Import neon-0.24.4.

git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.24.x@251 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
author: joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> 2004-10-02 19:31:06 +0000
committer: joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> 2004-10-02 19:31:06 +0000
commit: 7af4513399ba46674d9d4faca8e6d548e8c432d8 (patch)
tree: c3804eeaa32c72e3b60f12aff1182088e979e41a
parent: 815aa28e20edc460a309e6faee73e71cbd4736ba (diff)
download: neon-7af4513399ba46674d9d4faca8e6d548e8c432d8.tar.gz
17 files changed, 87 insertions, 81 deletions
diff --git a/BUGS b/BUGS
index f4c4750..2ae9ca5 100644
--- a/BUGS
+++ b/BUGS
@@ -14,15 +14,6 @@ Known problems/bugs in neon                                      -*- text -*-
  only cache on shutdown, since the SSL_SESSION may change during
  an ne_session.
 
-* test failures in `socket' on some non-Linux platforms:
-
-19. write_reset........... FAIL (write got 0 not reset)
-20. read_reset............ FAIL (read got -3 not reset)
-
-* server auth should not run on a CONNECT request; once a connection
-  has been CONNECT tunneled, subsequent requests through the tunnel
-  should not give proxy auth.
-
 * what is passed as 'path' to req create hook: auth needs Request-URI;
   how does that interact with proxies?  also they will be passed NULL
   for a CONNECT request, or "*" possibly as well.
diff --git a/ChangeLog b/ChangeLog
index 895a094..3562caf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sat Oct 25 10:37:59 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* configure.in: Use AC_LIBTOOL_TAGS if available.
+
 Mon Sep 22 20:56:21 2003  Joe Orton  <joe@manyfish.co.uk>
 
 	* Makefile.in: Respect @datadir@ from configure (Max Bowsher).
diff --git a/NEWS b/NEWS
index ec23abd..94f79f2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+Changes in release 0.24.4:
+* Ignore unclean SSL closure when response body is delimited by EOF
+ ("Could not read response body: Secure connection truncated" errors
+ with some buggy SSL servers).
+* Fix test/ssl.c syntax errors with C89 compilers (Radu Greab).
+
 Changes in release 0.24.3:
 * Respect configure's --datadir argument (Max Bowsher).
 * Fix build on Windows when OpenSSL is not used.
diff --git a/TODO b/TODO
index e31a595..fcce1d3 100644
--- a/TODO
+++ b/TODO
@@ -49,9 +49,6 @@ Longer term
    URI parsing support). Need to tell the auth layer the server
    details.
 
-4. Better cnonce generation for authentication: use /dev/{u}random or
-   whatever like mod_auth_digest.
-
 6. PUT with ranges... ne_put_range
 
 9. DeltaV support (http://www.webdav.org/deltav/). See also the
diff --git a/configure.in b/configure.in
index f0dfa7e..d478555 100644
--- a/configure.in
+++ b/configure.in
@@ -33,6 +33,10 @@ AC_DEFINE(NEON_IS_LIBRARY, 1, [Define when building neon as a library])
 
 AC_PROG_INSTALL
 
+dnl Avoid libtool 1.5 bug where configure fails if a C++ compiler
+dnl is not available.
+m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])])
+
 AC_DISABLE_SHARED
 AC_PROG_LIBTOOL
 
diff --git a/macros/neon.m4 b/macros/neon.m4
index 34d1eb6..398b7fa 100644
--- a/macros/neon.m4
+++ b/macros/neon.m4
@@ -122,7 +122,7 @@ AC_DEFUN([NEON_VERSIONS], [
 # Define the current versions.
 NEON_VERSION_MAJOR=0
 NEON_VERSION_MINOR=24
-NEON_VERSION_RELEASE=2
+NEON_VERSION_RELEASE=4
 NEON_VERSION_TAG=
 
 NEON_VERSION="${NEON_VERSION_MAJOR}.${NEON_VERSION_MINOR}.${NEON_VERSION_RELEASE}${NEON_VERSION_TAG}"
diff --git a/src/ChangeLog b/src/ChangeLog
index b6fc833..ead947e 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,26 @@
+Wed Oct 22 22:19:19 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* ne_request.c (read_response_block): Treat an EOF without clean
+	SSL closure as a valid request body delimiter in any case.
+
+Wed Oct 22 21:44:48 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* ne_defs.h (ne_attribute): New macro.
+
+	* ne_request.h, ne_session.h, ne_utils.h: Use ne_attribute instead
+	of littering #ifdef __GNUC__ and __attribute__ everywhere.
+
+Tue Oct 21 20:03:47 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	Fix various strict signedness bugs:
+	
+	* ne_auth.c (auth_session): Make nonce_count argument unsigned.
+	(get_cnonce): Use unsigned data buffer.
+	(get_gss_name, gssapi_challenge): Use unsigned integers for status
+	variables.
+	(request_digest): Print nonce count as unsigned.
+	(verify_response): Make nonce_count unsigned.
+
 Tue Oct  7 20:52:06 2003  Joe Orton  <joe@manyfish.co.uk>
 
