diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/httpsserver.pl | 197 | ||||
| -rwxr-xr-x | tests/runtests.pl | 69 | ||||
| -rw-r--r-- | tests/secureserver.pl | 299 |
3 files changed, 337 insertions, 228 deletions
diff --git a/tests/httpsserver.pl b/tests/httpsserver.pl deleted file mode 100644 index 561d1c86e..000000000 --- a/tests/httpsserver.pl +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/env perl -# -# $Id$ -# This is the HTTPS and FTPS server designed for the curl test suite. -# -# It is actually just a layer that runs stunnel properly. - -use strict; -use Cwd; - -my $stunnel = "stunnel"; - -my $verbose=0; # set to 1 for debugging - -my $port = 8991; # just our default, weird enough -my $target_port = 8999; # default test http-server port - -my $path = getcwd(); - -my $srcdir=$path; - -my $proto='https'; - -my $stuncert; - -my $ver_major; -my $ver_minor; -my $stunnel_version; -my $socketopt; -my $cmd; - -#*************************************************************************** -# Process command line options -# -while(@ARGV) { - if($ARGV[0] eq "-v") { - $verbose=1; - } - if($ARGV[0] eq "-w") { - return 0; # return success, means we have stunnel working! - } - elsif($ARGV[0] eq "-p") { - $proto=$ARGV[1]; - shift @ARGV; - } - elsif($ARGV[0] eq "-r") { - $target_port=$ARGV[1]; - shift @ARGV; - } - elsif($ARGV[0] eq "-s") { - $stunnel=$ARGV[1]; - shift @ARGV; - } - elsif($ARGV[0] eq "-d") { - $srcdir=$ARGV[1]; - shift @ARGV; - } - elsif($ARGV[0] eq "-c") { - $stuncert=$ARGV[1]; - shift @ARGV; - } - elsif($ARGV[0] =~ /^(\d+)$/) { - $port = $1; - } - shift @ARGV; -}; - -my $conffile="$path/stunnel.conf"; # stunnel configuration data -my $certfile="$srcdir/" - . ($stuncert?"certs/$stuncert":"stunnel.pem"); # stunnel server certificate - -my $pidfile="$path/.$proto.pid"; # stunnel process pid file -my $logfile="$path/log/${proto}_stunnel.log"; # stunnel log file -my $loglevel=5; - -my $ssltext = uc($proto) ." SSL/TLS:"; - -#*************************************************************************** -# Find out version info for the given stunnel binary -# -foreach my $veropt (('-version', '-V')) { - foreach my $verstr (qx($stunnel $veropt 2>&1)) { - if($verstr =~ /^stunnel (\d+)\.(\d+) on /) { - $ver_major = $1; - $ver_minor = $2; - last; - } - } - last if($ver_major); -} -if((!$ver_major) || (!$ver_minor)) { - if(-x "$stunnel" && ! -d "$stunnel") { - print "$ssltext Unknown stunnel version\n"; - } - else { - print "$ssltext No stunnel\n"; - } - exit 1; -} -$stunnel_version = (100*$ver_major) + $ver_minor; - -#*************************************************************************** -# Verify minimmum stunnel required version -# -if($stunnel_version < 310) { - print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n"; -} - -#*************************************************************************** -# Build command to execute for stunnel 3.X versions -# -if($stunnel_version < 400) { - if($stunnel_version >= 319) { - $socketopt = "-O a:SO_REUSEADDR=1"; - } - $cmd = "$stunnel -p $certfile -P $pidfile "; - $cmd .= "-d $port -r $target_port -f -D $loglevel "; - $cmd .= ($socketopt) ? "$socketopt " : ""; - $cmd .= ">$logfile 2>&1"; - if($verbose) { - print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; - print "cmd: $cmd\n"; - print "pem cert file: $certfile\n"; - print "pid file: $pidfile\n"; - print "log file: $logfile\n"; - print "log level: $loglevel\n"; - print "listen on port: $port\n"; - print "connect to port: $target_port\n"; - } -} - -#*************************************************************************** -# Build command to execute for stunnel 4.00 and newer -# -if($stunnel_version >= 400) { - $socketopt = "a:SO_REUSEADDR=1"; - $cmd = "$stunnel $conffile "; - $cmd .