Mercurial > hg > nginx-tests

comparison mail_imap_ssl.t @ 970:c227348453db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: simplified parallel modifications in mail tests.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 08 Jul 2016 02:21:16 +0300
parents e9064d691790
children a8b8dd6e8ae1
comparison
equal deleted inserted replaced
969:1edb092149e2 970:c227348453db
33 33
34 local $SIG{PIPE} = 'IGNORE'; 34 local $SIG{PIPE} = 'IGNORE';
35 35
36 my $t = Test::Nginx->new() 36 my $t = Test::Nginx->new()
37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') 37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl')
38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(6))->plan(12); 38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(8144))
39 ->plan(12);
39 40
40 $t->write_file_expand('nginx.conf', <<'EOF'); 41 $t->write_file_expand('nginx.conf', <<'EOF');
41 42
42 %%TEST_GLOBALS%% 43 %%TEST_GLOBALS%%
43 44
46 events { 47 events {
47 } 48 }
48 49
49 mail { 50 mail {
50 proxy_pass_error_message on; 51 proxy_pass_error_message on;
51 auth_http http://127.0.0.1:%%PORT_0%%/mail/auth; 52 auth_http http://127.0.0.1:8080/mail/auth;
52 auth_http_pass_client_cert on; 53 auth_http_pass_client_cert on;
53 54
54 ssl_certificate_key 1.example.com.key; 55 ssl_certificate_key 1.example.com.key;
55 ssl_certificate 1.example.com.crt; 56 ssl_certificate 1.example.com.crt;
56 57
57 server { 58 server {
58 listen 127.0.0.1:%%PORT_1%%; 59 listen 127.0.0.1:8142;
59 protocol imap; 60 protocol imap;
60 } 61 }
61 62
62 server { 63 server {
63 listen 127.0.0.1:%%PORT_2%% ssl; 64 listen 127.0.0.1:8143 ssl;
64 protocol imap; 65 protocol imap;
65 66
66 ssl_verify_client on; 67 ssl_verify_client on;
67 ssl_client_certificate 2.example.com.crt; 68 ssl_client_certificate 2.example.com.crt;
68 } 69 }
69 70
70 server { 71 server {
71 listen 127.0.0.1:%%PORT_3%% ssl; 72 listen 127.0.0.1:8145 ssl;
72 protocol imap; 73 protocol imap;
73 74
74 ssl_verify_client optional; 75 ssl_verify_client optional;
75 ssl_client_certificate 2.example.com.crt; 76 ssl_client_certificate 2.example.com.crt;
76 } 77 }
77 78
78 server { 79 server {
79 listen 127.0.0.1:%%PORT_4%% ssl; 80 listen 127.0.0.1:8146 ssl;
80 protocol imap; 81 protocol imap;
81 82
82 ssl_verify_client optional; 83 ssl_verify_client optional;
83 ssl_client_certificate 2.example.com.crt; 84 ssl_client_certificate 2.example.com.crt;
84 ssl_trusted_certificate 3.example.com.crt; 85 ssl_trusted_certificate 3.example.com.crt;
85 } 86 }
86 87
87 server { 88 server {
88 listen 127.0.0.1:%%PORT_5%% ssl; 89 listen 127.0.0.1:8147 ssl;
89 protocol imap; 90 protocol imap;
90 91
91 ssl_verify_client optional_no_ca; 92 ssl_verify_client optional_no_ca;
92 ssl_client_certificate 2.example.com.crt; 93 ssl_client_certificate 2.example.com.crt;
93 } 94 }
100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' 101 '$http_auth_ssl_subject:$http_auth_ssl_issuer:'
101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' 102 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:'
102 '$http_auth_ssl_cert:$http_auth_pass'; 103 '$http_auth_ssl_cert:$http_auth_pass';
103 104
104 server { 105 server {
105 listen 127.0.0.1:%%PORT_0%%; 106 listen 127.0.0.1:8080;
106 server_name localhost; 107 server_name localhost;
107 108
108 location = /mail/auth { 109 location = /mail/auth {
109 access_log auth.log test; 110 access_log auth.log test;
110 111
111 add_header Auth-Status OK; 112 add_header Auth-Status OK;
112 add_header Auth-Server 127.0.0.1; 113 add_header Auth-Server 127.0.0.1;
113 add_header Auth-Port %%PORT_6%%; 114 add_header Auth-Port %%PORT_8144%%;
114 add_header Auth-Wait 1; 115 add_header Auth-Wait 1;
