2
0

secureserver.pl 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299
  1. #!/usr/bin/env perl
  2. #***************************************************************************
  3. # _ _ ____ _
  4. # Project ___| | | | _ \| |
  5. # / __| | | | |_) | |
  6. # | (__| |_| | _ <| |___
  7. # \___|\___/|_| \_\_____|
  8. #
  9. # Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. #
  11. # This software is licensed as described in the file COPYING, which
  12. # you should have received as part of this distribution. The terms
  13. # are also available at http://curl.haxx.se/docs/copyright.html.
  14. #
  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. # copies of the Software, and permit persons to whom the Software is
  17. # furnished to do so, under the terms of the COPYING file.
  18. #
  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. # KIND, either express or implied.
  21. #
  22. #***************************************************************************
  23. # This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
  24. # harness. Actually just a layer that runs stunnel properly using the
  25. # non-secure test harness servers.
  26. BEGIN {
  27. push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'});
  28. push(@INC, ".");
  29. }
  30. use strict;
  31. use warnings;
  32. use Cwd;
  33. use serverhelp qw(
  34. server_pidfilename
  35. server_logfilename
  36. );
  37. my $stunnel = "stunnel";
  38. my $verbose=0; # set to 1 for debugging
  39. my $accept_port = 8991; # just our default, weird enough
  40. my $target_port = 8999; # default test http-server port
  41. my $stuncert;
  42. my $ver_major;
  43. my $ver_minor;
  44. my $stunnel_version;
  45. my $socketopt;
  46. my $cmd;
  47. my $pidfile; # stunnel pid file
  48. my $logfile; # stunnel log file
  49. my $loglevel = 5; # stunnel log level
  50. my $ipvnum = 4; # default IP version of stunneled server
  51. my $idnum = 1; # dafault stunneled server instance number
  52. my $proto = 'https'; # default secure server protocol
  53. my $conffile; # stunnel configuration file
  54. my $certfile; # certificate chain PEM file
  55. #***************************************************************************
  56. # stunnel requires full path specification for several files.
  57. #
  58. my $path = getcwd();
  59. my $srcdir = $path;
  60. my $logdir = $path .'/log';
  61. #***************************************************************************
  62. # Signal handler to remove our stunnel 4.00 and newer configuration file.
  63. #
  64. sub exit_signal_handler {
  65. my $signame = shift;
  66. local $!; # preserve errno
  67. local $?; # preserve exit status
  68. unlink($conffile) if($conffile && (-f $conffile));
  69. exit;
  70. }
  71. #***************************************************************************
  72. # Process command line options
  73. #
  74. while(@ARGV) {
  75. if($ARGV[0] eq '--verbose') {
  76. $verbose = 1;
  77. }
  78. elsif($ARGV[0] eq '--proto') {
  79. if($ARGV[1]) {
  80. $proto = $ARGV[1];
  81. shift @ARGV;
  82. }
  83. }
  84. elsif($ARGV[0] eq '--accept') {
  85. if($ARGV[1]) {
  86. if($ARGV[1] =~ /^(\d+)$/) {
  87. $accept_port = $1;
  88. shift @ARGV;
  89. }
  90. }
  91. }
  92. elsif($ARGV[0] eq '--connect') {
  93. if($ARGV[1]) {
  94. if($ARGV[1] =~ /^(\d+)$/) {
  95. $target_port = $1;
  96. shift @ARGV;
  97. }
  98. }
  99. }
  100. elsif($ARGV[0] eq '--stunnel') {
  101. if($ARGV[1]) {
  102. $stunnel = $ARGV[1];
  103. shift @ARGV;
  104. }
  105. }
  106. elsif($ARGV[0] eq '--srcdir') {
  107. if($ARGV[1]) {
  108. $srcdir = $ARGV[1];
  109. shift @ARGV;
  110. }
  111. }
  112. elsif($ARGV[0] eq '--certfile') {
  113. if($ARGV[1]) {
  114. $stuncert = $ARGV[1];
  115. shift @ARGV;
  116. }
  117. }
  118. elsif($ARGV[0] eq '--id') {
  119. if($ARGV[1]) {
  120. if($ARGV[1] =~ /^(\d+)$/) {
  121. $idnum = $1 if($1 > 0);
  122. shift @ARGV;
  123. }
  124. }
  125. }
  126. elsif($ARGV[0] eq '--ipv4') {
  127. $ipvnum = 4;
  128. }
  129. elsif($ARGV[0] eq '--ipv6') {
  130. $ipvnum = 6;
  131. }
  132. elsif($ARGV[0] eq '--pidfile') {
  133. if($ARGV[1]) {
  134. $pidfile = "$path/". $ARGV[1];
  135. shift @ARGV;
  136. }
  137. }
  138. elsif($ARGV[0] eq '--logfile') {
  139. if($ARGV[1]) {
  140. $logfile = "$path/". $ARGV[1];
  141. shift @ARGV;
  142. }