= ">$logfile 2>&1"; - # stunnel configuration file - if(open(STUNCONF, ">$conffile")) { - print STUNCONF " - CApath = $path - cert = $certfile - pid = $pidfile - debug = $loglevel - output = $logfile - socket = $socketopt - foreground = yes - - [curltest] - accept = $port - connect = $target_port - "; - if(!close(STUNCONF)) { - print "$ssltext Error closing file $conffile\n"; - exit 1; - } - } - else { - print "$ssltext Error writing file $conffile\n"; - exit 1; - } - if($verbose) { - print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; - print "cmd: $cmd\n"; - print "CApath = $path\n"; - print "cert = $certfile\n"; - print "pid = $pidfile\n"; - print "debug = $loglevel\n"; - print "output = $logfile\n"; - print "socket = $socketopt\n"; - print "foreground = yes\n"; - print "\n"; - print "[curltest]\n"; - print "accept = $port\n"; - print "connect = $target_port\n"; - } -} - -#*************************************************************************** -# Set file permissions on certificate pem file. -# -chmod(0600, $certfile) if(-f $certfile); - -#*************************************************************************** -# Run stunnel. -# -my $rc = system($cmd); - -$rc >>= 8; -#if($rc) { -# print "stunnel exited with $rc!\n"; -#} - -unlink $conffile; - -exit $rc; diff --git a/tests/runtests.pl b/tests/runtests.pl index 5552feca7..33baa815e 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -885,33 +885,27 @@ sub runhttpserver { # start the https server (or rather, tunnel) # sub runhttpsserver { - my ($verbose, $ipv6, $parm) = @_; - my $STATUS; - my $RUNNING; - my $ip = $HOSTIP; - my $pidfile = $HTTPSPIDFILE; + my ($verbose, $ipv6, $certfile) = @_; my $proto = 'https'; - my $ipvnum = 4; + my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP"; + my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4; my $idnum = 1; my $srvrname; + my $pidfile; + my $logfile; + my $flags = ""; if(!$stunnel) { return 0; } - if($ipv6) { - # not complete yet - $ipvnum = 6; - $ip = $HOST6IP; - } + $pidfile = server_pidfilename($proto, $ipvnum, $idnum); # don't retry if the server doesn't work if ($doesntrun{$pidfile}) { return (0,0); } - $srvrname = servername_str($proto, $ipvnum, $idnum); - my $pid = processexists($pidfile); if($pid > 0) { # kill previous stunnel! @@ -919,10 +913,19 @@ sub runhttpsserver { } unlink($pidfile); - my $flag=$debugprotocol?"-v ":""; - $flag .= " -c $parm" if ($parm); - my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT"; + $srvrname = servername_str($proto, $ipvnum, $idnum); + + $logfile = server_logfilename($LOGDIR, $proto, $ipvnum, $idnum); + $flags .= "--verbose " if($debugprotocol); + $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" "; + $flags .= "--id $idnum " if($idnum > 1); + $flags .= "--ipv$ipvnum --proto $proto "; + $flags .= "--certfile \"$certfile\" " if($certfile); + $flags .= "--stunnel \"$stunnel\" --srcdir \"$srcdir\" "; + $flags .= "--connect $HTTPPORT --accept $HTTPSPORT"; + + my $cmd = "$perl $srcdir/secureserver.pl $flags"; my ($httpspid, $pid2) = startnew($cmd, $pidfile, 15, 0); if($httpspid <= 0 || !kill(0, $httpspid)) { @@ -1051,33 +1054,27 @@ sub runpingpongserver { # start the ftps server (or rather, tunnel) # sub runftpsserver { - my ($verbose, $ipv6) = @_; - my $STATUS; - my $RUNNING; - my $ip = $HOSTIP; - my $pidfile = $FTPSPIDFILE; + my ($verbose, $ipv6, $certfile) = @_; my $proto = 'ftps'; - my $ipvnum = 4; + my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP"; + my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4; my $idnum = 1; my $srvrname; + my $pidfile; + my $logfile; + my $flags = ""; if(!$stunnel) { return 0; } - if($ipv6) { - # not complete yet - $ipvnum = 6; - $ip = $HOST6IP; - } + $pidfile = server_pidfilename($proto, $ipvnum, $idnum); # don't retry if the server doesn't work if ($doesntrun{$pidfile}) { return (0,0); } - $srvrname = servername_str($proto, $ipvnum, $idnum); - my $pid = processexists($pidfile); if($pid > 0) { # kill previous stunnel! @@ -1085,9 +1082,19 @@ sub runftpsserver { } unlink($pidfile); - my $flag=$debugprotocol?"