Create session.pem without Internet connectivity

Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.

NEWS

@@ -1,6 +1,7 @@
 
 ### SSLsplit master
 
+-   Unit tests (make test) no longer require Internet connectivity.
 -   Add experimental support for pf on Mac OS X 10.7+ (issue #15).
 -   Also build ipfw NAT engine if pf is detected to support pf divert-to.
 -   Fix file descriptor leak in passthrough mode (-P) after SSL errors.

README

@@ -30,8 +30,6 @@ the various NAT engines.
 
 SSLsplit depends on the OpenSSL and libevent 2.x libraries.
 The build depends on GNU make and a POSIX.2 environment in `PATH`.
-The (optional) unit tests depend on check and on Internet connectivity.
-The latter is necessary to create an SSL session for testing.
 
 SSLsplit currently supports the following operating systems and NAT mechanisms:
 -   FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr

extra/pki/GNUmakefile

@@ -101,15 +101,15 @@ targets: rsa.crt
 		>targets/wildcard.roe.ch.pem
 	$(RM) targets/wildcard.roe.ch.{key,csr,crt} rsa.srl
 
-# openssl s_server cannot be easily controlled from scripts; it is
-# more robust to just connect to a real server to create a session
+# localhost network connectivity is required
 session.pem:
-	( \
-	echo 'GET /test/SSLsplit-$(VERSION) HTTP/1.1'; \
-	echo 'Host: daniel.roe.ch'; \
-	echo 'Connection: close'; \
-	echo ) | $(OPENSSL) s_client -connect daniel.roe.ch:443 \
-		-quiet -crlf -no_ign_eof -sess_out $@ >/dev/null 2>&1
+	openssl s_server -accept 44443 -cert server.pem -quiet -no_ssl2 \
+		>/dev/null 2>&1 & \
+		pid=$$! ; \
+		sleep 1 ; \
+		echo Q | $(OPENSSL) s_client -connect localhost:44443 \
+			-quiet -no_ign_eof -sess_out $@ >/dev/null 2>&1 ; \
+		kill $$pid
 	test -r $@
 
 clean: