summaryrefslogtreecommitdiffstats
path: root/test/modules
diff options
context:
space:
mode:
Diffstat (limited to 'test/modules')
-rw-r--r--test/modules/http2/env.py1
-rw-r--r--test/modules/tls/env.py25
-rw-r--r--test/modules/tls/test_03_sni.py7
-rw-r--r--test/modules/tls/test_05_proto.py7
-rw-r--r--test/modules/tls/test_08_vars.py15
5 files changed, 25 insertions, 30 deletions
diff --git a/test/modules/http2/env.py b/test/modules/http2/env.py
index f70852dd2a..fee672bd2b 100644
--- a/test/modules/http2/env.py
+++ b/test/modules/http2/env.py
@@ -92,6 +92,7 @@ class H2TestEnv(HttpdTestEnv):
re.compile(r'.*:tls_post_process_client_hello:.*'),
re.compile(r'.*:tls_process_client_certificate:.*'),
re.compile(r'.*have incompatible TLS configurations.'),
+ re.compile(r'.*SSL Library Error: error:0A0000C[17]:.*'),
])
def setup_httpd(self, setup: HttpdTestSetup = None):
diff --git a/test/modules/tls/env.py b/test/modules/tls/env.py
index e60c321712..705192f351 100644
--- a/test/modules/tls/env.py
+++ b/test/modules/tls/env.py
@@ -3,13 +3,9 @@ import logging
import os
import re
import subprocess
-import sys
-import time
from datetime import timedelta, datetime
-from http.client import HTTPConnection
from typing import List, Optional, Dict, Tuple, Union
-from urllib.parse import urlparse
from pyhttpd.certs import CertificateSpec
from pyhttpd.env import HttpdTestEnv, HttpdTestSetup
@@ -57,6 +53,19 @@ class TlsCipher:
class TlsTestEnv(HttpdTestEnv):
+ CURL_SUPPORTS_TLS_1_3 = None
+
+ @classmethod
+ def curl_supports_tls_1_3(cls) -> bool:
+ if cls.CURL_SUPPORTS_TLS_1_3 is None:
+ p = subprocess.run(['curl', '--tlsv1.3', 'https://shouldneverexistreally'],
+ stderr=subprocess.PIPE, stdout=subprocess.PIPE)
+ # return code 6 means the site could not be resolved, but the
+ # tls parameter was recognized
+ cls.CURL_SUPPORTS_TLS_1_3 = p.returncode == 6
+ return cls.CURL_SUPPORTS_TLS_1_3
+
+
# current rustls supported ciphers in their order of preference
# used to test cipher selection, see test_06_ciphers.py
RUSTLS_CIPHERS = [
@@ -159,14 +168,6 @@ class TlsTestEnv(HttpdTestEnv):
args.extend([])
return self.openssl(args)
- CURL_SUPPORTS_TLS_1_3 = None
-
- def curl_supports_tls_1_3(self) -> bool:
- if self.CURL_SUPPORTS_TLS_1_3 is None:
- r = self.tls_get(self.domain_a, "/index.json", options=["--tlsv1.3"])
- self.CURL_SUPPORTS_TLS_1_3 = r.exit_code == 0
- return self.CURL_SUPPORTS_TLS_1_3
-
OPENSSL_SUPPORTED_PROTOCOLS = None
@staticmethod
diff --git a/test/modules/tls/test_03_sni.py b/test/modules/tls/test_03_sni.py
index eda9a33adb..2f11afc35b 100644
--- a/test/modules/tls/test_03_sni.py
+++ b/test/modules/tls/test_03_sni.py
@@ -3,6 +3,7 @@ from datetime import timedelta
import pytest
from .conf import TlsTestConf
+from .env import TlsTestEnv
class TestSni:
@@ -13,7 +14,6 @@ class TestSni:
conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b])
conf.install()
assert env.apache_restart() == 0
- env.curl_supports_tls_1_3() # init
@pytest.fixture(autouse=True, scope='function')
def _function_scope(self, env):
@@ -46,9 +46,6 @@ class TestSni:
assert r.response['status'] == 421
def test_03_sni_request_other_other_honor(self, env):
- if env.curl_supports_tls_1_3():
- # can't do this test then
- return
# do we see the first vhost response for an unknown domain?
conf = TlsTestConf(env=env, extras={
env.domain_a: "TLSProtocol TLSv1.2+",
@@ -58,7 +55,7 @@ class TestSni:
conf.install()
assert env.apache_restart() == 0
r = env.tls_get(env.domain_a, "/index.json", options=[
- "-vvvv", "--header", "Host: {0}".format(env.domain_b)
+ "-vvvv", "--tls-max", "1.2", "--header", "Host: {0}".format(env.domain_b)
])
# request denied
assert r.exit_code == 0
diff --git a/test/modules/tls/test_05_proto.py b/test/modules/tls/test_05_proto.py
index 7165f21b84..6f4762cd26 100644
--- a/test/modules/tls/test_05_proto.py
+++ b/test/modules/tls/test_05_proto.py
@@ -6,6 +6,7 @@ from threading import Thread
import pytest
from .conf import TlsTestConf
+from .env import TlsTestEnv
class TestProto:
@@ -29,18 +30,16 @@ class TestProto:
def _function_scope(self, env):
pass
- CURL_SUPPORTS_TLS_1_3 = None
-
def test_05_proto_1_2(self, env):
r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.2"])
assert r.exit_code == 0, r.stderr
- if env.curl_supports_tls_1_3():
+ if TlsTestEnv.curl_supports_tls_1_3():
r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.3"])
assert r.exit_code == 0, r.stderr
def test_05_proto_1_3(self, env):
r = env.tls_get(env.domain_a, "/index.json", options=["--tlsv1.3"])
- if env.curl_supports_tls_1_3():
+ if TlsTestEnv.curl_supports_tls_1_3():
assert r.exit_code == 0, r.stderr
else:
assert r.exit_code == 4, r.stderr
diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py
index baaed38205..4527213346 100644
--- a/test/modules/tls/test_08_vars.py
+++ b/test/modules/tls/test_08_vars.py
@@ -1,9 +1,9 @@
import re
-from datetime import timedelta
import pytest
from .conf import TlsTestConf
+from .env import TlsTestEnv
class TestVars:
@@ -22,13 +22,10 @@ class TestVars:
def test_08_vars_root(self, env):
# in domain_b root, the StdEnvVars is switch on
- if env.curl_supports_tls_1_3():
- exp_proto = "TLSv1.3"
- exp_cipher = "TLS_AES_256_GCM_SHA384"
- else:
- exp_proto = "TLSv1.2"
- exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- r = env.tls_get(env.domain_b, "/vars.py")
+ exp_proto = "TLSv1.2"
+ exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+ options = [ '--tls-max', '1.2']
+ r = env.tls_get(env.domain_b, "/vars.py", options=options)
assert r.exit_code == 0, r.stderr
assert r.json == {
'https': 'on',
@@ -37,7 +34,7 @@ class TestVars:
'ssl_protocol': exp_proto,
# this will vary by client potentially
'ssl_cipher': exp_cipher,
- }, r.stdout
+ }
@pytest.mark.parametrize("name, value", [
("SERVER_NAME", "b.mod-tls.test"),