[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: Fix #5514; Add test for GNS
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: Fix #5514; Add test for GNS Proxy and DANE; Fix TLS connections on ports != 443 through proxy |
Date: |
Fri, 25 Jan 2019 20:53:12 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 7f666b446 Fix #5514; Add test for GNS Proxy and DANE; Fix TLS
connections on ports != 443 through proxy
new 27270fd74 Merge branch 'master' of git+ssh://gnunet.org/gnunet
7f666b446 is described below
commit 7f666b4467ae5f530e904675df3f28886f4202fa
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Fri Jan 25 20:52:55 2019 +0100
Fix #5514; Add test for GNS Proxy and DANE; Fix TLS connections on ports !=
443 through proxy
---
src/gns/Makefile.am | 11 +-
src/gns/gnunet-gns-proxy-setup-ca | 45 +++--
src/gns/gnunet-gns-proxy.c | 62 +++---
src/gns/test_gns_proxy.c | 402 +++++++++++++++++++++++---------------
src/gns/test_gns_proxy.conf | 28 +--
src/gns/test_proxy.sh | 53 +++++
6 files changed, 369 insertions(+), 232 deletions(-)
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am
index e0497b11e..1abc57d57 100644
--- a/src/gns/Makefile.am
+++ b/src/gns/Makefile.am
@@ -155,6 +155,12 @@ if HAVE_GNUTLS_DANE
gnunet_gns_proxy_LDADD += -lgnutls-dane
endif
+test_gns_proxy_SOURCES = \
+ test_gns_proxy.c
+test_gns_proxy_LDADD = -lmicrohttpd $(LIB_GNURL) -lgnutls \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(GN_LIBINTL)
+
gnunet_gns_helper_service_w32_SOURCES = \
gnunet-gns-helper-service-w32.c
gnunet_gns_helper_service_w32_LDADD = \
@@ -232,6 +238,8 @@ libgnunet_plugin_block_gns_la_LIBADD = \
libgnunet_plugin_block_gns_la_LDFLAGS = \
$(GN_PLUGIN_LDFLAGS)
+check_PROGRAMS = \
+ test_gns_proxy
check_SCRIPTS = \
test_gns_lookup.sh \
@@ -248,7 +256,8 @@ check_SCRIPTS = \
test_gns_rel_expiration.sh\
test_gns_soa_lookup.sh\
test_gns_revocation.sh\
- test_gns_cname_lookup.sh
+ test_gns_cname_lookup.sh \
+ test_proxy.sh
if ENABLE_TEST_RUN
if HAVE_SQLITE
diff --git a/src/gns/gnunet-gns-proxy-setup-ca
b/src/gns/gnunet-gns-proxy-setup-ca
index 52f4b012b..7c1d58dc2 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca
+++ b/src/gns/gnunet-gns-proxy-setup-ca
@@ -5,12 +5,6 @@
# TODO: We should sed the real paths to the binaries involved here.
-if ! which certutil > /dev/null
-then
- echo "'certutil' command not found. Please install it."
- exit 1
-fi
-
if ! which openssl > /dev/null
then
echo "'openssl' command not found. Please install it."
@@ -50,24 +44,29 @@ openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY
-out $GNSCANO
echo "Making private key available to gnunet-gns-proxy"
cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
-echo "Importing CA into browsers"
-for f in ~/.mozilla/firefox/*.*/
-do
- if [ -d $f ]; then
- echo "Importing CA info Firefox at $f"
-# delete old certificate (if any)
- certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
-# add new certificate
- certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
- fi
-done
+if ! which certutil > /dev/null
+then
+ echo "'certutil' command not found. Not importing into browsers."
+else
+ echo "Importing CA into browsers"
+ for f in ~/.mozilla/firefox/*.*/
+ do
+ if [ -d $f ]; then
+ echo "Importing CA info Firefox at $f"
+ # delete old certificate (if any)
+ certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
+ # add new certificate
+ certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
+ fi
+ done
-if [ -d ~/.pki/nssdb/ ]; then
- echo "Importing CA into Chrome at ~/.pki/nssdb/"
-# delete old certificate (if any)
- certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
-# add new certificate
- certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
+ if [ -d ~/.pki/nssdb/ ]; then
+ echo "Importing CA into Chrome at ~/.pki/nssdb/"
+ # delete old certificate (if any)
+ certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
+ # add new certificate
+ certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
+ fi
fi
echo "Cleaning up."
