#!perl -w
use strict;
use Net::SSLeay;
use Socket;
use IO::Socket::SSL;
if ( grep { $^O =~m{$_} } qw( MacOS VOS vmesa riscos amigaos ) ) {
print "1..0 # Skipped: fork not implemented on this platform\n";
exit
}
if ( ! IO::Socket::SSL->can_server_sni() ) {
print "1..0 # skipped because no server side SNI support - openssl/Net::SSleay too old\n";
exit;
}
if ( ! IO::Socket::SSL->can_client_sni() ) {
print "1..0 # skipped because no client side SNI support - openssl/Net::SSleay too old\n";
exit;
}
use vars qw( $SSL_SERVER_ADDR );
do "t/ssl_settings.req" || do "ssl_settings.req";
print "1..17\n";
my $server = IO::Socket::SSL->new(
LocalAddr => $SSL_SERVER_ADDR,
Listen => 2,
ReuseAddr => 1,
SSL_server => 1,
SSL_ca_file => "certs/test-ca.pem",
SSL_cert_file => {
'server.local' => 'certs/server-cert.pem',
'client.local' => 'certs/client-cert.pem',
'smtp.mydomain.local' => "certs/server-wildcard.pem",
'' => "certs/server-wildcard.pem",
},
SSL_key_file => {
'server.local' => 'certs/server-key.pem',
'client.local' => 'certs/client-key.pem',
'smtp.mydomain.local' => "certs/server-wildcard.pem",
'' => "certs/server-wildcard.pem",
},
);
warn "\$!=$!, \$\@=$@, S\$SSL_ERROR=$SSL_ERROR" if ! $server;
print "not ok\n", exit if !$server;
print "ok # Server Initialization\n";
my $SSL_SERVER_PORT = $server->sockport;
# www13.other.local should match default ''
# all other should match the specific entries
my @tests = qw(
server.local
client.local
smtp.mydomain.local
www13.other.local
);
defined( my $pid = fork() ) || die $!;
if ( $pid == 0 ) {
close($server);
for my $host (@tests) {
my $client = IO::Socket::SSL->new(
PeerAddr => $SSL_SERVER_ADDR,
PeerPort => $SSL_SERVER_PORT,
SSL_verify_mode => 1,
SSL_hostname => $host,
) || print "not ";
print "ok # client ssl connect $host\n";
$client->verify_hostname($host,'http') or print "not ";
print "ok # client verify hostname in cert $host\n";
}
exit;
}
for my $host (@tests) {
my $csock = $server->accept or print "not ";
print "ok # server accept\n";
my $name = $csock->get_servername;
print "not " if ! $name or $name ne $host;
print "ok # server got SNI name $host\n";
}
wait;