Imported Upstream version 1.19.2upstream/1.19.2

author: DongHun Kwak <dh0128.kwak@samsung.com> 2021-03-05 10:08:20 +0900
committer: DongHun Kwak <dh0128.kwak@samsung.com> 2021-03-05 10:08:20 +0900
commit: afd456999b076e5e6505dd5ca6942a5e7471c70c (patch)
tree: 9ee11bda8c1d6ada1938b0324ed01a2d99e99178 /tests/Test-https-badcerts.px
parent: 429760a22c7e2ff8a2de69744b04aa4b2f202119 (diff)
download: wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.gz
wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.bz2
wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.zip
1 files changed, 139 insertions, 0 deletions
diff --git a/tests/Test-https-badcerts.px b/tests/Test-https-badcerts.px
new file mode 100644
index 0000000..68cd142
--- /dev/null
+++ b/tests/Test-https-badcerts.px
@@ -0,0 +1,139 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use POSIX;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+    '/somefile.txt' => {
+        code => "200",
+        msg => "Dontcare",
+        headers => {
+            "Content-type" => "text/plain",
+        },
+        content => "blabla",
+    },
+);
+
+# Skip the test if openssl is not available
+my $ossl = `openssl version`;
+unless ($ossl =~ m/OpenSSL 1/)
+{
+  exit 77;
+}
+
+my $srcdir;
+if (@ARGV) {
+    $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+    $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+    warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
+    exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+    warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
+    exit 77;
+}
+
+my $caconf     = "$srcdir/certs/rootca.conf";
+my $cacrt      = "$srcdir/certs/test-ca-cert.pem";
+my $cakey      = "$srcdir/certs/test-ca-key.pem";
+
+# Use expired server certificate
+my $servercrt  = "$srcdir/certs/expired.crt";
+my $serverkey  = "$srcdir/certs/expired.key";
+
+my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+                   openssl rsa  -noout -modulus -in $serverkey | openssl md5) |
+                   uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+    exit 77; # skip
+}
+
+# Try Wget using SSL with expired cert. Expect Failure.
+my $port    = 30443;
+my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+                                    " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+  'somefile.txt' => {
+    content => "blabla",
+  },
+);
+
+my $sslsock = SSLTest->new(cmdline   => $cmdline,
+                           input     => \%urls,
+                           errcode   => $expected_error_code,
+                           existing  => \%existing_files,
+                           output    => \%expected_downloaded_files,
+                           certfile  => $servercrt,
+                           keyfile   => $serverkey,
+                           lhostname => $testhostname,
+                           sslport   => $port);
+if ($sslsock->run() == 0)
+{
+  exit -1;
+}
+print "Test successful.\n";
+
+# Use certificate that is not yet valid
+$servercrt  = "$srcdir/certs/invalid.crt";
+$serverkey  = "$srcdir/certs/invalid.key";
+
+$servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
+                openssl rsa  -noout -modulus -in $serverkey | openssl md5) |
+                uniq | wc -l`;
+# Check if certificate and key are made correctly.
+unless(-e $servercrt && -e $serverkey && $servercheck == 1)
+{
+    exit 77; # skip
+}
+
+
+# Retry the test with --no-check-certificate. expect success
+$port    = 20443;
+$cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
+                                 " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 5;
+
+my $retryssl = SSLTest->new(cmdline  => $cmdline,
+                           input     => \%urls,
+                           errcode   => $expected_error_code,
+                           existing  => \%existing_files,
+                           output    => \%expected_downloaded_files,
+                           certfile  => $servercrt,
+                           keyfile   => $serverkey,
+                           lhostname => $testhostname,
+                           sslport   => $port);
+if ($retryssl->run() == 0)
+{
+  exit 0;
+}
+else
+{
+  exit -1;
+}
+# vim: et ts=4 sw=4
author	DongHun Kwak <dh0128.kwak@samsung.com>	2021-03-05 10:08:20 +0900
committer	DongHun Kwak <dh0128.kwak@samsung.com>	2021-03-05 10:08:20 +0900
commit	afd456999b076e5e6505dd5ca6942a5e7471c70c (patch)
tree	9ee11bda8c1d6ada1938b0324ed01a2d99e99178 /tests/Test-https-badcerts.px
parent	429760a22c7e2ff8a2de69744b04aa4b2f202119 (diff)
download	wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.gz wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.tar.bz2 wget-afd456999b076e5e6505dd5ca6942a5e7471c70c.zip