From ac346b5abcfa6253bd792091e5fb011774c40d49 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Wed, 7 Sep 2011 00:36:58 +0000
Subject: add preliminary SSL support

This will also be the foundation of SSL support in Rainbows!
and Zbatery.  Some users may also want to use this in
Unicorn on LANs to meet certain security/auditing requirements.
Of course, Nightmare! (in whatever form) should also be able to
use it.
---
 t/.gitignore                  |  2 ++
 t/sslgen.sh                   | 63 +++++++++++++++++++++++++++++++++++++++++++
 t/t0600-https-server-basic.sh | 48 +++++++++++++++++++++++++++++++++
 3 files changed, 113 insertions(+)
 create mode 100755 t/sslgen.sh
 create mode 100755 t/t0600-https-server-basic.sh

(limited to 't')

diff --git a/t/.gitignore b/t/.gitignore
index a0c1c36..2312321 100644
--- a/t/.gitignore
+++ b/t/.gitignore
@@ -1,2 +1,4 @@
 /random_blob
 /.dep+*
+/*.crt
+/*.key
diff --git a/t/sslgen.sh b/t/sslgen.sh
new file mode 100755
index 0000000..3fd070a
--- /dev/null
+++ b/t/sslgen.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+set -e
+set -x
+
+certinfo() {
+	echo US
+	echo Hell
+	echo A Very Special Place
+	echo Monkeys
+	echo Poo-Flingers
+	echo 127.0.0.1
+	echo kgio@bogomips.org
+}
+
+certinfo2() {
+	certinfo
+	echo
+	echo
+}
+
+ca_certinfo () {
+	echo US
+	echo Hell
+	echo An Even More Special Place
+	echo Deranged Monkeys
+	echo Poo-Hurlers
+	echo 127.6.6.6
+	echo unicorn@bogomips.org
+}
+
+openssl genrsa -out ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt
+
+openssl genrsa -out bad-ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt
+
+openssl genrsa -out server.key 512
+certinfo2 | openssl req -new -key server.key -out server.csr
+
+openssl x509 -req -days 666 \
+	-in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
+n=2
+mk_client_cert () {
+	CLIENT=$1
+	openssl genrsa -out $CLIENT.key 512
+	certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr
+
+	openssl x509 -req -days 666 \
+		-in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \
+		-out $CLIENT.crt
+	rm -f $CLIENT.csr
+	n=$(($n + 1))
+}
+
+CA=ca
+mk_client_cert client1
+mk_client_cert client2
+
+CA=bad-ca mk_client_cert bad-client
+
+rm -f server.csr
+
+echo OK
diff --git a/t/t0600-https-server-basic.sh b/t/t0600-https-server-basic.sh
new file mode 100755
index 0000000..5dd0d65
--- /dev/null
+++ b/t/t0600-https-server-basic.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+. ./test-lib.sh
+t_plan 7 "simple HTTPS connection tests"
+
+t_begin "setup and start" && {
+	rtmpfiles curl_err
+	unicorn_setup
+cat > $unicorn_config <<EOF
+ssl do
+  listen "$listen"
+  ssl_certificate "server.crt"
+  ssl_certificate_key "server.key"
+end
+pid "$pid"
+stderr_path "$r_err"
+stdout_path "$r_out"
+EOF
+	unicorn -D -c $unicorn_config env.ru
+	unicorn_wait_start
+}
+
+t_begin "single request" && {
+	curl -sSfv --cacert ca.crt https://$listen/
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_begin "multiple requests" && {
+	curl -sSfv --no-keepalive --cacert ca.crt \
+		https://$listen/ https://$listen/ 2>> $curl_err >> $tmp
+		dbgcat curl_err
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_begin "killing succeeds" && {
+	kill $unicorn_pid
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_done
-- 
cgit v1.2.3-24-ge0c7