Ana Sayfa Keşfet Yardım
Giriş Yap
c
/
gnu.libmicrohttpd
şunun yansıması https://git.gnunet.org/libmicrohttpd.git
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Ağaç: a7b7a32ec6
Dallar Biçim İmleri
gnu.libmicrohtt...
/
src
/
testcurl
/
https
/
test_https_sni.c

test_https_sni.c 8.0 KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306 
  1. /*
    2. 

  2.   This file is part of libmicrohttpd
    3. 

  3.   Copyright (C) 2013, 2016 Christian Grothoff
    4. 

  4. 

  5.   libmicrohttpd is free software; you can redistribute it and/or modify
    6. 

  6.   it under the terms of the GNU General Public License as published
    7. 

  7.   by the Free Software Foundation; either version 3, or (at your
    8. 

  8.   option) any later version.
    9. 

  9. 

  10.   libmicrohttpd is distributed in the hope that it will be useful, but
    11. 

  11.   WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    13. 

  13.   General Public License for more details.
    14. 

  14. 

  15.   You should have received a copy of the GNU General Public License
    16. 

  16.   along with libmicrohttpd; see the file COPYING.  If not, write to the
    17. 

  17.   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
    18. 

  18.   Boston, MA 02110-1301, USA.
    19. 

  19. */
    20. 

  20. 

  21. /**
    22. 

  22.  * @file test_https_sni.c
    23. 

  23.  * @brief  Testcase for libmicrohttpd HTTPS with SNI operations
    24. 

  24.  * @author Christian Grothoff
    25. 

  25.  */
    26. 

  26. #include "platform.h"
    27. 

  27. #include "microhttpd.h"
    28. 

  28. #include <limits.h>
    29. 

  29. #include <sys/stat.h>
    30. 

  30. #include <curl/curl.h>
    31. 

  31. #ifdef MHD_HTTPS_REQUIRE_GRYPT
    32. 

  32. #include <gcrypt.h>
    33. 

  33. #endif /* MHD_HTTPS_REQUIRE_GRYPT */
    34. 

  34. #include "tls_test_common.h"
    35. 

  35. #include <gnutls/gnutls.h>
    36. 

  36. 

  37. /* This test only works with GnuTLS >= 3.0 */
    38. 

  38. #if GNUTLS_VERSION_MAJOR >= 3
    39. 

  39. 

  40. #include <gnutls/abstract.h>
    41. 

  41. 

  42. /**
    43. 

  43.  * A hostname, server key and certificate.
    44. 

  44.  */
    45. 

  45. struct Hosts
    46. 

  46. {
    47. 

  47.   struct Hosts *next;
    48. 

  48.   const char *hostname;
    49. 

  49.   gnutls_pcert_st pcrt;
    50. 

  50.   gnutls_privkey_t key;
    51. 

  51. };
    52. 

  52. 

  53. 

  54. /**
    55. 

  55.  * Linked list of supported TLDs and respective certificates.
    56. 

  56.  */
    57. 

  57. static struct Hosts *hosts;
    58. 

  58. 

  59. /* Load the certificate and the private key.
    60. 

  60.  * (This code is largely taken from GnuTLS).
    61. 

  61.  */
    62. 

  62. static void
    63. 

  63. load_keys(const char *hostname,
    64. 

  64.           const char *CERT_FILE,
    65. 

  65.           const char *KEY_FILE)
    66. 

  66. {
    67. 

  67.   int ret;
    68. 

  68.   gnutls_datum_t data;
    69. 

  69.   struct Hosts *host;
    70. 

  70. 

  71.   host = malloc (sizeof (struct Hosts));
    72. 

  72.   if (NULL == host)
    73. 

  73.     abort ();
    74. 

  74.   host->hostname = hostname;
    75. 

  75.   host->next = hosts;
    76. 

  76.   hosts = host;
    77. 

  77. 

  78.   ret = gnutls_load_file (CERT_FILE, &data);
    79. 

  79.   if (ret < 0)
    80. 

  80.     {
    81. 

  81.       fprintf (stderr,
    82. 

  82.                "*** Error loading certificate file %s.\n",
    83. 

  83.                CERT_FILE);
    84. 

  84.       exit (1);
    85. 

  85.     }
    86. 

  86.   ret =
    87. 

  87.     gnutls_pcert_import_x509_raw (&host->pcrt, &data, GNUTLS_X509_FMT_PEM,
    88. 

  88.                                   0);
    89. 

  89.   if (ret < 0)
    90. 

  90.     {
    91. 

  91.       fprintf (stderr,
    92. 

  92.                "*** Error loading certificate file: %s\n",
    93. 

  93.                gnutls_strerror (ret));
    94. 

  94.       exit (1);
    95. 

  95.     }
    96. 

  96.   gnutls_free (data.data);
    97. 

  97. 

  98.   ret = gnutls_load_file (KEY_FILE, &data);
    99. 

  99.   if (ret < 0)
    100. 

  100.     {
    101. 

  101.       fprintf (stderr,
    102. 

