Maxim Dounin
April 16, 2023 11:46PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1681702259 -10800
# Mon Apr 17 06:30:59 2023 +0300
# Node ID 072be0b91d77eb9c9ab15c20d4df04efac51106a
# Parent 20d603cd3cbeab89127108fe9cb6dffd0e9469e8
Tests: simplified mail_imap_ssl.t.

The test now uses improved IO::Socket::SSL infrastructure in Test::Nginx::IMAP.
While here, fixed incorrect port being used for the "trusted cert" test.

diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t
--- a/mail_imap_ssl.t
+++ b/mail_imap_ssl.t
@@ -50,12 +50,12 @@ mail {
ssl_certificate 1.example.com.crt;

server {
- listen 127.0.0.1:8142;
+ listen 127.0.0.1:8143;
protocol imap;
}

server {
- listen 127.0.0.1:8143 ssl;
+ listen 127.0.0.1:8993 ssl;
protocol imap;

ssl_verify_client on;
@@ -63,7 +63,7 @@ mail {
}

server {
- listen 127.0.0.1:8145 ssl;
+ listen 127.0.0.1:8994 ssl;
protocol imap;

ssl_verify_client optional;
@@ -71,7 +71,7 @@ mail {
}

server {
- listen 127.0.0.1:8146 ssl;
+ listen 127.0.0.1:8995 ssl;
protocol imap;

ssl_verify_client optional;
@@ -80,7 +80,7 @@ mail {
}

server {
- listen 127.0.0.1:8147 ssl;
+ listen 127.0.0.1:8996 ssl;
protocol imap;

ssl_verify_client optional_no_ca;
@@ -140,46 +140,41 @@ foreach my $name ('1.example.com', '2.ex
###############################################################################

my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') };
-my %ssl = (
- SSL => 1,
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] },
-);

# no ssl connection

-my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142));
+my $s = Test::Nginx::IMAP->new();
$s->ok('plain connection');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1"));

# no cert

-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl);
+$s = Test::Nginx::IMAP->new(SSL => 1);
$s->check(qr/BYE No required SSL certificate/, 'no cert');

# no cert with ssl_verify_client optional

-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl);
+$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1);
$s->ok('no optional cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2"));

# wrong cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8145),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/1.example.com.crt",
- SSL_key_file => "$d/1.example.com.key",
- %ssl,
+ SSL_key_file => "$d/1.example.com.key"
);
$s->check(qr/BYE SSL certificate error/, 'bad optional cert');

# wrong cert with ssl_verify_client optional_no_ca

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8147),
+ PeerAddr => '127.0.0.1:' . port(8996),
+ SSL => 1,
SSL_cert_file => "$d/1.example.com.crt",
- SSL_key_file => "$d/1.example.com.key",
- %ssl,
+ SSL_key_file => "$d/1.example.com.key"
);
$s->ok('bad optional_no_ca cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3"));
@@ -187,10 +182,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr
# matching cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8145),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/2.example.com.crt",
- SSL_key_file => "$d/2.example.com.key",
- %ssl,
+ SSL_key_file => "$d/2.example.com.key"
);
$s->ok('good cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4"));
@@ -198,10 +193,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr
# trusted cert with ssl_verify_client optional

$s = Test::Nginx::IMAP->new(
- PeerAddr => '127.0.0.1:' . port(8146),
+ PeerAddr => '127.0.0.1:' . port(8995),
+ SSL => 1,
SSL_cert_file => "$d/3.example.com.crt",
- SSL_key_file => "$d/3.example.com.key",
- %ssl,
+ SSL_key_file => "$d/3.example.com.key"
);
$s->ok('trusted cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5"));
@@ -211,9 +206,9 @@ my $s = Test::Nginx::IMAP->new(PeerAddr

my ($cipher, $sslversion);

-$s = get_ssl_socket(8143);
-$cipher = $s->get_cipher();
-$sslversion = $s->get_sslversion();
+$s = Test::Nginx::IMAP->new(SSL => 1);
+$cipher = $s->socket()->get_cipher();
+$sslversion = $s->socket()->get_sslversion();
$sslversion =~ s/_/./;

undef $s;
@@ -242,31 +237,3 @@ like($f, qr|^$cipher:$sslversion$|m, 'lo
}

###############################################################################
-
-sub get_ssl_socket {
- my ($port) = @_;
- my $s;
-
- eval {
- local $SIG{ALRM} = sub { die "timeout\n" };
- local $SIG{PIPE} = sub { die "sigpipe\n" };
- alarm(8);
- $s = IO::Socket::SSL->new(
- Proto => 'tcp',
- PeerAddr => '127.0.0.1:' . port($port),
- SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
- SSL_error_trap => sub { die $_[1] }
- );
- alarm(0);
- };
- alarm(0);
-
- if ($@) {
- log_in("died: $@");
- return undef;
- }
-
- return $s;
-}
-
-###############################################################################
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 00 of 11] SSL tests simplified

Maxim Dounin 588 April 16, 2023 11:46PM

[PATCH 01 of 11] Tests: SIGPIPE handling in mail tests

Maxim Dounin 105 April 16, 2023 11:46PM

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 111 April 16, 2023 11:46PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Sergey Kandaurov 115 May 03, 2023 12:22PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 116 May 03, 2023 11:58PM

[PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 110 April 16, 2023 11:46PM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Sergey Kandaurov 80 May 11, 2023 07:50AM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 102 May 14, 2023 02:54PM

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin 107 April 16, 2023 11:46PM

[PATCH 09 of 11] Tests: simplified stream SSL tests with IO::Socket::SSL

Maxim Dounin 110 April 16, 2023 11:46PM

[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 123 April 16, 2023 11:46PM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov 173 May 11, 2023 10:40AM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 104 May 14, 2023 05:12PM

[PATCH 08 of 11] Tests: reworked stream SSL tests to use IO::Socket::SSL

Maxim Dounin 113 April 16, 2023 11:46PM

[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin 107 April 16, 2023 11:46PM

[PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 112 April 16, 2023 11:46PM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Sergey Kandaurov 107 May 11, 2023 10:28AM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 125 May 18, 2023 11:18AM

[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL

Maxim Dounin 111 April 16, 2023 11:46PM

[PATCH 0 of 6] SSL tests refactoring fixes

Sergey Kandaurov 89 May 22, 2023 03:58PM

[PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Sergey Kandaurov 105 May 22, 2023 03:58PM

Re: [PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Maxim Dounin 79 May 22, 2023 04:38PM

[PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 89 May 22, 2023 03:58PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 79 May 22, 2023 07:44PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 99 May 23, 2023 06:36AM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 144 May 23, 2023 09:32AM

[PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Sergey Kandaurov 86 May 22, 2023 04:00PM

Re: [PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Maxim Dounin 84 May 22, 2023 07:52PM

[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 88 May 22, 2023 04:00PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Maxim Dounin 82 May 22, 2023 09:08PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 158 May 23, 2023 08:24AM

[PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 92 May 22, 2023 04:00PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Maxim Dounin 82 May 22, 2023 10:18PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 149 May 23, 2023 08:56AM

[PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Sergey Kandaurov 88 May 22, 2023 04:00PM

Re: [PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Maxim Dounin 76 May 22, 2023 10:40PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 213
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready