Description: sslh doens't take -v INT anymore; it takes --verbose
Forwarded: not yet
Origin: vendor
Author: Don Armstrong <don@debian.org>
--- a/t
+++ b/t
@@ -9,6 +9,7 @@
 use strict;
 use IO::Socket::INET6;
 use IO::Socket::INET;
+use Socket qw/MSG_DONTWAIT/;
 use Test::More qw/no_plan/;
 use File::Temp qw(tempdir);
 # Because nothing else in Debian uses Conf::Libconfig, and I
@@ -17,10 +18,14 @@
 
 my %used_ports;
 
+# The error verbose options are already set, enable these as well during testing
+my $verbose_opts = "--verbose-config=1 --verbose-connections=1 --verbose-packets=1 --verbose-probe-info=1";
+
+
 sub get_unused_port {
     my $sock = IO::Socket::INET->new(
         Listen => 1,
-        LocalAddr => 'localhost',
+        LocalAddr => '127.0.0.1',
         ReuseAddr => 1,
     );
     my $port = $sock->sockport();
@@ -34,15 +39,15 @@
 
 my $conf =
    {protocols =>
-     [{ name => "ssh",  host => "localhost"},#, fork => 1, transparent => 1},
-     { name => "socks5",  host => "localhost",  },
-     { name => "http",  host => "localhost", ,  },
-     { name => "tinc",  host => "localhost", , },
-     { name => "openvpn",  host => "localhost",, },
-     { name => "xmpp",  host => "localhost", },
-     { name => "adb",  host => "localhost"},
-     { name => "syslog",  host => "localhost"},
-     { name => "regex", host => "localhost",
+     [{ name => "ssh",  host => "127.0.0.1"},#, fork => 1, transparent => 1},
+     { name => "socks5",  host => "127.0.0.1",  },
+     { name => "http",  host => "127.0.0.1", ,  },
+     { name => "tinc",  host => "127.0.0.1", , },
+     { name => "openvpn",  host => "127.0.0.1",, },
+     { name => "xmpp",  host => "127.0.0.1", },
+     { name => "adb",  host => "127.0.0.1"},
+     { name => "syslog",  host => "127.0.0.1"},
+     { name => "regex", host => "127.0.0.1",
               regex_patterns => [ "^foo", "^bar"],
        minlength => 4,
        test_patterns => [{pattern => "foo", result => "ssh"},
@@ -50,12 +55,12 @@
                         {pattern => "bar", result => "ssh"},
                         {pattern => "barr", result => "regex"},
                         {pattern => "barrr", result => "regex"},],},
-     { name => "tls", host => "localhost", , alpn_protocols => [ "alpn1", "alpn2" ], sni_hostnames => [ "sni1" ], },
-     { name => "tls", host => "localhost", alpn_protocols => [ "alpn1", "alpn2" ], sni_hostnames => [ "sni2", "sni3" ], },
-     { name => "tls", host => "localhost", alpn_protocols => [ "alpn3" ], },
-     { name => "tls", host => "localhost", sni_hostnames => [ "sni3" ], },
-     { name => "tls", host => "localhost", },
-     { name => "anyprot",  host => "localhost", }],
+     { name => "tls", host => "127.0.0.1", , alpn_protocols => [ "alpn1", "alpn2" ], sni_hostnames => [ "sni1" ], },
+     { name => "tls", host => "127.0.0.1", alpn_protocols => [ "alpn1", "alpn2" ], sni_hostnames => [ "sni2", "sni3" ], },
+     { name => "tls", host => "127.0.0.1", alpn_protocols => [ "alpn3" ], },
+     { name => "tls", host => "127.0.0.1", sni_hostnames => [ "sni3" ], },
+     { name => "tls", host => "127.0.0.1", },
+     { name => "anyprot",  host => "127.0.0.1", }],
    };
 
 my $no_listen = get_unused_port();  # Port on which no-one listens
@@ -129,7 +134,7 @@
 sub test_probe {
     my (%opts) = @_;
 
-    my $cnx = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+    my $cnx = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
     warn "Unable to open socket to $sslh_port $!\n" unless $cnx;
     return unless $cnx;
 
