char *last, size_t lastlen,
-				     char **next, size_t * nextlen);
+                                     const char *last, size_t lastlen,
+                                     char **next, size_t * nextlen);
 
   typedef struct gnutls_ia_server_credentials_st
     *gnutls_ia_server_credentials_t;
@@ -113,33 +115,33 @@ extern "C"
     gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc);
   extern int
     gnutls_ia_allocate_client_credentials (gnutls_ia_client_credentials_t *
-					   sc);
+                                           sc);
 
   extern void
     gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc);
   extern int
     gnutls_ia_allocate_server_credentials (gnutls_ia_server_credentials_t *
-					   sc);
+                                           sc);
 
   /* Client TLS/IA credential functions. */
   extern void
     gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred,
-				       gnutls_ia_avp_func avp_func);
+                                       gnutls_ia_avp_func avp_func);
   extern void
     gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred,
-				  void *ptr);
+                                  void *ptr);
   extern void *gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t
-					     cred);
+                                             cred);
 
   /* Server TLS/IA credential functions. */
   extern void
     gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred,
-				       gnutls_ia_avp_func avp_func);
+                                       gnutls_ia_avp_func avp_func);
   extern void
     gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred,
-				  void *ptr);
+                                  void *ptr);
   extern void *gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t
-					     cred);
+                                             cred);
 
   /* TLS/IA handshake. */
   extern int gnutls_ia_handshake_p (mhd_gtls_session_t session);
@@ -149,29 +151,28 @@ extern "C"
   /* TLS/IA low level interface. */
   extern int
     gnutls_ia_permute_inner_secret (mhd_gtls_session_t session,
-				    size_t session_keys_size,
-				    const char *session_keys);
+                                    size_t session_keys_size,
+                                    const char *session_keys);
   extern int gnutls_ia_endphase_send (mhd_gtls_session_t session,
-				      int final_p);
+                                      int final_p);
 
   extern int gnutls_ia_verify_endphase (mhd_gtls_session_t session,
-					const char *checksum);
+                                        const char *checksum);
 
   extern ssize_t gnutls_ia_send (mhd_gtls_session_t session,
-				 const char *data, size_t sizeofdata);
+                                 const char *data, size_t sizeofdata);
   extern ssize_t gnutls_ia_recv (mhd_gtls_session_t session,
-				 char *data, size_t sizeofdata);
+                                 char *data, size_t sizeofdata);
 
   /* Utility stuff. */
   extern int gnutls_ia_generate_challenge (mhd_gtls_session_t session,
-					   size_t buffer_size,
-					   char *buffer);
+                                           size_t buffer_size, char *buffer);
   extern void gnutls_ia_extract_inner_secret (mhd_gtls_session_t session,
-					      char *buffer);
+                                              char *buffer);
 
   /* Define whether inner phases are wanted. */
   extern void gnutls_ia_enable (mhd_gtls_session_t session,
-				int allow_skip_on_resume);
+                                int allow_skip_on_resume);
 
   int gnutls_global_init_extra (void);
 

src/daemon/https/gnutls.h

@@ -44,7 +44,6 @@ extern "C"
 
 /* Get size_t. */
 #include <stddef.h>
-#include <compat.h>
 
 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC

src/daemon/https/openpgp/openpgp.h

@@ -11,8 +11,8 @@ extern "C"
 #endif
 
 #include <gnutls.h>
-#include <gnutls_cert.h>
 #include "opencdk.h"
+#include <gnutls_cert.h>
 
 /* Internal context to store the OpenPGP key. */
 typedef struct gnutls_openpgp_crt_int

