1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#!/usr/bin/env perl
use strict;
use warnings;
use Socket;
use WgetFeature qw(https);
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
# Skip the test if openssl is not available
my $ossl = `openssl version`;
unless ($ossl =~ m/OpenSSL 1/)
{
exit 77;
}
my $srcdir;
if (@ARGV) {
$srcdir = shift @ARGV;
} elsif (defined $ENV{srcdir}) {
$srcdir = $ENV{srcdir};
}
$srcdir = Cwd::abs_path("$srcdir");
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "WgetTestingServer";
$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
my $addr = gethostbyname($testhostname);
unless ($addr)
{
warn "Failed to resolve $addr, using $srcdir/certs/wgethosts\n";
exit 77;
}
unless (inet_ntoa($addr) =~ "127.0.0.1")
{
warn "Failed to resolve $$addr, using $srcdir/certs/wgethosts\n";
exit 77;
}
my $cacrt = "$srcdir/certs/test-ca-cert.pem";
my $cakey = "$srcdir/certs/test-ca-key.pem";
# Use a revoked certificate
my $servercrt = "$srcdir/certs/revoked.crt";
my $serverkey = "$srcdir/certs/revoked.key";
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are correct.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL first without --no-check-certificate. Expect Success.
my $port = 32443;
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:$port/somefile.txt";
my $expected_error_code = 0;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname,
sslport => $port);
if ($sslsock->run() != 0)
{
exit -1;
}
# Revoke the certificate
my $crlfile = "$srcdir/certs/revokedcrl.pem";
# Check if CRL file is generated.
unless(-e $crlfile)
{
exit 77; # skip
}
# To read a CRL file use the following command:
# openssl crl -text -in $srcdir/certs/root.crl.pem
# Retry the test with CRL. Expect Failure.
$port = 23443;
$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
" --ca-certificate=$cacrt".
" https://$testhostname:$port/somefile.txt";
$expected_error_code = 5;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname,
sslport => $port);
if ($retryssl->run() == 0)
{
exit -1;
}
else
{
print "Test successful.\n";
exit 0;
}
# vim: et ts=4 sw=4
|
