# HG changeset patch # User Maxim Dounin # Date 1684422439 -10800 # Node ID a797d7428fa529e843181d802dd85bc4306b89e9 # Parent 0e1865aa9b33996a0b9d039848d68c48dc85ebc4 Tests: simplified http SSL tests with IO::Socket::SSL. The http SSL tests which previously used IO::Socket::SSL were converted to use improved IO::Socket::SSL infrastructure in Test::Nginx. diff --git a/ssl.t b/ssl.t --- a/ssl.t +++ b/ssl.t @@ -14,6 +14,7 @@ use strict; use Test::More; use Socket qw/ CRLF /; +use IO::Select; BEGIN { use FindBin; chdir($FindBin::Bin); } @@ -278,11 +279,9 @@ sub test_tls13 { } sub get { - my ($uri, $port, $ctx) = @_; - my $s = get_ssl_socket($port, $ctx) or return; - my $r = http_get($uri, socket => $s); - $s->close(); - return $r; + my ($uri, $port, $ctx, %extra) = @_; + my $s = get_ssl_socket($port, $ctx, %extra) or return; + return http_get($uri, socket => $s); } sub get_body { @@ -297,16 +296,16 @@ sub get_body { http($chs . CRLF . $body x $len . CRLF, socket => $s, start => 1) for 1 .. $n; my $r = http("0" . CRLF . CRLF, socket => $s); - $s->close(); return $r; } sub cert { my ($uri, $port) = @_; - my $s = get_ssl_socket($port, undef, + return get( + $uri, $port, undef, SSL_cert_file => "$d/subject.crt", - SSL_key_file => "$d/subject.key") or return; - http_get($uri, socket => $s); + SSL_key_file => "$d/subject.key" + ); } sub get_ssl_context { @@ -318,45 +317,32 @@ sub get_ssl_context { sub get_ssl_socket { my ($port, $ctx, %extra) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port($port), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_reuse_ctx => $ctx, - SSL_error_trap => sub { die $_[1] }, - %extra - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; + return http( + '', PeerAddr => '127.0.0.1:' . port($port), start => 1, + SSL => 1, + SSL_reuse_ctx => $ctx, + %extra + ); } sub get_ssl_shutdown { my ($port) = @_; - my $s = IO::Socket::INET->new('127.0.0.1:' . port($port)); - my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); - my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); - Net::SSLeay::set_fd($ssl, fileno($s)); - Net::SSLeay::connect($ssl) or die("ssl connect"); - Net::SSLeay::write($ssl, 'GET /' . CRLF . 'extra'); - Net::SSLeay::read($ssl); - Net::SSLeay::set_shutdown($ssl, 1); - Net::SSLeay::shutdown($ssl); + my $s = http( + 'GET /' . CRLF . 'extra', + PeerAddr => '127.0.0.1:' . port($port), start => 1, + SSL => 1 + ); + + $s->blocking(0); + while (IO::Select->new($s)->can_read(8)) { + my $n = $s->sysread(my $buf, 16384); + next if !defined $n && $!{EWOULDBLOCK}; + last; + } + $s->blocking(1); + + return $s->stop_SSL(); } ############################################################################### diff --git a/ssl_certificate_chain.t b/ssl_certificate_chain.t --- a/ssl_certificate_chain.t +++ b/ssl_certificate_chain.t @@ -133,41 +133,27 @@ system("openssl ca -batch -config $d/ca. ############################################################################### -is(get_ssl_socket(port(8080)), undef, 'incomplete chain'); -ok(get_ssl_socket(port(8081)), 'intermediate'); -ok(get_ssl_socket(port(8082)), 'intermediate server'); +ok(!get_ssl_socket(8080), 'incomplete chain'); +ok(get_ssl_socket(8081), 'intermediate'); +ok(get_ssl_socket(8082), 'intermediate server'); ############################################################################### sub get_ssl_socket { my ($port) = @_; - my ($s, $verify); + my ($verify); - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => $port, - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(), - SSL_ca_file => "$d/root.crt", - SSL_verify_callback => sub { - my ($ok) = @_; - $verify = $ok; - return $ok; - }, - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } + http( + '', PeerAddr => '127.0.0.1:' . port($port), start => 1, + SSL => 1, + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_PEER(), + SSL_ca_file => "$d/root.crt", + SSL_verify_callback => sub { + my ($ok) = @_; + $verify = $ok; + return $ok; + } + ); return $verify; } diff --git a/ssl_client_escaped_cert.t b/ssl_client_escaped_cert.t --- a/ssl_client_escaped_cert.t +++ b/ssl_client_escaped_cert.t @@ -91,31 +91,12 @@ is($escaped, $cert, 'ssl_client_escaped_ sub cert { my ($uri) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port(8443), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_cert_file => "$d/localhost.crt", - SSL_key_file => "$d/localhost.key", - SSL_error_trap => sub { die $_[1] }, - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - http_get($uri, socket => $s); + return http_get( + $uri, + SSL => 1, + SSL_cert_file => "$d/localhost.crt", + SSL_key_file => "$d/localhost.key" + ); } ############################################################################### diff --git a/ssl_crl.t b/ssl_crl.t --- a/ssl_crl.t +++ b/ssl_crl.t @@ -162,37 +162,12 @@ like(get(8082, 'end'), qr/FAILED/, 'crl sub get { my ($port, $cert) = @_; - my $s = get_ssl_socket($port, $cert) or return; - http_get('/t', socket => $s); -} - -sub get_ssl_socket { - my ($port, $cert) = @_; - my ($s); - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port($port), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_cert_file => "$d/$cert.crt", - SSL_key_file => "$d/$cert.key", - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; + http_get( + '/t', PeerAddr => '127.0.0.1:' . port($port), + SSL => 1, + SSL_cert_file => "$d/$cert.crt", + SSL_key_file => "$d/$cert.key" + ); } ############################################################################### diff --git a/ssl_curve.t b/ssl_curve.t --- a/ssl_curve.t +++ b/ssl_curve.t @@ -75,43 +75,6 @@ foreach my $name ('localhost') { ############################################################################### -like(get('/curve'), qr/^prime256v1 /m, 'ssl curve'); +like(http_get('/curve', SSL => 1), qr/^prime256v1 /m, 'ssl curve'); ############################################################################### - -sub get { - my ($uri, $port, $ctx) = @_; - my $s = get_ssl_socket($port) or return; - my $r = http_get($uri, socket => $s); - $s->close(); - return $r; -} - -sub get_ssl_socket { - my ($port, $ctx) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port(8443), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] }, - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - -############################################################################### diff --git a/ssl_password_file.t b/ssl_password_file.t --- a/ssl_password_file.t +++ b/ssl_password_file.t @@ -49,7 +49,7 @@ http { ssl_password_file password_http; server { - listen 127.0.0.1:8081 ssl; + listen 127.0.0.1:8443 ssl; listen 127.0.0.1:8080; server_name localhost; @@ -132,33 +132,6 @@ is($@, '', 'ssl_password_file works'); # simple tests to ensure that nothing broke with ssl_password_file directive like(http_get('/'), qr/200 OK.*http/ms, 'http'); -like(http_get('/', socket => get_ssl_socket()), qr/200 OK.*https/ms, 'https'); +like(http_get('/', SSL => 1), qr/200 OK.