diff --git a/tests/SSLServer.pm b/tests/SSLServer.pm index c0fabfda..d9a6f00b 100644 --- a/tests/SSLServer.pm +++ b/tests/SSLServer.pm @@ -46,6 +46,7 @@ sub init %ssl_params = %sargs; unless (exists($ssl_params{'lhostname'}) && + exists($ssl_params{'sslport'}) && exists($ssl_params{'ciphers'}) && exists($ssl_params{'cafile'}) && exists($ssl_params{'certfile'}) && @@ -57,7 +58,7 @@ sub init sub ssl_setup_conn { $sslsock = IO::Socket::SSL->new(LocalAddr => $ssl_params{'lhostname'}, - LocalPort => 55443, + LocalPort => $ssl_params{'sslport'}, Listen => 10, Timeout => 30, ReuseAddr => 1, diff --git a/tests/SSLTest.pm b/tests/SSLTest.pm index a38acfb3..ec37c76c 100644 --- a/tests/SSLTest.pm +++ b/tests/SSLTest.pm @@ -16,6 +16,7 @@ my %ssl_defaults = ( _cafile => "certs/test-ca-cert.pem", _ciphers => 'ALL', _lhostname => 'wgettestingserver', + _sslport => 55443, ); { diff --git a/tests/Test-https-badcerts.px b/tests/Test-https-badcerts.px index 97f11f5b..7bc15aae 100755 --- a/tests/Test-https-badcerts.px +++ b/tests/Test-https-badcerts.px @@ -20,10 +20,17 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. -my $testhostname = "wgettesterr"; +my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; @@ -52,9 +59,9 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem"; my $cakey = "$cdir/certs/test-ca-key.pem"; # Prepare expired server certificate -my $servercrt = "certs/tmpserver.crt"; -my $serverkey = "certs/tmpserver.key"; -my $servercsr = "$cdir/certs/tmpserver.csr"; +my $servercrt = "certs/tmpserver3.crt"; +my $serverkey = "certs/tmpserver3.key"; +my $servercsr = "$cdir/certs/tmpserver3.csr"; my $enddate = strftime "%y%m%d%H%M%S%z", localtime(time-86400); my $startdate = strftime "%y%m%d%H%M%S%z", localtime(time+86400); my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=". @@ -77,8 +84,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1) } # Try Wget using SSL with expired cert. Expect Failure. +my $port = 60443; my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 5; my %existing_files = ( ); @@ -96,7 +104,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($sslsock->run() == 0) { exit -1; @@ -123,8 +132,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1) # Retry the test with --no-check-certificate. expect success +$port = 50443; $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; $expected_error_code = 5; @@ -135,7 +145,8 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($retryssl->run() == 0) { exit 0; diff --git a/tests/Test-https-clientcert.px b/tests/Test-https-clientcert.px index e069f8b4..7fcf02c6 100755 --- a/tests/Test-https-clientcert.px +++ b/tests/Test-https-clientcert.px @@ -19,10 +19,17 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. -my $testhostname = "wgettesterr"; +my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; @@ -50,8 +57,8 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem"; my $cakey = "$cdir/certs/test-ca-key.pem"; # Prepare server certificate -my $servercrt = "certs/tmpserver.crt"; -my $serverkey = "certs/tmpserver.key"; +my $servercrt = "certs/tmpserver1.crt"; +my $serverkey = "certs/tmpserver1.key"; my $servercsr = "$cdir/certs/tmpserver.csr"; my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=". "$testhostname/emailAddress=servertester"; @@ -95,10 +102,11 @@ unless(-e $clientcert && -e $clientkey && $clientcheck == 1) } # Try Wget using SSL with mismatched client cert & key . Expect error +my $port = 51443; my $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert ". " --private-key=$serverkey ". " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 5; my %existing_files = ( ); @@ -116,17 +124,19 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($sslsock->run() == 0) { exit 0; } # Retry wget using SSL with client certificate. Expect success +$port = 52443; $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert". " --private-key=$clientkey ". " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; $expected_error_code = 0; @@ -137,6 +147,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); exit $retryssl->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-crl.px b/tests/Test-https-crl.px index a63dc457..c484f900 100755 --- a/tests/Test-https-crl.px +++ b/tests/Test-https-crl.px @@ -19,10 +19,17 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. -my $testhostname = "wgettesterr"; +my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; @@ -51,8 +58,8 @@ my $cacrt = "$cdir/certs/test-ca-cert.pem"; my $cakey = "$cdir/certs/test-ca-key.pem"; # Prepare server certificate -my $servercrt = "certs/tmpserver.crt"; -my $serverkey = "certs/tmpserver.key"; +my $servercrt = "certs/tmpserver2.crt"; +my $serverkey = "certs/tmpserver2.key"; my $servercsr = "$cdir/certs/tmpserver.csr"; my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=". "$testhostname/emailAddress=servertester"; @@ -74,8 +81,9 @@ unless(-e $servercrt && -e $serverkey && $servercheck == 1) } # Try Wget using SSL first without --no-check-certificate. Expect Success. +my $port = 62443; my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 0; my %existing_files = ( ); @@ -93,7 +101,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($sslsock->run() != 0) { exit -1; @@ -101,7 +110,7 @@ if ($sslsock->run() != 0) # Revoke the certificate my $crlfile = "$cdir/certs/servercrl.pem"; -my $revokecmd = "openssl ca -config $caconf -revoke $servercrt && +my $revokecmd = "openssl ca -config $caconf -revoke $servercrt && openssl ca -config $caconf -gencrl -keyfile $cakey ". "-cert $cacrt -out $crlfile"; @@ -116,9 +125,10 @@ unless(-e $crlfile) # openssl crl -text -in certs/root.crl.pem # Retry the test with CRL. Expect Failure. +$port = 53443; $cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ". " --ca-certificate=$cacrt". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; $expected_error_code = 5; @@ -129,7 +139,8 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($retryssl->run() == 0) { exit -1; diff --git a/tests/Test-https-pfs.px b/tests/Test-https-pfs.px index 6b43ccf5..aa18ca2e 100755 --- a/tests/Test-https-pfs.px +++ b/tests/Test-https-pfs.px @@ -19,6 +19,13 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. my $testhostname = "WgetTestingServer"; @@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; close $fh; $ENV{'HOSTALIASES'} = "$cdir/wgethosts"; -my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=PFS --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt"; + +my $port = 54443; +my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=PFS". + " --ca-certificate=$cdir/certs/test-ca-cert.pem". + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 0; @@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, - output => \%expected_downloaded_files); + output => \%expected_downloaded_files, + sslport => $port); exit $sslsock->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-selfsigned.px b/tests/Test-https-selfsigned.px index 79c91809..cb50a54c 100755 --- a/tests/Test-https-selfsigned.px +++ b/tests/Test-https-selfsigned.px @@ -19,10 +19,17 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. -my $testhostname = "wgettesterr"; +my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; @@ -33,10 +40,13 @@ $ENV{'HOSTALIASES'} = "$cdir/wgethosts"; my $certfile="tmpsscert.pem"; my $keyfile="tmpsskey.pem"; my $certsubj="/C=US/ST=CA/L=Mystery Spot/O=Dis/CN=$testhostname/emailAddress=tester"; -my $sscertcmd="openssl req -x509 -nodes -newkey rsa:4096 -keyout $keyfile -out $certfile -days 365 -subj \"$certsubj\""; +my $sscertcmd="openssl req -x509 -nodes -newkey rsa:4096 -keyout $keyfile ". + " -out $certfile -days 365 -subj \"$certsubj\""; system($sscertcmd); -my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ; openssl rsa -noout -modulus -in $keyfile | openssl md5) | uniq|wc -l`; +my $sscheck=`(openssl x509 -noout -modulus -in $certfile | openssl md5 ; + openssl rsa -noout -modulus -in $keyfile | openssl md5) | + uniq|wc -l`; # Check if Self signed certificate and key are made correctly. unless(-e $certfile && -e $keyfile && $sscheck == 1) @@ -45,7 +55,9 @@ unless(-e $certfile && -e $keyfile && $sscheck == 1) } # Try Wget using SSL first without --no-check-certificate. expect error -my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt"; +my $port = 56443; +my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/test-ca-cert.pem". + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 5; my %existing_files = ( ); @@ -63,14 +75,18 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $certfile, keyfile => $keyfile, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); if ($sslsock->run() == 0) { exit 0; } # Retry the test with --no-check-certificate. expect success -$cmdline = $WgetTest::WGETPATH . " --no-check-certificate --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt"; +$port = 57443; +$cmdline = $WgetTest::WGETPATH . " --no-check-certificate ". + " --ca-certificate=$cdir/certs/test-ca-cert.pem". + " https://$testhostname:$port/somefile.txt"; $expected_error_code = 0; @@ -81,6 +97,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $certfile, keyfile => $keyfile, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); exit $retryssl->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-tlsv1.px b/tests/Test-https-tlsv1.px index 34965138..ef7bec9c 100755 --- a/tests/Test-https-tlsv1.px +++ b/tests/Test-https-tlsv1.px @@ -19,6 +19,13 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. my $testhostname = "WgetTestingServer"; @@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; close $fh; $ENV{'HOSTALIASES'} = "$cdir/wgethosts"; -my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1 --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt"; + +my $port = 58443; +my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1". + " --ca-certificate=$cdir/certs/test-ca-cert.pem". + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 0; @@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, - output => \%expected_downloaded_files); + output => \%expected_downloaded_files, + sslport => $port); exit $sslsock->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-tlsv1x.px b/tests/Test-https-tlsv1x.px index 7a25f47a..bee54077 100755 --- a/tests/Test-https-tlsv1x.px +++ b/tests/Test-https-tlsv1x.px @@ -19,6 +19,13 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. my $testhostname = "WgetTestingServer"; @@ -27,7 +34,11 @@ open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; close $fh; $ENV{'HOSTALIASES'} = "$cdir/wgethosts"; -my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1_1 --ca-certificate=$cdir/certs/test-ca-cert.pem https://$testhostname:55443/somefile.txt"; + +my $port = 59443; +my $cmdline = $WgetTest::WGETPATH . " --secure-protocol=TLSv1_1". + " --ca-certificate=$cdir/certs/test-ca-cert.pem". + " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 0; @@ -44,7 +55,8 @@ my $sslsock = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, - output => \%expected_downloaded_files); + output => \%expected_downloaded_files, + sslport => $port); exit $sslsock->run(); # vim: et ts=4 sw=4 diff --git a/tests/Test-https-weboftrust.px b/tests/Test-https-weboftrust.px index d3ff85a5..d97e4520 100755 --- a/tests/Test-https-weboftrust.px +++ b/tests/Test-https-weboftrust.px @@ -19,10 +19,17 @@ my %urls = ( }, ); +# Skip the test if openssl is not available +my $ossl = `openssl version`; +unless ($ossl =~ m/OpenSSL 1/) +{ + exit 77; +} + my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. -my $testhostname = "wgettesterr"; +my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; @@ -112,8 +119,9 @@ unless(-e $usrcrt && -e $ikeyfile && $usrcheck == 1) } # Try Wget using SSL using certificate signed by intermediate CA. Expect error. +my $port = 60443; my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/". - "test-ca-cert.pem https://$testhostname:55443/somefile.txt"; + "test-ca-cert.pem https://$testhostname:$port/somefile.txt"; my $expected_error_code = 5; my %existing_files = ( ); @@ -138,8 +146,9 @@ if ($sslsock->run() == 0) } # Retry the test with --no-check-certificate. expect success +$port = 61443; $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cdir/certs/wotca.pem". - " https://$testhostname:55443/somefile.txt"; + " https://$testhostname:$port/somefile.txt"; $expected_error_code = 0; @@ -150,6 +159,7 @@ my $retryssl = SSLTest->new(cmdline => $cmdline, output => \%expected_downloaded_files, certfile => $usrcrt, keyfile => $usrkey, - lhostname => $testhostname); + lhostname => $testhostname, + sslport => $port); exit $retryssl->run(); # vim: et ts=4 sw=4 diff --git a/tests/certs/interca.conf b/tests/certs/interca.conf index 125565ee..7e7576b0 100644 --- a/tests/certs/interca.conf +++ b/tests/certs/interca.conf @@ -2,14 +2,14 @@ default_ca = myca [ crl_ext ] -issuerAltName=issuer:copy +issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always [ myca ] dir = ./certs/ new_certs_dir = $dir unique_subject = no - certificate = $dir/interca.crt + certificate = $dir/interca.crt database = $dir/certindex private_key = $dir/interca.key serial = $dir/certserial @@ -51,7 +51,7 @@ authorityKeyIdentifier=keyid:always authorityInfoAccess = @ocsp_section [alt_names] - DNS.0 = wgettesterr + DNS.0 = WgetTestingServer [crl_section] URI.0 = http://intertest.wgettest.org/Bogus.crl diff --git a/tests/certs/rootca.conf b/tests/certs/rootca.conf index 0dd0b4f3..fc8dce7d 100644 --- a/tests/certs/rootca.conf +++ b/tests/certs/rootca.conf @@ -2,14 +2,14 @@ default_ca = myca [ crl_ext ] -issuerAltName=issuer:copy +issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always [ myca ] dir = ./certs/ new_certs_dir = $dir unique_subject = no - certificate = $dir/test-ca-cert.pem + certificate = $dir/test-ca-cert.pem database = $dir/certindex private_key = $dir/test-ca-key.pem serial = $dir/certserial @@ -51,7 +51,7 @@ authorityKeyIdentifier=keyid:always authorityInfoAccess = @ocsp_section [alt_names] - DNS.0 = wgettesterr + DNS.0 = WgetTestingServer [crl_section] URI.0 = http://test.wgettest.org/Bogus.crl