diff options
author | Yang Tse <yangsita@gmail.com> | 2011-10-06 20:26:42 +0200 |
---|---|---|
committer | Yang Tse <yangsita@gmail.com> | 2011-10-06 20:26:42 +0200 |
commit | 1958fe5745d8e7c3817108f614d319abc38a5f5f (patch) | |
tree | ac122079e53af2ca2dcce475b6567cb67b21deb0 | |
parent | f7bfdbabf2d5398f4c266eabb0992a04af661f22 (diff) |
test harness: non-stunnel https server integration overhaul
-rw-r--r-- | tests/FILEFORMAT | 4 | ||||
-rw-r--r-- | tests/data/test320 | 2 | ||||
-rw-r--r-- | tests/data/test321 | 2 | ||||
-rw-r--r-- | tests/data/test322 | 2 | ||||
-rw-r--r-- | tests/data/test324 | 2 | ||||
-rwxr-xr-x | tests/runtests.pl | 428 | ||||
-rw-r--r-- | tests/serverhelp.pm | 33 | ||||
-rw-r--r-- | tests/sshhelp.pm | 117 |
8 files changed, 374 insertions, 216 deletions
diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT index 4c97db4f8..72af82325 100644 --- a/tests/FILEFORMAT +++ b/tests/FILEFORMAT @@ -158,7 +158,8 @@ rtsp-ipv6 imap pop3 smtp -http+tls-srp +httptls+srp +httptls+srp-ipv6 Give only one per line. This subsection is mandatory. </server> @@ -183,6 +184,7 @@ SSL socks unittest debug +TLS-SRP as well as each protocol that curl supports. A protocol only needs to be specified if it is different from the server (useful when the server diff --git a/tests/data/test320 b/tests/data/test320 index bfef00cb2..899bec597 100644 --- a/tests/data/test320 +++ b/tests/data/test320 @@ -41,7 +41,7 @@ Accept: */* # Client-side <client> <server> -http+tls-srp +httptls+srp </server> <features> TLS-SRP diff --git a/tests/data/test321 b/tests/data/test321 index 84c19bc85..ccdfb86d0 100644 --- a/tests/data/test321 +++ b/tests/data/test321 @@ -10,7 +10,7 @@ FAILURE # Client-side <client> <server> -http+tls-srp +httptls+srp </server> <features> TLS-SRP diff --git a/tests/data/test322 b/tests/data/test322 index f44deb54b..f35345ead 100644 --- a/tests/data/test322 +++ b/tests/data/test322 @@ -10,7 +10,7 @@ FAILURE # Client-side <client> <server> -http+tls-srp +httptls+srp </server> <features> TLS-SRP diff --git a/tests/data/test324 b/tests/data/test324 index df150ab3c..bc1c48fea 100644 --- a/tests/data/test324 +++ b/tests/data/test324 @@ -10,7 +10,7 @@ FAILURE # Client-side <client> <server> -http+tls-srp +httptls+srp </server> <features> TLS-SRP diff --git a/tests/runtests.pl b/tests/runtests.pl index ba986b756..6873fb14c 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -100,7 +100,7 @@ use sshhelp qw( find_sshd find_ssh find_sftp - find_gnutls_serv + find_httptlssrv sshversioninfo ); @@ -115,28 +115,29 @@ my $CLIENT6IP="[::1]"; # address which curl uses for incoming connections my $base = 8990; # base port number -my $HTTPPORT; # HTTP server port -my $HTTP6PORT; # HTTP IPv6 server port -my $HTTPSPORT; # HTTPS server port -my $FTPPORT; # FTP server port -my $FTP2PORT; # FTP server 2 port -my $FTPSPORT; # FTPS server port -my $FTP6PORT; # FTP IPv6 server port -my $TFTPPORT; # TFTP -my $TFTP6PORT; # TFTP -my $SSHPORT; # SCP/SFTP -my $SOCKSPORT; # SOCKS4/5 port -my $POP3PORT; # POP3 -my $POP36PORT; # POP3 IPv6 server port -my $IMAPPORT; # IMAP -my $IMAP6PORT; # IMAP IPv6 server port -my $SMTPPORT; # SMTP -my $SMTP6PORT; # SMTP IPv6 server port -my $RTSPPORT; # RTSP -my $RTSP6PORT; # RTSP IPv6 server port -my $GOPHERPORT; # Gopher -my $GOPHER6PORT; # Gopher IPv6 server port -my $HTTPTLSSRPPORT; # TLS-SRP HTTP port +my $HTTPPORT; # HTTP server port +my $HTTP6PORT; # HTTP IPv6 server port +my $HTTPSPORT; # HTTPS (stunnel) server port +my $FTPPORT; # FTP server port +my $FTP2PORT; # FTP server 2 port +my $FTPSPORT; # FTPS (stunnel) server port +my $FTP6PORT; # FTP IPv6 server port +my $TFTPPORT; # TFTP +my $TFTP6PORT; # TFTP +my $SSHPORT; # SCP/SFTP +my $SOCKSPORT; # SOCKS4/5 port +my $POP3PORT; # POP3 +my $POP36PORT; # POP3 IPv6 server port +my $IMAPPORT; # IMAP +my $IMAP6PORT; # IMAP IPv6 server port +my $SMTPPORT; # SMTP +my $SMTP6PORT; # SMTP IPv6 server port +my $RTSPPORT; # RTSP +my $RTSP6PORT; # RTSP IPv6 server port +my $GOPHERPORT; # Gopher +my $GOPHER6PORT; # Gopher IPv6 server port +my $HTTPTLSPORT; # HTTP TLS (non-stunnel) server port +my $HTTPTLS6PORT; # HTTP TLS (non-stunnel) IPv6 server port my $srcdir = $ENV{'srcdir'} || '.'; my $CURL="../src/curl".exe_ext(); # what curl executable to run on the tests @@ -191,6 +192,7 @@ my $valgrind = checktestcmd("valgrind"); my $valgrind_logfile="--logfile"; my $valgrind_tool; my $gdb = checktestcmd("gdb"); +my $httptlssrv = find_httptlssrv(); my $ssl_version; # set if libcurl is built with SSL support my $large_file; # set if libcurl is built with large file support @@ -220,7 +222,8 @@ my $ssllib; # name of the lib we use (for human presentation) my $has_crypto; # set if libcurl