about summary refs log tree commit homepage
path: root/t/imapd-tls.t
diff options
context:
space:
mode:
Diffstat (limited to 't/imapd-tls.t')
-rw-r--r--t/imapd-tls.t82
1 files changed, 39 insertions, 43 deletions
diff --git a/t/imapd-tls.t b/t/imapd-tls.t
index df4ef85c..b95085a2 100644
--- a/t/imapd-tls.t
+++ b/t/imapd-tls.t
@@ -1,13 +1,11 @@
-# Copyright (C) 2020 all contributors <meta@public-inbox.org>
+#!perl -w
+# Copyright (C) all contributors <meta@public-inbox.org>
 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
-use strict;
-use warnings;
-use Test::More;
+use v5.12;
 use Socket qw(IPPROTO_TCP SOL_SOCKET);
 use PublicInbox::TestCommon;
 # IO::Poll is part of the standard library, but distros may split it off...
-require_mods(qw(DBD::SQLite IO::Socket::SSL Mail::IMAPClient IO::Poll
-        Email::Address::XS||Mail::Address Parse::RecDescent));
+require_mods(qw(-imapd IO::Socket::SSL Mail::IMAPClient IO::Poll));
 my $imap_client = 'Mail::IMAPClient';
 $imap_client->can('starttls') or
         plan skip_all => 'Mail::IMAPClient does not support TLS';
@@ -25,53 +23,35 @@ unless (-r $key && -r $cert) {
 }
 use_ok 'PublicInbox::TLS';
 use_ok 'IO::Socket::SSL';
-use PublicInbox::InboxWritable;
-require PublicInbox::SearchIdx;
 my $version = 1; # v2 needs newer git
 require_git('2.6') if $version >= 2;
 my ($tmpdir, $for_destroy) = tmpdir();
 my $err = "$tmpdir/stderr.log";
 my $out = "$tmpdir/stdout.log";
-my $inboxdir = "$tmpdir";
-my $pi_config = "$tmpdir/pi_config";
+my $pi_config;
 my $group = 'test-imapd-tls';
 my $addr = $group . '@example.com';
 my $starttls = tcp_server();
 my $imaps = tcp_server();
-my $ibx = PublicInbox::Inbox->new({
-        inboxdir => $inboxdir,
-        name => 'imapd-tls',
-        version => $version,
-        -primary_address => $addr,
-        indexlevel => 'basic',
-});
-$ibx = PublicInbox::InboxWritable->new($ibx, {nproc=>1});
-$ibx->init_inbox(0);
-{
+my $ibx = create_inbox 'imapd-tls', version => $version,
+                        -primary_address => $addr, indexlevel => 'basic', sub {
+        my ($im, $ibx) = @_;
+        $im->add(eml_load('t/data/0001.patch')) or BAIL_OUT '->add';
+        $pi_config = "$ibx->{inboxdir}/pi_config";
         open my $fh, '>', $pi_config or BAIL_OUT "open: $!";
-        print $fh <<EOF
+        print $fh <<EOF or BAIL_OUT "print: $!";
 [publicinbox "imapd-tls"]
-        inboxdir = $inboxdir
+        inboxdir = $ibx->{inboxdir}
         address = $addr
         indexlevel = basic
         newsgroup = $group
 EOF
-        ;
         close $fh or BAIL_OUT "close: $!\n";
-}
+};
+$pi_config //= "$ibx->{inboxdir}/pi_config";
 
-{
-        my $im = $ibx->importer(0);
-        ok($im->add(eml_load('t/data/0001.patch')), 'message added');
-        $im->done;
-        if ($version == 1) {
-                my $s = PublicInbox::SearchIdx->new($ibx, 1);
-                $s->index_sync;
-        }
-}
-
-my $imaps_addr = $imaps->sockhost . ':' . $imaps->sockport;
-my $starttls_addr = $starttls->sockhost . ':' . $starttls->sockport;
+my $imaps_addr = tcp_host_port($imaps);
+my $starttls_addr = tcp_host_port($starttls);
 my $env = { PI_CONFIG => $pi_config };
 my $td;
 
@@ -174,6 +154,24 @@ for my $args (
         ok(sysread($slow, my $end, 4096) > 0, 'got end');
         is(sysread($slow, my $eof, 4096), 0, 'got EOF');
 
+        test_lei(sub {
+                lei_ok qw(ls-mail-source), "imap://$starttls_addr",
+                        \'STARTTLS not used by default';
+                my $plain_out = $lei_out;
+                ok(!lei(qw(ls-mail-source -c imap.starttls),
+                        "imap://$starttls_addr"), 'STARTTLS verify fails');
+                unlike $lei_err, qr!W: imap\.starttls= .*? is not boolean!i,
+                        'no non-boolean warning';
+                lei_ok qw(-c imap.starttls -c imap.sslVerify= ls-mail-source),
+                        "imap://$starttls_addr",
+                        \'disabling imap.sslVerify works w/ STARTTLS';
+                is $lei_out, $plain_out, 'sslVerify=false w/ STARTTLS output';
+                lei_ok qw(ls-mail-source -c imap.sslVerify=false),
+                        "imaps://$imaps_addr",
+                        \'disabling imap.sslVerify works w/ imaps://';
+                is $lei_out, $plain_out, 'sslVerify=false w/ IMAPS output';
+        });
+
         SKIP: {
                 skip 'TCP_DEFER_ACCEPT is Linux-only', 2 if $^O ne 'linux';
                 my $var = eval { Socket::TCP_DEFER_ACCEPT() } // 9;
@@ -183,15 +181,13 @@ for my $args (
                 is(unpack('i', $x), 0, 'TCP_DEFER_ACCEPT is 0 on plain IMAP');
         };
         SKIP: {
-                skip 'SO_ACCEPTFILTER is FreeBSD-only', 2 if $^O ne 'freebsd';
-                if (system('kldstat -m accf_data >/dev/null')) {
-                        skip 'accf_data not loaded? kldload accf_data', 2;
-                }
+                require_mods '+accf_data';
                 require PublicInbox::Daemon;
-                my $var = PublicInbox::Daemon::SO_ACCEPTFILTER();
-                my $x = getsockopt($imaps, SOL_SOCKET, $var);
+                my $x = getsockopt($imaps, SOL_SOCKET,
+                                $PublicInbox::Daemon::SO_ACCEPTFILTER);
                 like($x, qr/\Adataready\0+\z/, 'got dataready accf for IMAPS');
-                $x = getsockopt($starttls, IPPROTO_TCP, $var);
+                $x = getsockopt($starttls, IPPROTO_TCP,
+                                $PublicInbox::Daemon::SO_ACCEPTFILTER);
                 is($x, undef, 'no BSD accept filter for plain IMAP');
         };