2 #***************************************************************************
4 # Project ___| | | | _ \| |
6 # | (__| |_| | _ <| |___
7 # \___|\___/|_| \_\_____|
9 # Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
11 # This software is licensed as described in the file COPYING, which
12 # you should have received as part of this distribution. The terms
13 # are also available at https://curl.haxx.se/docs/copyright.html.
15 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 # copies of the Software, and permit persons to whom the Software is
17 # furnished to do so, under the terms of the COPYING file.
19 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 # KIND, either express or implied.
22 #***************************************************************************
24 # This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
25 # harness. Actually just a layer that runs stunnel properly using the
26 # non-secure test harness servers.
29 push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'});
43 my $stunnel = "stunnel";
45 my $verbose=0; # set to 1 for debugging
47 my $accept_port = 8991; # just our default, weird enough
48 my $target_port = 8999; # default test http-server port
60 my $pidfile; # stunnel pid file
61 my $logfile; # stunnel log file
62 my $loglevel = 5; # stunnel log level
63 my $ipvnum = 4; # default IP version of stunneled server
64 my $idnum = 1; # dafault stunneled server instance number
65 my $proto = 'https'; # default secure server protocol
66 my $conffile; # stunnel configuration file
67 my $capath; # certificate chain PEM folder
68 my $certfile; # certificate chain PEM file
70 #***************************************************************************
71 # stunnel requires full path specification for several files.
75 my $logdir = $path .'/log';
77 #***************************************************************************
78 # Signal handler to remove our stunnel 4.00 and newer configuration file.
80 sub exit_signal_handler {
82 local $!; # preserve errno
83 local $?; # preserve exit status
84 unlink($conffile) if($conffile && (-f $conffile));
88 #***************************************************************************
89 # Process command line options
92 if($ARGV[0] eq '--verbose') {
95 elsif($ARGV[0] eq '--proto') {
101 elsif($ARGV[0] eq '--accept') {
103 if($ARGV[1] =~ /^(\d+)$/) {
109 elsif($ARGV[0] eq '--connect') {
111 if($ARGV[1] =~ /^(\d+)$/) {
117 elsif($ARGV[0] eq '--stunnel') {
119 if($ARGV[1] =~ /^([\w\/]+)$/) {
123 $stunnel = "\"". $ARGV[1] ."\"";
128 elsif($ARGV[0] eq '--srcdir') {
134 elsif($ARGV[0] eq '--certfile') {
136 $stuncert = $ARGV[1];
140 elsif($ARGV[0] eq '--id') {
142 if($ARGV[1] =~ /^(\d+)$/) {
143 $idnum = $1 if($1 > 0);
148 elsif($ARGV[0] eq '--ipv4') {
151 elsif($ARGV[0] eq '--ipv6') {
154 elsif($ARGV[0] eq '--pidfile') {
156 $pidfile = "$path/". $ARGV[1];
160 elsif($ARGV[0] eq '--logfile') {
162 $logfile = "$path/". $ARGV[1];
167 print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
172 #***************************************************************************
173 # Initialize command line option dependant variables
176 $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
179 $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
182 $conffile = "$path/stunnel.conf";
184 $capath = abs_path($path);
185 $certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
186 $certfile = abs_path($certfile);
188 my $ssltext = uc($proto) ." SSL/TLS:";
190 #***************************************************************************
191 # Find out version info for the given stunnel binary
193 foreach my $veropt (('-version', '-V')) {
194 foreach my $verstr (qx($stunnel $veropt 2>&1)) {
195 if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
199 elsif($verstr =~ /^sslVersion.*fips *= *yes/) {
200 # the fips option causes an error if stunnel doesn't support it
207 if((!$ver_major) || (!$ver_minor)) {
208 if(-x "$stunnel" && ! -d "$stunnel") {
