diff options
author | Gilles Vollant <info@winimage.com> | 2020-07-13 03:17:56 +0200 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2021-05-05 02:29:16 -0400 |
commit | 77fc3859b24470b5c173174e2aba3b099b92adfd (patch) | |
tree | 010c3dfb572cd78b1b88187bb5dfc4200eeb1638 /tests/libtest | |
parent | 70cf50fb4aa5e55ca2e732716a4f455d39192088 (diff) | |
download | curl-77fc3859b24470b5c173174e2aba3b099b92adfd.tar.gz |
SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
Diffstat (limited to 'tests/libtest')
-rw-r--r-- | tests/libtest/Makefile.inc | 6 | ||||
-rw-r--r-- | tests/libtest/lib678.c | 120 |
2 files changed, 125 insertions, 1 deletions
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index ff39de377..5c80f88c9 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -48,7 +48,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib599 \ lib643 lib644 lib645 lib650 lib651 lib652 lib653 lib654 lib655 lib658 \ lib659 lib661 lib666 lib667 lib668 \ - lib670 lib671 lib672 lib673 lib674 lib676 \ + lib670 lib671 lib672 lib673 lib674 lib676 lib678 \ lib1156 \ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 lib1517 \ @@ -409,6 +409,10 @@ lib676_SOURCES = lib676.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib676_LDADD = $(TESTUTIL_LIBS) lib676_CPPFLAGS = $(AM_CPPFLAGS) +lib678_SOURCES = lib678.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib678_LDADD = $(TESTUTIL_LIBS) +lib678_CPPFLAGS = $(AM_CPPFLAGS) + lib1500_SOURCES = lib1500.c $(SUPPORTFILES) $(TESTUTIL) lib1500_LDADD = $(TESTUTIL_LIBS) lib1500_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib678.c b/tests/libtest/lib678.c new file mode 100644 index 000000000..89ceb8573 --- /dev/null +++ b/tests/libtest/lib678.c @@ -0,0 +1,120 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "test.h" + +#include "testutil.h" +#include "warnless.h" +#include "memdebug.h" + +static int loadfile(const char *filename, void **filedata, size_t *filesize) +{ + size_t datasize = 0; + void *data = NULL; + if(filename) { + FILE *fInCert = fopen(filename, "rb"); + + if(fInCert) { + long cert_tell = 0; + bool continue_reading = fseek(fInCert, 0, SEEK_END) == 0; + if(continue_reading) + cert_tell = ftell(fInCert); + if(cert_tell < 0) + continue_reading = FALSE; + else + datasize = (size_t)cert_tell; + if(continue_reading) + continue_reading = fseek(fInCert, 0, SEEK_SET) == 0; + if(continue_reading) + data = malloc(datasize + 1); + if((!data) || + ((int)fread(data, datasize, 1, fInCert) != 1)) + continue_reading = FALSE; + fclose(fInCert); + if(!continue_reading) { + free(data); + datasize = 0; + data = NULL; + } + } + } + *filesize = datasize; + *filedata = data; + return data ? 1 : 0; +} + +static int test_cert_blob(const char *url, const char *cafile) +{ + CURLcode code = CURLE_OUT_OF_MEMORY; + CURL *curl; + struct curl_blob blob; + size_t certsize; + void *certdata; + + curl = curl_easy_init(); + if(!curl) { + fprintf(stderr, "curl_easy_init() failed\n"); + return CURLE_FAILED_INIT; + } + + if(loadfile(cafile, &certdata, &certsize)) { + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + curl_easy_setopt(curl, CURLOPT_HEADER, 1L); + curl_easy_setopt(curl, CURLOPT_URL, url); + curl_easy_setopt(curl, CURLOPT_USERAGENT, "CURLOPT_CAINFO_BLOB"); + curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, + CURLSSLOPT_REVOKE_BEST_EFFORT); + + blob.data = certdata; + blob.len = certsize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob); + free(certdata); + code = curl_easy_perform(curl); + } + curl_easy_cleanup(curl); + + return (int)code; +} + +int test(char *URL) +{ + int res = 0; + curl_global_init(CURL_GLOBAL_DEFAULT); + if(!strcmp("check", URL)) { + CURL *e; + CURLcode w = CURLE_OK; + struct curl_blob blob = {0}; + e = curl_easy_init(); + if(e) { + w = curl_easy_setopt(e, CURLOPT_CAINFO_BLOB, &blob); + if(w) + printf("CURLOPT_CAINFO_BLOB is not supported\n"); + curl_easy_cleanup(e); + } + res = (int)w; + } + else + res = test_cert_blob(URL, libtest_arg2); + + curl_global_cleanup(); + return res; +} |