1*6236dae4SAndroid Build Coastguard Worker#!/usr/bin/env perl 2*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 3*6236dae4SAndroid Build Coastguard Worker# _ _ ____ _ 4*6236dae4SAndroid Build Coastguard Worker# Project ___| | | | _ \| | 5*6236dae4SAndroid Build Coastguard Worker# / __| | | | |_) | | 6*6236dae4SAndroid Build Coastguard Worker# | (__| |_| | _ <| |___ 7*6236dae4SAndroid Build Coastguard Worker# \___|\___/|_| \_\_____| 8*6236dae4SAndroid Build Coastguard Worker# 9*6236dae4SAndroid Build Coastguard Worker# Copyright (C) Daniel Stenberg, <[email protected]>, et al. 10*6236dae4SAndroid Build Coastguard Worker# 11*6236dae4SAndroid Build Coastguard Worker# This software is licensed as described in the file COPYING, which 12*6236dae4SAndroid Build Coastguard Worker# you should have received as part of this distribution. The terms 13*6236dae4SAndroid Build Coastguard Worker# are also available at https://curl.se/docs/copyright.html. 14*6236dae4SAndroid Build Coastguard Worker# 15*6236dae4SAndroid Build Coastguard Worker# You may opt to use, copy, modify, merge, publish, distribute and/or sell 16*6236dae4SAndroid Build Coastguard Worker# copies of the Software, and permit persons to whom the Software is 17*6236dae4SAndroid Build Coastguard Worker# furnished to do so, under the terms of the COPYING file. 18*6236dae4SAndroid Build Coastguard Worker# 19*6236dae4SAndroid Build Coastguard Worker# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20*6236dae4SAndroid Build Coastguard Worker# KIND, either express or implied. 21*6236dae4SAndroid Build Coastguard Worker# 22*6236dae4SAndroid Build Coastguard Worker# SPDX-License-Identifier: curl 23*6236dae4SAndroid Build Coastguard Worker# 24*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 25*6236dae4SAndroid Build Coastguard Worker 26*6236dae4SAndroid Build Coastguard Worker# This is the HTTPS, FTPS, POP3S, IMAPS, SMTPS, server used for curl test 27*6236dae4SAndroid Build Coastguard Worker# harness. Actually just a layer that runs stunnel properly using the 28*6236dae4SAndroid Build Coastguard Worker# non-secure test harness servers. 29*6236dae4SAndroid Build Coastguard Worker 30*6236dae4SAndroid Build Coastguard Workeruse strict; 31*6236dae4SAndroid Build Coastguard Workeruse warnings; 32*6236dae4SAndroid Build Coastguard Worker 33*6236dae4SAndroid Build Coastguard WorkerBEGIN { 34*6236dae4SAndroid Build Coastguard Worker push(@INC, $ENV{'srcdir'}) if(defined $ENV{'srcdir'}); 35*6236dae4SAndroid Build Coastguard Worker push(@INC, "."); 36*6236dae4SAndroid Build Coastguard Worker} 37*6236dae4SAndroid Build Coastguard Worker 38*6236dae4SAndroid Build Coastguard Workeruse Cwd; 39*6236dae4SAndroid Build Coastguard Workeruse Cwd 'abs_path'; 40*6236dae4SAndroid Build Coastguard Workeruse File::Basename; 41*6236dae4SAndroid Build Coastguard Worker 42*6236dae4SAndroid Build Coastguard Workeruse serverhelp qw( 43*6236dae4SAndroid Build Coastguard Worker server_pidfilename 44*6236dae4SAndroid Build Coastguard Worker server_logfilename 45*6236dae4SAndroid Build Coastguard Worker ); 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Workeruse pathhelp; 48*6236dae4SAndroid Build Coastguard Worker 49*6236dae4SAndroid Build Coastguard Workermy $stunnel = "stunnel"; 50*6236dae4SAndroid Build Coastguard Worker 51*6236dae4SAndroid Build Coastguard Workermy $verbose=0; # set to 1 for debugging 52*6236dae4SAndroid Build Coastguard Worker 53*6236dae4SAndroid Build Coastguard Workermy $accept_port = 8991; # just our default, weird enough 54*6236dae4SAndroid Build Coastguard Workermy $target_port = 8999; # default test http-server port 55*6236dae4SAndroid Build Coastguard Worker 