@@ -181,7 +186,7 @@
                 data => "GET index.html HTTP/1.1",
                 no_frag => 1 },
             'tls' => { 
-                # Packet with SNI and ALPN (`openssl s_client -connect localhost:443 -alpn alpn1 -servername sni1`)
+                # Packet with SNI and ALPN (`openssl s_client -connect 127.0.0.1:443 -alpn alpn1 -servername sni1`)
                 data_sni_alpn => "\x16\x03\x01\x00\xc4\x01\x00\x00\xc0\x03\x03\x03\x19\x01\x00\x40\x14\x13\xcc\x1b\x94\xad\x20\x5d\x13\x1a\x8d\xd2\x65\x23\x70\xde\xd1\x3c\x5d\x05\x19\xcb\x27\x0d\x7c\x2c\x89\x00\x00\x38\xc0\x2c\xc0\x30\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0\x2b\xc0\x2f\x00\x9e\xc0\x24\xc0\x28\x00\x6b\xc0\x23\xc0\x27\x00\x67\xc0\x0a\xc0\x14\x00\x39\xc0\x09\xc0\x13\x00\x33\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x00\xff\x01\x00\x00\x5f\x00\x00\x00\x09\x00\x07\x00\x00\x04\$sni\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x19\x00\x18\x00\x23\x00\x00\x00\x0d\x00\x20\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x10\x00\x08\x00\x06\x05\$alpn\x00\x16\x00\x00\x00\x17\x00\x00hello sni/alpn",
                 # Packet with SNI alone
                 data_sni => "\x16\x03\x01\x00\xb8\x01\x00\x00\xb4\x03\x03\x97\xe4\xe9\xad\x86\xe1\x21\xfd\xc4\x5b\x27\x0e\xad\x4b\x55\xc2\x50\xe4\x1c\x86\x2f\x37\x25\xde\xe8\x9c\x59\xfc\x1b\xa9\x37\x32\x00\x00\x38\xc0\x2c\xc0\x30\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0\x2b\xc0\x2f\x00\x9e\xc0\x24\xc0\x28\x00\x6b\xc0\x23\xc0\x27\x00\x67\xc0\x0a\xc0\x14\x00\x39\xc0\x09\xc0\x13\x00\x33\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x00\xff\x01\x00\x00\x53\x00\x00\x00\x09\x00\x07\x00\x00\x04\$sni\x00\x0b\x00\x04\x03\x00\x01\x02\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x19\x00\x18\x00\x23\x00\x00\x00\x0d\x00\x20\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x16\x00\x00\x00\x17\x00\x00hello sni",
@@ -268,7 +273,10 @@
 # Configuration file for testing (use both by sslh under
 # test and the test script `t`)
 
-verbose: 4;
+verbose-config: 1
+verbose-connections: 1
+verbose-packets: 1
+verbose-probe-info: 1
 foreground: true;
 inetd: false;
 numeric: true;
@@ -283,39 +291,39 @@
 # Options:
 listen:
 (
-    { host: "localhost"; port: "$sslh_port"; keepalive: true; },
-    { host: "localhost"; port: "$sslh_port2"; keepalive: true; },
-    { host: "localhost"; is_udp: true; port: "$sslh_port3"; }
+    { host: "127.0.0.1"; port: "$sslh_port"; keepalive: true; },
+    { host: "127.0.0.1"; port: "$sslh_port2"; keepalive: true; }
+    # { host: "127.0.0.1"; is_udp: true; port: "$sslh_port3"; }
 );
 
