Tests: Auth-SSL-Protocol and Auth-SSL-Cipher tests (ticket #2134).
diff --git a/mail_imap_ssl.t b/mail_imap_ssl.t
index 145ac14..1bf1f6d 100644
--- a/mail_imap_ssl.t
+++ b/mail_imap_ssl.t
@@ -34,7 +34,7 @@
local $SIG{PIPE} = 'IGNORE';
my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap http rewrite/)
- ->has_daemon('openssl')->plan(12)
+ ->has_daemon('openssl')->plan(13)
->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
@@ -99,6 +99,7 @@
'$http_auth_ssl_subject:$http_auth_ssl_issuer:'
'$http_auth_ssl_serial:$http_auth_ssl_fingerprint:'
'$http_auth_ssl_cert:$http_auth_pass';
+ log_format test2 '$http_auth_ssl_cipher:$http_auth_ssl_protocol';
server {
listen 127.0.0.1:8080;
@@ -106,6 +107,7 @@
location = /mail/auth {
access_log auth.log test;
+ access_log auth2.log test2;
add_header Auth-Status OK;
add_header Auth-Server 127.0.0.1;
@@ -208,6 +210,18 @@
$s->ok('trusted cert');
$s->send('1 AUTHENTICATE PLAIN ' . $cred->("s5"));
$s->read();
+
+# Auth-SSL-Protocol and Auth-SSL-Cipher headers
+
+my ($cipher, $sslversion);
+
+if ($IO::Socket::SSL::VERSION >= 1.964) {
+ $s = get_ssl_socket(8143);
+ $cipher = $s->get_cipher();
+ $sslversion = $s->get_sslversion();
+ $sslversion =~ s/_/./;
+}
+
undef $s;
# test auth_http request header fields with access_log
@@ -225,4 +239,46 @@
like($f, qr!^on:SUCCESS:(/?CN=3.example.com):\1:\w+:\w+:[^:]+:s5$!m,
'log - trusted cert');
+SKIP: {
+skip 'IO::Socket::SSL version >= 1.964 required', 1
+ if $IO::Socket::SSL::VERSION < 1.964;
+
+TODO: {
+local $TODO = 'not yet' unless $t->has_version('1.21.2');
+
+$f = $t->read_file('auth2.log');
+like($f, qr|^$cipher:$sslversion$|m, 'log - cipher sslversion');
+
+}
+
+}
+
+###############################################################################
+
+sub get_ssl_socket {
+ my ($port) = @_;
+ my $s;
+
+ eval {
+ local $SIG{ALRM} = sub { die "timeout\n" };
+ local $SIG{PIPE} = sub { die "sigpipe\n" };
+ alarm(8);
+ $s = IO::Socket::SSL->new(
+ Proto => 'tcp',
+ PeerAddr => '127.0.0.1:' . port($port),
+ SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+ SSL_error_trap => sub { die $_[1] }
+ );
+ alarm(0);
+ };
+ alarm(0);
+
+ if ($@) {
+ log_in("died: $@");
+ return undef;
+ }
+
+ return $s;
+}
+
###############################################################################