56*6236dae4SAndroid Build Coastguard Workermy $stuncert; 57*6236dae4SAndroid Build Coastguard Worker 58*6236dae4SAndroid Build Coastguard Workermy $ver_major; 59*6236dae4SAndroid Build Coastguard Workermy $ver_minor; 60*6236dae4SAndroid Build Coastguard Workermy $fips_support; 61*6236dae4SAndroid Build Coastguard Workermy $stunnel_version; 62*6236dae4SAndroid Build Coastguard Workermy $tstunnel_windows; 63*6236dae4SAndroid Build Coastguard Workermy $socketopt; 64*6236dae4SAndroid Build Coastguard Workermy $cmd; 65*6236dae4SAndroid Build Coastguard Worker 66*6236dae4SAndroid Build Coastguard Workermy $pidfile; # stunnel pid file 67*6236dae4SAndroid Build Coastguard Workermy $logfile; # stunnel log file 68*6236dae4SAndroid Build Coastguard Workermy $loglevel = 5; # stunnel log level 69*6236dae4SAndroid Build Coastguard Workermy $ipvnum = 4; # default IP version of stunneled server 70*6236dae4SAndroid Build Coastguard Workermy $idnum = 1; # default stunneled server instance number 71*6236dae4SAndroid Build Coastguard Workermy $proto = 'https'; # default secure server protocol 72*6236dae4SAndroid Build Coastguard Workermy $conffile; # stunnel configuration file 73*6236dae4SAndroid Build Coastguard Workermy $capath; # certificate chain PEM folder 74*6236dae4SAndroid Build Coastguard Workermy $certfile; # certificate chain PEM file 75*6236dae4SAndroid Build Coastguard Worker 76*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 77*6236dae4SAndroid Build Coastguard Worker# stunnel requires full path specification for several files. 78*6236dae4SAndroid Build Coastguard Worker# 79*6236dae4SAndroid Build Coastguard Workermy $path = getcwd(); 80*6236dae4SAndroid Build Coastguard Workermy $srcdir = $path; 81*6236dae4SAndroid Build Coastguard Workermy $logdir = $path .'/log'; 82*6236dae4SAndroid Build Coastguard Workermy $piddir; 83*6236dae4SAndroid Build Coastguard Worker 84*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 85*6236dae4SAndroid Build Coastguard Worker# Signal handler to remove our stunnel 4.00 and newer configuration file. 86*6236dae4SAndroid Build Coastguard Worker# 87*6236dae4SAndroid Build Coastguard Workersub exit_signal_handler { 88*6236dae4SAndroid Build Coastguard Worker my $signame = shift; 89*6236dae4SAndroid Build Coastguard Worker local $!; # preserve errno 90*6236dae4SAndroid Build Coastguard Worker local $?; # preserve exit status 91*6236dae4SAndroid Build Coastguard Worker unlink($conffile) if($conffile && (-f $conffile)); 92*6236dae4SAndroid Build Coastguard Worker exit; 93*6236dae4SAndroid Build Coastguard Worker} 94*6236dae4SAndroid Build Coastguard Worker 95*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 96*6236dae4SAndroid Build Coastguard Worker# Process command line options 97*6236dae4SAndroid Build Coastguard Worker# 98*6236dae4SAndroid Build Coastguard Workerwhile(@ARGV) { 99*6236dae4SAndroid Build Coastguard Worker if($ARGV[0] eq '--verbose') { 100*6236dae4SAndroid Build Coastguard Worker $verbose = 1; 101*6236dae4SAndroid Build Coastguard Worker } 102*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--proto') { 103*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 104*6236dae4SAndroid Build Coastguard Worker $proto = $ARGV[1]; 105*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 106*6236dae4SAndroid Build Coastguard Worker } 107*6236dae4SAndroid Build Coastguard Worker } 108*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--accept') { 109*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 110*6236dae4SAndroid Build Coastguard Worker if($ARGV[1] =~ /^(\d+)$/) { 111*6236dae4SAndroid Build Coastguard Worker $accept_port = $1; 112*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 