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 7e0dec722..385524a18 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -641,6 +641,11 @@ struct Socks5Request
*/
int is_gns;
+ /**
+ * This is (probably) a TLS connection
+ */
+ int is_tls;
+
/**
* Did we suspend MHD processing?
*/
@@ -1138,7 +1143,8 @@ curl_check_hdr (void *buffer,
"Receiving HTTP response header from CURL\n");
/* first, check TLS certificate */
if ( (GNUNET_YES != s5r->ssl_checked) &&
- (HTTPS_PORT == s5r->port))
+ (GNUNET_YES == s5r->is_tls))
+ //(HTTPS_PORT == s5r->port))
{
if (GNUNET_OK != check_ssl_certificate (s5r))
return 0;
@@ -1237,7 +1243,7 @@ curl_check_hdr (void *buffer,
char *leho_host;
GNUNET_asprintf (&leho_host,
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://%s"
: "https://%s",
s5r->leho);
@@ -1247,7 +1253,7 @@ curl_check_hdr (void *buffer,
{
GNUNET_asprintf (&new_location,
"%s%s%s",
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://"
: "https://",
s5r->domain,
@@ -1262,7 +1268,7 @@ curl_check_hdr (void *buffer,
char *leho_host;
GNUNET_asprintf (&leho_host,
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://%s"
: "https://%s",
s5r->leho);
@@ -1272,7 +1278,7 @@ curl_check_hdr (void *buffer,
{
GNUNET_asprintf (&new_location,
"%s%s",
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://"
: "https://",
s5r->domain);
@@ -1923,7 +1929,7 @@ create_response (void *cls,
if (s5r->is_gns)
{
GNUNET_asprintf (&curlurl,
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://%s:%d%s"
: "https://%s:%d%s",
(NULL != s5r->leho)
@@ -1935,7 +1941,7 @@ create_response (void *cls,
else
{
GNUNET_asprintf (&curlurl,
- (HTTPS_PORT != s5r->port)
+ (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
? "http://%s:%d%s"
: "https://%s:%d%s",
s5r->domain,
@@ -2109,7 +2115,7 @@ create_response (void *cls,
CURL_HTTP_VERSION_NONE);
}
- if (HTTPS_PORT == s5r->port)
+ if (GNUNET_YES == s5r->is_tls) //(HTTPS_PORT == s5r->port)
{
curl_easy_setopt (s5r->curl,
CURLOPT_USE_SSL,
@@ -2828,29 +2834,25 @@ setup_data_transfer (struct Socks5Request *s5r)
socklen_t len;
char *domain;
- switch (s5r->port)
+ if (GNUNET_YES == s5r->is_tls)
{
- case HTTPS_PORT:
- GNUNET_asprintf (&domain,
- "%s",
- s5r->domain);
- hd = lookup_ssl_httpd (domain);
- if (NULL == hd)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Failed to start HTTPS server for `%s'\n"),
- s5r->domain);
- cleanup_s5r (s5r);
- GNUNET_free (domain);
- return;
- }
- break;
- case HTTP_PORT:
- default:
+ GNUNET_asprintf (&domain,
+ "%s",
+ s5r->domain);
+ hd = lookup_ssl_httpd (domain);
+ if (NULL == hd)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to start HTTPS server for `%s'\n"),
+ s5r->domain);
+ cleanup_s5r (s5r);
+ GNUNET_free (domain);
+ return;
+ }
+ } else {
domain = NULL;
GNUNET_assert (NULL != httpd);
hd = httpd;
- break;
}
fd = GNUNET_NETWORK_get_fd (s5r->sock);
addr = GNUNET_NETWORK_get_addr (s5r->sock);
@@ -3102,6 +3104,7 @@ handle_gns_result (void *cls,
GNUNET_break (0); /* MAX_DANES too small */
break;
}
+ s5r->is_tls = GNUNET_YES; /* This should be TLS */
s5r->dane_data_len[s5r->num_danes]
= r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord);
s5r->dane_data[s5r->num_danes]
@@ -3293,12 +3296,13 @@ do_s5r_read (void *cls)
s5r->domain = GNUNET_strndup (dom_name,
