use strict;
use warnings FATAL => 'all';

use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;

plan tests => 4, need 'ssl';

# This test case attempts only one type of attack which is possible
# due to the TLS renegotiation vulnerability, CVE-2009-3555.  A
# specific defense against this attack was added to mod_ssl in
# r891282.  For more information, see the dev@httpd thread beginning
# at message ID <4B01BD20.1060300@adnovum.ch>.

Apache::TestRequest::set_client_cert("client_ok");

Apache::TestRequest::module('mod_ssl');

my $sock = Apache::TestRequest::vhost_socket('mod_ssl');

if ($sock && $sock->connected && $sock->get_sslversion() eq "TLSv1_3") {
    skip "Skipping test for TLSv1.3" foreach(1..4);
    exit;
}

ok $sock && $sock->connected;


my $req = "GET /require/asf/ HTTP/1.1\r\n".
   "Host: " . Apache::TestRequest::hostport() . "\r\n".
    "\r\n".
    "GET /this/is/a/prefix/injection/attack HTTP/1.0\r\n".
    "Host: " . Apache::TestRequest::hostport() . "\r\n".
    "\r\n";

ok $sock->print($req);

my $line = Apache::TestRequest::getline($sock) || '';

ok t_cmp($line, qr{^HTTP/1\.. 200}, "read first response-line");

my $rv = 0;

do {
    $line = Apache::TestRequest::getline($sock) || '';
    $line = super_chomp($line);
    print "# line: $line\n";
    if ($line eq "Connection: close") {
        $rv = 1;
    }
} until ($line eq "");

ok $rv, 1, "expected Connection: close header in response";

sub super_chomp {
    my ($body) = shift;

    ## super chomp - all leading and trailing \n (and \r for win32)
    $body =~ s/^[\n\r]*//;
    $body =~ s/[\n\r]*$//;
    ## and all the rest change to spaces
    $body =~ s/\n/ /g;
    $body =~ s/\r//g; #rip out all remaining \r's

    $body;
}