SSLproxy/tests/testproxy/GNUmakefile

PROJECT_ROOT= ../..
TESTPROXY:= ~/.cargo/bin/testproxy

TESTPROXY_VERSION=$(shell $(TESTPROXY) -V)
ifneq ($(TESTPROXY_VERSION),testproxy 0.0.4)
$(error Use Testproxy v0.0.4 with this version of SSLproxy, found $(TESTPROXY_VERSION))
endif

ifeq ($(findstring -DWITHOUT_USERAUTH,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "Features: ")),-DWITHOUT_USERAUTH)
$(error End-to-end tests need UserAuth enabled, disable WITHOUT_USERAUTH feature in main makefile and try again)
endif

all: test

buildsslproxy:
	$(MAKE) -C $(PROJECT_ROOT)

buildlp:
	$(MAKE) -C lp

# XXX: How to build sslproxy before setting the vars? Otherwise, we depend on the main makefile to have already built it.
test: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "SSL/TLS protocol availability")
test: TLS11=$(findstring tls11,$(SSL_PROTOS))
test: TLS13=$(findstring tls13,$(SSL_PROTOS))
test: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)
test: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)
test: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody
test: TESTHARNESS=$(if $(TLS13),testharness.json,testharness_no_tls13.json)
test: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_no_tls11.json)
test: buildsslproxy buildlp
	sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody
	sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)
	$(TESTPROXY) -f $(TESTHARNESS) -l 4
	sudo pkill sslproxy
	sudo pkill lp

test_split: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "SSL/TLS protocol availability")
test_split: TLS11=$(findstring tls11,$(SSL_PROTOS))
test_split: TLS13=$(findstring tls13,$(SSL_PROTOS))
test_split: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)
test_split: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)
test_split: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -n -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody
test_split: TESTHARNESS=$(if $(TLS13),testharness_split.json,testharness_split_no_tls13.json)
test_split: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_split_no_tls11.json)
test_split: buildsslproxy buildlp
	sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody
	sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)
	$(TESTPROXY) -f $(TESTHARNESS) -l 4
	sudo pkill sslproxy
	sudo pkill lp

travis: test

clean:
	$(MAKE) -C $(PROJECT_ROOT) clean
	$(MAKE) -C lp clean

FORCE:

.PHONY: all clean buildsslproxy buildlp test test_split travis
Move main.mk under Mk folder and improve make files 2020-06-23 10:00:05 +00:00			`PROJECT_ROOT= ../..`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`TESTPROXY:= ~/.cargo/bin/testproxy`

Use Testproxy v0.0.3 2020-06-21 10:10:27 +00:00			`TESTPROXY_VERSION=$(shell $(TESTPROXY) -V)`
Add e2e tests for filtering rules End-to-end tests now require testproxy v0.0.4, which supports the new Reconnect command for the Pass filtering rule. Split mode with the -n option also supports filtering rules, so the Divert rule can enable the divert mode even with the -n option. This is because the purpose of the -n option is to convert sslproxy into an sslsplit, and we want to support filtering rules in sslsplit-like sslproxy too. 2021-09-24 23:41:40 +00:00			`ifneq ($(TESTPROXY_VERSION),testproxy 0.0.4)`
			`$(error Use Testproxy v0.0.4 with this version of SSLproxy, found $(TESTPROXY_VERSION))`
Use Testproxy v0.0.3 2020-06-21 10:10:27 +00:00			`endif`

Restructure passsite filter data structure Now we don't go over all of the passsite rules in a linked list trying to apply passsite to the sni or common names of a conn. Instead, we now have user+keyword, keyword, ip, and all lists. For example, if we find the conn user in the user+keyword list and a passsite in that list matches, we don't look into other lists. This change is expected to improve the performance of passsite processing considerably, because in the earlier implementation we had to go over all of the passsite rules trying to match passsite. And this solution uses a correct data structure, even if not the best. For example, each user or keyword in passsite rules is strdup()'ed only once. Note that a better solution could use, say, a hash table for users, instead of a linked list. But hash tables are not suitable for keywords or sites, because we search for substring matches with them, not exact matches. Also, this fixes passsite rules without any filters defined, i.e. to be applied to all connections. Also, now e2e tests error exit if WITHOUT_USERAUTH is enabled. E2e tests require UserAuth enabled. 2021-09-07 09:29:49 +00:00			`ifeq ($(findstring -DWITHOUT_USERAUTH,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 \| grep "Features: ")),-DWITHOUT_USERAUTH)`
			`$(error End-to-end tests need UserAuth enabled, disable WITHOUT_USERAUTH feature in main makefile and try again)`
			`endif`

Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`all: test`

			`buildsslproxy:`
Detect tls protos using output of sslproxy -V But this is not going to work, because LibreSSL 2.7.4 says it supports tls10, but SSL handshake fails if testproxy e2e tests for tls10 are enabled. 2020-04-05 13:50:54 +00:00			`$(MAKE) -C $(PROJECT_ROOT)`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00
			`buildlp:`
			`$(MAKE) -C lp`

