diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2004-10-02 19:31:06 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2004-10-02 19:31:06 +0000 |
commit | 7af4513399ba46674d9d4faca8e6d548e8c432d8 (patch) | |
tree | c3804eeaa32c72e3b60f12aff1182088e979e41a | |
parent | 815aa28e20edc460a309e6faee73e71cbd4736ba (diff) | |
download | neon-7af4513399ba46674d9d4faca8e6d548e8c432d8.tar.gz |
Import neon-0.24.4.
git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.24.x@251 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
-rw-r--r-- | BUGS | 9 | ||||
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | TODO | 3 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | macros/neon.m4 | 2 | ||||
-rw-r--r-- | src/ChangeLog | 23 | ||||
-rw-r--r-- | src/ne_auth.c | 17 | ||||
-rw-r--r-- | src/ne_defs.h | 6 | ||||
-rw-r--r-- | src/ne_request.c | 9 | ||||
-rw-r--r-- | src/ne_request.h | 23 | ||||
-rw-r--r-- | src/ne_session.h | 5 | ||||
-rw-r--r-- | src/ne_utils.h | 6 | ||||
-rw-r--r-- | test/ChangeLog | 13 | ||||
-rw-r--r-- | test/common/.cvsignore | 1 | ||||
-rw-r--r-- | test/socket.c | 4 | ||||
-rw-r--r-- | test/ssl.c | 33 |
17 files changed, 87 insertions, 81 deletions
@@ -14,15 +14,6 @@ Known problems/bugs in neon -*- text -*- only cache on shutdown, since the SSL_SESSION may change during an ne_session. -* test failures in `socket' on some non-Linux platforms: - -19. write_reset........... FAIL (write got 0 not reset) -20. read_reset............ FAIL (read got -3 not reset) - -* server auth should not run on a CONNECT request; once a connection - has been CONNECT tunneled, subsequent requests through the tunnel - should not give proxy auth. - * what is passed as 'path' to req create hook: auth needs Request-URI; how does that interact with proxies? also they will be passed NULL for a CONNECT request, or "*" possibly as well. @@ -1,3 +1,7 @@ +Sat Oct 25 10:37:59 2003 Joe Orton <joe@manyfish.co.uk> + + * configure.in: Use AC_LIBTOOL_TAGS if available. + Mon Sep 22 20:56:21 2003 Joe Orton <joe@manyfish.co.uk> * Makefile.in: Respect @datadir@ from configure (Max Bowsher). @@ -1,3 +1,9 @@ +Changes in release 0.24.4: +* Ignore unclean SSL closure when response body is delimited by EOF + ("Could not read response body: Secure connection truncated" errors + with some buggy SSL servers). +* Fix test/ssl.c syntax errors with C89 compilers (Radu Greab). + Changes in release 0.24.3: * Respect configure's --datadir argument (Max Bowsher). * Fix build on Windows when OpenSSL is not used. @@ -49,9 +49,6 @@ Longer term URI parsing support). Need to tell the auth layer the server details. -4. Better cnonce generation for authentication: use /dev/{u}random or - whatever like mod_auth_digest. - 6. PUT with ranges... ne_put_range 9. DeltaV support (http://www.webdav.org/deltav/). See also the diff --git a/configure.in b/configure.in index f0dfa7e..d478555 100644 --- a/configure.in +++ b/configure.in @@ -33,6 +33,10 @@ AC_DEFINE(NEON_IS_LIBRARY, 1, [Define when building neon as a library]) AC_PROG_INSTALL +dnl Avoid libtool 1.5 bug where configure fails if a C++ compiler +dnl is not available. +m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])]) + AC_DISABLE_SHARED AC_PROG_LIBTOOL diff --git a/macros/neon.m4 b/macros/neon.m4 index 34d1eb6..398b7fa 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -122,7 +122,7 @@ AC_DEFUN([NEON_VERSIONS], [ # Define the current versions. NEON_VERSION_MAJOR=0 NEON_VERSION_MINOR=24 -NEON_VERSION_RELEASE=2 +NEON_VERSION_RELEASE=4 NEON_VERSION_TAG= NEON_VERSION="${NEON_VERSION_MAJOR}.${NEON_VERSION_MINOR}.