[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7408 - in libmicrohttpd/src: daemon daemon/https daemon/ht
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r7408 - in libmicrohttpd/src: daemon daemon/https daemon/https/openpgp daemon/https/tls daemon/https/x509 include testcurl/https |
|
Date: |
Thu, 10 Jul 2008 11:28:48 -0600 (MDT) |
Author: lv-426
Date: 2008-07-10 11:28:48 -0600 (Thu, 10 Jul 2008)
New Revision: 7408
Added:
libmicrohttpd/src/daemon/connection_https.c
Removed:
libmicrohttpd/src/daemon/connection_https.c
Modified:
libmicrohttpd/src/daemon/connection.c
libmicrohttpd/src/daemon/daemon.c
libmicrohttpd/src/daemon/https/https_common.c
libmicrohttpd/src/daemon/https/openpgp/gnutls_extra.c
libmicrohttpd/src/daemon/https/tls/ext_oprfi.c
libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c
libmicrohttpd/src/daemon/https/tls/gnutls_compress_int.c
libmicrohttpd/src/daemon/https/tls/gnutls_global.c
libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h
libmicrohttpd/src/daemon/https/tls/gnutls_pk.h
libmicrohttpd/src/daemon/https/x509/mpi.c
libmicrohttpd/src/daemon/internal.h
libmicrohttpd/src/include/microhttpd.h
libmicrohttpd/src/include/microhttpsd.h
libmicrohttpd/src/testcurl/https/mhds_get_test.c
libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c
libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
Log:
simplified write / idle handlers
SSL/TLS connection states merged into HTTP states
Modified: libmicrohttpd/src/daemon/connection.c
===================================================================
--- libmicrohttpd/src/daemon/connection.c 2008-07-10 07:03:31 UTC (rev
7407)
+++ libmicrohttpd/src/daemon/connection.c 2008-07-10 17:28:48 UTC (rev
7408)
@@ -31,9 +31,6 @@
#include "response.h"
#include "reason_phrase.h"
-/* get opaque type */
-#include "gnutls_int.h"
-
#ifndef LINUX
#ifndef MSG_NOSIGNAL
#define MSG_NOSIGNAL 0
@@ -766,6 +763,7 @@
if (connection->socket_fd != -1)
connection_close_error (connection);
return MHD_YES; /* do nothing, not even reading */
+
default:
EXTRA_CHECK (0);
}
Deleted: libmicrohttpd/src/daemon/connection_https.c
===================================================================
--- libmicrohttpd/src/daemon/connection_https.c 2008-07-10 07:03:31 UTC (rev
7407)
+++ libmicrohttpd/src/daemon/connection_https.c 2008-07-10 17:28:48 UTC (rev
7408)
@@ -1,299 +0,0 @@
-/*
- This file is part of libmicrohttpd
- (C) 2007, 2008 Daniel Pittman and Christian Grothoff
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
-
-*/
-
-/**
- * @file connection.c
- * @brief Methods for managing SSL/TLS connections. This file is only
- * compiled if ENABLE_HTTPS is set.
- * @author Sagie Amir
- * @author Christian Grothoff
- */
-
-#include "internal.h"
-#include "connection.h"
-#include "memorypool.h"
-#include "response.h"
-#include "reason_phrase.h"
-
-#include "microhttpsd.h"
-/* get opaque type */
-#include "gnutls_int.h"
-
-/* TODO rm */
-#include "gnutls_errors.h"
-
-/* forward declarations used when setting secure connection callbacks */
-int MHD_connection_handle_read (struct MHD_Connection *connection);
-int MHD_connection_handle_write (struct MHD_Connection *connection);
-int MHD_connection_handle_idle (struct MHD_Connection *connection);
-
-/* TODO rm - appears in a switch default clause */
-static void
-connection_close_error (struct MHD_Connection *connection)
-{
- SHUTDOWN (connection->socket_fd, SHUT_RDWR);
- CLOSE (connection->socket_fd);
- connection->socket_fd = -1;
- connection->state = MHD_CONNECTION_CLOSED;
- if (connection->daemon->notify_completed != NULL)
- connection->daemon->notify_completed (connection->daemon->
- notify_completed_cls, connection,
- &connection->client_context,
- MHD_REQUEST_TERMINATED_WITH_ERROR);
-}
-
-/* get cipher spec for this connection */
-gnutls_cipher_algorithm_t
-MHDS_get_session_cipher (struct MHD_Connection *session)
-{
- return gnutls_cipher_get (session->tls_session);
-}
-
-gnutls_mac_algorithm_t
-MHDS_get_session_mac (struct MHD_Connection * session)
-{
- return gnutls_mac_get (session->tls_session);
-}
-
-gnutls_compression_method_t
-MHDS_get_session_compression (struct MHD_Connection * session)
-{
- return gnutls_compression_get (session->tls_session);
-}
-
-gnutls_certificate_type_t
-MHDS_get_session_cert_type (struct MHD_Connection * session)
-{
- return gnutls_certificate_type_get (session->tls_session);
-}
-
-static ssize_t
-MHDS_con_read (struct MHD_Connection *connection)
-{
- ssize_t size = gnutls_record_recv (connection->tls_session,