115 return 204; 116 return 204;
116 } 117 }
117 } 118 }
118 } 119 }
148 SSL_error_trap => sub { die $_[1] }, 149 SSL_error_trap => sub { die $_[1] },
149 ); 150 );
150 151
151 # no ssl connection 152 # no ssl connection
152 153
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(1)); 154 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142));
154 $s->ok('plain connection'); 155 $s->ok('plain connection');
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); 156 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1"));
156 157
157 # no cert 158 # no cert
158 159
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(2), %ssl); 160 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl);
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); 161 $s->check(qr/BYE No required SSL certificate/, 'no cert');
161 162
162 # no cert with ssl_verify_client optional 163 # no cert with ssl_verify_client optional
163 164
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(3), %ssl); 165 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl);
165 $s->ok('no optional cert'); 166 $s->ok('no optional cert');
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); 167 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2"));
167 168
168 # wrong cert with ssl_verify_client optional 169 # wrong cert with ssl_verify_client optional
169 170
170 $s = Test::Nginx::IMAP->new( 171 $s = Test::Nginx::IMAP->new(
171 PeerAddr => '127.0.0.1:' . port(3), 172 PeerAddr => '127.0.0.1:' . port(8145),
172 SSL_cert_file => "$d/1.example.com.crt", 173 SSL_cert_file => "$d/1.example.com.crt",
173 SSL_key_file => "$d/1.example.com.key", 174 SSL_key_file => "$d/1.example.com.key",
174 %ssl, 175 %ssl,
175 ); 176 );
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); 177 $s->check(qr/BYE SSL certificate error/, 'bad optional cert');
177 178
178 # wrong cert with ssl_verify_client optional_no_ca 179 # wrong cert with ssl_verify_client optional_no_ca
179 180
180 $s = Test::Nginx::IMAP->new( 181 $s = Test::Nginx::IMAP->new(
181 PeerAddr => '127.0.0.1:' . port(5), 182 PeerAddr => '127.0.0.1:' . port(8147),
182 SSL_cert_file => "$d/1.example.com.crt", 183 SSL_cert_file => "$d/1.example.com.crt",
183 SSL_key_file => "$d/1.example.com.key", 184 SSL_key_file => "$d/1.example.com.key",
184 %ssl, 185 %ssl,
185 ); 186 );
186 $s->ok('bad optional_no_ca cert'); 187 $s->ok('bad optional_no_ca cert');
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); 188 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3"));
188 189
189 # matching cert with ssl_verify_client optional 190 # matching cert with ssl_verify_client optional
190 191
191 $s = Test::Nginx::IMAP->new( 192 $s = Test::Nginx::IMAP->new(
192 PeerAddr => '127.0.0.1:' . port(3), 193 PeerAddr => '127.0.0.1:' . port(8145),
193 SSL_cert_file => "$d/2.example.com.crt", 194 SSL_cert_file => "$d/2.example.com.crt",
194 SSL_key_file => "$d/2.example.com.key", 195 SSL_key_file => "$d/2.example.com.key",
195 %ssl, 196 %ssl,
196 ); 197 );
197 $s->ok('good cert'); 198 $s->ok('good cert');
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); 199 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4"));
199 200
200 # trusted cert with ssl_verify_client optional 201 # trusted cert with ssl_verify_client optional
201 202
202 $s = Test::Nginx::IMAP->new( 203 $s = Test::Nginx::IMAP->new(
203 PeerAddr => '127.0.0.1:' . port(4), 204 PeerAddr => '127.0.0.1:' . port(8146),
204 SSL_cert_file => "$d/3.example.com.crt", 205 SSL_cert_file => "$d/3.example.com.crt",
205 SSL_key_file => "$d/3.example.com.key", 206 SSL_key_file => "$d/3.example.com.key",
206 %ssl, 207 %ssl,
207 ); 208 );
208 $s->ok('trusted cert'); 209 $s->ok('trusted cert');