 	When using SSL via a proxy, don't leak server auth credentials to
diff --git a/src/ne_auth.c b/src/ne_auth.c
index c7f0267..40b278a 100644
--- a/src/ne_auth.c
+++ b/src/ne_auth.c
@@ -169,7 +169,7 @@ typedef struct {
     char *opaque;
     auth_qop qop;
     auth_algorithm alg;
-    int nonce_count;
+    unsigned int nonce_count;
     /* The ASCII representation of the session's H(A1) value */
     char h_a1[33];
 
@@ -219,8 +219,8 @@ static void clean_session(auth_session *sess)
 /* Returns client nonce string. */
 static char *get_cnonce(void) 
 {
-    char data[256], ret[33];
-    unsigned char tmp[16];
+    char ret[33];
+    unsigned char data[256], tmp[16];
     struct ne_md5_ctx hash;
 
     ne_md5_init_ctx(&hash);
@@ -324,7 +324,7 @@ static char *request_gssapi(auth_session *sess)
 
 static int get_gss_name(gss_name_t *server, auth_session *sess)
 {
-    int major_status, minor_status;
+    unsigned int major_status, minor_status;
     gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
 
     token.value = ne_concat("khttp@", sess->sess->server.hostname, NULL);
@@ -343,7 +343,7 @@ gssapi_challenge(auth_session *sess, struct auth_challenge *parms)
 {
     gss_ctx_id_t context;
     gss_name_t server_name;
-    int major_status, minor_status;
+    unsigned int major_status, minor_status;
     gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
     gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
 
@@ -504,7 +504,7 @@ static char *request_digest(auth_session *sess, struct auth_request *req)
     if (sess->qop != auth_qop_none) {
 	sess->nonce_count++;
 	ne_snprintf(nc_value, 9, "%08x", sess->nonce_count);
-	NE_DEBUG(NE_DBG_HTTPAUTH, "Nonce count is %d, nc is [%s]\n", 
+	NE_DEBUG(NE_DBG_HTTPAUTH, "Nonce count is %u, nc is [%s]\n", 
 		 sess->nonce_count, nc_value);
     }
 
@@ -684,7 +684,8 @@ static int verify_response(struct auth_request *req, auth_session *sess,
 	*cnonce = NULL, /* for the cnonce= value */
 	*nc = NULL, /* for the nc= value */
 	*qop_value = NULL;
-    int nonce_count, okay;
+    unsigned int nonce_count;
+    int okay;
     
     if (!req->will_handle) {
 	/* Ignore it */
@@ -724,7 +725,7 @@ static int verify_response(struct auth_request *req, auth_session *sess,
 	    if (sscanf(val, "%x", &nonce_count) != 1) {
 		NE_DEBUG(NE_DBG_HTTPAUTH, "Couldn't find nonce count.\n");
 	    } else {
-		NE_DEBUG(NE_DBG_HTTPAUTH, "Got nonce_count: %d\n", nonce_count);
+		NE_DEBUG(NE_DBG_HTTPAUTH, "Got nonce_count: %u\n", nonce_count);
 	    }
 	}
     }
diff --git a/src/ne_defs.h b/src/ne_defs.h
index d13a9bf..4dacbda 100644
--- a/src/ne_defs.h
+++ b/src/ne_defs.h
@@ -33,3 +33,9 @@
 #if defined(WIN32) && !defined(ssize_t)
 #define ssize_t int
 #endif
+
+#ifdef __GNUC__
+#define ne_attribute(x) __attribute__(x)
+#else
+#define ne_attribute(x)
+#endif
diff --git a/src/ne_request.c b/src/ne_request.c
index 678dc4b..ab76b9b 100644
--- a/src/ne_request.c
+++ b/src/ne_request.c
@@ -754,12 +754,11 @@ static int read_response_block(ne_request *req, struct ne_response *resp,
 	     "Reading %" NE_FMT_SIZE_T " bytes of response body.\n", willread);
     readlen = ne_sock_read(sock, buffer, willread);
 