- &connection->read_buffer[connection->
-
read_buffer_offset],
- connection->read_buffer_size);
- return size;
-}
-
-static ssize_t
-MHDS_con_write (struct MHD_Connection *connection)
-{
- ssize_t sent = gnutls_record_send (connection->tls_session,
- &connection->write_buffer[connection->
-
write_buffer_send_offset],
- connection->write_buffer_append_offset
- - connection->write_buffer_send_offset);
- return sent;
-}
-
-int
-MHDS_connection_handle_idle (struct MHD_Connection *connection)
-{
- unsigned int timeout;
-
- /* TODO rm gnutls_assert (); */
- while (1)
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
- connection->s_state, __LINE__, __FUNCTION__);
-#endif
- switch (connection->s_state)
- {
- case MHDS_HANDSHAKE_FAILED:
- connection->socket_fd = -1;
- case MHDS_CONNECTION_INIT:
- /* wait for request */
- case MHDS_HANDSHAKE_COMPLETE:
-
- case MHDS_CONNECTION_CLOSED:
- if (connection->socket_fd != -1)
- connection_close_error (connection);
- break;
-
- default:
- break;
- }
- break;
- }
-
- timeout = connection->daemon->connection_timeout;
-
- if ((connection->socket_fd != -1) && (timeout != 0)
- && (time (NULL) - timeout > connection->last_activity))
- {
- connection_close_error (connection);
- return MHD_NO;
- }
- return MHD_YES;
-}
-
-int
-MHDS_connection_handle_read (struct MHD_Connection *connection)
-{
- int ret;
-
- connection->last_activity = time (NULL);
-
- if (connection->s_state == MHDS_CONNECTION_CLOSED)
- return MHD_NO;
-
- /* discover content type */
- unsigned char msg_type;
- if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
-#endif
- return MHD_NO;
- }
-
- switch (msg_type)
- {
- case GNUTLS_CHANGE_CIPHER_SPEC:
-
- break;
- case GNUTLS_ALERT:
- /*
- * this call of _gnutls_recv_int expects 0 bytes read.
- * done to decrypt alert message
- */
- _gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
- GNUTLS_HANDSHAKE_FINISHED, 0);
-
- /* CLOSE_NOTIFY */
- if (connection->tls_session->internals.last_alert ==
- GNUTLS_A_CLOSE_NOTIFY)
- {
- gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
- connection->tls_session->internals.read_eof = 1;
- connection->socket_fd = -1;
- gnutls_deinit (connection->tls_session);
- return MHD_YES;
- }
- /* non FATAL or WARNING */
- else if (connection->tls_session->internals.last_alert !=
- GNUTLS_AL_FATAL)
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Received TLS alert: %s\n",
- gnutls_alert_get_name ((int) connection->tls_session->
- internals.last_alert));
-#endif
- return MHD_YES;
- }
- /* FATAL */
- else if (connection->tls_session->internals.last_alert ==
- GNUTLS_AL_FATAL)
- {
- connection->tls_session->internals.resumable = RESUME_FALSE;
- connection->tls_session->internals.valid_connection = VALID_FALSE;
- connection->socket_fd = -1;
- gnutls_deinit (connection->tls_session);
-
- return MHD_NO;
- }
- /* this should never execut */
- else
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Received unrecognized alert: %d\n",
- connection->tls_session->internals.last_alert);
-#endif
- return MHD_NO;
- }
-
-
- /* forward application level content to MHD */
- case GNUTLS_APPLICATION_DATA:
- return MHD_connection_handle_read (connection);
-
- case GNUTLS_HANDSHAKE:
- ret = gnutls_handshake (connection->tls_session);
- if (ret == 0)
- {
- connection->s_state = MHDS_HANDSHAKE_COMPLETE;
- connection->state = MHD_CONNECTION_INIT;
- }
- /* set connection as closed */
- else
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Error: Handshake has failed (%d)\n", ret);
-#endif
- connection->s_state = MHDS_HANDSHAKE_FAILED;
- gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
- gnutls_deinit (connection->tls_session);
- connection_close_error(connection);
- return MHD_NO;
- }
- break;
- case GNUTLS_INNER_APPLICATION:
- break;
- }
-
- return MHD_YES;
-}
-
-int
-MHDS_connection_handle_write (struct MHD_Connection *connection)
-{
- connection->last_activity = time (NULL);
- /* TODO rm */
- gnutls_assert ();
- while (1)
- {
-#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon, "MHDS reached case: %d, l: %d, f: %s\n",
- connection->s_state, __LINE__, __FUNCTION__);
-#endif
- switch (connection->s_state)
- {
-
- /* these cases shouldn't occur */
- case MHDS_HANDSHAKE_COMPLETE:
- case MHDS_CONNECTION_INIT:
- /* TODO do we have to write back a responce ? */
- case MHDS_HANDSHAKE_FAILED:
- /* we should first exit MHDS_REPLY_SENDING */
-
- case MHDS_CONNECTION_CLOSED:
- if (connection->socket_fd != -1)
- connection_close_error (connection);
- return MHD_NO;
