diff options
| author | Stefan Eissing <icing@apache.org> | 2023-03-05 10:25:32 +0000 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2023-03-05 10:25:32 +0000 |
| commit | 935c2db17770271845dc2666d83f589bb501fef3 (patch) | |
| tree | 790890e40e590f19e1b0cf451c2a1f10d521f5c4 | |
| parent | ca358132f9ee9cb977369b6ad9be2541de2c4a23 (diff) | |
| download | httpd-935c2db17770271845dc2666d83f589bb501fef3.tar.gz | |
test: pytest suite
- use 'multipart' package (needs pip install) instead of deprecated
'cgi' package in cgi scripts
- adjust to changes in 'openssl' output on resent macOS
- prefix all mod_tls test cases with 'test_tls'
- update current mod_md tests for new features
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908082 13f79535-47bb-0310-9956-ffa450edef68
31 files changed, 341 insertions, 204 deletions
diff --git a/test/modules/http2/htdocs/cgi/echo.py b/test/modules/http2/htdocs/cgi/echo.py index 58d811c42d..c9083e1d53 100644 --- a/test/modules/http2/htdocs/cgi/echo.py +++ b/test/modules/http2/htdocs/cgi/echo.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 -import sys, cgi, os +import os, sys +import multipart status = '200 Ok' diff --git a/test/modules/http2/htdocs/cgi/echohd.py b/test/modules/http2/htdocs/cgi/echohd.py index 371ae8b0f7..2a138cd844 100644 --- a/test/modules/http2/htdocs/cgi/echohd.py +++ b/test/modules/http2/htdocs/cgi/echohd.py @@ -1,11 +1,25 @@ #!/usr/bin/env python3 -import cgi, os -import cgitb; cgitb.enable() +import os, sys +import multipart +from urllib import parse -status = '200 Ok' -form = cgi.FieldStorage() -name = form.getvalue('name') +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() +name = forms['name'] if 'name' in forms else None if name: print("Status: 200") diff --git a/test/modules/http2/htdocs/cgi/env.py b/test/modules/http2/htdocs/cgi/env.py index 5c9c0b1adb..3af576496a 100644 --- a/test/modules/http2/htdocs/cgi/env.py +++ b/test/modules/http2/htdocs/cgi/env.py @@ -1,28 +1,45 @@ #!/usr/bin/env python3 -import cgi, os -import cgitb; cgitb.enable() +import os, sys +import multipart +from urllib import parse + + +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() status = '200 Ok' try: - form = cgi.FieldStorage() - input = form['name'] + ename = forms['name'] # Test if the file was uploaded - if input.value is not None: - val = os.environ[input.value] if input.value in os.environ else "" + if ename is not None: + val = os.environ[ename] if ename in os.environ else "" print("Status: 200") print("""\ Content-Type: text/plain\n""") - print("{0}={1}".format(input.value, val)) + print(f"{ename}={val}") else: print("Status: 400 Parameter Missing") print("""\ Content-Type: text/html\n <html><body> - <p>No name was specified: %s</p> - </body></html>""" % (count.value)) + <p>No name was specified: name</p> + </body></html>""") except KeyError: print("Status: 200 Ok") diff --git a/test/modules/http2/htdocs/cgi/hecho.py b/test/modules/http2/htdocs/cgi/hecho.py index 5c1f79a302..fb9e330b60 100644 --- a/test/modules/http2/htdocs/cgi/hecho.py +++ b/test/modules/http2/htdocs/cgi/hecho.py @@ -1,18 +1,35 @@ #!/usr/bin/env python3 -import cgi, os -import cgitb; cgitb.enable() +import os, sys +import multipart +from urllib import parse + + +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() status = '200 Ok' try: - form = cgi.FieldStorage() - + # A nested FieldStorage instance holds the file - name = form['name'].value + name = forms['name'] value = '' try: - value = form['value'].value + value = forms['value'] except KeyError: value = os.environ.get("HTTP_"+name, "unset") diff --git a/test/modules/http2/htdocs/cgi/mnot164.py b/test/modules/http2/htdocs/cgi/mnot164.py index 0e5d107246..c29ccc185b 100644 --- a/test/modules/http2/htdocs/cgi/mnot164.py +++ b/test/modules/http2/htdocs/cgi/mnot164.py @@ -1,19 +1,26 @@ #!