Detect tls protos using output of sslproxy -V But this is not going to work, because LibreSSL 2.7.4 says it supports tls10, but SSL handshake fails if testproxy e2e tests for tls10 are enabled. 2020-04-05 13:50:54 +00:00			`# XXX: How to build sslproxy before setting the vars? Otherwise, we depend on the main makefile to have already built it.`
Move main.mk under Mk folder and improve make files 2020-06-23 10:00:05 +00:00			`test: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 \| grep "SSL/TLS protocol availability")`
Detect tls protos using output of sslproxy -V But this is not going to work, because LibreSSL 2.7.4 says it supports tls10, but SSL handshake fails if testproxy e2e tests for tls10 are enabled. 2020-04-05 13:50:54 +00:00			`test: TLS11=$(findstring tls11,$(SSL_PROTOS))`
Fix travis for ssl libs without tls13, add no_tls13 e2e tests 2020-06-20 20:21:00 +00:00			`test: TLS13=$(findstring tls13,$(SSL_PROTOS))`
			`test: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)`
			`test: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)`
Move main.mk under Mk folder and improve make files 2020-06-23 10:00:05 +00:00			`test: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody`
Fix travis for ssl libs without tls13, add no_tls13 e2e tests 2020-06-20 20:21:00 +00:00			`test: TESTHARNESS=$(if $(TLS13),testharness.json,testharness_no_tls13.json)`
			`test: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_no_tls11.json)`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`test: buildsslproxy buildlp`
Try fix sudo env 2020-04-02 17:51:44 +00:00			`sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody`
Detect tls protos using output of sslproxy -V But this is not going to work, because LibreSSL 2.7.4 says it supports tls10, but SSL handshake fails if testproxy e2e tests for tls10 are enabled. 2020-04-05 13:50:54 +00:00			`sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)`
			`$(TESTPROXY) -f $(TESTHARNESS) -l 4`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`sudo pkill sslproxy`
			`sudo pkill lp`

Add split mode of operation similar to SSLsplit The -n command line option enables split mode for all proxyspecs, effectively making sslproxy behave like sslsplit. Divert option can be set/unset globally and per-proxyspec. Add e2e tests for split mode, and update make file for tests accordingly. Update documentation accordingly. Improve code reuse, remove duplicate functions. This change deserves a release of its own, hence v0.8.4. 2021-08-28 18:54:15 +00:00			`test_split: SSL_PROTOS=$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 \| grep "SSL/TLS protocol availability")`
			`test_split: TLS11=$(findstring tls11,$(SSL_PROTOS))`
			`test_split: TLS13=$(findstring tls13,$(SSL_PROTOS))`
			`test_split: SSLPROXY_CONF=$(if $(TLS13),sslproxy.conf,sslproxy_no_tls13.conf)`
			`test_split: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf)`
			`test_split: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -n -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody`
			`test_split: TESTHARNESS=$(if $(TLS13),testharness_split.json,testharness_split_no_tls13.json)`
			`test_split: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_split_no_tls11.json)`
Add e2e tests for filtering rules End-to-end tests now require testproxy v0.0.4, which supports the new Reconnect command for the Pass filtering rule. Split mode with the -n option also supports filtering rules, so the Divert rule can enable the divert mode even with the -n option. This is because the purpose of the -n option is to convert sslproxy into an sslsplit, and we want to support filtering rules in sslsplit-like sslproxy too. 2021-09-24 23:41:40 +00:00			`test_split: buildsslproxy buildlp`
			`sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody`
Add split mode of operation similar to SSLsplit The -n command line option enables split mode for all proxyspecs, effectively making sslproxy behave like sslsplit. Divert option can be set/unset globally and per-proxyspec. Add e2e tests for split mode, and update make file for tests accordingly. Update documentation accordingly. Improve code reuse, remove duplicate functions. This change deserves a release of its own, hence v0.8.4. 2021-08-28 18:54:15 +00:00			`sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND)`
			`$(TESTPROXY) -f $(TESTHARNESS) -l 4`
			`sudo pkill sslproxy`
Add e2e tests for filtering rules End-to-end tests now require testproxy v0.0.4, which supports the new Reconnect command for the Pass filtering rule. Split mode with the -n option also supports filtering rules, so the Divert rule can enable the divert mode even with the -n option. This is because the purpose of the -n option is to convert sslproxy into an sslsplit, and we want to support filtering rules in sslsplit-like sslproxy too. 2021-09-24 23:41:40 +00:00			`sudo pkill lp`
Add split mode of operation similar to SSLsplit The -n command line option enables split mode for all proxyspecs, effectively making sslproxy behave like sslsplit. Divert option can be set/unset globally and per-proxyspec. Add e2e tests for split mode, and update make file for tests accordingly. Update documentation accordingly. Improve code reuse, remove duplicate functions. This change deserves a release of its own, hence v0.8.4. 2021-08-28 18:54:15 +00:00
Do not export vars to the shell, instead create a main.mk and include it when needed Otherwise it is almost impossible to stop var redefinitions in successive builds 2020-03-31 12:59:53 +00:00			`travis: test`

Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`clean:`
Detect tls protos using output of sslproxy -V But this is not going to work, because LibreSSL 2.7.4 says it supports tls10, but SSL handshake fails if testproxy e2e tests for tls10 are enabled. 2020-04-05 13:50:54 +00:00			`$(MAKE) -C $(PROJECT_ROOT) clean`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00			`$(MAKE) -C lp clean`

			`FORCE:`

Add split mode of operation similar to SSLsplit The -n command line option enables split mode for all proxyspecs, effectively making sslproxy behave like sslsplit. Divert option can be set/unset globally and per-proxyspec. Add e2e tests for split mode, and update make file for tests accordingly. Update documentation accordingly. Improve code reuse, remove duplicate functions. This change deserves a release of its own, hence v0.8.4. 2021-08-28 18:54:15 +00:00			`.PHONY: all clean buildsslproxy buildlp test test_split travis`
Create make file to automate testproxy e2e tests Move lp under testproxy 2020-03-31 08:24:46 +00:00