113*6236dae4SAndroid Build Coastguard Worker } 114*6236dae4SAndroid Build Coastguard Worker } 115*6236dae4SAndroid Build Coastguard Worker } 116*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--connect') { 117*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 118*6236dae4SAndroid Build Coastguard Worker if($ARGV[1] =~ /^(\d+)$/) { 119*6236dae4SAndroid Build Coastguard Worker $target_port = $1; 120*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 121*6236dae4SAndroid Build Coastguard Worker } 122*6236dae4SAndroid Build Coastguard Worker } 123*6236dae4SAndroid Build Coastguard Worker } 124*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--stunnel') { 125*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 126*6236dae4SAndroid Build Coastguard Worker $stunnel = $ARGV[1]; 127*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 128*6236dae4SAndroid Build Coastguard Worker } 129*6236dae4SAndroid Build Coastguard Worker } 130*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--srcdir') { 131*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 132*6236dae4SAndroid Build Coastguard Worker $srcdir = $ARGV[1]; 133*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 134*6236dae4SAndroid Build Coastguard Worker } 135*6236dae4SAndroid Build Coastguard Worker } 136*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--certfile') { 137*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 138*6236dae4SAndroid Build Coastguard Worker $stuncert = $ARGV[1]; 139*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 140*6236dae4SAndroid Build Coastguard Worker } 141*6236dae4SAndroid Build Coastguard Worker } 142*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--id') { 143*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 144*6236dae4SAndroid Build Coastguard Worker if($ARGV[1] =~ /^(\d+)$/) { 145*6236dae4SAndroid Build Coastguard Worker $idnum = $1 if($1 > 0); 146*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 147*6236dae4SAndroid Build Coastguard Worker } 148*6236dae4SAndroid Build Coastguard Worker } 149*6236dae4SAndroid Build Coastguard Worker } 150*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--ipv4') { 151*6236dae4SAndroid Build Coastguard Worker $ipvnum = 4; 152*6236dae4SAndroid Build Coastguard Worker } 153*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--ipv6') { 154*6236dae4SAndroid Build Coastguard Worker $ipvnum = 6; 155*6236dae4SAndroid Build Coastguard Worker } 156*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--pidfile') { 157*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 158*6236dae4SAndroid Build Coastguard Worker $pidfile = "$path/". $ARGV[1]; 159*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 160*6236dae4SAndroid Build Coastguard Worker } 161*6236dae4SAndroid Build Coastguard Worker } 162*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--logfile') { 163*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 164*6236dae4SAndroid Build Coastguard Worker $logfile = "$path/". $ARGV[1]; 165*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 166*6236dae4SAndroid Build Coastguard Worker } 167*6236dae4SAndroid Build Coastguard Worker } 168*6236dae4SAndroid Build Coastguard Worker elsif($ARGV[0] eq '--logdir') { 169*6236dae4SAndroid Build Coastguard Worker if($ARGV[1]) { 170*6236dae4SAndroid Build Coastguard Worker $logdir = "$path/". $ARGV[1]; 171*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 172*6236dae4SAndroid Build Coastguard Worker } 173*6236dae4SAndroid Build Coastguard Worker } 174*6236dae4SAndroid Build Coastguard Worker else { 175*6236dae4SAndroid Build Coastguard Worker print STDERR "\nWarning: secureserver.pl