src/daemon/https/tests.c

@@ -1,1163 +0,0 @@
-/*
- * Copyright (C) 2004, 2006, 2007 Free Software Foundation
- * Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *               
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *                               
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <gnutls.h>
-#include <extra.h>
-#include <x509.h>
-
-#ifndef _WIN32
-# include <unistd.h>
-# include <signal.h>
-#else
-# include <errno.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <common.h>
-#include <tests.h>
-
-extern gnutls_srp_client_credentials_t srp_cred;
-extern mhd_gtls_anon_client_credentials_t anon_cred;
-extern mhd_gtls_cert_credentials_t xcred;
-
-extern int verbose;
-
-int tls1_ok = 0;
-int ssl3_ok = 0;
-int tls1_1_ok = 0;
-
-/* keep session info */
-static char *session_data = NULL;
-static char session_id[32];
-static size_t session_data_size = 0, session_id_size = 0;
-static int sfree = 0;
-static int handshake_output = 0;
-
-int
-do_handshake (mhd_gtls_session_t session)
-{
-  int ret, alert;
-
-  do
-    {
-      ret = MHD_gnutls_handshake (session);
-    }
-  while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
-
-  handshake_output = ret;
-
-  if (ret < 0 && verbose > 1)
-    {
-      if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
-          || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
-        {
-          alert = gnutls_alert_get (session);
-          printf ("\n");
-          printf ("*** Received alert [%d]: %s\n",
-                  alert, MHD_gnutls_alert_get_name (alert));
-        }
-    }
-
-  if (ret < 0)
-    return TEST_FAILED;
-
-  gnutls_session_get_data (session, NULL, &session_data_size);
-
-  if (sfree != 0)
-    {
-      free (session_data);
-      sfree = 0;
-    }
-  session_data = malloc (session_data_size);
-  sfree = 1;
-  if (session_data == NULL)
-    {
-      fprintf (stderr, "Memory error\n");
-      exit (1);
-    }
-  gnutls_session_get_data (session, session_data, &session_data_size);
-
-  session_id_size = sizeof (session_id);
-  MHD_gtls_session_get_id (session, session_id, &session_id_size);
-
-  return TEST_SUCCEED;
-}
-
-static int protocol_priority[16] = { GNUTLS_TLS1, MHD_GNUTLS_SSL3, 0 };
-static const int kx_priority[16] =
-  { MHD_GNUTLS_KX_RSA, MHD_GNUTLS_KX_DHE_DSS, MHD_GNUTLS_KX_DHE_RSA,
-  MHD_GNUTLS_KX_ANON_DH,
-  MHD_GNUTLS_KX_RSA_EXPORT, 0
-};
-static const int cipher_priority[16] =
-  { MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128,
-  MHD_GNUTLS_CIPHER_ARCFOUR_40, 0
-};
-static const int comp_priority[16] = { MHD_GNUTLS_COMP_NULL, 0 };
-static const int mac_priority[16] =
-  { MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_MAC_MD5, 0 };
-static const int cert_type_priority[16] = { MHD_GNUTLS_CRT_X509, 0 };
-
-#define ADD_ALL_CIPHERS(session) MHD_gnutls_cipher_set_priority(session, cipher_priority)
-#define ADD_ALL_COMP(session) MHD_gnutls_compression_set_priority(session, comp_priority)
-#define ADD_ALL_MACS(session) MHD_gnutls_mac_set_priority(session, mac_priority)
-#define ADD_ALL_KX(session) MHD_gnutls_kx_set_priority(session, kx_priority)
-#define ADD_ALL_PROTOCOLS(session) MHD_gnutls_protocol_set_priority(session, protocol_priority)
-#define ADD_ALL_CERTTYPES(session) MHD_gnutls_certificate_type_set_priority(session, cert_type_priority)
-
-static void
-ADD_KX (mhd_gtls_session_t session, int kx)
-{
-  static int _kx_priority[] = { 0, 0 };
-  _kx_priority[0] = kx;
-
-  MHD_gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_KX2 (mhd_gtls_session_t session, int kx1, int kx2)
-{
-  static int _kx_priority[] = { 0, 0, 0 };
-  _kx_priority[0] = kx1;
-  _kx_priority[1] = kx2;
-
-  MHD_gnutls_kx_set_priority (session, _kx_priority);
-}
-
-static void
-ADD_CIPHER (mhd_gtls_session_t session, int cipher)
-{
-  static int _cipher_priority[] = { 0, 0 };
-  _cipher_priority[0] = cipher;
-
-  MHD_gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_CIPHER4 (mhd_gtls_session_t session, int cipher1, int cipher2, int cipher3,
-             int cipher4)
-{
-  static int _cipher_priority[] = { 0, 0, 0, 0, 0 };
-  _cipher_priority[0] = cipher1;
-  _cipher_priority[1] = cipher2;
-  _cipher_priority[2] = cipher3;
-  _cipher_priority[3] = cipher4;
-
-  MHD_gnutls_cipher_set_priority (session, _cipher_priority);
-}
-
-static void
-ADD_MAC (mhd_gtls_session_t session, int mac)
-{
-  static int _mac_priority[] = { 0, 0 };
-  _mac_priority[0] = mac;
-
-  MHD_gnutls_mac_set_priority (session, _mac_priority);
-}
-
-static void
-ADD_COMP (mhd_gtls_session_t session, int c)
-{
-  static int _comp_priority[] = { 0, 0 };
-  _comp_priority[0] = c;
-
-  MHD_gnutls_compression_set_priority (session, _comp_priority);
-}
-
-static void
-ADD_CERTTYPE (mhd_gtls_session_t session, int ctype)
-{
-  static int _ct_priority[] = { 0, 0 };
-  _ct_priority[0] = ctype;
-
-  MHD_gnutls_certificate_type_set_priority (session, _ct_priority);
-}
-
-static void
-ADD_PROTOCOL (mhd_gtls_session_t session, int protocol)
-{
-  static int _proto_priority[] = { 0, 0 };
-  _proto_priority[0] = protocol;
-
-  MHD_gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-static void
-ADD_PROTOCOL3 (mhd_gtls_session_t session, int p1, int p2, int p3)
-{
-  static int _proto_priority[] = { 0, 0, 0, 0 };
-  _proto_priority[0] = p1;
-  _proto_priority[1] = p2;
-  _proto_priority[2] = p3;
-
-  MHD_gnutls_protocol_set_priority (session, _proto_priority);
-}
-
-#ifdef ENABLE_SRP
-static int srp_detected;
-
-int
-_test_srp_username_callback (mhd_gtls_session_t session,
-                             char **username, char **password)
-{
-  srp_detected = 1;
-
-  return -1;
-}
-
-test_code_t
-test_srp (mhd_gtls_session_t session)
-{
-  int ret;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-
-  ADD_KX (session, MHD_GNUTLS_KX_SRP);
-  srp_detected = 0;
-
-  gnutls_srp_set_client_credentials_function (srp_cred,
-                                              _test_srp_username_callback);
-
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_SRP, srp_cred);
-
-  ret = do_handshake (session);
-
-  gnutls_srp_set_client_credentials_function (srp_cred, NULL);
-
-  if (srp_detected != 0)
-    return TEST_SUCCEED;
-  else
-    return TEST_FAILED;
-}
-#endif
-
-test_code_t
-test_server (mhd_gtls_session_t session)
-{
-  int ret, i = 0;
-  char buf[5 * 1024];
-  char *p;
-  const char snd_buf[] = "GET / HTTP/1.0\n\n";
-
-  if (verbose == 0)
-    return TEST_UNSURE;
-
-  buf[sizeof (buf) - 1] = 0;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret != TEST_SUCCEED)
-    return TEST_FAILED;
-
-  MHD_gnutls_record_send (session, snd_buf, sizeof (snd_buf) - 1);
-  ret = MHD_gnutls_record_recv (session, buf, sizeof (buf) - 1);
-  if (ret < 0)
-    return TEST_FAILED;
-
-  p = strstr (buf, "Server:");
-  if (p != NULL)
-    p = strchr (p, ':');
-  if (p != NULL)
-    {
-      p++;
-      while (*p != 0 && *p != '\r' && *p != '\n')
-        {
-          putc (*p, stdout);
-          p++;
-          i++;
-          if (i > 128)
-            break;
-        }
-    }
-
-  return TEST_SUCCEED;
-}
-
-
-static int export_true = 0;
-static gnutls_datum_t exp = { NULL, 0 }, mod =
-
-{
-NULL, 0};
-
-test_code_t
-test_export (mhd_gtls_session_t session)
-{
-  int ret;
-
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-
-  ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT);
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-
-  if (ret == TEST_SUCCEED)
-    {
-      export_true = 1;
-      MHD_gtls_rsa_export_get_pubkey (session, &exp, &mod);
-    }
-
-  return ret;
-}
-
-test_code_t
-test_export_info (mhd_gtls_session_t session)
-{
-  int ret2, ret;
-  gnutls_datum_t exp2, mod2;
-  const char *print;
-
-  if (verbose == 0 || export_true == 0)
-    return TEST_IGNORE;
-
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-
-  ADD_KX (session, MHD_GNUTLS_KX_RSA_EXPORT);
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-
-  if (ret == TEST_SUCCEED)
-    {
-      ret2 = MHD_gtls_rsa_export_get_pubkey (session, &exp2, &mod2);
-      if (ret2 >= 0)
-        {
-          printf ("\n");
-
-          print = raw_to_string (exp2.data, exp2.size);
-          if (print)
-            printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print);
-
-          print = raw_to_string (mod2.data, mod2.size);
-          if (print)
-            printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print);
-
-          if (mod2.size != mod.size || exp2.size != exp.size ||
-              memcmp (mod2.data, mod.data, mod.size) != 0 ||
-              memcmp (exp2.data, exp.data, exp.size) != 0)
-            {
-              printf
-                (" (server uses different public keys per connection)\n");
-            }
-        }
-    }
-
-  return ret;
-
-}
-
-static gnutls_datum_t pubkey = { NULL, 0 };
-
-test_code_t
-test_dhe (mhd_gtls_session_t session)
-{
-  int ret;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-
-  ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-
-  MHD_gnutls_dh_get_pubkey (session, &pubkey);
-
-  return ret;
-}
-
-test_code_t
-test_dhe_group (mhd_gtls_session_t session)
-{
-  int ret, ret2;
-  gnutls_datum_t gen, prime, pubkey2;
-  const char *print;
-
-  if (verbose == 0 || pubkey.data == NULL)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-
-  ADD_KX2 (session, MHD_GNUTLS_KX_DHE_RSA, MHD_GNUTLS_KX_DHE_DSS);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-
-  ret2 = MHD_gnutls_dh_get_group (session, &gen, &prime);
-  if (ret2 >= 0)
-    {
-      printf ("\n");
-
-      print = raw_to_string (gen.data, gen.size);
-      if (print)
-        printf (" Generator [%d bits]: %s\n", gen.size * 8, print);
-
-      print = raw_to_string (prime.data, prime.size);
-      if (print)
-        printf (" Prime [%d bits]: %s\n", prime.size * 8, print);
-
-      MHD_gnutls_dh_get_pubkey (session, &pubkey2);
-      print = raw_to_string (pubkey2.data, pubkey2.size);
-      if (print)
-        printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print);
-
-      if (pubkey2.data && pubkey2.size == pubkey.size &&
-          memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0)
-        {
-          printf (" (public key seems to be static among sessions)\n");
-        }
-    }
-  return ret;
-}
-
-test_code_t
-test_ssl3 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_PROTOCOL (session, MHD_GNUTLS_SSL3);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_SUCCEED)
-    ssl3_ok = 1;
-
-  return ret;
-}
-
-static int alrm = 0;
-void
-got_alarm (int k)
-{
-  alrm = 1;
-}
-
-test_code_t
-test_bye (mhd_gtls_session_t session)
-{
-  int ret;
-  char data[20];
-  int old, secs = 6;
-
-#ifndef _WIN32
-  signal (SIGALRM, got_alarm);
-#endif
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return ret;
-
-  ret = MHD_gnutls_bye (session, GNUTLS_SHUT_WR);
-  if (ret < 0)
-    return TEST_FAILED;
