From 8d4e8217fdc01417ab8ea33303dd0ce7f769d10e Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 25 Feb 2019 16:15:18 +0100 Subject: Convert tst_QSslSocket to work with Docker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ifb075763e3a0c6c08677dd2ae7febbbc8e4e48a9 Reviewed-by: Ryan Chu Reviewed-by: MÃ¥rten Nordheim Reviewed-by: Timur Pocheptsov --- .../ssl/qsslsocket/certs/qt-test-server-cert.pem | 16 ++ tests/auto/network/ssl/qsslsocket/qsslsocket.pro | 7 + .../auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 177 +++++++++++++-------- tests/testserver/cyrus/cyrus.sh | 8 +- tests/testserver/docker-compose.yml | 3 +- tests/testserver/echo/echo.sh | 1 + 6 files changed, 144 insertions(+), 68 deletions(-) create mode 100644 tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem (limited to 'tests') diff --git a/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem new file mode 100644 index 0000000000..43c8794ce2 --- /dev/null +++ b/tests/auto/network/ssl/qsslsocket/certs/qt-test-server-cert.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClTCCAf4CCQC2xMhNhwvATDANBgkqhkiG9w0BAQQFADCBjjELMAkGA1UEChMC +UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v +Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE +BhMCTk8xHDAaBgNVBAMUEyoudGVzdC1uZXQucXQubG9jYWwwHhcNMTgwNzAxMTgz +NjI3WhcNNDgwNjIzMTgzNjI3WjCBjjELMAkGA1UEChMCUXQxGTAXBgNVBAsTEENv +cmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5vYm9keS5xdC5pbzENMAsG +A1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UEBhMCTk8xHDAaBgNVBAMU +EyoudGVzdC1uZXQucXQubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AM2q22/WNMmn8cC+5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7rOtkS +18EMUegkUj8jw0IMEcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzAkfcR +aJRQ+Ek3CDLXPnXfo7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAEwDQYJKoZIhvcN +AQEEBQADgYEAZu/lQPy8PXeyyYGamOVms/FZKJ48BH1y8KC3BeBU5FYnhvgG7pz8 +Wz9JKvt2t/r45wQeAkNL6HnGUBhPJsHMjPHl5KktqN+db3D+FQygBeS2V1+zmC0X +UZNRE4aWiHvt1Lq+pTx89SOMOpfqWfh4qTQKiE5jC2V4DeCNQ3u7uI8= +-----END CERTIFICATE----- diff --git a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro index 1260dc9410..03fbe89002 100644 --- a/tests/auto/network/ssl/qsslsocket/qsslsocket.pro +++ b/tests/auto/network/ssl/qsslsocket/qsslsocket.pro @@ -18,3 +18,10 @@ TESTDATA += certs DEFINES += SRCDIR=\\\"$$PWD/\\\" requires(qtConfig(private_tests)) + +# DOCKERTODO: it's 'linux' because it requires cyrus, which +# is linux-only for now ... +linux { + QT_TEST_SERVER_LIST = squid danted cyrus apache2 echo + include($$dirname(_QMAKE_CONF_)/tests/auto/testserver.pri) +} diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 0251f3da13..96c2f8ec42 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -310,6 +310,21 @@ Q_DECLARE_METATYPE(tst_QSslSocket::PskConnectTestType) int tst_QSslSocket::loopLevel = 0; +namespace { + +QString httpServerCertChainPath() +{ + // DOCKERTODO: note how we use CA certificate on the real server. The docker container + // is using a different cert with a "special" CN. Check if it's important! +#ifdef QT_TEST_SERVER + return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cert.pem"); +#else + return tst_QSslSocket::testDataDir + QStringLiteral("certs/qt-test-server-cacert.pem"); +#endif // QT_TEST_SERVER +} + +} // unnamed namespace + tst_QSslSocket::tst_QSslSocket() { #ifndef QT_NO_SSL @@ -363,8 +378,19 @@ void tst_QSslSocket::initTestCase() qDebug("Using SSL library %s (%ld)", qPrintable(QSslSocket::sslLibraryVersionString()), QSslSocket::sslLibraryVersionNumber()); +#ifdef QT_TEST_SERVER + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1080)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::socksProxyServerName(), 1081)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3128)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3129)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpProxyServerName(), 3130)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::httpServerName(), 443)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::imapServerName(), 993)); + QVERIFY(QtNetworkSettings::verifyConnection(QtNetworkSettings::echoServerName(), 13)); +#else QVERIFY(QtNetworkSettings::verifyTestNetworkSettings()); -#endif +#endif // QT_TEST_SERVER +#endif // QT_NO_SSL } void tst_QSslSocket::init() @@ -373,28 +399,29 @@ void tst_QSslSocket::init() if (setProxy) { #ifndef QT_NO_NETWORKPROXY QFETCH_GLOBAL(int, proxyType); - QString fluke = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + const QString socksProxyAddr = QtNetworkSettings::socksProxyServerIp().toString(); + const QString httpProxyAddr = QtNetworkSettings::httpProxyServerIp().toString(); QNetworkProxy proxy; switch (proxyType) { case Socks5Proxy: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1080); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1080); break; case Socks5Proxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, fluke, 1081); + proxy = QNetworkProxy(QNetworkProxy::Socks5Proxy, socksProxyAddr, 1081); break; case HttpProxy | NoAuth: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3128); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3128); break; case HttpProxy | AuthBasic: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3129); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3129); break; case HttpProxy | AuthNtlm: - proxy = QNetworkProxy(QNetworkProxy::HttpProxy, fluke, 3130); + proxy = QNetworkProxy(QNetworkProxy::HttpProxy, httpProxyAddr, 3130); break; } QNetworkProxy::setApplicationProxy(proxy); @@ -555,7 +582,7 @@ void tst_QSslSocket::simpleConnect() connect(&socket, SIGNAL(sslErrors(QList)), this, SLOT(exitLoop())); // Start connecting - socket.connectToHost(QtNetworkSettings::serverName(), 993); + socket.connectToHost(QtNetworkSettings::imapServerName(), 993); QCOMPARE(socket.state(), QAbstractSocket::HostLookupState); enterLoop(10); @@ -610,7 +637,7 @@ void tst_QSslSocket::simpleConnectWithIgnore() connect(&socket, SIGNAL(sslErrors(QList)), this, SLOT(exitLoop())); // Start connecting - socket.connectToHost(QtNetworkSettings::serverName(), 993); + socket.connectToHost(QtNetworkSettings::imapServerName(), 993); QVERIFY(socket.state() != QAbstractSocket::UnconnectedState); // something must be in progress enterLoop(10); @@ -642,7 +669,7 @@ void tst_QSslSocket::sslErrors_data() QString name = QtNetworkSettings::serverLocalName(); QTest::newRow(qPrintable(name)) << name << 993; - name = QHostInfo::fromName(QtNetworkSettings::serverName()).addresses().first().toString(); + name = QtNetworkSettings::httpServerIp().toString(); QTest::newRow(qPrintable(name)) << name << 443; } @@ -659,7 +686,20 @@ void tst_QSslSocket::sslErrors() QSignalSpy sslErrorsSpy(socket.data(), SIGNAL(sslErrors(QList))); QSignalSpy peerVerifyErrorSpy(socket.data(), SIGNAL(peerVerifyError(QSslError))); - socket->connectToHostEncrypted(host, port); +#ifdef QT_TEST_SERVER + // On the old test server we had the same certificate on different services. + // The idea of this test is to fail with 'HostNameMismatch', when we're using + // either serverLocalName() or IP address directly. With Docker we connect + // to IMAP server, and we have to connect using imapServerName() and passing + // 'host' as peerVerificationName to the overload of connectToHostEncrypted(). + if (port == 993) { + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), port, host); + } else +#endif // QT_TEST_SERVER + { + socket->connectToHostEncrypted(host, port); + } + if (!socket->waitForConnected()) QSKIP("Skipping flaky test - See QTBUG-29941"); socket->waitForEncrypted(10000); @@ -739,13 +779,13 @@ void tst_QSslSocket::connectToHostEncrypted() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif this->socket = socket.data(); - QVERIFY(socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem")); + QVERIFY(socket->addCaCertificates(httpServerCertChainPath())); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList)), this, SLOT(untrustedWorkaroundSlot(QList))); #endif - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); // This should pass unconditionally when using fluke's CA certificate. // or use untrusted certificate workaround @@ -758,7 +798,7 @@ void tst_QSslSocket::connectToHostEncrypted() QCOMPARE(socket->mode(), QSslSocket::SslClientMode); - socket->connectToHost(QtNetworkSettings::serverName(), 13); + socket->connectToHost(QtNetworkSettings::echoServerName(), 13); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); @@ -776,14 +816,18 @@ void tst_QSslSocket::connectToHostEncryptedWithVerificationPeerName() #endif this->socket = socket.data(); - socket->addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket->addCaCertificates(httpServerCertChainPath()); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND connect(socket.data(), SIGNAL(sslErrors(QList)), this, SLOT(untrustedWorkaroundSlot(QList))); #endif - // connect to the server with its local name, but use the full name for verification. - socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::serverName()); +#ifdef QT_TEST_SERVER + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443, QtNetworkSettings::httpServerName()); +#else + // Connect to the server with its local name, but use the full name for verification. + socket->connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443, QtNetworkSettings::httpServerName()); +#endif // This should pass unconditionally when using fluke's CA certificate. QFETCH_GLOBAL(bool, setProxy); @@ -805,7 +849,7 @@ void tst_QSslSocket::sessionCipher() this->socket = socket.data(); connect(socket.data(), SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); QVERIFY(socket->sessionCipher().isNull()); - socket->connectToHost(QtNetworkSettings::serverName(), 443 /* https */); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443 /* https */); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); QVERIFY(socket->sessionCipher().isNull()); socket->startClientEncryption(); @@ -840,12 +884,12 @@ void tst_QSslSocket::localCertificate() // values. This test should just run the codepath inside qsslsocket_openssl.cpp QSslSocketPtr socket = newSocket(); - QList localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList localCert = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(localCert); socket->setLocalCertificate(testDataDir + "certs/fluke.cert"); socket->setPrivateKey(testDataDir + "certs/fluke.key"); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -868,8 +912,7 @@ void tst_QSslSocket::peerCertificateChain() QSslSocketPtr socket = newSocket(); this->socket = socket.data(); - - QList caCertificates = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList caCertificates = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(caCertificates.count(), 1); socket->addCaCertificates(caCertificates); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND @@ -877,7 +920,7 @@ void tst_QSslSocket::peerCertificateChain() this, SLOT(untrustedWorkaroundSlot(QList))); #endif - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); QVERIFY(socket->peerCertificateChain().isEmpty()); QFETCH_GLOBAL(bool, setProxy); @@ -906,7 +949,7 @@ void tst_QSslSocket::peerCertificateChain() QVERIFY(socket->waitForDisconnected()); // now do it again back to the original server - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QCOMPARE(socket->mode(), QSslSocket::UnencryptedMode); QVERIFY(socket->peerCertificateChain().isEmpty()); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); @@ -945,13 +988,13 @@ void tst_QSslSocket::privateKeyOpaque() // values. This test should just run the codepath inside qsslsocket_openssl.cpp QSslSocketPtr socket = newSocket(); - QList localCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList localCert = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(localCert); socket->setLocalCertificate(testDataDir + "certs/fluke.cert"); socket->setPrivateKey(QSslKey(reinterpret_cast(pkey))); socket->setPeerVerifyMode(QSslSocket::QueryPeer); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -965,7 +1008,7 @@ void tst_QSslSocket::protocol() QSslSocketPtr socket = newSocket(); this->socket = socket.data(); - QList certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList certs = QSslCertificate::fromPath(httpServerCertChainPath()); socket->setCaCertificates(certs); #ifdef QSSLSOCKET_CERTUNTRUSTED_WORKAROUND @@ -979,13 +1022,13 @@ void tst_QSslSocket::protocol() // qt-test-server allows TLSV1. socket->setProtocol(QSsl::TlsV1_0); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_0); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -998,13 +1041,13 @@ void