${NEON_VERSION_RELEASE}${NEON_VERSION_TAG}" diff --git a/src/ChangeLog b/src/ChangeLog index b6fc833..ead947e 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,26 @@ +Wed Oct 22 22:19:19 2003 Joe Orton <joe@manyfish.co.uk> + + * ne_request.c (read_response_block): Treat an EOF without clean + SSL closure as a valid request body delimiter in any case. + +Wed Oct 22 21:44:48 2003 Joe Orton <joe@manyfish.co.uk> + + * ne_defs.h (ne_attribute): New macro. + + * ne_request.h, ne_session.h, ne_utils.h: Use ne_attribute instead + of littering #ifdef __GNUC__ and __attribute__ everywhere. + +Tue Oct 21 20:03:47 2003 Joe Orton <joe@manyfish.co.uk> + + Fix various strict signedness bugs: + + * ne_auth.c (auth_session): Make nonce_count argument unsigned. + (get_cnonce): Use unsigned data buffer. + (get_gss_name, gssapi_challenge): Use unsigned integers for status + variables. + (request_digest): Print nonce count as unsigned. + (verify_response): Make nonce_count unsigned. + Tue Oct 7 20:52:06 2003 Joe Orton <joe@manyfish.co.uk> When using SSL via a proxy, don't leak server auth credentials to diff --git a/src/ne_auth.c b/src/ne_auth.c index c7f0267..40b278a 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -169,7 +169,7 @@ typedef struct { char *opaque; auth_qop qop; auth_algorithm alg; - int nonce_count; + unsigned int nonce_count; /* The ASCII representation of the session's H(A1) value */ char h_a1[33]; @@ -219,8 +219,8 @@ static void clean_session(auth_session *sess) /* Returns client nonce string. */ static char *get_cnonce(void) { - char data[256], ret[33]; - unsigned char tmp[16]; + char ret[33]; + unsigned char data[256], tmp[16]; struct ne_md5_ctx hash; ne_md5_init_ctx(&hash); @@ -324,7 +324,7 @@ static char *request_gssapi(auth_session *sess) static int get_gss_name(gss_name_t *server, auth_session *sess) { - int major_status, minor_status; + unsigned int major_status, minor_status; gss_buffer_desc token = GSS_C_EMPTY_BUFFER; token.value = ne_concat("khttp@", sess->sess->server.hostname, NULL); @@ -343,7 +343,7 @@ gssapi_challenge(auth_session *sess, struct auth_challenge *parms) { gss_ctx_id_t context; gss_name_t server_name; - int major_status, minor_status; + unsigned int major_status, minor_status; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; @@ -504,7 +504,7 @@ static char *request_digest(auth_session *sess, struct auth_request *req) if (sess->qop != auth_qop_none) { sess->nonce_count++; ne_snprintf(nc_value, 9, "%08x", sess->nonce_count); - NE_DEBUG(NE_DBG_HTTPAUTH, "Nonce count is %d, nc is [%s]\n", + NE_DEBUG(NE_DBG_HTTPAUTH, "Nonce count is %u, nc is [%s]\n", sess->nonce_count, nc_value); } @@ -684,7 +684,8 @@ static int verify_response(struct auth_request *req, auth_session *sess, *cnonce = NULL, /* for the cnonce= value */ *nc = NULL, /* for the nc= value */ *qop_value = NULL; - int nonce_count, okay; + unsigned int nonce_count; + int okay; if (!req->will_handle) { /* Ignore it */ @@ -724,7 +725,7 @@ static int verify_response(struct auth_request *req, auth_session *sess, if (sscanf(val, "%x", &nonce_count) != 1) { NE_DEBUG(NE_DBG_HTTPAUTH, "Couldn't find nonce count.\n"); } else { - NE_DEBUG(NE_DBG_HTTPAUTH, "Got nonce_count: %d\n", nonce_count); + NE_DEBUG(NE_DBG_HTTPAUTH, "Got nonce_count: %u\n", nonce_count); } } } diff --git a/src/ne_defs.h b/src/ne_defs.h index d13a9bf..4dacbda 100644 --- a/src/ne_defs.h +++ b/src/ne_defs.h @@ -33,3 +33,9 @@ #if defined(WIN32) && !defined(ssize_t) #define ssize_t int #endif + +#ifdef __GNUC__ +#define ne_attribute(x) __attribute__(x) +#else +#define ne_attribute(x) +#endif diff --git a/src/ne_request.c b/src/ne_request.c index 678dc4b..ab76b9b 100644 --- a/src/ne_request.c +++ b/src/ne_request.c @@ -754,12 +754,11 @@ static int read_response_block(ne_request *req, struct ne_response *resp, "Reading %" NE_FMT_SIZE_T " bytes of response body.