*dom_len);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Requested connection is to http%s://%s:%d\n",
- (HTTPS_PORT == s5r->port) ? "s" : "",
+ "Requested connection is to %s:%d\n",
+ //(HTTPS_PORT == s5r->port) ? "s" : "",
s5r->domain,
ntohs (*port));
s5r->state = SOCKS5_RESOLVING;
s5r->port = ntohs (*port);
+ s5r->is_tls = (HTTPS_PORT == s5r->port) ? GNUNET_YES : GNUNET_NO;
s5r->gns_lookup = GNUNET_GNS_lookup_with_tld (gns_handle,
s5r->domain,
GNUNET_DNSPARSER_TYPE_A,
diff --git a/src/gns/test_gns_proxy.c b/src/gns/test_gns_proxy.c
index ea61a89d5..75fe95617 100644
--- a/src/gns/test_gns_proxy.c
+++ b/src/gns/test_gns_proxy.c
@@ -30,13 +30,15 @@
#include <gnurl/curl.h>
#endif
#include <microhttpd.h>
-#include "gnunet_namestore_service.h"
-#include "gnunet_gns_service.h"
-#include "gnunet_testing_lib.h"
-#include "gnunet_os_lib.h"
+#include "gnunet_util_lib.h"
+#include "gnutls/x509.h"
-#define PORT 8080
-#define TEST_DOMAIN "www.gnu"
+/**
+ * Largest allowed size for a PEM certificate.
+ */
+#define MAX_PEM_SIZE (10 * 1024)
+
+#define TEST_DOMAIN "www.test"
#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 300)
@@ -45,7 +47,6 @@
*/
static int global_ret;
-static struct GNUNET_NAMESTORE_Handle *namestore;
static struct MHD_Daemon *mhd;
@@ -61,7 +62,15 @@ static char *url;
static struct GNUNET_OS_Process *proxy_proc;
-static char* tmp_cfgfile;
+static char* cafile_opt;
+
+static char* cafile_srv;
+
+static uint16_t port;
+
+static gnutls_x509_crt_t proxy_cert;
+
+static gnutls_x509_privkey_t proxy_key;
struct CBC
{
@@ -71,6 +80,101 @@ struct CBC
static struct CBC cbc;
+/**
+ * Read file in filename
+ *
+ * @param filename file to read
+ * @param size pointer where filesize is stored
+ * @return NULL on error
+ */
+static void*
+load_file (const char* filename,
+ unsigned int* size)
+{
+ void *buffer;
+ uint64_t fsize;
+
+ if (GNUNET_OK !=
+ GNUNET_DISK_file_size (filename,
+ &fsize,
+ GNUNET_YES,
+ GNUNET_YES))
+ return NULL;
+ if (fsize > MAX_PEM_SIZE)
+ return NULL;
+ *size = (unsigned int) fsize;
+ buffer = GNUNET_malloc (*size);
+ if (fsize !=
+ GNUNET_DISK_fn_read (filename,
+ buffer,
+ (size_t) fsize))
+ {
+ GNUNET_free (buffer);
+ return NULL;
+ }
+ return buffer;
+}
+
+/**
+ * Load PEM key from file
+ *
+ * @param key where to store the data
+ * @param keyfile path to the PEM file
+ * @return #GNUNET_OK on success
+ */
+static int
+load_key_from_file (gnutls_x509_privkey_t key,
+ const char* keyfile)
+{
+ gnutls_datum_t key_data;
+ int ret;
+
+ key_data.data = load_file (keyfile,
+ &key_data.size);
+ if (NULL == key_data.data)
+ return GNUNET_SYSERR;
+ ret = gnutls_x509_privkey_import (key, &key_data,
+ GNUTLS_X509_FMT_PEM);
+ if (GNUTLS_E_SUCCESS != ret)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Unable to import private key from file `%s'\n"),
+ keyfile);
+ }
+ GNUNET_free_non_null (key_data.data);
+ return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
+}
+
+/**
+ * Load cert from file
+ *
+ * @param crt struct to store data in
+ * @param certfile path to pem file
+ * @return #GNUNET_OK on success
+ */
+static int
+load_cert_from_file (gnutls_x509_crt_t crt,
+ const char* certfile)
+{
+ gnutls_datum_t cert_data;
+ int ret;
+
+ cert_data.data = load_file (certfile,
+ &cert_data.size);
+ if (NULL == cert_data.data)