-
-#ifndef _WIN32
-  old = siginterrupt (SIGALRM, 1);
-  alarm (secs);
-#else
-  setsockopt (gnutls_transport_get_ptr (session), SOL_SOCKET, SO_RCVTIMEO,
-              (char *) &secs, sizeof (int));
-#endif
-
-  do
-    {
-      ret = MHD_gnutls_record_recv (session, data, sizeof (data));
-    }
-  while (ret > 0);
-
-#ifndef _WIN32
-  siginterrupt (SIGALRM, old);
-#else
-  if (WSAGetLastError () == WSAETIMEDOUT ||
-      WSAGetLastError () == WSAECONNABORTED)
-    alrm = 1;
-#endif
-  if (ret == 0)
-    return TEST_SUCCEED;
-
-  if (alrm == 0)
-    return TEST_UNSURE;
-
-  return TEST_FAILED;
-}
-
-
-
-test_code_t
-test_aes (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_AES_128_CBC);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-#ifdef	ENABLE_CAMELLIA
-test_code_t
-test_camellia (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-#endif
-
-test_code_t
-test_openpgp1 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_CERTTYPE (session, MHD_GNUTLS_CRT_OPENPGP);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return ret;
-
-  if (gnutls_certificate_type_get (session) == MHD_GNUTLS_CRT_OPENPGP)
-    return TEST_SUCCEED;
-
-  return TEST_FAILED;
-}
-
-test_code_t
-test_unknown_ciphersuites (mhd_gtls_session_t session)
-{
-  int ret;
-#ifdef	ENABLE_CAMELLIA
-  ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC,
-               MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-               MHD_GNUTLS_CIPHER_ARCFOUR_128);
-#else
-  ADD_CIPHER4 (session, MHD_GNUTLS_CIPHER_AES_128_CBC,
-               MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_CIPHER_ARCFOUR_128, 0);
-#endif
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-test_code_t
-test_md5 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_MAC (session, MHD_GNUTLS_MAC_MD5);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-#ifdef HAVE_LIBZ
-test_code_t
-test_zlib (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_COMP (session, GNUTLS_COMP_ZLIB);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-#endif
-
-test_code_t
-test_lzo (mhd_gtls_session_t session)
-{
-  int ret;
-  MHD_gtls_handshake_set_private_extensions (session, 1);
-
-  ADD_ALL_CIPHERS (session);
-  ADD_COMP (session, MHD_GNUTLS_COMP_LZO);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-
-  return ret;
-}
-
-test_code_t
-test_sha (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_MAC (session, MHD_GNUTLS_MAC_SHA1);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-test_code_t
-test_3des (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_3DES_CBC);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-test_code_t
-test_arcfour (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_128);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-test_code_t
-test_arcfour_40 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_CIPHER (session, MHD_GNUTLS_CIPHER_ARCFOUR_40);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-test_code_t
-test_tls1 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_PROTOCOL (session, GNUTLS_TLS1);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_SUCCEED)
-    tls1_ok = 1;
-
-  return ret;
-
-}
-
-test_code_t
-test_tls1_1 (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_PROTOCOL (session, MHD_GNUTLS_TLS1_1);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_SUCCEED)
-    tls1_1_ok = 1;
-
-  return ret;
-
-}
-
-test_code_t
-test_tls1_1_fallback (mhd_gtls_session_t session)
-{
-  int ret;
-  if (tls1_1_ok)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_PROTOCOL3 (session, MHD_GNUTLS_TLS1_1, GNUTLS_TLS1, MHD_GNUTLS_SSL3);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret != TEST_SUCCEED)
-    return TEST_FAILED;
-
-  if (MHD_gnutls_protocol_get_version (session) == GNUTLS_TLS1)
-    return TEST_SUCCEED;
-  else if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
-    return TEST_UNSURE;
-
-  return TEST_FAILED;
-
-}
-
-/* Advertize both TLS 1.0 and SSL 3.0. If the connection fails,
- * but the previous SSL 3.0 test succeeded then disable TLS 1.0.
- */
-test_code_t
-test_tls_disable (mhd_gtls_session_t session)
-{
-  int ret;
-  if (tls1_ok != 0)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    {
-      /* disable TLS 1.0 */
-      if (ssl3_ok != 0)
-        {
-          protocol_priority[0] = MHD_GNUTLS_SSL3;
-          protocol_priority[1] = 0;
-        }
-    }
-  return ret;
-
-}
-
-test_code_t
-test_rsa_pms (mhd_gtls_session_t session)
-{
-  int ret;
-
-  /* here we enable both SSL 3.0 and TLS 1.0
-   * and try to connect and use rsa authentication.
-   * If the server is old, buggy and only supports
-   * SSL 3.0 then the handshake will fail.
-   */
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_KX (session, MHD_GNUTLS_KX_RSA);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return TEST_FAILED;
-
-  if (MHD_gnutls_protocol_get_version (session) == GNUTLS_TLS1)
-    return TEST_SUCCEED;
-  return TEST_UNSURE;
-}
-
-test_code_t
-test_max_record_size (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  MHD_gnutls_record_set_max_size (session, 512);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return ret;
-
-  ret = MHD_gnutls_record_get_max_size (session);
-  if (ret == 512)
-    return TEST_SUCCEED;
-
-  return TEST_FAILED;
-}
-
-test_code_t
-test_hello_extension (mhd_gtls_session_t session)
-{
-  int ret;
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  MHD_gnutls_record_set_max_size (session, 512);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-void _gnutls_record_set_default_version (mhd_gtls_session_t session,
-                                         unsigned char major,
-                                         unsigned char minor);
-
-test_code_t
-test_version_rollback (mhd_gtls_session_t session)
-{
-  int ret;
-  if (tls1_ok == 0)
-    return TEST_IGNORE;
-
-  /* here we enable both SSL 3.0 and TLS 1.0
-   * and we connect using a 3.1 client hello version,
-   * and a 3.0 record version. Some implementations
-   * are buggy (and vulnerable to man in the middle
-   * attacks which allow a version downgrade) and this 
-   * connection will fail.
-   */
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  _gnutls_record_set_default_version (session, 3, 0);
-
-  ret = do_handshake (session);
-  if (ret != TEST_SUCCEED)
-    return ret;
-
-  if (tls1_ok != 0
-      && MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3)
-    return TEST_FAILED;
-
-  return TEST_SUCCEED;
-}
-
-/* See if the server tolerates out of bounds
- * record layer versions in the first client hello
- * message.
- */
-test_code_t
-test_version_oob (mhd_gtls_session_t session)
-{
-  int ret;
-  /* here we enable both SSL 3.0 and TLS 1.0
-   * and we connect using a 5.5 record version.
-   */
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  _gnutls_record_set_default_version (session, 5, 5);
-
-  ret = do_handshake (session);
-  return ret;
-}
-
-void _gnutls_rsa_pms_set_version (mhd_gtls_session_t session,
-                                  unsigned char major, unsigned char minor);
-
-test_code_t
-test_rsa_pms_version_check (mhd_gtls_session_t session)
-{
-  int ret;
-  /* here we use an arbitary version in the RSA PMS
-   * to see whether to server will check this version.
-   *
-   * A normal server would abort this handshake.
-   */
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  _gnutls_rsa_pms_set_version (session, 5, 5);  /* use SSL 5.5 version */
-
-  ret = do_handshake (session);
-  return ret;
-
-}
-
-#ifdef ENABLE_ANON
-test_code_t
-test_anonymous (mhd_gtls_session_t session)
-{
-  int ret;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_KX (session, MHD_GNUTLS_KX_ANON_DH);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred);
-
-  ret = do_handshake (session);
-
-  if (ret == TEST_SUCCEED)
-    MHD_gnutls_dh_get_pubkey (session, &pubkey);
-
-  return ret;
-}
-#endif
-
-test_code_t
-test_session_resume2 (mhd_gtls_session_t session)
-{
-  int ret;
-  char tmp_session_id[32];
-  int tmp_session_id_size;
-
-  if (session == NULL)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_ANON, anon_cred);
-
-  gnutls_session_set_data (session, session_data, session_data_size);
-
-  memcpy (tmp_session_id, session_id, session_id_size);
-  tmp_session_id_size = session_id_size;
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return ret;
-
-  /* check if we actually resumed the previous session */
-
-  session_id_size = sizeof (session_id);
-  MHD_gtls_session_get_id (session, session_id, &session_id_size);
-
-  if (session_id_size == 0)
-    return TEST_FAILED;
-
-  if (MHD_gtls_session_is_resumed (session))
-    return TEST_SUCCEED;
-
-  if (tmp_session_id_size == session_id_size &&
-      memcmp (tmp_session_id, session_id, tmp_session_id_size) == 0)
-    return TEST_SUCCEED;
-  else
-    return TEST_FAILED;
-}
-
-extern char *hostname;
-
-test_code_t
-test_certificate (mhd_gtls_session_t session)
-{
-  int ret;
-
-  if (verbose == 0)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-
-  ret = do_handshake (session);
-  if (ret == TEST_FAILED)
-    return ret;
-
-  printf ("\n");
-  print_cert_info (session, hostname);
-
-  return TEST_SUCCEED;
-}
-
-/* A callback function to be used at the certificate selection time.
- */
-static int
-cert_callback (mhd_gtls_session_t session,
-               const gnutls_datum_t * req_ca_rdn, int nreqs,
-               const gnutls_pk_algorithm_t * sign_algos,
-               int sign_algos_length, gnutls_retr_st * st)
-{
-  char issuer_dn[256];
-  int i, ret;
-  size_t len;
-
-  if (verbose == 0)
-    return -1;
-
-  /* Print the server's trusted CAs
-   */
-  printf ("\n");
-  if (nreqs > 0)
-    printf ("- Server's trusted authorities:\n");
-  else
-    printf ("- Server did not send us any trusted authorities names.\n");
-
-  /* print the names (if any) */
-  for (i = 0; i < nreqs; i++)
-    {
-      len = sizeof (issuer_dn);
-      ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
-      if (ret >= 0)
-        {
-          printf ("   [%d]: ", i);
-          printf ("%s\n", issuer_dn);
-        }
-    }
-
-  return -1;
-
-}
-
-/* Prints the trusted server's CAs. This is only
- * if the server sends a certificate request packet.
- */
-test_code_t
-test_server_cas (mhd_gtls_session_t session)
-{
-  int ret;
-
-  if (verbose == 0)
-    return TEST_IGNORE;
-
-  ADD_ALL_CIPHERS (session);
-  ADD_ALL_COMP (session);
-  ADD_ALL_CERTTYPES (session);
-  ADD_ALL_PROTOCOLS (session);
-  ADD_ALL_MACS (session);
-  ADD_ALL_KX (session);
-
-  MHD_gnutls_credentials_set (session, MHD_GNUTLS_CRD_CERTIFICATE, xcred);
-  MHD_gtls_certificate_client_set_retrieve_function (xcred, cert_callback);
-
-  ret = do_handshake (session);
-  MHD_gtls_certificate_client_set_retrieve_function (xcred, NULL);
-
-  if (ret == TEST_FAILED)
-    return ret;
-  return TEST_SUCCEED;
-}

