File: auto_verify_hostname.t

package info (click to toggle)
libio-socket-ssl-perl 1.33-1%2Bsqueeze1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 364 kB
  • ctags: 100
  • sloc: perl: 2,998; makefile: 2
file content (108 lines) | stat: -rw-r--r-- 2,629 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
#!perl -w

use strict;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;

if ( grep { $^O =~m{$_} } qw( MacOS VOS vmesa riscos amigaos ) ) {
	print "1..0 # Skipped: fork not implemented on this platform\n";
	exit
}

# subjectAltNames are not supported or buggy in older versions,
# so certificates cannot be checked
if ( $Net::SSLeay::VERSION < 1.33 ) {
	print "1..0 # Skipped because of \$Net::SSLeay::VERSION= $Net::SSLeay::VERSION <1.33\n";
	exit;
}

use vars qw( $SSL_SERVER_ADDR );
do "t/ssl_settings.req" || do "ssl_settings.req";

$|=1;
print "1..30\n";

my $server = IO::Socket::SSL->new(
	LocalAddr => $SSL_SERVER_ADDR,
	Listen => 2,
	ReuseAddr => 1,
	SSL_server => 1,
	SSL_ca_file => "certs/test-ca.pem",
	SSL_cert_file => "certs/server-wildcard.pem",
	SSL_key_file => "certs/server-wildcard.pem",
);
warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server;
print "not ok\n", exit if !$server;
ok("Server Initialization");
my $SSL_SERVER_PORT = $server->sockport;

defined( my $pid = fork() ) || die $!;
if ( $pid == 0 ) {
	while (1) {
		my $csock = $server->accept || next;
		print $csock "hallo\n";
	}
}

close($server);
my @tests = qw(
	example.com      www FAIL
	server.local     ldap OK
	server.local     www FAIL
	bla.server.local www OK
	www7.other.local www OK
	www7.other.local ldap FAIL
	bla.server.local ldap OK
);

for( my $i=0;$i<@tests;$i+=3 ) {
	my ($name,$scheme,$result) = @tests[$i,$i+1,$i+2];
	my $cl = IO::Socket::SSL->new(
		SSL_ca_file => 'certs/test-ca.pem',
		PeerAddr => "$SSL_SERVER_ADDR:$SSL_SERVER_PORT",
		SSL_verify_mode => 1,
		SSL_verifycn_scheme => $scheme,
		SSL_verifycn_name => $name,
	);
	if ( $result eq 'FAIL' ) {
		print "not " if $cl;
		ok( "connection to $name/$scheme failed" );
	} else {
		print "not " if !$cl;
		ok( "connection to $name/$scheme succeeded" );
	}
	$cl || next;
	print "not " if <$cl> ne "hallo\n";
	ok( "received hallo" );
}

for( my $i=0;$i<@tests;$i+=3 ) {
	my ($name,$scheme,$result) = @tests[$i,$i+1,$i+2];
	my $cl = IO::Socket::INET->new(
		PeerAddr => "$SSL_SERVER_ADDR:$SSL_SERVER_PORT",
	) || print "not ";
	ok( "tcp connect" );
	$cl = IO::Socket::SSL->start_SSL( $cl,
		SSL_ca_file => 'certs/test-ca.pem',
		SSL_verify_mode => 1,
		SSL_verifycn_scheme => $scheme,
		SSL_verifycn_name => $name,
	);
	if ( $result eq 'FAIL' ) {
		print "not " if $cl;
		ok( "ssl upgrade of connection to $name/$scheme failed" );
	} else {
		print "not " if !$cl;
		ok( "ssl upgrade of connection to $name/$scheme succeeded" );
	}
	$cl || next;
	print "not " if <$cl> ne "hallo\n";
	ok( "received hallo" );
}

kill(9,$pid);
wait;

sub ok { print "ok #$_[0]\n"; }