+ return GNUNET_SYSERR;
+ ret = gnutls_x509_crt_import (crt,
+ &cert_data,
+ GNUTLS_X509_FMT_PEM);
+ if (GNUTLS_E_SUCCESS != ret)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Unable to import certificate from `%s'\n"),
+ certfile);
+ }
+ GNUNET_free_non_null (cert_data.data);
+ return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
+}
static size_t
copy_buffer (void *ptr, size_t size, size_t nmemb, void *ctx)
@@ -112,8 +216,11 @@ mhd_ahc (void *cls,
MHD_RESPMEM_MUST_COPY);
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
MHD_destroy_response (response);
- if (ret == MHD_NO)
+ if (ret == MHD_NO) {
+ global_ret = 1;
abort ();
+ }
+ global_ret = 0;
return ret;
}
@@ -138,13 +245,6 @@ do_shutdown ()
}
GNUNET_free_non_null (url);
- if (NULL != tmp_cfgfile)
- {
- if (0 != remove (tmp_cfgfile))
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "remove",
tmp_cfgfile);
- GNUNET_free (tmp_cfgfile);
- tmp_cfgfile = NULL;
- }
if (NULL != proxy_proc)
{
(void) GNUNET_OS_process_kill (proxy_proc, SIGKILL);
@@ -198,12 +298,12 @@ curl_main ()
{
if (msg->data.result != CURLE_OK)
{
- fprintf (stderr,
- "%s failed at %s:%d: `%s'\n",
- "curl_multi_perform",
- __FILE__,
- __LINE__, curl_easy_strerror (msg->data.result));
- global_ret = 1;
+ fprintf (stderr,
+ "%s failed at %s:%d: `%s'\n",
+ "curl_multi_perform",
+ __FILE__,
+ __LINE__, curl_easy_strerror (msg->data.result));
+ global_ret = 1;
}
}
curl_multi_remove_handle (multi, curl);
@@ -232,17 +332,17 @@ curl_main ()
else
delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS,
(unsigned int) timeout);
GNUNET_NETWORK_fdset_copy_native (&nrs,
- &rs,
- max + 1);
+ &rs,
+ max + 1);
GNUNET_NETWORK_fdset_copy_native (&nws,
- &ws,
- max + 1);
+ &ws,
+ max + 1);
curl_task_id = GNUNET_SCHEDULER_add_select
(GNUNET_SCHEDULER_PRIORITY_DEFAULT,
- delay,
- &nrs,
- &nws,
- &curl_task,
- NULL);
+ delay,
+ &nrs,
+ &nws,
+ &curl_task,
+ NULL);
}
@@ -250,33 +350,30 @@ static void
start_curl (void *cls)
{
GNUNET_asprintf (&url,
- "http://%s:%d/hello_world",
- TEST_DOMAIN, PORT);
+ "https://%s:%d/hello_world",
+ TEST_DOMAIN, port);
curl = curl_easy_init ();
curl_easy_setopt (curl, CURLOPT_URL, url);
+ //curl_easy_setopt (curl, CURLOPT_URL, "https://127.0.0.1:8443/hello_world");
curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, ©_buffer);
curl_easy_setopt (curl, CURLOPT_WRITEDATA, &cbc);
curl_easy_setopt (curl, CURLOPT_FAILONERROR, 1);
curl_easy_setopt (curl, CURLOPT_TIMEOUT, 150L);
curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, 15L);
curl_easy_setopt (curl, CURLOPT_NOSIGNAL, 1);
+ curl_easy_setopt (curl, CURLOPT_CAINFO, cafile_opt);
+ //curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0L);
+ //curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt (curl, CURLOPT_PROXY, "socks5h://127.0.0.1:7777");
multi = curl_multi_init ();
GNUNET_assert (multi != NULL);
GNUNET_assert (CURLM_OK == curl_multi_add_handle (multi, curl));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Beginning HTTP download from `%s'\n",
url);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Beginning HTTP download from `%s'\n",
url);
curl_main ();
}
-static void
-disco_ns (void* cls)
-{
- GNUNET_NAMESTORE_disconnect (namestore);
-}
-
-
/**
* Callback invoked from the namestore service once record is
* created.