\n", willread); readlen = ne_sock_read(sock, buffer, willread); - /* EOF is only valid when response body is delimited by it. For - * interop with SSL servers which perform unclean shutdown, ignore - * a truncation if no response body has yet been read. */ + /* EOF is only valid when response body is delimited by it. + * Strictly, an SSL truncation should not be treated as an EOF in + * any case, but SSL servers are just too buggy. */ if (resp->mode == R_TILLEOF && - (readlen == NE_SOCK_CLOSED || - (readlen == NE_SOCK_TRUNC && resp->total == 0))) { + (readlen == NE_SOCK_CLOSED || readlen == NE_SOCK_TRUNC)) { NE_DEBUG(NE_DBG_HTTP, "Got EOF.\n"); req->can_persist = 0; readlen = 0; diff --git a/src/ne_request.h b/src/ne_request.h index f626402..e59b59d 100644 --- a/src/ne_request.h +++ b/src/ne_request.h @@ -23,7 +23,7 @@ #define NE_REQUEST_H #include "ne_utils.h" /* For ne_status */ -#include "ne_string.h" /* For sbuffer */ +#include "ne_string.h" /* For ne_buffer */ #include "ne_session.h" BEGIN_NEON_DECLS @@ -161,11 +161,8 @@ void ne_add_request_header(ne_request *req, const char *name, /* Adds a header to the request with given name, using printf-like * format arguments for the value. */ void ne_print_request_header(ne_request *req, const char *name, - const char *format, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 3, 4))) -#endif /* __GNUC__ */ -; + const char *format, ...) + ne_attribute((format(printf, 3, 4))); /* ne_request_dispatch: Sends the given request, and reads the * response. Response-Status information can be retrieve with @@ -181,17 +178,9 @@ void ne_print_request_header(ne_request *req, const char *name, */ int ne_request_dispatch(ne_request *req); -/* Returns a pointer to the response status information for the - * given request. */ -const ne_status *ne_get_status(const ne_request *req) -/* Declare this with attribute const, since we often call it >1 times - * with the same argument, and it will return the same thing each - * time. This lets the compiler optimize away any subsequent calls - * (theoretically). */ -#ifdef __GNUC__ - __attribute__ ((const)) -#endif /* __GNUC__ */ - ; +/* Returns a pointer to the response status information for the given + * request; pointer is valid until request object is destroyed. */ +const ne_status *ne_get_status(const ne_request *req) ne_attribute((const)); /* Returns pointer to session associated with request. */ ne_session *ne_get_session(const ne_request *req); diff --git a/src/ne_session.h b/src/ne_session.h index 027e69e..69e8647 100644 --- a/src/ne_session.h +++ b/src/ne_session.h @@ -182,10 +182,7 @@ void ne_fill_server_uri(ne_session *sess, ne_uri *uri); /* Set the error string for the session; takes printf-like format * string. */ void ne_set_error(ne_session *sess, const char *format, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif /* __GNUC__ */ -; + ne_attribute((format (printf, 2, 3))); /* Retrieve the error string for the session */ const char *ne_get_error(ne_session *sess); diff --git a/src/ne_utils.h b/src/ne_utils.h index 28b17c5..87e6593 100644 --- a/src/ne_utils.h +++ b/src/ne_utils.h @@ -95,11 +95,7 @@ extern FILE *ne_debug_stream; /* Produce debug output if any of channels 'ch' is enabled for * debugging. */ -void ne_debug(int ch, const char *, ...) -#ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) -#endif /* __GNUC__ */ -; +void ne_debug(int ch, const char *, ...) ne_attribute((format(printf, 2, 3))); /* Storing an HTTP status result */ typedef struct { diff --git a/test/ChangeLog b/test/ChangeLog index e7109db..261e43a 100644 --- a/test/ChangeLog +++ b/test/ChangeLog @@ -1,3 +1,16 @@ +Sat Oct 25 00:11:29 2003 Joe Orton <joe@manyfish.co.uk> + + * ssl.c (fail_truncated_eof): Remove test. + +Tue Oct 21 20:29:46 2003 Joe Orton <joe@manyfish.co.uk> + + * ssl.c (fail_tunnel, proxy_tunnel): Fix non-C89 code, + Radu Greab. + +Thu Oct 9 19:42:13 2003 Joe Orton <joe@manyfish.co.uk> + + * socket.c (ssl_closure): Fix occassional spurious errors. + Tue Oct 7 20:23:35 2003 Joe Orton <joe@manyfish.co.uk> * ssl.c (ssl_server): Handle several requests if required. diff --git a/test/common/.cvsignore b/test/common/.cvsignore index c8b522d..70f06c3 100644 --- a/test/common/.cvsignore +++ b/test/common/.cvsignore @@ -1 +1,2 @@ *.lo +.libs diff --git a/test/socket.c b/test/socket.c index 58c5a6e..52dc328 100644 --- a/test/socket.c +++ b/test/socket.c @@ -822,7 +822,9 @@ static int ssl_closure(void) CALL(begin(&sock, serve_close, NULL)); CALL(full_write(sock, "a", 1)); CALL(await_server()); - ret = ne_sock_fullwrite(sock, "a", 1); + do { + ret = ne_sock_fullwrite(sock, "a", 1); + } while (ret == 0); ONV(ret != NE_SOCK_RESET && ret != NE_SOCK_CLOSED, ("write got %" NE_FMT_SSIZE_T " not reset or closure", ret)); return good_close(sock); @@ -384,7 +384,7 @@ static int load_client_cert(void) static int accept_signed_cert_for_hostname(char *cert, const char *hostname) { ne_session *sess = ne_session_create("https", hostname, 7777); - struct ssl_server_args args= {cert, 0}; + struct ssl_server_args args = {cert, 0}; /* no verify callback needed. */ CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); @@ -451,30 +451,6 @@ static int empty_truncated_eof(void) return OK; } -static int fail_truncated_eof(void) -{ - ne_session *sess = DEFSESS; - int ret; - struct ssl_server_args args = {0}; - - args.cert = SERVER_CERT; - args.response = "HTTP/1.0 200 OK\r\n" "\r\n" - "This is some content\n" - "Followed by a truncation attack!\n"; - args.unclean = 1; - - ne_ssl_trust_cert(sess, def_ca_cert); - CALL(spawn_server(7777, ssl_server, &args)); - - ret = any_request(sess, "/foo"); - CALL(await_server()); - - ONV(ret != NE_ERROR, - ("request failed with %d not error: `%s'", ret, ne_get_error(sess))); - ne_session_destroy(sess); - return OK; -} - /* Server function which just sends a string then EOF. */ static int just_serve_string(ne_socket *sock, void *userdata) { @@ -1029,9 +1005,10 @@ static int serve_tunnel(ne_socket *sock, void *ud) static int fail_tunnel(void) { ne_session *sess = ne_session_create("https", "example.com", 443); - ne_session_proxy(sess, "localhost", 7777); struct ssl_server_args args = {SERVER_CERT, NULL}; + ne_session_proxy(sess, "localhost", 7777); + ONN("server cert verification didn't fail", any_ssl_request(sess, serve_tunnel, &args, CA_CERT, NULL, NULL) != NE_ERROR); @@ -1043,8 +1020,9 @@ static int fail_tunnel(void) static int proxy_tunnel(void) { ne_session *sess = ne_session_create("https", "localhost", 443); - ne_session_proxy(sess, "localhost", 7777); struct ssl_server_args args = {SERVER_CERT, NULL}; + + ne_session_proxy(sess, "localhost", 7777); /* CA cert is trusted, so no verify callback should be needed. */ CALL(any_ssl_request(sess, serve_tunnel, &args, CA_CERT, @@ -1511,7 +1489,6 @@ ne_test tests[] = { T(simple_sslv2), T(simple_eof), T(empty_truncated_eof), - T(fail_truncated_eof), T(fail_not_ssl), T(cache_cert), |