diff --git a/.github/workflows/luacheck.yml b/.github/workflows/luacheck.yml index 56bbbf5..4b205bc 100644 --- a/.github/workflows/luacheck.yml +++ b/.github/workflows/luacheck.yml @@ -21,8 +21,8 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 - - uses: leafo/gh-actions-lua@v9 + uses: actions/checkout@v4 + - uses: leafo/gh-actions-lua@v10 - uses: leafo/gh-actions-luarocks@v4 - name: Lint rockspecs run: | diff --git a/.github/workflows/unix_build.yml b/.github/workflows/unix_build.yml index a6f4cff..84af447 100644 --- a/.github/workflows/unix_build.yml +++ b/.github/workflows/unix_build.yml @@ -17,7 +17,7 @@ on: jobs: test: - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 strategy: fail-fast: false @@ -25,9 +25,9 @@ jobs: luaVersion: ["5.1", "5.2", "5.3", "5.4", "luajit-2.1.0-beta3"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - - uses: leafo/gh-actions-lua@v8 + - uses: leafo/gh-actions-lua@v10 with: luaVersion: ${{ matrix.luaVersion }} diff --git a/tests/certs/clientA.bat b/tests/certs/clientA.bat index 112cdef..f70a832 100644 --- a/tests/certs/clientA.bat +++ b/tests/certs/clientA.bat @@ -1,8 +1,8 @@ rem #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch +openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch -openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365 +openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365 copy clientAcert.pem + rootA.pem clientA.pem diff --git a/tests/certs/clientA.sh b/tests/certs/clientA.sh index 0350ede..118e186 100755 --- a/tests/certs/clientA.sh +++ b/tests/certs/clientA.sh @@ -1,9 +1,9 @@ #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \ +openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \ -nodes -config ./clientA.cnf -days 365 -batch -openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \ +openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \ -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \ -out clientAcert.pem -days 365 diff --git a/tests/certs/clientB.bat b/tests/certs/clientB.bat index 9f341f6..ded7537 100644 --- a/tests/certs/clientB.bat +++ b/tests/certs/clientB.bat @@ -1,8 +1,8 @@ rem #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch +openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch -openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365 +openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365 copy clientBcert.pem + rootB.pem clientB.pem diff --git a/tests/certs/clientB.sh b/tests/certs/clientB.sh index 94f8986..a39ae83 100755 --- a/tests/certs/clientB.sh +++ b/tests/certs/clientB.sh @@ -1,9 +1,9 @@ #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem \ +openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \ -nodes -config ./clientB.cnf -days 365 -batch -openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf \ +openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \ -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \ -out clientBcert.pem -days 365 diff --git a/tests/certs/rootA.bat b/tests/certs/rootA.bat index 6449bfa..d884e54 100644 --- a/tests/certs/rootA.bat +++ b/tests/certs/rootA.bat @@ -1,7 +1,7 @@ REM #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch +openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch -openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 +openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 openssl x509 -subject -issuer -noout -in rootA.pem diff --git a/tests/certs/rootA.sh b/tests/certs/rootA.sh index 7b588bf..77fe722 100755 --- a/tests/certs/rootA.sh +++ b/tests/certs/rootA.sh @@ -1,7 +1,6 @@ #!/bin/sh +openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch -openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch - -openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 +openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365 openssl x509 -subject -issuer -noout -in rootA.pem diff --git a/tests/certs/rootB.bat b/tests/certs/rootB.bat index 99f358a..7226a8b 100644 --- a/tests/certs/rootB.bat +++ b/tests/certs/rootB.bat @@ -1,7 +1,7 @@ rem #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch +openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch -openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365 +openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365 openssl x509 -subject -issuer -noout -in rootB.pem diff --git a/tests/certs/rootB.sh b/tests/certs/rootB.sh index 53969b3..07b53a4 100755 --- a/tests/certs/rootB.sh +++ b/tests/certs/rootB.sh @@ -1,7 +1,7 @@ #!