2
#***************************************************************************
4
# Project ___| | | | _ \| |
6
# | (__| |_| | _ <| |___
7
# \___|\___/|_| \_\_____|
9
# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
11
# This software is licensed as described in the file COPYING, which
12
# you should have received as part of this distribution. The terms
13
# are also available at http://curl.haxx.se/docs/copyright.html.
15
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
16
# copies of the Software, and permit persons to whom the Software is
17
# furnished to do so, under the terms of the COPYING file.
19
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20
# KIND, either express or implied.
22
#***************************************************************************
24
# This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
25
# harness. Actually just a layer that runs stunnel properly using the
26
# non-secure test harness servers.
29
@INC=(@INC, $ENV{'srcdir'}, '.');
41
my $stunnel = "stunnel";
43
my $verbose=0; # set to 1 for debugging
45
my $accept_port = 8991; # just our default, weird enough
46
my $target_port = 8999; # default test http-server port
56
my $pidfile; # stunnel pid file
57
my $logfile; # stunnel log file
58
my $loglevel = 5; # stunnel log level
59
my $ipvnum = 4; # default IP version of stunneled server
60
my $idnum = 1; # dafault stunneled server instance number
61
my $proto = 'https'; # default secure server protocol
62
my $conffile; # stunnel configuration file
63
my $certfile; # certificate chain PEM file
65
#***************************************************************************
66
# stunnel requires full path specification for several files.
70
my $logdir = $path .'/log';
72
#***************************************************************************
73
# Signal handler to remove our stunnel 4.00 and newer configuration file.
75
sub exit_signal_handler {
77
local $!; # preserve errno
78
local $?; # preserve exit status
79
unlink($conffile) if($conffile && (-f $conffile));
83
#***************************************************************************
84
# Process command line options
87
if($ARGV[0] eq '--verbose') {
90
elsif($ARGV[0] eq '--proto') {
96
elsif($ARGV[0] eq '--accept') {
98
if($ARGV[1] =~ /^(\d+)$/) {
104
elsif($ARGV[0] eq '--connect') {
106
if($ARGV[1] =~ /^(\d+)$/) {
112
elsif($ARGV[0] eq '--stunnel') {
118
elsif($ARGV[0] eq '--srcdir') {
124
elsif($ARGV[0] eq '--certfile') {
126
$stuncert = $ARGV[1];
130
elsif($ARGV[0] eq '--id') {
132
if($ARGV[1] =~ /^(\d+)$/) {
133
$idnum = $1 if($1 > 0);
138
elsif($ARGV[0] eq '--ipv4') {
141
elsif($ARGV[0] eq '--ipv6') {
144
elsif($ARGV[0] eq '--pidfile') {
146
$pidfile = "$path/". $ARGV[1];
150
elsif($ARGV[0] eq '--logfile') {
152
$logfile = "$path/". $ARGV[1];
157
print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
162
#***************************************************************************
163
# Initialize command line option dependant variables
166
$pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
169
$logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
172
$conffile = "$path/stunnel.conf";
174
$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
176
my $ssltext = uc($proto) ." SSL/TLS:";
178
#***************************************************************************
179
# Find out version info for the given stunnel binary
181
foreach my $veropt (('-version', '-V')) {
182
foreach my $verstr (qx($stunnel $veropt 2>&1)) {
183
if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
191
if((!$ver_major) || (!$ver_minor)) {
192
if(-x "$stunnel" && ! -d "$stunnel") {
193
print "$ssltext Unknown stunnel version\n";
196
print "$ssltext No stunnel\n";
200
$stunnel_version = (100*$ver_major) + $ver_minor;
202
#***************************************************************************
203
# Verify minimmum stunnel required version
205
if($stunnel_version < 310) {
206
print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
210
#***************************************************************************
211
# Build command to execute for stunnel 3.X versions
213
if($stunnel_version < 400) {
214
if($stunnel_version >= 319) {
215
$socketopt = "-O a:SO_REUSEADDR=1";
217
$cmd = "$stunnel -p $certfile -P $pidfile ";
218
$cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
219
$cmd .= ($socketopt) ? "$socketopt " : "";
220
$cmd .= ">$logfile 2>&1";
222
print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
224
print "pem cert file: $certfile\n";
225
print "pid file: $pidfile\n";
226
print "log file: $logfile\n";
227
print "log level: $loglevel\n";
228
print "listen on port: $accept_port\n";
229
print "connect to port: $target_port\n";
233
#***************************************************************************
234
# Build command to execute for stunnel 4.00 and newer
236
if($stunnel_version >= 400) {
237
$socketopt = "a:SO_REUSEADDR=1";
238
$cmd = "$stunnel $conffile ";
239
$cmd .= ">$logfile 2>&1";
240
# setup signal handler
241
$SIG{INT} = \&exit_signal_handler;
242
$SIG{TERM} = \&exit_signal_handler;
243
# stunnel configuration file
244
if(open(STUNCONF, ">$conffile")) {
255
accept = $accept_port
256
connect = $target_port
258
if(!close(STUNCONF)) {
259
print "$ssltext Error closing file $conffile\n";
264
print "$ssltext Error writing file $conffile\n";
268
print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
270
print "CApath = $path\n";
271
print "cert = $certfile\n";
272
print "pid = $pidfile\n";
273
print "debug = $loglevel\n";
274
print "output = $logfile\n";
275
print "socket = $socketopt\n";
276
print "foreground = yes\n";
278
print "[curltest]\n";
279
print "accept = $accept_port\n";
280
print "connect = $target_port\n";
284
#***************************************************************************
285
# Set file permissions on certificate pem file.
287
chmod(0600, $certfile) if(-f $certfile);
289
#***************************************************************************
292
my $rc = system($cmd);
296
unlink($conffile) if($conffile && -f $conffile);