@@ -290,24 +387,11 @@ disco_ns (void* cls)
* specified target peer; NULL on error
*/
static void
-commence_testing (void *cls,
- int32_t success,
- const char *emsg)
+commence_testing (void *cls)
{
- GNUNET_SCHEDULER_add_now (&disco_ns, NULL);
-
- if ( (emsg != NULL) && (GNUNET_YES != success) )
- {
- fprintf (stderr,
- "NS failed to create record %s\n",
- emsg);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
-
curl_task_id =
- GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
- &start_curl, NULL);
+ GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+ &start_curl, NULL);
}
@@ -345,139 +429,135 @@ mhd_main ()
FD_ZERO (&es);
max_fd = -1;
GNUNET_assert (MHD_YES ==
- MHD_get_fdset (mhd, &rs, &ws, &es, &max_fd));
+ MHD_get_fdset (mhd, &rs, &ws, &es, &max_fd));
if (MHD_YES == MHD_get_timeout (mhd, &timeout))
delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS,
- (unsigned int) timeout);
+ (unsigned int) timeout);
else
delay = GNUNET_TIME_UNIT_FOREVER_REL;
GNUNET_NETWORK_fdset_copy_native (&nrs,
- &rs,
- max_fd + 1);
+ &rs,
+ max_fd + 1);
GNUNET_NETWORK_fdset_copy_native (&nws,
- &ws,
- max_fd + 1);
+ &ws,
+ max_fd + 1);
mhd_task_id = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
- delay,
- &nrs,
- &nws,
- &mhd_task,
- NULL);
+ delay,
+ &nrs,
+ &nws,
+ &mhd_task,
+ NULL);
}
+
+/**
+ * Main function that will be run
+ *
+ * @param cls closure
+ * @param args remaining command-line arguments
+ * @param cfgfile name of the configuration file used (for saving, can be
NULL!)
+ * @param c configuration
+ */
static void
run (void *cls,
- const struct GNUNET_CONFIGURATION_Handle *cfg,
- struct GNUNET_TESTING_Peer *peer)
+ char *const *args,
+ const char *cfgfile,
+ const struct GNUNET_CONFIGURATION_Handle *c)
{
- enum MHD_FLAG flags;
- struct GNUNET_CRYPTO_EcdsaPrivateKey *host_key;
- struct GNUNET_GNSRECORD_Data rd;
- char *zone_keyfile;
-
- namestore = GNUNET_NAMESTORE_connect (cfg);
- GNUNET_assert (NULL != namestore);
- flags = MHD_USE_DEBUG;
- mhd = MHD_start_daemon (flags,
- PORT,
- NULL, NULL,
- &mhd_ahc, NULL,
- MHD_OPTION_END);
- GNUNET_assert (NULL != mhd);
- mhd_main ();
-
- tmp_cfgfile = GNUNET_DISK_mktemp ("test_gns_proxy_tmp.conf");
- if (NULL == tmp_cfgfile)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to create tmp cfg!\n");
- do_shutdown ();
- return;
- }
-
- if (GNUNET_OK != GNUNET_CONFIGURATION_write ((struct
GNUNET_CONFIGURATION_Handle *)cfg,
- tmp_cfgfile))
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Using `%s' as CA\n",
+ cafile_srv);
+ char cert[MAX_PEM_SIZE];
+ char key[MAX_PEM_SIZE];
+ size_t key_buf_size;
+ size_t cert_buf_size;
+
+ gnutls_global_init ();
+ gnutls_x509_crt_init (&proxy_cert);
+ gnutls_x509_privkey_init (&proxy_key);
+
+ if ( (GNUNET_OK !=
+ load_cert_from_file (proxy_cert,
+ cafile_srv)) ||
+ (GNUNET_OK !=
+ load_key_from_file (proxy_key,
+ cafile_srv)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to write tmp cfg\n");
- do_shutdown ();
- return;
- }
-
- proxy_proc = GNUNET_OS_start_process (GNUNET_NO,
- GNUNET_OS_INHERIT_STD_ALL,
- NULL,
- NULL,
- NULL,
- "gnunet-gns-proxy",
- "gnunet-gns-proxy",
- "-c", tmp_cfgfile, NULL);
-
- if (NULL == proxy_proc)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to start proxy\n");
- do_shutdown ();
- return;
- }
-
