1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
|
# Commands tested in this file: socket. -*- tcl -*-
#
# This file contains a collection of tests for one or more of the Tcl
# built-in commands. Sourcing this file into Tcl runs the tests and
# generates output for errors. No output means no errors were found.
#
# Copyright (c) 1994-1996 Sun Microsystems, Inc.
# Copyright (c) 1998-2000 Ajuba Solutions.
# Copyright (c) 1998-2000 Ajuba Solutions.
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
# RCS: @(#) $Id: tlsIO.test,v 1.24 2015/06/06 09:07:08 apnadkarni Exp $
# Running socket tests with a remote server:
# ------------------------------------------
#
#
# Some tests in socket.test depend on the existence of a remote server to
# which they connect. The remote server must be an instance of tcltest and it
# must run the script found in the file "remote.tcl" in this directory. You
# can start the remote server on any machine reachable from the machine on
# which you want to run the socket tests, by issuing:
#
#
# tcltest remote.tcl -port 8048 # Or choose another port number.
#
#
# If the machine you are running the remote server on has several IP
# interfaces, you can choose which interface the server listens on for
# connections by specifying the -address command line flag, so:
#
#
# tcltest remote.tcl -address your.machine.com
#
#
# These options can also be set by environment variables. On Unix, you can
# type these commands to the shell from which the remote server is started:
#
#
# shell% setenv serverPort 8048
# shell% setenv serverAddress your.machine.com
#
#
# and subsequently you can start the remote server with:
#
#
# tcltest remote.tcl
#
#
# to have it listen on port 8048 on the interface your.machine.com.
#
#
# When the server starts, it prints out a detailed message containing its
# configuration information, and it will block until killed with a Ctrl-C.
# Once the remote server exists, you can run the tests in socket.test with
# the server by setting two Tcl variables:
#
#
# % set remoteServerIP <name or address of machine on which server runs>
# % set remoteServerPort 8048
#
#
# These variables are also settable from the environment. On Unix, you can:
#
#
# shell% setenv remoteServerIP machine.where.server.runs
# shell% setenv remoteServerPort 8048
#
#
# The preamble of the socket.test file checks to see if the variables are set
# either in Tcl or in the environment; if they are, it attempts to connect to
# the server. If the connection is successful, the tests using the remote
# server will be performed; otherwise, it will attempt to start the remote
# server (via exec) on platforms that support this, on the local host,
# listening at port 8048. If all fails, a message is printed and the tests
# using the remote server are not performed.
|
︙ | | |
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
-
-
+
+
|
set caCert [file join $certsDir ca.pem]
set serverKey [file join $certsDir server.key]
set clientKey [file join $certsDir client.key]
# Some tests require the testthread and exec commands
set ::tcltest::testConstraints(testthread) \
[expr {[info commands testthread] != {}}]
set ::tcltest::testConstraints(exec) [expr {[info commands exec] != {}}]
[expr {[info commands testthread] ne {}}]
set ::tcltest::testConstraints(exec) [expr {[info commands exec] ne {}}]
#
# If remoteServerIP or remoteServerPort are not set, check in the
# environment variables for externally set values.
#
if {![info exists remoteServerIP]} {
|
︙ | | |
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
-
+
-
+
-
+
|
set ::do_handshake "eof"
} elseif {[catch {tls::handshake $s} result]} {
# Some errors are normal.
dputs "handshake: $result"
} elseif {$result == 1} {
# Handshake complete
if {[llength $args]} { eval [list fconfigure $s] $args }
if {$cmd == ""} {
if {$cmd eq ""} {
fileevent $s $type ""
} else {
fileevent $s $type "$cmd [list $s]"
}
dputs "handshake: complete"
set ::do_handshake "complete"
} else {
dputs "handshake: in progress"
