xref: /openbsd-src/gnu/usr.bin/perl/cpan/libnet/t/nntp_ssl.t (revision 256a93a44f36679bee503f12e49566c2183f6181) 
1b8851fccSafresh1#!perl
2b8851fccSafresh1
3b8851fccSafresh1use 5.008001;
4b8851fccSafresh1
5b8851fccSafresh1use strict;
6b8851fccSafresh1use warnings;
7b8851fccSafresh1
8*256a93a4Safresh1use Test::More;
9*256a93a4Safresh1
10*256a93a4Safresh1BEGIN {
11*256a93a4Safresh1    if (!eval { require Socket }) {
12*256a93a4Safresh1        plan skip_all => "no Socket";
13*256a93a4Safresh1    }
14*256a93a4Safresh1    elsif (ord('A') == 193 && !eval { require Convert::EBCDIC }) {
15*256a93a4Safresh1        plan skip_all => "EBCDIC but no Convert::EBCDIC";
16*256a93a4Safresh1    }
17*256a93a4Safresh1}
18*256a93a4Safresh1
19b8851fccSafresh1use Config;
20b8851fccSafresh1use File::Temp 'tempfile';
21b8851fccSafresh1use Net::NNTP;
22b8851fccSafresh1
23b8851fccSafresh1my $debug = 0; # Net::NNTP Debug => ..
24b8851fccSafresh1
25b8851fccSafresh1my $parent = 0;
26b8851fccSafresh1
27b8851fccSafresh1plan skip_all => "no SSL support found in Net::NNTP" if ! Net::NNTP->can_ssl;
28b8851fccSafresh1
29b8851fccSafresh1plan skip_all => "fork not supported on this platform"
30b8851fccSafresh1  unless $Config::Config{d_fork} || $Config::Config{d_pseudofork} ||
31b8851fccSafresh1    (($^O eq 'MSWin32' || $^O eq 'NetWare') and
32b8851fccSafresh1     $Config::Config{useithreads} and
33b8851fccSafresh1     $Config::Config{ccflags} =~ /-DPERL_IMPLICIT_SYS/);
34b8851fccSafresh1
35b8851fccSafresh1my $srv = IO::Socket::INET->new(
36b8851fccSafresh1  LocalAddr => '127.0.0.1',
37b8851fccSafresh1  Listen => 10
38b8851fccSafresh1);
39b8851fccSafresh1plan skip_all => "cannot create listener on localhost: $!" if ! $srv;
40b8851fccSafresh1my $host = $srv->sockhost;
41b8851fccSafresh1my $port = $srv->sockport;
42b8851fccSafresh1
43b8851fccSafresh1plan tests => 2;
44b8851fccSafresh1
45b8851fccSafresh1require IO::Socket::SSL::Utils;
46b8851fccSafresh1my ($ca,$key) = IO::Socket::SSL::Utils::CERT_create( CA => 1 );
47b8851fccSafresh1my ($fh,$cafile) = tempfile();
48b8851fccSafresh1print $fh IO::Socket::SSL::Utils::PEM_cert2string($ca);
49b8851fccSafresh1close($fh);
50b8851fccSafresh1
51b8851fccSafresh1$parent = $$;
52b8851fccSafresh1END { unlink($cafile) if $$ == $parent }
53b8851fccSafresh1
54b8851fccSafresh1my ($cert) = IO::Socket::SSL::Utils::CERT_create(
55b8851fccSafresh1  subject => { CN => 'nntp.example.com' },
56b8851fccSafresh1  issuer_cert => $ca, issuer_key => $key,
57b8851fccSafresh1  key => $key
58b8851fccSafresh1);
59b8851fccSafresh1
60b8851fccSafresh1test(1); # direct ssl
61b8851fccSafresh1test(0); # starttls
62b8851fccSafresh1
63b8851fccSafresh1
64b8851fccSafresh1sub test {
65b8851fccSafresh1  my $ssl = shift;
66b8851fccSafresh1  defined( my $pid = fork()) or die "fork failed: $!";
67b8851fccSafresh1  exit(nntp_server($ssl)) if ! $pid;
68b8851fccSafresh1  nntp_client($ssl);
69b8851fccSafresh1  wait;
