#!/bin/sh

# Checking if redirect TLS client connections works properly when the session is resumed.
# Redirect TLS client connections on certificate-based authentication failures.
# [client_1] -> [server_1] -> [client_2] -> [server_2]
# Exactly "2" "accepted: new session negotiated" logs for [server_1]
# and [server_2] services are expected, because the client presents the wrong certificate.

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  [client_1]
  client = yes
  retry = yes
  exec = ${script_path}/execute_read
  execArgs = execute_read ${result_path}/temp.log
  connect = 127.0.0.1:${https1}
  ;cert = ${script_path}/certs/client_cert.pem
;wrong certificate
  cert = ${script_path}/certs/stunnel.pem

  [client_2]
  client = yes
  accept = 127.0.0.1:${http2}
  connect = 127.0.0.1:${https2}

  [server_1]
  accept = 127.0.0.1:${https1}
  exec = ${script_path}/execute
  execArgs = execute 047_resume_redirect_error
  redirect = ${http2}
  cert = ${script_path}/certs/server_cert.pem
  verifyPeer = yes
  CAfile = ${script_path}/certs/PeerCerts.pem

  [server_2]
  accept = 127.0.0.1:${https2}
  cert = ${script_path}/certs/server_cert.pem
  exec = ${script_path}/execute
  execArgs = execute 047_resume_redirect
EOT
}

if ! grep -q "FORK" "results.log"
  then
    test_log_for "047_resume_redirect" "session" "2" "$1" "$2" "$3" 2>> "stderr.log"
    exit $?
  else # the resumption of the session does not work for the FORK model
    exit_logs "047_resume_redirect" "skipped"
    exit 125
  fi
exit $?
