File: sni_verify.t

package info (click to toggle)
libio-socket-ssl-perl 2.002-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 1,012 kB
  • sloc: perl: 14,405; makefile: 4
file content (84 lines) | stat: -rw-r--r-- 2,251 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
#!perl

use strict;
use warnings;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";

if ( ! IO::Socket::SSL->can_server_sni() ) {
    print "1..0 # skipped because no server side SNI support - openssl/Net::SSleay too old\n";
    exit;
}

if ( ! IO::Socket::SSL->can_client_sni() ) {
    print "1..0 # skipped because no client side SNI support - openssl/Net::SSleay too old\n";
    exit;
}

print "1..17\n";
my $server = IO::Socket::SSL->new(
    LocalAddr => '127.0.0.1',
    Listen => 2,
    ReuseAddr => 1,
    SSL_server => 1,
    SSL_ca_file => "certs/test-ca.pem",
    SSL_cert_file => {
	'server.local' => 'certs/server-cert.pem',
	'client.local' => 'certs/client-cert.pem',
	'smtp.mydomain.local' => "certs/server-wildcard.pem",
	'' => "certs/server-wildcard.pem",
    },
    SSL_key_file => {
	'server.local' => 'certs/server-key.pem',
	'client.local' => 'certs/client-key.pem',
	'smtp.mydomain.local' => "certs/server-wildcard.pem",
	'' => "certs/server-wildcard.pem",
    },
    SSL_verify_mode => 1
);

warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server;
print "not ok\n", exit if !$server;
print "ok # Server Initialization\n";
my $saddr = $server->sockhost.':'.$server->sockport;

# www13.other.local should match default ''
# all other should match the specific entries
my @tests = qw(
    server.local
    client.local
    smtp.mydomain.local
    www13.other.local
);

defined( my $pid = fork() ) || die $!;
if ( $pid == 0 ) {
    close($server);

    for my $host (@tests) {
	my $client = IO::Socket::SSL->new(
	    PeerAddr => $saddr,
	    SSL_verify_mode => 1,
	    SSL_hostname => $host,
	    SSL_ca_file => 'certs/my-ca.pem',
	    SSL_cert_file => 'certs/client-cert.pem',
	    SSL_key_file => 'certs/client-key.pem',
	) || print "not ";
	print "ok # client ssl connect $host\n";

	$client->verify_hostname($host,'http') or print "not ";
	print "ok # client verify hostname in cert $host\n";
    }
    exit;
}

for my $host (@tests) {
    my $csock = $server->accept or print "not ";
    print "ok # server accept\n";
    my $name = $csock->get_servername;
    print "not " if ! $name or $name ne $host;
    print "ok # server got SNI name $host\n";
}
wait;