unknown parameter: $ARGV[0]\n"; 176*6236dae4SAndroid Build Coastguard Worker } 177*6236dae4SAndroid Build Coastguard Worker shift @ARGV; 178*6236dae4SAndroid Build Coastguard Worker} 179*6236dae4SAndroid Build Coastguard Worker 180*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 181*6236dae4SAndroid Build Coastguard Worker# Initialize command line option dependent variables 182*6236dae4SAndroid Build Coastguard Worker# 183*6236dae4SAndroid Build Coastguard Workerif($pidfile) { 184*6236dae4SAndroid Build Coastguard Worker # Use our pidfile directory to store the conf files 185*6236dae4SAndroid Build Coastguard Worker $piddir = dirname($pidfile); 186*6236dae4SAndroid Build Coastguard Worker} 187*6236dae4SAndroid Build Coastguard Workerelse { 188*6236dae4SAndroid Build Coastguard Worker # Use the current directory to store the conf files 189*6236dae4SAndroid Build Coastguard Worker $piddir = $path; 190*6236dae4SAndroid Build Coastguard Worker $pidfile = server_pidfilename($piddir, $proto, $ipvnum, $idnum); 191*6236dae4SAndroid Build Coastguard Worker} 192*6236dae4SAndroid Build Coastguard Workerif(!$logfile) { 193*6236dae4SAndroid Build Coastguard Worker $logfile = server_logfilename($logdir, $proto, $ipvnum, $idnum); 194*6236dae4SAndroid Build Coastguard Worker} 195*6236dae4SAndroid Build Coastguard Worker 196*6236dae4SAndroid Build Coastguard Worker$conffile = "$piddir/${proto}_stunnel.conf"; 197*6236dae4SAndroid Build Coastguard Worker 198*6236dae4SAndroid Build Coastguard Worker$capath = abs_path($path); 199*6236dae4SAndroid Build Coastguard Worker$certfile = "$srcdir/". ($stuncert?"certs/$stuncert":"stunnel.pem"); 200*6236dae4SAndroid Build Coastguard Worker$certfile = abs_path($certfile); 201*6236dae4SAndroid Build Coastguard Worker 202*6236dae4SAndroid Build Coastguard Workermy $ssltext = uc($proto) ." SSL/TLS:"; 203*6236dae4SAndroid Build Coastguard Worker 204*6236dae4SAndroid Build Coastguard Workermy $host_ip = ($ipvnum == 6)? '::1' : '127.0.0.1'; 205*6236dae4SAndroid Build Coastguard Worker 206*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 207*6236dae4SAndroid Build Coastguard Worker# Find out version info for the given stunnel binary 208*6236dae4SAndroid Build Coastguard Worker# 209*6236dae4SAndroid Build Coastguard Workerforeach my $veropt (('-version', '-V')) { 210*6236dae4SAndroid Build Coastguard Worker foreach my $verstr (qx("$stunnel" $veropt 2>&1)) { 211*6236dae4SAndroid Build Coastguard Worker if($verstr =~ /^stunnel (\d+)\.(\d+) on /) { 212*6236dae4SAndroid Build Coastguard Worker $ver_major = $1; 213*6236dae4SAndroid Build Coastguard Worker $ver_minor = $2; 214*6236dae4SAndroid Build Coastguard Worker } 215*6236dae4SAndroid Build Coastguard Worker elsif($verstr =~ /^sslVersion.*fips *= *yes/) { 216*6236dae4SAndroid Build Coastguard Worker # the fips option causes an error if stunnel doesn't support it 217*6236dae4SAndroid Build Coastguard Worker $fips_support = 1; 218*6236dae4SAndroid Build Coastguard Worker last 219*6236dae4SAndroid Build Coastguard Worker } 220*6236dae4SAndroid Build Coastguard Worker } 221*6236dae4SAndroid Build Coastguard Worker last if($ver_major); 222*6236dae4SAndroid Build Coastguard Worker} 223*6236dae4SAndroid Build Coastguard Workerif((!