From 082e7194605e99f0e50f8909fcaf10adee747cc8 Mon Sep 17 00:00:00 2001

From: Tomas Hozza <thozza@redhat.com>

Date: Fri, 5 May 2017 13:46:11 +0200

Subject: [PATCH] Fix client/server synchronization in

 Test-proxied-https-auth.px test

Combination of upstream commits vithout adding support for Valgrind:

3eff3ad69a46364475e1f4abdf9412cfa87e3d6c

2303793a626158627bdb2ac255e0f58697682b24

Signed-off-by: Tomas Hozza <thozza@redhat.com>

---

 tests/Test-proxied-https-auth.px | 82 +++++++++++++++++++++++-----------------

 1 file changed, 48 insertions(+), 34 deletions(-)

diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px

index 1de5357..e1a6c44 100755

--- a/tests/Test-proxied-https-auth.px

+++ b/tests/Test-proxied-https-auth.px

@@ -1,4 +1,6 @@

 #!/usr/bin/env perl

+# Simulate a tunneling proxy to a HTTPS URL that needs authentication.

+# Use two connections (Connection: close)

 use strict;

 use warnings;

@@ -39,31 +41,33 @@ sub get_request {

 }

 sub do_server {

-    my $alrm = alarm 10;

-

+    my ($synch_callback) = @_;

     my $s = $SOCKET;

     my $conn;

     my $rqst;

     my $rspn;

+

+    my %options = (

+        SSL_server => 1,

+        SSL_passwd_cb => sub { return "Hello"; });

+    $options{SSL_cert_file} = $cert_path if ($cert_path);

+    $options{SSL_key_file} = $key_path if ($key_path);

+    my @options = %options;

+

+    # sync with the parent

+    $synch_callback->();

+

+    # Simulate a HTTPS proxy server with tunneling.

+

     for my $expect_inner_auth (0, 1) {

         $conn = $s->accept;

         $rqst = $conn->get_request;

-

-        # TODO: expect no auth the first time, request it, expect it the second

-        #   time.

-

         die "Method not CONNECT\n" if ($rqst->method ne 'CONNECT');

         $rspn = HTTP::Response->new(200, 'OK');

         $conn->send_response($rspn);

-        my %options = (

-            SSL_server => 1,

-            SSL_passwd_cb => sub { return "Hello"; });

-

-        $options{SSL_cert_file} = $cert_path if ($cert_path);

-        $options{SSL_key_file} = $key_path if ($key_path);

-

-        my @options = %options;

+        # Now switch from plain to SSL (for simulating a transparent tunnel

+        # to an HTTPS server).

         $conn = IO::Socket::SSL->new_from_fd($conn->fileno, @options)

             or die "Couldn't initiate SSL";

@@ -74,14 +78,10 @@ sub do_server {

         unless ($expect_inner_auth) {

             die "Early proxied auth\n" if $rqst->header('Authorization');

-            # TODO: handle non-persistent connection here.

             $rspn = HTTP::Response->new(401, 'Unauthorized', [

                 'WWW-Authenticate' => 'Basic realm="gondor"',

                 Connection => 'close'

                 ]);

-            $rspn->protocol('HTTP/1.0');

-            print $rspn->as_string;

-            print $conn $rspn->as_string;

         } else {

             die "No proxied auth\n" unless $rqst->header('Authorization');

@@ -89,41 +89,55 @@ sub do_server {

                 'Content-Type' => 'text/plain',

                 'Connection' => 'close',

                 ], "foobarbaz\n");

-            $rspn->protocol('HTTP/1.0');

-            print "=====\n";

-            print $rspn->as_string;

-            print "\n=====\n";

-            print $conn $rspn->as_string;

         }

+

+        $rspn->protocol('HTTP/1.0');

+        print STDERR "=====\n";

+        print STDERR $rspn->as_string;

+        print STDERR "\n=====\n";

+        print $conn $rspn->as_string;

+

         $conn->close;

     }

+

     undef $conn;

     undef $s;

-    alarm $alrm;

 }

 sub fork_server {

-    my $pid = fork;

-    die "Couldn't fork" if ($pid < 0);

-    return $pid if $pid;

+    pipe(FROM_CHILD, TO_PARENT) or die "Cannot create pipe!";

+    select((select(TO_PARENT), $| = 1)[0]);

+

+    my $pid = fork();

+    if ($pid < 0) {

+        die "Cannot fork";

+    } elsif ($pid == 0) {

+        # child

+        close FROM_CHILD;

+        do_server(sub { print TO_PARENT "SYNC\n"; close TO_PARENT });

+        exit 0;

+    } else {

+        # parent

+        close TO_PARENT;

+        chomp(my $line = <FROM_CHILD>);

+        close FROM_CHILD;

+    }

-    &do_server;

-    exit;

+    return $pid;

 }

-system ('rm -f needs-auth.txt');

+unlink "needs-auth.txt";

 my $pid = &fork_server;

-sleep 1;

 my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee"

     . " --password=Dodgson -e https_proxy=localhost:{{port}}"

     . " --no-check-certificate"

     . " https://no.such.domain/needs-auth.txt";

 $cmdline =~ s/{{port}}/$SOCKET->sockport()/e;

-my $code = system($cmdline);

-system ('rm -f needs-auth.txt');

+my $code = system($cmdline . " 2>&1") >> 8;

+unlink "needs-auth.txt";

 warn "Got code: $code\n" if $code;

 kill ('TERM', $pid);

-exit ($code >> 8);

+exit ($code != 0);

-- 

2.7.4