secureserver.pl 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298
  1. #!/usr/bin/env perl
  2. #***************************************************************************
  3. # _ _ ____ _
  4. # Project ___| | | | _ \| |
  5. # / __| | | | |_) | |
  6. # | (__| |_| | _ <| |___
  7. # \___|\___/|_| \_\_____|
  8. #
  9. # Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  10. #
  11. # This software is licensed as described in the file COPYING, which
  12. # you should have received as part of this distribution. The terms
  13. # are also available at http://curl.haxx.se/docs/copyright.html.
  14. #
  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. # copies of the Software, and permit persons to whom the Software is
  17. # furnished to do so, under the terms of the COPYING file.
  18. #
  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. # KIND, either express or implied.
  21. #
  22. #***************************************************************************
  23. # This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test
  24. # harness. Actually just a layer that runs stunnel properly using the
  25. # non-secure test harness servers.
  26. BEGIN {
  27. @INC=(@INC, $ENV{'srcdir'}, '.');
  28. }
  29. use strict;
  30. use warnings;
  31. use Cwd;
  32. use serverhelp qw(
  33. server_pidfilename
  34. server_logfilename
  35. );
  36. my $stunnel = "stunnel";
  37. my $verbose=0; # set to 1 for debugging
  38. my $accept_port = 8991; # just our default, weird enough
  39. my $target_port = 8999; # default test http-server port
  40. my $stuncert;
  41. my $ver_major;
  42. my $ver_minor;
  43. my $stunnel_version;
  44. my $socketopt;
  45. my $cmd;
  46. my $pidfile; # stunnel pid file
  47. my $logfile; # stunnel log file
  48. my $loglevel = 5; # stunnel log level
  49. my $ipvnum = 4; # default IP version of stunneled server
  50. my $idnum = 1; # dafault stunneled server instance number
  51. my $proto = 'https'; # default secure server protocol
  52. my $conffile; # stunnel configuration file
  53. my $certfile; # certificate chain PEM file
  54. #***************************************************************************
  55. # stunnel requires full path specification for several files.
  56. #
  57. my $path = getcwd();
  58. my $srcdir = $path;
  59. my $logdir = $path .'/log';
  60. #***************************************************************************
  61. # Signal handler to remove our stunnel 4.00 and newer configuration file.
  62. #
  63. sub exit_signal_handler {
  64. my $signame = shift;
  65. local $!; # preserve errno
  66. local $?; # preserve exit status
  67. unlink($conffile) if($conffile && (-f $conffile));
  68. exit;
  69. }
  70. #***************************************************************************
  71. # Process command line options
  72. #
  73. while(@ARGV) {
  74. if($ARGV[0] eq '--verbose') {
  75. $verbose = 1;
  76. }
  77. elsif($ARGV[0] eq '--proto') {
  78. if($ARGV[1]) {
  79. $proto = $ARGV[1];
  80. shift @ARGV;
  81. }
  82. }
  83. elsif($ARGV[0] eq '--accept') {
  84. if($ARGV[1]) {
  85. if($ARGV[1] =~ /^(\d+)$/) {
  86. $accept_port = $1;
  87. shift @ARGV;
  88. }
  89. }
  90. }
  91. elsif($ARGV[0] eq '--connect') {
  92. if($ARGV[1]) {
  93. if($ARGV[1] =~ /^(\d+)$/) {
  94. $target_port = $1;
  95. shift @ARGV;
  96. }
  97. }
  98. }
  99. elsif($ARGV[0] eq '--stunnel') {
  100. if($ARGV[1]) {
  101. $stunnel = $ARGV[1];
  102. shift @ARGV;
  103. }
  104. }
  105. elsif($ARGV[0] eq '--srcdir') {
  106. if($ARGV[1]) {
  107. $srcdir = $ARGV[1];
  108. shift @ARGV;
  109. }
  110. }
  111. elsif($ARGV[0] eq '--certfile') {
  112. if($ARGV[1]) {
  113. $stuncert = $ARGV[1];
  114. shift @ARGV;
  115. }
  116. }
  117. elsif($ARGV[0] eq '--id') {
  118. if($ARGV[1]) {
  119. if($ARGV[1] =~ /^(\d+)$/) {
  120. $idnum = $1 if($1 > 0);
  121. shift @ARGV;
  122. }
  123. }
  124. }
  125. elsif($ARGV[0] eq '--ipv4') {
  126. $ipvnum = 4;
  127. }
  128. elsif($ARGV[0] eq '--ipv6') {
  129. $ipvnum = 6;
  130. }
  131. elsif($ARGV[0] eq '--pidfile') {
  132. if($ARGV[1]) {
  133. $pidfile = "$path/". $ARGV[1];
  134. shift @ARGV;
  135. }
  136. }
  137. elsif($ARGV[0] eq '--logfile') {
  138. if($ARGV[1]) {
  139. $logfile = "$path/". $ARGV[1];
  140. shift @ARGV;
  141. }
  142. }
  143. else {
