diff --git a/.gitignore b/.gitignore index 30865f3..aafdfc8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -SOURCES/nghttp2-1.33.0.tar.xz -/nghttp2-1.33.0.tar.xz +/nghttp2-[0-9]*.tar.xz diff --git a/nghttp2.spec b/nghttp2.spec index 26a5c36..96b1a1b 100644 --- a/nghttp2.spec +++ b/nghttp2.spec @@ -1,7 +1,7 @@ Summary: Experimental HTTP/2 client, server and proxy Name: nghttp2 Version: 1.33.0 -Release: 3%{?dist}.1 +Release: 4%{?dist} License: MIT Group: Applications/Internet URL: https://nghttp2.org/ @@ -127,7 +127,7 @@ make %{?_smp_mflags} check %changelog -* Tue Jun 09 2020 Kamil Dudka 1.33.0-3.el8_2.1 +* Tue Jun 09 2020 Kamil Dudka 1.33.0-4 - prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080) * Wed Aug 28 2019 Kamil Dudka 1.33.0-3 diff --git a/tests/client-server/runtest.sh b/tests/client-server/runtest.sh new file mode 100755 index 0000000..c2fd557 --- /dev/null +++ b/tests/client-server/runtest.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# exit immediately if any command returns non-zero exit code +set -e + +# print commands as they are executed by the shell interpreter +set -x + +# global constants +HOST="localhost" +PORT="1234" +PKEY="./pkey.pem" +CERT="./cert.pem" +CURL_OUT="./curl.out" +CURL_ERR="./curl.err" +NGHTTP_OUT="./nghttp.out" +NGHTTP_ERR="./nghttp.err" +SELF="./runtest.sh" +URL="https://${HOST}:${PORT}/${SELF}" + +# print versions of related pkgs +PKGS="$(set +x; eval echo {lib,}curl {lib,}nghttp2 openssl{,-libs})" +rpm -q $PKGS | sort -V +rpm -V $PKGS + +# print full path of used commands +(set +x + for i in curl nghttp{,d} openssl; do + (set -x; command -v $i) + done +) + +# make sure that $SELF exists +pwd +file -E $SELF + +# create a self-signed certificate +openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \ + -subj /CN=${HOST} -addext subjectAltName=DNS:${HOST} \ + -nodes -keyout $PKEY -out $CERT + +# run nghttpd in the background +nghttpd -d "$PWD" $PORT $PKEY $CERT & +NGHTTPD_PID=$! + +# FIXME: wait for open port instead +sleep 2 + +# transfer the contents of this script over HTTP/2 using curl +curl --cacert $CERT --fail --silent --verbose $URL \ + > $CURL_OUT 2> $CURL_ERR + +# check whether the received data matches the original contents +diff $SELF $CURL_OUT + +# check that we made a successful HTTP/2 request with curl +grep '^< HTTP/2 200' $CURL_ERR + +# transfer the contents of this script over HTTP/2 using nghttp +nghttp $URL > $NGHTTP_OUT + +# check whether the received data matches the original contents +diff $SELF $NGHTTP_OUT + +# kill nghttpd running in the background +kill $NGHTTPD_PID + +# wait till the background process finishes +wait diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..22cb26b --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,13 @@ +- hosts: localhost + roles: + - role: standard-test-basic + tags: + - classic + tests: + - client-server: + dir: client-server + run: ./runtest.sh + required_packages: + - curl + - nghttp2 + - openssl