diff options
Diffstat (limited to 'test/modules')
-rw-r--r-- | test/modules/http2/env.py | 1 | ||||
-rw-r--r-- | test/modules/tls/env.py | 25 | ||||
-rw-r--r-- | test/modules/tls/test_03_sni.py | 7 | ||||
-rw-r--r-- | test/modules/tls/test_05_proto.py | 7 | ||||
-rw-r--r-- | test/modules/tls/test_08_vars.py | 15 |
5 files changed, 25 insertions, 30 deletions
diff --git a/test/modules/http2/env.py b/test/modules/http2/env.py index f70852dd2a..fee672bd2b 100644 --- a/test/modules/http2/env.py +++ b/test/modules/http2/env.py @@ -92,6 +92,7 @@ class H2TestEnv(HttpdTestEnv): re.compile(r'.*:tls_post_process_client_hello:.*'), re.compile(r'.*:tls_process_client_certificate:.*'), re.compile(r'.*have incompatible TLS configurations.'), + re.compile(r'.*SSL Library Error: error:0A0000C[17]:.*'), ]) def setup_httpd(self, setup: HttpdTestSetup = None): diff --git a/test/modules/tls/env.py b/test/modules/tls/env.py index e60c321712..705192f351 100644 --- a/test/modules/tls/env.py +++ b/test/modules/tls/env.py @@ -3,13 +3,9 @@ import logging import os import re import subprocess -import sys -import time from datetime import timedelta, datetime -from http.client import HTTPConnection from typing import List, Optional, Dict, Tuple, Union -from urllib.parse import urlparse from pyhttpd.certs import CertificateSpec from pyhttpd.env import HttpdTestEnv, HttpdTestSetup @@ -57,6 +53,19 @@ class TlsCipher: class TlsTestEnv(HttpdTestEnv): + CURL_SUPPORTS_TLS_1_3 = None + + @classmethod + def curl_supports_tls_1_3(cls) -> bool: + if cls.CURL_SUPPORTS_TLS_1_3 is None: + p = subprocess.run(['curl', '--tlsv1.3', 'https://shouldneverexistreally'], + stderr=subprocess.PIPE, stdout=subprocess.PIPE) + # return code 6 means the site could not be resolved, but the + # tls parameter was recognized + cls.CURL_SUPPORTS_TLS_1_3 = p.returncode == 6 + return cls.CURL_SUPPORTS_TLS_1_3 + + # current rustls supported ciphers in their order of preference # used to test cipher selection, see test_06_ciphers.py RUSTLS_CIPHERS = [ @@ -159,14 +168,6 @@ class TlsTestEnv(HttpdTestEnv): args.extend([]) return self.openssl(args) - CURL_SUPPORTS_TLS_1_3 = None - - def curl_supports_tls_1_3(self) -> bool: - if self.CURL_SUPPORTS_TLS_1_3 is None: - r = self.tls_get(self.domain_a, "/index.json", options=["--tlsv1.3"]) - self.CURL_SUPPORTS_TLS_1_3 = r.exit_code == 0 - return self.CURL_SUPPORTS_TLS_1_3 - OPENSSL_SUPPORTED_PROTOCOLS = None @staticmethod diff --git a/test/modules/tls/test_03_sni.py b/test/modules/tls/test_03_sni.py index eda9a33adb..2f11afc35b 100644 --- a/test/modules/tls/test_03_sni.py +++ b/test/modules/tls/test_03_sni.py @@ -3,6 +3,7 @@ from datetime import timedelta import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestSni: @@ -13,7 +14,6 @@ class TestSni: conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) conf.install() assert env.apache_restart() == 0 - env.curl_supports_tls_1_3() # init @pytest.fixture(autouse=True, scope='function') def _function_scope(self, env): @@ -46,9 +46,6 @@ class TestSni: assert r.response['status'] == 421 def test_03_sni_request_other_other_honor(self, env): - if env.curl_supports_tls_1_3(): - # can't do this test then - return # do we see the first vhost response for an unknown domain? conf = TlsTestConf(env=env, extras={ env.domain_a: "TLSProtocol TLSv1.2+", @@ -58,7 +55,7 @@ class TestSni: conf.install() assert env.apache_restart() == 0 r = env.tls_get(env.domain_a, "/index.json", options=[ - "-vvvv", "--header", "Host: {0}".format(env.domain_b) + "-vvvv", "--tls-max", "1.2", "--header", "Host: {0}".format(env.domain_b) ]) # request denied assert r.exit_code == 0 diff --git a/test/modules/tls/test_05_proto.py b/test/modules/tls/test_05_proto.py index 7165f21b84..6f4762cd26 100644 --- a/test/modules/tls/test_05_proto.py +++ b/test/modules/tls/test_05_proto.py @@ -6,6 +6,7 @@ from threading import Thread import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestProto: @@ -29,18 +30,16 @@ class TestProto: def _function_scope(self, env): pass - CURL_SUPPORTS_TLS_1_3 = None - def test_05_proto_1_2(self, env): r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.2"]) assert r.exit_code == 0, r.stderr - if env.curl_supports_tls_1_3(): + if TlsTestEnv.curl_supports_tls_1_3(): r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.3"]) assert r.exit_code == 0, r.stderr def test_05_proto_1_3(self, env): r = env.tls_get(env.domain_a, "/index.json", options=["--tlsv1.3"]) - if env.curl_supports_tls_1_3(): + if TlsTestEnv.curl_supports_tls_1_3(): assert r.exit_code == 0, r.stderr else: assert r.exit_code == 4, r.stderr diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py index baaed38205..4527213346 100644 --- a/test/modules/tls/test_08_vars.py +++ b/test/modules/tls/test_08_vars.py @@ -1,9 +1,9 @@ import re -from datetime import timedelta import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestVars: @@ -22,13 +22,10 @@ class TestVars: def test_08_vars_root(self, env): # in domain_b root, the StdEnvVars is switch on - if env.curl_supports_tls_1_3(): - exp_proto = "TLSv1.3" - exp_cipher = "TLS_AES_256_GCM_SHA384" - else: - exp_proto = "TLSv1.2" - exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - r = env.tls_get(env.domain_b, "/vars.py") + exp_proto = "TLSv1.2" + exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + options = [ '--tls-max', '1.2'] + r = env.tls_get(env.domain_b, "/vars.py", options=options) assert r.exit_code == 0, r.stderr assert r.json == { 'https': 'on', @@ -37,7 +34,7 @@ class TestVars: 'ssl_protocol': exp_proto, # this will vary by client potentially 'ssl_cipher': exp_cipher, - }, r.stdout + } @pytest.mark.parametrize("name, value", [ ("SERVER_NAME", "b.mod-tls.test"), |