2 #***************************************************************************
4 # Project ___| | | | _ \| |
6 # | (__| |_| | _ <| |___
7 # \___|\___/|_| \_\_____|
9 # Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
11 # This software is licensed as described in the file COPYING, which
12 # you should have received as part of this distribution. The terms
13 # are also available at http://curl.haxx.se/docs/copyright.html.
15 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 # copies of the Software, and permit persons to whom the Software is
17 # furnished to do so, under the terms of the COPYING file.
19 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 # KIND, either express or implied.
22 #***************************************************************************
24 # This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
25 # harness. Actually just a layer that runs stunnel properly using the
26 # non-secure test harness servers.
29 push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'});
42 my $stunnel = "stunnel";
44 my $verbose=0; # set to 1 for debugging
46 my $accept_port = 8991; # just our default, weird enough
47 my $target_port = 8999; # default test http-server port
57 my $pidfile; # stunnel pid file
58 my $logfile; # stunnel log file
59 my $loglevel = 5; # stunnel log level
60 my $ipvnum = 4; # default IP version of stunneled server
61 my $idnum = 1; # dafault stunneled server instance number
62 my $proto = 'https'; # default secure server protocol
63 my $conffile; # stunnel configuration file
64 my $certfile; # certificate chain PEM file
66 #***************************************************************************
67 # stunnel requires full path specification for several files.
71 my $logdir = $path .'/log';
73 #***************************************************************************
74 # Signal handler to remove our stunnel 4.00 and newer configuration file.
76 sub exit_signal_handler {
78 local $!; # preserve errno
79 local $?; # preserve exit status
80 unlink($conffile) if($conffile && (-f $conffile));
84 #***************************************************************************
85 # Process command line options
88 if($ARGV[0] eq '--verbose') {
91 elsif($ARGV[0] eq '--proto') {
97 elsif($ARGV[0] eq '--accept') {
99 if($ARGV[1] =~ /^(\d+)$/) {
105 elsif($ARGV[0] eq '--connect') {
107 if($ARGV[1] =~ /^(\d+)$/) {
113 elsif($ARGV[0] eq '--stunnel') {
119 elsif($ARGV[0] eq '--srcdir') {
125 elsif($ARGV[0] eq '--certfile') {
127 $stuncert = $ARGV[1];
131 elsif($ARGV[0] eq '--id') {
133 if($ARGV[1] =~ /^(\d+)$/) {
134 $idnum = $1 if($1 > 0);
139 elsif($ARGV[0] eq '--ipv4') {
142 elsif($ARGV[0] eq '--ipv6') {
145 elsif($ARGV[0] eq '--pidfile') {
147 $pidfile = "$path/". $ARGV[1];
151 elsif($ARGV[0] eq '--logfile') {
153 $logfile = "$path/". $ARGV[1];
158 print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
163 #***************************************************************************
164 # Initialize command line option dependant variables
167 $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
170 $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
173 $conffile = "$path/stunnel.conf";
175 $certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
177 my $ssltext = uc($proto) ." SSL/TLS:";
179 #***************************************************************************
180 # Find out version info for the given stunnel binary
182 foreach my $veropt (('-version', '-V')) {
183 foreach my $verstr (qx($stunnel $veropt 2>&1)) {
184 if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
192 if((!$ver_major) || (!$ver_minor)) {
193 if(-x "$stunnel" && ! -d "$stunnel") {
194 print "$ssltext Unknown stunnel version\n";
197 print "$ssltext No stunnel\n";
201 $stunnel_version = (100*$ver_major) + $ver_minor;
203 #***************************************************************************
204 # Verify minimmum stunnel required version
206 if($stunnel_version < 310) {
207 print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
211 #***************************************************************************
212 # Build command to execute for stunnel 3.X versions
214 if($stunnel_version < 400) {
215 if($stunnel_version >= 319) {
216 $socketopt = "-O a:SO_REUSEADDR=1";
218 $cmd = "$stunnel -p $certfile -P $pidfile ";
219 $cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
220 $cmd .= ($socketopt) ? "$socketopt " : "";
221 $cmd .= ">$logfile 2>&1";
223 print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
225 print "pem cert file: $certfile\n";
226 print "pid file: $pidfile\n";
227 print "log file: $logfile\n";
228 print "log level: $loglevel\n";
229 print "listen on port: $accept_port\n";
230 print "connect to port: $target_port\n";
234 #***************************************************************************
235 # Build command to execute for stunnel 4.00 and newer
237 if($stunnel_version >= 400) {
238 $socketopt = "a:SO_REUSEADDR=1";
239 $cmd = "$stunnel $conffile ";
240 $cmd .= ">$logfile 2>&1";
241 # setup signal handler
242 $SIG{INT} = \&exit_signal_handler;
243 $SIG{TERM} = \&exit_signal_handler;
244 # stunnel configuration file
245 if(open(STUNCONF, ">$conffile")) {
256 accept = $accept_port
257 connect = $target_port
259 if(!close(STUNCONF)) {
260 print "$ssltext Error closing file $conffile\n";
265 print "$ssltext Error writing file $conffile\n";
269 print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
271 print "CApath = $path\n";
272 print "cert = $certfile\n";
273 print "pid = $pidfile\n";
274 print "debug = $loglevel\n";
275 print "output = $logfile\n";
276 print "socket = $socketopt\n";
277 print "foreground = yes\n";
279 print "[curltest]\n";
280 print "accept = $accept_port\n";
281 print "connect = $target_port\n";
285 #***************************************************************************
286 # Set file permissions on certificate pem file.
288 chmod(0600, $certfile) if(-f $certfile);
290 #***************************************************************************
293 my $rc = system($cmd);
297 unlink($conffile) if($conffile && -f $conffile);