tst_QSslSocket::protocol() // qt-test-server probably doesn't allow TLSV1.1 socket->setProtocol(QSsl::TlsV1_1); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_1); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1016,13 +1059,13 @@ void tst_QSslSocket::protocol() // qt-test-server probably doesn't allows TLSV1.2 socket->setProtocol(QSsl::TlsV1_2); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_2); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1036,13 +1079,13 @@ void tst_QSslSocket::protocol() // qt-test-server probably doesn't allow TLSV1.3 socket->setProtocol(QSsl::TlsV1_3); QCOMPARE(socket->protocol(), QSsl::TlsV1_3); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("TLS 1.3 is not supported by the test server or the test is flaky - see QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1_3); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1_3); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1055,13 +1098,13 @@ void tst_QSslSocket::protocol() // qt-test-server allows SSLV3, so it allows AnyProtocol. socket->setProtocol(QSsl::AnyProtocol); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); socket->abort(); QCOMPARE(socket->protocol(), QSsl::AnyProtocol); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString())); socket->startClientEncryption(); if (setProxy && !socket->waitForEncrypted()) @@ -1073,13 +1116,13 @@ void tst_QSslSocket::protocol() // qt-test-server allows TlsV1, so it allows TlsV1SslV3 socket->setProtocol(QSsl::TlsV1SslV3); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); socket->abort(); QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3); - socket->connectToHost(QtNetworkSettings::serverName(), 443); + socket->connectToHost(QtNetworkSettings::httpServerName(), 443); if (setProxy && !socket->waitForConnected()) QSKIP("Skipping flaky test - See QTBUG-29941"); socket->startClientEncryption(); @@ -1491,7 +1534,7 @@ void tst_QSslSocket::setSslConfiguration_data() QTest::newRow("empty") << QSslConfiguration() << false; QSslConfiguration conf = QSslConfiguration::defaultConfiguration(); QTest::newRow("default") << conf << false; // does not contain test server cert - QList testServerCert = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList testServerCert = QSslCertificate::fromPath(httpServerCertChainPath()); conf.setCaCertificates(testServerCert); QTest::newRow("set-root-cert") << conf << true; conf.setProtocol(QSsl::SecureProtocols); @@ -1510,7 +1553,7 @@ void tst_QSslSocket::setSslConfiguration() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif this->socket = socket.data(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH(bool, works); QFETCH_GLOBAL(bool, setProxy); if (setProxy && (socket->waitForEncrypted(10000) != works)) @@ -1530,7 +1573,7 @@ void tst_QSslSocket::waitForEncrypted() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(10000)) @@ -1549,7 +1592,7 @@ void tst_QSslSocket::waitForEncryptedMinusOne() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && !socket->waitForEncrypted(-1)) @@ -1565,7 +1608,7 @@ void tst_QSslSocket::waitForConnectedEncryptedReadyRead() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); QVERIFY2(socket->waitForConnected(10000), qPrintable(socket->errorString())); QFETCH_GLOBAL(bool, setProxy); @@ -1597,7 +1640,7 @@ void tst_QSslSocket::addDefaultCaCertificate() // Reset the global CA chain QSslSocket::setDefaultCaCertificates(QSslSocket::systemCaCertificates()); - QList flukeCerts = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList flukeCerts = QSslCertificate::fromPath(httpServerCertChainPath()); QCOMPARE(flukeCerts.size(), 1); QList globalCerts = QSslSocket::defaultCaCertificates(); QVERIFY(!globalCerts.contains(flukeCerts.first())); @@ -1968,7 +2011,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027() QSslSocketPtr socket = newSocket(); socket->setReadBufferSize(1000); // limit to 1 kb/sec socket->ignoreSslErrors(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); socket->ignoreSslErrors(); QVERIFY2(socket->waitForConnected(10*1000), qPrintable(socket->errorString())); if (setProxy && !socket->waitForEncrypted(10*1000)) @@ -1981,7 +2024,7 @@ void tst_QSslSocket::setReadBufferSize_task_250027() // provoke