src/daemon/https/tests.h

@@ -1,42 +0,0 @@
-typedef enum
-{
-  TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE
-} test_code_t;
-
-test_code_t test_srp (mhd_gtls_session_t state);
-test_code_t test_server (mhd_gtls_session_t state);
-test_code_t test_export (mhd_gtls_session_t state);
-test_code_t test_export_info (mhd_gtls_session_t state);
-test_code_t test_hello_extension (mhd_gtls_session_t state);
-test_code_t test_dhe (mhd_gtls_session_t state);
-test_code_t test_dhe_group (mhd_gtls_session_t state);
-test_code_t test_ssl3 (mhd_gtls_session_t state);
-test_code_t test_aes (mhd_gtls_session_t state);
-#ifdef	ENABLE_CAMELLIA
-test_code_t test_camellia (mhd_gtls_session_t state);
-#endif
-test_code_t test_md5 (mhd_gtls_session_t state);
-test_code_t test_sha (mhd_gtls_session_t state);
-test_code_t test_3des (mhd_gtls_session_t state);
-test_code_t test_arcfour (mhd_gtls_session_t state);
-test_code_t test_arcfour_40 (mhd_gtls_session_t state);
-test_code_t test_tls1 (mhd_gtls_session_t state);
-test_code_t test_tls1_1 (mhd_gtls_session_t state);
-test_code_t test_tls1_1_fallback (mhd_gtls_session_t state);
-test_code_t test_tls_disable (mhd_gtls_session_t state);
-test_code_t test_rsa_pms (mhd_gtls_session_t state);
-test_code_t test_max_record_size (mhd_gtls_session_t state);
-test_code_t test_version_rollback (mhd_gtls_session_t state);
-test_code_t test_anonymous (mhd_gtls_session_t state);
-test_code_t test_unknown_ciphersuites (mhd_gtls_session_t state);
-test_code_t test_openpgp1 (mhd_gtls_session_t state);
-test_code_t test_bye (mhd_gtls_session_t state);
-test_code_t test_certificate (mhd_gtls_session_t state);
-test_code_t test_server_cas (mhd_gtls_session_t state);
-test_code_t test_session_resume2 (mhd_gtls_session_t state);
-test_code_t test_rsa_pms_version_check (mhd_gtls_session_t session);
-test_code_t test_version_oob (mhd_gtls_session_t session);
-test_code_t test_zlib (mhd_gtls_session_t session);
-test_code_t test_lzo (mhd_gtls_session_t session);
-int _test_srp_username_callback (mhd_gtls_session_t session,
-				 char **username, char **password);

src/daemon/https/tls/Makefile.am

@@ -26,10 +26,10 @@ auth_rsa.c \
 auth_rsa_export.c \
 debug.c \
 ext_cert_type.c \
-ext_inner_application.c \
 ext_max_record.c \
 ext_oprfi.c \
 ext_server_name.c \
+ext_inner_application.c \
 gnutls_alert.c \
 gnutls_algorithms.c \
 gnutls_anon_cred.c \
@@ -68,6 +68,4 @@ gnutls_supplemental.c \
 gnutls_ui.c \
 gnutls_x509.c \
 pkix_asn1_tab.c \
-x509_b64.c
-
-
+x509_b64.c

src/daemon/https/tls/auth_cert.h

@@ -23,13 +23,14 @@
  */
 
 #ifndef AUTH_CERT_H
-# define AUTH_CERT_H
-
-# include "gnutls_cert.h"
-# include "gnutls_auth.h"
-# include "auth_dh_common.h"
-# include "x509.h"
-# include "openpgp.h"
+#define AUTH_CERT_H
+
+#include "gnutls_cert.h"
+#include "gnutls_auth.h"
+#include "auth_dh_common.h"
+#include "x509.h"
+#include "openpgp.h"
+#include "extra.h"
 
