blob: 4793f95d40c12018c5fa9e79d0b502a3fd7bb7c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
source [file dirname [info script]]/testing.tcl
needs constraint jim
needs cmd socket
needs cmd os.fork
needs cmd load_ssl_certs
# Note that we don't actually need to load certificates with load_ssl_certs
# since the openssl installation should generally automatically load
# root certs
# Let's set up a client and a server where the client
# simply echos everything back to the server
set s [socket stream.server 1443]
if {[os.fork] == 0} {
# child
set c [[socket stream [$s sockname]] ssl]
$s close
sleep 0.25
$c readable {
# when we read we need to also read any pending data,
# otherwise readable won't retrigger
set buf [$c read -pending]
if {[string length $buf] == 0} {
incr ssldone
$c close
} else {
$c puts -nonewline $buf
}
}
vwait ssldone
exit 99
}
# Now set up the server
set certpath [file dirname [info script]]
set cs [[$s accept addr] ssl -server $certpath/certificate.pem $certpath/key.pem]
$s close
defer {
$cs close
}
# At this point, $cs is the server connection to the client in the child process
test ssl-1.1 {puts/gets} {
$cs puts hello
$cs gets
} hello
test ssl-1.2 {puts/gets} {
$cs puts -nonewline again
lmap p [range 5] {
set c [$cs read 1]
set c
}
} {a g a i n}
test ssl-2.1 {https to google.com, gets} -body {
set c [[socket stream www.google.com:443] ssl]
$c puts -nonewline "GET / HTTP/1.0\r\n\r\n"
$c close w
set lines {}
while {[$c gets buf] >= 0} {
lappend lines $buf
}
$c close
join $lines \n
} -match glob -result {HTTP/1.0 200 OK*</html>}
test ssl-2.2 {https to google.com, read with cert verify} -body {
# Note that in order to verify the cert, we need sni
set c [[socket stream www.google.com:443] ssl -sni www.google.com]
# Verify the cert (note that this does not check CN)
$c verify
$c puts -nonewline "GET / HTTP/1.0\r\n\r\n"
$c close w
set buf [$c read]
} -match glob -result {HTTP/1.0 200 OK*</html>}
test ssl-2.3 {ssl to google.com on port 80} -body {
# Try to talk SSL to a non-SSL server
set c [[socket stream www.google.com:80] ssl]
$c puts -nonewline "GET / HTTP/1.0\r\n\r\n"
$c close w
set buf [$c read]
} -returnCodes error -match glob -result {error:*}
testreport
|