- if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
- "ZONEKEY",
- &zone_keyfile))
- {
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Failed to get key from cfg\n");
+ _("Failed to load X.509 key and certificate from `%s'\n"),
+ cafile_srv);
+ gnutls_x509_crt_deinit (proxy_cert);
+ gnutls_x509_privkey_deinit (proxy_key);
+ gnutls_global_deinit ();
return;
}
+ GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
+ NULL);
+ key_buf_size = sizeof (key);
+ cert_buf_size = sizeof (cert);
+ gnutls_x509_crt_export (proxy_cert,
+ GNUTLS_X509_FMT_PEM,
+ cert,
+ &cert_buf_size);
+ gnutls_x509_privkey_export (proxy_key,
+ GNUTLS_X509_FMT_PEM,
+ key,
+ &key_buf_size);
+ mhd = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL |
MHD_ALLOW_SUSPEND_RESUME, port,
+ NULL, NULL,
+ &mhd_ahc, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, key,
+ MHD_OPTION_HTTPS_MEM_CERT, cert,
+ MHD_OPTION_END);
+ GNUNET_assert (NULL != mhd);
+ mhd_main ();
- host_key = GNUNET_CRYPTO_ecdsa_key_create_from_file (zone_keyfile);
- rd.expiration_time = GNUNET_TIME_UNIT_FOREVER_ABS.abs_value_us;
- GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_string_to_value
(GNUNET_DNSPARSER_TYPE_A,
- "127.0.0.1",
-
(void**)&rd.data,
- &rd.data_size));
- rd.record_type = GNUNET_DNSPARSER_TYPE_A;
-
- GNUNET_NAMESTORE_record_create (namestore,
- host_key,
- "www",
- &rd,
- &commence_testing,
- NULL);
-
- GNUNET_free ((void**)rd.data);
- GNUNET_free (zone_keyfile);
- GNUNET_free (host_key);
+ GNUNET_SCHEDULER_add_now (&commence_testing,
+ NULL);
}
int
main (int argc, char *const *argv)
{
- char *binary;
-
- if (GNUNET_SYSERR == GNUNET_OS_check_helper_binary ("gnunet-gns-proxy",
GNUNET_NO, NULL))
- {
- fprintf (stderr, "Proxy binary not in PATH... skipping!\n");
- return 0;
- }
- binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-dns");
- if (GNUNET_YES != GNUNET_OS_check_helper_binary (binary, GNUNET_YES, NULL))
// TODO: once we have a windows-testcase, add test parameters here
- {
- fprintf (stderr, "DNS helper binary has wrong permissions... skipping!\n");
- GNUNET_free (binary);
- return 0;
- }
- GNUNET_free (binary);
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+ GNUNET_GETOPT_option_uint16 ('p',
+ "port",
+ NULL,
+ gettext_noop ("listen on specified port
(default: 7777)"),
+ &port),
+ GNUNET_GETOPT_option_string ('A',
+ "curlcert",
+ NULL,
+ gettext_noop ("pem file to use as CA"),
+ &cafile_opt),
+ GNUNET_GETOPT_option_string ('S',
+ "servercert",
+ NULL,
+ gettext_noop ("pem file to use for the
server"),
+ &cafile_srv),
+
+ GNUNET_GETOPT_OPTION_END
+ };
if (0 != curl_global_init (CURL_GLOBAL_WIN32))
{
fprintf (stderr, "failed to initialize curl\n");
return 2;
}
- if (0 != GNUNET_TESTING_peer_run ("test-gnunet-gns-proxy",
- "test_gns_proxy.conf",
- &run, NULL))
+ if (GNUNET_OK !=
+ GNUNET_STRINGS_get_utf8_args (argc, argv,
+ &argc, &argv))
+ return 2;
+ GNUNET_log_setup ("gnunet-gns-proxy-test",
+ "WARNING",
+ NULL);
+ if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv,
+ "gnunet-gns-proxy-test",
+ _("GNUnet GNS proxy test"),
+ options,
+ &run, NULL))
return 1;
- GNUNET_DISK_directory_remove ("/tmp/gnunet-test-gns-proxy");
+ GNUNET_free_non_null ((char *) argv);
return global_ret;
}
diff --git a/src/gns/test_gns_proxy.conf b/src/gns/test_gns_proxy.conf
