Closed tangentnet closed 3 months ago
Do you use the sslproxy port at UTMFW? And it seems like GNUmakefile is missing in your tarball. How did you generate the sslproxy tarball?
Do you use the sslproxy port at UTMFW? And it seems like GNUmakefile is missing in your tarball. How did you generate the sslproxy tarball?
I'm building it on OpenBSD 7.5, not UTMFW. I was able to build it after creating a suitable directory structure and producing an archive. I somehow neglected to do that before, as I typically do with sources from github.
I created a port for net/testproxy, built and installed it for running sslproxy tests but, the TESTHARNESS is failing. Here is my modified Makefile:
COMMENT= transparent SSL/TLS proxy to divert decrypted traffic DISTNAME= sslproxy-0.9.5 EXTRACT_SUFX= .tar.gz CATEGORIES= security HOMEPAGE= https://github.com/sonertari/SSLproxy MAINTAINER= Soner Tari <sonertari@gmail.com> PERMIT_PACKAGE= Yes WANTLIB += c crypto event_core event_extra event_openssl event_pthreads WANTLIB += pthread ssl MASTER_SITES= https://github.com/sonertari/SSLproxy/ LIB_DEPENDS= devel/libevent2 BUILD_DEPENDS= net/libnet/1.1 \ databases/sqlite3 RUN_DEPENDS= devel/libevent2 \ net/libnet/1.1 \ databases/sqlite3 TEST_DEPENDS= devel/check \ net/testproxy \ security/sudo MAKE_FLAGS= MANDIR=man PREFIX=${TRUEPREFIX} USE_GMAKE= Yes MAKE_FILE= GNUmakefile .include <bsd.port.mk>
Tests return this error: `Host: example.com Content-Type: application/ocsp-request
, {}) [08:30:42] [DEBUG] SRV.h1.s2.c1.t2.1: TCP stream read error: Resource temporarily unavailable (os error 35) [08:30:42] [DEBUG] SRV.h1.s3.c2.t1.1: TCP stream connected gmake[2]: [GNUmakefile:38: test] Segmentation fault (core dumped) gmake[2]: Leaving directory '/usr/ports/pobj/sslproxy-0.9.5/sslproxy-0.9.5/tests/testproxy' gmake[1]: [GNUmakefile:20: e2etest] Error 2 gmake[1]: Leaving directory '/usr/ports/pobj/sslproxy-0.9.5/sslproxy-0.9.5' gmake: [GNUmakefile:14: test] Error 2 Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:3096 '/usr/ports/pobj/sslproxy-0.9.5/.test_done': @cd /usr/ports/pobj/sslproxy-0....) *** Error 2 in /usr/ports/security/sslproxy (/usr/ports/infrastructure/mk/bsd.port.mk:2704 'test': @lock=sslproxy-0.9.5; export _LOCKS_HELD...)` Let me know if this is relevant.
Use the sslproxy port at UTMFW. Create the tarball using git clone (remove the .git folder only). SSLproxy e2e tests are supported on Linux only. I've never used testproxy on OpenBSD.
Thank you; I did it already. Because the test software requires testproxy via rust and expects it at $HOME/.cargo/bin/testproxy, I created a port for systemwide use and updated sslproxy-0.9.5/tests/testproxy/GNUmakefile for skipping e2e tests on OpenBSD. I am not sure if this approach is correct, please have a look and evaluate
sslproxy-0.9.5/tests/testproxy/GNUmakefile:
TESTPROXY:= /usr/local/bin/testproxy
TESTPROXY_VERSION=$(shell $(TESTPROXY) -V)
ifneq ($(TESTPROXY_VERSION),testproxy 0.0.5)
$(error Use Testproxy v0.0.5 with this version of SSLproxy, found $(TESTPROXY_VERSION))
endif
ifeq ($(findstring -DWITHOUT_USERAUTH,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "Features: ")),-DWITHOUT_USERAUTH)
$(error End-to-end tests need UserAuth enabled, disable WITHOUT_USERAUTH feature in main makefile and try again)
endif
all: test
buildsslproxy:
$(MAKE) -C $(PROJECT_ROOT)
buildlp:
$(MAKE) -C lp
# Detect the OS
OS := $(shell uname -s)
# XXX: How to build sslproxy before setting the vars? Otherwise, we depend on the main makefile to have already built it.
