Blame - ap/lib/libcurl/curl-7.54.1/tests/secureserver.pl - T106_DC

blob: c897ee5f1c67729d5000ce453ac756909bbedf03 [file] [log] [blame]

lh	9ed821d	2023-04-07 01:36:19 -0700	[diff] [blame]	1	#!/usr/bin/env perl
				2	#***************************************************************************
				3	# _ _ ____ _
				4	# Project ___\| \| \| \| _ \\| \|
				5	# / __\| \| \| \| \|_) \| \|
				6	# \| (__\| \|_\| \| _ <\| \|___
				7	# \___\|\___/\|_\| \_\_____\|
				8	#
				9	# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
				10	#
				11	# This software is licensed as described in the file COPYING, which
				12	# you should have received as part of this distribution. The terms
				13	# are also available at https://curl.haxx.se/docs/copyright.html.
				14	#
				15	# You may opt to use, copy, modify, merge, publish, distribute and/or sell
				16	# copies of the Software, and permit persons to whom the Software is
				17	# furnished to do so, under the terms of the COPYING file.
				18	#
				19	# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
				20	# KIND, either express or implied.
				21	#
				22	#***************************************************************************
				23
				24	# This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
				25	# harness. Actually just a layer that runs stunnel properly using the
				26	# non-secure test harness servers.
				27
				28	BEGIN {
				29	push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'});
				30	push(@INC, ".");
				31	}
				32
				33	use strict;
				34	use warnings;
				35	use Cwd;
				36	use Cwd 'abs_path';
				37
				38	use serverhelp qw(
				39	server_pidfilename
				40	server_logfilename
				41	);
				42
				43	use pathhelp;
				44
				45	my $stunnel = "stunnel";
				46
				47	my $verbose=0; # set to 1 for debugging
				48
				49	my $accept_port = 8991; # just our default, weird enough
				50	my $target_port = 8999; # default test http-server port
				51
				52	my $stuncert;
				53
				54	my $ver_major;
				55	my $ver_minor;
				56	my $fips_support;
				57	my $stunnel_version;
				58	my $tstunnel_windows;
				59	my $socketopt;
				60	my $cmd;
				61
				62	my $pidfile; # stunnel pid file
				63	my $logfile; # stunnel log file
				64	my $loglevel = 5; # stunnel log level
				65	my $ipvnum = 4; # default IP version of stunneled server
				66	my $idnum = 1; # default stunneled server instance number
				67	my $proto = 'https'; # default secure server protocol
				68	my $conffile; # stunnel configuration file
				69	my $capath; # certificate chain PEM folder
				70	my $certfile; # certificate chain PEM file
				71
				72	#***************************************************************************
				73	# stunnel requires full path specification for several files.
				74	#
				75	my $path = getcwd();
				76	my $srcdir = $path;
				77	my $logdir = $path .'/log';
				78
				79	#***************************************************************************
				80	# Signal handler to remove our stunnel 4.00 and newer configuration file.