  
 protocols:
 (
-     { name: "ssh";  host: "localhost"; port: "$conf->{protocols}[0]{port}"; },
-     { name: "socks5";  host: "localhost"; port: "$conf->{protocols}[1]{port}";  },
-     { name: "http";  host: "localhost"; port: "$conf->{protocols}[2]{port}";  },
-     { name: "tinc";  host: "localhost"; port: "$conf->{protocols}[3]{port}"; },
-     { name: "openvpn";  host: "localhost"; port: "$conf->{protocols}[4]{port}"; },
-     { name: "xmpp";  host: "localhost"; port: "$conf->{protocols}[5]{port}"; },
-     { name: "adb";  host: "localhost"; port: "$conf->{protocols}[6]{port}"; },
-     { name: "syslog"; host: "localhost"; port: "$conf->{protocols}[7]{port}"; },
-     { name: "regex"; host: "localhost"; port: "$conf->{protocols}[8]{port}";
+     { name: "ssh";  host: "127.0.0.1"; port: "$conf->{protocols}[0]{port}"; },
+     { name: "socks5";  host: "127.0.0.1"; port: "$conf->{protocols}[1]{port}";  },
+     { name: "http";  host: "127.0.0.1"; port: "$conf->{protocols}[2]{port}";  },
+     { name: "tinc";  host: "127.0.0.1"; port: "$conf->{protocols}[3]{port}"; },
+     { name: "openvpn";  host: "127.0.0.1"; port: "$conf->{protocols}[4]{port}"; },
+     { name: "xmpp";  host: "127.0.0.1"; port: "$conf->{protocols}[5]{port}"; },
+     { name: "adb";  host: "127.0.0.1"; port: "$conf->{protocols}[6]{port}"; },
+     { name: "syslog"; host: "127.0.0.1"; port: "$conf->{protocols}[7]{port}"; },
+     { name: "regex"; host: "127.0.0.1"; port: "$conf->{protocols}[8]{port}";
         regex_patterns: [ "^foo", "^bar" ];
         minlength: 4;
-        test_patterns: (    # this is used by the test script, not by sslh
-            { pattern: "foo"; result: "ssh"; },  # After timeout
-            { pattern: "fooo"; result: "regex"; },
-            { pattern: "bar"; result: "ssh"; },
-            { pattern: "barr"; result: "regex"; },
-            { pattern: "barrrr"; result: "regex"; }
-        );
+#         test_patterns: (    # this is used by the test script, not by sslh
+#             { pattern: "foo"; result: "ssh"; },  # After timeout
+#             { pattern: "fooo"; result: "regex"; },
+#             { pattern: "bar"; result: "ssh"; },
+#             { pattern: "barr"; result: "regex"; },
+#             { pattern: "barrrr"; result: "regex"; }
+#         );
      },
-     { name: "tls"; host: "localhost"; port: "$conf->{protocols}[9]{port}"; alpn_protocols: [ "alpn1", "alpn2" ]; sni_hostnames: [ "sni1" ]; },
-     { name: "tls"; host: "localhost"; port: "$conf->{protocols}[10]{port}"; alpn_protocols: [ "alpn1", "alpn2" ]; sni_hostnames: [ "sni2", "sni3" ]; },
-     { name: "tls"; host: "localhost"; port: "$conf->{protocols}[11]{port}"; alpn_protocols: [ "alpn3" ]; },
-     { name: "tls"; host: "localhost"; port: "$conf->{protocols}[12]{port}"; sni_hostnames: [ "sni3" ]; },
-     { name: "tls"; host: "localhost"; port: "$conf->{protocols}[13]{port}"; },
-     { name: "anyprot";  host: "localhost"; port: "$conf->{protocols}[14]{port}";  }
+     { name: "tls"; host: "127.0.0.1"; port: "$conf->{protocols}[9]{port}"; alpn_protocols: [ "alpn1", "alpn2" ]; sni_hostnames: [ "sni1" ]; },
+     { name: "tls"; host: "127.0.0.1"; port: "$conf->{protocols}[10]{port}"; alpn_protocols: [ "alpn1", "alpn2" ]; sni_hostnames: [ "sni2", "sni3" ]; },
+     { name: "tls"; host: "127.0.0.1"; port: "$conf->{protocols}[11]{port}"; alpn_protocols: [ "alpn3" ]; },
+     { name: "tls"; host: "127.0.0.1"; port: "$conf->{protocols}[12]{port}"; sni_hostnames: [ "sni3" ]; },
+     { name: "tls"; host: "127.0.0.1"; port: "$conf->{protocols}[13]{port}"; },
+     { name: "anyprot";  host: "127.0.0.1"; port: "$conf->{protocols}[14]{port}";  }
 );
 
