summaryrefslogtreecommitdiff
path: root/tests/secureserver.pl
diff options
context:
space:
mode:
authorYang Tse <yangsita@gmail.com>2010-01-11 04:49:13 +0000
committerYang Tse <yangsita@gmail.com>2010-01-11 04:49:13 +0000
commitcd7b12edffd4ca03081aa7fdc875c5d4181586a9 (patch)
tree7b0a7e8e9b183439ebd26957ef1dea6154d2eea1 /tests/secureserver.pl
parent1103d0c71873fc40957618be4d851efa5019f7fe (diff)
downloadcurl-cd7b12edffd4ca03081aa7fdc875c5d4181586a9.tar.gz
secureserver.pl is now the test harness script used for SSL/TLS.
Start using the centralized pidfile and logfile name generation subroutines for https and ftps test suite servers.
Diffstat (limited to 'tests/secureserver.pl')
-rw-r--r--tests/secureserver.pl299
1 files changed, 299 insertions, 0 deletions
diff --git a/tests/secureserver.pl b/tests/secureserver.pl
new file mode 100644
index 000000000..f424f8dcc
--- /dev/null
+++ b/tests/secureserver.pl
@@ -0,0 +1,299 @@
+#!/usr/bin/env perl
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# $Id$
+#***************************************************************************
+
+# This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
+# harness. Actually just a layer that runs stunnel properly using the
+# non-secure test harness servers.
+
+BEGIN {
+ @INC=(@INC, $ENV{'srcdir'}, '.');
+}
+
+use strict;
+use warnings;
+use Cwd;
+
+use serverhelp qw(
+ server_pidfilename
+ server_logfilename
+ );
+
+my $stunnel = "stunnel";
+
+my $verbose=0; # set to 1 for debugging
+
+my $accept_port = 8991; # just our default, weird enough
+my $target_port = 8999; # default test http-server port
+
+my $stuncert;
+
+my $ver_major;
+my $ver_minor;
+my $stunnel_version;
+my $socketopt;
+my $cmd;
+
+my $pidfile; # stunnel pid file
+my $logfile; # stunnel log file
+my $loglevel = 5; # stunnel log level
+my $ipvnum = 4; # default IP version of stunneled server
+my $idnum = 1; # dafault stunneled server instance number
+my $proto = 'https'; # default secure server protocol
+my $conffile; # stunnel configuration file
+my $certfile; # certificate chain PEM file
+
+#***************************************************************************
+# stunnel requires full path specification for several files.
+#
+my $path = getcwd();
+my $srcdir = $path;
+my $logdir = $path .'/log';
+
+#***************************************************************************
+# Signal handler to remove our stunnel 4.00 and newer configuration file.
+#
+sub exit_signal_handler {
+ my $signame = shift;
+ local $!; # preserve errno
+ local $?; # preserve exit status
+ unlink($conffile) if($conffile && (-f $conffile));
+ exit;
+}
+
+#***************************************************************************
+# Process command line options
+#
+while(@ARGV) {
+ if($ARGV[0] eq '--verbose') {
+ $verbose = 1;
+ }
+ elsif($ARGV[0] eq '--proto') {
+ if($ARGV[1]) {
+ $proto = $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--accept') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $accept_port = $1;
+ shift @ARGV;
+ }
+ }
+ }
+ elsif($ARGV[0] eq '--connect') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $target_port = $1;
+ shift @ARGV;
+ }
+ }
+ }
+ elsif($ARGV[0] eq '--stunnel') {
+ if($ARGV[1]) {
+ $stunnel = $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--srcdir') {
+ if($ARGV[1]) {
+ $srcdir = $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--certfile') {
+ if($ARGV[1]) {
+ $stuncert = $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--id') {
+ if($ARGV[1]) {
+ if($ARGV[1] =~ /^(\d+)$/) {
+ $idnum = $1 if($1 > 0);
+ shift @ARGV;
+ }
+ }
+ }
+ elsif($ARGV[0] eq '--ipv4') {
+ $ipvnum = 4;
+ }
+ elsif($ARGV[0] eq '--ipv6') {
+ $ipvnum = 6;
+ }
+ elsif($ARGV[0] eq '--pidfile') {
+ if($ARGV[1]) {
+ $pidfile = "$path/". $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ elsif($ARGV[0] eq '--logfile') {
