Mercurial > hg > nginx-tests
annotate mail_imap_ssl.t @ 1965:84f4d4930835
Tests: relaxed mail_imap_ssl.t cipher matching.
Previously, exact match between cipher name in the log and the one from
IO::Socket:SSL was needed, which might not be the case if nginx and
Net::SSLeay are compiled with different SSL libraries, notably LibreSSL
(which uses names like AEAD-AES256-GCM-SHA384 till 3.5.0), and
OpenSSL or BoringSSL (which use TLS_AES_256_GCM_SHA384). In particular,
this affects macOS, where Net::SSLeay compiled with LibreSSL 3.3.6 is
shipped with the OS, while nginx is likely to be compiled with OpenSSL.
Fix is to not require exact match but instead accept properly looking names
as checked by a regular expression, similarly to how it is already tested
in ssl.t and stream_ssl_variables.t.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 06 May 2024 00:01:40 +0300 |
| parents | 2a0a6035a1af |
| children |
| rev | line source |
|---|---|
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Maxim Dounin |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Sergey Kandaurov |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 # (C) Nginx, Inc. |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 # Tests for nginx mail imap module with ssl. |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use warnings; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 use strict; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 use Test::More; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 use MIME::Base64; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 BEGIN { use FindBin; chdir($FindBin::Bin); } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use lib 'lib'; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 use Test::Nginx; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 use Test::Nginx::IMAP; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 select STDERR; $| = 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 select STDOUT; $| = 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 local $SIG{PIPE} = 'IGNORE'; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 |
|
1858
cdcd75657e52
Tests: added has_feature() tests for IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1724
diff
changeset
|
31 my $t = Test::Nginx->new() |
|
1965
84f4d4930835
Tests: relaxed mail_imap_ssl.t cipher matching.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1937
diff
changeset
|
32 ->has(qw/mail mail_ssl imap http rewrite socket_ssl/) |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
33 ->has_daemon('openssl')->plan(13) |
|
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
34 ->write_file_expand('nginx.conf', <<'EOF'); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 %%TEST_GLOBALS%% |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 daemon off; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 events { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 mail { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 proxy_pass_error_message on; |
|
1679
74986ebee2fd
Tests: added proxy_timeout in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1488
diff
changeset
|
45 proxy_timeout 15s; |
|
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
46 auth_http http://127.0.0.1:8080/mail/auth; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 auth_http_pass_client_cert on; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 ssl_certificate_key 1.example.com.key; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 ssl_certificate 1.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 server { |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
53 listen 127.0.0.1:8143; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 server { |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
58 listen 127.0.0.1:8993 ssl; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 ssl_verify_client on; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 server { |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
66 listen 127.0.0.1:8994 ssl; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 ssl_verify_client optional; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
74 listen 127.0.0.1:8995 ssl; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 ssl_verify_client optional; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 ssl_trusted_certificate 3.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 server { |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
83 listen 127.0.0.1:8996 ssl; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 protocol imap; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 ssl_verify_client optional_no_ca; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 ssl_client_certificate 2.example.com.crt; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 http { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 %%TEST_GLOBALS_HTTP%% |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 log_format test '$http_auth_ssl:$http_auth_ssl_verify:' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
97 '$http_auth_ssl_cert:$http_auth_pass'; |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
98 log_format test2 '$http_auth_ssl_cipher:$http_auth_ssl_protocol'; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 server { |
|
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
101 listen 127.0.0.1:8080; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 server_name localhost; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 location = /mail/auth { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 access_log auth.log test; |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
106 access_log auth2.log test2; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 add_header Auth-Status OK; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 add_header Auth-Server 127.0.0.1; |
|
970
c227348453db
Tests: simplified parallel modifications in mail tests.