index 51edd5a0c..3b21f1d90 100644
--- a/src/gns/test_gns_proxy.conf
+++ b/src/gns/test_gns_proxy.conf
@@ -1,30 +1,22 @@
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/gnunet-test-gns-proxy/
address@hidden@ test_gns_defaults.conf
[transport]
PLUGINS = tcp
-[arm]
-PORT = 0
-ALLOW_SHUTDOWN = YES
-
-[testing]
-WEAKRANDOM = YES
-HOSTKEYSFILE = ${DATADIR}/testing_hostkeys.dat
-
[gns]
+# PREFIX = valgrind --leak-check=full --track-origins=yes
START_ON_DEMAND = YES
-ZONEKEY = $GNUNET_TEST_HOME/.zonekey
-HIJACK_DNS = YES
+AUTO_IMPORT_PKEY = YES
+MAX_PARALLEL_BACKGROUND_QUERIES = 10
+DEFAULT_LOOKUP_TIMEOUT = 15 s
+RECORD_PUT_INTERVAL = 1 h
+ZONE_PUBLISH_TIME_WINDOW = 1 h
+DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
+
[gns-proxy]
-PROXY_CACERT = proxy/test_cert.pem
+PROXY_CACERT = /tmp/proxy_cacert.pem
PROXY_UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-gns-proxy.sock
[namestore]
START_ON_DEMAND = YES
-
-[dns]
-PROVIDE_EXIT = NO
-#DNS_EXIT = 8.8.8.8
-#PREFIX = valgrind --leak-check=full
diff --git a/src/gns/test_proxy.sh b/src/gns/test_proxy.sh
new file mode 100755
index 000000000..c960d4df9
--- /dev/null
+++ b/src/gns/test_proxy.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+TEST_DOMAIN="www.test"
+
+gnunet-arm -s -c test_gns_proxy.conf
+gnunet-gns-proxy-setup-ca -c test_gns_proxy.conf
+
+openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
+openssl rsa -passin pass:xxxx -in server.pass.key -out local.key
+rm server.pass.key
+openssl req -new -key local.key -out server.csr \
+ -subj "/C=DE/O=GNUnet/OU=GNS/CN=test.local"
+openssl x509 -req -days 1 -in server.csr -signkey local.key -out local.crt
+openssl x509 -in local.crt -out local.der -outform DER
+HEXCERT=`xxd -p local.der | tr -d '\n'`
+#echo "This is the certificate the server does not use: $HEXCERT"
+OLDBOXVALUE="6 8443 52 3 0 0 $HEXCERT"
+
+
+openssl req -new -key local.key -out server.csr \
+ -subj "/C=DE/O=GNUnet/OU=GNS/CN=test.local"
+openssl x509 -req -days 1 -in server.csr -signkey local.key -out local.crt
+openssl x509 -in local.crt -out local.der -outform DER
+HEXCERT=`xxd -p local.der | tr -d '\n'`
+#echo "This is the certificate the server does use: $HEXCERT"
+BOXVALUE="6 8443 52 3 0 0 $HEXCERT"
+
+cat local.crt > /tmp/server_cacert.pem
+cat local.key >> /tmp/server_cacert.pem
+
+gnunet-identity -C test -c test_gns_proxy.conf
+gnunet-namestore -p -z test -a -n www -t A -V 127.0.0.1 -e never -c
test_gns_proxy.conf
+gnunet-namestore -p -z test -a -n www -t LEHO -V "test.local" -e never -c
test_gns_proxy.conf
+gnunet-namestore -p -z test -a -n www -t BOX -V "$OLDBOXVALUE" -e never -c
test_gns_proxy.conf
+gnunet-namestore -p -z test -a -n www -t BOX -V "$BOXVALUE" -e never -c
test_gns_proxy.conf
+
+gnunet-arm -i gns-proxy -c test_gns_proxy.conf
+
+#gnurl --socks5-hostname 127.0.0.1:7777 https://www.test -v --cacert
/tmp/proxy_cacert.pem
+./test_gns_proxy -A /tmp/proxy_cacert.pem -S /tmp/server_cacert.pem -p 8443 -c
test_gns_proxy.conf
+
+RES=$?
+
+rm /tmp/proxy_cacert.pem
+rm /tmp/server_cacert.pem
+
+gnunet-arm -e test_gns_proxy.conf
+
+if test $RES != 0
+then
+ echo "Failed"
+ exit 1
+fi
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: Fix #5514; Add test for GNS Proxy and DANE; Fix TLS connections on ports != 443 through proxy,
gnunet <=