+ if($ARGV[1]) {
+ $logfile = "$path/". $ARGV[1];
+ shift @ARGV;
+ }
+ }
+ else {
+ print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
+ }
+ shift @ARGV;
+}
+
+#***************************************************************************
+# Initialize command line option dependant variables
+#
+if(!$pidfile) {
+ $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
+}
+if(!$logfile) {
+ $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
+}
+
+$conffile = "$path/stunnel.conf";
+
+$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
+
+my $ssltext = uc($proto) ." SSL/TLS:";
+
+#***************************************************************************
+# Find out version info for the given stunnel binary
+#
+foreach my $veropt (('-version', '-V')) {
+ foreach my $verstr (qx($stunnel $veropt 2>&1)) {
+ if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
+ $ver_major = $1;
+ $ver_minor = $2;
+ last;
+ }
+ }
+ last if($ver_major);
+}
+if((!$ver_major) || (!$ver_minor)) {
+ if(-x "$stunnel" && ! -d "$stunnel") {
+ print "$ssltext Unknown stunnel version\n";
+ }
+ else {
+ print "$ssltext No stunnel\n";
+ }
+ exit 1;
+}
+$stunnel_version = (100*$ver_major) + $ver_minor;
+
+#***************************************************************************
+# Verify minimmum stunnel required version
+#
+if($stunnel_version < 310) {
+ print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
+ exit 1;
+}
+
+#***************************************************************************
+# Build command to execute for stunnel 3.X versions
+#
+if($stunnel_version < 400) {
+ if($stunnel_version >= 319) {
+ $socketopt = "-O a:SO_REUSEADDR=1";
+ }
+ $cmd = "$stunnel -p $certfile -P $pidfile ";
+ $cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
+ $cmd .= ($socketopt) ? "$socketopt " : "";
+ $cmd .= ">$logfile 2>&1";
+ if($verbose) {
+ print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
+ print "cmd: $cmd\n";
+ print "pem cert file: $certfile\n";
+ print "pid file: $pidfile\n";
+ print "log file: $logfile\n";
+ print "log level: $loglevel\n";
+ print "listen on port: $accept_port\n";
+ print "connect to port: $target_port\n";
+ }
+}
+
+#***************************************************************************
+# Build command to execute for stunnel 4.00 and newer
+#
+if($stunnel_version >= 400) {
+ $socketopt = "a:SO_REUSEADDR=1";
+ $cmd = "$stunnel $conffile ";
+ $cmd .= ">$logfile 2>&1";
+ # setup signal handler
+ $SIG{INT} = \&exit_signal_handler;
+ $SIG{TERM} = \&exit_signal_handler;
+ # stunnel configuration file
+ if(open(STUNCONF, ">$conffile")) {
+ print STUNCONF "
+ CApath = $path
+ cert = $certfile
+ pid = $pidfile
+ debug = $loglevel
+ output = $logfile
+ socket = $socketopt
+ foreground = yes
+
+ [curltest]
+ accept = $accept_port
+ connect = $target_port
+ ";
+ if(!close(STUNCONF)) {
+ print "$ssltext Error closing file $conffile\n";
+ exit 1;
+ }
+ }
+ else {
+ print "$ssltext Error writing file $conffile\n";
+ exit 1;
+ }
+ if($verbose) {
+ print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
+ print "cmd: $cmd\n";
+ print "CApath = $path\n";
+ print "cert = $certfile\n";
+ print "pid = $pidfile\n";
+ print "debug = $loglevel\n";
+ print "output = $logfile\n";
+ print "socket = $socketopt\n";
+ print "foreground = yes\n";
+ print "\n";
+ print "[curltest]\n";
+ print "accept = $accept_port\n";
+ print "connect = $target_port\n";
+ }
+}
+
+#***************************************************************************
+# Set file permissions on certificate pem file.
+#
+chmod(0600, $certfile) if(-f $certfile);
+
+#***************************************************************************
+# Run stunnel.
+#
+my $rc = system($cmd);
+
+$rc >>= 8;
+
+unlink($conffile) if($conffile && -f $conffile);
+
+exit $rc;