a response by sending a request socket->write("GET /qtest/fluke.gif HTTP/1.0\n"); // this file is 27 KB socket->write("Host: "); - socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData()); + socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData()); socket->write("\n"); socket->write("Connection: close\n"); socket->write("\n"); @@ -2232,7 +2275,7 @@ void tst_QSslSocket::verifyMode() socket.setPeerVerifyMode(QSslSocket::VerifyPeer); QCOMPARE(socket.peerVerifyMode(), QSslSocket::VerifyPeer); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); if (socket.waitForEncrypted()) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -2271,7 +2314,7 @@ void tst_QSslSocket::verifyDepth() void tst_QSslSocket::disconnectFromHostWhenConnecting() { QSslSocketPtr socket = newSocket(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); socket->ignoreSslErrors(); socket->write("XXXX LOGOUT\r\n"); QAbstractSocket::SocketState state = socket->state(); @@ -2300,7 +2343,7 @@ void tst_QSslSocket::disconnectFromHostWhenConnecting() void tst_QSslSocket::disconnectFromHostWhenConnected() { QSslSocketPtr socket = newSocket(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket->connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); socket->ignoreSslErrors(); if (!socket->waitForEncrypted(5000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -2387,13 +2430,13 @@ void tst_QSslSocket::resetProxy() // make sure the connection works, and then set a nonsense proxy, and then // make sure it does not work anymore QSslSocket socket; - socket.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket.addCaCertificates(httpServerCertChainPath()); socket.setProxy(goodProxy); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket.waitForConnected(10000), qPrintable(socket.errorString())); socket.abort(); socket.setProxy(badProxy); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket.waitForConnected(10000)); // don't forget to login @@ -2406,13 +2449,13 @@ void tst_QSslSocket::resetProxy() // set the nonsense proxy and make sure the connection does not work, // and then set the right proxy and make sure it works QSslSocket socket2; - socket2.addCaCertificates(testDataDir + "certs/qt-test-server-cacert.pem"); + socket2.addCaCertificates(httpServerCertChainPath()); socket2.setProxy(badProxy); - socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY(! socket2.waitForConnected(10000)); socket2.abort(); socket2.setProxy(goodProxy); - socket2.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket2.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QVERIFY2(socket2.waitForConnected(10000), qPrintable(socket.errorString())); #endif // QT_NO_NETWORKPROXY } @@ -2425,7 +2468,7 @@ void tst_QSslSocket::ignoreSslErrorsList_data() // construct the list of errors that we will get with the SSL handshake and that we will ignore QList expectedSslErrors; // fromPath gives us a list of certs, but it actually only contains one - QList certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + QList certs = QSslCertificate::fromPath(httpServerCertChainPath()); QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); QSslError wrongError(FLUKE_CERTIFICATE_ERROR); @@ -2456,7 +2499,7 @@ void tst_QSslSocket::ignoreSslErrorsList() QFETCH(int, expectedSslErrorSignalCount); QSignalSpy sslErrorsSpy(&socket, SIGNAL(error(QAbstractSocket::SocketError))); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0); if (socket.waitForEncrypted(10000) != expectEncryptionSuccess) @@ -2487,7 +2530,7 @@ void tst_QSslSocket::ignoreSslErrorsListWithSlot() this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); connect(&socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorListSlot(QList))); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH(int, expectedSslErrorSignalCount); bool expectEncryptionSuccess = (expectedSslErrorSignalCount == 0); @@ -2529,14 +2572,14 @@ void tst_QSslSocket::readFromClosedSocket() socket->setProtocol(QSsl::SslProtocol::TlsV1_1); #endif socket->ignoreSslErrors(); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); socket->ignoreSslErrors(); socket->waitForConnected(); socket->waitForEncrypted(); // provoke a response by sending a request socket->write("GET /qtest/fluke.gif HTTP/1.1\n"); socket->write("Host: "); - socket->write(QtNetworkSettings::serverName().toLocal8Bit().constData()); + socket->write(QtNetworkSettings::httpServerName().toLocal8Bit().constData()); socket->write("\n"); socket->write("\n"); socket->waitForBytesWritten(); @@ -2560,7 +2603,7 @@ void tst_QSslSocket::writeBigChunk() this->socket = socket.data(); connect(this->socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QByteArray data; data.resize(1024*1024*10); // 10 MB @@ -2719,7 +2762,9 @@ void tst_QSslSocket::resume_data() QTest::newRow("DoNotIgnoreErrors") << false << QList() << false; QTest::newRow("ignoreAllErrors") << true << QList() << true; - QList certs = QSslCertificate::fromPath(testDataDir + "certs/qt-test-server-cacert.pem"); + // Note, httpServerCertChainPath() it's ... because we use the same certificate on + // different services. We'll be actually connecting to IMAP server. + QList certs = QSslCertificate::fromPath(httpServerCertChainPath()); QSslError rightError(FLUKE_CERTIFICATE_ERROR, certs.at(0)); QSslError wrongError(FLUKE_CERTIFICATE_ERROR); errorsList.append(wrongError); @@ -2752,7 +2797,7 @@ void tst_QSslSocket::resume() this, SLOT(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*))); connect(&socket, SIGNAL(error(QAbstractSocket::SocketError)), &QTestEventLoop::instance(), SLOT(exitLoop())); - socket.connectToHostEncrypted(QtNetworkSettings::serverName(), 993); + socket.connectToHostEncrypted(QtNetworkSettings::imapServerName(), 993); QTestEventLoop::instance().enterLoop(10); QFETCH_GLOBAL(bool, setProxy); if (setProxy && QTestEventLoop::instance().timeout()) @@ -3418,7 +3463,7 @@ void tst_QSslSocket::setEmptyDefaultConfiguration() // this test should be last, socket = client.data(); connect(socket, SIGNAL(sslErrors(QList)), this, SLOT(ignoreErrorSlot())); - socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443); + socket->connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); QFETCH_GLOBAL(bool, setProxy); if (setProxy && socket->waitForEncrypted(4000)) QSKIP("Skipping flaky test - See QTBUG-29941"); @@ -4127,7 +4172,7 @@ void tst_QSslSocket::forwardReadChannelFinished() }); connect(&socket, &QSslSocket::readChannelFinished, &QTestEventLoop::instance(), &QTestEventLoop::exitLoop); - socket.connectToHostEncrypted(QtNetworkSettings::serverLocalName(), 443); + socket.connectToHostEncrypted(QtNetworkSettings::httpServerName(), 443); enterLoop(10); QVERIFY(readChannelFinishedSpy.count()); } diff --git a/tests/testserver/cyrus/cyrus.sh b/tests/testserver/cyrus/cyrus.sh index bd09acffc8..92c3bfa703 100755 --- a/tests/testserver/cyrus/cyrus.sh +++ b/tests/testserver/cyrus/cyrus.sh @@ -31,4 +31,10 @@ set -ex -service cyrus-imapd start +echo "tls_cert_file: /home/qt-test-server/ssl-certs/qt-test-server-cert.pem" >> /etc/imapd.conf +echo "tls_key_file: /home/qt-test-server/ssl-certs/private/qt-test-server-key.pem" >> /etc/imapd.conf +chmod +3 /home/qt-test-server/ssl-certs/private/ +mkdir -m 007 -p /run/cyrus/proc +sed -i 's/#imaps\t\tcmd="imapd/imaps\t\tcmd="imapd/' /etc/cyrus.conf + +service cyrus-imapd restart diff --git a/tests/testserver/docker-compose.yml b/tests/testserver/docker-compose.yml index 60ecfe6f21..962daad3c9 100644 --- a/tests/testserver/docker-compose.yml +++ b/tests/testserver/docker-compose.yml @@ -34,6 +34,7 @@ services: - cyrus:cyrus.${TEST_DOMAIN} - iptables:iptables.${TEST_DOMAIN} - vsftpd:vsftpd.${TEST_DOMAIN} + - echo:echo.${TEST_DOMAIN} volumes: - ./common:/common:ro - ./squid:/service:ro @@ -96,7 +97,7 @@ services: - ./common:/common:ro - ./cyrus:/service:ro entrypoint: common/startup.sh - command: service/cyrus.sh + command: [common/ssl.sh, service/cyrus.sh] iptables: image: qt-test-server-iptables:cb7a8bd6d28602085a88c8ced7d67e28e75781e2 diff --git a/tests/testserver/echo/echo.sh b/tests/testserver/echo/echo.sh index a028d056e0..f0da9627d5 100755 --- a/tests/testserver/echo/echo.sh +++ b/tests/testserver/echo/echo.sh @@ -2,5 +2,6 @@ # Disabled by default, enable it. sed -i 's/disable\t\t= yes/disable = no/' /etc/xinetd.d/echo +sed -i 's/disable\t\t= yes/disable = no/' /etc/xinetd.d/daytime service xinetd restart -- cgit v1.2.3