-v ":""; - my $cmd="$perl $srcdir/httpsserver.pl $flag -p ftps -s \"$stunnel\" -d $srcdir -r $FTPPORT $FTPSPORT"; + $srvrname = servername_str($proto, $ipvnum, $idnum); + + $logfile = server_logfilename($LOGDIR, $proto, $ipvnum, $idnum); + + $flags .= "--verbose " if($debugprotocol); + $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" "; + $flags .= "--id $idnum " if($idnum > 1); + $flags .= "--ipv$ipvnum --proto $proto "; + $flags .= "--certfile \"$certfile\" " if($certfile); + $flags .= "--stunnel \"$stunnel\" --srcdir \"$srcdir\" "; + $flags .= "--connect $FTPPORT --accept $FTPSPORT"; + my $cmd = "$perl $srcdir/secureserver.pl $flags"; my ($ftpspid, $pid2) = startnew($cmd, $pidfile, 15, 0); if($ftpspid <= 0 || !kill(0, $ftpspid)) { diff --git a/tests/secureserver.pl b/tests/secureserver.pl new file mode 100644 index 000000000..f424f8dcc --- /dev/null +++ b/tests/secureserver.pl @@ -0,0 +1,299 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at http://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# $Id$ +#*************************************************************************** + +# This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test +# harness. Actually just a layer that runs stunnel properly using the +# non-secure test harness servers. + +BEGIN { + @INC=(@INC, $ENV{'srcdir'}, '.'); +} + +use strict; +use warnings; +use Cwd; + +use serverhelp qw( + server_pidfilename + server_logfilename + ); + +my $stunnel = "stunnel"; + +my $verbose=0; # set to 1 for debugging + +my $accept_port = 8991; # just our default, weird enough +my $target_port = 8999; # default test http-server port + +my $stuncert; + +my $ver_major; +my $ver_minor; +my $stunnel_version; +my $socketopt; +my $cmd; + +my $pidfile; # stunnel pid file +my $logfile; # stunnel log file +my $loglevel = 5; # stunnel log level +my $ipvnum = 4; # default IP version of stunneled server +my $idnum = 1; # dafault stunneled server instance number +my $proto = 'https'; # default secure server protocol +my $conffile; # stunnel configuration file +my $certfile; # certificate chain PEM file + +#*************************************************************************** +# stunnel requires full path specification for several files. +# +my $path = getcwd(); +my $srcdir = $path; +my $logdir = $path .'/log'; + +#*************************************************************************** +# Signal handler to remove our stunnel 4.00 and newer configuration file. +# +sub exit_signal_handler { + my $signame = shift; + local $!; # preserve errno + local $?; # preserve exit status + unlink($conffile) if($conffile && (-f $conffile)); + exit; +} + +#*************************************************************************** +# Process command line options +# +while(@ARGV) { + if($ARGV[0] eq '--verbose') { + $verbose = 1; + } + elsif($ARGV[0] eq '--proto') { + if($ARGV[1]) { + $proto = $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--accept') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $accept_port = $1; + shift @ARGV; + } + } + } + elsif($ARGV[0] eq '--connect') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $target_port = $1; + shift @ARGV; + } + } + } + elsif($ARGV[0] eq '--stunnel') { + if($ARGV[1]) { + $stunnel = $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--srcdir') { + if($ARGV[1]) { + $srcdir = $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--certfile') { + if($ARGV[1]) { + $stuncert = $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--id') { + if($ARGV[1]) { + if($ARGV[1] =~ /^(\d+)$/) { + $idnum = $1 if($1 > 0); + shift @ARGV; + } + } + } + elsif($ARGV[0] eq '--ipv4') { + $ipvnum = 4; + } + elsif($ARGV[0] eq '--ipv6') { + $ipvnum = 6; + } + elsif($ARGV[0] eq '--pidfile') { + if($ARGV[1]) { + $pidfile = "$path/". $ARGV[1]; + shift @ARGV; + } + } + elsif($ARGV[0] eq '--logfile') { + if($ARGV[1]) { + $logfile = "$path/". $ARGV[1]; + shift @ARGV; + } + } + else { + print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n"; + } + shift @ARGV; +} + +#*************************************************************************** +# Initialize command line option dependant variables +# +if(!