From 082e7194605e99f0e50f8909fcaf10adee747cc8 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Fri, 5 May 2017 13:46:11 +0200 Subject: [PATCH] Fix client/server synchronization in Test-proxied-https-auth.px test Combination of upstream commits vithout adding support for Valgrind: 3eff3ad69a46364475e1f4abdf9412cfa87e3d6c 2303793a626158627bdb2ac255e0f58697682b24 Signed-off-by: Tomas Hozza --- tests/Test-proxied-https-auth.px | 82 +++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 34 deletions(-) diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px index 1de5357..e1a6c44 100755 --- a/tests/Test-proxied-https-auth.px +++ b/tests/Test-proxied-https-auth.px @@ -1,4 +1,6 @@ #!/usr/bin/env perl +# Simulate a tunneling proxy to a HTTPS URL that needs authentication. +# Use two connections (Connection: close) use strict; use warnings; @@ -39,31 +41,33 @@ sub get_request { } sub do_server { - my $alrm = alarm 10; - + my ($synch_callback) = @_; my $s = $SOCKET; my $conn; my $rqst; my $rspn; + + my %options = ( + SSL_server => 1, + SSL_passwd_cb => sub { return "Hello"; }); + $options{SSL_cert_file} = $cert_path if ($cert_path); + $options{SSL_key_file} = $key_path if ($key_path); + my @options = %options; + + # sync with the parent + $synch_callback->(); + + # Simulate a HTTPS proxy server with tunneling. + for my $expect_inner_auth (0, 1) { $conn = $s->accept; $rqst = $conn->get_request; - - # TODO: expect no auth the first time, request it, expect it the second - # time. - die "Method not CONNECT\n" if ($rqst->method ne 'CONNECT'); $rspn = HTTP::Response->new(200, 'OK'); $conn->send_response($rspn); - my %options = ( - SSL_server => 1, - SSL_passwd_cb => sub { return "Hello"; }); - - $options{SSL_cert_file} = $cert_path if ($cert_path); - $options{SSL_key_file} = $key_path if ($key_path); - - my @options = %options; + # Now switch from plain to SSL (for simulating a transparent tunnel + # to an HTTPS server). $conn = IO::Socket::SSL->new_from_fd($conn->fileno, @options) or die "Couldn't initiate SSL"; @@ -74,14 +78,10 @@ sub do_server { unless ($expect_inner_auth) { die "Early proxied auth\n" if $rqst->header('Authorization'); - # TODO: handle non-persistent connection here. $rspn = HTTP::Response->new(401, 'Unauthorized', [ 'WWW-Authenticate' => 'Basic realm="gondor"', Connection => 'close' ]); - $rspn->protocol('HTTP/1.0'); - print $rspn->as_string; - print $conn $rspn->as_string; } else { die "No proxied auth\n" unless $rqst->header('Authorization'); @@ -89,41 +89,55 @@ sub do_server { 'Content-Type' => 'text/plain', 'Connection' => 'close', ], "foobarbaz\n"); - $rspn->protocol('HTTP/1.0'); - print "=====\n"; - print $rspn->as_string; - print "\n=====\n"; - print $conn $rspn->as_string; } + + $rspn->protocol('HTTP/1.0'); + print STDERR "=====\n"; + print STDERR $rspn->as_string; + print STDERR "\n=====\n"; + print $conn $rspn->as_string; + $conn->close; } + undef $conn; undef $s; - alarm $alrm; } sub fork_server { - my $pid = fork; - die "Couldn't fork" if ($pid < 0); - return $pid if $pid; + pipe(FROM_CHILD, TO_PARENT) or die "Cannot create pipe!"; + select((select(TO_PARENT), $| = 1)[0]); + + my $pid = fork(); + if ($pid < 0) { + die "Cannot fork"; + } elsif ($pid == 0) { + # child + close FROM_CHILD; + do_server(sub { print TO_PARENT "SYNC\n"; close TO_PARENT }); + exit 0; + } else { + # parent + close TO_PARENT; + chomp(my $line = ); + close FROM_CHILD; + } - &do_server; - exit; + return $pid; } -system ('rm -f needs-auth.txt'); +unlink "needs-auth.txt"; my $pid = &fork_server; -sleep 1; my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" . " --password=Dodgson -e https_proxy=localhost:{{port}}" . " --no-check-certificate" . " https://no.such.domain/needs-auth.txt"; $cmdline =~ s/{{port}}/$SOCKET->sockport()/e; -my $code = system($cmdline); -system ('rm -f needs-auth.txt'); +my $code = system($cmdline . " 2>&1") >> 8; +unlink "needs-auth.txt"; warn "Got code: $code\n" if $code; kill ('TERM', $pid); -exit ($code >> 8); +exit ($code != 0); -- 2.7.4