From 2b728bdd6df8968d1dae92856ac5ebed85d71d2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 14 May 2014 10:36:50 +0200
Subject: [PATCH] Generate keys and certificates at test-time
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes <https://rt.cpan.org/Public/Bug/Display.html?id=88998>.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 Makefile.PL    |  2 ++
 t/testmodule.t | 38 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

--- a/Makefile.PL
+++ b/Makefile.PL
@@ -9,6 +9,11 @@
   'NAME'	=> 'HTTP::Daemon::SSL',
   'VERSION_FROM' => 'SSL.pm',
   'DISTNAME' => 'HTTP-Daemon-SSL',
+  'BUILD_REQUIRES' => {
+      'HTTP::Daemon' => 1.0,
+      'IO::Socket::SSL' => 0.93,
+      'IO::Socket::SSL::Utils' => 0,
+     },
   'PREREQ_PM' => {
       'HTTP::Daemon' => 1.0,
       'IO::Socket::SSL' => 0.93,
--- a/t/testmodule.t
+++ b/t/testmodule.t
@@ -4,10 +4,11 @@
 
 use HTTP::Daemon::SSL;
 use HTTP::Status;
+use IO::Socket::SSL::Utils;
 eval {require "t/ssl_settings.req";} ||
 eval {require "ssl_settings.req";};
 
-$numtests = 9;
+$numtests = 14;
 $|=1;
 $SIG{PIPE}='IGNORE';
 
@@ -22,32 +23,62 @@
 
 $test = 0;
 
+my ($ca_cert, $ca_key) = CERT_create(
+    subject => { commonName => 'Dummy IO::Socket::SSL Certificate Authority' },
+    CA => 1,
+);
+(defined $ca_cert and defined $ca_key) || print 'not ';
+&ok('authority certificate generated');
+
+my ($server_cert, $server_key) = CERT_create(
+    subject => { commonName => 'IO::Socket::SSL Dummy Server Certificate' },
+    CA => 0,
+    issuer_cert => $ca_cert,
+    issuer_key => $ca_key,
+);
+(defined $server_cert and defined $server_key) || print 'not ';
+&ok('server certificate generated');
+
+eval { PEM_cert2file($ca_cert, 'certs/test-ca.pem') };
+(!$@ and -s 'certs/test-ca.pem') || print 'not ';
+&ok('authority certificate saved');
+
+PEM_cert2file($server_cert, 'certs/server-cert.pem');
+(!$@ and -s 'certs/server-cert.pem') || print 'not ';
+&ok('server certificate saved');
+
+PEM_key2file($server_key, 'certs/server-key.pem');
+(!$@ and -s 'certs/server-key.pem') || print 'not ';
+&ok('server key saved');
+
+# freeing fails now <https://bugzilla.redhat.com/show_bug.cgi?id=1097640>
+#CERT_free($ca_cert);
+#KEY_free($ca_key);
+#CERT_free($server_cert);
+#KEY_free($server_key);
+
 my $server = new HTTP::Daemon::SSL(
 				   LocalAddr => $SSL_SERVER_ADDR,
 				   Listen => 5,
 				   Timeout => 30,
 				   ReuseAddr => 1,
+				   SSL_cipher_list => 'ALL:!LOW',
 				   SSL_verify_mode => 0x00,
 				   SSL_ca_file => "certs/test-ca.pem",
+				   SSL_key_file => "certs/server-key.pem",
 				   SSL_cert_file => "certs/server-cert.pem");
 
 if (!$server) {
     print "not ok $test\n";
     exit;
 }
+
 $SSL_SERVER_PORT = $server->sockport;
 &ok("server init port=$SSL_SERVER_PORT");
 
 
-print "not " if (!defined fileno($server));
-&ok("server fileno");
-
-print "not " unless ($server->url =~ m!^https:!);
-&ok("server url test");
-
-
 unless (fork) {
-    close($server);
+    sleep 1;
 
     my $client = new IO::Socket::INET(PeerAddr => $SSL_SERVER_ADDR,
 				      PeerPort => $SSL_SERVER_PORT);
@@ -76,6 +107,12 @@
 }
 
 
+print "not " if (!defined fileno($server));
+&ok("server fileno");
+
+print "not " unless ($server->url =~ m!^https:!);
+&ok("server url test");
+
 my $conn;
 if (!($conn = $server->accept)) {
     # first client request is a bad request