 on_timeout: "ssh";
@@ -332,7 +340,7 @@
     my ($sslh_pid, $valgrind);
     if (!($sslh_pid = fork)) {
         my $user = (getpwuid $<)[0]; # Run under current username
-        my $cmd = "./$binary -v 4 -f -u $user -F test.cfg";
+        my $cmd = "./$binary -f -u $user -F test.cfg";
         #$valgrind = 1;
         #$cmd = "valgrind --leak-check=full $cmd";
         verbose_exec $cmd;
@@ -349,7 +357,7 @@
 # Test: Shy SSH connection
     if ($SSH_SHY_CNX) {
         print "***Test: Shy SSH connection\n";
-        my $cnx_h = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+        my $cnx_h = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
         warn "Unable to connect to sslh_port:$sslh_port $!\n" unless $cnx_h;
         if (defined $cnx_h) {
             sleep 13;
@@ -362,20 +370,24 @@
 # Test: One SSL half-started then one SSH
     if ($SSL_MIX_SSH) {
         print "***Test: One SSL half-started then one SSH\n";
-        my $cnx_l = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+        my $cnx_l = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
         warn "Unable to connect to sslh_port $sslh_port: $!\n" unless $cnx_l;
         if (defined $cnx_l) {
             print $cnx_l $ssl_test_data;
-            my $cnx_h= new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+            my $cnx_h= new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
             warn "Unable to connect to sslh_port $sslh_port: $!\n" unless $cnx_h;
             if (defined $cnx_h) {
-                sleep 3;
-                print $cnx_h $test_data;
+                warn("going to print data to $cnx_h");
+                $cnx_h->send($test_data);
+                warn("printed data to $cnx_h");
+                # sleep 3;
                 my $data_h = <$cnx_h>;
+                warn("waiting for data at $cnx_h");
                 my_is($data_h, "ssh: $test_data", "$binary: SSH during SSL being established");
             }
             my $data;
             my $n = sysread $cnx_l, $data, 1024;
+            warn("reading data from tls");
             my_is($data, "tls: $ssl_test_data", "$binary: SSL connection interrupted by SSH");
         }
     }
@@ -383,11 +395,11 @@
 # Test: One SSH half-started then one SSL
     if ($SSH_MIX_SSL) {
         print "***Test: One SSH half-started then one SSL\n";
-        my $cnx_h = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+        my $cnx_h = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
         warn "Unable to open sslh_port:$sslh_port $!\n" unless $cnx_h;
         if (defined $cnx_h) {
-            sleep 3;
-            my $cnx_l = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+            # sleep 3;
+            my $cnx_l = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
             warn "$!\n" unless $cnx_l;
             if (defined $cnx_l) {
                 print $cnx_l $ssl_test_data;
@@ -404,7 +416,7 @@
 # Test: Drop connection without writing anything
     if ($DROP_CNX) {
         print "***Test: Connect but don't write anything\n";
-        my $cnx_h = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+        my $cnx_h = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
         warn "$!\n" unless $cnx_h;
         if ($cnx_h) {
             close $cnx_h;
@@ -434,13 +446,13 @@
     print "***Test: Connecting to non-existant server\n";
     my $sslh_pid;
     if (!($sslh_pid = fork)) {
-        exec "./sslh-select -v 3 -f -u $user --listen localhost:$sslh_port --ssh localhost:$no_listen --tls localhost:$no_listen -P $pidfile";
+        exec "./sslh-select $verbose_opts -f -u $user --listen 127.0.0.1:$sslh_port --ssh 127.0.0.1:$no_listen --tls 127.0.0.1:$no_listen -P $pidfile";
     }
     warn "spawned $sslh_pid\n";
 
     sleep 1;
 
