Mercurial > hg > nginx-tests
annotate mail_imap_ssl.t @ 572:ca54b445d982
Tests: masked nginx bug in proxy next upstream.
When iterating through several next upstreams per a worker cycle,
a previously reported event about upstream connection error may
be improperly applied to the next upstream, thus leading to the
invalid connection error. E.g., in kqueue, where the problem is
visible, this is caused by "ev->instance" that does not tolerate
more than one next upstream at once, and kevents placed on the
kqueue separately for read and write events.
The change is to limit test case to the only one next upstream.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 14 May 2015 11:54:24 +0300 |
| parents | 907e89fba9c3 |
| children | b70df6924290 |
| rev | line source |
|---|---|
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for nginx mail imap module with ssl. |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use IO::Socket; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use MIME::Base64; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use lib 'lib'; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 use Test::Nginx::IMAP; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 select STDERR; $| = 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 select STDOUT; $| = 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 eval { require IO::Socket::SSL; }; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 local $SIG{PIPE} = 'IGNORE'; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 my $t = Test::Nginx->new() |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
541
diff
changeset
|
39 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon)->plan(12) |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 ->write_file_expand('nginx.conf', <<'EOF'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 %%TEST_GLOBALS%% |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 daemon off; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 events { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 mail { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 proxy_pass_error_message on; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 auth_http http://127.0.0.1:8080/mail/auth; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 auth_http_pass_client_cert on; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate_key 1.example.com.key; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 ssl_certificate 1.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 listen 127.0.0.1:8142; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 listen 127.0.0.1:8143 ssl; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 ssl_verify_client on; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 listen 127.0.0.1:8145 ssl; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 ssl_verify_client optional; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 listen 127.0.0.1:8146 ssl; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 ssl_verify_client optional; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 ssl_trusted_certificate 3.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 listen 127.0.0.1:8147 ssl; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 ssl_verify_client optional_no_ca; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 http { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 %%TEST_GLOBALS_HTTP%% |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 '$http_auth_ssl_cert'; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 server { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 listen 127.0.0.1:8080; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 server_name localhost; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 location = /mail/auth { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 access_log auth.log test; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 add_header Auth-Status OK; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 add_header Auth-Server 127.0.0.1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 add_header Auth-Port 8144; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 add_header Auth-Wait 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 return 204; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 EOF |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 $t->write_file('openssl.conf', <<EOF); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 [ req ] |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 default_bits = 1024 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 encrypt_key = no |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 distinguished_name = req_distinguished_name |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 [ req_distinguished_name ] |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 EOF |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 my $d = $t->testdir(); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 system('openssl req -x509 -new ' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 . ">>$d/openssl.out 2>&1") == 0 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 or die "Can't create certificate for $name: $!\n"; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
|
568
907e89fba9c3
Tests: removed TODO and try_run() checks for legacy versions.
Sergey Kandaurov <pluknet@nginx.com>
parents:
541
diff
changeset
|
140 $t->run(); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 my $cred = encode_base64("\0test\@example.com\0secret", ''); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my %ssl = ( |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 'SSL' => 1, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 'SSL_verify_mode' => 'IO::Socket::SSL::SSL_VERIFY_NONE()', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 'SSL_error_trap' => 'sub { die $_[1] }', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 # no ssl connection |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 $s->ok('plain connection'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 # no cert |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 # no cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 $s->ok('no optional cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 # wrong cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 $s = Test::Nginx::IMAP->new( |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 PeerAddr => '127.0.0.1:8145', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 SSL_cert_file => "$d/1.example.com.crt", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 SSL_key_file => "$d/1.example.com.key", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 %ssl, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 # wrong cert with ssl_verify_client optional_no_ca |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 $s = Test::Nginx::IMAP->new( |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 PeerAddr => '127.0.0.1:8147', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 SSL_cert_file => "$d/1.example.com.crt", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 SSL_key_file => "$d/1.example.com.key", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 %ssl, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
185 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
186 $s->ok('bad optional_no_ca cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
188 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 # matching cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
191 $s = Test::Nginx::IMAP->new( |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 PeerAddr => '127.0.0.1:8145', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 SSL_cert_file => "$d/2.example.com.crt", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 SSL_key_file => "$d/2.example.com.key", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 %ssl, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
196 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
197 $s->ok('good cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
199 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 # trusted cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
202 $s = Test::Nginx::IMAP->new( |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
203 PeerAddr => '127.0.0.1:8146', |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
204 SSL_cert_file => "$d/3.example.com.crt", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
205 SSL_key_file => "$d/3.example.com.key", |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 %ssl, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 $s->ok('trusted cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
209 $s->send('1 AUTHENTICATE PLAIN ' . $cred); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
210 $s->read(); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
211 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 # test auth_http request header fields with access_log |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
213 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
214 $t->stop(); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
215 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 open my $f, '<', $t->testdir() . '/' . 'auth.log' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
217 or die "Can't open auth.log: $!"; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
219 like($f->getline(), qr/^-:-:-:-:-:-:-\x0d?\x0a?$/, 'log - plain connection'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 like($f->getline(), qr/^on:NONE:-:-:-:-:-\x0d?\x0a?$/, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 'log - no cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
222 like($f->getline(), |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
223 qr!^on:FAILED:/CN=1.example.com:/CN=1.example.com:\w+:\w+:[^:]+$!, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
224 'log - bad cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 like($f->getline(), |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
226 qr!^on:SUCCESS:/CN=2.example.com:/CN=2.example.com:\w+:\w+:[^:]+$!, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
227 'log - good cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
228 like($f->getline(), |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
229 qr!^on:SUCCESS:/CN=3.example.com:/CN=3.example.com:\w+:\w+:[^:]+$!, |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
230 'log - trusted cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
231 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
232 ############################################################################### |