summaryrefslogtreecommitdiffstats
path: root/tests/Test-https-weboftrust.px
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xtests/Test-https-weboftrust.px128
1 files changed, 128 insertions, 0 deletions
diff --git a/tests/Test-https-weboftrust.px b/tests/Test-https-weboftrust.px
new file mode 100755
index 0000000..38d61bc
--- /dev/null
+++ b/tests/Test-https-weboftrust.px
@@ -0,0 +1,128 @@
+#!/usr/bin/env -S perl -I .
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# TODO: regenerate the certs with endless lifetime
+exit 77;
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+ exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $testhostname, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Unexpected IP for localhost: ".inet_ntoa($addr)."\n";
+ exit 77;
+}
+
+# Use Intermediate CA
+my $caconf = "$srcdir/certs/rootca.conf";
+my $icrtfile = "$srcdir/certs/interca.crt";
+my $ikeyfile = "$srcdir/certs/interca.key";
+
+my $icacheck=`(openssl x509 -noout -modulus -in $icrtfile | openssl md5 ;
+ openssl rsa -noout -modulus -in $ikeyfile | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are correct.
+unless(-e $icrtfile && -e $ikeyfile && $icacheck == 1)
+{
+ exit 77; # skip
+}
+
+# User certificate using intermediate CA
+my $usrcrt = "$srcdir/certs/user.crt";
+my $usrkey = "$srcdir/certs/user.key";
+
+my $usrcheck=`(openssl x509 -noout -modulus -in $usrcrt | openssl md5 ;
+ openssl rsa -noout -modulus -in $usrkey | openssl md5) |
+ uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1)
+{
+ exit 77; # skip
+}
+
+# Try Wget using SSL using certificate signed by intermediate CA. Expect error.
+my $port = 30443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/".
+ "test-ca-cert.pem https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ certfile => $usrcrt,
+ keyfile => $usrkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit 0;
+}
+
+# Retry the test with --no-check-certificate. expect success
+$port = 31443;
+$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/wotca.pem".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 0;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $usrcrt,
+ keyfile => $usrkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4