# HG changeset patch # User Maxim Dounin # Date 1684422430 -10800 # Node ID 7681a970f6bd1b21d9735052801f9e24f143f74d # Parent 7b7b64569f55637e52558c636d44c54e0913edbe Tests: simplified mail_imap_ssl.t. The test now uses improved IO::Socket::SSL infrastructure in Test::Nginx::IMAP. While here, fixed incorrect port being used for the "trusted cert" test. diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t --- a/mail_imap_ssl.t +++ b/mail_imap_ssl.t @@ -50,12 +50,12 @@ mail { ssl_certificate 1.example.com.crt; server { - listen 127.0.0.1:8142; + listen 127.0.0.1:8143; protocol imap; } server { - listen 127.0.0.1:8143 ssl; + listen 127.0.0.1:8993 ssl; protocol imap; ssl_verify_client on; @@ -63,7 +63,7 @@ mail { } server { - listen 127.0.0.1:8145 ssl; + listen 127.0.0.1:8994 ssl; protocol imap; ssl_verify_client optional; @@ -71,7 +71,7 @@ mail { } server { - listen 127.0.0.1:8146 ssl; + listen 127.0.0.1:8995 ssl; protocol imap; ssl_verify_client optional; @@ -80,7 +80,7 @@ mail { } server { - listen 127.0.0.1:8147 ssl; + listen 127.0.0.1:8996 ssl; protocol imap; ssl_verify_client optional_no_ca; @@ -140,46 +140,41 @@ foreach my $name ('1.example.com', '2.ex ############################################################################### my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') }; -my %ssl = ( - SSL => 1, - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] }, -); # no ssl connection -my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142)); +my $s = Test::Nginx::IMAP->new(); $s->ok('plain connection'); $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1")); # no cert -$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl); +$s = Test::Nginx::IMAP->new(SSL => 1); $s->check(qr/BYE No required SSL certificate/, 'no cert'); # no cert with ssl_verify_client optional -$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl); +$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1); $s->ok('no optional cert'); $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2")); # wrong cert with ssl_verify_client optional $s = Test::Nginx::IMAP->new( - PeerAddr => '127.0.0.1:' . port(8145), + PeerAddr => '127.0.0.1:' . port(8995), + SSL => 1, SSL_cert_file => "$d/1.example.com.crt", - SSL_key_file => "$d/1.example.com.key", - %ssl, + SSL_key_file => "$d/1.example.com.key" ); $s->check(qr/BYE SSL certificate error/, 'bad optional cert'); # wrong cert with ssl_verify_client optional_no_ca $s = Test::Nginx::IMAP->new( - PeerAddr => '127.0.0.1:' . port(8147), + PeerAddr => '127.0.0.1:' . port(8996), + SSL => 1, SSL_cert_file => "$d/1.example.com.crt", - SSL_key_file => "$d/1.example.com.key", - %ssl, + SSL_key_file => "$d/1.example.com.key" ); $s->ok('bad optional_no_ca cert'); $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3")); @@ -187,10 +182,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr # matching cert with ssl_verify_client optional $s = Test::Nginx::IMAP->new( - PeerAddr => '127.0.0.1:' . port(8145), + PeerAddr => '127.0.0.1:' . port(8995), + SSL => 1, SSL_cert_file => "$d/2.example.com.crt", - SSL_key_file => "$d/2.example.com.key", - %ssl, + SSL_key_file => "$d/2.example.com.key" ); $s->ok('good cert'); $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4")); @@ -198,10 +193,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr # trusted cert with ssl_verify_client optional $s = Test::Nginx::IMAP->new( - PeerAddr => '127.0.0.1:' . port(8146), + PeerAddr => '127.0.0.1:' . port(8995), + SSL => 1, SSL_cert_file => "$d/3.example.com.crt", - SSL_key_file => "$d/3.example.com.key", - %ssl, + SSL_key_file => "$d/3.example.com.key" ); $s->ok('trusted cert'); $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5")); @@ -211,9 +206,9 @@ my $s = Test::Nginx::IMAP->new(PeerAddr my ($cipher, $sslversion); -$s = get_ssl_socket(8143); -$cipher = $s->get_cipher(); -$sslversion = $s->get_sslversion(); +$s = Test::Nginx::IMAP->new(SSL => 1); +$cipher = $s->socket()->get_cipher(); +$sslversion = $s->socket()->get_sslversion(); $sslversion =~ s/_/./; undef $s; @@ -242,31 +237,3 @@ like($f, qr|^$cipher:$sslversion$|m, 'lo } ############################################################################### - -sub get_ssl_socket { - my ($port) = @_; - my $s; - - eval { - local $SIG{ALRM} = sub { die "timeout\n" }; - local $SIG{PIPE} = sub { die "sigpipe\n" }; - alarm(8); - $s = IO::Socket::SSL->new( - Proto => 'tcp', - PeerAddr => '127.0.0.1:' . port($port), - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), - SSL_error_trap => sub { die $_[1] } - ); - alarm(0); - }; - alarm(0); - - if ($@) { - log_in("died: $@"); - return undef; - } - - return $s; -} - -###############################################################################