/bin/sh -openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch +openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch -openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365 +openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365 openssl x509 -subject -issuer -noout -in rootB.pem diff --git a/tests/certs/serverA.bat b/tests/certs/serverA.bat index 78934d5..c2cc9ba 100644 --- a/tests/certs/serverA.bat +++ b/tests/certs/serverA.bat @@ -1,8 +1,8 @@ rem #!/bin/sh -openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch +openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch -openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365 +openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365 copy serverAcert.pem + rootA.pem serverA.pem diff --git a/tests/certs/serverA.sh b/tests/certs/serverA.sh index 7fa04e0..ac2b09d 100755 --- a/tests/certs/serverA.sh +++ b/tests/certs/serverA.sh @@ -1,9 +1,9 @@ #!/bin/sh -openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem \ +openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \ -config ./serverA.cnf -nodes -days 365 -batch -openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf \ +openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \ -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \ -out serverAcert.pem -days 365 diff --git a/tests/certs/serverB.bat b/tests/certs/serverB.bat index 294be57..232303a 100644 --- a/tests/certs/serverB.bat +++ b/tests/certs/serverB.bat @@ -1,8 +1,8 @@ rem #!/bin/sh -openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch +openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch -openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365 +openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365 copy serverBcert.pem + rootB.pem serverB.pem diff --git a/tests/certs/serverB.sh b/tests/certs/serverB.sh index c75b00a..091f1ac 100755 --- a/tests/certs/serverB.sh +++ b/tests/certs/serverB.sh @@ -1,9 +1,9 @@ #!/bin/sh -openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem \ +openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \ -config ./serverB.cnf -nodes -days 365 -batch -openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf \ +openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \ -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \ -out serverBcert.pem -days 365 diff --git a/tests/httpredirect.lua b/tests/httpredirect.lua index ad2bb24..ac7427e 100644 --- a/tests/httpredirect.lua +++ b/tests/httpredirect.lua @@ -35,13 +35,13 @@ local done = false copas.addthread(function() local _, code, headers = doreq("https://goo.gl/UBCUc5") -- https --> https redirect - assert(tonumber(code)==200) - assert(headers.location == "https://github.com/brunoos/luasec") + assert(tonumber(code)==200, "unexpected status code: "..tostring(code)) + assert(headers.location == "https://github.com/lunarmodules/luasec", "unexpected location header: "..tostring(headers.location)) print("https -> https redirect OK!") copas.addthread(function() local _, code, headers = doreq("http://goo.gl/UBCUc5") -- http --> https redirect - assert(tonumber(code)==200) - assert(headers.location == "https://github.com/brunoos/luasec") + assert(tonumber(code)==200, "unexpected status code: "..tostring(code)) + assert(headers.location == "https://github.com/lunarmodules/luasec", "unexpected location header: "..tostring(headers.location)) print("http -> https redirect OK!") copas.addthread(function() --local result, code, headers, status = doreq("http://goo.gl/tBfqNu") -- http --> http redirect @@ -63,7 +63,7 @@ copas.addthread(function() -- execute test request local _, code, headers = doreq("http://localhost:9876/") -- http --> http redirect copas.removeserver(server) -- immediately close server again - assert(tonumber(code)==200) + assert(tonumber(code)==200, "unexpected status code: "..tostring(code)) assert(headers.location == "http://www.httpvshttps.com") print("http -> http redirect OK!") copas.addthread(function() @@ -73,7 +73,7 @@ copas.addthread(function() copas.addthread(function() redirect = "all" local _, code, headers = doreq("https://bit.ly/3vmhXhW") -- https --> http security test case - assert(tonumber(code)==200) + assert(tonumber(code)==200, "unexpected status code: "..tostring(code)) assert(headers.location == "http://www.httpvshttps.com/") print("https -> http redirect, while allowed OK!") done = true diff --git a/tests/largetransfer.lua b/tests/largetransfer.lua index 21045a9..6f9d556 100644 --- a/tests/largetransfer.lua +++ b/tests/largetransfer.lua @@ -97,22 +97,22 @@ runtest() -- run test using regular connection (s/cparams == nil) -- set ssl parameters and do it again sparams = { mode = "server", - protocol = "tlsv1", + protocol = "any", key = "tests/certs/serverAkey.pem", certificate = "tests/certs/serverA.pem", cafile = "tests/certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, - options = {"all", "no_sslv2"}, -} + options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"}, + } cparams = { mode = "client", - protocol = "tlsv1", + protocol = "any", key = "tests/certs/clientAkey.pem", certificate = "tests/certs/clientA.pem", cafile = "tests/certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, - options = {"all", "no_sslv2"}, -} + options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"}, + } done = 0 start = socket.gettime() runtest() diff --git a/tests/removeserver.lua b/tests/removeserver.lua index cf6a280..10928c2 100644 --- a/tests/removeserver.lua +++ b/tests/removeserver.lua @@ -9,19 +9,31 @@ local wskt = socket.bind("*", 0) local whost, wport = wskt:getsockname() wport = tonumber(wport) +-- set up a timeout to not hang on failure +local timeout_timer = copas.timer.new { + delay = 10, + callback = function() + print("timeout!") + os.exit(1) + end +} + +local connection_handler = function(cskt) + print(tostring(cskt).." ("..type(cskt)..") received a connection") + local data, _, partial = cskt:receive() + if partial and not data then + data = partial + end + print("triggered", data) + copas.removeserver(wskt, true) +end + local function wait_for_trigger() - copas.addserver(wskt, function(cskt) - local data, _, partial = cskt:receive() - if partial and not data then - data = partial - end - print("triggered", data) - copas.removeserver(wskt, true) - end) + copas.addserver(wskt, copas.handler(connection_handler), "my_TCP_server") end local function trigger_it(n) - local cskt = socket.tcp() + local cskt = copas.wrap(socket.tcp()) local ok = cskt:connect(whost, wport) if ok then cskt:send("hi "..n) @@ -35,6 +47,7 @@ copas.addthread(function() trigger_it(i) copas.pause(0.1) end + timeout_timer:cancel() end) copas.loop() diff --git a/tests/tls-sni.lua b/tests/tls-sni.lua index 94841b3..c2b7453 100644 --- a/tests/tls-sni.lua +++ b/tests/tls-sni.lua @@ -16,12 +16,12 @@ end local server_params = { wrap = { mode = "server", - protocol = "tlsv1", + protocol = "any", key = "tests/certs/serverAkey.pem", certificate = "tests/certs/serverA.pem", cafile = "tests/certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, - options = {"all", "no_sslv2"}, + options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"}, }, sni = { strict = true, -- only allow connection 'myhost.com' @@ -33,12 +33,12 @@ server_params.sni.names["myhost.com"] = ssl.newcontext(server_params.wrap) local client_params = { wrap = { mode = "client", - protocol = "tlsv1", + protocol = "any", key = "tests/certs/clientAkey.pem", certificate = "tests/certs/clientA.pem", cafile = "tests/certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, - options = {"all", "no_sslv2"}, + options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"}, }, sni = { names = "" -- will be added in test below @@ -63,7 +63,7 @@ local function echoHandler(skt) return -- close this client connection, after stopping the server end - skt:send(data) + skt:send(data.."\n") end end @@ -92,12 +92,16 @@ copas.addthread(function() local skt = copas.wrap(socket.tcp(), client_params) local success, ok = pcall(skt.connect, skt, "localhost", port) if not (success and ok) then - print "expected connection to be completed" + print("expected connection to be completed", success, ok) os.exit(1) end + assert(skt:send("hello world\n")) + assert(skt:receive() == "hello world") print "succesfully completed test" - os.exit(0) + + -- send exit signal to server + skt:send("exit\n") end) -- no ugly errors please, comment out when debugging