Maxim Dounin <mdounin@mdounin.ru>
parents:
952
diff
changeset
|
110 add_header Auth-Port %%PORT_8144%%; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 add_header Auth-Wait 1; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 return 204; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 EOF |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 $t->write_file('openssl.conf', <<EOF); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 [ req ] |
|
1488
dbce8fb5f5f8
Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1220
diff
changeset
|
121 default_bits = 2048 |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 encrypt_key = no |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 distinguished_name = req_distinguished_name |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 [ req_distinguished_name ] |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 EOF |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 my $d = $t->testdir(); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 foreach my $name ('1.example.com', '2.example.com', '3.example.com') { |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 system('openssl req -x509 -new ' |
|
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
131 . "-config $d/openssl.conf -subj /CN=$name/ " |
|
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1085
diff
changeset
|
132 . "-out $d/$name.crt -keyout $d/$name.key " |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 . ">>$d/openssl.out 2>&1") == 0 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 or die "Can't create certificate for $name: $!\n"; |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 } |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 |
|
976
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
137 $t->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon); |
|
a8b8dd6e8ae1
Tests: changed startup order in mail tests for consistency.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
970
diff
changeset
|
138 $t->run()->waitforsocket('127.0.0.1:' . port(8144)); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 ############################################################################### |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
142 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 # no ssl connection |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
146 my $s = Test::Nginx::IMAP->new(); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 $s->ok('plain connection'); |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
148 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 # no cert |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
152 $s = Test::Nginx::IMAP->new(SSL => 1); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 # no cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
157 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 $s->ok('no optional cert'); |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
159 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 # wrong cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 $s = Test::Nginx::IMAP->new( |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
164 PeerAddr => '127.0.0.1:' . port(8995), |
|
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
165 SSL => 1, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 SSL_cert_file => "$d/1.example.com.crt", |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
167 SSL_key_file => "$d/1.example.com.key" |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 # wrong cert with ssl_verify_client optional_no_ca |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 $s = Test::Nginx::IMAP->new( |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
174 PeerAddr => '127.0.0.1:' . port(8996), |
|
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
175 SSL => 1, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 SSL_cert_file => "$d/1.example.com.crt", |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
177 SSL_key_file => "$d/1.example.com.key" |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 $s->ok('bad optional_no_ca cert'); |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
180 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
181 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
182 # matching cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
183 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
184 $s = Test::Nginx::IMAP->new( |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
185 PeerAddr => '127.0.0.1:' . port(8995), |
|
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
186 SSL => 1, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
187 SSL_cert_file => "$d/2.example.com.crt", |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
188 SSL_key_file => "$d/2.example.com.key" |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
189 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
190 $s->ok('good cert'); |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
191 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
192 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
193 # trusted cert with ssl_verify_client optional |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
194 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
195 $s = Test::Nginx::IMAP->new( |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
196 PeerAddr => '127.0.0.1:' . port(8995), |
|
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
197 SSL => 1, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
198 SSL_cert_file => "$d/3.example.com.crt", |
|
1862
7681a970f6bd
Tests: simplified mail_imap_ssl.t.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1858
diff
changeset
|
199 SSL_key_file => "$d/3.example.com.key" |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
200 ); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
201 $s->ok('trusted cert'); |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
202 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); |
|
1702
f0a02a429a59
Tests: fixed spurious mail_imap_ssl.t failures after 408fe0dd3fed.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1701
diff
changeset
|
203 $s->read(); |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
204 |
|
1701
408fe0dd3fed
Tests: fixed mail_imap_ssl.t too long shutdown.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1679
diff
changeset
|
205 undef $s; |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
206 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
207 # test auth_http request header fields with access_log |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
208 |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
209 $t->stop(); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
210 |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
211 my $f = $t->read_file('auth.log'); |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
212 |
|
872
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
213 like($f, qr/^-:-:-:-:-:-:-\x0d?\x0a?:s1$/m, 'log - plain connection'); |
|
a07734ecb988
Tests: fixed mail_imap_ssl.t, notably on Solaris.
Sergey Kandaurov <pluknet@nginx.com>
parents:
797
diff
changeset
|
214 like($f, qr/^on:NONE:-:-:-:-:-\x0d?\x0a?:s2$/m, 'log - no cert'); |
|
1085
30a6fbab4e33
Tests: allow new $ssl_verify syntax.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1069
diff
changeset
|
215 like($f, qr!^on:FAILED(?:.*):(/?CN=1.example.com):\1:\w+:\w+:[^:]+:s3$!m, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
216 'log - bad cert'); |
|
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
217 like($f, qr!^on:SUCCESS:(/?CN=2.example.com):\1:\w+:\w+:[^:]+:s4$!m, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
218 'log - good cert'); |
|
1069
1b11a12be179
Tests: pass both issuer/subject variable formats where appropriate.
Sergey Kandaurov <pluknet@nginx.com>
parents:
976
diff
changeset
|
219 like($f, qr!^on:SUCCESS:(/?CN=3.example.com):\1:\w+:\w+:[^:]+:s5$!m, |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
220 'log - trusted cert'); |
|
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
221 |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
222 $f = $t->read_file('auth2.log'); |
|
1965
84f4d4930835
Tests: relaxed mail_imap_ssl.t cipher matching.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1937
diff
changeset
|
223 like($f, qr/^[\w-]+:(TLS|SSL)v[\d.]+$/m, 'log - cipher sslversion'); |
|
1724
1522ab9d37b4
Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
Sergey Kandaurov <pluknet@nginx.com>
parents:
1702
diff
changeset
|
224 |
|
541
53d0d963eb40
Tests: basic imap ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
225 ############################################################################### |