- }
- }
- return MHD_YES;
-}
-
-void
-MHD_set_https_calbacks (struct MHD_Connection *connection)
-{
- connection->recv_cls = &MHDS_con_read;
- connection->send_cls = &MHDS_con_write;
- connection->read_handler = &MHDS_connection_handle_read;
- connection->write_handler = &MHD_connection_handle_write;
- connection->idle_handler = &MHD_connection_handle_idle;
-}
Added: libmicrohttpd/src/daemon/connection_https.c
===================================================================
--- libmicrohttpd/src/daemon/connection_https.c (rev 0)
+++ libmicrohttpd/src/daemon/connection_https.c 2008-07-10 17:28:48 UTC (rev
7408)
@@ -0,0 +1,315 @@
+/*
+ This file is part of libmicrohttpd
+ (C) 2007, 2008 Daniel Pittman and Christian Grothoff
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
+
+*/
+
+/**
+ * @file connection.c
+ * @brief Methods for managing SSL/TLS connections. This file is only
+ * compiled if ENABLE_HTTPS is set.
+ * @author Sagie Amir
+ * @author Christian Grothoff
+ */
+
+#include "internal.h"
+#include "connection.h"
+#include "memorypool.h"
+#include "response.h"
+#include "reason_phrase.h"
+
+#include "microhttpsd.h"
+/* get opaque type */
+#include "gnutls_int.h"
+#include "gnutls_record.h"
+
+/* TODO rm */
+#include "gnutls_errors.h"
+
+/* forward declarations used when setting secure connection callbacks */
+int MHD_connection_handle_read (struct MHD_Connection *connection);
+int MHD_connection_handle_write (struct MHD_Connection *connection);
+int MHD_connection_handle_idle (struct MHD_Connection *connection);
+
+/* TODO rm - appears in a switch default clause */
+static void
+MHD_tls_connection_close (struct MHD_Connection *connection)
+{
+ gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+ connection->tls_session->internals.read_eof = 1;
+ connection->socket_fd = -1;
+
+ SHUTDOWN (connection->socket_fd, SHUT_RDWR);
+ CLOSE (connection->socket_fd);
+ connection->state = MHD_CONNECTION_CLOSED;
+ if (connection->daemon->notify_completed != NULL)
+ connection->daemon->notify_completed (connection->daemon->
+ notify_completed_cls, connection,
+ &connection->client_context,
+ MHD_REQUEST_TERMINATED_COMPLETED_OK);
+}
+
+/* TODO add error connection termination */
+static void
+MHD_tls_connection_close_err (struct MHD_Connection *connection)
+{
+ /* TODO impl */
+}
+
+/* get cipher spec for this connection */
+gnutls_cipher_algorithm_t
+MHDS_get_session_cipher (struct MHD_Connection *session)
+{
+ return gnutls_cipher_get (session->tls_session);
+}
+
+gnutls_mac_algorithm_t
+MHDS_get_session_mac (struct MHD_Connection * session)
+{
+ return gnutls_mac_get (session->tls_session);
+}
+
+gnutls_compression_method_t
+MHDS_get_session_compression (struct MHD_Connection * session)
+{
+ return gnutls_compression_get (session->tls_session);
+}
+
+gnutls_certificate_type_t
+MHDS_get_session_cert_type (struct MHD_Connection * session)
+{
+ return gnutls_certificate_type_get (session->tls_session);
+}
+
+static ssize_t
+MHDS_con_read (struct MHD_Connection *connection)
+{
+ ssize_t size = gnutls_record_recv (connection->tls_session,
+ &connection->read_buffer[connection->
+
read_buffer_offset],
+ connection->read_buffer_size);
+ return size;
+}
+
+static ssize_t
+MHDS_con_write (struct MHD_Connection *connection)
+{
+ ssize_t sent = gnutls_record_send (connection->tls_session,
+ &connection->write_buffer[connection->
+
write_buffer_send_offset],
+ connection->write_buffer_append_offset
+ - connection->write_buffer_send_offset);
+ return sent;
+}
+
+int
+MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
+{
+ unsigned int timeout;
+
+ while (1)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon, "MHDS idle: %d, l: %d, f: %s\n",
+ connection->state, __LINE__, __FUNCTION__);
+#endif
+ switch (connection->state)
+ {
+ case MHD_CONNECTION_CLOSED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ case MHD_TLS_HANDSHAKE_FAILED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ /* some http state */
+ default:
+ return MHD_connection_handle_idle (connection);
+ }
+ break;
+ }
+
+ timeout = connection->daemon->connection_timeout;
+
+ if ((connection->socket_fd != -1) && (timeout != 0)
+ && (time (NULL) - timeout > connection->last_activity))
+ {
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ }
+ return MHD_YES;
+}
+
+/**
+ * This function handles a particular SSL/TLS connection when
+ * it has been determined that there is data to be read off a
+ * socket. All application_data is forwarded to
+ * MHD_connection_handle_read().
