diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-12-31 01:25:08 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-12-31 01:25:08 +0000 |
| commit | 7a98d0851fc8c16df29353c1f74e16abfa641bd7 (patch) | |
| tree | 2c7a50c852c28064f51c339eb58fe07dc89528da /regress/usr.sbin/relayd | |
| parent | 658bb976f84d0f9a89a765979cc53905359b01b5 (diff) | |
Create CA and certificates for TLS tests consistently. Better
logging of SSL errors. Do not import unneeded Socket constants.
Diffstat (limited to 'regress/usr.sbin/relayd')
| -rw-r--r-- | regress/usr.sbin/relayd/Client.pm | 6 | ||||
| -rw-r--r-- | regress/usr.sbin/relayd/Makefile | 21 | ||||
| -rw-r--r-- | regress/usr.sbin/relayd/Server.pm | 14 |
3 files changed, 24 insertions, 17 deletions
diff --git a/regress/usr.sbin/relayd/Client.pm b/regress/usr.sbin/relayd/Client.pm index 8a8a95f3593..8d4edd84df6 100644 --- a/regress/usr.sbin/relayd/Client.pm +++ b/regress/usr.sbin/relayd/Client.pm @@ -1,6 +1,6 @@ -# $OpenBSD: Client.pm,v 1.8 2014/07/11 15:38:44 bluhm Exp $ +# $OpenBSD: Client.pm,v 1.9 2014/12/31 01:25:07 bluhm Exp $ -# Copyright (c) 2010-2012 Alexander Bluhm <bluhm@openbsd.org> +# Copyright (c) 2010-2014 Alexander Bluhm <bluhm@openbsd.org> # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -20,7 +20,7 @@ use warnings; package Client; use parent 'Proc'; use Carp; -use Socket qw(IPPROTO_TCP TCP_NODELAY); +use Socket; use Socket6; use IO::Socket; use IO::Socket::INET6; diff --git a/regress/usr.sbin/relayd/Makefile b/regress/usr.sbin/relayd/Makefile index 1033fb21508..90fd808148e 100644 --- a/regress/usr.sbin/relayd/Makefile +++ b/regress/usr.sbin/relayd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2014/07/11 20:41:20 bluhm Exp $ +# $OpenBSD: Makefile,v 1.10 2014/12/31 01:25:07 bluhm Exp $ # The following ports must be installed for the regression tests: # p5-IO-Socket-INET6 object interface for AF_INET and AF_INET6 domain sockets @@ -34,7 +34,8 @@ REMOTE_SSH ?= ARGS != cd ${.CURDIR} && ls args-*.pl TARGETS ?= ${ARGS} REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} -CLEANFILES += *.log *.pem *.crt *.key relayd.conf ktrace.out stamp-* +CLEANFILES += *.log relayd.conf ktrace.out stamp-* +CLEANFILES += *.pem *.req *.crt *.key *.srl # Set variables so that make runs with and without obj directory. # Only do that if necessary to keep visible output short. @@ -63,11 +64,11 @@ run-regress-$a: $a .endif .endfor -# create the certificates for SSL +# create certificates for TLS .for ip in ${REMOTE_ADDR} 127.0.0.1 ${ip}.crt: - openssl req -batch -new -nodes -newkey rsa -keyout ${ip}.key -subj /CN=${ip}/ -x509 -out $@ + openssl req -batch -new -subj /L=OpenBSD/O=relayd-regress/OU=relay/CN=${ip}/ -nodes -newkey rsa -keyout ${ip}.key -x509 -out $@ .if empty (REMOTE_SSH) ${SUDO} cp 127.0.0.1.crt /etc/ssl/ ${SUDO} cp 127.0.0.1.key /etc/ssl/private/ @@ -77,10 +78,16 @@ ${ip}.crt: .endif .endfor -server-cert.pem: - openssl req -batch -new -nodes -newkey rsa -keyout server-key.pem -subj /CN=localhost/ -x509 -out $@ +ca.crt: + openssl req -batch -new -subj /L=OpenBSD/O=relayd-regress/OU=ca/CN=root/ -nodes -newkey rsa -keyout ca.key -x509 -out ca.crt -${REGRESS_TARGETS:M*ssl*} ${REGRESS_TARGETS:M*https*}: server-cert.pem +server.req: + openssl req -batch -new -subj /L=OpenBSD/O=relayd-regress/OU=server/CN=localhost/ -nodes -newkey rsa -keyout server.key -out server.req + +server.crt: ca.crt server.req + openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt -req -in server.req -out server.crt + +${REGRESS_TARGETS:M*ssl*} ${REGRESS_TARGETS:M*https*}: server.crt .if empty (REMOTE_SSH) ${REGRESS_TARGETS:M*ssl*} ${REGRESS_TARGETS:M*https*}: 127.0.0.1.crt .else diff --git a/regress/usr.sbin/relayd/Server.pm b/regress/usr.sbin/relayd/Server.pm index 70a492aeb79..a860eeb82e5 100644 --- a/regress/usr.sbin/relayd/Server.pm +++ b/regress/usr.sbin/relayd/Server.pm @@ -1,6 +1,6 @@ -# $OpenBSD: Server.pm,v 1.6 2014/07/10 10:19:06 bluhm Exp $ +# $OpenBSD: Server.pm,v 1.7 2014/12/31 01:25:07 bluhm Exp $ -# Copyright (c) 2010-2012 Alexander Bluhm <bluhm@openbsd.org> +# Copyright (c) 2010-2014 Alexander Bluhm <bluhm@openbsd.org> # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -20,7 +20,7 @@ use warnings; package Server; use parent 'Proc'; use Carp; -use Socket qw(IPPROTO_TCP TCP_NODELAY); +use Socket; use Socket6; use IO::Socket; use IO::Socket::INET6; @@ -43,8 +43,8 @@ sub new { Listen => 1, $self->{listenaddr} ? (LocalAddr => $self->{listenaddr}) : (), $self->{listenport} ? (LocalPort => $self->{listenport}) : (), - SSL_key_file => "server-key.pem", - SSL_cert_file => "server-cert.pem", + SSL_key_file => "server.key", + SSL_cert_file => "server.crt", SSL_verify_mode => SSL_VERIFY_NONE, ) or die ref($self), " $iosocket socket listen failed: $!,$SSL_ERROR"; my $log = $self->{log}; @@ -62,9 +62,9 @@ sub child { shutdown(\*STDOUT, SHUT_WR); delete $self->{as}; - my $iosocket = $self->{ssl} ? "IO::Socket::SSL" : "IO::Socket::INET6"; my $as = $self->{ls}->accept() - or die ref($self), " $iosocket socket accept failed: $!"; + or die ref($self)," ",ref($self->{ls}), + " socket accept failed: $!,$SSL_ERROR"; print STDERR "accept sock: ",$as->sockhost()," ",$as->sockport(),"\n"; print STDERR "accept peer: ",$as->peerhost()," ",$as->peerport(),"\n"; |