-    my $cnx_h = new IO::Socket::INET(PeerHost => "localhost:$sslh_port");
+    my $cnx_h = new IO::Socket::INET(PeerHost => "127.0.0.1:$sslh_port");
     warn "$!\n" unless $cnx_h;
     if (defined $cnx_h) {
         sleep 1;
@@ -467,7 +479,7 @@
     print "***Test: No hostname in address\n";
     my $sslh_pid;
     if (!($sslh_pid = fork)) {
-        exec "./sslh-select -v 3 -f -u $user --listen $sslh_port --ssh $ssh_address --tls $ssl_address -P $pidfile";
+        exec "./sslh-select $verbose_opts -f -u $user --listen $sslh_port --ssh $ssh_address --tls $ssl_address -P $pidfile";
     }
     warn "spawned $sslh_pid\n";
     waitpid $sslh_pid, 0;
@@ -481,7 +493,7 @@
     print "***Test: Changing to non-existant username\n";
     my $sslh_pid;
     if (!($sslh_pid = fork)) {
-        exec "./sslh-select -v 3 -f -u ${user}_doesnt_exist --listen localhost:$no_listen --ssh $ssh_address --tls $ssl_address -P $pidfile";
+        exec "./sslh-select $verbose_opts -f -u ${user}_doesnt_exist --listen 127.0.0.1:$no_listen --ssh $ssh_address --tls $ssl_address -P $pidfile";
     }
     warn "spawned $sslh_pid\n";
     waitpid $sslh_pid, 0;
@@ -495,7 +507,7 @@
     print "***Test: Can't open PID file\n";
     my $sslh_pid;
     if (!($sslh_pid = fork)) {
-        exec "./sslh-select -v 3 -f -u $user --listen localhost:$no_listen --ssh $ssh_address --tls $ssl_address -P /dont_exist/$pidfile";
+        exec "./sslh-select $verbose_opts -f -u $user --listen 127.0.0.1:$no_listen --ssh $ssh_address --tls $ssl_address -P /dont_exist/$pidfile";
         # You don't have a /dont_exist/ directory, do you?!
     }
     warn "spawned $sslh_pid\n";
@@ -511,7 +523,7 @@
     my $sslh_pid;
     if (!($sslh_pid = fork)) {
         my $user = (getpwuid $<)[0]; # Run under current username
-        exec "./sslh-select -v 3 -f -u $user --listen blahblah.nonexistent:9000 --ssh $ssh_address --tls $ssl_address -P $pidfile";
+        exec "./sslh-select $verbose_opts -f -u $user --listen blahblah.nonexistent:9000 --ssh $ssh_address --tls $ssl_address -P $pidfile";
     }
     warn "spawned $sslh_pid\n";
     waitpid $sslh_pid, 0;
@@ -527,17 +539,17 @@
     if (!($sslh_pid = fork)) {
         my $user = (getpwuid $<)[0]; # Run under current username
         # This doesn't test --inetd
-        exec "./sslh-select -v 3 -f -u $user -P $pidfile".
+        exec "./sslh-select $verbose_opts -f -u $user -P $pidfile".
         " -n --timeout 10 -C /tmp".
         " --syslog-facility auth --on-timeout ssh".
-        " --listen localhost:$no_listen --ssh $ssh_address --tls $ssl_address".
-        " --openvpn localhost:$no_listen".
-        " --tinc localhost:$no_listen".
-        " --xmpp localhost:$no_listen".
-        " --http localhost:$no_listen".
-        " --adb localhost:$no_listen".
-        " --socks5 localhost:$no_listen".
-        " --anyprot localhost:$no_listen";
+        " --listen 127.0.0.1:$no_listen --ssh $ssh_address --tls $ssl_address".
+        " --openvpn 127.0.0.1:$no_listen".
+        " --tinc 127.0.0.1:$no_listen".
+        " --xmpp 127.0.0.1:$no_listen".
+        " --http 127.0.0.1:$no_listen".
+        " --adb 127.0.0.1:$no_listen".
+        " --socks5 127.0.0.1:$no_listen".
+        " --anyprot 127.0.0.1:$no_listen";
         exit 0;
     }
     warn "spawned $sslh_pid\n";
@@ -555,10 +567,10 @@
     if (!($sslh_pid = fork)) {
         my $user = (getpwuid $<)[0]; # Run under current username
         # This doesn't test --inetd
-        exec "./sslh-select -v 3 -f -u $user -P $pidfile".
+        exec "./sslh-select $verbose_opts -f -u $user -P $pidfile".
         " -n --timeout 10 -C /tmp".
         " --fakeoption".
-        " --anyprot localhost:$no_listen";
+        " --anyprot 127.0.0.1:$no_listen";
         exit 0;
     }
     warn "spawned $sslh_pid\n";