+ *
+ * @return MHD_YES if we should continue to process the
+ * connection (not dead yet), MHD_NO if it died
+ */
+int
+MHD_tls_connection_handle_read (struct MHD_Connection *connection)
+{
+ int ret;
+ unsigned char msg_type;
+
+ connection->last_activity = time (NULL);
+
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon, "MHD read: %d, l: %d, f: %s\n",
+ connection->state, __LINE__, __FUNCTION__);
+#endif
+ /* discover content type */
+ if (recv (connection->socket_fd, &msg_type, 1, MSG_PEEK) == -1)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon, "Failed to peek into TLS content type\n");
+#endif
+ return MHD_NO;
+ }
+
+ switch (msg_type)
+ {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+
+ break;
+ case GNUTLS_ALERT:
+ /*
+ * this call of _gnutls_recv_int expects 0 bytes read.
+ * done to decrypt alert message
+ */
+ _gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE_FINISHED, 0, 0);
+
+ /* CLOSE_NOTIFY */
+ if (connection->tls_session->internals.last_alert ==
+ GNUTLS_A_CLOSE_NOTIFY)
+ {
+ gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+ return MHD_YES;
+ }
+ /* non FATAL or WARNING */
+ else if (connection->tls_session->internals.last_alert !=
+ GNUTLS_AL_FATAL)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Received TLS alert: %s\n",
+ gnutls_alert_get_name ((int) connection->tls_session->
+ internals.last_alert));
+#endif
+ return MHD_YES;
+ }
+ /* FATAL */
+ else if (connection->tls_session->internals.last_alert ==
+ GNUTLS_AL_FATAL)
+ {
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ }
+ /* this should never execut */
+ else
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Received unrecognized alert: %d\n",
+ connection->tls_session->internals.last_alert);
+#endif
+ return MHD_NO;
+ }
+
+
+ /* forward application level content to MHD */
+ case GNUTLS_APPLICATION_DATA:
+ return MHD_connection_handle_read (connection);
+
+ case GNUTLS_HANDSHAKE:
+ ret = gnutls_handshake (connection->tls_session);
+ if (ret == 0)
+ {
+ connection->state = MHD_CONNECTION_INIT;
+ // connection->state = MHD_CONNECTION_INIT;
+ }
+ /* set connection as closed */
+ else
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Error: Handshake has failed (%d)\n", ret);
+#endif
+ connection->state = MHD_TLS_HANDSHAKE_FAILED;
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ }
+ break;
+ case GNUTLS_INNER_APPLICATION:
+ break;
+ default:
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ "Err: unrecognized tls read message. l: %d, f: %s\n",
+ connection->state, __LINE__, __FUNCTION__);
+#endif
+ return MHD_NO;
+ }
+
+ return MHD_YES;
+}
+
+/**
+ * This function was created to handle writes to sockets when it has
+ * been determined that the socket can be written to.