$ver_major) || !defined($ver_minor)) { 224*6236dae4SAndroid Build Coastguard Worker if(-x "$stunnel" && ! -d "$stunnel") { 225*6236dae4SAndroid Build Coastguard Worker print "$ssltext Unknown stunnel version\n"; 226*6236dae4SAndroid Build Coastguard Worker } 227*6236dae4SAndroid Build Coastguard Worker else { 228*6236dae4SAndroid Build Coastguard Worker print "$ssltext No stunnel\n"; 229*6236dae4SAndroid Build Coastguard Worker } 230*6236dae4SAndroid Build Coastguard Worker exit 1; 231*6236dae4SAndroid Build Coastguard Worker} 232*6236dae4SAndroid Build Coastguard Worker$stunnel_version = (100*$ver_major) + $ver_minor; 233*6236dae4SAndroid Build Coastguard Worker 234*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 235*6236dae4SAndroid Build Coastguard Worker# Verify minimum stunnel required version 236*6236dae4SAndroid Build Coastguard Worker# 237*6236dae4SAndroid Build Coastguard Workerif($stunnel_version < 310) { 238*6236dae4SAndroid Build Coastguard Worker print "$ssltext Unsupported stunnel version $ver_major.$ver_minor\n"; 239*6236dae4SAndroid Build Coastguard Worker exit 1; 240*6236dae4SAndroid Build Coastguard Worker} 241*6236dae4SAndroid Build Coastguard Worker 242*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 243*6236dae4SAndroid Build Coastguard Worker# Find out if we are running on Windows using the tstunnel binary 244*6236dae4SAndroid Build Coastguard Worker# 245*6236dae4SAndroid Build Coastguard Workerif($stunnel =~ /tstunnel(\.exe)?$/) { 246*6236dae4SAndroid Build Coastguard Worker $tstunnel_windows = 1; 247*6236dae4SAndroid Build Coastguard Worker 248*6236dae4SAndroid Build Coastguard Worker # convert Cygwin/MinGW paths to Windows format 249*6236dae4SAndroid Build Coastguard Worker $capath = pathhelp::sys_native_abs_path($capath); 250*6236dae4SAndroid Build Coastguard Worker $certfile = pathhelp::sys_native_abs_path($certfile); 251*6236dae4SAndroid Build Coastguard Worker} 252*6236dae4SAndroid Build Coastguard Worker 253*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 254*6236dae4SAndroid Build Coastguard Worker# Build command to execute for stunnel 3.X versions 255*6236dae4SAndroid Build Coastguard Worker# 256*6236dae4SAndroid Build Coastguard Workerif($stunnel_version < 400) { 257*6236dae4SAndroid Build Coastguard Worker if($stunnel_version >= 319) { 258*6236dae4SAndroid Build Coastguard Worker $socketopt = "-O a:SO_REUSEADDR=1"; 259*6236dae4SAndroid Build Coastguard Worker } 260*6236dae4SAndroid Build Coastguard Worker # TODO: we do not use $host_ip in this old version. I simply find 261*6236dae4SAndroid Build Coastguard Worker # no documentation how to. But maybe ipv6 is not available anyway? 262*6236dae4SAndroid Build Coastguard Worker $cmd = "\"$stunnel\" -p $certfile -P $pidfile "; 263*6236dae4SAndroid Build Coastguard Worker $cmd .= "-d $accept_port -r $target_port -f -D $loglevel "; 264*6236dae4SAndroid Build Coastguard Worker $cmd .= ($socketopt) ? "$socketopt " : ""; 265*6236dae4SAndroid Build Coastguard Worker $cmd .= ">$logfile 2>&1"; 266*6236dae4SAndroid Build Coastguard Worker if($verbose) { 267*6236dae4SAndroid Build Coastguard Worker print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; 268*6236dae4SAndroid Build Coastguard Worker print "cmd: $cmd\n"; 269*6236dae4SAndroid Build Coastguard Worker print "pem cert file: $certfile\n"; 270*6236dae4SAndroid Build Coastguard Worker print "pid file: $pidfile\n"; 271*6236dae4SAndroid Build Coastguard Worker print "log file: $logfile\n"; 272*6236dae4SAndroid Build Coastguard Worker print "log level: $loglevel\n"; 273*6236dae4SAndroid Build Coastguard Worker print "listen on port: $accept_port\n"; 274*6236dae4SAndroid Build Coastguard Worker print "connect to port: $target_port\n"; 275*6236dae4SAndroid Build Coastguard Worker } 276*6236dae4SAndroid Build Coastguard Worker} 277*6236dae4SAndroid Build Coastguard Worker 278*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 279*6236dae4SAndroid Build Coastguard Worker# Build command to execute for stunnel 4.00 and newer 280*6236dae4SAndroid Build Coastguard Worker# 281*6236dae4SAndroid Build Coastguard Workerif($stunnel_version >= 400) { 282*6236dae4SAndroid Build Coastguard Worker $socketopt = "a:SO_REUSEADDR=1"; 283*6236dae4SAndroid Build Coastguard Worker if(($stunnel_version >= 534) && $tstunnel_windows) { 284*6236dae4SAndroid Build Coastguard Worker # SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, 285*6236dae4SAndroid Build Coastguard Worker # but does not work together with SO_REUSEADDR being on. 286*6236dae4SAndroid Build Coastguard Worker $socketopt .