File: sni.t

package info (click to toggle)
libio-socket-ssl-perl 2.095-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,180 kB
  • sloc: perl: 21,762; makefile: 4
file content (94 lines) | stat: -rw-r--r-- 2,514 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
#!perl

use strict;
use warnings;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";

if ( ! IO::Socket::SSL->can_server_sni() ) {
    print "1..0 # skipped because no server side SNI support - openssl/Net::SSleay too old\n";
    exit;
}

if ( ! IO::Socket::SSL->can_client_sni() ) {
    print "1..0 # skipped because no client side SNI support - openssl/Net::SSleay too old\n";
    exit;
}

print "1..17\n";
my $server = IO::Socket::SSL->new(
    LocalAddr => '127.0.0.1',
    Listen => 2,
    ReuseAddr => 1,
    SSL_server => 1,
    SSL_ca_file => "t/certs/test-ca.pem",
    SSL_cert_file => {
	'server.local' => 't/certs/server-cert.pem',
	'server2.local' => 't/certs/server2-cert.pem',
	'smtp.mydomain.local' => "t/certs/server-wildcard.pem",
	'' => "t/certs/server-wildcard.pem",
    },
    SSL_key_file => {
	'server.local' => 't/certs/server-key.pem',
	'server2.local' => 't/certs/server2-key.pem',
	'smtp.mydomain.local' => "t/certs/server-wildcard.pem",
	'' => "t/certs/server-wildcard.pem",
    },
);

warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server;
print "not ok\n", exit if !$server;
print "ok # Server Initialization\n";
my $saddr = $server->sockhost.':'.$server->sockport;

# www13.other.local should match default ''
# all other should match the specific entries
my @tests = qw(
    server.local
    server2.local
    smtp.mydomain.local
    www13.other.local
);

defined( my $pid = fork() ) || die $!;
if ( $pid == 0 ) {
    close($server);

    for my $host (@tests) {
	my $client = IO::Socket::SSL->new(
	    PeerAddr => $saddr,
	    Domain => AF_INET,
	    SSL_verify_mode => 1,
	    SSL_hostname => $host,
	    SSL_ca_file => 't/certs/test-ca.pem',
	);
	if ($client) {
	    print "ok # client ssl connect $host\n";
	    $client->verify_hostname($host,'http') or print "not ";
	    print "ok # client verify hostname in cert $host\n";
	    # wait for server to send something to make sure finished accept
	    <$client>;
	} else {
	    print "not ok # client ssl connect $host - $SSL_ERROR\n";
	    print "ok # skip connect failed\n";
	}
    }
    exit;
}

for my $host (@tests) {
    my $csock = $server->accept;
    if ($csock) {
	print "ok # server accept\n";
	my $name = $csock->get_servername;
	print "not " if ! $name or $name ne $host;
	print "ok # server got SNI name $host\n";
	print $csock "hi\n";
    } else {
	print "not ok # server accept - $SSL_ERROR\n";
	print "ok # skip accept failed\n";
    }
}
wait;