diff options
Diffstat (limited to 't/nntpd-tls.t')
| -rw-r--r-- | t/nntpd-tls.t | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t index 2a76867a..a16cc015 100644 --- a/t/nntpd-tls.t +++ b/t/nntpd-tls.t @@ -1,8 +1,7 @@ #!perl -w -# Copyright (C) 2019-2021 all contributors <meta@public-inbox.org> +# Copyright (C) all contributors <meta@public-inbox.org> # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt> -use strict; -use v5.10.1; +use v5.12; use PublicInbox::TestCommon; use Socket qw(SOCK_STREAM IPPROTO_TCP SOL_SOCKET); # IO::Poll and Net::NNTP are part of the standard library, but @@ -149,10 +148,22 @@ for my $args ( test_lei(sub { lei_ok qw(ls-mail-source), "nntp://$starttls_addr", \'STARTTLS not used by default'; - ok(!lei(qw(ls-mail-source -c nntp.starttls=true), + my $plain_out = $lei_out; + ok(!lei(qw(ls-mail-source -c nntp.starttls), "nntp://$starttls_addr"), 'STARTTLS verify fails'); like $lei_err, qr/STARTTLS requested/, 'STARTTLS noted in stderr'; + unlike $lei_err, qr!W: nntp\.starttls= .*? is not boolean!i, + 'no non-boolean warning'; + lei_ok qw(-c nntp.starttls -c nntp.sslVerify= ls-mail-source), + "nntp://$starttls_addr", + \'disabling nntp.sslVerify works w/ STARTTLS'; + is $lei_out, $plain_out, 'sslVerify=false w/ STARTTLS output'; + + lei_ok qw(ls-mail-source -c nntp.sslVerify=false), + "nntps://$nntps_addr", + \'disabling nntp.sslVerify works w/ nntps://'; + is $lei_out, $plain_out, 'sslVerify=false w/ NNTPS output'; }); SKIP: { @@ -164,10 +175,7 @@ for my $args ( is(unpack('i', $x), 0, 'TCP_DEFER_ACCEPT is 0 on plain NNTP'); }; SKIP: { - skip 'SO_ACCEPTFILTER is FreeBSD-only', 2 if $^O ne 'freebsd'; - if (system('kldstat -m accf_data >/dev/null')) { - skip 'accf_data not loaded? kldload accf_data', 2; - } + require_mods '+accf_data'; require PublicInbox::Daemon; my $x = getsockopt($nntps, SOL_SOCKET, $PublicInbox::Daemon::SO_ACCEPTFILTER); @@ -177,6 +185,14 @@ for my $args ( is($x, undef, 'no BSD accept filter for plain NNTP'); }; + my $s = tcp_connect($nntps); + syswrite($s, '->accept_SSL_ will fail on this!'); + my @r; + do { # some platforms or OpenSSL versions need an extra read + push @r, sysread($s, my $rbuf, 128); + } while ($r[-1] && @r < 2); + ok(!$r[-1], 'EOF or ECONNRESET on ->accept_SSL fail') or + diag explain(\@r); $c = undef; $td->kill; $td->join; @@ -187,6 +203,7 @@ for my $args ( <$fh>; }; unlike($eout, qr/wide/i, 'no Wide character warnings'); + unlike($eout, qr/^E:/, 'no other errors'); } done_testing(); |