Mercurial > hg > nginx-tests
comparison mail_imap_ssl.t @ 952:e9064d691790
Tests: converted tests to run in parallel.
author | Andrey Zelenkov <zelenkov@nginx.com> |
---|---|
date | Tue, 21 Jun 2016 16:39:13 +0300 |
parents | f4189a38c3a4 |
children | c227348453db |
comparison
equal
deleted
inserted
replaced
951:9361c7eddfc1 | 952:e9064d691790 |
---|---|
33 | 33 |
34 local $SIG{PIPE} = 'IGNORE'; | 34 local $SIG{PIPE} = 'IGNORE'; |
35 | 35 |
36 my $t = Test::Nginx->new() | 36 my $t = Test::Nginx->new() |
37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') | 37 ->has(qw/mail mail_ssl imap http rewrite/)->has_daemon('openssl') |
38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon)->plan(12); | 38 ->run_daemon(\&Test::Nginx::IMAP::imap_test_daemon, port(6))->plan(12); |
39 | 39 |
40 $t->write_file_expand('nginx.conf', <<'EOF'); | 40 $t->write_file_expand('nginx.conf', <<'EOF'); |
41 | 41 |
42 %%TEST_GLOBALS%% | 42 %%TEST_GLOBALS%% |
43 | 43 |
46 events { | 46 events { |
47 } | 47 } |
48 | 48 |
49 mail { | 49 mail { |
50 proxy_pass_error_message on; | 50 proxy_pass_error_message on; |
51 auth_http http://127.0.0.1:8080/mail/auth; | 51 auth_http http://127.0.0.1:%%PORT_0%%/mail/auth; |
52 auth_http_pass_client_cert on; | 52 auth_http_pass_client_cert on; |
53 | 53 |
54 ssl_certificate_key 1.example.com.key; | 54 ssl_certificate_key 1.example.com.key; |
55 ssl_certificate 1.example.com.crt; | 55 ssl_certificate 1.example.com.crt; |
56 | 56 |
57 server { | 57 server { |
58 listen 127.0.0.1:8142; | 58 listen 127.0.0.1:%%PORT_1%%; |
59 protocol imap; | 59 protocol imap; |
60 } | 60 } |
61 | 61 |
62 server { | 62 server { |
63 listen 127.0.0.1:8143 ssl; | 63 listen 127.0.0.1:%%PORT_2%% ssl; |
64 protocol imap; | 64 protocol imap; |
65 | 65 |
66 ssl_verify_client on; | 66 ssl_verify_client on; |
67 ssl_client_certificate 2.example.com.crt; | 67 ssl_client_certificate 2.example.com.crt; |
68 } | 68 } |
69 | 69 |
70 server { | 70 server { |
71 listen 127.0.0.1:8145 ssl; | 71 listen 127.0.0.1:%%PORT_3%% ssl; |
72 protocol imap; | 72 protocol imap; |
73 | 73 |
74 ssl_verify_client optional; | 74 ssl_verify_client optional; |
75 ssl_client_certificate 2.example.com.crt; | 75 ssl_client_certificate 2.example.com.crt; |
76 } | 76 } |
77 | 77 |
78 server { | 78 server { |
79 listen 127.0.0.1:8146 ssl; | 79 listen 127.0.0.1:%%PORT_4%% ssl; |
80 protocol imap; | 80 protocol imap; |
81 | 81 |
82 ssl_verify_client optional; | 82 ssl_verify_client optional; |
83 ssl_client_certificate 2.example.com.crt; | 83 ssl_client_certificate 2.example.com.crt; |
84 ssl_trusted_certificate 3.example.com.crt; | 84 ssl_trusted_certificate 3.example.com.crt; |
85 } | 85 } |
86 | 86 |
87 server { | 87 server { |
88 listen 127.0.0.1:8147 ssl; | 88 listen 127.0.0.1:%%PORT_5%% ssl; |
89 protocol imap; | 89 protocol imap; |
90 | 90 |
91 ssl_verify_client optional_no_ca; | 91 ssl_verify_client optional_no_ca; |
92 ssl_client_certificate 2.example.com.crt; | 92 ssl_client_certificate 2.example.com.crt; |
93 } | 93 } |
100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' | 100 '$http_auth_ssl_subject:$http_auth_ssl_issuer:' |
101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' | 101 '$http_auth_ssl_serial:$http_auth_ssl_fingerprint:' |
102 '$http_auth_ssl_cert:$http_auth_pass'; | 102 '$http_auth_ssl_cert:$http_auth_pass'; |
103 | 103 |
104 server { | 104 server { |
105 listen 127.0.0.1:8080; | 105 listen 127.0.0.1:%%PORT_0%%; |
106 server_name localhost; | 106 server_name localhost; |
107 | 107 |
108 location = /mail/auth { | 108 location = /mail/auth { |
109 access_log auth.log test; | 109 access_log auth.log test; |
110 | 110 |
111 add_header Auth-Status OK; | 111 add_header Auth-Status OK; |
112 add_header Auth-Server 127.0.0.1; | 112 add_header Auth-Server 127.0.0.1; |
113 add_header Auth-Port 8144; | 113 add_header Auth-Port %%PORT_6%%; |
114 add_header Auth-Wait 1; | 114 add_header Auth-Wait 1; |
