Mercurial > hg > nginx-tests
comparison mail_imap_ssl.t @ 970:c227348453db
Tests: simplified parallel modifications in mail tests.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 08 Jul 2016 02:21:16 +0300 |
parents | e9064d691790 |
children | a8b8dd6e8ae1 |
comparison
equal
deleted
inserted
replaced
969:1edb092149e2 | 970:c227348453db |
---|---|
33 | 33 |
34 local $SIG{PIPE} = 'IGNORE'; | 34 local $SIG{PIPE} = 'IGNORE'; |
35 | 35 |
36 my $t = Test::Nginx->new() | 36 my $t = Test::Nginx->new() |
37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') | 37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') |
38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(6))->plan(12); | 38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(8144)) |
39 ->plan(12); | |
39 | 40 |
40 $t->write_file_expand('nginx.conf', <<'EOF'); | 41 $t->write_file_expand('nginx.conf', <<'EOF'); |
41 | 42 |
42 %%TEST_GLOBALS%% | 43 %%TEST_GLOBALS%% |
43 | 44 |
46 events { | 47 events { |
47 } | 48 } |
48 | 49 |
49 mail { | 50 mail { |
50 proxy_pass_error_message on; | 51 proxy_pass_error_message on; |
51 auth_http http://127.0.0.1:%%PORT_0%%/mail/auth; | 52 auth_http http://127.0.0.1:8080/mail/auth; |
52 auth_http_pass_client_cert on; | 53 auth_http_pass_client_cert on; |
53 | 54 |
54 ssl_certificate_key 1.example.com.key; | 55 ssl_certificate_key 1.example.com.key; |
55 ssl_certificate 1.example.com.crt; | 56 ssl_certificate 1.example.com.crt; |
56 | 57 |
57 server { | 58 server { |
58 listen 127.0.0.1:%%PORT_1%%; | 59 listen 127.0.0.1:8142; |
59 protocol imap; | 60 protocol imap; |
60 } | 61 } |
61 | 62 |
62 server { | 63 server { |
63 listen 127.0.0.1:%%PORT_2%% ssl; | 64 listen 127.0.0.1:8143 ssl; |
64 protocol imap; | 65 protocol imap; |
65 | 66 |
66 ssl_verify_client on; | 67 ssl_verify_client on; |
67 ssl_client_certificate 2.example.com.crt; | 68 ssl_client_certificate 2.example.com.crt; |
68 } | 69 } |
69 | 70 |
70 server { | 71 server { |
71 listen 127.0.0.1:%%PORT_3%% ssl; | 72 listen 127.0.0.1:8145 ssl; |
72 protocol imap; | 73 protocol imap; |
73 | 74 |
74 ssl_verify_client optional; | 75 ssl_verify_client optional; |
75 ssl_client_certificate 2.example.com.crt; | 76 ssl_client_certificate 2.example.com.crt; |
76 } | 77 } |
77 | 78 |
78 server { | 79 server { |
79 listen 127.0.0.1:%%PORT_4%% ssl; | 80 listen 127.0.0.1:8146 ssl; |
80 protocol imap; | 81 protocol imap; |
81 | 82 |
82 ssl_verify_client optional; | 83 ssl_verify_client optional; |
83 ssl_client_certificate 2.example.com.crt; | 84 ssl_client_certificate 2.example.com.crt; |
84 ssl_trusted_certificate 3.example.com.crt; | 85 ssl_trusted_certificate 3.example.com.crt; |
85 } | 86 } |
86 | 87 |
87 server { | 88 server { |
88 listen 127.0.0.1:%%PORT_5%% ssl; | 89 listen 127.0.0.1:8147 ssl; |
89 protocol imap; | 90 protocol imap; |
90 | 91 |
91 ssl_verify_client optional_no_ca; | 92 ssl_verify_client optional_no_ca; |
92 ssl_client_certificate 2.example.com.crt; | 93 ssl_client_certificate 2.example.com.crt; |
93 } | 94 } |
100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' | 101 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' | 102 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
102 '$http_auth_ssl_cert:$http_auth_pass'; | 103 '$http_auth_ssl_cert:$http_auth_pass'; |
103 | 104 |
104 server { | 105 server { |
105 listen 127.0.0.1:%%PORT_0%%; | 106 listen 127.0.0.1:8080; |
106 server_name localhost; | 107 server_name localhost; |
107 | 108 |
108 location = /mail/auth { | 109 location = /mail/auth { |
109 access_log auth.log test; | 110 access_log auth.log test; |
110 | 111 |
111 add_header Auth-Status OK; | 112 add_header Auth-Status OK; |
112 add_header Auth-Server 127.0.0.1; | 113 add_header Auth-Server 127.0.0.1; |
113 add_header Auth-Port %%PORT_6%%; | 114 add_header Auth-Port %%PORT_8144%%; |
114 add_header Auth-Wait 1; | 115 add_header Auth-Wait 1; |