+ *
+ * @return MHD_YES if we should continue to process the
+ * connection (not dead yet), MHD_NO if it died
+ */
+int
+MHD_tls_connection_handle_write (struct MHD_Connection *connection)
+{
+ connection->last_activity = time (NULL);
+
+ while (1)
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (connection->daemon, "MHD write: %d, l: %d, f: %s\n",
+ connection->state, __LINE__, __FUNCTION__);
+#endif
+ switch (connection->state)
+ {
+ case MHD_CONNECTION_CLOSED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ case MHD_TLS_HANDSHAKE_FAILED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ /* some HTTP state */
+ default:
+ return MHD_connection_handle_write (connection);
+ }
+ }
+}
+
+void
+MHD_set_https_calbacks (struct MHD_Connection *connection)
+{
+ connection->recv_cls = &MHDS_con_read;
+ connection->send_cls = &MHDS_con_write;
+ connection->read_handler = &MHD_tls_connection_handle_read;
+ connection->write_handler = &MHD_tls_connection_handle_write;
+ connection->idle_handler = &MHD_tls_connection_handle_idle;
+}
Modified: libmicrohttpd/src/daemon/daemon.c
===================================================================
--- libmicrohttpd/src/daemon/daemon.c 2008-07-10 07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/daemon/daemon.c 2008-07-10 17:28:48 UTC (rev 7408)
@@ -29,6 +29,7 @@
#include "connection.h"
#include "memorypool.h"
+#include "gnutls.h"
#include "gnutls_int.h"
#include "gnutls_datum.h"
#include "gnutls_global.h"
@@ -102,17 +103,15 @@
}
else if (daemon->https_mem_cert && daemon->https_mem_key)
{
- gnutls_datum_t *key =
- (gnutls_datum_t *) malloc (sizeof (gnutls_datum_t));
- gnutls_datum_t *cert =
- (gnutls_datum_t *) malloc (sizeof (gnutls_datum_t));
+ gnutls_datum_t key ;
+ gnutls_datum_t cert ;
- _gnutls_set_datum_m (key, daemon->https_mem_key,
+ _gnutls_set_datum_m (&key, daemon->https_mem_key,
strlen (daemon->https_mem_key), &malloc);
- _gnutls_set_datum_m (cert, daemon->https_mem_cert,
+ _gnutls_set_datum_m (&cert, daemon->https_mem_cert,
strlen (daemon->https_mem_cert), &malloc);
- gnutls_certificate_set_x509_key_mem (daemon->x509_cret, cert, key,
+ gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key,
GNUTLS_X509_FMT_PEM);
}
else
@@ -309,21 +308,18 @@
static void *
MHDS_handle_connection (void *data)
{
- gnutls_session_t tls_session;
struct MHD_Connection *con = data;
if (con == NULL)
abort ();
- gnutls_init (&tls_session, GNUTLS_SERVER);
+ gnutls_init (&con->tls_session, GNUTLS_SERVER);
- con->tls_session = tls_session;
-
/* sets cipher priorities */
- gnutls_priority_set (tls_session, con->daemon->priority_cache);
+ gnutls_priority_set (con->tls_session, con->daemon->priority_cache);
/* set needed credentials for certificate authentication. */
- gnutls_credentials_set (tls_session, GNUTLS_CRD_CERTIFICATE,
+ gnutls_credentials_set (con->tls_session, GNUTLS_CRD_CERTIFICATE,
con->daemon->x509_cret);
/* TODO avoid gnutls blocking recv / write calls
@@ -331,7 +327,7 @@
gnutls_transport_set_push_function(tls_session, &send);
*/
- gnutls_transport_set_ptr (tls_session, con->socket_fd);
+ gnutls_transport_set_ptr (con->tls_session, con->socket_fd);
return MHD_handle_connection (data);
}
@@ -554,7 +550,11 @@
free (pos->addr);
free (pos);
daemon->max_connections++;
- /* TODO add tls con cleanup */
+#if HTTPS_SUPPORT
+ if(pos->tls_session != 0){
+ gnutls_deinit (pos->tls_session);
+ }
+#endif
if (prev == NULL)
pos = daemon->connections;
else
@@ -915,10 +915,10 @@
case MHD_OPTION_HTTPS_MEM_CERT:
retVal->https_mem_cert = va_arg (ap, const char *);
break;
- case MHDS_KX_PRIORITY:
+ case MHD_OPTION_KX_PRIORITY:
_set_priority (&retVal->priority_cache->cipher, va_arg (ap, const
int *));
break;
- case MHDS_CIPHER_ALGORITHM:
+ case MHD_OPTION_CIPHER_ALGORITHM:
_set_priority (&retVal->priority_cache->cipher, va_arg (ap, const
int *));
break;
#endif
Modified: libmicrohttpd/src/daemon/https/https_common.c
===================================================================
--- libmicrohttpd/src/daemon/https/https_common.c 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/daemon/https/https_common.c 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -8,12 +8,12 @@
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* GNUTLS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -192,7 +192,7 @@
printf (" # fingerprint: %s\n", print);
}
- /* Print the version of the X.509
+ /* Print the version of the X.509
* certificate.