115 return 204; | 115 return 204; |
116 } | 116 } |
117 } | 117 } |
118 } | 118 } |
148 SSL_error_trap => sub { die $_[1] }, | 148 SSL_error_trap => sub { die $_[1] }, |
149 ); | 149 ); |
150 | 150 |
151 # no ssl connection | 151 # no ssl connection |
152 | 152 |
153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8142'); | 153 my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(1)); |
154 $s->ok('plain connection'); | 154 $s->ok('plain connection'); |
155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); | 155 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); |
156 | 156 |
157 # no cert | 157 # no cert |
158 | 158 |
159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8143', %ssl); | 159 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(2), %ssl); |
160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); | 160 $s->check(qr/BYE No required SSL certificate/, 'no cert'); |
161 | 161 |
162 # no cert with ssl_verify_client optional | 162 # no cert with ssl_verify_client optional |
163 | 163 |
164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:8145', %ssl); | 164 $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(3), %ssl); |
165 $s->ok('no optional cert'); | 165 $s->ok('no optional cert'); |
166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); | 166 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); |
167 | 167 |
168 # wrong cert with ssl_verify_client optional | 168 # wrong cert with ssl_verify_client optional |
169 | 169 |
170 $s = Test::Nginx::IMAP->new( | 170 $s = Test::Nginx::IMAP->new( |
171 PeerAddr => '127.0.0.1:8145', | 171 PeerAddr => '127.0.0.1:' . port(3), |
172 SSL_cert_file => "$d/1.example.com.crt", | 172 SSL_cert_file => "$d/1.example.com.crt", |
173 SSL_key_file => "$d/1.example.com.key", | 173 SSL_key_file => "$d/1.example.com.key", |
174 %ssl, | 174 %ssl, |
175 ); | 175 ); |
176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); | 176 $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); |
177 | 177 |
178 # wrong cert with ssl_verify_client optional_no_ca | 178 # wrong cert with ssl_verify_client optional_no_ca |
179 | 179 |
180 $s = Test::Nginx::IMAP->new( | 180 $s = Test::Nginx::IMAP->new( |
181 PeerAddr => '127.0.0.1:8147', | 181 PeerAddr => '127.0.0.1:' . port(5), |
182 SSL_cert_file => "$d/1.example.com.crt", | 182 SSL_cert_file => "$d/1.example.com.crt", |
183 SSL_key_file => "$d/1.example.com.key", | 183 SSL_key_file => "$d/1.example.com.key", |
184 %ssl, | 184 %ssl, |
185 ); | 185 ); |
186 $s->ok('bad optional_no_ca cert'); | 186 $s->ok('bad optional_no_ca cert'); |
187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); | 187 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); |
188 | 188 |
189 # matching cert with ssl_verify_client optional | 189 # matching cert with ssl_verify_client optional |
190 | 190 |
191 $s = Test::Nginx::IMAP->new( | 191 $s = Test::Nginx::IMAP->new( |
192 PeerAddr => '127.0.0.1:8145', | 192 PeerAddr => '127.0.0.1:' . port(3), |
193 SSL_cert_file => "$d/2.example.com.crt", | 193 SSL_cert_file => "$d/2.example.com.crt", |
194 SSL_key_file => "$d/2.example.com.key", | 194 SSL_key_file => "$d/2.example.com.key", |
195 %ssl, | 195 %ssl, |
196 ); | 196 ); |
197 $s->ok('good cert'); | 197 $s->ok('good cert'); |
198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); | 198 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); |
199 | 199 |
200 # trusted cert with ssl_verify_client optional | 200 # trusted cert with ssl_verify_client optional |
201 | 201 |
202 $s = Test::Nginx::IMAP->new( | 202 $s = Test::Nginx::IMAP->new( |
203 PeerAddr => '127.0.0.1:8146', | 203 PeerAddr => '127.0.0.1:' . port(4), |
204 SSL_cert_file => "$d/3.example.com.crt", | 204 SSL_cert_file => "$d/3.example.com.crt", |
205 SSL_key_file => "$d/3.example.com.key", | 205 SSL_key_file => "$d/3.example.com.key", |
206 %ssl, | 206 %ssl, |
207 ); | 207 ); |
208 $s->ok('trusted cert'); | 208 $s->ok('trusted cert'); |