mirror of
synced 2025-03-03 22:30:20 +08:00
* tests/Test-https-badcerts.px : New file * tests/Test-https-clientcert.px : New file * tests/Test-https-crl.px : New file * tests/Test-https-weboftrust.px : New file * tests/certs/interca.conf : New file * tests/certs/rootca.conf : New file * tests/certs/test-ca-key.pem : New file Added all new SSL / HTTPS tests to make check Added Test for SSL Web of Trust, accept only if CA chain of trust is intact. Added a test script for client certificate Added Test for crlfile option of wget Added test to make sure that wget doesn't accept expired or invalid certs Some clean up : 1, Removed cause of warnings from perl & other cosmetic changes 2, Fix make -j 4 check such that it passes all tests
228 lines
5.9 KiB
228 lines
5.9 KiB
package SSLServer;
# This is only HTTPS server for now.
# But it is named SSLServer to easily distinguish from HTTPServer
use strict;
use warnings;
use lib '.';
use HTTP::Daemon;
use HTTP::Status;
use HTTP::Headers;
use HTTP::Response;
use IO::Socket::SSL; # 'debug4';
use HTTPServer;
our @ISA = qw(IO::Socket::SSL HTTP::Daemon::ClientConn HTTP::Daemon HTTPServer);
my $VERSION = 0.01;
my $CRLF = "\015\012"; # "\r\n" is not portable
# Config options for server
my $log = undef;
my $DEBUG = undef;
my %ssl_params;
my $sslsock;
my $plaincon;
my %args;
#*DEBUG = \$HTTP::Daemon::DEBUG;
$args{SSL_error_trap} ||= \&ssl_error;
my $class = 'SSLServer';
my $self = {};
$self = bless $self, $class;
sub init
my $self = shift;
my %sargs = @_;
%ssl_params = %sargs;
unless (exists($ssl_params{'lhostname'}) &&
exists($ssl_params{'sslport'}) &&
exists($ssl_params{'ciphers'}) &&
exists($ssl_params{'cafile'}) &&
exists($ssl_params{'certfile'}) &&
exists($ssl_params{'keyfile'})) {
die "Required parameters for SSL tests are missing";
sub ssl_setup_conn
$sslsock = IO::Socket::SSL->new(LocalAddr => $ssl_params{'lhostname'},
LocalPort => $ssl_params{'sslport'},
Listen => 10,
Timeout => 30,
ReuseAddr => 1,
SSL_cipher_list => $ssl_params{'ciphers'},
SSL_verify_mode => 0x00,
SSL_ca_file => $ssl_params{'cafile'},
SSL_cert_file => $ssl_params{'certfile'},
SSL_key_file => $ssl_params{'keyfile'});
$sslsock || warn $IO::Socket::SSL::ERROR;
return $sslsock;
sub fileno
my $self = shift;
my $fn = ${*$self}{'_SSL_fileno'};
return defined($fn) ? $fn : $self->SUPER::fileno();
sub accept
my $self = shift;
my $pkg = shift || "SSLServer";
my ($sock, $peer) = $sslsock->accept($pkg);
if ($sock) {
${*$sock}{'httpd_daemon'} = $self;
${*$self}{'httpd_daemon'} = $sock;
my $fileno = ${*$self}{'_SSL_fileno'} = &fileno($self);
my $f = $sock->fileno;
return wantarray ? ($sock, $peer) : $sock;
else {
print STDERR "Failed to get socket from SSL\n" if $DEBUG;
sub _default_port { 443; }
sub _default_scheme { "https"; }
sub url
my $self = shift;
my $url = $self->SUPER::url;
return $url if ($self->can("HTTP::Daemon::_default_port"));
# Workaround for old versions of HTTP::Daemon
$url =~ s!^http:!https:!;
$url =~ s!/$!:80/! unless ($url =~ m!:(?:\d+)/$!);
$url =~ s!:443/$!/!;
return $url;
sub _need_more
my $self = shift;
if ($_[1]) {
my($timeout, $fdset) = @_[1,2];
print STDERR "select(,,,$timeout)\n" if $DEBUG;
my $n = select($fdset,undef,undef,$timeout);
unless ($n) {
$self->reason(defined($n) ? "Timeout" : "select: $!");
my $total = 0;
while (1){
print STDERR sprintf("sysread() already %d\n",$total) if $DEBUG;
my $n = sysread(${*$self}{'httpd_daemon'}, $_[0], 2048, length($_[0]));
print STDERR sprintf("sysread() just \$n=%s\n",(defined $n?$n:'undef')) if $DEBUG;
$total += $n if defined $n;
last if $! =~ 'Resource temporarily unavailable';
#SSL_Error because of aggressive reading
$self->reason(defined($n) ? "Client closed" : "sysread: $!") unless $n;
last unless $n;
last unless $n == 2048;
sub daemon
my $self = shift;
sub conn
my $self = shift;
sub run
my ($self, $urls, $synch_callback) = @_;
my $initialized = 0;
my $sslsock;
while (1)
if (!$initialized)
$sslsock = $self->ssl_setup_conn();
$sslsock || warn "Failed to get ssl sock";
$initialized = 1;
open (LOGFILE, '>', "/tmp/wgetserver.log");
print LOGFILE "Starting logging";
$synch_callback->() if $synch_callback;
my $con = $self->accept();
${*$self}{'sslcon'} = $con;
while (my $req = $self->get_request)
#my $url_path = $req->url->path;
my $url_path = $req->url->as_string;
if ($url_path =~ m{/$})
{ # append 'index.html'
$url_path .= 'index.html';
#if ($url_path =~ m{^/}) { # remove trailing '/'
# $url_path = substr ($url_path, 1);
if ($log)
print LOGFILE "Method: ", $req->method, "\n";
print LOGFILE "Path: ", $url_path, "\n";
print LOGFILE "Available URLs: ", "\n";
foreach my $key (keys %$urls)
print LOGFILE $key, "\n";
if (exists($urls->{$url_path}))
print LOGFILE "Serving requested URL: ", $url_path, "\n" if $log;
next unless ($req->method eq "HEAD" || $req->method eq "GET");
my $url_rec = $urls->{$url_path};
HTTPServer::send_response($self, $req, $url_rec, $con);
print LOGFILE "Requested wrong URL: ", $url_path, "\n" if $log;
print LOGFILE "Closing connection\n" if $log;
# vim: et ts=4 sw=4