#!/bin/sh
set -eux

trap 'kill -9 $server_pid $proxy_pid ||:' INT TERM EXIT

cd "${AUTOPKGTEST_TMP:-/tmp}" || exit 1

openssl req -x509 -newkey ed25519 \
  -sha256 -days 365 -nodes -subj '/CN=localhost' \
  -keyout key.pem -out cert.pem 

echo "0: $0"
case $0 in
        *-unix)
                CONNECT='-unix ./localhost'
                LISTEN="$CONNECT -unlink"
                MODE='-mode unix  -unix-directory .'
                ;;
        *-tcp)
                LISTEN='-6 -port 4433'
                CONNECT='-4 -connect localhost:4433'
                MODE='-mode tcp  -backend-cidr ::1/128'
                ;;
esac

openssl s_server -key key.pem -cert cert.pem -www $LISTEN &
server_pid=$!

snid -listen tcp:127.0.0.1:4433 $MODE &
proxy_pid=$!

[ "${WAIT:-}" ] && wait

try () {
        { echo 'GET / HTTP/1.1'; } \
		| openssl s_client $CONNECT \
                          -servername localhost \
                          -ign_eof \
                          > response.txt \
                || return 10
        grep -Ei '^HTTP/[^ ]+ 200 ok' response.txt || return 20
}

retry=0
while [ $retry -lt 3 ]; do
        try && exit
        retry=$((retry + 1))
        sleep 1
done