*/
if (verbose)
Modified: libmicrohttpd/src/daemon/https/openpgp/gnutls_extra.c
===================================================================
--- libmicrohttpd/src/daemon/https/openpgp/gnutls_extra.c 2008-07-10
07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/daemon/https/openpgp/gnutls_extra.c 2008-07-10
17:28:48 UTC (rev 7408)
@@ -9,12 +9,12 @@
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* GNUTLS-EXTRA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -38,7 +38,7 @@
static int _gnutls_init_extra = 0;
/**
- * gnutls_global_init_extra - This function initializes the global state of
gnutls-extra
+ * gnutls_global_init_extra - This function initializes the global state of
gnutls-extra
*
* This function initializes the global state of gnutls-extra library
* to defaults. Returns zero on success.
@@ -51,8 +51,6 @@
int
gnutls_global_init_extra (void)
{
- int ret;
-
/* If the version of libgnutls != version of
* libextra, then do not initialize the library.
* This is because it may break things.
Modified: libmicrohttpd/src/daemon/https/tls/ext_oprfi.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/ext_oprfi.c 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/ext_oprfi.c 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -38,7 +38,6 @@
{
ssize_t data_size = _data_size;
uint16_t len;
- int ret;
if (!session->security_parameters.extensions.oprfi_cb)
{
@@ -75,7 +74,6 @@
{
ssize_t data_size = _data_size;
uint16_t len;
- int ret;
if (session->security_parameters.extensions.oprfi_client == NULL)
{
@@ -149,7 +147,6 @@
opaque *p = data;
int ret;
ssize_t data_size = _data_size;
- size_t len;
if (!session->security_parameters.extensions.oprfi_client ||
!session->security_parameters.extensions.oprfi_cb)
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c 2008-07-10
07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c 2008-07-10
17:28:48 UTC (rev 7408)
@@ -4,7 +4,7 @@
#include <libtasn1.h>
-extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[] = {
+const ASN1_ARRAY_TYPE gnutls_asn1_tab[] = {
{"GNUTLS", 536872976, 0},
{0, 1073741836, 0},
{"RSAPublicKey", 1610612741, 0},
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_compress_int.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_compress_int.c 2008-07-10
07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_compress_int.c 2008-07-10
17:28:48 UTC (rev 7408)
@@ -34,7 +34,6 @@
_gnutls_comp_init (gnutls_compression_method_t method, int d)
{
comp_hd_t ret;
- int err;
ret = gnutls_malloc (sizeof (struct comp_hd_t_STRUCT));
if (ret == NULL)
@@ -105,8 +104,6 @@
void
_gnutls_comp_deinit (comp_hd_t handle, int d)
{
- int err;
-
if (handle != NULL)
{
switch (handle->algo)
@@ -128,7 +125,7 @@
}
}
-/* These functions are memory consuming
+/* These functions are memory consuming
*/
int
@@ -137,7 +134,6 @@
size_t max_comp_size)
{
int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
- int err;
/* NULL compression is not handled here
*/
@@ -212,8 +208,7 @@
size_t compressed_size, opaque ** plain,
size_t max_record_size)
{
- int plain_size = GNUTLS_E_DECOMPRESSION_FAILED, err;
- int cur_pos;
+ int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
if (compressed_size > max_record_size + EXTRA_COMP_SIZE)
{
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_global.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_global.c 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_global.c 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -160,7 +160,7 @@
_gnutls_gcry_log_handler (void *dummy, int level,
const char *fmt, va_list list)
{
- _gnutls_log (fmt, list);
+ _gnutls_log (level, fmt, list);
}
#endif
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -23,7 +23,7 @@
*/
#ifndef GNUTLS_MPI_H
-# define GNUTLS_MPI_H
+#define GNUTLS_MPI_H
# include <gnutls_int.h>
# include <gcrypt.h>
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_pk.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_pk.h 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_pk.h 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -23,7 +23,7 @@
*/
#ifndef GNUTLS_PK_H
-# define GNUTLS_PK_H
+#define GNUTLS_PK_H
int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
const gnutls_datum_t * plaintext,
Modified: libmicrohttpd/src/daemon/https/x509/mpi.c
===================================================================
--- libmicrohttpd/src/daemon/https/x509/mpi.c 2008-07-10 07:03:31 UTC (rev
7407)
+++ libmicrohttpd/src/daemon/https/x509/mpi.c 2008-07-10 17:28:48 UTC (rev
7408)
@@ -82,7 +82,7 @@
}
-/* reads p,q and g
+/* reads p,q and g
* from the certificate (subjectPublicKey BIT STRING).
