[PATCH 07 of 11] Tests: simplified mail_imap_ssl.t

Maxim Dounin mdounin at mdounin.ru
Mon Apr 17 03:31:31 UTC 2023 

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1681702259 -10800
#      Mon Apr 17 06:30:59 2023 +0300
# Node ID 072be0b91d77eb9c9ab15c20d4df04efac51106a
# Parent  20d603cd3cbeab89127108fe9cb6dffd0e9469e8
Tests: simplified mail_imap_ssl.t.

The test now uses improved IO::Socket::SSL infrastructure in Test::Nginx::IMAP.
While here, fixed incorrect port being used for the "trusted cert" test.

diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t
--- a/mail_imap_ssl.t
+++ b/mail_imap_ssl.t
@@ -50,12 +50,12 @@ mail {
     ssl_certificate 1.example.com.crt;
 
     server {
-        listen     127.0.0.1:8142;
+        listen     127.0.0.1:8143;
         protocol   imap;
     }
 
     server {
-        listen     127.0.0.1:8143 ssl;
+        listen     127.0.0.1:8993 ssl;
         protocol   imap;
 
         ssl_verify_client on;
@@ -63,7 +63,7 @@ mail {
     }
 
     server {
-        listen     127.0.0.1:8145 ssl;
+        listen     127.0.0.1:8994 ssl;
         protocol   imap;
 
         ssl_verify_client optional;
@@ -71,7 +71,7 @@ mail {
     }
 
     server {
-        listen     127.0.0.1:8146 ssl;
+        listen     127.0.0.1:8995 ssl;
         protocol   imap;
 
         ssl_verify_client optional;
@@ -80,7 +80,7 @@ mail {
     }
 
     server {
-        listen     127.0.0.1:8147 ssl;
+        listen     127.0.0.1:8996 ssl;
         protocol   imap;
 
         ssl_verify_client optional_no_ca;
@@ -140,46 +140,41 @@ foreach my $name ('1.example.com', '2.ex
 ###############################################################################
 
 my $cred = sub { encode_base64("\0test\@example.com\0$_[0]", '') };
-my %ssl = (
-	SSL => 1,
-	SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-	SSL_error_trap => sub { die $_[1] },
-);
 
 # no ssl connection
 
-my $s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8142));
+my $s = Test::Nginx::IMAP->new();
 $s->ok('plain connection');
 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s1"));
 
 # no cert
 
-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8143), %ssl);
+$s = Test::Nginx::IMAP->new(SSL => 1);
 $s->check(qr/BYE No required SSL certificate/, 'no cert');
 
 # no cert with ssl_verify_client optional
 
-$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8145), %ssl);
+$s = Test::Nginx::IMAP->new(PeerAddr => '127.0.0.1:' . port(8994), SSL => 1);
 $s->ok('no optional cert');
 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s2"));
 
 # wrong cert with ssl_verify_client optional
 
 $s = Test::Nginx::IMAP->new(
-	PeerAddr => '127.0.0.1:' . port(8145),
+	PeerAddr => '127.0.0.1:' . port(8995),
+	SSL => 1,
 	SSL_cert_file => "$d/1.example.com.crt",
-	SSL_key_file => "$d/1.example.com.key",
-	%ssl,
+	SSL_key_file => "$d/1.example.com.key"
 );
 $s->check(qr/BYE SSL certificate error/, 'bad optional cert');
 
 # wrong cert with ssl_verify_client optional_no_ca
 
 $s = Test::Nginx::IMAP->new(
-	PeerAddr => '127.0.0.1:' . port(8147),
+	PeerAddr => '127.0.0.1:' . port(8996),
+	SSL => 1,
 	SSL_cert_file => "$d/1.example.com.crt",
-	SSL_key_file => "$d/1.example.com.key",
-	%ssl,
+	SSL_key_file => "$d/1.example.com.key"
 );
 $s->ok('bad optional_no_ca cert');
 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s3"));
@@ -187,10 +182,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr 
 # matching cert with ssl_verify_client optional
 
 $s = Test::Nginx::IMAP->new(
-	PeerAddr => '127.0.0.1:' . port(8145),
+	PeerAddr => '127.0.0.1:' . port(8995),
+	SSL => 1,
 	SSL_cert_file => "$d/2.example.com.crt",
-	SSL_key_file => "$d/2.example.com.key",
-	%ssl,
+	SSL_key_file => "$d/2.example.com.key"
 );
 $s->ok('good cert');
 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s4"));
@@ -198,10 +193,10 @@ my $s = Test::Nginx::IMAP->new(PeerAddr 
 # trusted cert with ssl_verify_client optional
 
 $s = Test::Nginx::IMAP->new(
-	PeerAddr => '127.0.0.1:' . port(8146),
+	PeerAddr => '127.0.0.1:' . port(8995),
+	SSL => 1,
 	SSL_cert_file => "$d/3.example.com.crt",
-	SSL_key_file => "$d/3.example.com.key",
-	%ssl,
+	SSL_key_file => "$d/3.example.com.key"
 );
 $s->ok('trusted cert');
 $s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5"));
@@ -211,9 +206,9 @@ my $s = Test::Nginx::IMAP->new(PeerAddr 
 
 my ($cipher, $sslversion);
 
-$s = get_ssl_socket(8143);
-$cipher = $s->get_cipher();
-$sslversion = $s->get_sslversion();
+$s = Test::Nginx::IMAP->new(SSL => 1);
+$cipher = $s->socket()->get_cipher();
+$sslversion = $s->socket()->get_sslversion();
 $sslversion =~ s/_/./;
 
 undef $s;
@@ -242,31 +237,3 @@ like($f, qr|^$cipher:$sslversion$|m, 'lo
 }
 
 ###############################################################################
-
-sub get_ssl_socket {
-	my ($port) = @_;
-	my $s;
-
-	eval {
-		local $SIG{ALRM} = sub { die "timeout\n" };
-		local $SIG{PIPE} = sub { die "sigpipe\n" };
-		alarm(8);
-		$s = IO::Socket::SSL->new(
-			Proto => 'tcp',
-			PeerAddr => '127.0.0.1:' . port($port),
-			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-			SSL_error_trap => sub { die $_[1] }
-		);
-		alarm(0);
-	};
-	alarm(0);
-
-	if ($@) {
-		log_in("died: $@");
-		return undef;
-	}
-
-	return $s;
-}
-
-###############################################################################

More information about the nginx-devel mailing list