Skip to content

Commit

Permalink
TestCase: pass SSL_options to Net::DAVTalk and Mail::JMAPTalk
Browse files Browse the repository at this point in the history
  • Loading branch information
elliefm committed Jan 29, 2025
1 parent 11ae951 commit 6cc26ca
Showing 1 changed file with 56 additions and 9 deletions.
65 changes: 56 additions & 9 deletions cassandane/Cassandane/Cyrus/TestCase.pm
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,14 @@ package Cassandane::Cyrus::TestCase;
use strict;
use warnings;
use attributes;
use version 0.77;
use Cwd qw(abs_path);
use Data::Dumper;
use Scalar::Util qw(refaddr);
use List::Util qw(uniq);
use Digest::file qw(digest_file_hex);
use File::Temp qw(tempfile);
use File::Path qw(rmtree);
use File::Temp qw(tempfile);
use List::Util qw(uniq);
use Scalar::Util qw(refaddr);

use lib '.';
use base qw(Cassandane::Unit::TestCase);
Expand Down Expand Up @@ -791,6 +793,47 @@ sub _create_instances
}
}

sub _need_http_tiny_env
{
# Net::DAVTalk < 0.23 and Mail::JMAPTalk < 0.17 don't pass through
# SSL_options, but HTTP::Tiny >= 0.083 enables SSL certificate
# verification, which will fail without our SSL_options.
#
# For HTTP::Tiny >= 0.086, we can set an environment variable
# to turn off SSL certificate verifications.
#
# For HTTP::Tiny in 0.083 .. 0.085, ¯\_(ツ)_/¯
eval {
require Net::DAVTalk;
require HTTP::Tiny;
};
return undef if $@;

my $ndv = version->parse($Net::DAVTalk::VERSION);
my $mjv = version->parse($Mail::JMAPTalk::VERSION);
my $htv = version->parse($HTTP::Tiny::VERSION);

# not needed: old HTTP::Tiny doesn't check certificates
return undef if $htv < version->parse('0.083');

# not needed: new Net::DAVTalk and Mail::JMAPTalk pass through SSL_options
return undef if $ndv >= version->parse('0.23')
&& $mjv >= version->parse('0.17');

# awkward: HTTP::Tiny 0.083-0.085 are new enough to check certificates
# by default, but not new enough for us to override that by the
# environment variable. if you get errors here, you need to either
# upgrade HTTP::Tiny to 0.086 (or later), or upgrade Net::DAVTalk to 0.23
# and Mail::JMAPTalk to 0.17 (or later).
HTTP::Tiny->VERSION('0.086');

xlog "Have Net::DAVTalk version " . Net::DAVTalk->VERSION();
xlog "Have Mail::JMAPTalk version " . Mail::JMAPTalk->VERSION();
xlog "Have HTTP::Tiny version " . HTTP::Tiny->VERSION();
xlog "Will set PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1";
return 1;
}

sub _setup_http_service_objects
{
my ($self) = @_;
Expand All @@ -800,20 +843,21 @@ sub _setup_http_service_objects
$service ||= $self->{instance}->get_service("http");
return if !$service;

my $ca_file = abs_path("data/certs/cacert.pem");

my %common_args = (
user => 'cassandane',
password => 'pass',
host => $service->host(),
port => $service->port(),
scheme => ($service->is_ssl() ? 'https' : 'http'),
SSL_options => {
SSL_ca_file => $ca_file,
SSL_verifycn_scheme => 'none',
},
);

# XXX HTTP::Tiny 0.8.3 and later have SSL_verify enabled by default, but
# XXX Net::DAVTalk doesn't provide any way for us to supply our CA file,
# XXX making setup fail with certificate verify errors.
# XXX HTTP::Tiny 0.86 and later lets us set this environment variable
# XXX to restore the old default
local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = 1;
local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = _need_http_tiny_env();

if ($self->{instance}->{config}->get_bit('httpmodules', 'carddav')) {
require Net::CardDAVTalk;
Expand All @@ -840,6 +884,9 @@ sub _setup_http_service_objects
%common_args,
url => '/jmap/',
);

# preload default UA while the HTTP::Tiny env var is still set
$self->{jmap}->ua();
}

xlog $self, "http service objects setup complete!";
Expand Down

0 comments on commit 6cc26ca

Please sign in to comment.