is built with cryptographic support my $has_textaware; # set if running on a system that has a text mode concept # on files. Windows for example -my @protocols; # array of supported protocols + +my @protocols; # array of lowercase supported protocol servers my $skipped=0; # number of tests skipped; reported in main loop my %skipped; # skipped{reason}=counter, reasons for skip @@ -340,7 +343,7 @@ sub init_serverpidfile_hash { } } } - for my $proto (('tftp', 'sftp', 'socks', 'ssh', 'rtsp', 'gopher', 'http+tls-srp')) { + for my $proto (('tftp', 'sftp', 'socks', 'ssh', 'rtsp', 'gopher', 'httptls')) { for my $ipvnum ((4, 6)) { for my $idnum ((1, 2)) { my $serv = servername_id($proto, $ipvnum, $idnum); @@ -393,7 +396,7 @@ sub startnew { die "error: exec() has returned"; } - # Ugly hack but ssh client doesn't support pid files + # Ugly hack but ssh client and gnutls-serv don't support pid files if ($fake) { if(open(OUT, ">$pidfile")) { print OUT $child . "\n"; @@ -632,20 +635,20 @@ sub stopserver { # All servers relative to the given one must be stopped also # my @killservers; - if($server =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { - # given an ssl server, also kill non-ssl underlying one + if($server =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) { + # given a stunnel based ssl server, also kill non-ssl underlying one push @killservers, "${1}${2}"; } - elsif($server =~ /^(ftp|http|imap|pop3|smtp)(.*)$/) { - # given a non-ssl server, also kill ssl piggybacking one + elsif($server =~ /^(ftp|http|imap|pop3|smtp)((\d*)(-ipv6|))$/) { + # given a non-ssl server, also kill stunnel based ssl piggybacking one push @killservers, "${1}s${2}"; } - elsif($server =~ /^(socks)(.*)$/) { - # given an socks server, also kill ssh underlying one + elsif($server =~ /^(socks)((\d*)(-ipv6|))$/) { + # given a socks server, also kill ssh underlying one push @killservers, "ssh${2}"; } - elsif($server =~ /^(ssh)(.*)$/) { - # given an ssh server, also kill socks piggybacking one + elsif($server =~ /^(ssh)((\d*)(-ipv6|))$/) { + # given a ssh server, also kill socks piggybacking one push @killservers, "socks${2}"; } push @killservers, $server; @@ -654,8 +657,7 @@ sub stopserver { # foreach my $server (@killservers) { if($run{$server}) { - # we must prepend a space since $pidlist may already contain - # a pid + # we must prepend a space since $pidlist may already contain a pid $pidlist .= " $run{$server}"; $run{$server} = 0; } @@ -680,8 +682,8 @@ sub stopserver { # Verify that the server that runs on $ip, $port is our server. This also # implies that we can speak with it, as there might be occasions when the # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't -# assign requested address" # - +# assign requested address") +# sub verifyhttp { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -760,8 +762,8 @@ sub verifyhttp { # Verify that the server that runs on $ip, $port is our server. This also # implies that we can speak with it, as there might be occasions when the # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't -# assign requested address" # - +# assign requested address") +# sub verifyftp { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -832,8 +834,8 @@ sub verifyftp { # Verify that the server that runs on $ip, $port is our server. This also # implies that we can speak with it, as there might be occasions when the # server runs fine but we cannot talk to it ("Failed to connect to ::1: Can't -# assign requested address" # - +# assign requested address") +# sub verifyrtsp { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -905,7 +907,7 @@ sub verifyrtsp { # Verify that the ssh server has written out its pidfile, recovering # the pid from the file and returning it if a process with that pid is # actually alive. - +# sub verifyssh { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -931,7 +933,7 @@ sub verifyssh { ####################################################################### # Verify that we can connect to the sftp server, properly authenticate # with generated config and key files and run a simple remote pwd. - +# sub verifysftp { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -966,17 +968,16 @@ sub verifysftp { } ####################################################################### -# Verify that the TLS-SRP HTTP server that runs on $ip, $port is our server. -# This also implies that we can speak with it, as there might be occasions when -# the server runs fine but we cannot talk to it ("Failed to connect to ::1: -# Can't assign requested address" # - -sub verifyhttptlssrp { +# Verify that the non-stunnel HTTP TLS extensions capable server that runs +# on $ip, $port is our server. This also implies that we can speak with it, +# as there might be occasions when the server runs fine but we cannot talk +# to it ("Failed to connect to ::1: Can't assign requested address") +# +sub verifyhttptls { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); my $pidfile = server_pidfilename($proto, $ipvnum, $idnum); my $pid = 0; - my $bonus=""; my $verifyout = "$LOGDIR/". servername_canon($proto, $ipvnum, $idnum) .'