Added test infrastructure to support basic FTPS tests. This currently

supports only ftps:// URLs with --ftp-ssl-control specified, which
implicitly encrypts the control channel but not the data channels.  That
allows stunnel to be used with an unmodified ftp server in exactly the
same way that the test https server is set up.
Added test case 400 as a basic FTPS test.

tests/README

@@ -13,13 +13,17 @@ Requires:
 
 TCP ports used:
 
-  - 8999 on localhost for HTTP tests
-  - 8433 on localhost for HTTPS tests
-  - 8921 on localhost for FTP tests
-  - 8821 on localhost for FTPS tests (currently disabled)
+  - 8990 on localhost for HTTP tests
+  - 8991 on localhost for HTTPS tests
+  - 8994 on localhost for HTTP IPv6 tests
+  - 8992 on localhost for FTP tests
+  - 8995 on localhost for FTP (2) tests
+  - 8993 on localhost for FTPS tests
+  - 8996 on localhost for FTP IPv6 tests
+  - 8997 on localhost for TFTP tests
 
-  The test suite runs simple FTP and HTTP servers on these ports to which
-  it makes requests.
+  The test suite runs simple FTP, HTTP and TFTP servers on these ports to
+  which it makes requests.
 
 Run:
   'make test'. This invokes the 'runtests.pl' perl script. Edit the top
@@ -57,12 +61,12 @@ Debug:
           (gdb) where
 
 Logs:
-  All logs are generated in the logs/ subdirctory (it is emptied first
+  All logs are generated in the logs/ subdirectory (it is emptied first
   in the runtests.pl script). Use runtests.pl -k to keep the temporary files
   after the test run.
 
 Data:
-  All test cases are put in the data/ subdirctory. Each test is stored in the
+  All test cases are put in the data/ subdirectory. Each test is stored in the
   file named according to the test number.
 
   See FILEFORMAT for the description of the test case files.
@@ -85,4 +89,4 @@ TEST CASE NUMBERS
 
 TODO:
 
-  * Add tests for TELNET, LDAP, DICT...
+  * Add tests for TELNET, LDAP, DICT, SCP, SFTP...

tests/data/Makefile.am

@@ -37,4 +37,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test274 test275 test524 test525 test276 test277 test526 test527 test528   \
  test530 DISABLED test278 test279 test531 test280 test529 test532 test533  \
  test534 test535 test281 test537 test282 test283 test284 test538 test285   \
- test286 test307 test308 test287
+ test286 test307 test308 test287 test400

tests/data/test400

@@ -0,0 +1,61 @@
+<testcase>
+<info>
+<keywords>
+FTPS
+PASV
+LIST
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+# When doing LIST, we get the default list output hard-coded in the test
+# FTPS server
+<datacheck>
+total 20
+drwxr-xr-x   8 98       98           512 Oct 22 13:06 .
+drwxr-xr-x   8 98       98           512 Oct 22 13:06 ..
+drwxr-xr-x   2 98       98           512 May  2  1996 .NeXT
+-r--r--r--   1 0        1             35 Jul 16  1996 README
+lrwxrwxrwx   1 0        1              7 Dec  9  1999 bin -> usr/bin
+dr-xr-xr-x   2 0        1            512 Oct  1  1997 dev
+drwxrwxrwx   2 98       98           512 May 29 16:04 download.html
+dr-xr-xr-x   2 0        1            512 Nov 30  1995 etc
+drwxrwxrwx   2 98       1            512 Oct 30 14:33 pub
+dr-xr-xr-x   5 0        1            512 Oct  1  1997 usr
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+ftps
+</server>
+ <name>
+FTPS dir list PASV unencrypted data
+ </name>
+ <command>
+-k --ftp-ssl-control ftps://%HOSTIP:%FTPSPORT/
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+filter off really nothing
+</strip>
+<protocol>
+USER anonymous
+PASS ftp@example.com
+PBSZ 0
+PROT C
+PWD
+EPSV
+TYPE A
+LIST
+QUIT
+</protocol>
+</verify>
+</testcase>

tests/httpsserver.pl

@@ -1,7 +1,7 @@
 #!/usr/bin/env perl
 #
 # $Id$
-# This is the HTTPS server designed for the curl test suite.
+# This is the HTTPS and FTPS server designed for the curl test suite.
 #
 # It is actually just a layer that runs stunnel properly.
 
@@ -18,14 +18,16 @@ my $stunnel = "stunnel";
 
 my $verbose=0; # set to 1 for debugging
 
-my $port = 8433; # just our default, weird enough
-my $target_port = 8999; # test http-server port
+my $port = 8991;        # just our default, weird enough
+my $target_port = 8999; # default test http-server port
 
 my $path = `pwd`;
 chomp $path;
 
 my $srcdir=$path;
 
+my $proto='https';
+
 do {
     if($ARGV[0] eq "-v") {
         $verbose=1;
@@ -33,6 +35,10 @@ do {
     if($ARGV[0] eq "-w") {
         return 0; # return success, means we have stunnel working!
     }
+    elsif($ARGV[0] eq "-p") {
+        $proto=$ARGV[1];
+        shift @ARGV;
+    }
     elsif($ARGV[0] eq "-r") {
         $target_port=$ARGV[1];
         shift @ARGV;
@@ -52,7 +58,7 @@ do {
 
 my $conffile="$path/stunnel.conf";	# stunnel configuration data
 my $certfile="$srcdir/stunnel.pem";	# stunnel server certificate
-my $pidfile="$path/.https.pid";		# stunnel process pid file
+my $pidfile="$path/.$proto.pid";	# stunnel process pid file
 
