[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https
From: |
gnunet |
Subject: |
[GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https |
Date: |
Fri, 3 Apr 2015 19:36:25 +0200 |
Author: grothoff
Date: 2015-04-03 19:36:25 +0200 (Fri, 03 Apr 2015)
New Revision: 35497
Modified:
libmicrohttpd/ChangeLog
libmicrohttpd/configure.ac
libmicrohttpd/src/testcurl/https/test_empty_response.c
libmicrohttpd/src/testcurl/https/test_https_get.c
libmicrohttpd/src/testcurl/https/test_https_get_select.c
libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c
libmicrohttpd/src/testcurl/https/test_https_session_info.c
libmicrohttpd/src/testcurl/https/test_tls_options.c
Log:
fixing https testcases that require SSL3, but SSL3 is dead and with modern
gnutls not even supported
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2015-04-03 13:03:19 UTC (rev 35496)
+++ libmicrohttpd/ChangeLog 2015-04-03 17:36:25 UTC (rev 35497)
@@ -1,3 +1,6 @@
+Fri Apr 3 12:55:31 CEST 2015
+ Update HTTPS testcases to avoid SSLv3, as SSLv3 is dead.
+
Fri Apr 3 12:25:28 CEST 2015
Do not enforce FD_SETSIZE-limit on worker control
pipe when using MHD_USE_EPOLL_LINUX_ONLY (#3751). -MH/CG
Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac 2015-04-03 13:03:19 UTC (rev 35496)
+++ libmicrohttpd/configure.ac 2015-04-03 17:36:25 UTC (rev 35497)
@@ -1,5 +1,5 @@
# This file is part of libmicrohttpd.
-# (C) 2006-2014 Christian Grothoff (and other contributing authors)
+# (C) 2006-2015 Christian Grothoff (and other contributing authors)
#
# libmicrohttpd is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
@@ -22,15 +22,15 @@
#
AC_PREREQ([2.60])
LT_PREREQ([2.4.0])
-AC_INIT([libmicrohttpd],[0.9.39],address@hidden)
+AC_INIT([libmicrohttpd],[0.9.40],address@hidden)
AM_INIT_AUTOMAKE([silent-rules] [subdir-objects])
AC_CONFIG_HEADERS([MHD_config.h])
AC_CONFIG_MACRO_DIR([m4])
AH_TOP([#define _GNU_SOURCE 1])
-LIB_VERSION_CURRENT=39
+LIB_VERSION_CURRENT=40
LIB_VERSION_REVISION=0
-LIB_VERSION_AGE=29
+LIB_VERSION_AGE=30
AC_SUBST(LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE)
Modified: libmicrohttpd/src/testcurl/https/test_empty_response.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_empty_response.c 2015-04-03
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_empty_response.c 2015-04-03
17:36:25 UTC (rev 35497)
@@ -99,7 +99,7 @@
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
Modified: libmicrohttpd/src/testcurl/https/test_https_get.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_get.c 2015-04-03 13:03:19 UTC
(rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_get.c 2015-04-03 17:36:25 UTC
(rev 35497)
@@ -100,7 +100,6 @@
{
unsigned int errorCount = 0;
const char *aes256_sha_tlsv1 = "AES256-SHA";
- const char *aes256_sha_sslv3 = "AES256-SHA";
const char *des_cbc3_sha_tlsv1 = "DES-CBC3-SHA";
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
@@ -116,15 +115,12 @@
if (curl_uses_nss_ssl() == 0)
{
aes256_sha_tlsv1 = "rsa_aes_256_sha";
- aes256_sha_sslv3 = "rsa_aes_256_sha";
des_cbc3_sha_tlsv1 = "rsa_aes_128_sha";
}
errorCount +=
test_secure_get (NULL, aes256_sha_tlsv1, CURL_SSLVERSION_TLSv1);
errorCount +=
- test_secure_get (NULL, aes256_sha_sslv3, CURL_SSLVERSION_SSLv3);
- errorCount +=
test_cipher_option (NULL, des_cbc3_sha_tlsv1, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, argv[0]);
Modified: libmicrohttpd/src/testcurl/https/test_https_get_select.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_get_select.c 2015-04-03
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_get_select.c 2015-04-03
17:36:25 UTC (rev 35497)
@@ -111,7 +111,7 @@
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_WRITEDATA, &cbc);
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);
curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
Modified: libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c 2015-04-03
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_multi_daemon.c 2015-04-03
17:36:25 UTC (rev 35497)
@@ -120,7 +120,7 @@
}
errorCount +=
- test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_SSLv3);
+ test_concurent_daemon_pair (NULL, aes256_sha, CURL_SSLVERSION_TLSv1);
print_test_result (errorCount, "concurent_daemon_pair");
Modified: libmicrohttpd/src/testcurl/https/test_https_session_info.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_https_session_info.c 2015-04-03
13:03:19 UTC (rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_https_session_info.c 2015-04-03
17:36:25 UTC (rev 35497)
@@ -55,7 +55,7 @@
return MHD_YES;
}
- if (GNUTLS_SSL3 !=
+ if (GNUTLS_TLS1_1 !=
(ret = MHD_get_connection_info
(connection,
MHD_CONNECTION_INFO_PROTOCOL)->protocol))
@@ -122,7 +122,7 @@
curl_easy_setopt (c, CURLOPT_WRITEFUNCTION, ©Buffer);
curl_easy_setopt (c, CURLOPT_FILE, &cbc);
/* TLS options */
- curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ curl_easy_setopt (c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
curl_easy_setopt (c, CURLOPT_SSL_CIPHER_LIST, aes256_sha);
/* currently skip any peer authentication */
curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
Modified: libmicrohttpd/src/testcurl/https/test_tls_options.c
===================================================================
--- libmicrohttpd/src/testcurl/https/test_tls_options.c 2015-04-03 13:03:19 UTC
(rev 35496)
+++ libmicrohttpd/src/testcurl/https/test_tls_options.c 2015-04-03 17:36:25 UTC
(rev 35497)
@@ -134,53 +134,6 @@
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
errorCount++;
}
-#if 0
- /* this used to work, but somehow no longer. gnutls issue? */
- if (0 !=
- test_wrap ("SSL3.0-AES256-SHA1",
- &test_https_transfer, NULL, daemon_flags,
- aes256_sha,
- CURL_SSLVERSION_SSLv3,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_HTTPS_PRIORITIES,
"NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
- MHD_OPTION_END))
- {
- fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
- errorCount++;
- }
- if (0 !=
- test_wrap ("SSL3.0-AES-SHA1",
- &test_https_transfer, NULL, daemon_flags,
- aes128_sha,
- CURL_SSLVERSION_SSLv3,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_HTTPS_PRIORITIES,
"NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
- MHD_OPTION_END))
- {
- fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
- errorCount++;
- }
-#endif
-
-
-#if 0
- /* manual inspection of the handshake suggests that CURL will
- request TLSv1, we send back "SSL3" and CURL takes it *despite*
- being configured to speak SSL3-only. Notably, the other way
- round (have curl request SSL3, respond with TLSv1 only)
- is properly refused by CURL. Either way, this does NOT seem
- to be a bug in MHD/gnuTLS but rather in CURL; hence this
- test is commented out here... */
- errorCount +=
- test_wrap ("unmatching version: SSL3 vs. TLS",
&test_unmatching_ssl_version,
- NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
- MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
- MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
-#endif
-
fprintf (stderr,
"The following handshake should fail (and print an error
message)...\n");
if (0 !=
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r35497 - in libmicrohttpd: . src/testcurl/https,
gnunet <=