_verify.out'; @@ -991,7 +992,9 @@ sub verifyhttptlssrp { $flags .= "--verbose "; $flags .= "--globoff "; $flags .= "--insecure "; - $flags .= "--tlsauthtype SRP --tlsuser jsmith --tlspassword abc "; + $flags .= "--tlsauthtype SRP "; + $flags .= "--tlsuser jsmith "; + $flags .= "--tlspassword abc "; $flags .= "\"https://$ip:$port/verifiedserver\""; my $cmd = "$VCURL $flags 2>$verifylog"; @@ -1027,6 +1030,16 @@ sub verifyhttptlssrp { if($data && ($data =~ /GNUTLS/) && open(FILE, "<$pidfile")) { $pid=0+<FILE>; close(FILE); + if($pid > 0) { + # if we have a pid it is actually our httptls server, + # since runhttptlsserver() unlinks previous pidfile + if(!kill(0, $pid)) { + logmsg "RUN: $server server has died after starting up\n"; + checkdied($pid); + unlink($pidfile); + $pid = -1; + } + } return $pid; } elsif($res == 6) { @@ -1043,7 +1056,7 @@ sub verifyhttptlssrp { ####################################################################### # STUB for verifying socks - +# sub verifysocks { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; my $server = servername_id($proto, $ipvnum, $idnum); @@ -1072,6 +1085,11 @@ sub verifysocks { # particular can take a long time to start if it needs to generate # keys on a slow or loaded host. # +# Just for convenience, test harness uses 'https' and 'httptls' literals +# as values for 'proto' variable in order to differentiate different +# servers. 'https' literal is used for stunnel based https test servers, +# and 'httptls' is used for non-stunnel https test servers. +# my %protofunc = ('http' => \&verifyhttp, 'https' => \&verifyhttp, @@ -1085,7 +1103,7 @@ my %protofunc = ('http' => \&verifyhttp, 'ssh' => \&verifyssh, 'socks' => \&verifysocks, 'gopher' => \&verifyhttp, - 'http+tls-srp' => \&verifyhttptlssrp); + 'httptls' => \&verifyhttptls); sub verifyserver { my ($proto, $ipvnum, $idnum, $ip, $port) = @_; @@ -1126,7 +1144,6 @@ sub runhttpserver { my $logfile; my $flags = ""; - if($ipv6) { # if IPv6, use a different setup $ipvnum = 6; @@ -1193,7 +1210,7 @@ sub runhttpserver { } ####################################################################### -# start the https server (or rather, tunnel) +# start the https stunnel based server # sub runhttpsserver { my ($verbose, $ipv6, $certfile) = @_; @@ -1276,14 +1293,14 @@ sub runhttpsserver { } ####################################################################### -# start the TLS-SRP HTTP server +# start the non-stunnel HTTP TLS extensions capable server # -sub runhttptlssrpserver { - my ($verbose) = @_; - my $proto = "http+tls-srp"; - my $ip = $HOSTIP; - my $port = $HTTPTLSSRPPORT; - my $ipvnum = 4; +sub runhttptlsserver { + my ($verbose, $ipv6) = @_; + my $proto = "httptls"; + my $port = ($ipv6 && ($ipv6 =~ /6$/)) ? $HTTPTLS6PORT : $HTTPTLSPORT; + my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP"; + my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4; my $idnum = 1; my $server; my $srvrname; @@ -1291,6 +1308,10 @@ sub runhttptlssrpserver { my $logfile; my $flags = ""; + if(!$httptlssrv) { + return (0,0); + } + $server = servername_id($proto, $ipvnum, $idnum); $pidfile = $serverpidfile{$server}; @@ -1310,23 +1331,16 @@ sub runhttptlssrpserver { $logfile = server_logfilename($LOGDIR, $proto, $ipvnum, $idnum); - $flags .= "--fork " if($forkserver); $flags .= "--http "; - $flags .= "-d 1 " if($debugprotocol); + $flags .= "--debug 1 " if($debugprotocol); $flags .= "--port $port "; - $flags .= "--srppasswd certs/srp-verifier-db --srppasswdconf certs/srp-verifier-conf "; - $flags .=" >log/gnutls.out 2>&1"; + $flags .= "--srppasswd certs/srp-verifier-db "; + $flags .= "--srppasswdconf certs/srp-verifier-conf"; - # Find gnutls-serv - my $gnutlsserv = find_gnutls_serv(); - if(!$gnutlsserv) { - logmsg "RUN: cannot find gnutls-serv\n"; - return (0,0); - } - my $cmd = "$gnutlsserv $flags"; - my ($httptlssrppid, $pid2) = startnew($cmd, $pidfile, 1, 1); + my $cmd = "$httptlssrv $flags > $logfile 2>&1"; + my ($httptlspid, $pid2) = startnew($cmd, $pidfile, 10, 1); # fake pidfile - if($httptlssrppid <= 0 || !kill(0, $httptlssrppid)) { + if($httptlspid <= 0 || !kill(0, $httptlspid)) { # it is NOT alive logmsg "RUN: failed to start the $srvrname server\n"; stopserver($server, "$pid2"); @@ -1335,12 +1349,12 @@ sub runhttptlssrpserver { return (0,0); } - # Server is up. Verify that we can speak to it. + # Server is up. Verify that we can speak to it. PID is from fake pidfile my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port); if(!