115 return 204; | 116 return 204; |
116 } | 117 } |
117 } | 118 } |
118 } | 119 } |
148 SSL_error_trap => sub { die $_[1] }, | 149 SSL_error_trap => sub { die $_[1] }, |
149 ); | 150 ); |
150 | 151 |
151 # no ssl connection | 152 # no ssl connection |
152 | 153 |
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(1)); | 154 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142)); |
154 $s->ok('plain connection'); | 155 $s->ok('plain connection'); |
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); | 156 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
156 | 157 |
157 # no cert | 158 # no cert |
158 | 159 |
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(2), %ssl); | 160 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl); |
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); | 161 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
161 | 162 |
162 # no cert with ssl_verify_client optional | 163 # no cert with ssl_verify_client optional |
163 | 164 |
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(3), %ssl); | 165 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl); |
165 $s->ok('no optional cert'); | 166 $s->ok('no optional cert'); |
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); | 167 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
167 | 168 |
168 # wrong cert with ssl_verify_client optional | 169 # wrong cert with ssl_verify_client optional |
169 | 170 |
170 $s = Test::Nginx::IMAP->new( | 171 $s = Test::Nginx::IMAP->new( |
171 PeerAddr => '127.0.0.1:' . port(3), | 172 PeerAddr => '127.0.0.1:' . port(8145), |
172 SSL_cert_file => "$d/1.example.com.crt", | 173 SSL_cert_file => "$d/1.example.com.crt", |
173 SSL_key_file => "$d/1.example.com.key", | 174 SSL_key_file => "$d/1.example.com.key", |
174 %ssl, | 175 %ssl, |
175 ); | 176 ); |
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); | 177 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
177 | 178 |
178 # wrong cert with ssl_verify_client optional_no_ca | 179 # wrong cert with ssl_verify_client optional_no_ca |
179 | 180 |
180 $s = Test::Nginx::IMAP->new( | 181 $s = Test::Nginx::IMAP->new( |
181 PeerAddr => '127.0.0.1:' . port(5), | 182 PeerAddr => '127.0.0.1:' . port(8147), |
182 SSL_cert_file => "$d/1.example.com.crt", | 183 SSL_cert_file => "$d/1.example.com.crt", |
183 SSL_key_file => "$d/1.example.com.key", | 184 SSL_key_file => "$d/1.example.com.key", |
184 %ssl, | 185 %ssl, |
185 ); | 186 ); |
186 $s->ok('bad optional_no_ca cert'); | 187 $s->ok('bad optional_no_ca cert'); |
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); | 188 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
188 | 189 |
189 # matching cert with ssl_verify_client optional | 190 # matching cert with ssl_verify_client optional |
190 | 191 |
191 $s = Test::Nginx::IMAP->new( | 192 $s = Test::Nginx::IMAP->new( |
192 PeerAddr => '127.0.0.1:' . port(3), | 193 PeerAddr => '127.0.0.1:' . port(8145), |
193 SSL_cert_file => "$d/2.example.com.crt", | 194 SSL_cert_file => "$d/2.example.com.crt", |
194 SSL_key_file => "$d/2.example.com.key", | 195 SSL_key_file => "$d/2.example.com.key", |
195 %ssl, | 196 %ssl, |
196 ); | 197 ); |
197 $s->ok('good cert'); | 198 $s->ok('good cert'); |
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); | 199 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
199 | 200 |
200 # trusted cert with ssl_verify_client optional | 201 # trusted cert with ssl_verify_client optional |
201 | 202 |
202 $s = Test::Nginx::IMAP->new( | 203 $s = Test::Nginx::IMAP->new( |
203 PeerAddr => '127.0.0.1:' . port(4), | 204 PeerAddr => '127.0.0.1:' . port(8146), |
204 SSL_cert_file => "$d/3.example.com.crt", | 205 SSL_cert_file => "$d/3.example.com.crt", |
205 SSL_key_file => "$d/3.example.com.key", | 206 SSL_key_file => "$d/3.example.com.key", |
206 %ssl, | 207 %ssl, |
207 ); | 208 ); |
208 $s->ok('trusted cert'); | 209 $s->ok('trusted cert'); |