#!perl
use strict;
use warnings;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
my $set_groups_list =
defined &Net::SSLeay::CTX_set1_groups_list ? \&Net::SSLeay::CTX_set1_groups_list :
defined &Net::SSLeay::CTX_set1_curves_list ? \&Net::SSLeay::CTX_set1_curves_list :
do {
print "1..0 # no support for CTX_set1_curves_list or CTX_set1_groups_list\n";
exit;
};
print "1..6\n";
my $server = IO::Socket::SSL->new(
LocalAddr => '127.0.0.1',
Listen => 2,
ReuseAddr => 1,
SSL_server => 1,
SSL_ca_file => "certs/test-ca.pem",
SSL_cert_file => 'certs/server-cert.pem',
SSL_key_file => 'certs/server-key.pem',
SSL_cipher_list => 'ECDHE',
SSL_ecdh_curve => 'P-521:P-384',
);
warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server;
print "not ok\n", exit if !$server;
print "ok # Server Initialization\n";
my $saddr = $server->sockhost.':'.$server->sockport;
my @tests = (
[ 1,'P-521' ],
[ 1,'P-384' ],
[ 0,'P-256' ],
[ 1,'P-384:P-521' ],
[ 1,'P-256:P-384:P-521' ],
);
defined( my $pid = fork() ) || die $!;
if (!$pid) {
close($server);
for my $t (@tests) {
my (undef,$curves) = @$t;
IO::Socket::SSL->new(
PeerAddr => $saddr,
SSL_verify_mode => 1,
SSL_ca_file => 'certs/test-ca.pem',
SSL_ecdh_curve => $curves,
);
}
exit;
}
for my $t (@tests) {
my ($expect_ok,$curves) = @$t;
my $csock = $server->accept;
if ($csock && $expect_ok) {
print "ok # expect success $curves\n";
} elsif (!$csock && !$expect_ok) {
print "ok # expect fail $curves: $SSL_ERROR\n";
} elsif ($csock) {
print "not ok # expect fail $curves\n";
} else {
print "not ok # expect success $curves: $SSL_ERROR\n";
}
}
wait;