$pid3) { logmsg "RUN: $srvrname server failed verification\n"; # failed to talk to it properly. Kill the server and return failure - stopserver($server, "$httptlssrppid $pid2"); + stopserver($server, "$httptlspid $pid2"); displaylogs($testnumcheck); $doesntrun{$pidfile} = 1; return (0,0); @@ -1348,12 +1362,12 @@ sub runhttptlssrpserver { $pid2 = $pid3; if($verbose) { - logmsg "RUN: $srvrname server is now running PID $httptlssrppid\n"; + logmsg "RUN: $srvrname server is now running PID $httptlspid\n"; } sleep(1); - return ($httptlssrppid, $pid2); + return ($httptlspid, $pid2); } ####################################################################### @@ -1903,7 +1917,7 @@ sub runsocksserver { # start our socks server my $cmd="$ssh -N -F $sshconfig $ip > $sshlog 2>&1"; - my ($sshpid, $pid2) = startnew($cmd, $pidfile, 30, 1); + my ($sshpid, $pid2) = startnew($cmd, $pidfile, 30, 1); # fake pidfile if($sshpid <= 0 || !kill(0, $sshpid)) { # it is NOT alive @@ -1917,7 +1931,7 @@ sub runsocksserver { return (0,0); } - # Ugly hack but ssh doesn't support pid files + # Ugly hack but ssh doesn't support pid files. PID is from fake pidfile. my $pid3 = verifyserver($proto, $ipvnum, $idnum, $ip, $port); if(!$pid3) { logmsg "RUN: $srvrname server failed verification\n"; @@ -1986,7 +2000,6 @@ sub filteroff { # compare test results with the expected output, we might filter off # some pattern that is allowed to differ, output test results # - sub compare { # filter off patterns _before_ this comparison! my ($subject, $firstref, $secondref)=@_; @@ -2125,22 +2138,15 @@ sub checksystem { } elsif($_ =~ /^Protocols: (.*)/i) { # these are the protocols compiled in to this libcurl - @protocols = split(' ', $1); + @protocols = split(' ', lc($1)); # Generate a "proto-ipv6" version of each protocol to match the # IPv6 <server> name. This works even if IPv6 support isn't # compiled in because the <features> test will fail. - push @protocols, map($_ . "-ipv6", @protocols); - - # Hack - we need a different, non-stunnel server to test HTTP - # TLS-SRP, but we don't want to add HTTP+TLS-SRP as a protocol - # throughout curl - if ($has_gnutls) { - push @protocols, ('http+tls-srp'); - } + push @protocols, map($_ . '-ipv6', @protocols); # 'none' is used in test cases to mean no server - push @protocols, ('none'); + push @protocols, 'none'; } elsif($_ =~ /^Features: (.*)/i) { $feat = $1; @@ -2187,6 +2193,27 @@ sub checksystem { $has_tls_srp=1; } } + # + # Test harness currently uses a non-stunnel server in order to + # run HTTP TLS-SRP tests required when curl is built with https + # protocol support and TLS-SRP feature enabled. For convenience + # 'httptls' may be included in the test harness protocols array + # to differentiate this from classic stunnel based 'https' test + # harness server. + # + if($has_tls_srp) { + my $add_httptls; + for(@protocols) { + if($_ =~ /^https(-ipv6|)$/) { + $add_httptls=1; + last; + } + } + if($add_httptls && (! grep /^httptls$/, @protocols)) { + push @protocols, 'httptls'; + push @protocols, 'httptls-ipv6'; + } + } } if(!$curl) { logmsg "unable to get curl's version, further details are:\n"; @@ -2308,6 +2335,13 @@ sub checksystem { logmsg sprintf("IMAP-IPv6/%d ", $IMAP6PORT); logmsg sprintf("SMTP-IPv6/%d\n", $SMTP6PORT); } + if($httptlssrv) { + logmsg sprintf("* HTTPTLS/%d ", $HTTPTLSPORT); + if($has_ipv6) { + logmsg sprintf("HTTPTLS-IPv6/%d ", $HTTPTLS6PORT); + } + logmsg "\n"; + } $has_textaware = ($^O eq 'MSWin32') || ($^O eq 'msys'); @@ -2320,36 +2354,57 @@ sub checksystem { # sub subVariables { my ($thing) = @_; - $$thing =~ s/%HOSTIP/$HOSTIP/g; - $$thing =~ s/%HTTPPORT/$HTTPPORT/g; - $$thing =~ s/%HOST6IP/$HOST6IP/g; - $$thing =~ s/%HTTP6PORT/$HTTP6PORT/g; - $$thing =~ s/%HTTPSPORT/$HTTPSPORT/g; - $$thing =~ s/%FTPPORT/$FTPPORT/g; + + # ports + $$thing =~ s/%FTP6PORT/$FTP6PORT/g; $$thing =~ s/%FTP2PORT/$FTP2PORT/g; $$thing =~ s/%FTPSPORT/$FTPSPORT/g; - $$thing =~ s/%SRCDIR/$srcdir/g; - $$thing =~ s/%PWD/$pwd/g; - $$thing =~ s/%TFTPPORT/$TFTPPORT/g; - $$thing =~ s/%TFTP6PORT/$TFTP6PORT/g; - $$thing =~ s/%SSHPORT/$SSHPORT/g; - $$thing =~ s/%SOCKSPORT/$SOCKSPORT/g; - $$thing =~ s/%POP3PORT/$POP3PORT/g; - $$thing =~ s/%POP36PORT/$POP36PORT/g; - $$thing =~ s/%IMAPPORT/$IMAPPORT/g; + $$thing =~ s/%FTPPORT/$FTPPORT/g; + + $$thing =~ s/%GOPHER6PORT/$GOPHER6PORT/g; + $$thing =~ s/%GOPHERPORT/$GOPHERPORT/g; + + $$thing =~ s/%HTTPTLS6PORT/$HTTPTLS6PORT/g; + $$thing =~ s/%HTTPTLSPORT/$HTTPTLSPORT/g; + $$thing =~ s/%HTTP6PORT/$HTTP6PORT/g; + $$thing =~ s/%HTTPSPORT/$HTTPSPORT/g; + $$thing =~ s/%HTTPPORT/$HTTPPORT/g; + $$thing =~ s/%IMAP6PORT/$IMAP6PORT/g; - $$thing =~ s/%SMTPPORT/$SMTPPORT/g; + $$thing =~ s/%IMAPPORT/$IMAPPORT/g; + + $$thing =~ s/%POP36PORT/$POP36PORT/g; + $$thing =~ s/%POP3PORT/$POP3PORT/g; + + $$thing =~ s/%RTSP6PORT/$RTSP6PORT/g; + $$thing =~ s/%RTSPPORT/$RTSPPORT/g; + $$thing =~ s/%SMTP6PORT/$SMTP6PORT/g; + $$thing =~ s/%SMTPPORT/$SMTPPORT/g; + + $$thing =~ s/%SOCKSPORT/$SOCKSPORT/g; + $$thing =~ s/%SSHPORT/$SSHPORT/g; + + $$thing =~ s/%TFTP6PORT/$TFTP6PORT/g; + $$thing =~ s/%TFTPPORT/$TFTPPORT/g; + + # client IP addresses + + $$thing =~ s/%CLIENT6IP/$CLIENT6IP/g; + $$thing =~ s/%CLIENTIP/$CLIENTIP/g; + + # server IP addresses + + $$thing =~ s/%HOST6IP/$HOST6IP/g; + $$thing =~ s/%HOSTIP/$HOSTIP/g; + + # misc + $$thing =~ s/%CURL/$CURL/g; + $$thing =~ s/%PWD/$pwd/g; + $$thing =~ s/%SRCDIR/$srcdir/g; $$thing =~ s/%USER/$USER/g; - $$thing =~ s/%CLIENTIP/$CLIENTIP/g; - $$thing =~ s/%CLIENT6IP/$CLIENT6IP/g; - $$thing =~ s/%RTSPPORT/$RTSPPORT/g; - $$thing =~ s/%RTSP6PORT/$RTSP6PORT/g; - $$thing =~ s/%GOPHERPORT/$GOPHERPORT/g; - $$thing =~ s/%GOPHER6PORT/$GOPHER6PORT/g; - $$thing =~ s/%HTTPTLSSRPPORT/$HTTPTLSSRPPORT/g; # The purpose of FTPTIME2 and FTPTIME3 is to provide times that can be # used for time-out tests and that whould work on most hosts as these @@ -2550,7 +2605,7 @@ sub singletest { next; } # See if this "feature" is in the list of supported protocols - elsif (grep /^$f$/, @protocols) { + elsif (grep /^\Q$f\E$/i, @protocols) { next; } @@ -2987,6 +3042,10 @@ sub singletest { # Test harness ssh server does not have this synchronization mechanism, # this implies that some ssh server based tests might need a small delay # once that the client command has run to avoid false test failures. + # + # gnutls-serv also lacks this synchronization mechanism, so gnutls-serv + # based tests might need a small delay once that the client command has + # run to avoid false test failures. sleep($postcommanddelay) if($postcommanddelay); @@ -3004,20 +3063,20 @@ sub singletest { my @killservers; foreach my $server (@killtestservers) { chomp $server; - if($server =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { - # given an ssl server, also kill non-ssl underlying one + if($server =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) { + # given a stunnel ssl server, also kill non-ssl underlying one push @killservers, "${1}${2}"; } - elsif($server =~ /^(ftp|http|imap|pop3|smtp)(.*)$/) { - # given a non-ssl server, also kill ssl piggybacking one + elsif($server =~ /^(ftp|http|imap|pop3|smtp)((\d*)(-ipv6|))$/) { + # given a non-ssl server, also kill stunnel piggybacking one push @killservers, "${1}s${2}"; } - elsif($server =~ /^(socks)(.*)$/) { - # given an socks server, also kill ssh underlying one + elsif($server =~ /^(socks)((\d*)(-ipv6|))$/) { + # given a socks server, also kill ssh underlying one push @killservers, "ssh${2}"; } - elsif($server =~ /^(ssh)(.*)$/) { - # given an ssh server, also kill socks piggybacking one + elsif($server =~ /^(ssh)((\d*)(-ipv6|))$/) { + # given a ssh server, also kill socks piggybacking one push @killservers, "socks${2}"; } push @killservers, $server; @@ -3402,6 +3461,7 @@ sub singletest { ####################################################################### # Stop all running test servers +# sub stopservers { my $verbose = $_[0]; # @@ -3449,17 +3509,17 @@ sub stopservers { # startservers() starts all the named servers # # Returns: string with error reason or blank for success - +# sub startservers { my @what = @_; my ($pid, $pid2); for(@what) { my (@whatlist) = split(/\s+/,$_); my $what = lc($whatlist[0]); - $what =~ s/[^a-z0-9-+]//g; + $what =~ s/[^a-z0-9-]//g; my $certfile; - if($what =~ /^(ftp|http|imap|pop3|smtp)s(.*)$/) { + if($what =~ /^(ftp|http|imap|pop3|smtp)s((\d*)(-ipv6|))$/) { $certfile = ($whatlist[1]) ? $whatlist[1] : 'stunnel.pem'; } @@ -3564,7 +3624,6 @@ sub startservers { $run{'rtsp-ipv6'}="$pid $pid2"; } } - elsif($what eq "ftps") { if(!$stunnel) { # we can't run ftps tests without stunnel @@ -3601,11 +3660,11 @@ sub startservers { } elsif($what eq "https") { if(!$stunnel) { - # we can't run ftps tests without stunnel + # we can't run https tests without stunnel return "no stunnel"; } if(!$ssl_version) { - # we can't run ftps tests if libcurl is SSL-less + # we can't run https tests if libcurl is SSL-less return "curl lacks SSL support"; } if($runcert{'https'} && ($runcert{'https'} ne $certfile)) { @@ -3631,18 +3690,34 @@ sub startservers { $run{'https'}="$pid $pid2"; } } - elsif($what eq "http+tls-srp") { - if(!$has_gnutls) { - return "no GnuTLS"; + elsif($what eq "httptls") { + if(!