$pidfile) { + $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum); +} +if(!$logfile) { + $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum); +} + +$conffile = "$path/stunnel.conf"; + +$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem"); + +my $ssltext = uc($proto) ." SSL/TLS:"; + +#*************************************************************************** +# Find out version info for the given stunnel binary +# +foreach my $veropt (('-version', '-V')) { + foreach my $verstr (qx($stunnel $veropt 2>&1)) { + if($verstr =~ /^stunnel (\d+)\.(\d+) on /) { + $ver_major = $1; + $ver_minor = $2; + last; + } + } + last if($ver_major); +} +if((!$ver_major) || (!$ver_minor)) { + if(-x "$stunnel" && ! -d "$stunnel") { + print "$ssltext Unknown stunnel version\n"; + } + else { + print "$ssltext No stunnel\n"; + } + exit 1; +} +$stunnel_version = (100*$ver_major) + $ver_minor; + +#*************************************************************************** +# Verify minimmum stunnel required version +# +if($stunnel_version < 310) { + print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n"; + exit 1; +} + +#*************************************************************************** +# Build command to execute for stunnel 3.X versions +# +if($stunnel_version < 400) { + if($stunnel_version >= 319) { + $socketopt = "-O a:SO_REUSEADDR=1"; + } + $cmd = "$stunnel -p $certfile -P $pidfile "; + $cmd .= "-d $accept_port -r $target_port -f -D $loglevel "; + $cmd .= ($socketopt) ? "$socketopt " : ""; + $cmd .= ">$logfile 2>&1"; + if($verbose) { + print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; + print "cmd: $cmd\n"; + print "pem cert file: $certfile\n"; + print "pid file: $pidfile\n"; + print "log file: $logfile\n"; + print "log level: $loglevel\n"; + print "listen on port: $accept_port\n"; + print "connect to port: $target_port\n"; + } +} + +#*************************************************************************** +# Build command to execute for stunnel 4.00 and newer +# +if($stunnel_version >= 400) { + $socketopt = "a:SO_REUSEADDR=1"; + $cmd = "$stunnel $conffile "; + $cmd .= ">$logfile 2>&1"; + # setup signal handler + $SIG{INT} = \&exit_signal_handler; + $SIG{TERM} = \&exit_signal_handler; + # stunnel configuration file + if(open(STUNCONF, ">$conffile")) { + print STUNCONF " + CApath = $path + cert = $certfile + pid = $pidfile + debug = $loglevel + output = $logfile + socket = $socketopt + foreground = yes + + [curltest] + accept = $accept_port + connect = $target_port + "; + if(!close(STUNCONF)) { + print "$ssltext Error closing file $conffile\n"; + exit 1; + } + } + else { + print "$ssltext Error writing file $conffile\n"; + exit 1; + } + if($verbose) { + print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; + print "cmd: $cmd\n"; + print "CApath = $path\n"; + print "cert = $certfile\n"; + print "pid = $pidfile\n"; + print "debug = $loglevel\n"; + print "output = $logfile\n"; + print "socket = $socketopt\n"; + print "foreground = yes\n"; + print "\n"; + print "[curltest]\n"; + print "accept = $accept_port\n"; + print "connect = $target_port\n"; + } +} + +#*************************************************************************** +# Set file permissions on certificate pem file. +# +chmod(0600, $certfile) if(-f $certfile); + +#*************************************************************************** +# Run stunnel. +# +my $rc = system($cmd); + +$rc >>= 8; + +unlink($conffile) if($conffile && -f $conffile); + +exit $rc; |