blob: 3d1e5606ed7aec5964c2db570a808efc834d22cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
# Assumptions:
# available TCP ports on 127.0.0.1: 50022
echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server (@) {
++$n;
print STDERR "log: Hello, World! ($n): @_\n";
print "Hello, World! ($n): @_\n";
$n > 1 and exit(0);
}
1;
' > hello.pm
sanitize() {
sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \
-e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \
-e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \
-e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \
-e 's/^TCP6REMOTEPORT=.*/TCP6REMOTEPORT=.../' \
-e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \
-e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \
-e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \
-e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \
-e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../' \
-e 's/^SSL_PROTOCOL=TLSv1.*/SSL_PROTOCOL=TLSv1.../'
}
sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
3< $CADIR/127.0.0.1.pw >log.50022 2>&1 &
pid_50022=$!
sleep 2
echo '--- sslperl works'
{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
echo $?
} | sanitize
{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
echo $?
} | sanitize
{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
echo $?
} | sanitize
{ sslclient -R -N -H -T 10 -l Local -X -4 0 50022 sh -c 'cat <&6'
echo $?
} | sanitize
echo '--- sslperl prints usage message without enough arguments'
sslperl 0; echo $?
echo '--- sslperl prints error message with unknown port name'
sslperl 0 nonexistentport echo wrong; echo $?
echo '--- sslperl prints error message with unknown host name'
sslperl nonexistent.local. 016 echo wrong; echo $?
echo '--- sslperl prints error message with unresolvable host name'
sslperl thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50022 echo wrong; echo $?
echo '--- sslperl prints error message with non-local host name'
( sslperl 1.2.3.4 016 echo wrong 2>&1
echo $?
) | sed -e 's/unable to bind: .*$/unable to bind: .../'
kill -TERM $pid_50022
wait $pid_50022
echo '--- sslperl preserves environment'
echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server () {
print STDERR "log: NOW=$ENV{NOW}\n";
print STDERR "log: changed environment\n";
print " changed environment\n";
$ENV{'HERE'} = 'NOW';
}
1;
' > hello.pm
sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 &
pid_50022=$!
sleep 2
{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
echo $?
} | sanitize
kill -TERM $pid_50022
wait $pid_50022
echo '--- sslperl handles larger requests'
echo 'package Embedded::test;
my $n = 0;
$| = 1;
sub server (@) {
print @_;
while(<>) {
print $_;
}
}
1;
' > echo.pm
sslperl -w 2 \
-s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-a -A \
127.0.0.1 50022 echo.pm 'Embedded::test::server' here you are \
3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 &
pid_50022=$!
sleep 2
( exec 2>&1
exec 3< $CADIR/localhost.pw
{ for i in 0 1 2 3 4 5 6 7 8 9
do
for j in 0 1 2 3 4 5 6 7 8 9
do
for k in 0 1 2 3 4 5 6 7 8 9
do
echo "abcdefghijklmnopqrstuvwxyz"
echo "abcdefghijklmnopqrstuvwxyz"
echo "abcdefghijklmnopqrstuvwxyz"
echo "abcdefghijklmnopqrstuvwxyz"
done
done
done
} | sslconnect 127.0.0.1 50022 -v -s \
-a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 >/dev/null
echo $?
) | sanitize
kill -TERM $pid_50022
wait $pid_50022
echo '--- sslserver -1v prints proper messages'
cat log.50022 | \
sed -e 's/::.*/::x/' -e 's/ [0-9]* / x /' \
-e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \
-e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \
-e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \
-e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \
-e 's} key x .*/\([^/]*\)} key x xxx/\1}' \
-e 's/ dhparam x .*/ dhparam x xxx/' \
-e 's/ ecdhparam x .*/ ecdhparam x xxx/' \
-e 's/ speak TLS: .*/ speak TLS: .../' \
-e 's/ accept TLS: .*/ accept TLS: .../' \
-e 's/ done [0-9]*$/ done .../'
|