$httptlssrv) { + # for now, we can't run http TLS-EXT tests without gnutls-serv + return "no gnutls-serv"; } - if(!$run{'http+tls-srp'}) { - ($pid, $pid2) = runhttptlssrpserver($verbose); + if(!$run{'httptls'}) { + ($pid, $pid2) = runhttptlsserver($verbose, "IPv4"); if($pid <= 0) { - return "failed starting HTTP+TLS-SRP server (gnutls-serv)"; + return "failed starting HTTPTLS server (gnutls-serv)"; } - logmsg sprintf("* pid http+tls-srp => %d %d\n", $pid, $pid2) + logmsg sprintf("* pid httptls => %d %d\n", $pid, $pid2) if($verbose); - $run{'http+tls-srp'}="$pid $pid2"; + $run{'httptls'}="$pid $pid2"; + } + } + elsif($what eq "httptls-ipv6") { + if(!$httptlssrv) { + # for now, we can't run http TLS-EXT tests without gnutls-serv + return "no gnutls-serv"; + } + if(!$run{'httptls-ipv6'}) { + ($pid, $pid2) = runhttptlsserver($verbose, "IPv6"); + if($pid <= 0) { + return "failed starting HTTPTLS-IPv6 server (gnutls-serv)"; + } + logmsg sprintf("* pid httptls-ipv6 => %d %d\n", $pid, $pid2) + if($verbose); + $run{'httptls-ipv6'}="$pid $pid2"; } } elsif($what eq "tftp") { @@ -3720,7 +3795,6 @@ sub startservers { # # Returns: a string, blank if everything is fine or a reason why it failed # - sub serverfortest { my ($testnum)=@_; @@ -3731,14 +3805,28 @@ sub serverfortest { return "no server specified"; } - for (@what) { - my $proto = lc($_); - chomp $proto; - $proto =~ s/\s.*//g; # take first word - if (! grep /^\Q$proto\E$/, @protocols) { - if (substr($proto,0,5) ne "socks") { - return "curl lacks $proto support"; + for(my $i = scalar(@what) - 1; $i >= 0; $i--) { + my $srvrline = $what[$i]; + chomp $srvrline if($srvrline); + if($srvrline =~ /^(\S+)((\s*)(.*))/) { + my $server = "${1}"; + my $lnrest = "${2}"; + my $tlsext; + if($server =~ /^(httptls)(\+)(ext|srp)(\d*)(-ipv6|)$/) { + $server = "${1}${4}${5}"; + $tlsext = uc("TLS-${3}"); + } + if(! grep /^\Q$server\E$/, @protocols) { + if(substr($server,0,5) ne "socks") { + if($tlsext) { + return "curl lacks $tlsext support"; + } + else { + return "curl lacks $server support"; + } + } } + $what[$i] = "$server$lnrest" if($tlsext); } } @@ -4101,29 +4189,29 @@ if ($gdbthis) { } } -$HTTPPORT = $base++; # HTTP server port -$HTTPSPORT = $base++; # HTTPS server port -$FTPPORT = $base++; # FTP server port -$FTPSPORT = $base++; # FTPS server port -$HTTP6PORT = $base++; # HTTP IPv6 server port (different IP protocol - # but we follow the same port scheme anyway) -$FTP2PORT = $base++; # FTP server 2 port -$FTP6PORT = $base++; # FTP IPv6 port -$TFTPPORT = $base++; # TFTP (UDP) port -$TFTP6PORT = $base++; # TFTP IPv6 (UDP) port -$SSHPORT = $base++; # SSH (SCP/SFTP) port -$SOCKSPORT = $base++; # SOCKS port -$POP3PORT = $base++; -$POP36PORT = $base++; -$IMAPPORT = $base++; -$IMAP6PORT = $base++; -$SMTPPORT = $base++; -$SMTP6PORT = $base++; -$RTSPPORT = $base++; -$RTSP6PORT = $base++; -$GOPHERPORT =$base++; -$GOPHER6PORT=$base++; -$HTTPTLSSRPPORT=$base++; +$HTTPPORT = $base++; # HTTP server port +$HTTPSPORT = $base++; # HTTPS (stunnel) server port +$FTPPORT = $base++; # FTP server port +$FTPSPORT = $base++; # FTPS (stunnel) server port +$HTTP6PORT = $base++; # HTTP IPv6 server port +$FTP2PORT = $base++; # FTP server 2 port +$FTP6PORT = $base++; # FTP IPv6 port +$TFTPPORT = $base++; # TFTP (UDP) port +$TFTP6PORT = $base++; # TFTP IPv6 (UDP) port +$SSHPORT = $base++; # SSH (SCP/SFTP) port +$SOCKSPORT = $base++; # SOCKS port +$POP3PORT = $base++; # POP3 server port +$POP36PORT = $base++; # POP3 IPv6 server port +$IMAPPORT = $base++; # IMAP server port +$IMAP6PORT = $base++; # IMAP IPv6 server port +$SMTPPORT = $base++; # SMTP server port +$SMTP6PORT = $base++; # SMTP IPv6 server port +$RTSPPORT = $base++; # RTSP server port +$RTSP6PORT = $base++; # RTSP IPv6 server port +$GOPHERPORT = $base++; # Gopher IPv4 server port +$GOPHER6PORT = $base++; # Gopher IPv6 server port +$HTTPTLSPORT = $base++; # HTTP TLS (non-stunnel) server port +$HTTPTLS6PORT = $base++; # HTTP TLS (non-stunnel) IPv6 server port ####################################################################### # clear and create logging directory: diff --git a/tests/serverhelp.pm b/tests/serverhelp.pm index faaeebfd0..a1d1dc367 100644 --- a/tests/serverhelp.pm +++ b/tests/serverhelp.pm @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -63,6 +63,13 @@ use vars qw( #*************************************************************************** +# Just for convenience, test harness uses 'https' and 'httptls' literals as +# values for 'proto' variable in order to differentiate different servers. +# 'https' literal is used for stunnel based https test servers, and 'httptls' +# is used for non-stunnel https test servers. + + +#*************************************************************************** # Return server characterization factors given a server id string. # sub serverfactors { @@ -71,18 +78,20 @@ sub serverfactors { my $ipvnum; my $idnum; - if($server =~ /^((ftp|http|imap|pop3|smtp)s?)