  144. print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n";
  145. }
  146. shift @ARGV;
  147. }
  148. #***************************************************************************
  149. # Initialize command line option dependant variables
  150. #
  151. if(!$pidfile) {
  152. $pidfile = "$path/". server_pidfilename($proto, $ipvnum, $idnum);
  153. }
  154. if(!$logfile) {
  155. $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum);
  156. }
  157. $conffile = "$path/stunnel.conf";
  158. $certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem");
  159. my $ssltext = uc($proto) ." SSL/TLS:";
  160. #***************************************************************************
  161. # Find out version info for the given stunnel binary
  162. #
  163. foreach my $veropt (('-version', '-V')) {
  164. foreach my $verstr (qx($stunnel $veropt 2>&1)) {
  165. if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
  166. $ver_major = $1;
  167. $ver_minor = $2;
  168. last;
  169. }
  170. }
  171. last if($ver_major);
  172. }
  173. if((!$ver_major) || (!$ver_minor)) {
  174. if(-x "$stunnel" && ! -d "$stunnel") {
  175. print "$ssltext Unknown stunnel version\n";
  176. }
  177. else {
  178. print "$ssltext No stunnel\n";
  179. }
  180. exit 1;
  181. }
  182. $stunnel_version = (100*$ver_major) + $ver_minor;
  183. #***************************************************************************
  184. # Verify minimmum stunnel required version
  185. #
  186. if($stunnel_version < 310) {
  187. print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n";
  188. exit 1;
  189. }
  190. #***************************************************************************
  191. # Build command to execute for stunnel 3.X versions
  192. #
  193. if($stunnel_version < 400) {
  194. if($stunnel_version >= 319) {
  195. $socketopt = "-O a:SO_REUSEADDR=1";
  196. }
  197. $cmd = "$stunnel -p $certfile -P $pidfile ";
  198. $cmd .= "-d $accept_port -r $target_port -f -D $loglevel ";
  199. $cmd .= ($socketopt) ? "$socketopt " : "";
  200. $cmd .= ">$logfile 2>&1";
  201. if($verbose) {
  202. print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
  203. print "cmd: $cmd\n";
  204. print "pem cert file: $certfile\n";
  205. print "pid file: $pidfile\n";
  206. print "log file: $logfile\n";
  207. print "log level: $loglevel\n";
  208. print "listen on port: $accept_port\n";
  209. print "connect to port: $target_port\n";
  210. }
  211. }
  212. #***************************************************************************
  213. # Build command to execute for stunnel 4.00 and newer
  214. #
  215. if($stunnel_version >= 400) {
  216. $socketopt = "a:SO_REUSEADDR=1";
  217. $cmd = "$stunnel $conffile ";
  218. $cmd .= ">$logfile 2>&1";
  219. # setup signal handler
  220. $SIG{INT} = \&exit_signal_handler;
  221. $SIG{TERM} = \&exit_signal_handler;
  222. # stunnel configuration file
  223. if(open(STUNCONF, ">$conffile")) {
  224. print STUNCONF "
  225. CApath = $path
  226. cert = $certfile
  227. pid = $pidfile
  228. debug = $loglevel
  229. output = $logfile
  230. socket = $socketopt
  231. foreground = yes
  232. [curltest]
  233. accept = $accept_port
  234. connect = $target_port
  235. ";
  236. if(!close(STUNCONF)) {
  237. print "$ssltext Error closing file $conffile\n";
  238. exit 1;
  239. }
  240. }
  241. else {
  242. print "$ssltext Error writing file $conffile\n";
  243. exit 1;
  244. }
  245. if($verbose) {
  246. print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n";
  247. print "cmd: $cmd\n";
  248. print "CApath = $path\n";
  249. print "cert = $certfile\n";
  250. print "pid = $pidfile\n";
  251. print "debug = $loglevel\n";
  252. print "output = $logfile\n";
  253. print "socket = $socketopt\n";
  254. print "foreground = yes\n";
  255. print "\n";
  256. print "[curltest]\n";
  257. print "accept = $accept_port\n";
  258. print "connect = $target_port\n";
  259. }
  260. }
  261. #***************************************************************************
  262. # Set file permissions on certificate pem file.
  263. #
  264. chmod(0600, $certfile) if(-f $certfile);
  265. #***************************************************************************
  266. # Run stunnel.
  267. #
  268. my $rc = system($cmd);
  269. $rc >>= 8;
  270. unlink($conffile) if($conffile && -f $conffile);
  271. exit $rc;