  143. }
  144. else {
  145. print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
  146. }
  147. shift @ARGV;
  148. }
  149. #***************************************************************************
  150. # Initialize command line option dependant variables
  151. #
  152. if(!$pidfile) {
  153. $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
  154. }
  155. if(!$logfile) {
  156. $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
  157. }
  158. $conffile = "$path/stunnel.conf";
  159. $certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
  160. my $ssltext = uc($proto) ." SSL/TLS:";
  161. #***************************************************************************
  162. # Find out version info for the given stunnel binary
  163. #
  164. foreach my $veropt (('-version', '-V')) {
  165. foreach my $verstr (qx($stunnel $veropt 2>&1)) {
  166. if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
  167. $ver_major = $1;
  168. $ver_minor = $2;
  169. last;
  170. }
  171. }
  172. last if($ver_major);
  173. }
  174. if((!$ver_major) || (!$ver_minor)) {
  175. if(-x "$stunnel" && ! -d "$stunnel") {
  176. print "$ssltext Unknown stunnel version\n";
  177. }
  178. else {
  179. print "$ssltext No stunnel\n";
  180. }
  181. exit 1;
  182. }
  183. $stunnel_version = (100*$ver_major) + $ver_minor;
  184. #***************************************************************************
  185. # Verify minimmum stunnel required version
  186. #
  187. if($stunnel_version < 310) {
  188. print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
  189. exit 1;
  190. }
  191. #***************************************************************************
  192. # Build command to execute for stunnel 3.X versions
  193. #
  194. if($stunnel_version < 400) {
  195. if($stunnel_version >= 319) {
  196. $socketopt = "-O a:SO_REUSEADDR=1";
  197. }
  198. $cmd = "$stunnel -p $certfile -P $pidfile ";
  199. $cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
  200. $cmd .= ($socketopt) ? "$socketopt " : "";
  201. $cmd .= ">$logfile 2>&1";
  202. if($verbose) {
  203. print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
  204. print "cmd: $cmd\n";
  205. print "pem cert file: $certfile\n";
  206. print "pid file: $pidfile\n";
  207. print "log file: $logfile\n";
  208. print "log level: $loglevel\n";
  209. print "listen on port: $accept_port\n";
  210. print "connect to port: $target_port\n";
  211. }
  212. }
  213. #***************************************************************************
  214. # Build command to execute for stunnel 4.00 and newer
  215. #
  216. if($stunnel_version >= 400) {
  217. $socketopt = "a:SO_REUSEADDR=1";
  218. $cmd = "$stunnel $conffile ";
  219. $cmd .= ">$logfile 2>&1";
  220. # setup signal handler
  221. $SIG{INT} = \&exit_signal_handler;
  222. $SIG{TERM} = \&exit_signal_handler;
  223. # stunnel configuration file
  224. if(open(STUNCONF, ">$conffile")) {
  225. print STUNCONF "
  226. CApath = $path
  227. cert = $certfile
  228. pid = $pidfile
  229. debug = $loglevel
  230. output = $logfile
  231. socket = $socketopt
  232. foreground = yes
  233. [curltest]
  234. accept = $accept_port
  235. connect = $target_port
  236. ";
  237. if(!close(STUNCONF)) {
  238. print "$ssltext Error closing file $conffile\n";
  239. exit 1;
  240. }
  241. }
  242. else {
  243. print "$ssltext Error writing file $conffile\n";
  244. exit 1;
  245. }
  246. if($verbose) {
  247. print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
  248. print "cmd: $cmd\n";
  249. print "CApath = $path\n";
  250. print "cert = $certfile\n";
  251. print "pid = $pidfile\n";
  252. print "debug = $loglevel\n";
  253. print "output = $logfile\n";
  254. print "socket = $socketopt\n";
  255. print "foreground = yes\n";
  256. print "\n";
  257. print "[curltest]\n";
  258. print "accept = $accept_port\n";
  259. print "connect = $target_port\n";
  260. }
  261. }
  262. #***************************************************************************
  263. # Set file permissions on certificate pem file.
  264. #
  265. chmod(0600, $certfile) if(-f $certfile);
  266. #***************************************************************************
  267. # Run stunnel.
  268. #
  269. my $rc = system($cmd);
  270. $rc >>= 8;
  271. unlink($conffile) if($conffile && -f $conffile);
  272. exit $rc;