(\d*)(-ipv6|)$/) { + if($server =~ + /^((ftp|http|imap|pop3|smtp)s?)(\d*)(-ipv6|)$/) { $proto = $1; $idnum = ($3 && ($3 > 1)) ? $3 : 1; $ipvnum = ($4 && ($4 =~ /6$/)) ? 6 : 4; } - elsif($server =~ /^(tftp|sftp|socks|ssh|rtsp)(\d*)(-ipv6|)$/) { + elsif($server =~ + /^(tftp|sftp|socks|ssh|rtsp|gopher|httptls)(\d*)(-ipv6|)$/) { $proto = $1; $idnum = ($2 && ($2 > 1)) ? $2 : 1; $ipvnum = ($3 && ($3 =~ /6$/)) ? 6 : 4; } else { - die "invalid server id: $server" + die "invalid server id: '$server'" } return($proto, $ipvnum, $idnum); } @@ -95,16 +104,16 @@ sub servername_str { my ($proto, $ipver, $idnum) = @_; $proto = uc($proto) if($proto); - die "unsupported protocol: $proto" unless($proto && - ($proto =~ /^(((FTP|HTTP|IMAP|POP3|SMTP)S?)|(TFTP|SFTP|SOCKS|SSH|RTSP|GOPHER|HTTP\+TLS-SRP))$/)); + die "unsupported protocol: '$proto'" unless($proto && + ($proto =~ /^(((FTP|HTTP|IMAP|POP3|SMTP)S?)|(TFTP|SFTP|SOCKS|SSH|RTSP|GOPHER|HTTPTLS))$/)); $ipver = (not $ipver) ? 'ipv4' : lc($ipver); - die "unsupported IP version: $ipver" unless($ipver && + die "unsupported IP version: '$ipver'" unless($ipver && ($ipver =~ /^(4|6|ipv4|ipv6|-ipv4|-ipv6)$/)); $ipver = ($ipver =~ /6$/) ? '-IPv6' : ''; $idnum = 1 if(not $idnum); - die "unsupported ID number: $idnum" unless($idnum && + die "unsupported ID number: '$idnum'" unless($idnum && ($idnum =~ /^(\d+)$/)); $idnum = '' unless($idnum > 1); @@ -188,7 +197,7 @@ sub server_outputfilename { # sub mainsockf_pidfilename { my ($proto, $ipver, $idnum) = @_; - die "unsupported protocol: $proto" unless($proto && + die "unsupported protocol: '$proto'" unless($proto && (lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/)); my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.pid':'_sockfilt.pid'; return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer"; @@ -200,7 +209,7 @@ sub mainsockf_pidfilename { # sub mainsockf_logfilename { my ($logdir, $proto, $ipver, $idnum) = @_; - die "unsupported protocol: $proto" unless($proto && + die "unsupported protocol: '$proto'" unless($proto && (lc($proto) =~ /^(ftp|imap|pop3|smtp)s?$/)); my $trailer = (lc($proto) =~ /^ftps?$/) ? '_sockctrl.log':'_sockfilt.log'; return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer"; @@ -212,7 +221,7 @@ sub mainsockf_logfilename { # sub datasockf_pidfilename { my ($proto, $ipver, $idnum) = @_; - die "unsupported protocol: $proto" unless($proto && + die "unsupported protocol: '$proto'" unless($proto && (lc($proto) =~ /^ftps?$/)); my $trailer = '_sockdata.pid'; return '.'. servername_canon($proto, $ipver, $idnum) ."$trailer"; @@ -224,7 +233,7 @@ sub datasockf_pidfilename { # sub datasockf_logfilename { my ($logdir, $proto, $ipver, $idnum) = @_; - die "unsupported protocol: $proto" unless($proto && + die "unsupported protocol: '$proto'" unless($proto && (lc($proto) =~ /^ftps?$/)); my $trailer = '_sockdata.log'; return "${logdir}/". servername_canon($proto, $ipver, $idnum) ."$trailer"; diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm index 493cbfed8..ced9a01d1 100644 --- a/tests/sshhelp.pm +++ b/tests/sshhelp.pm @@ -39,6 +39,7 @@ use vars qw( $sftpsrvexe $sftpexe $sshkeygenexe + $httptlssrvexe $sshdconfig $sshconfig $sftpconfig @@ -52,6 +53,7 @@ use vars qw( $cliprvkeyf $clipubkeyf @sftppath + @httptlssrvpath ); @@ -95,7 +97,7 @@ use vars qw( find_sftpsrv find_sftp find_sshkeygen - find_gnutls_serv + find_httptlssrv logmsg sshversioninfo ); @@ -104,27 +106,28 @@ use vars qw( #*************************************************************************** # Global variables initialization # -$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon -$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client -$sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server -$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client -$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen -$sshdconfig = 'curl_sshd_config'; # ssh daemon config file -$sshconfig = 'curl_ssh_config'; # ssh client config file -$sftpconfig = 'curl_sftp_config'; # sftp client config file -$sshdlog = undef; # ssh daemon log file -$sshlog = undef; # ssh client log file -$sftplog = undef; # sftp client log file -$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file -$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file -$hstprvkeyf = 'curl_host_dsa_key'; # host private key file -$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file -$cliprvkeyf = 'curl_client_key'; # client private key