Mercurial > hg > nginx-tests
annotate mail_imap_ssl.t @ 1940:aec72dcee93b
Tests: unconditional QUIC datagram expansion with Initial packets.
Used to get rid of "quic UDP datagram is too small for initial packet" messages.
In future, we may need this to reconsider to allow mocking with custom padding,
but for now suppressing such messages is sufficiently good enough.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 11 Dec 2023 14:01:49 +0400 |
parents | 2a0a6035a1af |
children | 84f4d4930835 |
rev | line source |
---|---|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for nginx mail imap module with ssl. |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use MIME::Base64; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx::IMAP; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 local $SIG{PIPE} = 'IGNORE'; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1724
diff
changeset
|
31 my $t = Test::Nginx->new() |
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1724
diff
changeset
|
32 ->has(qw/mail mail_ssl imap http rewrite socket_ssl_sslversion/) |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
33 ->has_daemon('openssl')->plan(13) |
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
34 ->write_file_expand('nginx.conf', <<'EOF'); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 %%TEST_GLOBALS%% |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 daemon off; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 events { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 mail { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 proxy_pass_error_message on; |
1679
74986ebee2fd
Tests: added proxy_timeout in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
45 proxy_timeout 15s; |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
46 auth_http http://127.0.0.1:8080/mail/auth; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 auth_http_pass_client_cert on; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_certificate_key 1.example.com.key; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate 1.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server { |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
53 listen 127.0.0.1:8143; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server { |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
58 listen 127.0.0.1:8993 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_verify_client on; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 server { |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
66 listen 127.0.0.1:8994 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_verify_client optional; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
74 listen 127.0.0.1:8995 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_verify_client optional; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_trusted_certificate 3.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server { |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
83 listen 127.0.0.1:8996 ssl; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 protocol imap; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ssl_verify_client optional_no_ca; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_client_certificate 2.example.com.crt; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 http { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 %%TEST_GLOBALS_HTTP%% |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
97 '$http_auth_ssl_cert:$http_auth_pass'; |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
98 log_format test2 '$http_auth_ssl_cipher:$http_auth_ssl_protocol'; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 server { |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
101 listen 127.0.0.1:8080; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 server_name localhost; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 location = /mail/auth { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 access_log auth.log test; |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
106 access_log auth2.log test2; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 add_header Auth-Status OK; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 add_header Auth-Server 127.0.0.1; |
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
110 add_header Auth-Port %%PORT_8144%%; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 add_header Auth-Wait 1; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 return 204; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 EOF |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 $t->write_file('openssl.conf', <<EOF); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 [ req ] |
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
121 default_bits = 2048 |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 encrypt_key = no |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 distinguished_name = req_distinguished_name |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 [ req_distinguished_name ] |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 EOF |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 my $d = $t->testdir(); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
131 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
132 . "-out $d/$name.crt -keyout $d/$name.key " |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 . ">>$d/openssl.out 2>&1") == 0 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 or die "Can't create certificate for $name: $!\n"; |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 } |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
137 $t->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon); |
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
138 $t->run()->waitforsocket('127.0.0.1:' . port(8144)); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 ############################################################################### |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
142 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 # no ssl connection |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
146 my $s = Test::Nginx::IMAP->new(); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $s->ok('plain connection'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
148 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 # no cert |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
152 $s = Test::Nginx::IMAP->new(SSL => 1); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 # no cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
157 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 $s->ok('no optional cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
159 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 # wrong cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = Test::Nginx::IMAP->new( |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
164 PeerAddr => '127.0.0.1:' . port(8995), |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
165 SSL => 1, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 SSL_cert_file => "$d/1.example.com.crt", |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
167 SSL_key_file => "$d/1.example.com.key" |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 # wrong cert with ssl_verify_client optional_no_ca |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 $s = Test::Nginx::IMAP->new( |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
174 PeerAddr => '127.0.0.1:' . port(8996), |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
175 SSL => 1, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 SSL_cert_file => "$d/1.example.com.crt", |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
177 SSL_key_file => "$d/1.example.com.key" |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 $s->ok('bad optional_no_ca cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
180 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 # matching cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 $s = Test::Nginx::IMAP->new( |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
185 PeerAddr => '127.0.0.1:' . port(8995), |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
186 SSL => 1, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 SSL_cert_file => "$d/2.example.com.crt", |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
188 SSL_key_file => "$d/2.example.com.key" |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 $s->ok('good cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
191 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 # trusted cert with ssl_verify_client optional |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 $s = Test::Nginx::IMAP->new( |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
196 PeerAddr => '127.0.0.1:' . port(8995), |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
197 SSL => 1, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 SSL_cert_file => "$d/3.example.com.crt", |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
199 SSL_key_file => "$d/3.example.com.key" |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 ); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 $s->ok('trusted cert'); |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
202 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); |
1702
f0a02a429a59
Tests: fixed spurious mail_imap_ssl.t failures after 408fe0dd3fed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1701
diff
changeset
|
203 $s->read(); |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
204 |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
205 # Auth-SSL-Protocol and Auth-SSL-Cipher headers |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
206 |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
207 my ($cipher, $sslversion); |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
208 |
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
209 $s = Test::Nginx::IMAP->new(SSL => 1); |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
210 $cipher = $s->socket()->get_cipher(); |
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
211 $sslversion = $s->socket()->get_sslversion(); |
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1724
diff
changeset
|
212 $sslversion =~ s/_/./; |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
213 |
1701
408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1679
diff
changeset
|
214 undef $s; |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 # test auth_http request header fields with access_log |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 $t->stop(); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
219 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
220 my $f = $t->read_file('auth.log'); |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 |
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
222 like($f, qr/^-:-:-:-:-:-:-\x0d?\x0a?:s1$/m, 'log - plain connection'); |
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
223 like($f, qr/^on:NONE:-:-:-:-:-\x0d?\x0a?:s2$/m, 'log - no cert'); |
1085
30a6fbab4e33
Tests: allow new $ssl_verify syntax.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1069
diff
changeset
|
224 like($f, qr!^on:FAILED(?:.*):(/?CN=1.example.com):\1:\w+:\w+:[^:]+:s3$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 'log - bad cert'); |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
226 like($f, qr!^on:SUCCESS:(/?CN=2.example.com):\1:\w+:\w+:[^:]+:s4$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 'log - good cert'); |
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
228 like($f, qr!^on:SUCCESS:(/?CN=3.example.com):\1:\w+:\w+:[^:]+:s5$!m, |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
229 'log - trusted cert'); |
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 |
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
231 $f = $t->read_file('auth2.log'); |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
232 like($f, qr|^$cipher:$sslversion$|m, 'log - cipher sslversion'); |
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
233 |
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
234 ############################################################################### |