# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1564658566 -10800
# Node ID e1eb3432487b7decb61d81108ade1d11f244f072
# Parent  b8b92ed9048573cbb0954e678ae084ffee8b6a46
Tests: added mail resolver tests with ssl.

diff --git a/mail_resolver.t b/mail_resolver.t
--- a/mail_resolver.t
+++ b/mail_resolver.t
@@ -23,9 +23,15 @@ use Test::Nginx::SMTP;
 select STDERR; $| = 1;
 select STDOUT; $| = 1;
 
+eval { require IO::Socket::SSL; };
+plan(skip_all => 'IO::Socket::SSL not installed') if $@;
+eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
+plan(skip_all => 'IO::Socket::SSL too old') if $@;
+
 local $SIG{PIPE} = 'IGNORE';
 
-my $t = Test::Nginx->new()->has(qw/mail smtp http rewrite/)->plan(10)
+my $t = Test::Nginx->new()->has(qw/mail mail_ssl smtp http rewrite/)
+	->has_daemon('openssl')->plan(11)
 	->write_file_expand('nginx.conf', <<'EOF');
 
 %%TEST_GLOBALS%%
@@ -89,6 +95,14 @@ mail {
         resolver  127.0.0.1:%%PORT_8987_UDP%%;
     }
 
+    server {
+        ssl_certificate_key localhost.key;
+        ssl_certificate localhost.crt;
+
+        listen    127.0.0.1:8033 ssl;
+        protocol  smtp;
+        resolver  127.0.0.1:%%PORT_8983_UDP%%;
+    }
 }
 
 http {
@@ -115,6 +129,24 @@ http {
 
 EOF
 
+$t->write_file('openssl.conf', <<EOF);
+[ req ]
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+EOF
+
+my $d = $t->testdir();
+
+foreach my $name ('localhost') {
+	system('openssl req -x509 -new '
+		. "-config $d/openssl.conf -subj /CN=$name/ "
+		. "-out $d/$name.crt -keyout $d/$name.key "
+		. ">>$d/openssl.out 2>&1") == 0
+		or die "Can't create certificate for $name: $!\n";
+}
+
 $t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon);
 $t->run_daemon(\&dns_daemon, port($_), $t) foreach (8981 .. 8987);
 
@@ -260,6 +292,33 @@ local $TODO = 'support for CNAME RR';
 $s->send('QUIT');
 $s->read();
 
+# before 1.17.3, read event while in resolving resulted in duplicate resolving
+
+TODO: {
+todo_skip 'leaves coredump', 1 unless $ENV{TEST_NGINX_UNSAFE}
+	or $t->has_version('1.17.3');
+
+my %ssl = (
+	SSL => 1,
+	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+	SSL_error_trap => sub { die $_[1] },
+);
+
+$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8033), %ssl);
+$s->send('EHLO example.com');
+$s->read();
+$s->send('MAIL FROM:<test@example.com> SIZE=100');
+$s->read();
+$s->read();
+
+$s->send('RCPT TO:<test@example.com>');
+$s->check(qr/TEMPUNAVAIL/, 'PTR SSL empty');
+
+$s->send('QUIT');
+$s->read();
+
+}
+
 ###############################################################################
 
 sub reply_handler {