view release on metacpan or  search on metacpan

t/tls.t  view on Meta::CPAN

    done_testing;
    exit;
}

diag "Running TLS connection tests";

# Generate self-signed certificates
my $certdir = tempdir(CLEANUP => 1);
my $ca_key    = "$certdir/ca.key";
my $ca_cert   = "$certdir/ca.crt";
my $srv_key   = "$certdir/server.key";
my $srv_cert  = "$certdir/server.crt";
my $srv_csr   = "$certdir/server.csr";

# Generate CA
unless (system("openssl genrsa -out $ca_key 2048 2>/dev/null") == 0 &&
        system("openssl req -new -x509 -key $ca_key -out $ca_cert -days 1 -subj '/CN=Test CA' 2>/dev/null") == 0) {
    diag "Failed to generate CA cert — skipping TLS connection tests";
    done_testing;
    exit;
}

# Generate server cert signed by CA
system("openssl genrsa -out $srv_key 2048 2>/dev/null") == 0
    or die "Failed to generate server key";
system("openssl req -new -key $srv_key -out $srv_csr -subj '/CN=127.0.0.1' 2>/dev/null") == 0
    or die "Failed to generate server CSR";
system("openssl x509 -req -in $srv_csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -out $srv_cert -days 1 2>/dev/null") == 0
    or die "Failed to sign server cert";

# Start Redis with TLS
my $tls_port = empty_port();

my $redis_pid;
eval {
    $redis_pid = fork();
    die "fork failed: $!" unless defined $redis_pid;
    if ($redis_pid == 0) {
        open STDOUT, '>/dev/null';
        open STDERR, '>/dev/null';
        exec('redis-server',
            '--port', '0',
            '--tls-port', $tls_port,
            '--tls-cert-file', $srv_cert,
            '--tls-key-file', $srv_key,
            '--tls-ca-cert-file', $ca_cert,
            '--tls-auth-clients', 'no',
            '--bind', '127.0.0.1',
            '--loglevel', 'warning',
            '--save', '',
        );
        die "exec redis-server failed: $!";
    }
};
if ($@ || !$redis_pid) {
    diag "Failed to start TLS Redis: $@";
    done_testing;
    exit;
}

# Wait for Redis to be ready (check if process is alive and port is listening)
my $ready = 0;
for (1..50) {
    # Check if the child process died (TLS not compiled, bad args, etc.)
    my $kid = waitpid($redis_pid, POSIX::WNOHANG());
    if ($kid > 0) {
        $redis_pid = undef;
        last;
    }
    # Try connecting with redis-cli over TLS
    if (system("redis-cli -h 127.0.0.1 -p $tls_port --tls --insecure PING >/dev/null 2>&1") == 0) {
        $ready = 1;
        last;
    }
    select(undef, undef, undef, 0.1);
}

unless ($ready) {
    if ($redis_pid) {
        kill 'TERM', $redis_pid;
        waitpid($redis_pid, 0);
        $redis_pid = undef;
    }
    diag "Redis TLS server failed to start (TLS may not be compiled in)";
    done_testing;
    exit;
}

END {
    if ($redis_pid) {
        kill 'TERM', $redis_pid;
        waitpid($redis_pid, 0);
    }
}

# Test: TLS connection with CA cert
{
    my ($connected, $error, $result) = (0, 0, undef);
    my $r = EV::Redis->new(
        host   => '127.0.0.1',
        port   => $tls_port,
        tls    => 1,
        tls_ca => $ca_cert,
    );
    $r->on_error(sub { $error++; $r->disconnect });
    $r->on_connect(sub {
        $connected++;
        $r->ping(sub {
            my ($res, $err) = @_;
            $result = $res;
            $r->disconnect;
        });
    });
    EV::run;

    is($connected, 1, 'TLS connection established');
    is($error, 0, 'no connection error');
    is($result, 'PONG', 'PING over TLS returns PONG');
}

# Test: SET/GET over TLS