  102.                "*** Error loading key file %s.\n",
    103. 

  103.                KEY_FILE);
    104. 

  104.       exit (1);
    105. 

  105.     }
    106. 

  106. 

  107.   gnutls_privkey_init (&host->key);
    108. 

  108.   ret =
    109. 

  109.     gnutls_privkey_import_x509_raw (host->key,
    110. 

  110.                                     &data, GNUTLS_X509_FMT_PEM,
    111. 

  111.                                     NULL, 0);
    112. 

  112.   if (ret < 0)
    113. 

  113.     {
    114. 

  114.       fprintf (stderr,
    115. 

  115.                "*** Error loading key file: %s\n",
    116. 

  116.                gnutls_strerror (ret));
    117. 

  117.       exit (1);
    118. 

  118.     }
    119. 

  119.   gnutls_free (data.data);
    120. 

  120. }
    121. 

  121. 

  122. 

  123. 

  124. /**
    125. 

  125.  * @param session the session we are giving a cert for
    126. 

  126.  * @param req_ca_dn NULL on server side
    127. 

  127.  * @param nreqs length of req_ca_dn, and thus 0 on server side
    128. 

  128.  * @param pk_algos NULL on server side
    129. 

  129.  * @param pk_algos_length 0 on server side
    130. 

  130.  * @param pcert list of certificates (to be set)
    131. 

  131.  * @param pcert_length length of pcert (to be set)
    132. 

  132.  * @param pkey the private key (to be set)
    133. 

  133.  */
    134. 

  134. static int
    135. 

  135. sni_callback (gnutls_session_t session,
    136. 

  136.               const gnutls_datum_t* req_ca_dn,
    137. 

  137.               int nreqs,
    138. 

  138.               const gnutls_pk_algorithm_t* pk_algos,
    139. 

  139.               int pk_algos_length,
    140. 

  140.               gnutls_pcert_st** pcert,
    141. 

  141.               unsigned int *pcert_length,
    142. 

  142.               gnutls_privkey_t * pkey)
    143. 

  143. {
    144. 

  144.   char name[256];
    145. 

  145.   size_t name_len;
    146. 

  146.   struct Hosts *host;
    147. 

  147.   unsigned int type;
    148. 

  148. 

  149.   name_len = sizeof (name);
    150. 

  150.   if (GNUTLS_E_SUCCESS !=
    151. 

  151.       gnutls_server_name_get (session,
    152. 

  152.                               name,
    153. 

  153.                               &name_len,
    154. 

  154.                               &type,
    155. 

  155.                               0 /* index */))
    156. 

  156.     return -1;
    157. 

  157.   for (host = hosts; NULL != host; host = host->next)
    158. 

  158.     if (0 == strncmp (name, host->hostname, name_len))
    159. 

  159.       break;
    160. 

  160.   if (NULL == host)
    161. 

  161.     {
    162. 

  162.       fprintf (stderr,
    163. 

  163.                "Need certificate for %.*s\n",
    164. 

  164.                (int) name_len,
    165. 

  165.                name);
    166. 

  166.       return -1;
    167. 

  167.     }
    168. 

  168. #if 0
    169. 

  169.   fprintf (stderr,
    170. 

  170.            "Returning certificate for %.*s\n",
    171. 

  171.            (int) name_len,
    172. 

  172.            name);
    173. 

  173. #endif
    174. 

  174.   *pkey = host->key;
    175. 

  175.   *pcert_length = 1;
    176. 

  176.   *pcert = &host->pcrt;
    177. 

  177.   return 0;
    178. 

  178. }
    179. 

  179. 

  180. 

  181. /* perform a HTTP GET request via SSL/TLS */
    182. 

  182. static int
    183. 

  183. do_get (const char *url)
    184. 

  184. {
    185. 

  185.   CURL *c;
    186. 

  186.   struct CBC cbc;
    187. 

  187.   CURLcode errornum;
    188. 

  188.   size_t len;
    189. 

  189.   struct curl_slist *dns_info;
    190. 

  190. 

  191.   len = strlen (test_data);
    192. 

  192.   if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
    193. 

  193.     {
    194. 

  194.       fprintf (stderr, MHD_E_MEM);
    195. 

  195.       return -1;
    196. 

  196.     }
    197. 

  197.   cbc.size = len;
    198. 

  198.   cbc.pos = 0;
    199. 

  199. 

  200.   c = curl_easy_init ();
    201. 

  201. #if DEBUG_HTTPS_TEST
    202. 

  202.   curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
    203. 

  203. #endif
    204. 

  204.   curl_easy_setopt (c, CURLOPT_URL, url);
    205. 

  205.   curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
    206. 

  206.   curl_easy_setopt (c, CURLOPT_TIMEOUT, 10L);
    207. 

  207.   curl_easy_setopt (c, CURLOPT_CONNECTTIMEOUT, 10L);
    208. 

  208.   curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, &copyBuffer);
    209. 

  209.   curl_easy_setopt (c, CURLOPT_FILE, &cbc);
    210. 

  210. 

