File: cert_no_file.t

package info (click to toggle)
libio-socket-ssl-perl 2.002-2%2Bdeb8u3
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 1,348 kB
  • sloc: perl: 14,412; makefile: 4
file content (109 lines) | stat: -rw-r--r-- 2,908 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
#!perl
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl t/nonblock.t'

# Tests the use if SSL_cert instead of SSL_cert_file
# because Net::SSLeay does not implement the necessary functions
# to create a X509 from file/string (PEM_read_bio_X509) I just
# create a server with SSL_cert_file and get the X509 from it using
# Net::SSLeay::get_certificate.
# Test should also test if SSL_cert is an array of X509*
# and if SSL_key is an EVP_PKEY* but with the current function in
# Net::SSLeay I don't see a way to test it

use strict;
use warnings;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";

$|=1;
print "1..9\n";

my $ID = 'server';
my %server_args = (
    LocalAddr => '127.0.0.1',
    LocalPort => 0,
    Listen => 2,
    SSL_server => 1,
    SSL_verify_mode => 0x00,
    SSL_ca_file => "certs/test-ca.pem",
    SSL_key_file => "certs/client-key.pem",
);

my ($x509,@server);
foreach my $test ( 1,2,3 ) {
    my %args = %server_args;
    my $spec;
    if ( $test == 1 ) {
	# 1st test:  create server with SSL_cert_file
	$args{SSL_cert_file} = "certs/client-cert.pem";
	$spec = 'Using SSL_cert_file';
    } elsif ( $test == 2 ) {
	# 2nd test:  use x509 from previous server
	# with SSL_cert instead of SSL_cert_file
	$args{SSL_cert} = $x509;
	$spec = 'Using SSL_cert';
    } elsif ( $test == 3 ) {
	# 3rd test: empty SSL_cert, so that default
	# SSL_cert_file gets not used
	# server creation should fail
	$spec = 'Empty SSL_cert';
	$args{SSL_cert} = undef;
    }

    # create server
    my $server = IO::Socket::SSL->new( %args ) || do {
	notok( "$spec: $!" );
	next;
    };

    my $saddr = $server->sockhost.':'.$server->sockport;
    ok("Server Initialization $spec");
    push @server,$server;

    # then connect to it from a child
    defined( my $pid = fork() ) || die $!;
    if ( $pid == 0 ) {
	close($server);
	$ID = 'client';

	my $to_server = IO::Socket::SSL->new(
	    PeerAddr => $saddr,
	    SSL_verify_mode => 0x00,
	);
	if ( $test == 3 ) {
	    notok( "$spec: connect succeeded" ) if $to_server;
	    ok( "$spec: connect failed" );
	    exit;
	} elsif ( ! $to_server ) {
	    notok( "connect failed: $!" );
	    exit
	};
	ok( "client connected $spec" );
	<$to_server>; # wait for close from parent
	exit;
    }

    my $to_client = $server->accept;
    if ( $test == 3 ) {
	notok( "$spec: accept succeeded" ) if $to_client;
	ok( "$spec: accept failed" );
    } elsif ( ! $to_client ) {
	notok( "$spec: accept failed: $!" );
	kill(9,$pid);
    } else {
	ok( "Server accepted $spec" );
	# save the X509 certificate from the server
	$x509 ||= Net::SSLeay::get_certificate($to_client->_get_ssl_object);
    }

    close($to_client) if $to_client;
    wait;
}



sub ok { print "ok # [$ID] @_\n"; }
sub notok { print "not ok # [$ID] @_\n"; }