Mercurial > hg > nginx-tests
comparison mail_imap_ssl.t @ 872:a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
The requests could be logged out-of-order in nginx running on Solaris.
As such, do not rely on ordered logging in tasting access.log records.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 18 Mar 2016 12:42:41 +0300 |
parents | 55ca38e1a3d9 |
children | f4189a38c3a4 |
comparison
equal
deleted
inserted
replaced
871:f693b0aea20f | 872:a07734ecb988 |
---|---|
99 %%TEST_GLOBALS_HTTP%% | 99 %%TEST_GLOBALS_HTTP%% |
100 | 100 |
101 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' | 101 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
102 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' | 102 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
103 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' | 103 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
104 '$http_auth_ssl_cert'; | 104 '$http_auth_ssl_cert:$http_auth_pass'; |
105 | 105 |
106 server { | 106 server { |
107 listen 127.0.0.1:8080; | 107 listen 127.0.0.1:8080; |
108 server_name localhost; | 108 server_name localhost; |
109 | 109 |
141 | 141 |
142 $t->run(); | 142 $t->run(); |
143 | 143 |
144 ############################################################################### | 144 ############################################################################### |
145 | 145 |
146 my $cred = encode_base64("\0test\@example.com\0secret", ''); | 146 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; |
147 my %ssl = ( | 147 my %ssl = ( |
148 SSL => 1, | 148 SSL => 1, |
149 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), | 149 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
150 SSL_error_trap => sub { die $_[1] }, | 150 SSL_error_trap => sub { die $_[1] }, |
151 ); | 151 ); |
152 | 152 |
153 # no ssl connection | 153 # no ssl connection |
154 | 154 |
155 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); | 155 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); |
156 $s->ok('plain connection'); | 156 $s->ok('plain connection'); |
157 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 157 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
158 | 158 |
159 # no cert | 159 # no cert |
160 | 160 |
161 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); | 161 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); |
162 $s->check(qr/BYE No required SSL certificate/, 'no cert'); | 162 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
163 | 163 |
164 # no cert with ssl_verify_client optional | 164 # no cert with ssl_verify_client optional |
165 | 165 |
166 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); | 166 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); |
167 $s->ok('no optional cert'); | 167 $s->ok('no optional cert'); |
168 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 168 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
169 | 169 |
170 # wrong cert with ssl_verify_client optional | 170 # wrong cert with ssl_verify_client optional |
171 | 171 |
172 $s = Test::Nginx::IMAP->new( | 172 $s = Test::Nginx::IMAP->new( |
173 PeerAddr => '127.0.0.1:8145', | 173 PeerAddr => '127.0.0.1:8145', |
184 SSL_cert_file => "$d/1.example.com.crt", | 184 SSL_cert_file => "$d/1.example.com.crt", |
185 SSL_key_file => "$d/1.example.com.key", | 185 SSL_key_file => "$d/1.example.com.key", |
186 %ssl, | 186 %ssl, |
187 ); | 187 ); |
188 $s->ok('bad optional_no_ca cert'); | 188 $s->ok('bad optional_no_ca cert'); |
189 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 189 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
190 | 190 |
191 # matching cert with ssl_verify_client optional | 191 # matching cert with ssl_verify_client optional |
192 | 192 |
193 $s = Test::Nginx::IMAP->new( | 193 $s = Test::Nginx::IMAP->new( |
194 PeerAddr => '127.0.0.1:8145', | 194 PeerAddr => '127.0.0.1:8145', |
195 SSL_cert_file => "$d/2.example.com.crt", | 195 SSL_cert_file => "$d/2.example.com.crt", |
196 SSL_key_file => "$d/2.example.com.key", | 196 SSL_key_file => "$d/2.example.com.key", |
197 %ssl, | 197 %ssl, |
198 ); | 198 ); |
199 $s->ok('good cert'); | 199 $s->ok('good cert'); |
200 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 200 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
201 | 201 |
202 # trusted cert with ssl_verify_client optional | 202 # trusted cert with ssl_verify_client optional |
203 | 203 |
204 $s = Test::Nginx::IMAP->new( | 204 $s = Test::Nginx::IMAP->new( |
205 PeerAddr => '127.0.0.1:8146', | 205 PeerAddr => '127.0.0.1:8146', |
206 SSL_cert_file => "$d/3.example.com.crt", | 206 SSL_cert_file => "$d/3.example.com.crt", |
207 SSL_key_file => "$d/3.example.com.key", | 207 SSL_key_file => "$d/3.example.com.key", |
208 %ssl, | 208 %ssl, |
209 ); | 209 ); |
210 $s->ok('trusted cert'); | 210 $s->ok('trusted cert'); |
211 $s->send('1 AUTHENTICATE PLAIN ' . $cred); | 211 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); |
212 $s->read(); | 212 $s->read(); |
213 | 213 |
214 # test auth_http request header fields with access_log | 214 # test auth_http request header fields with access_log |
215 | 215 |
216 $t->stop(); | 216 $t->stop(); |
217 | 217 |
218 open my $f, '<', $t->testdir() . '/' . 'auth.log' | 218 my $f = $t->read_file('auth.log'); |
219 or die "Can't open auth.log: $!"; | 219 |
220 | 220 like($f, qr/^-:-:-:-:-:-:-\x0d?\x0a?:s1$/m, 'log - plain connection'); |
221 like($f->getline(), qr/^-:-:-:-:-:-:-\x0d?\x0a?$/, 'log - plain connection'); | 221 like($f, qr/^on:NONE:-:-:-:-:-\x0d?\x0a?:s2$/m, 'log - no cert'); |
222 like($f->getline(), qr/^on:NONE:-:-:-:-:-\x0d?\x0a?$/, | 222 like($f, qr!^on:FAILED:/CN=1.example.com:/CN=1.example.com:\w+:\w+:[^:]+:s3$!m, |
223 'log - no cert'); | |
224 like($f->getline(), | |
225 qr!^on:FAILED:/CN=1.example.com:/CN=1.example.com:\w+:\w+:[^:]+$!, | |
226 'log - bad cert'); | 223 'log - bad cert'); |
227 like($f->getline(), | 224 like($f, qr!^on:SUCCESS:/CN=2.example.com:/CN=2.example.com:\w+:\w+:[^:]+:s4$!m, |
228 qr!^on:SUCCESS:/CN=2.example.com:/CN=2.example.com:\w+:\w+:[^:]+$!, | |
229 'log - good cert'); | 225 'log - good cert'); |
230 like($f->getline(), | 226 like($f, qr!^on:SUCCESS:/CN=3.example.com:/CN=3.example.com:\w+:\w+:[^:]+:s5$!m, |
231 qr!^on:SUCCESS:/CN=3.example.com:/CN=3.example.com:\w+:\w+:[^:]+$!, | |
232 'log - trusted cert'); | 227 'log - trusted cert'); |
233 | 228 |
234 ############################################################################### | 229 ############################################################################### |