Mercurial > hg > nginx-tests
annotate mail_imap_ssl.t @ 1701:408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Prior to literals support in IMAP test backend (e7f0b4ca0a1a), early backend
response was treated as invalid, with subsequent proxy connection close.
Now that the connection continues successfully, this requires connection
close before nginx shutdown. Otherwise, it would wait for proxy_timeout.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 17 Jun 2021 19:52:36 +0300 |
parents | 74986ebee2fd |
children | f0a02a429a59 |
rev | line source |
---|---|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for nginx mail imap module with ssl. |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use MIME::Base64; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx::IMAP; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 eval { require IO::Socket::SSL; }; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 local $SIG{PIPE} = 'IGNORE'; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
36 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap http rewrite/) |
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
37 ->has_daemon('openssl')->plan(12) |
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
38 ->write_file_expand('nginx.conf', <<'EOF'); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 %%TEST_GLOBALS%% |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 daemon off; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 events { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 mail { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 proxy_pass_error_message on; |
1679
74986ebee2fd
Tests: added proxy_timeout in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
49 proxy_timeout 15s; |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
50 auth_http http://127.0.0.1:8080/mail/auth; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 auth_http_pass_client_cert on; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key 1.example.com.key; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate 1.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
57 listen 127.0.0.1:8142; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
62 listen 127.0.0.1:8143 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 ssl_verify_client on; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
70 listen 127.0.0.1:8145 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 ssl_verify_client optional; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
78 listen 127.0.0.1:8146 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 ssl_verify_client optional; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ssl_trusted_certificate 3.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
87 listen 127.0.0.1:8147 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 ssl_verify_client optional_no_ca; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 http { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 %%TEST_GLOBALS_HTTP%% |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
101 '$http_auth_ssl_cert:$http_auth_pass'; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
104 listen 127.0.0.1:8080; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 server_name localhost; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 location = /mail/auth { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 access_log auth.log test; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 add_header Auth-Status OK; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 add_header Auth-Server 127.0.0.1; |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
112 add_header Auth-Port %%PORT_8144%%; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 add_header Auth-Wait 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 return 204; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 EOF |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 $t->write_file('openssl.conf', <<EOF); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
123 default_bits = 2048 |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 encrypt_key = no |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 distinguished_name = req_distinguished_name |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 [ req_distinguished_name ] |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 EOF |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 my $d = $t->testdir(); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
133 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
134 . "-out $d/$name.crt -keyout $d/$name.key " |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 . ">>$d/openssl.out 2>&1") == 0 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 or die "Can't create certificate for $name: $!\n"; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 |
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
139 $t->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon); |
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
140 $t->run()->waitforsocket('127.0.0.1:' . port(8144)); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
144 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my %ssl = ( |
753
63d1b7cb974a
Tests: fixed IO::Socket::SSL options in mail_imap_ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
623
diff
changeset
|
146 SSL => 1, |
63d1b7cb974a
Tests: fixed IO::Socket::SSL options in mail_imap_ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
623
diff
changeset
|
147 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
63d1b7cb974a
Tests: fixed IO::Socket::SSL options in mail_imap_ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents:
623
diff
changeset
|
148 SSL_error_trap => sub { die $_[1] }, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 # no ssl connection |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142)); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 $s->ok('plain connection'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 # no cert |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 # no cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 $s->ok('no optional cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 # wrong cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 $s = Test::Nginx::IMAP->new( |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
171 PeerAddr => '127.0.0.1:' . port(8145), |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 SSL_cert_file => "$d/1.example.com.crt", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 SSL_key_file => "$d/1.example.com.key", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 %ssl, |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 # wrong cert with ssl_verify_client optional_no_ca |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 $s = Test::Nginx::IMAP->new( |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
181 PeerAddr => '127.0.0.1:' . port(8147), |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 SSL_cert_file => "$d/1.example.com.crt", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 SSL_key_file => "$d/1.example.com.key", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 %ssl, |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 $s->ok('bad optional_no_ca cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 # matching cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 $s = Test::Nginx::IMAP->new( |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
192 PeerAddr => '127.0.0.1:' . port(8145), |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 SSL_cert_file => "$d/2.example.com.crt", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 SSL_key_file => "$d/2.example.com.key", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 %ssl, |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 $s->ok('good cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
199 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 # trusted cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 $s = Test::Nginx::IMAP->new( |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
203 PeerAddr => '127.0.0.1:' . port(8146), |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
204 SSL_cert_file => "$d/3.example.com.crt", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
205 SSL_key_file => "$d/3.example.com.key", |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 %ssl, |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 $s->ok('trusted cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
209 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); |
1701
408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1679
diff
changeset
|
210 undef $s; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
211 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 # test auth_http request header fields with access_log |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
213 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
214 $t->stop(); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
216 my $f = $t->read_file('auth.log'); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
218 like($f, qr/^-:-:-:-:-:-:-\x0d?\x0a?:s1$/m, 'log - plain connection'); |
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
219 like($f, qr/^on:NONE:-:-:-:-:-\x0d?\x0a?:s2$/m, 'log - no cert'); |
1085
30a6fbab4e33
Tests: allow new $ssl_verify syntax.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1069
diff
changeset
|
220 like($f, qr!^on:FAILED(?:.*):(/?CN=1.example.com):\1:\w+:\w+:[^:]+:s3$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 'log - bad cert'); |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
222 like($f, qr!^on:SUCCESS:(/?CN=2.example.com):\1:\w+:\w+:[^:]+:s4$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 'log - good cert'); |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
224 like($f, qr!^on:SUCCESS:(/?CN=3.example.com):\1:\w+:\w+:[^:]+:s5$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 'log - trusted cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 ############################################################################### |