Welcome! Log In Create A New Profile

Advanced

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin
May 14, 2023 05:12PM
Hello!

On Thu, May 11, 2023 at 06:39:32PM +0400, Sergey Kandaurov wrote:

> > On 17 Apr 2023, at 07:31, Maxim Dounin <mdounin@mdounin.ru> wrote:
> >
> > # HG changeset patch
> > # User Maxim Dounin <mdounin@mdounin.ru>
> > # Date 1681702257 -10800
> > # Mon Apr 17 06:30:57 2023 +0300
> > # Node ID 20d603cd3cbeab89127108fe9cb6dffd0e9469e8
> > # Parent a8e22a3212da945e9060d4233905eb6de1399d34
> > Tests: reworked mail SSL tests to use IO::Socket::SSL.
> >
> > Relevant infrastructure is provided in Test::Nginx::IMAP (and also POP3
> > and SMTP for completeness). This also ensures that SSL handshake and
> > various read operations are guarded with timeouts.
> >
>
> [..]
>
> > diff --git a/mail_ssl_conf_command.t b/mail_ssl_conf_command.t
> > --- a/mail_ssl_conf_command.t
> > +++ b/mail_ssl_conf_command.t
> > @@ -16,6 +16,7 @@ BEGIN { use FindBin; chdir($FindBin::Bin
> >
> > use lib 'lib';
> > use Test::Nginx;
> > +use Test::Nginx::IMAP;
> >
> > ###############################################################################
> >
> > @@ -24,15 +25,8 @@ select STDOUT; $| = 1;
> >
> > local $SIG{PIPE} = 'IGNORE';
> >
> > -eval {
> > - require Net::SSLeay;
> > - Net::SSLeay::load_error_strings();
> > - Net::SSLeay::SSLeay_add_ssl_algorithms();
> > - Net::SSLeay::randomize();
> > -};
> > -plan(skip_all => 'Net::SSLeay not installed') if $@;
> > -
> > -my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap openssl:1.0.2/)
> > +my $t = Test::Nginx->new()
> > + ->has(qw/mail mail_ssl imap openssl:1.0.2 socket_ssl_reused/)
> > ->has_daemon('openssl');
> >
> > plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');
> > @@ -50,7 +44,7 @@ mail {
> > auth_http http://127.0.0.1:8080; # unused
> >
> > server {
> > - listen 127.0.0.1:8443 ssl;
> > + listen 127.0.0.1:8993 ssl;
>
> Please avoid using an upper half of 8000 .. 8999 range for TCP tests.

Still, correct port for IMAPS (IMAP over SSL) is 993, and proper
mapping to the 8xxx range would be 8993.

> The reason is a deficiency in automatic port selection used for
> parallel testing, see Test::Nginx::port(). Currently, ports are
> selected in the reversed order for TCP and UDP for a reason:
> another socket type for the same port is used as a lock.
> But that gives a race if you try to concurrently select the same
> port for both TCP and UDP.
> Currently, this is worked around by splitting the range:
> bottom half is used for TCP, upper half is used for UDP.
>
> Luckily, nginx retries bind/listen on NGX_EADDRINUSE up to 5 times,
> but this doesn't always work.

I tend to think this shouldn't be a practical issue unless the
same initial port number is used for both TCP and UDP tests. Commits
1236:93f749c1d5c5 and 1237:e4974af3fb12 suggests this was actually
the case when this split was introduced.

That is, failure to use proper port numbers matching the protocol
being tested was the real reason for the issue observed with
automatic port selection. And I would rather not use this issue
as an excuse to not use proper port numbers.

If that's will be demonstrated to be a practical problem even if
initial port numbers are different, a better solution might be to
allocate UDP ports in the 9xxx range. This will make it possible
to use proper port numbers in all cases.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 00 of 11] SSL tests simplified

Maxim Dounin 618 April 16, 2023 11:46PM

[PATCH 01 of 11] Tests: SIGPIPE handling in mail tests

Maxim Dounin 120 April 16, 2023 11:46PM

[PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 125 April 16, 2023 11:46PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Sergey Kandaurov 132 May 03, 2023 12:22PM

Re: [PATCH 03 of 11] Tests: added has_feature() tests for IO::Socket::SSL

Maxim Dounin 131 May 03, 2023 11:58PM

[PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 155 April 16, 2023 11:46PM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Sergey Kandaurov 93 May 11, 2023 07:50AM

Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces

Maxim Dounin 116 May 14, 2023 02:54PM

[PATCH 05 of 11] Tests: added has_feature() test for SSL libraries

Maxim Dounin 123 April 16, 2023 11:46PM

[PATCH 09 of 11] Tests: simplified stream SSL tests with IO::Socket::SSL

Maxim Dounin 123 April 16, 2023 11:46PM

[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 139 April 16, 2023 11:46PM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov 210 May 11, 2023 10:40AM

Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Maxim Dounin 117 May 14, 2023 05:12PM

[PATCH 08 of 11] Tests: reworked stream SSL tests to use IO::Socket::SSL

Maxim Dounin 129 April 16, 2023 11:46PM

[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin 120 April 16, 2023 11:46PM

[PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 125 April 16, 2023 11:46PM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Sergey Kandaurov 121 May 11, 2023 10:28AM

Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL

Maxim Dounin 140 May 18, 2023 11:18AM

[PATCH 11 of 11] Tests: simplified http SSL tests with IO::Socket::SSL

Maxim Dounin 126 April 16, 2023 11:46PM

[PATCH 0 of 6] SSL tests refactoring fixes

Sergey Kandaurov 101 May 22, 2023 03:58PM

[PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Sergey Kandaurov 117 May 22, 2023 03:58PM

Re: [PATCH 1 of 6] Tests: unbreak ssl_stapling.t after IO::Socket::SSL refactoring

Maxim Dounin 93 May 22, 2023 04:38PM

[PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 103 May 22, 2023 03:58PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 95 May 22, 2023 07:44PM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Sergey Kandaurov 114 May 23, 2023 06:36AM

Re: [PATCH 2 of 6] Tests: unbreak tests with IO::Socket:SSL lacking SSL_session_key

Maxim Dounin 163 May 23, 2023 09:32AM

[PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Sergey Kandaurov 99 May 22, 2023 04:00PM

Re: [PATCH 3 of 6] Tests: unbreak stream_ssl_variables.t with old IO::Socket::SSL

Maxim Dounin 100 May 22, 2023 07:52PM

[PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 103 May 22, 2023 04:00PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Maxim Dounin 95 May 22, 2023 09:08PM

Re: [PATCH 4 of 6] Tests: avoid specifying PSS in sigalgs unless in TLSv1.3

Sergey Kandaurov 197 May 23, 2023 08:24AM

[PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 105 May 22, 2023 04:00PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Maxim Dounin 97 May 22, 2023 10:18PM

Re: [PATCH 5 of 6] Tests: added missing socket_ssl_alpn guard in mail_ssl.t

Sergey Kandaurov 185 May 23, 2023 08:56AM

[PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Sergey Kandaurov 102 May 22, 2023 04:00PM

Re: [PATCH 6 of 6] Tests: added missing socket_ssl_reused prerequisites

Maxim Dounin 88 May 22, 2023 10:40PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 155
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready