1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
# frozen_string_literal: false
require "test/unit"
require "net/http"
require "webrick"
require "webrick/https"
require "webrick/utils"
require_relative "utils"
class TestWEBrickHTTPS < Test::Unit::TestCase
empty_log = Object.new
def empty_log.<<(str)
assert_equal('', str)
self
end
NoLog = WEBrick::Log.new(empty_log, WEBrick::BasicLog::WARN)
class HTTPSNITest < ::Net::HTTP
attr_accessor :sni_hostname
def ssl_socket_connect(s, timeout)
s.hostname = sni_hostname
super
end
end
def teardown
WEBrick::Utils::TimeoutHandler.terminate
super
end
def https_get(addr, port, hostname, path, verifyname = nil)
subject = nil
http = HTTPSNITest.new(addr, port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.verify_callback = proc { |x, store| subject = store.chain[0].subject.to_s; x }
http.sni_hostname = hostname
req = Net::HTTP::Get.new(path)
req["Host"] = "#{hostname}:#{port}"
response = http.start { http.request(req).body }
assert_equal("/CN=#{verifyname || hostname}", subject)
response
end
def test_sni
config = {
:ServerName => "localhost",
:SSLEnable => true,
:SSLCertName => "/CN=localhost",
}
TestWEBrick.start_httpserver(config){|server, addr, port, log|
server.mount_proc("/") {|req, res| res.body = "master" }
# catch stderr in create_self_signed_cert
stderr_buffer = StringIO.new
old_stderr, $stderr = $stderr, stderr_buffer
begin
vhost_config1 = {
:ServerName => "vhost1",
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost1",
}
vhost1 = WEBrick::HTTPServer.new(vhost_config1)
vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
server.virtual_host(vhost1)
vhost_config2 = {
:ServerName => "vhost2",
:ServerAlias => ["vhost2alias"],
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost2",
}
vhost2 = WEBrick::HTTPServer.new(vhost_config2)
vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
server.virtual_host(vhost2)
ensure
# restore stderr
$stderr = old_stderr
end
assert_match(/\A([.+*]+\n)+\z/, stderr_buffer.string)
assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
assert_equal("master", https_get(addr, port, "unknown", "/unknown", "localhost"))
assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias", "vhost2"))
}
end
def test_check_ssl_virtual
config = {
:ServerName => "localhost",
:SSLEnable => true,
:SSLCertName => "/CN=localhost",
}
TestWEBrick.start_httpserver(config){|server, addr, port, log|
assert_raise ArgumentError do
vhost = WEBrick::HTTPServer.new({:DoNotListen => true, :Logger => NoLog})
server.virtual_host(vhost)
end
}
end
end
|