*https/ms, 'https'); ############################################################################### - -sub get_ssl_socket { - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port(8081), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - -############################################################################### diff --git a/ssl_proxy_protocol.t b/ssl_proxy_protocol.t --- a/ssl_proxy_protocol.t +++ b/ssl_proxy_protocol.t @@ -148,24 +148,7 @@ sub pp_get { my $s = http($proxy, start => 1); - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - IO::Socket::SSL->start_SSL($s, - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return http(< $s); + return http(< $s, SSL => 1); GET $url HTTP/1.0 Host: localhost diff --git a/ssl_reject_handshake.t b/ssl_reject_handshake.t --- a/ssl_reject_handshake.t +++ b/ssl_reject_handshake.t @@ -136,44 +136,14 @@ like(get('virtual2', 8082), qr/unrecogni sub get { my ($host, $port) = @_; - my $s = get_ssl_socket($host, $port) or return $@; - $host = 'localhost' if !defined $host; - my $r = http(< $s); -GET / HTTP/1.0 -Host: $host - -EOF - - $s->close(); + my $r = http( + "GET / HTTP/1.0\nHost: " . ($host || 'localhost') . "\n\n", + PeerAddr => '127.0.0.1:' . port($port), + SSL => 1, + SSL_hostname => $host + ) + or return "$@"; return $r; } -sub get_ssl_socket { - my ($host, $port) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port($port), - SSL_hostname => $host, - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] }, - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - ############################################################################### diff --git a/ssl_session_reuse.t b/ssl_session_reuse.t --- a/ssl_session_reuse.t +++ b/ssl_session_reuse.t @@ -16,7 +16,7 @@ use Test::More; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; -use Test::Nginx; +use Test::Nginx qw/ :DEFAULT http_end /; ############################################################################### @@ -192,58 +192,26 @@ like(`grep -F '[crit]' ${\($t->testdir() ############################################################################### sub test_tls13 { - return get('/protocol', 8443) =~ /TLSv1.3/; + return http_get('/protocol', SSL => 1) =~ /TLSv1.3/; } sub test_reuse { my ($port) = @_; - my $ctx = get_ssl_context(); - get('/', $port, $ctx); - return (get('/', $port, $ctx) =~ qr/^body r$/m) ? 1 : 0; -} -sub get { - my ($uri, $port, $ctx) = @_; - my $s = get_ssl_socket($port, $ctx) or return; - my $r = http_get($uri, socket => $s); - $s->close(); - return $r; -} - -sub get_ssl_context { - return IO::Socket::SSL::SSL_Context->new( - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), + my $s = http_get( + '/', PeerAddr => '127.0.0.1:' . port($port), start => 1, + SSL => 1, SSL_session_cache_size => 100 ); -} - -sub get_ssl_socket { - my ($port, $ctx, %extra) = @_; - my $s; + http_end($s); - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port($port), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_reuse_ctx => $ctx, - SSL_error_trap => sub { die $_[1] }, - %extra - ); - alarm(0); - }; - alarm(0); + my $r = http_get( + '/', PeerAddr => '127.0.0.1:' . port($port), + SSL => 1, + SSL_reuse_ctx => $s + ); - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; + return ($r =~ qr/^body r$/m) ? 1 : 0; } ############################################################################### diff --git a/ssl_sni.t b/ssl_sni.t --- a/ssl_sni.t +++ b/ssl_sni.t @@ -37,42 +37,34 @@ http { %%TEST_GLOBALS_HTTP%% server { - listen 127.0.0.1:8080 ssl; + listen 127.0.0.1:8443 ssl; server_name localhost; ssl_certificate_key localhost.key; ssl_certificate localhost.crt; location / { - return 200 $server_name; + return 200 $server_name:$ssl_server_name; } location /protocol { return 200 $ssl_protocol; } + + location /name { + return 200 $ssl_session_reused:$ssl_server_name; + } } server { - listen 127.0.0.1:8080; + listen 127.0.0.1:8443; server_name example.com; ssl_certificate_key example.com.key; ssl_certificate example.com.crt; location / { - return 200 $server_name; - } - } - - server { - listen 127.0.0.1:8081 ssl; - server_name localhost; - - ssl_certificate_key localhost.key; - ssl_certificate localhost.crt; - - location / { - return 200 $ssl_session_reused:$ssl_server_name; + return 200 $server_name:$ssl_server_name; } } } @@ -104,19 +96,19 @@ foreach my $name ('localhost', 'example. like(get_cert_cn(), qr!