Index: tests/remote.tcl ================================================================== --- tests/remote.tcl +++ tests/remote.tcl @@ -7,11 +7,11 @@ # Copyright (c) 1995-1996 Sun Microsystems, Inc. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: remote.tcl,v 1.1 2000/06/03 00:20:02 awb Exp $ +# RCS: @(#) $Id: remote.tcl,v 1.2 2000/06/03 02:30:03 awb Exp $ # load tls package package require tls # Initialize message delimitor @@ -20,11 +20,11 @@ catch {unset command} set command(0) "" set callerSocket "" # Detect whether we should print out connection messages etc. -set VERBOSE 1 +# set VERBOSE 1 if {![info exists VERBOSE]} { set VERBOSE 0 } proc __doCommands__ {l s} { @@ -32,13 +32,26 @@ if {$VERBOSE} { puts "--- Server executing the following for socket $s:" puts $l puts "---" + } + if {0} { + set fd [open remoteServer.log a] + catch {puts $fd "skey: $serverKey"} + puts $fd "--- Server executing the following for socket $s:" + puts $fd $l + puts $fd "---" + close $fd } set callerSocket $s if {[catch {uplevel #0 $l} msg]} { + if {0} { + set fd [open remoteServer.log a] + puts $fd "error: $msg" + close $fd + } list error $msg } else { list success $msg } } Index: tests/tlsIo.test ================================================================== --- tests/tlsIo.test +++ tests/tlsIo.test @@ -8,11 +8,11 @@ # Copyright (c) 1998-2000 Ajuba Solutions. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: tlsIo.test,v 1.7 2000/06/03 00:20:02 awb Exp $ +# RCS: @(#) $Id: tlsIo.test,v 1.8 2000/06/03 02:30:03 awb Exp $ # Running socket tests with a remote server: # ------------------------------------------ # # Some tests in socket.test depend on the existence of a remote server to @@ -158,11 +158,10 @@ } } else { fconfigure $commandSocket -translation crlf -buffering line } } -puts stdout "commandSocket: $commandSocket" # Some tests are run only if we are doing testing against a remote server. set ::tcltest::testConstraints(doTestsWithRemoteServer) $doTestsWithRemoteServer if {$doTestsWithRemoteServer == 0} { if {[string first s $::tcltest::verbose] != -1} { @@ -953,27 +952,31 @@ set l "" lappend l [lindex $x 2] [llength $x] } {2823 3} test socket-7.5 {testing socket specific options} {socket unixOrPc pcCrash} { - set s [tls::socket -server accept 2829] + set s [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2829] proc accept {s a p} { global x set x [fconfigure $s -sockname] close $s } - set s1 [tls::socket 127.0.0.1 2829] + set s1 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + 127.0.0.1 2829] set timer [after 10000 "set x timed_out"] vwait x after cancel $timer close $s close $s1 set l "" lappend l [lindex $x 0] [lindex $x 2] [llength $x] } {127.0.0.1 2829 3} -test socket-8.1 {testing -async flag on sockets} {socket pcCrash} { +test socket-8.1 {testing -async flag on sockets} {empty socket pcCrash} { # NOTE: This test may fail on some Solaris 2.4 systems. If it does, # check that you have these patches installed (using showrev -p): # # 101907-05, 101925-02, 101945-14, 101959-03, 101969-05, 101973-03, # 101977-03, 101981-02, 101985-01, 102001-03, 102003-01, 102007-01, @@ -984,26 +987,30 @@ # # If after installing these patches you are still experiencing a # problem, please email jyl@eng.sun.com. We have not observed this # failure on Solaris 2.5, so another option (instead of installing # these patches) is to upgrade to Solaris 2.5. - set s [tls::socket -server accept 2830] + set s [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2830] proc accept {s a p} { global x puts $s bye close $s set x done } - set s1 [tls::socket -async [info hostname] 2830] + set s1 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + -async [info hostname] 2830] vwait x set z [gets $s1] close $s close $s1 set z } bye -test socket-9.1 {testing spurious events} {socket pcCrash} { +test socket-9.1 {testing spurious events} {empty socket pcCrash} { set len 0 set spurious 0 set done 0 proc readlittle {s} { global spurious done len @@ -1032,11 +1039,11 @@ after cancel $timer close $s list $spurious $len } {0 50} -test socket-9.2 {testing async write, fileevents, flush on close} {socket pcCrash} { +test socket-9.2 {testing async write, fileevents, flush on close} {empty socket pcCrash} { set firstblock "" for {set i 0} {$i < 5} {incr i} {set firstblock "a$firstblock$firstblock"} set secondblock "" for {set i 0} {$i < 16} {incr i} { set secondblock "b$secondblock$secondblock" @@ -1081,11 +1088,11 @@ after cancel $timer close $l set count } 65566 -test socket-9.3 {testing EOF stickyness} {socket pcCrash} { +test socket-9.3 {testing EOF stickyness} {empty socket pcCrash} { proc count_to_eof {s} { global count done timer set l [gets $s] if {[eof $s]} { incr count @@ -1126,25 +1133,34 @@ removeFile script test socket-10.1 {testing socket accept callback error handling} {socket pcCrash} { set goterror 0 proc bgerror args {global goterror; set goterror 1} - set s [tls::socket -server accept 2898] + set s [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2898] proc accept {s a p} {close $s; error} - set c [tls::socket 127.0.0.1 2898] + set c [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + 127.0.0.1 2898] vwait goterror close $s close $c set goterror } 1 test socket-11.1 {tcp connection} {socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { set socket9_1_test_server [tls::socket -server accept \ - -certfile [file join [pwd] certs server.pem] \ - -cafile [file join [pwd] certs caFile.pem] \ - -keyfile [file join [pwd] certs skey.pem] \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ 2834] proc accept {s a p} { puts $s done tls::handshake $s close $s @@ -1158,20 +1174,25 @@ sendCommand {close $socket9_1_test_server} set r } done test socket-11.2 {client specifies its port} {socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" if {[info exists port]} { incr port } else { set port [expr 2048 + [pid]%1024] } sendCommand { set socket9_2_test_server [tls::socket -server accept \ - -certfile [file join [pwd] certs server.pem] \ - -cafile [file join [pwd] certs caFile.pem] \ - -keyfile [file join [pwd] certs skey.pem] \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ 2835] proc accept {s a p} { puts $s $p close $s } @@ -1189,21 +1210,36 @@ } set result } ok test socket-11.3 {trying to connect, no server} {socket doTestsWithRemoteServer} { set status ok - if {![catch {set s [tls::socket $remoteServerIp 2836]}]} { + if {![catch {set s [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIp 2836]}]} { if {![catch {gets $s}]} { set status broken } close $s } set status } ok + test socket-11.4 {remote echo, one line} {socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { - set socket10_6_test_server [tls::socket -server accept 2836] + global serverCert + global caCert + global serverKey + set socket10_6_test_server [tls::socket \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + -server accept 2836] proc accept {s a p} { fileevent $s readable [list echo $s] fconfigure $s -buffering line -translation crlf } proc echo {s} { @@ -1213,21 +1249,33 @@ } else { puts $s $l } } } - set f [tls::socket $remoteServerIP 2836] + set f [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fconfigure $f -translation crlf -buffering line puts $f hello set r [gets $f] close $f sendCommand {close $socket10_6_test_server} set r } hello + test socket-11.5 {remote echo, 50 lines} {socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { - set socket10_7_test_server [tls::socket -server accept 2836] + set socket10_7_test_server [tls::socket -server accept \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + 2836] proc accept {s a p} { fileevent $s readable [list echo $s] fconfigure $s -buffering line -translation crlf } proc echo {s} { @@ -1237,11 +1285,13 @@ } else { puts $s $l } } } - set f [tls::socket $remoteServerIP 2836] + set f [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fconfigure $f -translation crlf -buffering line for {set cnt 0} {$cnt < 50} {incr cnt} { puts $f "hello, $cnt" if {[string compare [gets $f] "hello, $cnt"] != 0} { break @@ -1249,30 +1299,41 @@ } close $f sendCommand {close $socket10_7_test_server} set cnt } 50 + # Macintosh sockets can have more than one server per port if {$tcl_platform(platform) == "macintosh"} { set conflictResult {0 2836} } else { set conflictResult {1 {couldn't open socket: address already in use}} } + test socket-11.6 {socket conflict} {socket doTestsWithRemoteServer} { - set s1 [tls::socket -server accept 2836] - if {[catch {set s2 [tls::socket -server accept 2836]} msg]} { + set s1 [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2836] + if {[catch {set s2 [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2836]} msg]} { set result [list 1 $msg] } else { set result [list 0 [lindex [fconfigure $s2 -sockname] 2]] close $s2 } close $s1 set result } $conflictResult + test socket-11.7 {server with several clients} {socket doTestsWithRemoteServer} { sendCommand { - set socket10_9_test_server [tls::socket -server accept 2836] + set