# Assumptions: # available TCP ports on 127.0.0.1: 50022 echo 'package Embedded::test; my $n = 0; $| = 1; sub server (@) { ++$n; print STDERR "log: Hello, World! ($n): @_\n"; print "Hello, World! ($n): @_\n"; $n > 1 and exit(0); } 1; ' > hello.pm sanitize() { sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \ -e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \ -e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \ -e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \ -e 's/^TCP6REMOTEPORT=.*/TCP6REMOTEPORT=.../' \ -e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \ -e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \ -e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \ -e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \ -e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../' \ -e 's/^SSL_PROTOCOL=TLSv1.*/SSL_PROTOCOL=TLSv1.../' } sslperl -w 2 \ -s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \ -a -A \ 127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \ 3< $CADIR/127.0.0.1.pw >log.50022 2>&1 & pid_50022=$! sleep 2 echo '--- sslperl works' { sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6' echo $? } | sanitize { sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6' echo $? } | sanitize { sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6' echo $? } | sanitize { sslclient -R -N -H -T 10 -l Local -X -4 0 50022 sh -c 'cat <&6' echo $? } | sanitize echo '--- sslperl prints usage message without enough arguments' sslperl 0; echo $? echo '--- sslperl prints error message with unknown port name' sslperl 0 nonexistentport echo wrong; echo $? echo '--- sslperl prints error message with unknown host name' sslperl nonexistent.local. 016 echo wrong; echo $? echo '--- sslperl prints error message with unresolvable host name' sslperl thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50022 echo wrong; echo $? echo '--- sslperl prints error message with non-local host name' ( sslperl 1.2.3.4 016 echo wrong 2>&1 echo $? ) | sed -e 's/unable to bind: .*$/unable to bind: .../' kill -TERM $pid_50022 wait $pid_50022 echo '--- sslperl preserves environment' echo 'package Embedded::test; my $n = 0; $| = 1; sub server () { print STDERR "log: NOW=$ENV{NOW}\n"; print STDERR "log: changed environment\n"; print " changed environment\n"; $ENV{'HERE'} = 'NOW'; } 1; ' > hello.pm sslperl -w 2 \ -s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \ -a -A \ 127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \ 3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 & pid_50022=$! sleep 2 { sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6' echo $? } | sanitize kill -TERM $pid_50022 wait $pid_50022 echo '--- sslperl handles larger requests' echo 'package Embedded::test; my $n = 0; $| = 1; sub server (@) { print @_; while(<>) { print $_; } } 1; ' > echo.pm sslperl -w 2 \ -s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \ -a -A \ 127.0.0.1 50022 echo.pm 'Embedded::test::server' here you are \ 3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 & pid_50022=$! sleep 2 ( exec 2>&1 exec 3< $CADIR/localhost.pw { for i in 0 1 2 3 4 5 6 7 8 9 do for j in 0 1 2 3 4 5 6 7 8 9 do for k in 0 1 2 3 4 5 6 7 8 9 do echo "abcdefghijklmnopqrstuvwxyz" echo "abcdefghijklmnopqrstuvwxyz" echo "abcdefghijklmnopqrstuvwxyz" echo "abcdefghijklmnopqrstuvwxyz" done done done } | sslconnect 127.0.0.1 50022 -v -s \ -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 >/dev/null echo $? ) | sanitize kill -TERM $pid_50022 wait $pid_50022 echo '--- sslserver -1v prints proper messages' cat log.50022 | \ sed -e 's/::.*/::x/' -e 's/ [0-9]* / x /' \ -e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \ -e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \ -e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \ -e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \ -e 's} key x .*/\([^/]*\)} key x xxx/\1}' \ -e 's/ dhparam x .*/ dhparam x xxx/' \ -e 's/ ecdhparam x .*/ ecdhparam x xxx/' \ -e 's/ speak TLS: .*/ speak TLS: .../' \ -e 's/ accept TLS: .*/ accept TLS: .../' \ -e 's/ done [0-9]*$/ done .../'