= "\nsocket = a:SO_EXCLUSIVEADDRUSE=0"; 287*6236dae4SAndroid Build Coastguard Worker } 288*6236dae4SAndroid Build Coastguard Worker $cmd = "\"$stunnel\" $conffile "; 289*6236dae4SAndroid Build Coastguard Worker $cmd .= ">$logfile 2>&1"; 290*6236dae4SAndroid Build Coastguard Worker # setup signal handler 291*6236dae4SAndroid Build Coastguard Worker $SIG{INT} = \&exit_signal_handler; 292*6236dae4SAndroid Build Coastguard Worker $SIG{TERM} = \&exit_signal_handler; 293*6236dae4SAndroid Build Coastguard Worker # stunnel configuration file 294*6236dae4SAndroid Build Coastguard Worker if(open(my $stunconf, ">", "$conffile")) { 295*6236dae4SAndroid Build Coastguard Worker print $stunconf "CApath = $capath\n"; 296*6236dae4SAndroid Build Coastguard Worker print $stunconf "cert = $certfile\n"; 297*6236dae4SAndroid Build Coastguard Worker print $stunconf "debug = $loglevel\n"; 298*6236dae4SAndroid Build Coastguard Worker print $stunconf "socket = $socketopt\n"; 299*6236dae4SAndroid Build Coastguard Worker if($fips_support) { 300*6236dae4SAndroid Build Coastguard Worker # disable fips in case OpenSSL doesn't support it 301*6236dae4SAndroid Build Coastguard Worker print $stunconf "fips = no\n"; 302*6236dae4SAndroid Build Coastguard Worker } 303*6236dae4SAndroid Build Coastguard Worker if(!$tstunnel_windows) { 304*6236dae4SAndroid Build Coastguard Worker # do not use Linux-specific options on Windows 305*6236dae4SAndroid Build Coastguard Worker print $stunconf "output = $logfile\n"; 306*6236dae4SAndroid Build Coastguard Worker print $stunconf "pid = $pidfile\n"; 307*6236dae4SAndroid Build Coastguard Worker print $stunconf "foreground = yes\n"; 308*6236dae4SAndroid Build Coastguard Worker } 309*6236dae4SAndroid Build Coastguard Worker print $stunconf "\n"; 310*6236dae4SAndroid Build Coastguard Worker print $stunconf "[curltest]\n"; 311*6236dae4SAndroid Build Coastguard Worker print $stunconf "accept = $host_ip:$accept_port\n"; 312*6236dae4SAndroid Build Coastguard Worker print $stunconf "connect = $host_ip:$target_port\n"; 313*6236dae4SAndroid Build Coastguard Worker if(!close($stunconf)) { 314*6236dae4SAndroid Build Coastguard Worker print "$ssltext Error closing file $conffile\n"; 315*6236dae4SAndroid Build Coastguard Worker exit 1; 316*6236dae4SAndroid Build Coastguard Worker } 317*6236dae4SAndroid Build Coastguard Worker } 318*6236dae4SAndroid Build Coastguard Worker else { 319*6236dae4SAndroid Build Coastguard Worker print "$ssltext Error writing file $conffile\n"; 320*6236dae4SAndroid Build Coastguard Worker exit 1; 321*6236dae4SAndroid Build Coastguard Worker } 322*6236dae4SAndroid Build Coastguard Worker if($verbose) { 323*6236dae4SAndroid Build Coastguard Worker print uc($proto) ." server (stunnel $ver_major.$ver_minor)\n"; 324*6236dae4SAndroid Build Coastguard Worker print "cmd: $cmd\n"; 325*6236dae4SAndroid Build Coastguard Worker print "CApath = $capath\n"; 326*6236dae4SAndroid Build Coastguard Worker print "cert = $certfile\n"; 327*6236dae4SAndroid Build Coastguard Worker print "debug = $loglevel\n"; 328*6236dae4SAndroid Build Coastguard Worker print "socket = $socketopt\n"; 329*6236dae4SAndroid Build Coastguard Worker if($fips_support) { 330*6236dae4SAndroid Build Coastguard Worker print "fips = no\n"; 331*6236dae4SAndroid Build Coastguard Worker } 332*6236dae4SAndroid Build Coastguard Worker if(!