 /* This structure may be complex, but it's the only way to
  * support a server that has multiple certificates

src/daemon/https/tls/ext_inner_application.c

@@ -63,7 +63,8 @@ mhd_gtls_inner_app_rcv_params (mhd_gtls_session_t session,
 }
 
 
-/* returns data_size or a negative number on failure
+/**
+ *  returns data_size or a negative number on failure
  */
 int
 mhd_gtls_inner_app_send_params (mhd_gtls_session_t session,

src/daemon/https/tls/gnutls_cert.c

@@ -314,11 +314,11 @@ MHD_gtls_certificate_server_set_request (mhd_gtls_session_t session,
   * This function sets a callback to be called in order to retrieve the certificate
   * to be used in the handshake.
   * The callback's function prototype is:
-  * int (*callback)(mhd_gtls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, 
+  * int (*callback)(mhd_gtls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
   * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
   *
-  * @req_ca_cert is only used in X.509 certificates. 
-  * Contains a list with the CA names that the server considers trusted. 
+  * @req_ca_cert is only used in X.509 certificates.
+  * Contains a list with the CA names that the server considers trusted.
   * Normally we should send a certificate that is signed
   * by one of these CAs. These names are DER encoded. To get a more
   * meaningful value use the function gnutls_x509_rdn_get().
@@ -441,7 +441,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
   * _gnutls_openpgp_crt_verify_peers - This function returns the peer's certificate status
   * @session: is a gnutls session
   *
-  * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). 
+  * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
   * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
   *
   -*/
@@ -484,7 +484,7 @@ _gnutls_openpgp_crt_verify_peers (mhd_gtls_session_t session,
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
-  /* Verify certificate 
+  /* Verify certificate
    */
   if (_E_gnutls_openpgp_verify_key == NULL)
     {
@@ -715,6 +715,7 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
     {
     case MHD_GNUTLS_CRT_X509:
       return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
+#if ENABLE_OPENPGP
     case MHD_GNUTLS_CRT_OPENPGP:
       if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL)
         {
@@ -724,6 +725,7 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
       return _E_gnutls_openpgp_raw_privkey_to_gkey (key, raw_key,
                                                     (gnutls_openpgp_crt_fmt_t)
                                                     key_enc);
+#endif
     default:
       gnutls_assert ();
       return GNUTLS_E_INTERNAL_ERROR;
@@ -733,11 +735,11 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key,
 
 /* This function will convert a der certificate to a format
  * (structure) that gnutls can understand and use. Actually the
- * important thing on this function is that it extracts the 
+ * important thing on this function is that it extracts the
  * certificate's (public key) parameters.
  *
  * The noext flag is used to complete the handshake even if the
- * extensions found in the certificate are unsupported and critical. 
+ * extensions found in the certificate are unsupported and critical.
  * The critical extensions will be catched by the verification functions.
  */
 int

src/daemon/https/tls/gnutls_handshake.c

@@ -301,7 +301,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session,
 }
 
 int
-mhd_gtls_user_hello_func (gnutls_session session,
+mhd_gtls_user_hello_func (mhd_gtls_session_t session,
                          gnutls_protocol_t adv_version)
 {
   int ret;

src/daemon/https/tls/gnutls_handshake.h

@@ -50,7 +50,7 @@ int mhd_gtls_server_select_suite (mhd_gtls_session_t session, opaque * data,
 				 int datalen);
 
 int mhd_gtls_negotiate_version( mhd_gtls_session_t session, gnutls_protocol_t adv_version);
-int mhd_gtls_user_hello_func( gnutls_session, gnutls_protocol_t adv_version);
+int mhd_gtls_user_hello_func( mhd_gtls_session_t, gnutls_protocol_t adv_version);
 
 #if MHD_DEBUG_TLS
 int mhd_gtls_handshake_client (mhd_gtls_session_t session);

src/daemon/https/tls/gnutls_int.h

@@ -28,9 +28,9 @@
 #include <defines.h>
 
 #include "gnutls.h"
+#include "extra.h"
 #include "microhttpd.h"
 
-#include "extra.h"
 #include "gnutls_mem.h"
 
 /* FIXME: delete this once opencdk has reentrant keyring functions
@@ -599,11 +599,6 @@ typedef struct
      */
     int direction;
 
-    /* This callback will be used (if set) to receive an
-     * openpgp key. (if the peer sends a fingerprint)
-     */
-    mhd_gtls_openpgp_recv_key_func openpgp_recv_key_func;
-
     /* If non zero the server will not advertize the CA's he
      * trusts (do not send an RDN sequence).
      */

