Mercurial > hg > nginx-tests

comparison mail_imap_ssl.t @ 952:e9064d691790

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: converted tests to run in parallel.
author Andrey Zelenkov <zelenkov@nginx.com>
date Tue, 21 Jun 2016 16:39:13 +0300
parents f4189a38c3a4
children c227348453db
comparison
equal deleted inserted replaced
951:9361c7eddfc1 952:e9064d691790
33 33
34 local $SIG{PIPE} = 'IGNORE'; 34 local $SIG{PIPE} = 'IGNORE';
35 35
36 my $t = Test::Nginx->new() 36 my $t = Test::Nginx->new()
37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') 37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl')
38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon)->plan(12); 38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(6))->plan(12);
39 39
40 $t->write_file_expand('nginx.conf', <<'EOF'); 40 $t->write_file_expand('nginx.conf', <<'EOF');
41 41
42 %%TEST_GLOBALS%% 42 %%TEST_GLOBALS%%
43 43
46 events { 46 events {
47 } 47 }
48 48
49 mail { 49 mail {
50 proxy_pass_error_message on; 50 proxy_pass_error_message on;
51 auth_http http://127.0.0.1:8080/mail/auth; 51 auth_http http://127.0.0.1:%%PORT_0%%/mail/auth;
52 auth_http_pass_client_cert on; 52 auth_http_pass_client_cert on;
53 53
54 ssl_certificate_key 1.example.com.key; 54 ssl_certificate_key 1.example.com.key;
55 ssl_certificate 1.example.com.crt; 55 ssl_certificate 1.example.com.crt;
56 56
57 server { 57 server {
58 listen 127.0.0.1:8142; 58 listen 127.0.0.1:%%PORT_1%%;
59 protocol imap; 59 protocol imap;
60 } 60 }
61 61
62 server { 62 server {
63 listen 127.0.0.1:8143 ssl; 63 listen 127.0.0.1:%%PORT_2%% ssl;
64 protocol imap; 64 protocol imap;
65 65
66 ssl_verify_client on; 66 ssl_verify_client on;
67 ssl_client_certificate 2.example.com.crt; 67 ssl_client_certificate 2.example.com.crt;
68 } 68 }
69 69
70 server { 70 server {
71 listen 127.0.0.1:8145 ssl; 71 listen 127.0.0.1:%%PORT_3%% ssl;
72 protocol imap; 72 protocol imap;
73 73
74 ssl_verify_client optional; 74 ssl_verify_client optional;
75 ssl_client_certificate 2.example.com.crt; 75 ssl_client_certificate 2.example.com.crt;
76 } 76 }
77 77
78 server { 78 server {
79 listen 127.0.0.1:8146 ssl; 79 listen 127.0.0.1:%%PORT_4%% ssl;
80 protocol imap; 80 protocol imap;
81 81
82 ssl_verify_client optional; 82 ssl_verify_client optional;
83 ssl_client_certificate 2.example.com.crt; 83 ssl_client_certificate 2.example.com.crt;
84 ssl_trusted_certificate 3.example.com.crt; 84 ssl_trusted_certificate 3.example.com.crt;
85 } 85 }
86 86
87 server { 87 server {
88 listen 127.0.0.1:8147 ssl; 88 listen 127.0.0.1:%%PORT_5%% ssl;
89 protocol imap; 89 protocol imap;
90 90
91 ssl_verify_client optional_no_ca; 91 ssl_verify_client optional_no_ca;
92 ssl_client_certificate 2.example.com.crt; 92 ssl_client_certificate 2.example.com.crt;
93 } 93 }
100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' 100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:'
101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' 101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:'
102 '$http_auth_ssl_cert:$http_auth_pass'; 102 '$http_auth_ssl_cert:$http_auth_pass';
103 103
104 server { 104 server {
105 listen 127.0.0.1:8080; 105 listen 127.0.0.1:%%PORT_0%%;
106 server_name localhost; 106 server_name localhost;
107 107
108 location = /mail/auth { 108 location = /mail/auth {
109 access_log auth.log test; 109 access_log auth.log test;
110 110
111 add_header Auth-Status OK; 111 add_header Auth-Status OK;
112 add_header Auth-Server 127.0.0.1; 112 add_header Auth-Server 127.0.0.1;
113 add_header Auth-Port 8144; 113 add_header Auth-Port %%PORT_6%%;
114 add_header Auth-Wait 1; 114 add_header Auth-Wait 1;
