tests: recommend running create-certs.pl with $^X

[public-inbox.git] / t / nntpd-tls.t

diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t
index 427d370fc4a69a87b7e7f747cbcc5f21bccd1119..1a74924c81a60ea9997c430a35074be90fdc7674 100644 (file)
--- a/t/nntpd-tls.t
+++ b/t/nntpd-tls.t
@@ -11,11 +11,16 @@ foreach my $mod (qw(DBD::SQLite IO::Socket::SSL Net::NNTP IO::Poll)) {
        eval "require $mod";
        plan skip_all => "$mod missing for $0" if $@;
 }
+Net::NNTP->can('starttls') or
+       plan skip_all => 'Net::NNTP does not support TLS';
+IO::Socket::SSL->VERSION(2.007) or
+       plan skip_all => 'IO::Socket::SSL <2.007 not supported by Net::NNTP';
+
 my $cert = 'certs/server-cert.pem';
 my $key = 'certs/server-key.pem';
 unless (-r $key && -r $cert) {
        plan skip_all =>
-               "certs/ missing for $0, run ./create-certs.perl in certs/";
+               "certs/ missing for $0, run $^X ./create-certs.perl in certs/";
 }
 
 use_ok 'PublicInbox::TLS';
@@ -24,6 +29,9 @@ require './t/common.perl';
 require PublicInbox::InboxWritable;
 require PublicInbox::MIME;
 require PublicInbox::SearchIdx;
+my $need_zlib;
+eval { require Compress::Raw::Zlib } or
+       $need_zlib = 'Compress::Raw::Zlib missing';
 my $version = 2; # v2 needs newer git
 require_git('2.6') if $version >= 2;
 my $tmpdir = tempdir('pi-nntpd-tls-XXXXXX', TMPDIR => 1, CLEANUP => 1);
@@ -34,15 +42,8 @@ my $pi_config = "$tmpdir/pi_config";
 my $group = 'test-nntpd-tls';
 my $addr = $group . '@example.com';
 my $nntpd = 'blib/script/public-inbox-nntpd';
-my %opts = (
-       LocalAddr => '127.0.0.1',
-       ReuseAddr => 1,
-       Proto => 'tcp',
-       Type => SOCK_STREAM,
-       Listen => 1024,
-);
-my $starttls = IO::Socket::INET->new(%opts);
-my $nntps = IO::Socket::INET->new(%opts);
+my $starttls = tcp_server();
+my $nntps = tcp_server();
 my ($pid, $tail_pid);
 END {
        foreach ($pid, $tail_pid) {
@@ -116,12 +117,7 @@ for my $args (
        my $expect = { $group => [qw(1 1 n)] };
 
        # start negotiating a slow TLS connection
-       my $slow = IO::Socket::INET->new(
-               Proto => 'tcp',
-               PeerAddr => $nntps_addr,
-               Type => SOCK_STREAM,
-               Blocking => 0,
-       );
+       my $slow = tcp_connect($nntps, Blocking => 0);
        $slow = IO::Socket::SSL->start_SSL($slow, SSL_startHandshake => 0, %o);
        my $slow_done = $slow->connect_SSL;
        diag('W: connect_SSL early OK, slow client test invalid') if $slow_done;
@@ -132,6 +128,8 @@ for my $args (
        my $c = Net::NNTP->new($nntps_addr, %o, SSL => 1);
        my $list = $c->list;
        is_deeply($list, $expect, 'NNTPS LIST works');
+       unlike(get_capa($c), qr/\bSTARTTLS\r\n/,
+               'STARTTLS not advertised for NNTPS');
        is($c->command('QUIT')->response(), Net::Cmd::CMD_OK(), 'QUIT works');
        is(0, sysread($c, my $buf, 1), 'got EOF after QUIT');
 
@@ -143,6 +141,8 @@ for my $args (
        is($c->code, 382, 'got 382 for STARTTLS');
        $list = $c->list;
        is_deeply($list, $expect, 'LIST works after STARTTLS');
+       unlike(get_capa($c), qr/\bSTARTTLS\r\n/,
+               'STARTTLS not advertised after STARTTLS');
 
        # Net::NNTP won't let us do dumb things, but we need to test
        # dumb things, so use Net::Cmd directly:
@@ -153,6 +153,7 @@ for my $args (
        # STARTTLS with bad hostname
        $o{SSL_hostname} = $o{SSL_verifycn_name} = 'server.invalid';
        $c = Net::NNTP->new($starttls_addr, %o);
+       like(get_capa($c), qr/\bSTARTTLS\r\n/, 'STARTTLS advertised');
        $list = $c->list;
        is_deeply($list, $expect, 'plain LIST works again');
        ok(!$c->starttls, 'STARTTLS fails with bad hostname');
@@ -221,4 +222,25 @@ for my $args (
        }
 }
 done_testing();
+
+sub get_capa {
+       my ($sock) = @_;
+       syswrite($sock, "CAPABILITIES\r\n");
+       my $capa = '';
+       do {
+               my $r = sysread($sock, $capa, 8192, length($capa));
+               die "unexpected: $!" unless defined($r);
+               die 'unexpected EOF' if $r == 0;
+       } until $capa =~ /\.\r\n\z/;
+
+       my $deflate_capa = qr/\r\nCOMPRESS DEFLATE\r\n/;
+       if ($need_zlib) {
+               unlike($capa, $deflate_capa,
+                       'COMPRESS DEFLATE NOT advertised '.$need_zlib);
+       } else {
+               like($capa, $deflate_capa, 'COMPRESS DEFLATE advertised');
+       }
+       $capa;
+}
+
 1;