src/daemon/https/tls_test.c

@@ -1,348 +0,0 @@
-/*
- * Copyright (C) 2000,2001,2002,2003,2006,2007 Nikos Mavrogiannopoulos
- * Copyright (C) 2004,2005 Free Software Foundation
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *               
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *                               
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <string.h>
-#include <gnutls.h>
-#include <extra.h>
-#include <sys/time.h>
-#include <tests.h>
-#include <common.h>
-#include <tls_test-gaa.h>
-
-#ifndef SHUT_WR
-# define SHUT_WR 1
-#endif
-
-#ifndef SHUT_RDWR
-# define SHUT_RDWR 2
-#endif
-
-#define SA struct sockaddr
-#define ERR(err,s) if (err==-1) {perror(s);return(1);}
-#define MAX_BUF 4096
-
-/* global stuff here */
-int resume;
-char *hostname = NULL;
-int port;
-int record_max_size;
-int fingerprint;
-static int debug;
-
-gnutls_srp_client_credentials_t srp_cred;
-gnutls_anon_client_credentials_t anon_cred;
-gnutls_certificate_credentials_t xcred;
-
-/* end of global stuff */
-
-
-int verbose = 0;
-
-extern int tls1_ok;
-extern int tls1_1_ok;
-extern int ssl3_ok;
-
-static void
-tls_log_func (int level, const char *str)
-{
-  fprintf (stderr, "|<%d>| %s", level, str);
-}
-
-typedef test_code_t (*TEST_FUNC) (gnutls_session_t);
-
-typedef struct
-{
-  char *test_name;
-  TEST_FUNC func;
-  char *suc_str;
-  char *fail_str;
-  char *unsure_str;
-} TLS_TEST;
-
-static const TLS_TEST tls_tests[] = {
-  {"for TLS 1.1 support", test_tls1_1, "yes", "no", "dunno"},
-  {"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0", "failed",
-   "SSL 3.0"},
-  {"for TLS 1.0 support", test_tls1, "yes", "no", "dunno"},
-  {"for SSL 3.0 support", test_ssl3, "yes", "no", "dunno"},
-  {"for HTTPS server name", test_server, "", "failed", "not checked"},
-  {"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
-   "dunno"},
-  {"for version rollback bug in Client Hello", test_version_rollback,
-   "no", "yes", "dunno"},
-
-  /* this test will disable TLS 1.0 if the server is 
-   * buggy */
-  {"whether we need to disable TLS 1.0", test_tls_disable, "no", "yes",
-   "dunno"},
-
-  {"whether the server ignores the RSA PMS version",
-   test_rsa_pms_version_check, "yes", "no", "dunno"},
-  {"whether the server can accept Hello Extensions",
-   test_hello_extension, "yes", "no", "dunno"},
-  {"whether the server can accept cipher suites not in SSL 3.0 spec",
-   test_unknown_ciphersuites, "yes", "no", "dunno"},
-  {"whether the server can accept a bogus TLS record version in the client hello", test_version_oob, "yes", "no", "dunno"},
-  {"for certificate information", test_certificate, "", "", ""},
-  {"for trusted CAs", test_server_cas, "", "", ""},
-  {"whether the server understands TLS closure alerts", test_bye, "yes",
-   "no", "partially"},
-  /* the fact that is after the closure alert test does matter.
-   */
-  {"whether the server supports session resumption",
-   test_session_resume2, "yes", "no", "dunno"},
-  {"for export-grade ciphersuite support", test_export, "yes", "no",
-   "dunno"},
-  {"RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A"},
-#ifdef ENABLE_ANON
-  {"for anonymous authentication support", test_anonymous, "yes", "no",
-   "dunno"},
-  {"anonymous Diffie Hellman group info", test_dhe_group, "", "N/A",
-   "N/A"},
-#endif
-  {"for ephemeral Diffie Hellman support", test_dhe, "yes", "no",
-   "dunno"},
-  {"ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A",
-   "N/A"},
-  {"for AES cipher support (TLS extension)", test_aes, "yes", "no",
-   "dunno"},
-#ifdef	ENABLE_CAMELLIA
-  {"for CAMELLIA cipher support (TLS extension)", test_camellia, "yes", "no",
-   "dunno"},
-#endif
-  {"for 3DES cipher support", test_3des, "yes", "no", "dunno"},
-  {"for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"},
-  {"for ARCFOUR 40 cipher support", test_arcfour_40, "yes", "no",
-   "dunno"},
-  {"for MD5 MAC support", test_md5, "yes", "no", "dunno"},
-  {"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
-#ifdef HAVE_LIBZ
-  {"for ZLIB compression support (TLS extension)", test_zlib, "yes",
-   "no", "dunno"},
-#endif
-  {"for LZO compression support (GnuTLS extension)", test_lzo, "yes",
-   "no", "dunno"},
-  {"for max record size (TLS extension)", test_max_record_size, "yes",
-   "no", "dunno"},
-#ifdef ENABLE_SRP
-  {"for SRP authentication support (TLS extension)", test_srp, "yes",
-   "no", "dunno"},
-#endif
-  {"for OpenPGP authentication support (TLS extension)", test_openpgp1,
-   "yes", "no", "dunno"},
-  {NULL, NULL, NULL, NULL, NULL}
-};
-
-static int tt = 0;
-const char *ip;
-
-static void gaa_parser (int argc, char **argv);
-
-int
-main (int argc, char **argv)
-{
-  int err, ret;
-  int sd, i;
-  gnutls_session_t state;
-  char buffer[MAX_BUF + 1];
-  char portname[6];
-  struct addrinfo hints, *res, *ptr;
-
-  gaa_parser (argc, argv);
-
-#ifndef _WIN32
-  signal (SIGPIPE, SIG_IGN);
-#endif
-
-  sockets_init ();
-
-  if (gnutls_global_init () < 0)
-    {
-      fprintf (stderr, "global state initialization error\n");
-      exit (1);
-    }
-
-  gnutls_global_set_log_function (tls_log_func);
-  gnutls_global_set_log_level (debug);
-
-  if (gnutls_global_init_extra () < 0)
-    {
-      fprintf (stderr, "global state initialization error\n");
-      exit (1);
-    }
-
-  printf ("Resolving '%s'...\n", hostname);
-  /* get server name */
-  memset (&hints, 0, sizeof (hints));
-  hints.ai_socktype = SOCK_STREAM;
-  hints.ai_flags = 0;
-  snprintf (portname, sizeof (portname), "%d", port);
-  if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0)
-    {
-      fprintf (stderr, "Cannot resolve %s: %s\n", hostname,
-               gai_strerror (err));
-      exit (1);
-    }
-
-  /* X509 stuff */
-  if (gnutls_certificate_allocate_credentials (&xcred) < 0)
-    {                           /* space for 2 certificates */
-      fprintf (stderr, "memory error\n");
-      exit (1);
-    }
-
-  /* SRP stuff */
-#ifdef ENABLE_SRP
-  if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
-    {
-      fprintf (stderr, "memory error\n");
-      exit (1);
-    }
-#endif
-
-#ifdef ENABLE_ANON
-  /* ANON stuff */
-  if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
-    {
-      fprintf (stderr, "memory error\n");
-      exit (1);
-    }
-#endif
-
-  i = 0;
-
-  do
-    {
-
-      if (tls_tests[i].test_name == NULL)
-        break;                  /* finished */
-
-      /* if neither of SSL3 and TLSv1 are supported, exit
-       */
-      if (i > 3 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0)
-        {
-          fprintf (stderr,
-                   "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n");
-          break;
-        }
-
-      sd = -1;
-      for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
-        {
-          sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
-          if (sd == -1)
-            {
-              continue;
-            }
-
-          getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
-                       NULL, 0, NI_NUMERICHOST);
-          if (tt++ == 0)
-            printf ("Connecting to '%s:%d'...\n", buffer, port);
-          if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0)
-            {
-              close (sd);
-              sd = -1;
-              continue;
-            }
-        }
-      ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT);
-      gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t) sd);
-
-      do
-        {
-          printf ("Checking %s...", tls_tests[i].test_name);
-
-          ret = tls_tests[i].func (state);
-
-          if (ret == TEST_SUCCEED)
-            printf (" %s\n", tls_tests[i].suc_str);
-          else if (ret == TEST_FAILED)
-            printf (" %s\n", tls_tests[i].fail_str);
-          else if (ret == TEST_UNSURE)
-            printf (" %s\n", tls_tests[i].unsure_str);
-          else if (ret == TEST_IGNORE)
-            {
-              printf (" N/A\n");
-              i++;
-            }
-        }
-      while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL);
-
-      gnutls_deinit (state);
-
-      shutdown (sd, SHUT_RDWR); /* no more receptions */
-      close (sd);
-
-      i++;
-    }
-  while (1);
-
-  freeaddrinfo (res);
-
-#ifdef ENABLE_SRP
-  gnutls_srp_free_client_credentials (srp_cred);
-#endif
-  gnutls_certificate_free_credentials (xcred);
-#ifdef ENABLE_ANON
-  gnutls_anon_free_client_credentials (anon_cred);
-#endif
-  gnutls_global_deinit ();
-
-  return 0;
-}
-
-static gaainfo info;
-void
-gaa_parser (int argc, char **argv)
-{
-  if (gaa (argc, argv, &info) != -1)
-    {
-      fprintf (stderr,
-               "Error in the arguments. Use the -h or --help parameters to get more info.\n");
-      exit (1);
-    }
-
-  port = info.pp;
-  if (info.rest_args == NULL)
-    hostname = "localhost";
-  else
-    hostname = info.rest_args;
-
-  debug = info.debug;
-
-  verbose = info.more_info;
-
-}
-
-void
-tls_test_version (void)
-{
-  const char *v = gnutls_check_version (NULL);
-
-  printf ("gnutls-cli-debug (GnuTLS) %s\n", LIBGNUTLS_VERSION);
-  if (strcmp (v, LIBGNUTLS_VERSION) != 0)
-    printf ("libgnutls %s\n", v);
-}

src/daemon/https/x509/mpi.c

@@ -210,7 +210,7 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
 {
   int result;
   int pk_algorithm;
-  gnutls_datum tmp = { NULL, 0 };
+  gnutls_datum_t tmp = { NULL, 0 };
 
   /* Read the algorithm's OID
    */

src/daemon/https/x509/privkey_pkcs8.c

@@ -130,7 +130,7 @@ check_schema (const char *oid)
  * an ASN.1 INTEGER of the x value.
  */
 inline static int
-_encode_privkey (gnutls_x509_privkey pkey, gnutls_datum * raw)
+_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
 {
   size_t size = 0;
   opaque *data = NULL;
@@ -193,8 +193,8 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey,
   int result, len;
   opaque null = 0;
   const char *oid;
-  gnutls_datum algo_params = { NULL, 0 };
-  gnutls_datum algo_privkey = { NULL, 0 };
+  gnutls_datum_t algo_params = { NULL, 0 };
+  gnutls_datum_t algo_privkey = { NULL, 0 };
 
   if (pkey->pk_algorithm == MHD_GNUTLS_PK_RSA)
     {
@@ -810,10 +810,10 @@ error:
 /* Decodes an RSA privateKey from a PKCS8 structure.
  */
 static int
-_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey)
+_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 {
   int ret;
-  gnutls_datum tmp;
+  gnutls_datum_t tmp;
 
   ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
   if (ret < 0)

src/include/microhttpd.h

@@ -342,13 +342,11 @@ enum MHD_OPTION
   MHD_OPTION_PER_IP_CONNECTION_LIMIT = 5,
 
  /**
-  * Bind daemon to the supplied ip address. this option should be followed by a
-  * ip address string. Addresses should be supplied in the number & dot notation
-  * [ie. '127.0.0.1' for IPv4 & '::ffff:127.0.0.1' for IPv6 ]. Supplying an
-  * IPv6 address * must be done in conjunction with supplying the daemon with
-  * the 'MHD_USE_IPv6' option.
+  * Bind daemon to the supplied sockaddr. this option should be followed by a
+  * 'struct sockaddr'. Supplying an IPv6 address must be done in conjunction with
+  * with the 'MHD_USE_IPv6' option.
   */
-  MHD_OPTION_IP_ADDR = 6,
+  MHD_OPTION_SOCK_ADDR = 6,
 
   MHD_HTTPS_OPTION_START = 7,
 
@@ -1131,8 +1129,8 @@ enum MHD_InfoType
   MHD_INFO_CERT_TYPE
 };
 
-union MHD_SessionInfo MHD_get_session_info (struct MHD_Connection *con,
-                                            enum MHD_InfoType infoType);
+union MHD_SessionInfo
+MHD_get_session_info ( struct MHD_Connection * connection, enum MHD_InfoType infoType);
 
 /* TODO impl */
 size_t MHDS_get_key_size (struct MHD_Daemon *daemon,

src/testcurl/Makefile.am

@@ -24,7 +24,8 @@ check_PROGRAMS = \
   daemontest_large_put11 \
   daemontest_long_header \
   daemontest_get_chunked \
-  daemontest_put_chunked \
+  daemontest_put_chunked
+noinst_PROGRAMS = \
   daemon_options_test
   
 TESTS = $(check_PROGRAMS)

src/testcurl/daemon_options_test.c

@@ -47,7 +47,7 @@ ahc_echo (void *cls,
 }
 
 int
-test_wrap (char *test_name, int (*test) (void ))
+test_wrap (char *test_name, int (*test) (void))
 {
   int ret;
   va_list arg_list;
@@ -67,34 +67,47 @@ test_wrap (char *test_name, int (*test) (void ))
   return ret;
 }
 
+
+/**
+ * Test daemon initialization with the MHD_OPTION_SOCK_ADDR option
+ */
 static int
-test_ipv4_option ()
+test_ip_addr_option ()
 {
-	struct MHD_Daemon * d;
+  struct MHD_Daemon *d;
+  struct sockaddr_in daemon_ip_addr;
+  struct sockaddr_in6 daemon_ip_addr6;
 
-	d = MHD_start_daemon ( MHD_USE_DEBUG, 42433,
-	                            NULL, NULL, &ahc_echo, NULL, MHD_OPTION_IP_ADDR, "127.0.0.1", MHD_OPTION_END);
+  memset (&daemon_ip_addr, 0, sizeof (struct sockaddr_in));
+  daemon_ip_addr.sin_family = AF_INET;
+  daemon_ip_addr.sin_port = htons (42433);
 
-	if (d == 0)
-	      return -1;
+  memset (&daemon_ip_addr6, 0, sizeof (struct sockaddr_in6));
+  daemon_ip_addr6.sin6_family = AF_INET6;
+  daemon_ip_addr6.sin6_port = htons (42433);
 
-	MHD_stop_daemon (d);
-	return 0;
-}
+  inet_pton (AF_INET, "127.0.0.1", &daemon_ip_addr.sin_addr);
+  inet_pton (AF_INET6, "::ffff:127.0.0.1", &daemon_ip_addr6.sin6_addr);
 
-static int
-test_ipv6_option ()
-{
-	struct MHD_Daemon * d;
+  d = MHD_start_daemon (MHD_USE_DEBUG, 42433,
+                        NULL, NULL, &ahc_echo, NULL, MHD_OPTION_SOCK_ADDR,
+                        &daemon_ip_addr, MHD_OPTION_END);
+
+  if (d == 0)
+    return -1;
+
+  MHD_stop_daemon (d);
 
-	d = MHD_start_daemon ( MHD_USE_DEBUG | MHD_USE_IPv6, 42433,
-	                            NULL, NULL, &ahc_echo, NULL, MHD_OPTION_IP_ADDR, "::ffff:127.0.0.1", MHD_OPTION_END);
+  d = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_IPv6, 42433,
+                        NULL, NULL, &ahc_echo, NULL, MHD_OPTION_SOCK_ADDR,
+                        &daemon_ip_addr6, MHD_OPTION_END);
 
-	if (d == 0)
-	      return -1;
+  if (d == 0)
+    return -1;
 
-	MHD_stop_daemon (d);
-	return 0;
+  MHD_stop_daemon (d);
+
+  return 0;
 }
 
 /* setup a temporary transfer test file */
@@ -103,8 +116,7 @@ main (int argc, char *const *argv)
 {
   unsigned int errorCount = 0;
 
-  errorCount += test_wrap("test_ipv4_option", &test_ipv4_option);
-  errorCount += test_wrap("test_ipv6_option", &test_ipv6_option);
+  errorCount += test_wrap ("ip addr option", &test_ip_addr_option);
 
