1#!perl -w 2 3use strict; 4use Net::SSLeay; 5use Socket; 6use IO::Socket::SSL; 7 8if ( grep { $^O =~m{$_} } qw( MacOS VOS vmesa riscos amigaos ) ) { 9 print "1..0 # Skipped: fork not implemented on this platform\n"; 10 exit 11} 12 13# subjectAltNames are not supported or buggy in older versions, 14# so certificates cannot be checked 15if ( $Net::SSLeay::VERSION < 1.33 ) { 16 print "1..0 # Skipped because of \$Net::SSLeay::VERSION= $Net::SSLeay::VERSION <1.33\n"; 17 exit; 18} 19 20use vars qw( $SSL_SERVER_ADDR ); 21do "t/ssl_settings.req" || do "ssl_settings.req"; 22 23$|=1; 24print "1..30\n"; 25 26my $server = IO::Socket::SSL->new( 27 LocalAddr => $SSL_SERVER_ADDR, 28 Listen => 2, 29 ReuseAddr => 1, 30 SSL_server => 1, 31 SSL_ca_file => "certs/test-ca.pem", 32 SSL_cert_file => "certs/server-wildcard.pem", 33 SSL_key_file => "certs/server-wildcard.pem", 34); 35warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server; 36print "not ok\n", exit if !$server; 37ok("Server Initialization"); 38my $SSL_SERVER_PORT = $server->sockport; 39 40defined( my $pid = fork() ) || die $!; 41if ( $pid == 0 ) { 42 while (1) { 43 my $csock = $server->accept || next; 44 print $csock "hallo\n"; 45 } 46} 47 48close($server); 49my @tests = qw( 50 example.com www FAIL 51 server.local ldap OK 52 server.local www FAIL 53 bla.server.local www OK 54 www7.other.local www OK 55 www7.other.local ldap FAIL 56 bla.server.local ldap OK 57); 58 59for( my $i=0;$i<@tests;$i+=3 ) { 60 my ($name,$scheme,$result) = @tests[$i,$i+1,$i+2]; 61 my $cl = IO::Socket::SSL->new( 62 SSL_ca_file => 'certs/test-ca.pem', 63 PeerAddr => "$SSL_SERVER_ADDR:$SSL_SERVER_PORT", 64 SSL_verify_mode => 1, 65 SSL_verifycn_scheme => $scheme, 66 SSL_verifycn_name => $name, 67 ); 68 if ( $result eq 'FAIL' ) { 69 print "not " if $cl; 70 ok( "connection to $name/$scheme failed" ); 71 } else { 72 print "not " if !$cl; 73 ok( "connection to $name/$scheme succeeded" ); 74 } 75 $cl || next; 76 print "not " if <$cl> ne "hallo\n"; 77 ok( "received hallo" ); 78} 79 80for( my $i=0;$i<@tests;$i+=3 ) { 81 my ($name,$scheme,$result) = @tests[$i,$i+1,$i+2]; 82 my $cl = IO::Socket::INET->new( 83 PeerAddr => "$SSL_SERVER_ADDR:$SSL_SERVER_PORT", 84 ) || print "not "; 85 ok( "tcp connect" ); 86 $cl = IO::Socket::SSL->start_SSL( $cl, 87 SSL_ca_file => 'certs/test-ca.pem', 88 SSL_verify_mode => 1, 89 SSL_verifycn_scheme => $scheme, 90 SSL_verifycn_name => $name, 91 ); 92 if ( $result eq 'FAIL' ) { 93 print "not " if $cl; 94 ok( "ssl upgrade of connection to $name/$scheme failed" ); 95 } else { 96 print "not " if !$cl; 97 ok( "ssl upgrade of connection to $name/$scheme succeeded" ); 98 } 99 $cl || next; 100 print "not " if <$cl> ne "hallo\n"; 101 ok( "received hallo" ); 102} 103 104kill(9,$pid); 105wait; 106 107sub ok { print "ok #$_[0]\n"; } 108 109