209 print "$ssltext Unknown stunnel version\n";
212 print "$ssltext No stunnel\n";
216 $stunnel_version = (100*$ver_major) + $ver_minor;
218 #***************************************************************************
219 # Verify minimum stunnel required version
221 if($stunnel_version < 310) {
222 print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
226 #***************************************************************************
227 # Find out if we are running on Windows using the tstunnel binary
229 if($stunnel =~ /tstunnel(\.exe)?"?$/) {
230 $tstunnel_windows = 1;
232 # replace Cygwin and MinGW drives within paths
233 $capath =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
234 $certfile =~ s/^(\/cygdrive)?\/(\w)\//$2\:\//;
237 #***************************************************************************
238 # Build command to execute for stunnel 3.X versions
240 if($stunnel_version < 400) {
241 if($stunnel_version >= 319) {
242 $socketopt = "-O a:SO_REUSEADDR=1";
244 $cmd = "$stunnel -p $certfile -P $pidfile ";
245 $cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
246 $cmd .= ($socketopt) ? "$socketopt " : "";
247 $cmd .= ">$logfile 2>&1";
249 print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
251 print "pem cert file: $certfile\n";
252 print "pid file: $pidfile\n";
253 print "log file: $logfile\n";
254 print "log level: $loglevel\n";
255 print "listen on port: $accept_port\n";
256 print "connect to port: $target_port\n";
260 #***************************************************************************
261 # Build command to execute for stunnel 4.00 and newer
263 if($stunnel_version >= 400) {
264 $socketopt = "a:SO_REUSEADDR=1";
265 $cmd = "$stunnel $conffile ";
266 $cmd .= ">$logfile 2>&1";
267 # setup signal handler
268 $SIG{INT} = \&exit_signal_handler;
269 $SIG{TERM} = \&exit_signal_handler;
270 # stunnel configuration file
271 if(open(STUNCONF, ">$conffile")) {
272 print STUNCONF "CApath = $capath\n";
273 print STUNCONF "cert = $certfile\n";
274 print STUNCONF "debug = $loglevel\n";
275 print STUNCONF "socket = $socketopt\n";
277 # disable fips in case OpenSSL doesn't support it
278 print STUNCONF "fips = no\n";
280 if(!$tstunnel_windows) {
281 # do not use Linux-specific options on Windows
282 print STUNCONF "output = $logfile\n";
283 print STUNCONF "pid = $pidfile\n";
284 print STUNCONF "foreground = yes\n";
287 print STUNCONF "[curltest]\n";
288 print STUNCONF "accept = $accept_port\n";
289 print STUNCONF "connect = $target_port\n";
290 if(!close(STUNCONF)) {
291 print "$ssltext Error closing file $conffile\n";
296 print "$ssltext Error writing file $conffile\n";
300 print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
302 print "CApath = $capath\n";
303 print "cert = $certfile\n";
304 print "debug = $loglevel\n";
305 print "socket = $socketopt\n";
309 if(!$tstunnel_windows) {
310 print "pid = $pidfile\n";
311 print "output = $logfile\n";
312 print "foreground = yes\n";
315 print "[curltest]\n";
316 print "accept = $accept_port\n";
317 print "connect = $target_port\n";
321 #***************************************************************************
322 # Set file permissions on certificate pem file.
324 chmod(0600, $certfile) if(-f $certfile);
326 #***************************************************************************
327 # Run tstunnel on Windows.
329 if($tstunnel_windows) {
330 # Fake pidfile for tstunnel on Windows.
331 if(open(OUT, ">$pidfile")) {
336 # Put an "exec" in front of the command so that the child process
337 # keeps this child's process ID.
338 exec("exec $cmd") || die "Can't exec() $cmd: $!";
340 # exec() should never return back here to this process. We protect
341 # ourselves by calling die() just in case something goes really bad.
342 die "error: exec() has returned";
345 #***************************************************************************
348 my $rc = system($cmd);
352 unlink($conffile) if($conffile && -f $conffile);