From a171b3ca5eaea1e271095d0a082e84ca670ba935 Mon Sep 17 00:00:00 2001
From: Dave Miller <justdave@bugzilla.org>
Date: Thu, 4 Jan 2024 16:04:00 -0500
Subject: [PATCH] Bug 1851398: Allow testserver.pl to work with self-signed
 certs (#101)

* Bug 1851398: Allow testserver.pl to work with self-signed certs, and properly test dependencies for https.
* Backports the existing fix from bug 662161 on trunk to the Harmony branch.
---
 testserver.pl | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/testserver.pl b/testserver.pl
index 3869942093..415d373ce2 100755
--- a/testserver.pl
+++ b/testserver.pl
@@ -25,13 +25,17 @@
 
 eval "require LWP; require LWP::UserAgent;";
 my $lwp = $@ ? 0 : 1;
+eval "require LWP::Protocol::https;";
+my $lwpssl = $@ ? 0 : 1;
 
-if ((@ARGV != 1) || ($ARGV[0] !~ /^https?:/)) {
-  print "Usage: $0 <URL to this Bugzilla installation>\n";
+if ((@ARGV < 1) || (@ARGV > 2) || ($ARGV[0] !~ /^https?:/i) || (defined($ARGV[1]) && $ARGV[1] ne '--self-signed')) {
+  print "Usage: $0 <URL to this Bugzilla installation> [--self-signed]\n";
   print "e.g.:  $0 http://www.mycompany.com/bugzilla\n";
+  print "\n";
+  print "Pass --self-signed to prevent hostname verification of SSL certificates if needed.";
   exit(1);
 }
-
+my $selfsigned = defined($ARGV[1]) ? 1 : 0;
 
 # Try to determine the GID used by the web server.
 my @pscmds
@@ -213,13 +217,25 @@ sub fetch {
   my $url = shift;
   my $rtn;
   if ($lwp) {
-    my $req = HTTP::Request->new(GET => $url);
-    my $ua  = LWP::UserAgent->new;
-    my $res = $ua->request($req);
-    $rtn = ($res->is_success ? $res->content : undef);
+    if ($url =~ /^https:/i && !$lwpssl) {
+      die ("You need LWP::Protocol::https installed to use https with testserver.pl");
+    } else {
+      my $req = HTTP::Request->new(GET => $url);
+      my $ua  = LWP::UserAgent->new;
+      $ua->ssl_opts( verify_hostname => 0 ) if $selfsigned;
+      my $res = $ua->request($req);
+      if (!$res->is_success) {
+        my $errstr = $res->status_line;
+        print $errstr . "\n";
+        if ($errstr =~ m/certificate/) {
+          say "Try passing --self-signed to skip certificate checks."
+        }
+      }
+      $rtn = ($res->is_success ? $res->content : undef);
+    }
   }
   elsif ($url =~ /^https:/i) {
-    die("You need LWP installed to use https with testserver.pl");
+    die("You need LWP (and LWP::Protocol::https, for LWP 6.02 or newer) installed to use https with testserver.pl");
   }
   else {
     my ($host, $port, $file) = ('', 80, '');