|
Packit |
bd23c0 |
#!perl
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
use 5.008001;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
use strict;
|
|
Packit |
bd23c0 |
use warnings;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
use Config;
|
|
Packit |
bd23c0 |
use File::Temp 'tempfile';
|
|
Packit |
bd23c0 |
use Net::NNTP;
|
|
Packit |
bd23c0 |
use Test::More;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
my $debug = 0; # Net::NNTP Debug => ..
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
my $parent = 0;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
plan skip_all => "no SSL support found in Net::NNTP" if ! Net::NNTP->can_ssl;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
plan skip_all => "fork not supported on this platform"
|
|
Packit |
bd23c0 |
unless $Config::Config{d_fork} || $Config::Config{d_pseudofork} ||
|
|
Packit |
bd23c0 |
(($^O eq 'MSWin32' || $^O eq 'NetWare') and
|
|
Packit |
bd23c0 |
$Config::Config{useithreads} and
|
|
Packit |
bd23c0 |
$Config::Config{ccflags} =~ /-DPERL_IMPLICIT_SYS/);
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
my $srv = IO::Socket::INET->new(
|
|
Packit |
bd23c0 |
LocalAddr => '127.0.0.1',
|
|
Packit |
bd23c0 |
Listen => 10
|
|
Packit |
bd23c0 |
);
|
|
Packit |
bd23c0 |
plan skip_all => "cannot create listener on localhost: $!" if ! $srv;
|
|
Packit |
bd23c0 |
my $host = $srv->sockhost;
|
|
Packit |
bd23c0 |
my $port = $srv->sockport;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
plan tests => 2;
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
require IO::Socket::SSL::Utils;
|
|
Packit |
bd23c0 |
my ($ca,$key) = IO::Socket::SSL::Utils::CERT_create( CA => 1 );
|
|
Packit |
bd23c0 |
my ($fh,$cafile) = tempfile();
|
|
Packit |
bd23c0 |
print $fh IO::Socket::SSL::Utils::PEM_cert2string($ca);
|
|
Packit |
bd23c0 |
close($fh);
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
$parent = $$;
|
|
Packit |
bd23c0 |
END { unlink($cafile) if $$ == $parent }
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
my ($cert) = IO::Socket::SSL::Utils::CERT_create(
|
|
Packit |
bd23c0 |
subject => { CN => 'nntp.example.com' },
|
|
Packit |
bd23c0 |
issuer_cert => $ca, issuer_key => $key,
|
|
Packit |
bd23c0 |
key => $key
|
|
Packit |
bd23c0 |
);
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
test(1); # direct ssl
|
|
Packit |
bd23c0 |
test(0); # starttls
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
sub test {
|
|
Packit |
bd23c0 |
my $ssl = shift;
|
|
Packit |
bd23c0 |
defined( my $pid = fork()) or die "fork failed: $!";
|
|
Packit |
bd23c0 |
exit(nntp_server($ssl)) if ! $pid;
|
|
Packit |
bd23c0 |
nntp_client($ssl);
|
|
Packit |
bd23c0 |
wait;
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
sub nntp_client {
|
|
Packit |
bd23c0 |
my $ssl = shift;
|
|
Packit |
bd23c0 |
my %sslopt = (
|
|
Packit |
bd23c0 |
SSL_verifycn_name => 'nntp.example.com',
|
|
Packit |
bd23c0 |
SSL_ca_file => $cafile
|
|
Packit |
bd23c0 |
);
|
|
Packit |
bd23c0 |
$sslopt{SSL} = 1 if $ssl;
|
|
Packit |
bd23c0 |
my $cl = Net::NNTP->new(
|
|
Packit |
bd23c0 |
Host => $host,
|
|
Packit |
bd23c0 |
Port => $port,
|
|
Packit |
bd23c0 |
Debug => $debug,
|
|
Packit |
bd23c0 |
%sslopt,
|
|
Packit |
bd23c0 |
);
|
|
Packit |
bd23c0 |
note("created Net::NNTP object");
|
|
Packit |
bd23c0 |
if (!$cl) {
|
|
Packit |
bd23c0 |
fail( ($ssl ? "SSL ":"" )."NNTP connect failed");
|
|
Packit |
bd23c0 |
} elsif ($ssl) {
|
|
Packit |
bd23c0 |
$cl->quit;
|
|
Packit |
bd23c0 |
pass("SSL NNTP connect success");
|
|
Packit |
bd23c0 |
} elsif ( ! $cl->starttls ) {
|
|
Packit |
bd23c0 |
no warnings 'once';
|
|
Packit |
bd23c0 |
fail("starttls failed: $IO::Socket::SSL::SSL_ERROR");
|
|
Packit |
bd23c0 |
} else {
|
|
Packit |
bd23c0 |
$cl->quit;
|
|
Packit |
bd23c0 |
pass("starttls success");
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
sub nntp_server {
|
|
Packit |
bd23c0 |
my $ssl = shift;
|
|
Packit |
bd23c0 |
my $cl = $srv->accept or die "accept failed: $!";
|
|
Packit |
bd23c0 |
my %sslargs = (
|
|
Packit |
bd23c0 |
SSL_server => 1,
|
|
Packit |
bd23c0 |
SSL_cert => $cert,
|
|
Packit |
bd23c0 |
SSL_key => $key,
|
|
Packit |
bd23c0 |
);
|
|
Packit |
bd23c0 |
if ( $ssl ) {
|
|
Packit |
bd23c0 |
if ( ! IO::Socket::SSL->start_SSL($cl, %sslargs)) {
|
|
Packit |
bd23c0 |
diag("initial ssl handshake with client failed");
|
|
Packit |
bd23c0 |
return;
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
print $cl "200 nntp.example.com\r\n";
|
|
Packit |
bd23c0 |
while (<$cl>) {
|
|
Packit |
bd23c0 |
my ($cmd,$arg) = m{^(\S+)(?: +(.*))?\r\n} or die $_;
|
|
Packit |
bd23c0 |
$cmd = uc($cmd);
|
|
Packit |
bd23c0 |
if ($cmd eq 'QUIT' ) {
|
|
Packit |
bd23c0 |
print $cl "205 bye\r\n";
|
|
Packit |
bd23c0 |
last;
|
|
Packit |
bd23c0 |
} elsif ( $cmd eq 'MODE' ) {
|
|
Packit |
bd23c0 |
print $cl "201 Posting denied\r\n";
|
|
Packit |
bd23c0 |
} elsif ( ! $ssl and $cmd eq 'STARTTLS' ) {
|
|
Packit |
bd23c0 |
print $cl "382 Continue with TLS negotiation\r\n";
|
|
Packit |
bd23c0 |
if ( ! IO::Socket::SSL->start_SSL($cl, %sslargs)) {
|
|
Packit |
bd23c0 |
diag("initial ssl handshake with client failed");
|
|
Packit |
bd23c0 |
return;
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
$ssl = 1;
|
|
Packit |
bd23c0 |
} else {
|
|
Packit |
bd23c0 |
diag("received unknown command: $cmd");
|
|
Packit |
bd23c0 |
print "500 unknown cmd\r\n";
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
}
|
|
Packit |
bd23c0 |
|
|
Packit |
bd23c0 |
note("NNTP dialog done");
|
|
Packit |
bd23c0 |
}
|