}
}
#
# Check if we're supposed to do tests against the remote server
#
set doTestsWithRemoteServer 1
if {![info exists remoteServerIP] && ($tcl_platform(platform) != "macintosh")} {
if {![info exists remoteServerIP] && ($tcl_platform(platform) ne "macintosh")} {
set remoteServerIP 127.0.0.1
}
if {($doTestsWithRemoteServer == 1) && (![info exists remoteServerPort])} {
set remoteServerPort $tlsServerPort
}
# Attempt to connect to a remote server if one is already running. If it
# is not running or for some other reason the connect fails, attempt to
# start the remote server on the local host listening on port 8048. This
# is only done on platforms that support exec (i.e. not on the Mac). On
# platforms that do not support exec, the remote server must be started
# by the user before running the tests.
set remoteProcChan ""
set commandSocket ""
if {$doTestsWithRemoteServer} {
catch {close $commandSocket}
if {[catch {set commandSocket [tls::socket \
-certfile $clientCert -cafile $caCert -keyfile $clientKey \
$remoteServerIP $remoteServerPort]}] != 0} {
if {[info commands exec] == ""} {
if {[info commands exec] eq ""} {
set noRemoteTestReason "can't exec"
set doTestsWithRemoteServer 0
} else {
set remoteServerIP 127.0.0.1
set remoteFile [file join [pwd] remote.tcl]
if {[catch {set remoteProcChan \
[open "|[list $::tcltest::tcltest $remoteFile \
|
︙ | | |
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
-
-
+
+
|
set resp ""
while {1} {
set line [gets $commandSocket]
if {[eof $commandSocket]} {
error "remote server disappeared"
}
if {[string compare $line "--Marker--Marker--Marker--"] == 0} {
if {[string compare [lindex $resp 0] error] == 0} {
if {$line eq "--Marker--Marker--Marker--"} {
if {[lindex $resp 0] eq "error"} {
error [lindex $resp 1]
} else {
return [lindex $resp 1]
}
} else {
append resp $line "\n"
}
|
︙ | | |
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
|
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
|
-
+
|
proc echo {s} {
global i
set l [gets $s]
if {[eof $s]} {
global x
close $s
set x done
} else {
} else {
incr i
puts $s $l
}
}
set i 0
puts ready
set timer [after 20000 "set x done"]
|
︙ | | |
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
|
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
|
-
+
|
}
}
proc timerproc {} {
global done count c
set done true
set count {timer went off, eof is not sticky}
close $c
}
}
set count 0
set done false
proc write_then_close {s} {
puts $s bye
close $s
}
proc accept {s a p} {
|
︙ | | |
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
|
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
|
-
+
-
+
|
}
set f [tls::socket \
-certfile $clientCert -cafile $caCert -keyfile $clientKey \
$remoteServerIP 8836]
fconfigure $f -translation crlf -buffering line
for {set cnt 0} {$cnt < 50} {incr cnt} {
puts $f "hello, $cnt"
if {[string compare [gets $f] "hello, $cnt"] != 0} {
if {[gets $f] ne "hello, $cnt"} {
break
}
}
close $f
sendCommand {close $socket10_7_test_server}
set cnt
} 50
# Macintosh sockets can have more than one server per port
if {$tcl_platform(platform) == "macintosh"} {
if {$tcl_platform(platform) eq "macintosh"} {
set conflictResult {0 8836}
} else {
set conflictResult {1 {couldn't open socket: address already in use}}
}
test tlsIO-11.6 {socket conflict} {socket doTestsWithRemoteServer} {
set s1 [tls::socket \
|
︙ | | |
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
|
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
|
-
+
|
gets $s3
}
close $s1
close $s2
close $s3
sendCommand {close $socket10_9_test_server}
set i
} 100
} 100
test tlsIO-11.8 {client with several servers} {socket doTestsWithRemoteServer} {
sendCertValues
sendCommand {
tls::init -certfile $serverCert -cafile $caCert -keyfile $serverKey
set s1 [tls::socket -server "accept 4003" 4003]
set s2 [tls::socket -server "accept 4004" 4004]
|
︙ | | |
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
|
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
|
-
+
|
# Read handler on the accepted socket.
global x
global failed
set status [catch {read $file} data]
if {$status != 0} {
set x "read failed, error was $data"
catch { close $file }
} elseif {[string compare {} $data]} {
} elseif {$data ne {}} {
} elseif {[fblocked $file]} {
} elseif {[eof $file]} {
if {$failed} {
set x "$type socket was inherited"
} else {
set x "$type socket was not inherited"
}
|
︙ | | |
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
|
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
|
-
+
-
+
-
+
-
+
-
+
|
proc echo {s} {
global i
set l [gets $s]
if {[eof $s]} {
global x
close $s
set x done
} else {
} else {
incr i
puts $s $l
}
}
set i 0
vwait x
close $f
# thread cleans itself up.
testthread exit
} script
# create a thread
set serverthread [testthread create { source script } ]
update
after 1000
set s [tls::socket 127.0.0.1 8828]
fconfigure $s -buffering line
catch {
puts $s "hello"
gets $s result
}
close $s
update
after 2000
lappend result [threadReap]
set result
} {hello 1}
test tlsIO-14.1 {test tls::unimport} {socket} {
list [catch {tls::unimport} msg] $msg
} {1 {wrong # args: should be "tls::unimport channel"}}
test tlsIO-14.2 {test tls::unimport} {socket} {
list [catch {tls::unimport foo bar} msg] $msg
} {1 {wrong # args: should be "tls::unimport channel"}}
test tlsIO-14.3 {test tls::unimport} {socket} {
list [catch {tls::unimport bogus} msg] $msg
} {1 {can not find channel named "bogus"}}
test tlsIO-14.4 {test tls::unimport} {socket} {
# stdin can take different names as the "top" channel
list [catch {tls::unimport stdin} msg] \
[string match {bad channel "*": not a TLS channel} $msg]
[string match {bad channel "*": not a stacked channel} $msg]
} {1 1}
test tlsIO-14.5 {test tls::unimport} {socket} {
set len 0
set spurious 0
set done 0
proc readlittle {s} {
global spurious done len
|
︙ | | |
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
|
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
|
-
+
-
+
|
test tls-bug58-1.0 {test protocol negotiation failure} {socket} {
# Following code is based on what was reported in bug #58. Prior
# to fix the program would crash with a segfault.
proc Accept {sock args} {
fconfigure $sock -blocking 0;
fileevent $sock readable [list Handshake $sock]
}
}
proc Handshake {sock} {
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
# Server - Only accept TLS 1.2
set s [tls::socket \
-certfile $serverCert -cafile $caCert -keyfile $serverKey -request 0 \
-require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 \
|
︙ | | |