Mercurial > hg > nginx-tests
comparison mail_imap_ssl.t @ 872:a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
The requests could be logged out-of-order in nginx running on Solaris.
As such, do not rely on ordered logging in tasting access.log records.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 18 Mar 2016 12:42:41 +0300 |
| parents | 55ca38e1a3d9 |
| children | f4189a38c3a4 |
comparison
equal
deleted
inserted
replaced
| 871:f693b0aea20f | 872:a07734ecb988 |
|---|---|
| 99 %%TEST_GLOBALS_HTTP%% | 99 %%TEST_GLOBALS_HTTP%% |
| 100 | 100 |
| 101 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' | 101 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
| 102 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' | 102 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
| 103 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' | 103 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
| 104 '$http_auth_ssl_cert'; | 104 '$http_auth_ssl_cert:$http_auth_pass'; |
| 105 | 105 |
| 106 server { | 106 server { |
| 107 listen 127.0.0.1:8080; | 107 listen 127.0.0.1:8080; |
| 108 server_name localhost; | 108 server_name localhost; |
| 109 | 109 |
| 141 | 141 |
| 142 $t->run(); | 142 $t->run(); |
| 143 | 143 |
| 144 ############################################################################### | 144 ############################################################################### |
| 145 | 145 |
| 146 my $cred = encode_base64("\0test\@example.com\0secret", ''); | 146 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; |
| 147 my %ssl = ( | 147 my %ssl = ( |
| 148 SSL => 1, | 148 SSL => 1, |
| 149 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 149 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
| 150 SSL_error_trap => sub { die $_[1] }, | 150 SSL_error_trap => sub { die $_[1] }, |
| 151 ); | 151 ); |
| 152 | 152 |
| 153 # no ssl connection | 153 # no ssl connection |
| 154 | 154 |
| 155 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); | 155 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); |
| 156 $s->ok('plain connection'); | 156 $s->ok('plain connection'); |
| 157 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 157 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
| 158 | 158 |
| 159 # no cert | 159 # no cert |
| 160 | 160 |
| 161 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); | 161 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); |
| 162 $s->check(qr/BYE No required SSL certificate/, 'no cert'); | 162 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
| 163 | 163 |
| 164 # no cert with ssl_verify_client optional | 164 # no cert with ssl_verify_client optional |
| 165 | 165 |
| 166 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); | 166 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); |
| 167 $s->ok('no optional cert'); | 167 $s->ok('no optional cert'); |
| 168 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 168 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
| 169 | 169 |
| 170 # wrong cert with ssl_verify_client optional | 170 # wrong cert with ssl_verify_client optional |
| 171 | 171 |
| 172 $s = Test::Nginx::IMAP->new( | 172 $s = Test::Nginx::IMAP->new( |
| 173 PeerAddr => '127.0.0.1:8145', | 173 PeerAddr => '127.0.0.1:8145', |
| 184 SSL_cert_file => "$d/1.example.com.crt", | 184 SSL_cert_file => "$d/1.example.com.crt", |
| 185 SSL_key_file => "$d/1.example.com.key", | 185 SSL_key_file => "$d/1.example.com.key", |
| 186 %ssl, | 186 %ssl, |
| 187 ); | 187 ); |
| 188 $s->ok('bad optional_no_ca cert'); | 188 $s->ok('bad optional_no_ca cert'); |
| 189 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 189 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
| 190 | 190 |
| 191 # matching cert with ssl_verify_client optional | 191 # matching cert with ssl_verify_client optional |
| 192 | 192 |
| 193 $s = Test::Nginx::IMAP->new( | 193 $s = Test::Nginx::IMAP->new( |
| 194 PeerAddr => '127.0.0.1:8145', | 194 PeerAddr => '127.0.0.1:8145', |
| 195 SSL_cert_file => "$d/2.example.com.crt", | 195 SSL_cert_file => "$d/2.example.com.crt", |
| 196 SSL_key_file => "$d/2.example.com.key", | 196 SSL_key_file => "$d/2.example.com.key", |
| 197 %ssl, | 197 %ssl, |
| 198 ); | 198 ); |
| 199 $s->ok('good cert'); | 199 $s->ok('good cert'); |
| 200 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 200 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
| 201 | 201 |
| 202 # trusted cert with ssl_verify_client optional | 202 # trusted cert with ssl_verify_client optional |
| 203 | 203 |
| 204 $s = Test::Nginx::IMAP->new( | 204 $s = Test::Nginx::IMAP->new( |
| 205 PeerAddr => '127.0.0.1:8146', | 205 PeerAddr => '127.0.0.1:8146', |
| 206 SSL_cert_file => "$d/3.example.com.crt", | 206 SSL_cert_file => "$d/3.example.com.crt", |
| 207 SSL_key_file => "$d/3.example.com.key", | 207 SSL_key_file => "$d/3.example.com.key", |
| 208 %ssl, | 208 %ssl, |
| 209 ); | 209 ); |
| 210 $s->ok('trusted cert'); | 210 $s->ok('trusted cert'); |
| 211 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 211 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); |
| 212 $s->read(); | 212 $s->read(); |
| 213 | 213 |
| 214 # test auth_http request header fields with access_log | 214 # test auth_http request header fields with access_log |
| 215 | 215 |
| 216 $t->stop(); | 216 $t->stop(); |
| 217 | 217 |
| 218 open my $f, '<', $t->testdir() . '/' . 'auth.log' | 218 my $f = $t->read_file('auth.log'); |
| 219 or die "Can't open auth.log: $!"; | 219 |
| 220 | 220 like($f, qr/^-:-:-:-:-:-:-\x0d?\x0a?:s1$/m, 'log - plain connection'); |
| 221 like($f->getline(), qr/^-:-:-:-:-:-:-\x0d?\x0a?$/, 'log - plain connection'); | 221 like($f, qr/^on:NONE:-:-:-:-:-\x0d?\x0a?:s2$/m, 'log - no cert'); |
| 222 like($f->getline(), qr/^on:NONE:-:-:-:-:-\x0d?\x0a?$/, | 222 like($f, qr!^on:FAILED:/CN=1.example.com:/CN=1.example.com:\w+:\w+:[^:]+:s3$!m, |
| 223 'log - no cert'); | |
| 224 like($f->getline(), | |
| 225 qr!^on:FAILED:/CN=1.example.com:/CN=1.example.com:\w+:\w+:[^:]+$!, | |
| 226 'log - bad cert'); | 223 'log - bad cert'); |
| 227 like($f->getline(), | 224 like($f, qr!^on:SUCCESS:/CN=2.example.com:/CN=2.example.com:\w+:\w+:[^:]+:s4$!m, |
| 228 qr!^on:SUCCESS:/CN=2.example.com:/CN=2.example.com:\w+:\w+:[^:]+$!, | |
| 229 'log - good cert'); | 225 'log - good cert'); |
| 230 like($f->getline(), | 226 like($f, qr!^on:SUCCESS:/CN=3.example.com:/CN=3.example.com:\w+:\w+:[^:]+:s5$!m, |
| 231 qr!^on:SUCCESS:/CN=3.example.com:/CN=3.example.com:\w+:\w+:[^:]+$!, | |
| 232 'log - trusted cert'); | 227 'log - trusted cert'); |
| 233 | 228 |
| 234 ############################################################################### | 229 ############################################################################### |