test: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "SSL/TLS protocol availability")
test: TLS11=$(findstring tls11,$(SSL_PROTOS))
test: TLS13=$(findstring tls13,$(SSL_PROTOS))
test: OPENSSL=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "compiled against OpenSSL")
test: OPENSSL3=$(findstring "OpenSSL 3.",$(OPENSSL))
test: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)
test: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)
test: SSLPROXY_CONF:=$(if $(OPENSSL3),$(SSLPROXY_CONF),sslproxy_openssl3.conf)
test: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody
test: TESTHARNESS=$(if $(TLS13),testharness.json,testharness_no_tls13.json)
test: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_no_tls11.json)
test: TESTHARNESS:=$(if $(OPENSSL3),$(TESTHARNESS),testharness_openssl3.json)
test: SKIP_TESTHARNESS=2
test: buildsslproxy buildlp
ifeq ($(OS),OpenBSD)
@echo "Skipping e2e tests on OpenBSD"
else
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)
$(TESTPROXY) -f $(TESTHARNESS) -l 4 --skip-test-harness $(SKIP_TESTHARNESS)
sudo pkill sslproxy
sudo pkill lp
endif
test_split: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "SSL/TLS protocol availability")
test_split: TLS11=$(findstring tls11,$(SSL_PROTOS))
test_split: TLS13=$(findstring tls13,$(SSL_PROTOS))
test_split: OPENSSL=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "compiled against OpenSSL")
test_split: OPENSSL3=$(findstring "OpenSSL 3.",$(OPENSSL))
test_split: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)
test_split: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)
test_split: SSLPROXY_CONF:=$(if $(OPENSSL3),$(SSLPROXY_CONF),sslproxy_openssl3.conf)
test_split: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -n -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody
test_split: TESTHARNESS=$(if $(TLS13),testharness_split.json,testharness_split_no_tls13.json)
test_split: TESTHARNESS:=$(if $(TLS11),testharness_split_no_tls11.json)
test_split: TESTHARNESS:=$(if $(OPENSSL3),testharness_split_openssl3.json)
test_split: buildsslproxy buildlp
ifeq ($(OS),OpenBSD)
@echo "Skipping e2e split tests on OpenBSD"
else
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody
sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)
$(TESTPROXY) -f $(TESTHARNESS) -l 4
sudo pkill sslproxy
sudo pkill lp
endif
travis: test
clean:
$(MAKE) -C $(PROJECT_ROOT) clean
$(MAKE) -C lp clean
FORCE:
.PHONY: all clean buildsslproxy buildlp test test_split travis
Makefile:
DISTNAME= sslproxy-0.9.5
EXTRACT_SUFX= .tar.gz
CATEGORIES= security
HOMEPAGE= https://github.com/sonertari/SSLproxy
MAINTAINER= Soner Tari <sonertari@gmail.com>
# SSLproxy: BSD, khash.h (header-based library): MIT
PERMIT_PACKAGE= Yes
WANTLIB += c crypto event_core event_extra event_openssl event_pthreads
WANTLIB += pthread ssl
MASTER_SITES= https://github.com/sonertari/SSLproxy/
LIB_DEPENDS= devel/libevent2
BUILD_DEPENDS= net/libnet/1.1 \
databases/sqlite3
RUN_DEPENDS= devel/libevent2 \
net/libnet/1.1 \
databases/sqlite3
# following is expected with MALLOC_FLAGS J:
# "cert.t.c:66:F:cert_refcount_inc:cert_refcount_inc_01:0: refcount mismatch"
# the test deliberately does a use-after-free
TEST_DEPENDS= devel/check \
net/testproxy
MAKE_FLAGS= MANDIR=man PREFIX=${TRUEPREFIX}
USE_GMAKE= Yes
MAKE_FILE= GNUmakefile
.include <bsd.port.mk>
System:
OpenBSD tangent.localdomain 7.5 GENERIC.MP#82 amd64
Version for sslproxy :
sslproxy-0.9.5
Output of make: `[Fri Jul 05 19:37:43 tangent tangent /usr/ports/security/sslproxy]
make
===> Building from scratch sslproxy-0.9.5 ===> sslproxy-0.9.5 depends on: libnet->=1.1v0,<1.2v0 -> libnet-1.1.6v0 ===> sslproxy-0.9.5 depends on: sqlite3- -> sqlite3-3.44.2 ===> sslproxy-0.9.5 depends on: gmake- -> gmake-4.4.1 ===> sslproxy-0.9.5 depends on: libevent-* -> libevent-2.1.12p0 ===> Verifying specs: c crypto event_core event_extra event_openssl event_pthreads pthread ssl ===> found c.99.0 crypto.53.0 event_core.2.1 event_extra.1.0 event_openssl.1.0 event_pthreads.0.0 pthread.27.1 ssl.56.0 ===> Checking files for sslproxy-0.9.5 `/usr/ports/distfiles/sslproxy-0.9.5.tar.gz' is up to date.
OpenSSL (not sure whether it is relevant for this case or not):
LibreSSL 3.9.0
Version of libevent (not sure whether it is relevant for this case or not):
libevent-2.1.12p0
I can compile outside of the ports system, but it fails inside OpenBSD ports system.