thttpclient_ssl.nim 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. discard """
  2. cmd: "nim $target --threads:on -d:ssl $options $file"
  3. disabled: "openbsd"
  4. """
  5. # Nim - Basic SSL integration tests
  6. # (c) Copyright 2018 Nim contributors
  7. #
  8. # See the file "copying.txt", included in this
  9. # distribution, for details about the copyright.
  10. #
  11. ## Warning: this test performs local networking.
  12. ## Test with:
  13. ## ./bin/nim c -d:ssl -p:. --threads:on -r tests/stdlib/thttpclient_ssl.nim
  14. when not defined(windows):
  15. # Disabled on Windows due to old OpenSSL version
  16. import
  17. httpclient,
  18. net,
  19. openssl,
  20. os,
  21. strutils,
  22. threadpool,
  23. times,
  24. unittest
  25. # bogus self-signed certificate
  26. const
  27. certFile = "tests/stdlib/thttpclient_ssl_cert.pem"
  28. keyFile = "tests/stdlib/thttpclient_ssl_key.pem"
  29. proc log(msg: string) =
  30. when defined(ssldebug):
  31. echo " [" & $epochTime() & "] " & msg
  32. # FIXME
  33. echo " [" & $epochTime() & "] " & msg
  34. discard
  35. proc runServer(port: Port): bool {.thread.} =
  36. ## Run a trivial HTTPS server in a {.thread.}
  37. ## Exit after serving one request
  38. var socket = newSocket()
  39. socket.setSockOpt(OptReusePort, true)
  40. socket.bindAddr(port)
  41. var ctx = newContext(certFile=certFile, keyFile=keyFile)
  42. ## Handle one connection
  43. socket.listen()
  44. var client: Socket
  45. var address = ""
  46. log "server: ready"
  47. socket.acceptAddr(client, address)
  48. log "server: incoming connection"
  49. var ssl: SslPtr = SSL_new(ctx.context)
  50. discard SSL_set_fd(ssl, client.getFd())
  51. log "server: accepting connection"
  52. ErrClearError()
  53. if SSL_accept(ssl) <= 0:
  54. ERR_print_errors_fp(stderr)
  55. else:
  56. const reply = "HTTP/1.0 200 OK\r\nServer: test\r\nContent-type: text/html\r\nContent-Length: 0\r\n\r\n"
  57. log "server: sending reply"
  58. discard SSL_write(ssl, reply.cstring, reply.len)
  59. log "server: receiving a line"
  60. let line = client.recvLine()
  61. log "server: received $# bytes" % $line.len
  62. log "closing"
  63. SSL_free(ssl)
  64. close(client)
  65. close(socket)
  66. log "server: exited"
  67. suite "SSL self signed certificate check":
  68. test "TCP socket":
  69. const port = 12347.Port
  70. let t = spawn runServer(port)
  71. sleep(100)
  72. var sock = newSocket()
  73. var ctx = newContext()
  74. ctx.wrapSocket(sock)
  75. try:
  76. log "client: connect"
  77. sock.connect("127.0.0.1", port)
  78. fail()
  79. except:
  80. let msg = getCurrentExceptionMsg()
  81. check(msg.contains("certificate verify failed"))
  82. test "HttpClient default: no check":
  83. const port = 12345.Port
  84. let t = spawn runServer(port)
  85. sleep(100)
  86. var client = newHttpClient(sslContext=newContext(verifyMode=CVerifyNone))
  87. try:
  88. log "client: connect"
  89. discard client.getContent("https://127.0.0.1:12345")
  90. except:
  91. let msg = getCurrentExceptionMsg()
  92. log "client: unexpected exception: " & msg
  93. fail()
  94. test "HttpClient with CVerifyPeer":
  95. const port = 12346.Port
  96. let t = spawn runServer(port)
  97. sleep(100)
  98. var client = newHttpClient(sslContext=newContext(verifyMode=CVerifyPeer))
  99. try:
  100. log "client: connect"
  101. discard client.getContent("https://127.0.0.1:12346")
  102. log "getContent should have raised an exception"
  103. fail()
  104. except:
  105. let msg = getCurrentExceptionMsg()
  106. log "client: exception: " & msg
  107. # SSL_shutdown:shutdown while in init
  108. if not (msg.contains("alert number 48") or
  109. msg.contains("certificate verify failed")):
  110. echo "CVerifyPeer exception: " & msg
  111. check(false)