$tstunnel_windows) { 333*6236dae4SAndroid Build Coastguard Worker print "pid = $pidfile\n"; 334*6236dae4SAndroid Build Coastguard Worker print "output = $logfile\n"; 335*6236dae4SAndroid Build Coastguard Worker print "foreground = yes\n"; 336*6236dae4SAndroid Build Coastguard Worker } 337*6236dae4SAndroid Build Coastguard Worker print "\n"; 338*6236dae4SAndroid Build Coastguard Worker print "[curltest]\n"; 339*6236dae4SAndroid Build Coastguard Worker print "accept = $host_ip:$accept_port\n"; 340*6236dae4SAndroid Build Coastguard Worker print "connect = $host_ip:$target_port\n"; 341*6236dae4SAndroid Build Coastguard Worker } 342*6236dae4SAndroid Build Coastguard Worker} 343*6236dae4SAndroid Build Coastguard Worker 344*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 345*6236dae4SAndroid Build Coastguard Worker# Set file permissions on certificate pem file. 346*6236dae4SAndroid Build Coastguard Worker# 347*6236dae4SAndroid Build Coastguard Workerchmod(0600, $certfile) if(-f $certfile); 348*6236dae4SAndroid Build Coastguard Workerprint STDERR "RUN: $cmd\n" if($verbose); 349*6236dae4SAndroid Build Coastguard Worker 350*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 351*6236dae4SAndroid Build Coastguard Worker# Run tstunnel on Windows. 352*6236dae4SAndroid Build Coastguard Worker# 353*6236dae4SAndroid Build Coastguard Workerif($tstunnel_windows) { 354*6236dae4SAndroid Build Coastguard Worker # Fake pidfile for tstunnel on Windows. 355*6236dae4SAndroid Build Coastguard Worker if(open(my $out, ">", "$pidfile")) { 356*6236dae4SAndroid Build Coastguard Worker print $out $$ . "\n"; 357*6236dae4SAndroid Build Coastguard Worker close($out); 358*6236dae4SAndroid Build Coastguard Worker } 359*6236dae4SAndroid Build Coastguard Worker 360*6236dae4SAndroid Build Coastguard Worker # Flush output. 361*6236dae4SAndroid Build Coastguard Worker $| = 1; 362*6236dae4SAndroid Build Coastguard Worker 363*6236dae4SAndroid Build Coastguard Worker # Put an "exec" in front of the command so that the child process 364*6236dae4SAndroid Build Coastguard Worker # keeps this child's process ID by being tied to the spawned shell. 365*6236dae4SAndroid Build Coastguard Worker exec("exec $cmd") || die "Can't exec() $cmd: $!"; 366*6236dae4SAndroid Build Coastguard Worker # exec() will create a new process, but ties the existence of the 367*6236dae4SAndroid Build Coastguard Worker # new process to the parent waiting perl.exe and sh.exe processes. 368*6236dae4SAndroid Build Coastguard Worker 369*6236dae4SAndroid Build Coastguard Worker # exec() should never return back here to this process. We protect 370*6236dae4SAndroid Build Coastguard Worker # ourselves by calling die() just in case something goes really bad. 371*6236dae4SAndroid Build Coastguard Worker die "error: exec() has returned"; 372*6236dae4SAndroid Build Coastguard Worker} 373*6236dae4SAndroid Build Coastguard Worker 374*6236dae4SAndroid Build Coastguard Worker#*************************************************************************** 375*6236dae4SAndroid Build Coastguard Worker# Run stunnel. 376*6236dae4SAndroid Build Coastguard Worker# 377*6236dae4SAndroid Build Coastguard Workermy $rc = system($cmd); 378*6236dae4SAndroid Build Coastguard Worker 379*6236dae4SAndroid Build Coastguard Worker$rc >>= 8; 380*6236dae4SAndroid Build Coastguard Worker 381*6236dae4SAndroid Build Coastguard Workerunlink($conffile) if($conffile && -f $conffile); 382*6236dae4SAndroid Build Coastguard Worker 383*6236dae4SAndroid Build Coastguard Workerexit $rc; 384