From 1ef3032eacab60f2ed5dcfc93caeee0134351d2d Mon Sep 17 00:00:00 2001
From: David von Oheimb <dev@ddvo.net>
Date: Fri, 26 Jul 2024 15:34:05 +0200
Subject: [PATCH] 80-test_cmp_http.t: fix handling of IPv6 server host
 (localhost '::1')

Fixes 22467

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
---
 test/recipes/80-test_cmp_http.t               | 24 ++++++++++++-------
 .../80-test_cmp_http_data/Mock/test.cnf       |  4 ++--
 .../80-test_cmp_http_data/test_connection.csv |  2 +-
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 62ce1bd169063..da4b4ffc25207 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -144,7 +144,7 @@ sub test_cmp_http {
     my $title = shift;
     my $params = shift;
     my $expected_result = shift;
-    $params = [ '-server', "127.0.0.1:$server_port", @$params ]
+    $params = [ '-server', "$server_host:$server_port", @$params ]
         if ($server_name eq "Mock" && !(grep { $_ eq '-server' } @$params));
     my $cmd = app([@app, @$params]);
 
@@ -252,14 +252,15 @@ sub load_tests {
 
         next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/;
         my $noproxy = $no_proxy;
+        my $server_plain = $server_host =~ m/^\[(.*)\]$/ ? $1 : $server_host;
         if ($line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/) {
             $noproxy = $1;
-        } elsif ($server_host eq "127.0.0.1") {
+        } elsif ($server_plain eq "127.0.0.1" || $server_plain eq "::1") {
             # do connections to localhost (e.g., mock server) without proxy
-            $line =~ s{-section,,}{-section,,-no_proxy,127.0.0.1,} ;
+            $line =~ s{-section,,}{-section,,-no_proxy,$server_plain,} ;
         }
         if ($line =~ m/,\s*-proxy\s*,/) {
-            next LOOP if $no_proxy && ($noproxy =~ $server_host);
+            next LOOP if $no_proxy && ($noproxy =~ $server_plain);
         } else {
             $line =~ s{-section,,}{-section,,-proxy,$proxy,};
         }
@@ -301,27 +302,32 @@ sub start_server {
 
     if ($server_host eq '*' || $server_port == 0) {
         # Find out the actual server host and port and possibly different PID
+        my ($host, $port);
         $pid = 0;
         while (<$server_fh>) {
             print "$server_name server output: $_";
             next if m/using section/;
             s/\R$//;                # Better chomp
-            ($server_host, $server_port, $pid) = ($1, $2, $3)
+            ($host, $port, $pid) = ($1, $2, $3)
                 if /^ACCEPT\s(.*?):(\d+) PID=(\d+)$/;
             last; # Do not loop further to prevent hangs on server misbehavior
         }
-        $server_host = "[::1]" if $server_host eq "[::]";
-        $server_host = "127.0.0.1" if $server_host eq "0.0.0.0";
+        if ($server_host eq '*' && defined $host) {
+            $server_host = "[::1]"     if $host eq "[::]";
+            $server_host = "127.0.0.1" if $host eq "0.0.0.0";
+        }
+        $server_port = $port if $server_port == 0 && defined $port;
     }
-    unless ($server_port > 0) {
+    if ($server_host eq '*' || $server_port == 0) {
         stop_server($server_name, $pid) if $pid;
-        print "Cannot get expected output from the $server_name server";
+        print "Cannot get expected output from the $server_name server\n";
         return 0;
     }
     $kur_port = $server_port if $kur_port eq "\$server_port";
     $pbm_port = $server_port if $pbm_port eq "\$server_port";
     $server_tls = $server_port if $server_tls;
     return $pid;
+
 }
 
 sub stop_server {
diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
index 50ad8c517769c..4fbffb69810da 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
@@ -17,11 +17,11 @@ policies = certificatePolicies
 
 [Mock] # the built-in OpenSSL CMP mock server
 # no_check_time = 1
-server_host = 127.0.0.1 # localhost
+server_host = * # to be determined by server: 127.0.0.1 or ::1 (localhost)
 server_port = 0 # 0 means that the port is determined by the server
 server_tls = $server_port
 server_cert = server.crt
-server = $server_host:$server_port
+# server = $server_host:$server_port
 server_path = pkix/
 path = $server_path
 ca_dn = /CN=Root CA
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index d1a4bb96a8249..27932275ccdc2 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -2,7 +2,7 @@ expected,description, -section,val, -server,val, -proxy,val, -no_proxy,val, -tls
 ,Message transfer options:,,,,,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,
 1,default config, -section,,,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-disabled as not supported by some host IP configurations,server domain name, -section,, -server,localhost:_SERVER_PORT,,,,,,,,,,,,,,
+disabled as not supported by some host IP configurations,server domain name, -section,, -server,_SERVER_HOST:_SERVER_PORT,,,,,,,,,,,,,,
 ,,,,,,,,,,,,,,,,,,,
 0,wrong server, -section,, -server,xn--rksmrgs-5wao1o.example.com:_SERVER_PORT,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,
 0,wrong server port, -section,, -server,_SERVER_HOST:99,,,,,BLANK,,,, -msg_timeout,1,BLANK,,BLANK,