				81	#
				82	sub exit_signal_handler {
				83	my $signame = shift;
				84	local $!; # preserve errno
				85	local $?; # preserve exit status
				86	unlink($conffile) if($conffile && (-f $conffile));
				87	exit;
				88	}
				89
				90	#***************************************************************************
				91	# Process command line options
				92	#
				93	while(@ARGV) {
				94	if($ARGV[0] eq '--verbose') {
				95	$verbose = 1;
				96	}
				97	elsif($ARGV[0] eq '--proto') {
				98	if($ARGV[1]) {
				99	$proto = $ARGV[1];
				100	shift @ARGV;
				101	}
				102	}
				103	elsif($ARGV[0] eq '--accept') {
				104	if($ARGV[1]) {
				105	if($ARGV[1] =~ /^(\d+)$/) {
				106	$accept_port = $1;
				107	shift @ARGV;
				108	}
				109	}
				110	}
				111	elsif($ARGV[0] eq '--connect') {
				112	if($ARGV[1]) {
				113	if($ARGV[1] =~ /^(\d+)$/) {
				114	$target_port = $1;
				115	shift @ARGV;
				116	}
				117	}
				118	}
				119	elsif($ARGV[0] eq '--stunnel') {
				120	if($ARGV[1]) {
				121	if($ARGV[1] =~ /^([\w\/]+)$/) {
				122	$stunnel = $ARGV[1];
				123	}
				124	else {
				125	$stunnel = "\"". $ARGV[1] ."\"";
				126	}
				127	shift @ARGV;
				128	}
				129	}
				130	elsif($ARGV[0] eq '--srcdir') {
				131	if($ARGV[1]) {
				132	$srcdir = $ARGV[1];
				133	shift @ARGV;
				134	}
				135	}
				136	elsif($ARGV[0] eq '--certfile') {
				137	if($ARGV[1]) {
				138	$stuncert = $ARGV[1];
				139	shift @ARGV;
				140	}
				141	}
				142	elsif($ARGV[0] eq '--id') {
				143	if($ARGV[1]) {
				144	if($ARGV[1] =~ /^(\d+)$/) {
				145	$idnum = $1 if($1 > 0);
				146	shift @ARGV;
				147	}
				148	}
				149	}
				150	elsif($ARGV[0] eq '--ipv4') {
				151	$ipvnum = 4;
				152	}
				153	elsif($ARGV[0] eq '--ipv6') {
				154	$ipvnum = 6;
				155	}
				156	elsif($ARGV[0] eq '--pidfile') {
				157	if($ARGV[1]) {
				158	$pidfile = "$path/". $ARGV[1];
				159	shift @ARGV;
				160	}
				161	}
				162	elsif($ARGV[0] eq '--logfile') {
				163	if($ARGV[1]) {
				164	$logfile = "$path/". $ARGV[1];
				165	shift @ARGV;
				166	}
				167	}
				168	else {
				169	print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
				170	}
				171	shift @ARGV;
				172	}
				173
				174	#***************************************************************************
				175	# Initialize command line option dependent variables
				176	#
				177	if(!$pidfile) {
				178	$pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
				179	}
				180	if(!$logfile) {
				181	$logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
				182	}
				183
				184	$conffile = "$path/${proto}_stunnel.conf";
				185
				186	$capath = abs_path($path);
				187	$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
				188	$certfile = abs_path($certfile);
				189
				190	my $ssltext = uc($proto) ." SSL/TLS:";
				191
				192	#***************************************************************************
				193	# Find out version info for the given stunnel binary
				194	#
				195	foreach my $veropt (('-version', '-V')) {
				196	foreach my $verstr (qx($stunnel $veropt 2>&1)) {
				197	if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
				198	$ver_major = $1;
				199	$ver_minor = $2;
				200	}
				201	elsif($verstr =~ /^sslVersion.fips = *yes/) {
				202	# the fips option causes an error if stunnel doesn't support it
				203	$fips_support = 1;
				204	last
				205	}
				206	}
				207	last if($ver_major);
				208	}
				209	if((!$ver_major) \|\| (!$ver_minor)) {
				210	if(-x "$stunnel" && ! -d "$stunnel") {
				211	print "$ssltext Unknown stunnel version\n";
				212	}
				213	else {
				214	print "$ssltext No stunnel\n";
				215	}
				216	exit 1;
				217	}
				218	$stunnel_version = (100*$ver_major) + $ver_minor;
				219
				220	#***************************************************************************
				221	# Verify minimum stunnel required version
				222	#
				223	if($stunnel_version < 310) {
				224	print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
				225	exit 1;
				226	}
				227
				228	#***************************************************************************
				229	# Find out if we are running on Windows using the tstunnel binary
				230	#
				231	if($stunnel =~ /tstunnel(\.exe)?"?$/) {
				232	$tstunnel_windows = 1;
				233
				234	# convert Cygwin/MinGW paths to Win32 format
