1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#!/usr/bin/env -S perl -I .
use strict;
use warnings;
use Socket;
use WgetFeature qw(https);
use SSLTest;
###############################################################################
# TODO: regenerate the certs with endless lifetime
exit 77;
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
# Skip the test if openssl is not available
my $ossl = `openssl version`;
unless ($ossl =~ m/OpenSSL 1/)
{
exit 77;
}
my $srcdir;
if (@ARGV) {
$srcdir = shift @ARGV;
} elsif (defined $ENV{srcdir}) {
$srcdir = $ENV{srcdir};
}
$srcdir = Cwd::abs_path("$srcdir");
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "WgetTestingServer";
$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
my $addr = gethostbyname($testhostname);
unless ($addr)
{
warn "Failed to resolve $testhostname, using $srcdir/certs/wgethosts\n";
exit 77;
}
unless (inet_ntoa($addr) =~ "127.0.0.1")
{
warn "Unexpected IP for localhost: ".inet_ntoa($addr)."\n";
exit 77;
}
# Use Intermediate CA
my $caconf = "$srcdir/certs/rootca.conf";
my $icrtfile = "$srcdir/certs/interca.crt";
my $ikeyfile = "$srcdir/certs/interca.key";
my $icacheck=`(openssl x509 -noout -modulus -in $icrtfile | openssl md5 ;
openssl rsa -noout -modulus -in $ikeyfile | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are correct.
unless(-e $icrtfile && -e $ikeyfile && $icacheck == 1)
{
exit 77; # skip
}
# User certificate using intermediate CA
my $usrcrt = "$srcdir/certs/user.crt";
my $usrkey = "$srcdir/certs/user.key";
my $usrcheck=`(openssl x509 -noout -modulus -in $usrcrt | openssl md5 ;
openssl rsa -noout -modulus -in $usrkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL using certificate signed by intermediate CA. Expect error.
my $port = 30443;
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/".
"test-ca-cert.pem https://$testhostname:$port/somefile.txt";
my $expected_error_code = 5;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
certfile => $usrcrt,
keyfile => $usrkey,
lhostname => $testhostname,
sslport => $port);
if ($sslsock->run() == 0)
{
exit 0;
}
# Retry the test with --no-check-certificate. expect success
$port = 31443;
$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$srcdir/certs/wotca.pem".
" https://$testhostname:$port/somefile.txt";
$expected_error_code = 0;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $usrcrt,
keyfile => $usrkey,
lhostname => $testhostname,
sslport => $port);
exit $retryssl->run();
# vim: et ts=4 sw=4
|