70b8851fccSafresh1}
71b8851fccSafresh1
72b8851fccSafresh1
73b8851fccSafresh1sub nntp_client {
74b8851fccSafresh1  my $ssl = shift;
75b8851fccSafresh1  my %sslopt = (
76b8851fccSafresh1    SSL_verifycn_name => 'nntp.example.com',
77b8851fccSafresh1    SSL_ca_file => $cafile
78b8851fccSafresh1  );
79b8851fccSafresh1  $sslopt{SSL} = 1 if $ssl;
80b8851fccSafresh1  my $cl = Net::NNTP->new(
81b8851fccSafresh1    Host => $host,
82b8851fccSafresh1    Port => $port,
83b8851fccSafresh1    Debug => $debug,
84b8851fccSafresh1    %sslopt,
85b8851fccSafresh1  );
86b8851fccSafresh1  note("created Net::NNTP object");
87b8851fccSafresh1  if (!$cl) {
88b8851fccSafresh1    fail( ($ssl ? "SSL ":"" )."NNTP connect failed");
89b8851fccSafresh1  } elsif ($ssl) {
90b8851fccSafresh1    $cl->quit;
91b8851fccSafresh1    pass("SSL NNTP connect success");
92b8851fccSafresh1  } elsif ( ! $cl->starttls ) {
93b8851fccSafresh1    no warnings 'once';
94b8851fccSafresh1    fail("starttls failed: $IO::Socket::SSL::SSL_ERROR");
95b8851fccSafresh1  } else {
96b8851fccSafresh1    $cl->quit;
97b8851fccSafresh1    pass("starttls success");
98b8851fccSafresh1  }
99b8851fccSafresh1}
100b8851fccSafresh1
101b8851fccSafresh1sub nntp_server {
102b8851fccSafresh1  my $ssl = shift;
103b8851fccSafresh1  my $cl = $srv->accept or die "accept failed: $!";
104b8851fccSafresh1  my %sslargs = (
105b8851fccSafresh1    SSL_server => 1,
106b8851fccSafresh1    SSL_cert => $cert,
107b8851fccSafresh1    SSL_key => $key,
108b8851fccSafresh1  );
109b8851fccSafresh1  if ( $ssl ) {
110b8851fccSafresh1    if ( ! IO::Socket::SSL->start_SSL($cl, %sslargs)) {
111b8851fccSafresh1      diag("initial ssl handshake with client failed");
112b8851fccSafresh1      return;
113b8851fccSafresh1    }
114b8851fccSafresh1  }
115b8851fccSafresh1
116b8851fccSafresh1  print $cl "200 nntp.example.com\r\n";
117b8851fccSafresh1  while (<$cl>) {
118b8851fccSafresh1    my ($cmd,$arg) = m{^(\S+)(?: +(.*))?\r\n} or die $_;
119b8851fccSafresh1    $cmd = uc($cmd);
120b8851fccSafresh1    if ($cmd eq 'QUIT' ) {
121b8851fccSafresh1      print $cl "205 bye\r\n";
122b8851fccSafresh1      last;
123b8851fccSafresh1    } elsif ( $cmd eq 'MODE' ) {
124b8851fccSafresh1      print $cl "201 Posting denied\r\n";
125b8851fccSafresh1    } elsif ( ! $ssl and $cmd eq 'STARTTLS' ) {
126b8851fccSafresh1      print $cl "382 Continue with TLS negotiation\r\n";
127b8851fccSafresh1      if ( ! IO::Socket::SSL->start_SSL($cl, %sslargs)) {
128b8851fccSafresh1        diag("initial ssl handshake with client failed");
129b8851fccSafresh1        return;
130b8851fccSafresh1      }
131b8851fccSafresh1      $ssl = 1;
132b8851fccSafresh1    } else {
133b8851fccSafresh1      diag("received unknown command: $cmd");
134b8851fccSafresh1      print "500 unknown cmd\r\n";
135b8851fccSafresh1    }
136b8851fccSafresh1  }
137b8851fccSafresh1
138b8851fccSafresh1  note("NNTP dialog done");
139b8851fccSafresh1}
140