-    /* EOF is only valid when response body is delimited by it.  For
-     * interop with SSL servers which perform unclean shutdown, ignore
-     * a truncation if no response body has yet been read. */
+    /* EOF is only valid when response body is delimited by it.
+     * Strictly, an SSL truncation should not be treated as an EOF in
+     * any case, but SSL servers are just too buggy.  */
     if (resp->mode == R_TILLEOF && 
-	(readlen == NE_SOCK_CLOSED ||
-	 (readlen == NE_SOCK_TRUNC && resp->total == 0))) {
+	(readlen == NE_SOCK_CLOSED || readlen == NE_SOCK_TRUNC)) {
 	NE_DEBUG(NE_DBG_HTTP, "Got EOF.\n");
 	req->can_persist = 0;
 	readlen = 0;
diff --git a/src/ne_request.h b/src/ne_request.h
index f626402..e59b59d 100644
--- a/src/ne_request.h
+++ b/src/ne_request.h
@@ -23,7 +23,7 @@
 #define NE_REQUEST_H
 
 #include "ne_utils.h" /* For ne_status */
-#include "ne_string.h" /* For sbuffer */
+#include "ne_string.h" /* For ne_buffer */
 #include "ne_session.h"
 
 BEGIN_NEON_DECLS
@@ -161,11 +161,8 @@ void ne_add_request_header(ne_request *req, const char *name,
 /* Adds a header to the request with given name, using printf-like
  * format arguments for the value. */
 void ne_print_request_header(ne_request *req, const char *name,
-			     const char *format, ...)
-#ifdef __GNUC__
-                __attribute__ ((format (printf, 3, 4)))
-#endif /* __GNUC__ */
-;
+			     const char *format, ...) 
+    ne_attribute((format(printf, 3, 4)));
 
 /* ne_request_dispatch: Sends the given request, and reads the
  * response. Response-Status information can be retrieve with
@@ -181,17 +178,9 @@ void ne_print_request_header(ne_request *req, const char *name,
  */
 int ne_request_dispatch(ne_request *req);
 
-/* Returns a pointer to the response status information for the
- * given request. */
-const ne_status *ne_get_status(const ne_request *req)
-/* Declare this with attribute const, since we often call it >1 times
- * with the same argument, and it will return the same thing each
- * time. This lets the compiler optimize away any subsequent calls
- * (theoretically).  */
-#ifdef __GNUC__
-                __attribute__ ((const))
-#endif /* __GNUC__ */
-    ;
+/* Returns a pointer to the response status information for the given
+ * request; pointer is valid until request object is destroyed. */
+const ne_status *ne_get_status(const ne_request *req) ne_attribute((const));
 
 /* Returns pointer to session associated with request. */
 ne_session *ne_get_session(const ne_request *req);
diff --git a/src/ne_session.h b/src/ne_session.h
index 027e69e..69e8647 100644
--- a/src/ne_session.h
+++ b/src/ne_session.h
@@ -182,10 +182,7 @@ void ne_fill_server_uri(ne_session *sess, ne_uri *uri);
 /* Set the error string for the session; takes printf-like format
  * string. */
 void ne_set_error(ne_session *sess, const char *format, ...)
-#ifdef __GNUC__
-                __attribute__ ((format (printf, 2, 3)))
-#endif /* __GNUC__ */
-;
+    ne_attribute((format (printf, 2, 3)));
 
 /* Retrieve the error string for the session */
 const char *ne_get_error(ne_session *sess);
diff --git a/src/ne_utils.h b/src/ne_utils.h
index 28b17c5..87e6593 100644
--- a/src/ne_utils.h
+++ b/src/ne_utils.h
@@ -95,11 +95,7 @@ extern FILE *ne_debug_stream;
 
 /* Produce debug output if any of channels 'ch' is enabled for
  * debugging. */
-void ne_debug(int ch, const char *, ...)
-#ifdef __GNUC__
-                __attribute__ ((format (printf, 2, 3)))
-#endif /* __GNUC__ */
-;
+void ne_debug(int ch, const char *, ...) ne_attribute((format(printf, 2, 3)));
 
 /* Storing an HTTP status result */
 typedef struct {
diff --git a/test/ChangeLog b/test/ChangeLog
index e7109db..261e43a 100644
--- a/test/ChangeLog
+++ b/test/ChangeLog
@@ -1,3 +1,16 @@
+Sat Oct 25 00:11:29 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* ssl.c (fail_truncated_eof): Remove test.
+
+Tue Oct 21 20:29:46 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* ssl.c (fail_tunnel, proxy_tunnel): Fix non-C89 code,
+	Radu Greab.
+
+Thu Oct  9 19:42:13 2003  Joe Orton  <joe@manyfish.co.uk>
+
+	* socket.c (ssl_closure): Fix occassional spurious errors.
+	
 Tue Oct  7 20:23:35 2003  Joe Orton  <joe@manyfish.co.uk>
 