* params[0-2]
*/
@@ -193,7 +193,7 @@
}
/* reads DSA's Y
- * from the certificate
+ * from the certificate
* only sets params[3]
*/
int
@@ -339,7 +339,6 @@
gnutls_digest_algorithm_t dig,
mpi_t * params, int params_size)
{
- gnutls_datum_t der;
int result;
char name[128];
const char *pk;
Modified: libmicrohttpd/src/daemon/internal.h
===================================================================
--- libmicrohttpd/src/daemon/internal.h 2008-07-10 07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/daemon/internal.h 2008-07-10 17:28:48 UTC (rev 7408)
@@ -284,25 +284,21 @@
*/
MHD_CONNECTION_CLOSED = MHD_CONNECTION_FOOTERS_SENT + 1,
+#if HTTPS_SUPPORT
+ /*
+ * SSL/TLS connection states
+ */
+ MHD_TLS_HANDSHAKE_FAILED = MHD_CONNECTION_CLOSED +1,
+
+ MHD_TLS_HANDSHAKE_COMPLETE,
+#endif
};
-/**
- * States in a state machine for a secure SSL/TLS connection.
- *
- */
-enum MHDS_CONNECTION_STATE
-{
- /* initial HTTPS state */
- MHDS_CONNECTION_INIT = 0,
+#if DEBUG_STATES
+ /* TODO add state dictionary */
+#endif
- MHDS_HANDSHAKE_FAILED,
-
- MHDS_HANDSHAKE_COMPLETE,
-
- MHDS_CONNECTION_CLOSED
-};
-
struct MHD_Connection
{
@@ -486,7 +482,7 @@
*/
enum MHD_CONNECTION_STATE state;
- enum MHDS_CONNECTION_STATE s_state;
+ //enum MHDS_CONNECTION_STATE s_state;
/**
* HTTP response code. Only valid if response object
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2008-07-10 07:03:31 UTC (rev
7407)
+++ libmicrohttpd/src/include/microhttpd.h 2008-07-10 17:28:48 UTC (rev
7408)
@@ -386,15 +386,30 @@
* cipher priority order to which the HTTPS daemon should adhere.
* "const int *" argument.
*/
- MHDS_CIPHER_ALGORITHM,
+ MHD_OPTION_CIPHER_ALGORITHM,
/*
* Memory pointer to a zero terminated int array representing the
* key exchange algorithm priority order to which the HTTPS daemon should
adhere.
* "const int *" argument.
*/
- MHDS_KX_PRIORITY,
+ MHD_OPTION_KX_PRIORITY,
+ /*
+ * used to indicate which type of certificate this server will use,
+ */
+ MHD_OPTION_CRET_TYPE,
+
+ /*
+ * mac algorithm used by server
+ */
+ MHD_OPTION_MAC_ALGO,
+
+ /*
+ * compression algorithm used by server
+ */
+ MHD_OPTION_TLS_COMP_ALGO,
+
MHD_HTTPS_OPTION_END,
};
Modified: libmicrohttpd/src/include/microhttpsd.h
===================================================================
--- libmicrohttpd/src/include/microhttpsd.h 2008-07-10 07:03:31 UTC (rev
7407)
+++ libmicrohttpd/src/include/microhttpsd.h 2008-07-10 17:28:48 UTC (rev
7408)
@@ -125,7 +125,6 @@
/* get cipher spec for this connection */
gnutls_cipher_algorithm_t MHDS_get_session_cipher (struct MHD_Connection *
session );
-
gnutls_kx_algorithm_t MHDS_get_session_kx (struct MHD_Connection * session );
gnutls_mac_algorithm_t MHDS_get_session_mac (struct MHD_Connection * session );
gnutls_compression_method_t MHDS_get_session_compression (struct
MHD_Connection * session );
Modified: libmicrohttpd/src/testcurl/https/mhds_get_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_get_test.c 2008-07-10 07:03:31 UTC
(rev 7407)
+++ libmicrohttpd/src/testcurl/https/mhds_get_test.c 2008-07-10 17:28:48 UTC
(rev 7408)
@@ -40,6 +40,7 @@
#define PAGE_NOT_FOUND "<html><head><title>File not
found</title></head><body>File not found</body></html>"
+#define MHD_E_MEM "Error: memory error\n"
#define MHD_E_SERVER_INIT "Error: failed to start server\n"
#define MHD_E_TEST_FILE_CREAT "Error: failed to setup test file\n"
#define MHD_E_CERT_FILE_CREAT "Error: failed to setup test certificate\n"
@@ -192,7 +193,12 @@
/* setup test file path, url */
doc_path = get_current_dir_name ();
- mem_test_file_local = malloc (len);
+ if (NULL == (mem_test_file_local = malloc (len)))
+ {
+ fclose (test_fd);
+ fprintf (stderr, MHD_E_MEM);
+ return -1;
+ }
fseek (test_fd, 0, SEEK_SET);
if (fread (mem_test_file_local, sizeof (char), len, test_fd) != len)
@@ -206,8 +212,7 @@
if (NULL == (cbc.buf = malloc (sizeof (char) * len)))
{
fclose (test_fd);
- fprintf (stderr, "Error: failed to read test file. %s\n",
- strerror (errno));
+ fprintf (stderr, MHD_E_MEM);
return -1;
}
cbc.size = len;
@@ -219,7 +224,7 @@
c = curl_easy_init ();
#ifdef DEBUG
- curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
