From: Neil Horman <nhorman@openssl.org>
Date: Tue, 27 Aug 2024 08:42:57 +0000 (-0400)
Subject: Add test to confirm sslkeylogfile format
X-Git-Tag: openssl-3.5.0-alpha1~996
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d381fc54b1792e0e56e07a549e9952e98a5081a5;p=thirdparty%2Fopenssl.git

Add test to confirm sslkeylogfile format

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)
---

diff --git a/test/recipes/70-test_sslkeylogfile.t b/test/recipes/70-test_sslkeylogfile.t
new file mode 100644
index 00000000000..6261740e907
--- /dev/null
+++ b/test/recipes/70-test_sslkeylogfile.t
@@ -0,0 +1,76 @@
+#! /usr/bin/env perl
+# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use IPC::Open3;
+use OpenSSL::Test qw/:DEFAULT result_dir srctop_file bldtop_file/;
+use OpenSSL::Test::Utils;
+
+my $test_name = "test_sslkeylogfile";
+setup($test_name);
+
+plan skip_all => "$test_name requires SSLKEYLOGFILE support"
+    if disabled("sslkeylog");
+
+plan tests => 1;
+
+
+my $shlib_wrap   = srctop_file("util", "wrap.pl");
+my $apps_openssl = srctop_file("apps", "openssl");
+my $server_pem   = srctop_file("test", "certs", "servercert.pem");
+my $server_key   = srctop_file("test", "certs", "serverkey.pem");
+
+my $resultdir = result_dir();
+my $sslkeylogfile = "$resultdir/sslkeylog.keys";
+my $trace_file = "$resultdir/keylog.keys";
+
+# Start s_server
+my @s_server_cmd = ("s_server", "-accept", "0", "-naccept", "1",
+                    "-cert", $server_pem, "-key", $server_key);
+my $s_server_pid = open3(my $s_server_i, my $s_server_o, my $s_server_e, $shlib_wrap, $apps_openssl, @s_server_cmd);
+
+# ACCEPT 0.0.0.0:45921
+# ACCEPT [::]:45921
+my $port = "0";
+# Figure out what port its listening on
+while (<$s_server_o>) {
+    print($_);
+    chomp;
+    if (/^ACCEPT 0.0.0.0:(\d+)/) {
+        $port = $1;
+        last;
+    } elsif (/^ACCEPT \[::\]:(\d+)/) {
+        $port = $1;
+        last;
+    } elsif (/^Using default/) {
+        ;
+    } else {
+        last;
+    }
+}
+my $server_port = $port;
+
+print("s_server ready, listening on port $server_port\n");
+
+# Use SSLKEYLOGFILE to record keylogging
+$ENV{SSLKEYLOGFILE} = $sslkeylogfile; 
+
+# Start a client and use the -keylogfile option to independently trace keylog messages
+my @s_client_cmd = ("s_client", "-connect", "localhost:$server_port", "-keylogfile", $trace_file);
+my $s_client_pid = open3(my $s_client_i, my $s_client_o, my $s_client_e, $shlib_wrap, $apps_openssl, @s_client_cmd);
+
+# Issue a quit command to terminate the client after connect
+print $s_client_i "Q\n";
+waitpid($s_client_pid, 0);
+kill 'HUP', $s_server_pid;
+
+# Test 1: Compare the output of -keylogfile  and SSLKEYLOGFILE, and make sure they match
+# Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff
+ok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file])));