115 return 204; 115 return 204;
116 } 116 }
117 } 117 }
118 } 118 }
148 SSL_error_trap => sub { die $_[1] }, 148 SSL_error_trap => sub { die $_[1] },
149 ); 149 );
150 150
151 # no ssl connection 151 # no ssl connection
152 152
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); 153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(1));
154 $s->ok('plain connection'); 154 $s->ok('plain connection');
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); 155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1"));
156 156
157 # no cert 157 # no cert
158 158
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); 159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(2), %ssl);
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); 160 $s->check(qr/BYE No required SSL certificate/, 'no cert');
161 161
162 # no cert with ssl_verify_client optional 162 # no cert with ssl_verify_client optional
163 163
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); 164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(3), %ssl);
165 $s->ok('no optional cert'); 165 $s->ok('no optional cert');
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); 166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2"));
167 167
168 # wrong cert with ssl_verify_client optional 168 # wrong cert with ssl_verify_client optional
169 169
170 $s = Test::Nginx::IMAP->new( 170 $s = Test::Nginx::IMAP->new(
171 PeerAddr => '127.0.0.1:8145', 171 PeerAddr => '127.0.0.1:' . port(3),
172 SSL_cert_file => "$d/1.example.com.crt", 172 SSL_cert_file => "$d/1.example.com.crt",
173 SSL_key_file => "$d/1.example.com.key", 173 SSL_key_file => "$d/1.example.com.key",
174 %ssl, 174 %ssl,
175 ); 175 );
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); 176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert');
177 177
178 # wrong cert with ssl_verify_client optional_no_ca 178 # wrong cert with ssl_verify_client optional_no_ca
179 179
180 $s = Test::Nginx::IMAP->new( 180 $s = Test::Nginx::IMAP->new(
181 PeerAddr => '127.0.0.1:8147', 181 PeerAddr => '127.0.0.1:' . port(5),
182 SSL_cert_file => "$d/1.example.com.crt", 182 SSL_cert_file => "$d/1.example.com.crt",
183 SSL_key_file => "$d/1.example.com.key", 183 SSL_key_file => "$d/1.example.com.key",
184 %ssl, 184 %ssl,
185 ); 185 );
186 $s->ok('bad optional_no_ca cert'); 186 $s->ok('bad optional_no_ca cert');
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); 187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3"));
188 188
189 # matching cert with ssl_verify_client optional 189 # matching cert with ssl_verify_client optional
190 190
191 $s = Test::Nginx::IMAP->new( 191 $s = Test::Nginx::IMAP->new(
192 PeerAddr => '127.0.0.1:8145', 192 PeerAddr => '127.0.0.1:' . port(3),
193 SSL_cert_file => "$d/2.example.com.crt", 193 SSL_cert_file => "$d/2.example.com.crt",
194 SSL_key_file => "$d/2.example.com.key", 194 SSL_key_file => "$d/2.example.com.key",
195 %ssl, 195 %ssl,
196 ); 196 );
197 $s->ok('good cert'); 197 $s->ok('good cert');
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); 198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4"));
199 199
200 # trusted cert with ssl_verify_client optional 200 # trusted cert with ssl_verify_client optional
201 201
202 $s = Test::Nginx::IMAP->new( 202 $s = Test::Nginx::IMAP->new(
203 PeerAddr => '127.0.0.1:8146', 203 PeerAddr => '127.0.0.1:' . port(4),
204 SSL_cert_file => "$d/3.example.com.crt", 204 SSL_cert_file => "$d/3.example.com.crt",
205 SSL_key_file => "$d/3.example.com.key", 205 SSL_key_file => "$d/3.example.com.key",
206 %ssl, 206 %ssl,
207 ); 207 );
208 $s->ok('trusted cert'); 208 $s->ok('trusted cert');