curl-users
Re: curl-7.10.1: recent 'stunnel' version breaks tests
Date: Fri, 18 Oct 2002 21:07:22 EDT
--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
This is my patch to make the https/ftps tests play well with both
older and newer versions of stunnel.
A couple more notes:
- the file 'stunnel.pem' is supposed to contain confidential data
and should be created/distributed with more secure permissions.
-rw------- 1 user group 1795 Apr 25 2001 tests/stunnel.pem
- for some weird reason some tests' success/failure depends on the
order they are executed. I can't tell for sure whether it's a
timing problem (ie. test servers slow to start or die), or something
else, but I was able to reproduce it with something as simple as:
$ ./runtests.pl 402 403
********* System characteristics ********
* curl 7.10.1 (i686-pc-linux-gnu)
* libcurl/7.10.1 OpenSSL/0.9.6g zlib/1.1.4
* Host: hostname
* System: Linux hostname 2.4...
* Memory debugging: OFF
* Netrc debugging: OFF
* HTTPS server: ON
* FTPS server: ON
* libcurl SSL: ON
*****************************************
test 402...[FTPS operation to FTP port]
error OK
test 403...[insecure FTPS without permission]
curl returned 7, 60 was expected
error FAILED
- abort tests
1 tests out of 2 reported OK: 50%
These test cases failed: 403
$ ./runtests.pl 403 402
********* System characteristics ********
* curl 7.10.1 (i686-pc-linux-gnu)
* libcurl/7.10.1 OpenSSL/0.9.6g zlib/1.1.4
* Host: hostname
* System: Linux hostname 2.4...
* Memory debugging: OFF
* Netrc debugging: OFF
* HTTPS server: ON
* FTPS server: ON
* libcurl SSL: ON
*****************************************
test 403...[insecure FTPS without permission]
error OK
test 402...[FTPS operation to FTP port]
error OK
2 tests out of 2 reported OK: 100%
--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=diff
--- tests/httpsserver.pl 2001-09-17 08:41:01.000000000 +0000
+++ tests-new/httpsserver.pl 2002-10-19 00:34:03.000000000 +0000
@@ -23,8 +23,8 @@
my $verbose=0; # set to 1 for debugging
-my $port = 8433; # just a default
-my $http = 8999; # http-port
+my $port = 8433; # just our default, weird enough
+my $target_port = 8999; # test http-server port
do {
if($ARGV[0] eq "-v") {
$verbose=1;
@@ -33,7 +33,7 @@
return 0; # return success, means we have stunnel working!
}
elsif($ARGV[0] eq "-r") {
- $http=$ARGV[1];
+ $target_port=$ARGV[1];
shift @ARGV;
}
elsif($ARGV[0] =~ /^(\d+)$/) {
@@ -43,9 +43,39 @@
my $path = `pwd`;
chomp $path;
-my $cmd = "$stunnel -p $path/stunnel.pem -P $path/.https.pid -d $port -r $http";
+
+my $conffile="$path/stunnel.conf"; # stunnel configuration data
+my $certfile="$path/stunnel.pem"; # stunnel server certificate
+my $pidfile="$path/.https.pid"; # stunnel process pid file
+
+open(CONF, ">$conffile") || return 1;
+print CONF "
+ CApath=$path
+ cert = $certfile
+ pid = $pidfile
+ debug = 0
+ output = /dev/null
+ foreground = yes
+
+ [curltest]
+ accept = $port
+ connect = $target_port
+";
+close CONF;
+system("chmod go-rwx $conffile $path/stunnel.pem"); # secure permissions
+
+ # works only with stunnel versions < 4.00
+my $cmd="$stunnel -p $certfile -P $pidfile -d $port -r $target_port 2>/dev/null";
+
+# use some heuristics to determine stunnel version
+my $version_ge_4=system("$stunnel -V 2>&1|grep '^stunnel.* on '>/dev/null 2>&1");
+ # works only with stunnel versions >= 4.00
+if ($version_ge_4) { $cmd="$stunnel $conffile"; }
if($verbose) {
- print "$cmd\n";
+ print "HTTPS server: $cmd\n";
}
+
system($cmd);
+
+unlink $conffile;
--- tests/ftpsserver.pl 2001-09-17 08:55:32.000000000 +0000
+++ tests-new/ftpsserver.pl 2002-10-19 00:40:06.000000000 +0000
@@ -1,7 +1,7 @@
#!/usr/bin/perl
#
# $Id: ftpsserver.pl,v 1.2 2001/09/17 08:55:32 bagder Exp $
-# This is the HTTPS server designed for the curl test suite.
+# This is the FTPS server designed for the curl test suite.
#
# It is actually just a layer that runs stunnel properly.
@@ -23,14 +23,14 @@
my $verbose=0; # set to 1 for debugging
-my $port = 8821; # just our default, weird enough
-my $ftp = 8921; # test ftp-server port
+my $port = 8821; # just our default, weird enough
+my $remote_port = 8921; # test ftp-server port
do {
if($ARGV[0] eq "-v") {
$verbose=1;
}
elsif($ARGV[0] eq "-r") {
- $ftp=$ARGV[1];
+ $remote_port=$ARGV[1];
shift @ARGV;
}
elsif($ARGV[0] =~ /^(\d+)$/) {
@@ -40,9 +40,40 @@
my $path = `pwd`;
chomp $path;
-my $cmd = "$stunnel -p $path/stunnel.pem -P $path/.ftps.pid -d $port -r $ftp";
+
+my $conffile="$path/stunnel.conf"; # stunnel configuration data
+my $certfile="$path/stunnel.pem"; # stunnel server certificate
+my $pidfile="$path/.ftps.pid"; # stunnel process pid file
+
+open(CONF, ">$conffile") || return 1;
+print CONF "
+ CApath=$path
+ cert = $certfile
+ pid = $pidfile
+ debug = 0
+ output = /dev/null
+ foreground = yes
+
+
+ [curltest]
+ accept = $port
+ connect = $remote_port
+";
+close CONF;
+system("chmod go-rwx $conffile $path/stunnel.pem"); # secure permissions
+
+ # works only with stunnel versions < 4.00
+my $cmd="$stunnel -p $certfile -P $pidfile -d $port -r $remote_port 2>/dev/null";
+
+# use some heuristics to determine stunnel version
+my $version_ge_4=system("$stunnel -V 2>&1|grep '^stunnel.* on '>/dev/null 2>&1");
+ # works only with stunnel versions >= 4.00
+if ($version_ge_4) { $cmd="$stunnel $conffile"; }
if($verbose) {
print "FTPS server: $cmd\n";
}
+
system($cmd);
+
+unlink $conffile;
--8t9RHnE3ZwKMSgU+--
___________________________________
Build high quality traffic with the Web's Premier traffic building system. 2 to 1 ratio! http://www.itrafficstar.com/?ref=6
-------------------------------------------------------
This sf.net email is sponsored by:
Access Your PC Securely with GoToMyPC. Try Free Now
https://www.gotomypc.com/s/OSND/DD
Received on 2002-10-19