+ //curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
#endif
curl_easy_setopt (c, CURLOPT_URL, url);
curl_easy_setopt (c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
@@ -255,9 +260,14 @@
if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
{
fprintf (stderr, "Error: local file & received file differ.\n");
+ free (cbc.buf);
+ free (mem_test_file_local);
return -1;
}
+ free (mem_test_file_local);
+ free (cbc.buf);
+ free (doc_path);
return 0;
}
@@ -265,7 +275,6 @@
int
test_secure_get (FILE * test_fd, char *cipher_suite, int proto_version)
{
-
int ret;
struct MHD_Daemon *d;
d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
@@ -346,7 +355,7 @@
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, key_pem,
MHD_OPTION_HTTPS_MEM_CERT, cert_pem,
- MHDS_CIPHER_ALGORITHM, ciper, MHD_OPTION_END);
+ MHD_OPTION_CIPHER_ALGORITHM, ciper, MHD_OPTION_END);
if (d == NULL)
{
@@ -373,7 +382,7 @@
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, key_pem,
MHD_OPTION_HTTPS_MEM_CERT, cert_pem,
- MHDS_KX_PRIORITY, kx, MHD_OPTION_END);
+ MHD_OPTION_KX_PRIORITY, kx, MHD_OPTION_END);
if (d == NULL)
{
@@ -387,6 +396,33 @@
return ret;
}
+int
+test_mac_option (FILE * test_fd, char *cipher_suite, int proto_version)
+{
+
+ int ret;
+ int mac[] = { GNUTLS_MAC_SHA1, 0 };
+ struct MHD_Daemon *d;
+
+ d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433,
+ NULL, NULL, &http_ahc, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, cert_pem,
+ MHD_OPTION_MAC_ALGO, mac, MHD_OPTION_END);
+
+ if (d == NULL)
+ {
+ fprintf (stderr, MHD_E_SERVER_INIT);
+ return -1;
+ }
+
+ ret = test_daemon_get (test_fd, cipher_suite, proto_version);
+
+ MHD_stop_daemon (d);
+ return ret;
+}
+
/* setup a temporary transfer test file */
FILE *
setupTestFile ()
@@ -434,19 +470,30 @@
return -1;
}
+ //gnutls_global_set_log_level(11);
+// errorCount +=
+// test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+//
+// errorCount +=
+// test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+//
+// sleep(1);
+
errorCount +=
test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
- errorCount +=
- test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
- errorCount +=
- test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
- /* TODO resolve cipher setting issue when compiling against GNU TLS */
- errorCount +=
- test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
- errorCount +=
- test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
+// errorCount +=
+// test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
+// errorCount +=
+// test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
+//
+// /* TODO resolve cipher setting issue when compiling against GNU TLS */
+// errorCount +=
+// test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
+// errorCount +=
+// test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
+
if (errorCount != 0)
fprintf (stderr, "Error (code: %u)\n", errorCount);
Modified: libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c 2008-07-10
07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c 2008-07-10
17:28:48 UTC (rev 7408)
@@ -254,9 +254,15 @@
if (memcmp (cbc.buf, mem_test_file_local, len) != 0)
{
fprintf (stderr, "Error: local file & received file differ.\n");
+ free (mem_test_file_local);
+ free (cbc.buf);
+ free (doc_path);
return -1;
}
+ free (mem_test_file_local);
+ free (cbc.buf);
+ free (doc_path);
return 0;
}
Modified: libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2008-07-10
07:03:31 UTC (rev 7407)
+++ libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2008-07-10
17:28:48 UTC (rev 7408)
@@ -209,14 +209,16 @@
{
fprintf (stderr, "curl_easy_perform failed: `%s'\n",
curl_easy_strerror (errornum));
+
+ MHD_stop_daemon (d);
curl_easy_cleanup (c);
- MHD_stop_daemon (d);
- return 4;
+ free (cbc.buf);
+ return -1;
}
+ MHD_stop_daemon (d);
curl_easy_cleanup (c);
- MHD_stop_daemon (d);
-
+ free (cbc.buf);
return 0;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7408 - in libmicrohttpd/src: daemon daemon/https daemon/https/openpgp daemon/https/tls daemon/https/x509 include testcurl/https,
gnunet <=