				235	$capath = pathhelp::sys_native_abs_path($capath);
				236	$certfile = pathhelp::sys_native_abs_path($certfile);
				237	}
				238
				239	#***************************************************************************
				240	# Build command to execute for stunnel 3.X versions
				241	#
				242	if($stunnel_version < 400) {
				243	if($stunnel_version >= 319) {
				244	$socketopt = "-O a:SO_REUSEADDR=1";
				245	}
				246	$cmd = "$stunnel -p $certfile -P $pidfile ";
				247	$cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
				248	$cmd .= ($socketopt) ? "$socketopt " : "";
				249	$cmd .= ">$logfile 2>&1";
				250	if($verbose) {
				251	print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
				252	print "cmd: $cmd\n";
				253	print "pem cert file: $certfile\n";
				254	print "pid file: $pidfile\n";
				255	print "log file: $logfile\n";
				256	print "log level: $loglevel\n";
				257	print "listen on port: $accept_port\n";
				258	print "connect to port: $target_port\n";
				259	}
				260	}
				261
				262	#***************************************************************************
				263	# Build command to execute for stunnel 4.00 and newer
				264	#
				265	if($stunnel_version >= 400) {
				266	$socketopt = "a:SO_REUSEADDR=1";
				267	$cmd = "$stunnel $conffile ";
				268	$cmd .= ">$logfile 2>&1";
				269	# setup signal handler
				270	$SIG{INT} = \&exit_signal_handler;
				271	$SIG{TERM} = \&exit_signal_handler;
				272	# stunnel configuration file
				273	if(open(STUNCONF, ">$conffile")) {
				274	print STUNCONF "CApath = $capath\n";
				275	print STUNCONF "cert = $certfile\n";
				276	print STUNCONF "debug = $loglevel\n";
				277	print STUNCONF "socket = $socketopt\n";
				278	if($fips_support) {
				279	# disable fips in case OpenSSL doesn't support it
				280	print STUNCONF "fips = no\n";
				281	}
				282	if(!$tstunnel_windows) {
				283	# do not use Linux-specific options on Windows
				284	print STUNCONF "output = $logfile\n";
				285	print STUNCONF "pid = $pidfile\n";
				286	print STUNCONF "foreground = yes\n";
				287	}
				288	print STUNCONF "\n";
				289	print STUNCONF "[curltest]\n";
				290	print STUNCONF "accept = $accept_port\n";
				291	print STUNCONF "connect = $target_port\n";
				292	if(!close(STUNCONF)) {
				293	print "$ssltext Error closing file $conffile\n";
				294	exit 1;
				295	}
				296	}
				297	else {
				298	print "$ssltext Error writing file $conffile\n";
				299	exit 1;
				300	}
				301	if($verbose) {
				302	print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
				303	print "cmd: $cmd\n";
				304	print "CApath = $capath\n";
				305	print "cert = $certfile\n";
				306	print "debug = $loglevel\n";
				307	print "socket = $socketopt\n";
				308	if($fips_support) {
				309	print "fips = no\n";
				310	}
				311	if(!$tstunnel_windows) {
				312	print "pid = $pidfile\n";
				313	print "output = $logfile\n";
				314	print "foreground = yes\n";
				315	}
				316	print "\n";
				317	print "[curltest]\n";
				318	print "accept = $accept_port\n";
				319	print "connect = $target_port\n";
				320	}
				321	}
				322
				323	#***************************************************************************
				324	# Set file permissions on certificate pem file.
				325	#
				326	chmod(0600, $certfile) if(-f $certfile);
				327
				328	#***************************************************************************
				329	# Run tstunnel on Windows.
				330	#
				331	if($tstunnel_windows) {
				332	# Fake pidfile for tstunnel on Windows.
				333	if(open(OUT, ">$pidfile")) {
				334	print OUT $$ . "\n";
				335	close(OUT);
				336	}
				337
				338	# Put an "exec" in front of the command so that the child process
				339	# keeps this child's process ID.
				340	exec("exec $cmd") \|\| die "Can't exec() $cmd: $!";
				341
				342	# exec() should never return back here to this process. We protect
				343	# ourselves by calling die() just in case something goes really bad.
				344	die "error: exec() has returned";
				345	}
				346
				347	#***************************************************************************
				348	# Run stunnel.
				349	#
				350	my $rc = system($cmd);
				351
				352	$rc >>= 8;
				353
				354	unlink($conffile) if($conffile && -f $conffile);
				355
				356	exit $rc;