   return errorCount != 0;
 }

src/testcurl/https/bug-test.c

@@ -0,0 +1,349 @@
+/*
+ This file is part of libmicrohttpd
+ (C) 2007 Christian Grothoff
+
+ libmicrohttpd is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 2, or (at your
+ option) any later version.
+
+ libmicrohttpd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with libmicrohttpd; see the file COPYING.  If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+
+/**
+ * @file mhds_get_test.c
+ * @brief  Testcase for libmicrohttpd HTTPS GET operations
+ * @author Sagie Amir
+ */
+
+#include "platform.h"
+#include "microhttpd.h"
+
+#include <sys/stat.h>
+
+#include "gnutls.h"
+#include <curl/curl.h>
+
+#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
+
+#define MHD_E_MEM "Error: memory error\n"
+#define MHD_E_SERVER_INIT "Error: failed to start server\n"
+#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
+#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
+#define MHD_E_KEY_FILE_CREAT "Error: failed to setup test certificate\n"
+
+#include "tls_test_keys.h"
+
+const char *test_file_name = "https_test_file";
+const char test_file_data[] = "Hello World\n";
+
+int curl_check_version (const char *req_version, ...);
+
+struct CBC
+{
+  char *buf;
+  size_t pos;
+  size_t size;
+};
+
+static size_t
+copyBuffer (void *ptr, size_t size, size_t nmemb, void *ctx)
+{
+  struct CBC *cbc = ctx;
+
+  if (cbc->pos + size * nmemb > cbc->size)
+    return 0;                   /* overflow */
+  memcpy (&cbc->buf[cbc->pos], ptr, size * nmemb);
+  cbc->pos += size * nmemb;
+  return size * nmemb;
+}
+
+static int
+file_reader (void *cls, size_t pos, char *buf, int max)
+{
+  FILE *file = cls;
+  fseek (file, pos, SEEK_SET);
+  return fread (buf, 1, max, file);
+}
+
+/* HTTP access handler call back */
+static int
+http_ahc (void *cls, struct MHD_Connection *connection,
+          const char *url, const char *method, const char *upload_data,
+          const char *version, unsigned int *upload_data_size, void **ptr)
+{
+  static int aptr;
+  struct MHD_Response *response;
+  int ret;
+  FILE *file;
+  struct stat buf;
+
+  if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
+    return MHD_NO;              /* unexpected method */
+  if (&aptr != *ptr)
+    {
+      /* do never respond on first call */
+      *ptr = &aptr;
+      return MHD_YES;
+    }
+  *ptr = NULL;                  /* reset when done */
+
+  file = fopen (url, "r");
+  if (file == NULL)
+    {
+      response = MHD_create_response_from_data (strlen (PAGE_NOT_FOUND),
+                                                (void *) PAGE_NOT_FOUND,
+                                                MHD_NO, MHD_NO);
+      ret = MHD_queue_response (connection, MHD_HTTP_NOT_FOUND, response);
+      MHD_destroy_response (response);
+    }
+  else
+    {
+      stat (url, &buf);
+      response = MHD_create_response_from_callback (buf.st_size, 32 * 1024,     /* 32k PAGE_NOT_FOUND size */
+                                                    &file_reader, file,
+                                                    (MHD_ContentReaderFreeCallback)
+                                                    & fclose);
+      ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
+      MHD_destroy_response (response);
+    }
+  return ret;
+}
+
+/*
+ * test HTTPS transfer
+ * @param test_fd: file to attempt transfering
+ */
+static int
+test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+  CURL *c;
+  struct CBC cbc;
+  CURLcode errornum;
+  char *doc_path;
+  char url[255];
+  struct stat statb;
+
+  stat (test_file_name, &statb);
+
+  int len = statb.st_size;
+
+  /* used to memcmp local copy & deamon supplied copy */
+  unsigned char *mem_test_file_local;
+
+  /* setup test file path, url */
+  doc_path = get_current_dir_name ();
+
+  if (NULL == (mem_test_file_local = malloc (len)))
+    {
+      fclose (test_fd);
+      fprintf (stderr, MHD_E_MEM);
+      return -1;
+    }
+
+  fseek (test_fd, 0, SEEK_SET);
+  if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
+    {
+      fclose (test_fd);
+      fprintf (stderr, "Error: failed to read test file. %s\n",
+               strerror (errno));
+      return -1;
+    }
+
+  if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
+    {
+      fclose (test_fd);
+      fprintf (stderr, MHD_E_MEM);
+      return -1;
+    }
+  cbc.size = len;
+  cbc.pos = 0;
+
+  /* construct url - this might use doc_path */
+  sprintf (url, "%s%s/%s", "https://localhost:42433",
+           doc_path, test_file_name);
+
+  c = curl_easy_init ();
+#ifdef DEBUG
+  curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
+#endif
+  curl_easy_setopt (c, CURLOPT_URL, url);
+  curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+  curl_easy_setopt (c, CURLOPT_TIMEOUT, 2L);
+  curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 2L);
+  curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
+  curl_easy_setopt (c, CURLOPT_FILE, &cbc);
+
+  /* TLS options */
+  curl_easy_setopt (c, CURLOPT_SSLVERSION, proto_version);
+  curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, cipher_suite);
+
+  /* currently skip any peer authentication */
+  curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
+  curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
+
+  curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
+
+  /* NOTE: use of CONNECTTIMEOUT without also
+     setting NOSIGNAL results in really weird
+     crashes on my system! */
+  curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
+  if (CURLE_OK != (errornum = curl_easy_perform (c)))
+    {
+      fprintf (stderr, "curl_easy_perform failed: `%s'\n",
+               curl_easy_strerror (errornum));
+      curl_easy_cleanup (c);
+      return errornum;
+    }
+
+  curl_easy_cleanup (c);
+
+  if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
+    {
+      fprintf (stderr, "Error: local file & received file differ.\n");
+      free (cbc.buf);
+      free (mem_test_file_local);
+      return -1;
+    }
+
+  free (mem_test_file_local);
+  free (cbc.buf);
+  free (doc_path);
+  return 0;
+}
+
+int
+test_cipher_option (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+  int ret;
+  int ciper[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 };
+  struct MHD_Daemon *d;
+  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+                        MHD_USE_DEBUG, 42433,
+                        NULL, NULL, &http_ahc, NULL,
+                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+                        MHD_OPTION_CIPHER_ALGORITHM, ciper, MHD_OPTION_END);
+
+  if (d == NULL)
+    {
+      fprintf (stderr, MHD_E_SERVER_INIT);
+      return -1;
+    }
+
+  ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+
+  MHD_stop_daemon (d);
+  return ret;
+}
+
+int
+test_mac_option (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+  int ret;
+  int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 };
+  struct MHD_Daemon *d;
+
+  d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+                        MHD_USE_DEBUG, 42433,
+                        NULL, NULL, &http_ahc, NULL,
+                        MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+                        MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+                        MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END);
+
+  if (d == NULL)
+    {
+      fprintf (stderr, MHD_E_SERVER_INIT);
+      return -1;
+    }
+
+  ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+
+  MHD_stop_daemon (d);
+  return ret;
+}
+
+/* setup a temporary transfer test file */
+FILE *
+setupTestFile ()
+{
+  FILE *test_fd;
+
+  if (NULL == (test_fd = fopen (test_file_name, "w+")))
+    {
+      fprintf (stderr, "Error: failed to open `%s': %s\n",
+               test_file_name, strerror (errno));
+      return NULL;
+    }
+  if (fwrite (test_file_data, sizeof (char), strlen (test_file_data), test_fd)
+      != strlen (test_file_data))
+    {
+      fprintf (stderr, "Error: failed to write `%s. %s'\n",
+               test_file_name, strerror (errno));
+      return NULL;
+    }
+  if (fflush (test_fd))
+    {
+      fprintf (stderr, "Error: failed to flush test file stream. %s\n",
+               strerror (errno));
+      return NULL;
+    }
+
+  return test_fd;
+}
+
+int
+main (int argc, char *const *argv)
+{
+  FILE *test_fd;
+  unsigned int errorCount = 0;
+
+  /* gnutls_global_set_log_level(11); */
+
+  if (curl_check_version (MHD_REQ_CURL_VERSION, MHD_REQ_CURL_OPENSSL_VERSION))
+    {
+      return -1;
+    }
+
+  if ((test_fd = setupTestFile ()) == NULL)
+    {
+      fprintf (stderr, MHD_E_TEST_FILE_CREAT);
+      return -1;
+    }
+
+  if (0 != curl_global_init (CURL_GLOBAL_ALL))
+    {
+      fprintf (stderr, "Error: %s\n", strerror (errno));
+      return -1;
+    }
+
+//  errorCount +=
+//    test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+//  errorCount +=
+//    test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+//  errorCount +=
+//    test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+  /* TODO resolve cipher setting issue when compiling against GNU TLS */
+  errorCount +=
+    test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_TLSv1);
+/*  errorCount +=
+    test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3); */
+
+
+  curl_global_cleanup ();
+  fclose (test_fd);
+
+  remove (test_file_name);
+
+  return errorCount != 0;
+}

src/testcurl/https/tls_session_time_out_test.c

@@ -156,7 +156,7 @@ main (int argc, char *const *argv)
                         MHD_USE_DEBUG, 42433,
                         NULL, NULL, &http_ahc, NULL,
                         MHD_OPTION_CONNECTION_TIMEOUT, TIME_OUT,
-                        MHD_OPTION_IP_ADDR, "127.0.0.1",
+                        MHD_OPTION_SOCK_ADDR, "127.0.0.1",
                         MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
                         MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
                         MHD_OPTION_END);