xref: /freebsd/crypto/openssl/test/recipes/70-test_sslkeylogfile.t (revision e7be843b4a162e68651d3911f0357ed464915629) 
1#! /usr/bin/env perl
2# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use strict;
10use warnings;
11
12use IPC::Open3;
13use OpenSSL::Test qw/:DEFAULT result_dir srctop_file bldtop_file/;
14use OpenSSL::Test::Utils;
15
16my $test_name = "test_sslkeylogfile";
17setup($test_name);
18
19plan skip_all => "$test_name requires SSLKEYLOGFILE support"
20    if disabled("sslkeylog");
21
22my $tests = 1;
23if ($^O =~ /^(linux)$/) {
24    $tests = 2;
25}
26
27plan tests => $tests;
28
29
30my $shlib_wrap   = srctop_file("util", "wrap.pl");
31my $apps_openssl = srctop_file("apps", "openssl");
32my $server_pem   = srctop_file("test", "certs", "servercert.pem");
33my $server_key   = srctop_file("test", "certs", "serverkey.pem");
34
35my $resultdir = result_dir();
36my $sslkeylogfile = "$resultdir/sslkeylog.keys";
37my $trace_file = "$resultdir/keylog.keys";
38
39# Start s_server
40my @s_server_cmd = ("s_server", "-accept", "0", "-naccept", "1",
41                    "-cert", $server_pem, "-key", $server_key);
42my $s_server_pid = open3(my $s_server_i, my $s_server_o, my $s_server_e, $shlib_wrap, $apps_openssl, @s_server_cmd);
43
44# expected outputs from the server
45# ACCEPT 0.0.0.0:<port>
46# ACCEPT [::]:<port>
47my $port = "0";
48# Figure out what port its listening on
49while (<$s_server_o>) {
50    print($_);
51    chomp;
52    if (/^ACCEPT 0.0.0.0:(\d+)/) {
53        $port = $1;
54        last;
55    } elsif (/^ACCEPT \[::\]:(\d+)/) {
56        $port = $1;
57        last;
58    } elsif (/^Using default/) {
59        ;
60    } else {
61        last;
62    }
63}
64my $server_port = $port;
65
66print("s_server ready, listening on port $server_port\n");
67
68# Use SSLKEYLOGFILE to record keylogging
69$ENV{SSLKEYLOGFILE} = $sslkeylogfile;
70
71# Start a client and use the -keylogfile option to independently trace keylog messages
72my @s_client_cmd = ("s_client", "-connect", "localhost:$server_port", "-keylogfile", $trace_file);
73my $s_client_pid = open3(my $s_client_i, my $s_client_o, my $s_client_e, $shlib_wrap, $apps_openssl, @s_client_cmd);
74
75# Issue a quit command to terminate the client after connect
76print $s_client_i "Q\n";
77waitpid($s_client_pid, 0);
78kill 'HUP', $s_server_pid;
79
80# Test 1: Compare the output of -keylogfile  and SSLKEYLOGFILE, and make sure they match
81# Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff
82ok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file])));
83
84# Test 2, linux-specific: the keylog file should have permission 0600
85if ($^O =~ /^(linux)$/) {
86    my $mode = sprintf("%04o", (stat($sslkeylogfile))[2] & 07777);
87    ok($mode eq "0600");
88}
89