github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2024-12-28 22:00:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
f6376ac0dc
wget/tests/Test-https-crl.px
Vijo Cherian f6376ac0dc Added new tests for SSL 
* tests/Test-https-badcerts.px : New file
* tests/Test-https-clientcert.px : New file
* tests/Test-https-crl.px : New file
* tests/Test-https-weboftrust.px : New file
* tests/certs/interca.conf : New file
* tests/certs/rootca.conf : New file
* tests/certs/test-ca-key.pem : New file

Added all new SSL / HTTPS tests to make check
Added Test for SSL Web of Trust, accept only if CA chain of trust is intact.
Added a test script for client certificate
Added Test for crlfile option of wget
Added test to make sure that wget doesn't accept expired or invalid certs

Some clean up : Removed cause of warnings from perl & other cosmetic changes
2017-04-28 12:22:54 +02:00

143 lines
4.2 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/env perl
use strict;
use warnings;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "wgettesterr";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
print CRLN "1122";
close CRLN;
my $caconf = "$cdir/certs/rootca.conf";
my $cacrt = "$cdir/certs/test-ca-cert.pem";
my $cakey = "$cdir/certs/test-ca-key.pem";
# Prepare server certificate
my $servercrt = "certs/tmpserver.crt";
my $serverkey = "certs/tmpserver.key";
my $servercsr = "$cdir/certs/tmpserver.csr";
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
"$testhostname/emailAddress=servertester";
my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext -in $servercsr".
" -out $servercrt";
system($servercmd);
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL first without --no-check-certificate. Expect Success.
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
my $expected_error_code = 0;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($sslsock->run() != 0)
{
exit -1;
}
# Revoke the certificate
my $crlfile = "$cdir/certs/servercrl.pem";
my $revokecmd = "openssl ca -config $caconf -revoke $servercrt &&
openssl ca -config $caconf -gencrl -keyfile $cakey ".
"-cert $cacrt -out $crlfile";
system($revokecmd);
# Check if CRL file is generated.
unless(-e $crlfile)
{
exit 77; # skip
}
# To read a CRL file use the following command:
# openssl crl -text -in certs/root.crl.pem
# Retry the test with CRL. Expect Failure.
$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
" --ca-certificate=$cacrt".
" https://$testhostname:55443/somefile.txt";
$expected_error_code = 5;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname);
if ($retryssl->run() == 0)
{
exit -1;
}
else
{
print "Test successful.\n";
exit 0;
}
# vim: et ts=4 sw=4
Reference in New Issue View Git Blame Copy Permalink