[PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL

Sergey Kandaurov pluknet at nginx.com
Thu May 11 14:39:32 UTC 2023



> On 17 Apr 2023, at 07:31, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1681702257 -10800
> #      Mon Apr 17 06:30:57 2023 +0300
> # Node ID 20d603cd3cbeab89127108fe9cb6dffd0e9469e8
> # Parent  a8e22a3212da945e9060d4233905eb6de1399d34
> Tests: reworked mail SSL tests to use IO::Socket::SSL.
> 
> Relevant infrastructure is provided in Test::Nginx::IMAP (and also POP3
> and SMTP for completeness).  This also ensures that SSL handshake and
> various read operations are guarded with timeouts.
> 

[..]

> diff --git a/mail_ssl_conf_command.t b/mail_ssl_conf_command.t
> --- a/mail_ssl_conf_command.t
> +++ b/mail_ssl_conf_command.t
> @@ -16,6 +16,7 @@ BEGIN { use FindBin; chdir($FindBin::Bin
> 
> use lib 'lib';
> use Test::Nginx;
> +use Test::Nginx::IMAP;
> 
> ###############################################################################
> 
> @@ -24,15 +25,8 @@ select STDOUT; $| = 1;
> 
> local $SIG{PIPE} = 'IGNORE';
> 
> -eval {
> -	require Net::SSLeay;
> -	Net::SSLeay::load_error_strings();
> -	Net::SSLeay::SSLeay_add_ssl_algorithms();
> -	Net::SSLeay::randomize();
> -};
> -plan(skip_all => 'Net::SSLeay not installed') if $@;
> -
> -my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap openssl:1.0.2/)
> +my $t = Test::Nginx->new()
> +	->has(qw/mail mail_ssl imap openssl:1.0.2 socket_ssl_reused/)
> 	->has_daemon('openssl');
> 
> plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');
> @@ -50,7 +44,7 @@ mail {
>     auth_http  http://127.0.0.1:8080;   # unused
> 
>     server {
> -        listen       127.0.0.1:8443 ssl;
> +        listen       127.0.0.1:8993 ssl;

Please avoid using an upper half of 8000 .. 8999 range for TCP tests.
The reason is a deficiency in automatic port selection used for
parallel testing, see Test::Nginx::port().  Currently, ports are
selected in the reversed order for TCP and UDP for a reason:
another socket type for the same port is used as a lock.
But that gives a race if you try to concurrently select the same
port for both TCP and UDP.
Currently, this is worked around by splitting the range:
bottom half is used for TCP, upper half is used for UDP.

Luckily, nginx retries bind/listen on NGX_EADDRINUSE up to 5 times,
but this doesn't always work.

[..]

-- 
Sergey Kandaurov


More information about the nginx-devel mailing list