On Mon, 10 Jan 2011, Quinn Slack wrote:
In the code itself, there aren't yet any #ifdefs for TLS-SRP support; if GnuTLS is used, then TLS-SRP support will be enabled. There's also no check to ensure that the GnuTLS version is new enough (>=2.3) to have the right values for the TLS-SRP cipher suite. I'll work on those now. How does everything else look, though?
It looks really good I think. I did two minor improvements, see patches attached.I also found out that using gnutls-serv for this purpose is troublesome: my gnutls-serv version (2.8.6 on Debian) returns different HTTP contents for me with the exact same use, compared to what you got and did the test cases for!
We could probably borrow the gnutls-serv code and put that in our test/server directory and build our own (simplified) SRP test server to avoid the problem with different outputs. But the downside with that is that we get another test tool that is bound to a specific devel packaged SSL library being installed.
-- / daniel.haxx.se
From c91fd67018fe29d3440c9ea0b4c0dc9c23e682d8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <[email protected]> Date: Mon, 10 Jan 2011 20:58:37 +0100 Subject: [PATCH 2/2] runtests: check for find_gnutls_serv And skip the test nice and cleanly if not found. --- tests/runtests.pl | 12 ++++++++++-- tests/sshhelp.pm | 9 ++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/runtests.pl b/tests/runtests.pl index 66fe115..eb79127 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -100,6 +100,7 @@ use sshhelp qw( find_sshd find_ssh find_sftp + find_gnutls_serv sshversioninfo ); @@ -1306,11 +1307,18 @@ sub runhttptlssrpserver { $flags .= "--fork " if($forkserver); $flags .= "--http "; $flags .= "-d 1 " if($debugprotocol); + $flags .= "-q " if(!$debugprotocol); $flags .= "--port $port "; $flags .= "--srppasswd certs/srp-verifier-db --srppasswdconf certs/srp-verifier-conf "; + $flags .=" >log/gnutls.out 2>&1"; - # TODO(sqs): make find_gnutls_serv - my $cmd = "gnutls-serv $flags"; + # Find gnutls-serv + my $gnutlsserv = find_gnutls_serv(); + if(!$gnutlsserv) { + logmsg "RUN: cannot find gnutls-serv\n"; + return (0,0); + } + my $cmd = "$gnutlsserv $flags"; my ($httptlssrppid, $pid2) = startnew($cmd, $pidfile, 1, 1); if($httptlssrppid <= 0 || !kill(0, $httptlssrppid)) { diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm index 18de9d3..493cbfe 100644 --- a/tests/sshhelp.pm +++ b/tests/sshhelp.pm @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2010, Daniel Stenberg, <[email protected]>, et al. +# Copyright (C) 1998 - 2011, Daniel Stenberg, <[email protected]>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -95,6 +95,7 @@ use vars qw( find_sftpsrv find_sftp find_sshkeygen + find_gnutls_serv logmsg sshversioninfo ); @@ -290,6 +291,12 @@ sub find_sfile { return find_file($filename, @spath); } +#*************************************************************************** +# Find gnutls-serv and return canonical filename +# +sub find_gnutls_serv { + return find_file("gnutls-serv", split(':', $ENV{PATH})); +} #*************************************************************************** # Find ssh daemon and return canonical filename -- 1.7.2.3
From a745b9f6f3fb8253c7a352f18bc790173fb825c3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <[email protected]> Date: Mon, 10 Jan 2011 20:58:16 +0100 Subject: [PATCH 1/2] curl_easy_strerror: add CURLE_TLSAUTH_FAILED --- lib/strerror.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/lib/strerror.c b/lib/strerror.c index e8ecea5..6b67a87 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2004 - 2010, Daniel Stenberg, <[email protected]>, et al. + * Copyright (C) 2004 - 2011, Daniel Stenberg, <[email protected]>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -281,6 +281,9 @@ curl_easy_strerror(CURLcode error) case CURLE_CHUNK_FAILED: return "Chunk callback failed"; + case CURLE_TLSAUTH_FAILED: + return "TLS Authentication failed"; + /* error codes not used by current libcurl */ case CURLE_OBSOLETE4: case CURLE_OBSOLETE10: -- 1.7.2.3
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
