#!/usr/bin/env perl use strict; use warnings; use SSLTest; ############################################################################### # code, msg, headers, content my %urls = ( '/somefile.txt' => { code => "200", msg => "Dontcare", headers => { "Content-type" => "text/plain", }, content => "blabla", }, ); # Skip the test if openssl is not available my $ossl = `openssl version`; unless ($ossl =~ m/OpenSSL 1/) { exit 77; } my $cdir = $ENV{'PWD'}; # HOSTALIASES env variable allows us to create hosts file alias. my $testhostname = "WgetTestingServer"; my $testhostfile = "$cdir/wgethosts"; open(my $fh, '>', $testhostfile); print $fh "$testhostname 127.0.0.1\n"; close $fh; $ENV{'HOSTALIASES'} = "$cdir/wgethosts"; # Create certindex open CERTID, ">", "$cdir/certs/certindex" or warn "Cannot overwrite file $cdir/certs/certindex"; close CERTID; # Create certserial open CERTSN, ">", "$cdir/certs/certserial" or warn "Cannot overwrite file $cdir/certs/certserial"; print CERTSN "1122"; close CERTSN; # Create crlnumber open CRLN, ">", "$cdir/certs/crlnumber" or warn "Cannot overwrite file $cdir/certs/crlnumber"; print CRLN "1122"; close CRLN; my $caconf = "$cdir/certs/rootca.conf"; my $cacrt = "$cdir/certs/test-ca-cert.pem"; my $cakey = "$cdir/certs/test-ca-key.pem"; # Prepare server certificate my $servercrt = "certs/tmpserver2.crt"; my $serverkey = "certs/tmpserver2.key"; my $servercsr = "$cdir/certs/tmpserver.csr"; my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=". "$testhostname/emailAddress=servertester"; my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new". " -sha256 -key $serverkey -out $servercsr -days 365 ". " -subj \"$serversubj\" &&". "openssl ca -batch -config $caconf -notext -in $servercsr". " -out $servercrt"; system($servercmd); my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ; openssl rsa -noout -modulus -in $serverkey | openssl md5) | uniq | wc -l`; # Check if certificate and key are made correctly. unless(-e $servercrt && -e $serverkey && $servercheck == 1) { exit 77; # skip } # Try Wget using SSL first without --no-check-certificate. Expect Success. my $port = 32443; my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt". " https://$testhostname:$port/somefile.txt"; my $expected_error_code = 0; my %existing_files = ( ); my %expected_downloaded_files = ( 'somefile.txt' => { content => "blabla", }, ); my $sslsock = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, lhostname => $testhostname, sslport => $port); if ($sslsock->run() != 0) { exit -1; } # Revoke the certificate my $crlfile = "$cdir/certs/servercrl.pem"; my $revokecmd = "openssl ca -config $caconf -revoke $servercrt && openssl ca -config $caconf -gencrl -keyfile $cakey ". "-cert $cacrt -out $crlfile"; system($revokecmd); # Check if CRL file is generated. unless(-e $crlfile) { exit 77; # skip } # To read a CRL file use the following command: # openssl crl -text -in certs/root.crl.pem # Retry the test with CRL. Expect Failure. $port = 23443; $cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ". " --ca-certificate=$cacrt". " https://$testhostname:$port/somefile.txt"; $expected_error_code = 5; my $retryssl = SSLTest->new(cmdline => $cmdline, input => \%urls, errcode => $expected_error_code, existing => \%existing_files, output => \%expected_downloaded_files, certfile => $servercrt, keyfile => $serverkey, lhostname => $testhostname, sslport => $port); if ($retryssl->run() == 0) { exit -1; } else { print "Test successful.\n"; exit 0; } # vim: et ts=4 sw=4