#!/bin/sh

# Checking if the reloaded server resume the session with secret keys for
# the session ticket processing.
# Just "1" "accepted: new session negotiated" log for the [server] service
# is expected for the first connection, and "0" for the second connection
# because the server holds keys for the session ticket processing.
# Disabling "NO_TICKET" option is required for the ticket support in OpenSSL older than 1.1.1.
# The ticket session resumption also works for the FORK model.

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 9 9<<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  [client]
  client = yes
  retry = yes
  exec = ${script_path}/execute_read
  execArgs = execute_read ${result_path}/temp.log
  connect = ${result_path}/stunnel.sock
  cert = ${script_path}/certs/client_cert.pem
EOT
}

start_server() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel_server.pid
  output = ${result_path}/stunnel_server.log
  log = overwrite

  options = -NO_TICKET
  ticketKeySecret = 6c:42:72:46:57:23:3a:3d:4b:54:2d:7b:55:4b:6e:8f:32:5c:21:6a:2e:6e:47:31:57:20:2f:75:26:7b:4d:25
  ticketMacSecret = 3f:3c:77:53:32:48:79:76:75:7a:50:33:70:65:47:27:32:79:73:7e:73:2c:21:6c:3a:6f:30:28:4c:5c:27:1f

  [server]
  accept = ${result_path}/stunnel.sock
  exec = ${script_path}/execute
  execArgs = execute 050_ticket_secrets
  cert = ${script_path}/certs/server_cert.pem
  verifyPeer = yes
  CAfile = ${script_path}/certs/PeerCerts.pem
EOT
}

if grep -q -e "OpenSSL [1-9]" "results.log"
  then
    test_log_for "050_ticket_secrets" "instances" "1" "$1" "$2" "$3" 2>> "stderr.log"
    exit $?
  else
    exit_logs "050_ticket_secrets" "skipped"
    exit 125
  fi