file -$clipubkeyf = 'curl_client_key.pub'; # client public key file +$sshdexe = 'sshd' .exe_ext(); # base name and ext of ssh daemon +$sshexe = 'ssh' .exe_ext(); # base name and ext of ssh client +$sftpsrvexe = 'sftp-server' .exe_ext(); # base name and ext of sftp-server +$sftpexe = 'sftp' .exe_ext(); # base name and ext of sftp client +$sshkeygenexe = 'ssh-keygen' .exe_ext(); # base name and ext of ssh-keygen +$httptlssrvexe = 'gnutls-serv' .exe_ext(); # base name and ext of gnutls-serv +$sshdconfig = 'curl_sshd_config'; # ssh daemon config file +$sshconfig = 'curl_ssh_config'; # ssh client config file +$sftpconfig = 'curl_sftp_config'; # sftp client config file +$sshdlog = undef; # ssh daemon log file +$sshlog = undef; # ssh client log file +$sftplog = undef; # sftp client log file +$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file +$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file +$hstprvkeyf = 'curl_host_dsa_key'; # host private key file +$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file +$cliprvkeyf = 'curl_client_key'; # client private key file +$clipubkeyf = 'curl_client_key.pub'; # client public key file #*************************************************************************** -# Absolute paths where to look for sftp-server plugin +# Absolute paths where to look for sftp-server plugin, when not in PATH # @sftppath = qw( /usr/lib/openssh @@ -150,6 +153,30 @@ $clipubkeyf = 'curl_client_key.pub'; # client public key file #*************************************************************************** +# Absolute paths where to look for httptlssrv (gnutls-serv), when not in PATH +# +@httptlssrvpath = qw( + /usr/sbin + /usr/libexec + /usr/lib + /usr/lib/misc + /usr/lib64/misc + /usr/local/bin + /usr/local/sbin + /usr/local/libexec + /opt/local/bin + /opt/local/sbin + /opt/local/libexec + /usr/freeware/bin + /usr/freeware/sbin + /usr/freeware/libexec + /opt/gnutls/bin + /opt/gnutls/sbin + /opt/gnutls/libexec + ); + + +#*************************************************************************** # Return file extension for executable files on this operating system # sub exe_ext { @@ -273,7 +300,7 @@ sub find_file { my @path = @_; foreach (@path) { my $file = File::Spec->catfile($_, $fn); - if(-e $file) { + if(-e $file && ! -d $file) { return $file; } } @@ -281,9 +308,27 @@ sub find_file { #*************************************************************************** +# Find an executable file somewhere in the given path +# +sub find_exe_file { + my $fn = $_[0]; + shift; + my @path = @_; + my $xext = exe_ext(); + foreach (@path) { + my $file = File::Spec->catfile($_, $fn); + if(-e $file && ! -d $file) { + return $file if(-x $file); + return $file if(($xext) && (lc($file) =~ /\Q$xext\E$/)); + } + } +} + + +#*************************************************************************** # Find a file in environment path or in our sftppath # -sub find_sfile { +sub find_file_spath { my $filename = $_[0]; my @spath; push(@spath, File::Spec->path()); @@ -291,18 +336,24 @@ sub find_sfile { return find_file($filename, @spath); } + #*************************************************************************** -# Find gnutls-serv and return canonical filename +# Find an executable file in environment path or in our httptlssrvpath # -sub find_gnutls_serv { - return find_file("gnutls-serv", split(':', $ENV{PATH})); +sub find_exe_file_hpath { + my $filename = $_[0]; + my @hpath; + push(@hpath, File::Spec->path()); + push(@hpath, @httptlssrvpath); + return find_exe_file($filename, @hpath); } + #*************************************************************************** # Find ssh daemon and return canonical filename # sub find_sshd { - return find_sfile($sshdexe); + return find_file_spath($sshdexe); } @@ -310,7 +361,7 @@ sub find_sshd { # Find ssh client and return canonical filename # sub find_ssh { - return find_sfile($sshexe); + return find_file_spath($sshexe); } @@ -318,7 +369,7 @@ sub find_ssh { # Find sftp-server plugin and return canonical filename # sub find_sftpsrv { - return find_sfile($sftpsrvexe); + return find_file_spath($sftpsrvexe); } @@ -326,7 +377,7 @@ sub find_sftpsrv { # Find sftp client and return canonical filename # sub find_sftp { - return find_sfile($sftpexe); + return find_file_spath($sftpexe); } @@ -334,7 +385,15 @@ sub find_sftp { # Find ssh-keygen and return canonical filename # sub find_sshkeygen { - return find_sfile($sshkeygenexe); + return find_file_spath($sshkeygenexe); +} + + +#*************************************************************************** +# Find httptlssrv (gnutls-serv) and return canonical filename +# +sub find_httptlssrv { + return find_exe_file_hpath($httptlssrvexe); } |