WIP TestCase: pass SSL_options to Net::DAVTalk

cassandane/Cassandane/Cyrus/TestCase.pm

@@ -41,12 +41,14 @@ package Cassandane::Cyrus::TestCase;
 use strict;
 use warnings;
 use attributes;
+use version 0.77;
+use Cwd qw(abs_path);
 use Data::Dumper;
-use Scalar::Util qw(refaddr);
-use List::Util qw(uniq);
 use Digest::file qw(digest_file_hex);
-use File::Temp qw(tempfile);
 use File::Path qw(rmtree);
+use File::Temp qw(tempfile);
+use List::Util qw(uniq);
+use Scalar::Util qw(refaddr);
 
 use lib '.';
 use base qw(Cassandane::Unit::TestCase);
@@ -791,29 +793,72 @@ sub _create_instances
     }
 }
 
+sub _need_http_tiny_env
+{
+    # Net::DAVTalk < 0.23 and Mail::JMAPTalk < 0.17 don't pass through
+    # SSL_options, but HTTP::Tiny >= 0.083 enables SSL certificate
+    # verification, which will fail without our SSL_options.
+    #
+    # For HTTP::Tiny >= 0.086, we can set an environment variable
+    # to turn off SSL certificate verifications.
+    #
+    # For HTTP::Tiny in 0.083 .. 0.085, ¯\_(ツ)_/¯
+    eval {
+        require Net::DAVTalk;
+        require HTTP::Tiny;
+    };
+    return undef if $@;
+
+    my $ndv = version->parse($Net::DAVTalk::VERSION);
+    my $mjv = version->parse($Mail::JMAPTalk::VERSION);
+    my $htv = version->parse($HTTP::Tiny::VERSION);
+
+    xlog "XXX have Net::DAVTalk version " . Net::DAVTalk->VERSION();
+    xlog "XXX have Mail::JMAPTalk version " . Mail::JMAPTalk->VERSION();
+    xlog "XXX have HTTP::Tiny version " . HTTP::Tiny->VERSION();
+
+    # not needed: old HTTP::Tiny doesn't check certificates
+    return undef if $htv < version->parse('0.083');
+
+    # not needed: new Net::DAVTalk and Mail::JMAPTalk pass through SSL_options
+    return undef if $ndv >= version->parse('0.23')
+                    && $mjv >= version->parse('0.17');
+
+    xlog "XXX will need http tiny env";
+
+    # awkward: HTTP::Tiny new enough to check certificates, but not new
+    # enough to override that by the environment variable.  if you get errors
+    # here, you need to either upgrade HTTP::Tiny to 0.086 or later, or
+    # upgrade Net::DAVTalk to 0.23 and Mail::JMAPTalk to 0.17
+    HTTP::Tiny->VERSION('0.086');
+
+    return 1;
+}
+
 sub _setup_http_service_objects
 {
     my ($self) = @_;
 
     # nothing to do if no http or https service
-    my $service = $self->{instance}->get_service("http");
-    $service ||= $self->{instance}->get_service("https");
+    my $service = $self->{instance}->get_service("https");
+    $service ||= $self->{instance}->get_service("http");
     return if !$service;
 
+    my $ca_file = abs_path("data/certs/cacert.pem");
+
     my %common_args = (
         user => 'cassandane',
         password => 'pass',
         host => $service->host(),
         port => $service->port(),
         scheme => ($service->is_ssl() ? 'https' : 'http'),
+        SSL_options => {
+            SSL_ca_file => $ca_file,
+            SSL_verifycn_scheme => 'none',
+        },
     );
 
-    # XXX HTTP::Tiny 0.8.3 and later have SSL_verify enabled by default, but
-    # XXX Net::DAVTalk doesn't provide any way for us to supply our CA file,
-    # XXX making setup fail with certificate verify errors.
-    # XXX HTTP::Tiny 0.86 and later lets us set this environment variable
-    # XXX to restore the old default
-    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = 1;
+    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = _need_http_tiny_env();
 
     if ($self->{instance}->{config}->get_bit('httpmodules', 'carddav')) {
         require Net::CardDAVTalk;
@@ -824,6 +869,8 @@ sub _setup_http_service_objects
         );
     }
     if ($self->{instance}->{config}->get_bit('httpmodules', 'caldav')) {
+        xlog "XXX http tiny env: "
+             . $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
         require Net::CalDAVTalk;
         $self->{caldav} = Net::CalDAVTalk->new(
             %common_args,
@@ -834,12 +881,19 @@ sub _setup_http_service_objects
                                           "cassandane\@example.com");
     }
     if ($self->{instance}->{config}->get_bit('httpmodules', 'jmap')) {
+        xlog "XXX http tiny env: "
+             . $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
+        # XXX would be nice if Mail::JMAPTalk would pass through SSL_options
+        # XXX to its HTTP::Tiny constructor too...
         require Mail::JMAPTalk;
         $ENV{DEBUGJMAP} = 1;
         $self->{jmap} = Mail::JMAPTalk->new(
             %common_args,
             url => '/jmap/',
         );
+
+        # preload default UA while the HTTP::Tiny env var is still set
+        $self->{jmap}->ua();
     }
 
     xlog $self, "http service objects setup complete!";

cassandane/tiny-tests/JMAPCore/echo-tls

@@ -0,0 +1,25 @@
+#!perl
+use Cassandane::Tiny;
+
+sub test_echo_tls
+    :TLS :want_service_https :needs_component_httpd
+{
+    my ($self) = @_;
+
+    my $jmap = $self->{jmap};
+
+    my $req = {
+        hello => JSON::true,
+        max => 5,
+        stuff => { foo => "bar", empty => JSON::null }
+    };
+
+    xlog $self, "send ping";
+    my $res = $jmap->CallMethods([['Core/echo', $req, "R1"]]);
+
+    xlog $self, "check pong";
+    $self->assert_not_null($res);
+    $self->assert_str_equals('Core/echo', $res->[0][0]);
+    $self->assert_deep_equals($req, $res->[0][1]);
+    $self->assert_str_equals('R1', $res->[0][2]);
+}