X-Git-Url: http://www.privoxy.org/gitweb/show-status?a=blobdiff_plain;f=tools%2Fprivoxy-regression-test.pl;h=29eb9c1835fd22e434e5cff6d48eceef70689f83;hb=99e535c73020cc431b37207c721b1bf0697f1b54;hp=5c1a86dcce03c6915b569d924ef73a3ee102e2c7;hpb=42d1e40b5432cdf8124ee7cc94030381140ea026;p=privoxy.git

diff --git a/tools/privoxy-regression-test.pl b/tools/privoxy-regression-test.pl
index 5c1a86dc..29eb9c18 100755
--- a/tools/privoxy-regression-test.pl
+++ b/tools/privoxy-regression-test.pl
@@ -17,7 +17,7 @@
 # - Document magic Expect Header values
 # - Internal fuzz support?
 #
-# Copyright (c) 2007-2020 Fabian Keil <fk@fabiankeil.de>
+# Copyright (c) 2007-2021 Fabian Keil <fk@fabiankeil.de>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -38,7 +38,7 @@ use strict;
 use Getopt::Long;
 
 use constant {
-    PRT_VERSION => 'Privoxy-Regression-Test 0.7.2',
+    PRT_VERSION => 'Privoxy-Regression-Test 0.7.3',
  
     CURL => 'curl',
 
@@ -372,7 +372,7 @@ sub tokenize($) {
     my ($token, $value) = (undef, undef);
 
     # Remove leading and trailing white space and a
-    # a leading <pre> which is part of the first line.
+    # leading <pre> which is part of the first line.
     s@^\s*(<pre>)?@@;
     s@\s*$@@;
 
@@ -1693,6 +1693,7 @@ sub help() {
     print << "    EOF"
 
 Options and their default values if they have any:
+    [--check-bad-ssl]
     [--debug $cli_options{'debug'}]
     [--forks $cli_options{'forks'}]
     [--fuzzer-address]
@@ -1754,6 +1755,7 @@ sub parse_cli_options() {
     init_cli_options();
 
     GetOptions (
+        'check-bad-ssl'      => \$cli_options{'check-bad-ssl'},
         'debug=i'            => \$cli_options{'debug'},
         'forks=i'            => \$cli_options{'forks'},
         'fuzzer-address=s'   => \$cli_options{'fuzzer-address'},
@@ -1828,11 +1830,55 @@ sub start_forks($) {
     }
 }
 
+sub check_bad_ssl() {
+    my $failures = 0;
+    my @bad_ssl_urls_to_check = (
+        "https://expired.badssl.com/",
+        "https://wrong.host.badssl.com/",
+        "https://self-signed.badssl.com/",
+        "https://untrusted-root.badssl.com/",
+        "https://no-common-name.badssl.com/", # XXX: Certificate has expired ...
+        "https://no-subject.badssl.com/", # XXX: Certificate has expired ...
+        "https://incomplete-chain.badssl.com/",
+        );
+    # This is needed for get_status_code() to skip the
+    # status code from the "HTTP/1.1 200 Connection established"
+    # reply.
+    our $privoxy_cgi_url = "https://p.p/";
+
+    log_message("Requesting pages from badssl.com with various " .
+        "certificate problems. This will only work if Privoxy " .
+        "has been configured properly and can reach the Internet.");
+
+    foreach my $url_to_check (@bad_ssl_urls_to_check) {
+        my ($buffer_ref, $status_code);
+        log_message("Requesting $url_to_check");
+
+        $buffer_ref = get_page_with_curl($url_to_check);
+        $status_code = get_status_code($buffer_ref);
+
+        if (!check_status_code_result($status_code, "403")) {
+            $failures++;
+        }
+
+    }
+    if ($failures == 0) {
+        log_message("All requests resulted in status code 403 as expected.");
+    } else {
+        log_message("There were $failures requests that did not result in status code 403!");
+    }
+
+    return $failures;
+}
+
 sub main() {
 
     init_our_variables();
     parse_cli_options();
     init_proxy_settings('vanilla-proxy');
+    if (cli_option_is_set('check-bad-ssl')) {
+        exit check_bad_ssl();
+    }
     load_regression_tests();
     init_proxy_settings('fuzz-proxy');
     start_forks(get_cli_option('forks')) if cli_option_is_set('forks');
@@ -1847,7 +1893,7 @@ B<privoxy-regression-test> - A regression test "framework" for Privoxy.
 
 =head1 SYNOPSIS
 
-B<privoxy-regression-test> [B<--debug bitmask>] [B<--forks> forks]
+B<privoxy-regression-test> [B<--check-bad-ssl>] [B<--debug bitmask>] [B<--forks> forks]
 [B<--fuzzer-feeding>] [B<--fuzzer-feeding>] [B<--help>] [B<--level level>]
 [B<--local-test-file testfile>] [B<--loops count>] [B<--max-level max-level>]
 [B<--max-time max-time>] [B<--min-level min-level>] B<--privoxy-address proxy-address>
@@ -1997,6 +2043,13 @@ a given file without having to remove or disable the tests completely.
 
 =head1 OPTIONS
 
+B<--check-bad-ssl> Instead of running the regression tests
+as described above, request pages from badssl.com with bad
+certificates to verify that Privoxy is detecting the
+certificate issues. Only works if Privoxy has been compiled
+with FEATURE_HTTPS_INSPECTION, has been configured properly
+and can reach the Internet.
+
 B<--debug bitmask> Add the bitmask provided as integer
 to the debug settings.
 
@@ -2135,7 +2188,7 @@ Privoxy-Regression-Test in a meaningful way.
 
 =head1 SEE ALSO
 
-privoxy(1) curl(1)
+privoxy(8) curl(1)
 
 =head1 AUTHOR