socket10_9_test_server [tls::socket \ + -certfile [file join [pwd] certs server.pem] \ + -cafile [file join [pwd] certs caFile.pem] \ + -keyfile [file join [pwd] certs skey.pem] \ + -server accept 2836] proc accept {s a p} { fconfigure $s -buffering line fileevent $s readable [list echo $s] } proc echo {s} { @@ -1282,15 +1343,21 @@ } else { puts $s $l } } } - set s1 [tls::socket $remoteServerIP 2836] + set s1 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fconfigure $s1 -buffering line - set s2 [tls::socket $remoteServerIP 2836] + set s2 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fconfigure $s2 -buffering line - set s3 [tls::socket $remoteServerIP 2836] + set s3 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fconfigure $s3 -buffering line for {set i 0} {$i < 100} {incr i} { puts $s1 hello,s1 gets $s1 puts $s2 hello,s2 @@ -1302,23 +1369,43 @@ close $s2 close $s3 sendCommand {close $socket10_9_test_server} set i } 100 -test socket-11.8 {client with several servers} {socket doTestsWithRemoteServer} { + +test socket-11.8 {client with several servers} {knownBug socket doTestsWithRemoteServer} { + # this one seems to hang -- awb 6/2/2000 sendCommand { - set s1 [tls::socket -server "accept 4003" 4003] - set s2 [tls::socket -server "accept 4004" 4004] - set s3 [tls::socket -server "accept 4005" 4005] + set s1 [tls::socket \ + -certfile [file join [pwd] certs server.pem] \ + -cafile [file join [pwd] certs caFile.pem] \ + -keyfile [file join [pwd] certs skey.pem] \ + -server "accept 4003" 4003] + set s2 [tls::socket \ + -certfile [file join [pwd] certs server.pem] \ + -cafile [file join [pwd] certs caFile.pem] \ + -keyfile [file join [pwd] certs skey.pem] \ + -server "accept 4004" 4004] + set s3 [tls::socket \ + -certfile [file join [pwd] certs server.pem] \ + -cafile [file join [pwd] certs caFile.pem] \ + -keyfile [file join [pwd] certs skey.pem] \ + -server "accept 4005" 4005] proc accept {mp s a p} { puts $s $mp close $s } } - set s1 [tls::socket $remoteServerIP 4003] - set s2 [tls::socket $remoteServerIP 4004] - set s3 [tls::socket $remoteServerIP 4005] + set s1 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 4003] + set s2 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 4004] + set s3 [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 4005] set l "" lappend l [gets $s1] [gets $s1] [eof $s1] [gets $s2] [gets $s2] [eof $s2] \ [gets $s3] [gets $s3] [eof $s3] close $s1 close $s2 @@ -1328,20 +1415,32 @@ close $s2 close $s3 } set l } {4003 {} 1 4004 {} 1 4005 {} 1} -test socket-11.9 {accept callback error} {socket doTestsWithRemoteServer} { - set s [tls::socket -server accept 2836] + +test socket-11.9 {accept callback error} {socket pcCrash doTestsWithRemoteServer} { + set s [tls::socket \ + -certfile $serverCert -cafile $caCert -keyfile $serverKey \ + -server accept 2836] proc accept {s a p} {expr 10 / 0} proc bgerror args { global x set x $args } + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" if {[catch {sendCommand { set peername [fconfigure $callerSocket -peername] - set s [tls::socket [lindex $peername 0] 2836] + set s [tls::socket \ + -certfile $clientCert \ + -cafile $caCert \ + -keyfile $clientKey \ + [lindex $peername 0] 2836] close $s }} msg]} { close $s error $msg } @@ -1350,27 +1449,49 @@ after cancel $timer close $s rename bgerror {} set x } {{divide by zero}} + test socket-11.10 {testing socket specific options} {socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { - set socket10_12_test_server [tls::socket -server accept 2836] + set socket10_12_test_server [tls::socket \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + -server accept 2836] proc accept {s a p} {close $s} } - set s [tls::socket $remoteServerIP 2836] + set s [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] set p [fconfigure $s -peername] set n [fconfigure $s -sockname] set l "" lappend l [lindex $p 2] [llength $p] [llength $p] close $s sendCommand {close $socket10_12_test_server} set l } {2836 3 3} -test socket-11.11 {testing spurious events} {socket doTestsWithRemoteServer} { + +test socket-11.11 {testing spurious events} {empty socket doTestsWithRemoteServer} { + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { - set socket10_13_test_server [tls::socket -server accept 2836] + set socket10_13_test_server [tls::socket \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + -server accept 2836] proc accept {s a p} { fconfigure $s -translation "auto lf" after 100 writesome $s } proc writesome {s} { @@ -1395,18 +1516,21 @@ } } else { incr len [string length $l] } } - set c [tls::socket $remoteServerIP 2836] + set c [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fileevent $c readable "readlittle $c" set timer [after 10000 "set done timed_out"] vwait done after cancel $timer sendCommand {close $socket10_13_test_server} list $spurious $len } {0 2690} + test socket-11.12 {testing EOF stickyness} {socket doTestsWithRemoteServer} { set counter 0 set done 0 proc count_up {s} { global counter done after_id @@ -1423,23 +1547,35 @@ proc timed_out {} { global c done set done {timed_out, EOF is not sticky} close $c } + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { - set socket10_14_test_server [tls::socket -server accept 2836] + set socket10_14_test_server [tls::socket \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + -server accept 2836] proc accept {s a p} { after 100 close $s } } - set c [tls::socket $remoteServerIP 2836] + set c [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2836] fileevent $c readable "count_up $c" set after_id [after 1000 timed_out] vwait done sendCommand {close $socket10_14_test_server} set done } {EOF is sticky} + test socket-11.13 {testing async write, async flush, async close} \ {socket doTestsWithRemoteServer} { proc readit {s} { global count done set l [read $s] @@ -1447,20 +1583,29 @@ if {[eof $s]} { close $s set done 1 } } + sendCommand "set caCert $caCert" + sendCommand "set serverCert $serverCert" + sendCommand "set clientCert $clientCert" + sendCommand "set serverKey $serverKey" + sendCommand "set clientKey $clientKey" sendCommand { set firstblock "" for {set i 0} {$i < 5} {incr i} { set firstblock "a$firstblock$firstblock" } set secondblock "" for {set i 0} {$i < 16} {incr i} { set secondblock "b$secondblock$secondblock" } - set l [tls::socket -server accept 2845] + set l [tls::socket \ + -certfile $serverCert \ + -cafile $caCert \ + -keyfile $serverKey \ + -server accept 2845] proc accept {s a p} { fconfigure $s -blocking 0 -translation lf -buffersize 16384 \ -buffering line fileevent $s readable "readable $s" } @@ -1478,11 +1623,13 @@ global secondblock puts -nonewline $s $secondblock close $s } } - set s [tls::socket $remoteServerIP 2845] + set s [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + $remoteServerIP 2845] fconfigure $s -blocking 0 -trans lf -buffering line set count 0 puts $s hello fileevent $s readable "readit $s" set timer [after 10000 "set done timed_out"] @@ -1513,11 +1660,14 @@ set f [open script2 w] puts $f [list set tcltest $::tcltest::tcltest] puts $f { package require tcltest - set f [tls::socket -server accept 2828] + package require tls + } + puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 2828 \]" + puts $f { proc accept { file addr port } { close $file } exec $::tcltest::tcltest script1 & close $f @@ -1543,10 +1693,11 @@ removeFile script1 removeFile script2 set x } {server socket was not inherited} + test socket-12.2 {testing inheritance of client sockets} \ {socket doTestsWithRemoteServer} { removeFile script1 removeFile script2 @@ -1565,11 +1716,14 @@ # client socket, the socket will still be open. set f [open script2 w] puts $f [list set tcltest $::tcltest::tcltest] puts $f { - set f [tls::socket 127.0.0.1 2829] + package require tls + } + puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 127.0.0.1 2829 \]" + puts $f { exec $::tcltest::tcltest script1 & puts $f testing flush $f after 1000 exit vwait forever @@ -1629,10 +1783,11 @@ } removeFile script1 removeFile script2 set x } {client socket was not inherited} + test socket-12.3 {testing inheritance of accepted sockets} \ {socket doTestsWithRemoteServer} { removeFile script1 removeFile script2 @@ -1644,11 +1799,14 @@ close $f set f [open script2 w] puts $f [list set tcltest $::tcltest::tcltest] puts $f { - set server [tls::socket -server accept 2930] + package require tls + } + puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 2930 \]" + puts $f { proc accept { file host port } { global tcltest puts $file {test data on socket} exec $::tcltest::tcltest script1 & after 1000 exit @@ -1663,11 +1821,13 @@ exec $::tcltest::tcltest script2 & after 1000 set ok_to_proceed 1 vwait ok_to_proceed - set f [tls::socket 127.0.0.1 2930] + set f [tls::socket \ + -certfile $clientCert -cafile $caCert -keyfile $clientKey \ + 127.0.0.1 2930] fconfigure $f -buffering full -blocking 0 fileevent $f readable [list getdata $f] # If the socket is still open after 5 seconds, the script1 process # must have inherited the accepted socket.