Mercurial > hg > nginx-tests
comparison mail_ssl_conf_command.t @ 1861:7b7b64569f55
Tests: reworked mail SSL tests to use IO::Socket::SSL.
Relevant infrastructure is provided in Test::Nginx::IMAP (and also POP3
and SMTP for completeness). This also ensures that SSL handshake and
various read operations are guarded with timeouts.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 May 2023 18:07:08 +0300 |
parents | 58951cf933e1 |
children | 3cae7b54841e |
comparison
equal
deleted
inserted
replaced
1860:58951cf933e1 | 1861:7b7b64569f55 |
---|---|
14 | 14 |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | 15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
16 | 16 |
17 use lib 'lib'; | 17 use lib 'lib'; |
18 use Test::Nginx; | 18 use Test::Nginx; |
19 use Test::Nginx::IMAP; | |
19 | 20 |
20 ############################################################################### | 21 ############################################################################### |
21 | 22 |
22 select STDERR; $| = 1; | 23 select STDERR; $| = 1; |
23 select STDOUT; $| = 1; | 24 select STDOUT; $| = 1; |
24 | 25 |
25 local $SIG{PIPE} = 'IGNORE'; | 26 local $SIG{PIPE} = 'IGNORE'; |
26 | 27 |
27 eval { | 28 my $t = Test::Nginx->new() |
28 require Net::SSLeay; | 29 ->has(qw/mail mail_ssl imap openssl:1.0.2 socket_ssl_reused/) |
29 Net::SSLeay::load_error_strings(); | |
30 Net::SSLeay::SSLeay_add_ssl_algorithms(); | |
31 Net::SSLeay::randomize(); | |
32 }; | |
33 plan(skip_all => 'Net::SSLeay not installed') if $@; | |
34 | |
35 my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap openssl:1.0.2/) | |
36 ->has_daemon('openssl'); | 30 ->has_daemon('openssl'); |
37 | 31 |
38 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); | 32 plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL'); |
39 | 33 |
40 $t->write_file_expand('nginx.conf', <<'EOF'); | 34 $t->write_file_expand('nginx.conf', <<'EOF'); |
48 | 42 |
49 mail { | 43 mail { |
50 auth_http http://127.0.0.1:8080; # unused | 44 auth_http http://127.0.0.1:8080; # unused |
51 | 45 |
52 server { | 46 server { |
53 listen 127.0.0.1:8443 ssl; | 47 listen 127.0.0.1:8993 ssl; |
54 protocol imap; | 48 protocol imap; |
55 | 49 |
56 ssl_protocols TLSv1.2; | 50 ssl_protocols TLSv1.2; |
57 | 51 |
58 ssl_session_tickets off; | 52 ssl_session_tickets off; |
91 | 85 |
92 $t->run()->plan(3); | 86 $t->run()->plan(3); |
93 | 87 |
94 ############################################################################### | 88 ############################################################################### |
95 | 89 |
96 my $ctx = Net::SSLeay::CTX_new() or die("Failed to create SSL_CTX $!"); | 90 my $s; |
97 | 91 |
98 my ($s, $ssl) = get_ssl_socket(); | 92 $s = Test::Nginx::IMAP->new( |
99 like(Net::SSLeay::dump_peer_certificate($ssl), qr/CN=override/, 'Certificate'); | 93 SSL => 1, |
94 SSL_session_cache_size => 100 | |
95 ); | |
96 $s->read(); | |
100 | 97 |
101 my $ses = Net::SSLeay::get_session($ssl); | 98 like($s->socket()->dump_peer_certificate(), qr/CN=override/, 'Certificate'); |
102 ($s, $ssl) = get_ssl_socket(ses => $ses); | |
103 ok(Net::SSLeay::session_reused($ssl), 'SessionTicket'); | |
104 | 99 |
105 ($s, $ssl) = get_ssl_socket(ciphers => | 100 $s = Test::Nginx::IMAP->new( |
106 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'); | 101 SSL => 1, |
107 is(Net::SSLeay::get_cipher($ssl), | 102 SSL_reuse_ctx => $s->socket() |
103 ); | |
104 ok($s->socket()->get_session_reused(), 'SessionTicket'); | |
105 | |
106 $s = Test::Nginx::IMAP->new( | |
107 SSL => 1, | |
108 SSL_cipher_list => | |
109 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384' | |
110 ); | |
111 is($s->socket()->get_cipher(), | |
108 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); | 112 'ECDHE-RSA-AES128-GCM-SHA256', 'ServerPreference'); |
109 | 113 |
110 ############################################################################### | 114 ############################################################################### |
111 | |
112 sub get_ssl_socket { | |
113 my (%extra) = @_; | |
114 | |
115 my $s = IO::Socket::INET->new('127.0.0.1:' . port(8443)); | |
116 my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!"); | |
117 Net::SSLeay::set_session($ssl, $extra{ses}) if $extra{ses}; | |
118 Net::SSLeay::set_cipher_list($ssl, $extra{ciphers}) if $extra{ciphers}; | |
119 Net::SSLeay::set_fd($ssl, fileno($s)); | |
120 Net::SSLeay::connect($ssl) or die("ssl connect"); | |
121 return ($s, $ssl); | |
122 } | |
123 | |
124 ############################################################################### |