  211.   /* perform peer authentication */
    212. 

  212.   /* TODO merge into send_curl_req */
    213. 

  213.   curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
    214. 

  214.   curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 2);
    215. 

  215.   dns_info = curl_slist_append (NULL, "host1:4233:127.0.0.1");
    216. 

  216.   dns_info = curl_slist_append (dns_info, "host2:4233:127.0.0.1");
    217. 

  217.   curl_easy_setopt (c, CURLOPT_RESOLVE, dns_info);
    218. 

  218.   curl_easy_setopt (c, CURLOPT_FAILONERROR, 1);
    219. 

  219. 

  220.   /* NOTE: use of CONNECTTIMEOUT without also
    221. 

  221.      setting NOSIGNAL results in really weird
    222. 

  222.      crashes on my system! */
    223. 

  223.   curl_easy_setopt (c, CURLOPT_NOSIGNAL, 1);
    224. 

  224.   if (CURLE_OK != (errornum = curl_easy_perform (c)))
    225. 

  225.     {
    226. 

  226.       fprintf (stderr, "curl_easy_perform failed: `%s'\n",
    227. 

  227.                curl_easy_strerror (errornum));
    228. 

  228.       curl_easy_cleanup (c);
    229. 

  229.       free (cbc.buf);
    230. 

  230.       curl_slist_free_all (dns_info);
    231. 

  231.       return errornum;
    232. 

  232.     }
    233. 

  233. 

  234.   curl_easy_cleanup (c);
    235. 

  235.   curl_slist_free_all (dns_info);
    236. 

  236.   if (memcmp (cbc.buf, test_data, len) != 0)
    237. 

  237.     {
    238. 

  238.       fprintf (stderr, "Error: local file & received file differ.\n");
    239. 

  239.       free (cbc.buf);
    240. 

  240.       return -1;
    241. 

  241.     }
    242. 

  242. 

  243.   free (cbc.buf);
    244. 

  244.   return 0;
    245. 

  245. }
    246. 

  246. 

  247. 

  248. int
    249. 

  249. main (int argc, char *const *argv)
    250. 

  250. {
    251. 

  251.   unsigned int error_count = 0;
    252. 

  252.   struct MHD_Daemon *d;
    253. 

  253. 

  254. #ifdef MHD_HTTPS_REQUIRE_GRYPT
    255. 

  255.   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
    256. 

  256. #ifdef GCRYCTL_INITIALIZATION_FINISHED
    257. 

  257.   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
    258. 

  258. #endif
    259. 

  259. #endif /* MHD_HTTPS_REQUIRE_GRYPT */
    260. 

  260.   if (0 != curl_global_init (CURL_GLOBAL_ALL))
    261. 

  261.     {
    262. 

  262.       fprintf (stderr, "Error: %s\n", strerror (errno));
    263. 

  263.       return 99;
    264. 

  264.     }
    265. 

  265.   if (NULL == curl_version_info (CURLVERSION_NOW)->ssl_version)
    266. 

  266.     {
    267. 

  267.       fprintf (stderr, "Curl does not support SSL.  Cannot run the test.\n");
    268. 

  268.       curl_global_cleanup ();
    269. 

  269.       return 77;
    270. 

  270.     }
    271. 

  271. 

  272.   load_keys ("host1", ABS_SRCDIR "/host1.crt", ABS_SRCDIR "/host1.key");
    273. 

  273.   load_keys ("host2", ABS_SRCDIR "/host2.crt", ABS_SRCDIR "/host2.key");
    274. 

  274.   d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_TLS | MHD_USE_ERROR_LOG,
    275. 

  275.                         4233,
    276. 

  276.                         NULL, NULL,
    277. 

  277.                         &http_ahc, NULL,
    278. 

  278.                         MHD_OPTION_HTTPS_CERT_CALLBACK, &sni_callback,
    279. 

  279.                         MHD_OPTION_END);
    280. 

  280.   if (d == NULL)
    281. 

  281.     {
    282. 

  282.       fprintf (stderr, MHD_E_SERVER_INIT);
    283. 

  283.       return -1;
    284. 

  284.     }
    285. 

  285.   if (0 != do_get ("https://host1:4233/"))
    286. 

  286.     error_count++;
    287. 

  287.   if (0 != do_get ("https://host2:4233/"))
    288. 

  288.     error_count++;
    289. 

  289. 

  290.   MHD_stop_daemon (d);
    291. 

  291.   curl_global_cleanup ();
    292. 

  292.   if (error_count != 0)
    293. 

  293.     fprintf (stderr, "Failed test: %s, error: %u.\n", argv[0], error_count);
    294. 

  294.   return (0 != error_count) ? 1 : 0;
    295. 

  295. }
    296. 

  296. 

  297. 

  298. #else
    299. 

  299. 

  300. int main ()
    301. 

  301. {
    302. 

  302.   fprintf (stderr,
    303. 

  303.            "SNI not supported by GnuTLS < 3.0\n");
    304. 

  304.   return 77;
    305. 

  305. }
    306. 

  306. #endif
    307.