 open(CONF, ">$conffile") || return 1;
 print CONF "
@@ -79,7 +85,7 @@ my $version_ge_4=system("$stunnel -V 2>&1|grep '^stunnel.* on '>/dev/null 2>&1")
 if ($version_ge_4) { $cmd="$stunnel $conffile"; }
 
 if($verbose) {
-    print "HTTPS server: $cmd\n";
+    print uc($proto)." server: $cmd\n";
 }
 
 my $rc = system($cmd);

tests/runtests.pl

@@ -480,7 +480,11 @@ sub verifyftp {
     my ($proto, $ip, $port) = @_;
     my $pid;
     my $time=time();
-    my $cmd="$CURL -m$server_response_maxtime --silent -vg \"$proto://$ip:$port/verifiedserver\" 2>log/verifyftp";
+    my $extra;
+    if($proto eq "ftps") {
+    	$extra = "-k --ftp-ssl-control ";
+    }
+    my $cmd="$CURL -m$server_response_maxtime --silent -vg $extra\"$proto://$ip:$port/verifiedserver\" 2>log/verifyftp";
     # check if this is our server running on this port:
     my @data=`$cmd`;
     logmsg "RUN: $cmd\n" if($verbose);
@@ -518,6 +522,7 @@ sub verifyftp {
 my %protofunc = ('http' => \&verifyhttp,
                  'https' => \&verifyhttp,
                  'ftp' => \&verifyftp,
+                 'ftps' => \&verifyftp,
                  'tftp' => \&verifyftp);
 
 sub verifyserver {
@@ -628,7 +633,7 @@ sub runhttpsserver {
     }
 
     my $flag=$debugprotocol?"-v ":"";
-    my $cmd="$perl $srcdir/httpsserver.pl $flag -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT";
+    my $cmd="$perl $srcdir/httpsserver.pl $flag -p https -s \"$stunnel\" -d $srcdir -r $HTTPPORT $HTTPSPORT";
 
     my ($httpspid, $pid2) = startnew($cmd, $HTTPSPIDFILE);
 
@@ -721,6 +726,60 @@ sub runftpserver {
     return ($pid2, $ftppid);
 }
 
+#######################################################################
+# start the ftps server (or rather, tunnel)
+#
+sub runftpsserver {
+    my ($verbose, $ipv6) = @_;
+    my $STATUS;
+    my $RUNNING;
+    my $ip = $HOSTIP;
+
+    if(!$stunnel) {
+        return 0;
+    }
+
+    if($ipv6) {
+        # not complete yet
+        $ip = $HOST6IP;
+    }
+
+    my $pid=checkserver($FTPSPIDFILE);
+
+    if($pid > 0) {
+        # kill previous stunnel!
+        stopserver($pid);
+    }
+
+    my $flag=$debugprotocol?"-v ":"";
+    my $cmd="$perl $srcdir/httpsserver.pl $flag -p ftps -s \"$stunnel\" -d $srcdir -r $FTPPORT $FTPSPORT";
+
+    my ($ftpspid, $pid2) = startnew($cmd, $FTPSPIDFILE);
+
+    if(!kill(0, $ftpspid)) {
+        # it is NOT alive
+        logmsg "RUN: failed to start the FTPS server!\n";
+        stopservers($verbose);
+        return(0,0);
+    }
+
+    # Server is up. Verify that we can speak to it.
+    if(!verifyserver("ftps", $ip, $FTPSPORT)) {
+        logmsg "RUN: FTPS server failed verification\n";
+        # failed to talk to it properly. Kill the server and return failure
+        stopserver("$ftpspid $pid2");
+        return (0,0);
+    }
+
+    if($verbose) {
+        logmsg "RUN: FTPS server is now running PID $ftpspid\n";
+    }
+
+    sleep(1);
+
+    return ($ftpspid, $pid2);
+}
+
 #######################################################################
 # start the tftp server
 #
@@ -1072,7 +1131,7 @@ sub checksystem {
     logmsg sprintf("* FTP port:       %d\n", $FTPPORT);
     logmsg sprintf("* FTP port 2:     %d\n", $FTP2PORT);
     if($stunnel) {
-        #logmsg sprintf("* FTPS port:      %d\n", $FTPSPORT);
+        logmsg sprintf("* FTPS port:      %d\n", $FTPSPORT);
         logmsg sprintf("* HTTPS port:     %d\n", $HTTPSPORT);
     }
     if($http_ipv6) {
@@ -1890,8 +1949,32 @@ sub startservers {
             }
         }
         elsif($what eq "ftps") {
-            # we can't run ftps tests at all for the moment
-            return "test suite lacks FTPS support";
+            if(!$stunnel) {
+                # we can't run ftps tests without stunnel
+                return "no stunnel";
+            }
+            if(!$ssl_version) {
+                # we can't run ftps tests if libcurl is SSL-less
+                return "curl lacks SSL support";
+            }
+
+            if(!$run{'ftp'}) {
+                ($pid, $pid2) = runftpserver("", $verbose);
+                if($pid <= 0) {
+                    return "failed starting FTP server";
+                }
+                printf ("* pid ftp => %d %d\n", $pid, $pid2) if($verbose);
+                $run{'ftp'}="$pid $pid2";
+            }
+            if(!$run{'ftps'}) {
+                ($pid, $pid2) = runftpsserver($verbose);
+                if($pid <= 0) {
+                    return "failed starting FTPS server (stunnel)";
+                }
+                logmsg sprintf("* pid ftps => %d %d\n", $pid, $pid2)
+                    if($verbose);
+                $run{'ftps'}="$pid $pid2";
+            }
         }
         elsif($what eq "file") {
             # we support it but have no server!