Adapt 80-test_cmp_http.t and its data for random accept ports

Fixes #14694
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)

test/recipes/80-test_cmp_http.t

@@ -28,15 +28,13 @@ plan skip_all => "These tests are not supported in a no-cmp build"
     if disabled("cmp");
 plan skip_all => "These tests are not supported in a no-ec build"
     if disabled("ec");
+plan skip_all => "These tests are not supported in a no-sock build"
+    if disabled("sock");
 
 plan skip_all => "Tests involving local HTTP server not available on Windows, AIX or VMS"
     if $^O =~ /^(VMS|MSWin32|AIX)$/;
 plan skip_all => "Tests involving local HTTP server not available in cross-compile builds"
     if defined $ENV{EXE_SHELL};
-plan skip_all => "Tests involving local HTTP server require 'kill' command"
-    if system("which kill >/dev/null");
-plan skip_all => "Tests involving local HTTP server require 'lsof' command"
-    if system("which lsof >/dev/null"); # this typically excludes Solaris
 
 sub chop_dblquot { # chop any leading and trailing '"' (needed for Windows)
     my $str = shift;
@@ -65,6 +63,7 @@ my $pbm_ref;    # The reference for PBM
 my $pbm_secret; # The secret for PBM
 my $column;     # The column number of the expected result
 my $sleep = 0;  # The time to sleep between two requests
+my $server_fh;  # Server file handle
 
 # The local $server_name variables below are among others taken as the name of a
 # sub-directory with server-specific certs etc. and CA-specific config section.
@@ -131,6 +130,9 @@ sub test_cmp_http {
     my $params = shift;
     my $expected_exit = shift;
     my $path_app = bldtop_dir($app);
+    $params = [ '-server', "127.0.0.1:$server_port", @$params ]
+        unless grep { $_ eq '-server' } @$params;
+
     with({ exit_checker => sub {
         my $actual_exit = shift;
         my $OK = $actual_exit == $expected_exit;
@@ -265,28 +267,32 @@ sub load_tests {
     return \@result;
 }
 
-sub mock_server_pid {
-    return `lsof -iTCP:$server_port` =~ m/\n\S+\s+(\d+)\s+[^\n]+LISTEN/s ? $1 : 0;
-}
-
 sub start_mock_server {
     my $args = $_[0]; # optional further CLI arguments
     my $dir = bldtop_dir("");
-    my $cmd = "LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " .
-        bldtop_dir($app) . " -config server.cnf $args";
-    my $pid = mock_server_pid();
-    if ($pid) {
-        print "Mock server already running with pid=$pid\n";
-        return $pid;
-    }
+    local $ENV{LD_LIBRARY_PATH} = $dir;
+    local $ENV{DYLD_LIBRARY_PATH} = $dir;
+    my $cmd = bldtop_dir($app) . " -config server.cnf $args";
     print "Current directory is ".getcwd()."\n";
-    print "Launching mock server listening on port $server_port: $cmd\n";
-    return system("$cmd &") == 0 # start in background, check for success
-        ? (sleep 1, mock_server_pid()) : 0;
+    print "Launching mock server: $cmd\n";
+    my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd";
+    print "Pid is: $pid\n";
+    # Find out the actual server port
+    while (<$server_fh>) {
+        print;
+        s/\R$//;                # Better chomp
+        next unless (/^ACCEPT\s.*:(\d+)$/);
+        $server_port = $1;
+        $server_tls = $1;
+        $kur_port = $1;
+        $pbm_port = $1;
+        last;
+    }
+    return $pid;
 }
 
 sub stop_mock_server {
     my $pid = $_[0];
     print "Killing mock server with pid=$pid\n";
-    system("kill $pid") if $pid;
+    kill('QUIT', $pid) if $pid;
 }

test/recipes/80-test_cmp_http_data/Mock/server.cnf

 [cmp] # mock server configuration
 
-port = 1700
+# port 0 means that a random available port will be used
+port = 0
 srv_cert = server.crt
 srv_key = server.key
 srv_secret = pass:test

test/recipes/80-test_cmp_http_data/Mock/test.cnf

@@ -17,8 +17,8 @@ policies = certificatePolicies
 [Mock] # the built-in OpenSSL CMP mock server
 no_check_time = 1
 server_host = 127.0.0.1 # localhost
-server_port = 1700
-server_tls = 0
+server_port = 0
+server_tls = $server_port
 server_cert = server.crt
 server = $server_host:$server_port
 server_path = pkix/
@@ -30,8 +30,8 @@ expect_sender = $server_dn
 subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
 newkey = signer.key
 out_trusted = signer_root.crt
-kur_port = 1700
-pbm_port = 1700
+kur_port = $server_port
+pbm_port = $server_port
 pbm_ref =
 pbm_secret = pass:test
 cert = signer.crt

test/recipes/80-test_cmp_http_data/test_connection.csv

@@ -14,7 +14,7 @@ TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
 1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
 TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,
 1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,