/CN=localhost!, 'default cert'); like(get_cert_cn('example.com'), qr!/CN=example.com!, 'sni cert'); -like(https_get_host('example.com'), qr!example.com!, +like(get_host('example.com'), qr!example.com:example.com!, 'host exists, sni exists, and host is equal sni'); -like(https_get_host('example.com', 'example.org'), qr!example.com!, +like(get_host('example.com', 'example.org'), qr!example.com:example.org!, 'host exists, sni not found'); TODO: { local $TODO = 'sni restrictions'; -like(https_get_host('example.com', 'localhost'), qr!400 Bad Request!, +like(get_host('example.com', 'localhost'), qr!400 Bad Request!, 'host exists, sni exists, and host is not equal sni'); -like(https_get_host('example.org', 'example.com'), qr!400 Bad Request!, +like(get_host('example.org', 'example.com'), qr!400 Bad Request!, 'host not found, sni exists'); } @@ -127,7 +119,7 @@ my $ctx = new IO::Socket::SSL::SSL_Conte SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), SSL_session_cache_size => 100); -like(get('/', 'localhost', 8081, $ctx), qr/^\.:localhost$/m, 'ssl server name'); +like(get('/name', 'localhost', $ctx), qr/^\.:localhost$/m, 'ssl server name'); TODO: { local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay' @@ -137,7 +129,7 @@ local $TODO = 'no TLSv1.3 sessions, old local $TODO = 'no TLSv1.3 sessions in LibreSSL' if $t->has_module('LibreSSL') && test_tls13(); -like(get('/', 'localhost', 8081, $ctx), qr/^r:localhost$/m, +like(get('/name', 'localhost', $ctx), qr/^r:localhost$/m, 'ssl server name - reused'); } @@ -148,58 +140,29 @@ sub test_tls13 { get('/protocol', 'localhost') =~ /TLSv1.3/; } -sub get_ssl_socket { - my ($host, $port, $ctx) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port($port || 8080), - SSL_hostname => $host, - SSL_reuse_ctx => $ctx, - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - sub get_cert_cn { my ($host) = @_; - my $s = get_ssl_socket($host); - + my $s = http('', start => 1, SSL => 1, SSL_hostname => $host); return $s->dump_peer_certificate(); } -sub https_get_host { +sub get_host { my ($host, $sni) = @_; - my $s = get_ssl_socket($sni ? $sni : $host); - - return http(< $s); -GET / HTTP/1.0 -Host: $host - -EOF + return http( + "GET / HTTP/1.0\nHost: $host\n\n", + SSL => 1, + SSL_hostname => $sni || $host + ); } sub get { - my ($uri, $host, $port, $ctx) = @_; - my $s = get_ssl_socket($host, $port, $ctx) or return; - my $r = http_get($uri, socket => $s); - $s->close(); - return $r; + my ($uri, $host, $ctx) = @_; + return http_get( + $uri, + SSL => 1, + SSL_hostname => $host, + SSL_reuse_ctx => $ctx + ); } ############################################################################### diff --git a/ssl_sni_sessions.t b/ssl_sni_sessions.t --- a/ssl_sni_sessions.t +++ b/ssl_sni_sessions.t @@ -110,15 +110,14 @@ foreach my $name ('localhost') { $t->run(); -plan(skip_all => 'no TLS 1.3 sessions') - if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ - && ($Net::SSLeay::VERSION < 1.88 || $IO::Socket::SSL::VERSION < 2.061); -plan(skip_all => 'no TLS 1.3 sessions in LibreSSL') - if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ - && $t->has_module('LibreSSL'); +plan(skip_all => 'no TLSv1.3 sessions, old Net::SSLeay') + if $Net::SSLeay::VERSION < 1.88 && test_tls13(); +plan(skip_all => 'no TLSv1.3 sessions, old IO::Socket::SSL') + if $IO::Socket::SSL::VERSION < 2.061 && test_tls13(); +plan(skip_all => 'no TLSv1.3 sessions in LibreSSL') + if $t->has_module('LibreSSL') && test_tls13(); plan(skip_all => 'no TLS 1.3 session cache in BoringSSL') - if get('default', port(8443), get_ssl_context()) =~ /TLSv1.3/ - && $t->has_module('BoringSSL'); + if $t->has_module('BoringSSL') && test_tls13(); $t->plan(6); @@ -128,8 +127,8 @@ plan(skip_all => 'no TLS 1.3 session cac my $ctx = get_ssl_context(); -like(get('default', port(8443), $ctx), qr!default:\.!, 'default server'); -like(get('default', port(8443), $ctx), qr!default:r!, 'default server reused'); +like(get('default', 8443, $ctx), qr!default:\.!, 'default server'); +like(get('default', 8443, $ctx), qr!default:r!, 'default server reused'); # check that sessions are still properly saved and restored # when using an SNI-based virtual server with different session cache; @@ -143,16 +142,16 @@ like(get('default', port(8443), $ctx), q $ctx = get_ssl_context(); -like(get('nocache', port(8443), $ctx), qr!nocache:\.!, 'without cache'); -like(get('nocache', port(8443), $ctx), qr!nocache:r!, 'without cache reused'); +like(get('nocache', 8443, $ctx), qr!nocache:\.!, 'without cache'); +like(get('nocache', 8443, $ctx), qr!nocache:r!, 'without cache reused'); # make sure tickets can be used if an SNI-based virtual server # uses a different set of session ticket keys explicitly set $ctx = get_ssl_context(); -like(get('tickets', port(8444), $ctx), qr!tickets:\.!, 'tickets'); -like(get('tickets', port(8444), $ctx), qr!tickets:r!, 'tickets reused'); +like(get('tickets', 8444, $ctx), qr!tickets:\.!, 'tickets'); +like(get('tickets', 8444, $ctx), qr!tickets:r!, 'tickets reused'); ############################################################################### @@ -163,46 +162,19 @@ sub get_ssl_context { ); } -sub get_ssl_socket { +sub get { my ($host, $port, $ctx) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => $port, - SSL_hostname => $host, - SSL_reuse_ctx => $ctx, - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; + return http( + "GET / HTTP/1.0\nHost: $host\n\n", + PeerAddr => '127.0.0.1:' . port($port), + SSL => 1, + SSL_hostname => $host, + SSL_reuse_ctx => $ctx + ); } -sub get { - my ($host, $port, $ctx) = @_; - - my $s = get_ssl_socket($host, $port, $ctx) or return; - my $r = http(< $s); -GET / HTTP/1.0 -Host: $host - -EOF - - $s->close(); - return $r; +sub test_tls13 { + return get('default', 8443) =~ /TLSv1.3/; } ############################################################################### diff --git a/ssl_verify_depth.t b/ssl_verify_depth.t --- a/ssl_verify_depth.t +++ b/ssl_verify_depth.t @@ -172,37 +172,13 @@ like(get(8082, 'end'), qr/SUCCESS/, 've sub get { my ($port, $cert) = @_; - my $s = get_ssl_socket($port, $cert) or return; - http_get("/t?$cert", socket => $s); -} - -sub get_ssl_socket { - my ($port, $cert) = @_; - my ($s); - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1', - PeerPort => port($port), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_cert_file => "$d/$cert.crt", - SSL_key_file => "$d/$cert.key", - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; + http_get( + "/t?$cert", + PeerAddr => '127.0.0.1:' . port($port), + SSL => 1, + SSL_cert_file => "$d/$cert.crt", + SSL_key_file => "$d/$cert.key" + ); } ###############################################################################