# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# non-secure test harness servers.
BEGIN {
- @INC=(@INC, $ENV{'srcdir'}, '.');
+ push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'});
+ push(@INC, ".");
}
use strict;
use warnings;
use Cwd;
+use Cwd 'abs_path';
use serverhelp qw(
server_pidfilename
my $ver_major;
my $ver_minor;
+my $fips_support;
my $stunnel_version;
+my $tstunnel_windows;
my $socketopt;
my $cmd;
my $idnum = 1; # dafault stunneled server instance number
my $proto = 'https'; # default secure server protocol
my $conffile; # stunnel configuration file
+my $capath; # certificate chain PEM folder
my $certfile; # certificate chain PEM file
#***************************************************************************
}
elsif($ARGV[0] eq '--stunnel') {
if($ARGV[1]) {
- $stunnel = $ARGV[1];
+ if($ARGV[1] =~ /^([\w\/]+)$/) {
+ $stunnel = $ARGV[1];
+ }
+ else {
+ $stunnel = "\"". $ARGV[1] ."\"";
+ }
shift @ARGV;
}
}
$conffile = "$path/stunnel.conf";
+$capath = abs_path($path);
$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
+$certfile = abs_path($certfile);
my $ssltext = uc($proto) ." SSL/TLS:";
if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
$ver_major = $1;
$ver_minor = $2;
- last;
+ }
+ elsif($verstr =~ /^sslVersion.*fips *= *yes/) {
+ # the fips option causes an error if stunnel doesn't support it
+ $fips_support = 1;
+ last
}
}
last if($ver_major);
$stunnel_version = (100*$ver_major) + $ver_minor;
#***************************************************************************
-# Verify minimmum stunnel required version
+# Verify minimum stunnel required version
#
if($stunnel_version < 310) {
print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
}
#***************************************************************************
+# Find out if we are running on Windows using the tstunnel binary
+#
+if($stunnel =~ /tstunnel(\.exe)?"?$/) {
+ $tstunnel_windows = 1;
+
+ # replace Cygwin and MinGW drives within paths
+ $capath =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
+ $certfile =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
+}
+
+#***************************************************************************
# Build command to execute for stunnel 3.X versions
#
if($stunnel_version < 400) {
$SIG{TERM} = \&exit_signal_handler;
# stunnel configuration file
if(open(STUNCONF, ">$conffile")) {
- print STUNCONF "
- CApath = $path
- cert = $certfile
- pid = $pidfile
- debug = $loglevel
- output = $logfile
- socket = $socketopt
- foreground = yes
-
- [curltest]
- accept = $accept_port
- connect = $target_port
- ";
+ print STUNCONF "CApath = $capath\n";
+ print STUNCONF "cert = $certfile\n";
+ print STUNCONF "debug = $loglevel\n";
+ print STUNCONF "socket = $socketopt\n";
+ if($fips_support) {
+ # disable fips in case OpenSSL doesn't support it
+ print STUNCONF "fips = no\n";
+ }
+ if(!$tstunnel_windows) {
+ # do not use Linux-specific options on Windows
+ print STUNCONF "output = $logfile\n";
+ print STUNCONF "pid = $pidfile\n";
+ print STUNCONF "foreground = yes\n";
+ }
+ print STUNCONF "\n";
+ print STUNCONF "[curltest]\n";
+ print STUNCONF "accept = $accept_port\n";
+ print STUNCONF "connect = $target_port\n";
if(!close(STUNCONF)) {
print "$ssltext Error closing file $conffile\n";
exit 1;
if($verbose) {
print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
print "cmd: $cmd\n";
- print "CApath = $path\n";
+ print "CApath = $capath\n";
print "cert = $certfile\n";
- print "pid = $pidfile\n";
print "debug = $loglevel\n";
- print "output = $logfile\n";
print "socket = $socketopt\n";
- print "foreground = yes\n";
+ if($fips_support) {
+ print "fips = no\n";
+ }
+ if(!$tstunnel_windows) {
+ print "pid = $pidfile\n";
+ print "output = $logfile\n";
+ print "foreground = yes\n";
+ }
print "\n";
print "[curltest]\n";
print "accept = $accept_port\n";
chmod(0600, $certfile) if(-f $certfile);
#***************************************************************************
+# Run tstunnel on Windows.
+#
+if($tstunnel_windows) {
+ # Fake pidfile for tstunnel on Windows.
+ if(open(OUT, ">$pidfile")) {
+ print OUT $$ . "\n";
+ close(OUT);
+ }
+
+ # Put an "exec" in front of the command so that the child process
+ # keeps this child's process ID.
+ exec("exec $cmd") || die "Can't exec() $cmd: $!";
+
+ # exec() should never return back here to this process. We protect
+ # ourselves by calling die() just in case something goes really bad.
+ die "error: exec() has returned";
+}
+
+#***************************************************************************
# Run stunnel.
#
my $rc = system($cmd);