 	* ssl.c (ssl_server): Handle several requests if required.
diff --git a/test/common/.cvsignore b/test/common/.cvsignore
index c8b522d..70f06c3 100644
--- a/test/common/.cvsignore
+++ b/test/common/.cvsignore
@@ -1 +1,2 @@
 *.lo
+.libs
diff --git a/test/socket.c b/test/socket.c
index 58c5a6e..52dc328 100644
--- a/test/socket.c
+++ b/test/socket.c
@@ -822,7 +822,9 @@ static int ssl_closure(void)
     CALL(begin(&sock, serve_close, NULL));
     CALL(full_write(sock, "a", 1));
     CALL(await_server());
-    ret = ne_sock_fullwrite(sock, "a", 1);
+    do {
+        ret = ne_sock_fullwrite(sock, "a", 1);
+    } while (ret == 0);
     ONV(ret != NE_SOCK_RESET && ret != NE_SOCK_CLOSED, 
 	("write got %" NE_FMT_SSIZE_T " not reset or closure", ret));
     return good_close(sock);
diff --git a/test/ssl.c b/test/ssl.c
index 248466a..7f6a7eb 100644
--- a/test/ssl.c
+++ b/test/ssl.c
@@ -384,7 +384,7 @@ static int load_client_cert(void)
 static int accept_signed_cert_for_hostname(char *cert, const char *hostname)
 {
     ne_session *sess = ne_session_create("https", hostname, 7777);
-    struct ssl_server_args args= {cert, 0};
+    struct ssl_server_args args = {cert, 0};
     /* no verify callback needed. */
     CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL));
     ne_session_destroy(sess);
@@ -451,30 +451,6 @@ static int empty_truncated_eof(void)
     return OK;
 }
 
-static int fail_truncated_eof(void)
-{
-    ne_session *sess = DEFSESS;
-    int ret;
-    struct ssl_server_args args = {0};
-
-    args.cert = SERVER_CERT;
-    args.response = "HTTP/1.0 200 OK\r\n" "\r\n"
-        "This is some content\n"
-        "Followed by a truncation attack!\n";
-    args.unclean = 1;
-
-    ne_ssl_trust_cert(sess, def_ca_cert);
-    CALL(spawn_server(7777, ssl_server, &args));
-    
-    ret = any_request(sess, "/foo");
-    CALL(await_server());
-    
-    ONV(ret != NE_ERROR,
-	("request failed with %d not error: `%s'", ret, ne_get_error(sess)));
-    ne_session_destroy(sess);
-    return OK;
-}
-
 /* Server function which just sends a string then EOF. */
 static int just_serve_string(ne_socket *sock, void *userdata)
 {
@@ -1029,9 +1005,10 @@ static int serve_tunnel(ne_socket *sock, void *ud)
 static int fail_tunnel(void)
 {
     ne_session *sess = ne_session_create("https", "example.com", 443);
-    ne_session_proxy(sess, "localhost", 7777);
     struct ssl_server_args args = {SERVER_CERT, NULL};
 
+    ne_session_proxy(sess, "localhost", 7777);
+
     ONN("server cert verification didn't fail",
 	any_ssl_request(sess, serve_tunnel, &args, CA_CERT,
 			NULL, NULL) != NE_ERROR);
@@ -1043,8 +1020,9 @@ static int fail_tunnel(void)
 static int proxy_tunnel(void)
 {
     ne_session *sess = ne_session_create("https", "localhost", 443);
-    ne_session_proxy(sess, "localhost", 7777);
     struct ssl_server_args args = {SERVER_CERT, NULL};
+
+    ne_session_proxy(sess, "localhost", 7777);
     
     /* CA cert is trusted, so no verify callback should be needed. */
     CALL(any_ssl_request(sess, serve_tunnel, &args, CA_CERT,
@@ -1511,7 +1489,6 @@ ne_test tests[] = {
     T(simple_sslv2),
     T(simple_eof),
     T(empty_truncated_eof),
-    T(fail_truncated_eof),
     T(fail_not_ssl),
     T(cache_cert),
author	joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845>	2004-10-02 19:31:06 +0000
committer	joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845>	2004-10-02 19:31:06 +0000
commit	7af4513399ba46674d9d4faca8e6d548e8c432d8 (patch)
tree	c3804eeaa32c72e3b60f12aff1182088e979e41a
parent	815aa28e20edc460a309e6faee73e71cbd4736ba (diff)
download	neon-7af4513399ba46674d9d4faca8e6d548e8c432d8.tar.gz