/usr/bin/env python3 +import os, sys +import multipart +from urllib import parse -import cgi -import cgitb; cgitb.enable() -import os -import sys -try: - form = cgi.FieldStorage() - count = form['count'].value - text = form['text'].value -except KeyError: - text="a" - count=77784 +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles -count = int(count) + +forms, files = get_request_params() +text = forms['text'] if 'text' in forms else "a" +count = int(forms['count']) if 'count' in forms else 77784 print("Status: 200 OK") print("Content-Type: text/html") diff --git a/test/modules/http2/htdocs/cgi/necho.py b/test/modules/http2/htdocs/cgi/necho.py index b9249b8969..78e2aad302 100644 --- a/test/modules/http2/htdocs/cgi/necho.py +++ b/test/modules/http2/htdocs/cgi/necho.py @@ -1,33 +1,49 @@ #!/usr/bin/env python3 -import cgi, os import time -import cgitb; cgitb.enable() +import os, sys +import multipart +from urllib import parse + +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() status = '200 Ok' try: - form = cgi.FieldStorage() - count = form['count'] - text = form['text'] + count = forms['count'] + text = forms['text'] - waitsec = float(form['wait1'].value) if 'wait1' in form else 0.0 + waitsec = float(forms['wait1']) if 'wait1' in forms else 0.0 if waitsec > 0: time.sleep(waitsec) - if int(count.value): + if int(count): print("Status: 200") print("""\ Content-Type: text/plain\n""") - waitsec = float(form['wait2'].value) if 'wait2' in form else 0.0 + waitsec = float(forms['wait2']) if 'wait2' in forms else 0.0 if waitsec > 0: time.sleep(waitsec) i = 0; - for i in range(0, int(count.value)): - print("%s" % (text.value)) + for i in range(0, int(count)): + print("%s" % (text)) - waitsec = float(form['wait3'].value) if 'wait3' in form else 0.0 + waitsec = float(forms['wait3']) if 'wait3' in forms else 0.0 if waitsec > 0: time.sleep(waitsec) @@ -37,7 +53,7 @@ Content-Type: text/plain\n""") Content-Type: text/html\n <html><body> <p>No count was specified: %s</p> - </body></html>""" % (count.value)) + </body></html>""" % (count)) except KeyError: print("Status: 200 Ok") diff --git a/test/modules/http2/htdocs/cgi/upload.py b/test/modules/http2/htdocs/cgi/upload.py index 2c8d63aa10..59fbb5866d 100644 --- a/test/modules/http2/htdocs/cgi/upload.py +++ b/test/modules/http2/htdocs/cgi/upload.py @@ -1,42 +1,58 @@ #!/usr/bin/env python3 -import cgi, os -import cgitb -cgitb.enable() +import os +import sys +import multipart +from urllib import parse -status = '200 Ok' -try: # Windows needs stdio set for binary mode. +try: # Windows needs stdio set for binary mode. import msvcrt - msvcrt.setmode (0, os.O_BINARY) # stdin = 0 - msvcrt.setmode (1, os.O_BINARY) # stdout = 1 + + msvcrt.setmode(0, os.O_BINARY) # stdin = 0 + msvcrt.setmode(1, os.O_BINARY) # stdout = 1 except ImportError: pass -form = cgi.FieldStorage() +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() + +status = '200 Ok' # Test if the file was uploaded -if 'file' in form: - fileitem = form['file'] +if 'file' in files: + fitem = files['file'] # strip leading path from file name to avoid directory traversal attacks - fn = os.path.basename(fileitem.filename) - f = open(('%s/files/%s' % (os.environ["DOCUMENT_ROOT"], fn)), 'wb'); - f.write(fileitem.file.read()) - f.close() - message = "The file %s was uploaded successfully" % (fn) + fname = fitem.filename + fpath = f'{os.environ["DOCUMENT_ROOT"]}/files/{fname}' + fitem.save_as(fpath) + message = "The file %s was uploaded successfully" % (fname) print("Status: 201 Created") print("Content-Type: text/html") - print("Location: %s://%s/files/%s" % (os.environ["REQUEST_SCHEME"], os.environ["HTTP_HOST"], fn)) + print("Location: %s://%s/files/%s" % (os.environ["REQUEST_SCHEME"], os.environ["HTTP_HOST"], fname)) print("") print("<html><body><p>%s</p></body></html>" % (message)) - -elif 'remove' in form: - remove = form['remove'].value + +elif 'remove' in forms: + remove = forms['remove'] try: - fn = os.path.basename(remove) - os.remove('./files/' + fn) - message = 'The file "' + fn + '" was removed successfully' + fname = os.path.basename(remove) + os.remove('./files/' + fname) + message = 'The file "' + fname + '" was removed successfully' except OSError as e: - message = 'Error removing ' + fn + ': ' + e.strerror + message = 'Error removing ' + fname + ': ' + e.strerror status = '404 File Not Found' print("Status: %s" % (status)) print(""" diff --git a/test/modules/md/conftest.py b/test/modules/md/conftest.py index a25ea1aae4..04165a2dfc 100755 --- a/test/modules/md/conftest.py +++ b/test/modules/md/conftest.py @@ -50,6 +50,7 @@ def _session_scope(env): 'AH01909', # mod_ssl, cert alt name complains 'AH10170', # mod_md, wrong config, tested 'AH10171', # mod_md, wrong config, tested + 'AH10373', # SSL errors on uncompleted handshakes 'AH10398', # test on global store lock ]) diff --git a/test/modules/md/test_702_auto.py b/test/modules/md/test_702_auto.py index 00d535b57e..8e8f5f155c 100644 --- a/test/modules/md/test_702_auto.py +++ b/test/modules/md/test_702_auto.py @@ -664,7 +664,7 @@ class TestAutov2: "<IfModule tls_module>", f" TLSEngine {env.https_port}", "</IfModule>", - ]) + ]) conf.add_md([domain]) conf.install() assert env.apache_restart() == 0 diff --git a/test/modules/md/test_720_wildcard.py b/test/modules/md/test_720_wildcard.py index 07d0dcadca..23b311c3a4 100644 --- a/test/modules/md/test_720_wildcard.py +++ b/test/modules/md/test_720_wildcard.py @@ -1,4 +1,4 @@ -# test wildcard certificates +# test wildcard certifcates import os import pytest @@ -25,9 +25,7 @@ class TestWildcard: env.clear_store() self.test_domain = env.get_request_domain(request) - # ----------------------------------------------------------------------------------------------- # test case: a wildcard certificate with ACMEv2, no dns-01 supported - # def test_md_720_001(self, env): domain = self.test_domain @@ -47,9 +45,7 @@ class TestWildcard: assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-mismatch' - # ----------------------------------------------------------------------------------------------- - # test case: a wildcard certificate with ACMEv2, only dns-01 configured, invalid command path - # + # test case: a wildcard certificate with ACMEv2, only dns-01 configured, invalid command path def test_md_720_002(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01-not-found.py") @@ -96,9 +92,7 @@ class TestWildcard: for domain in domains: assert domain in altnames - # ----------------------------------------------------------------------------------------------- - # test case: a wildcard certificate with ACMEv2, only dns-01 configured, invalid command option - # + # test case: a wildcard certificate with ACMEv2, only dns-01 configured, invalid command option def test_md_720_003(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py fail") domain = self.test_domain @@ -120,9 +114,7 @@ class TestWildcard: assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-setup-failure' - # ----------------------------------------------------------------------------------------------- - # test case: a wildcard name certificate with ACMEv2, only dns-01 configured - # + # test case: a wildcard name certificate with ACMEv2, only dns-01 configured def test_md_720_004(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py") domain = self.test_domain @@ -147,9 +139,7 @@ class TestWildcard: for domain in domains: assert domain in altnames - # ----------------------------------------------------------------------------------------------- # test case: a wildcard name and 2nd normal vhost, not overlapping - # def test_md_720_005(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py") domain = self.test_domain @@ -176,7 +166,6 @@ class TestWildcard: for domain in domains: assert domain in altnames - # ----------------------------------------------------------------------------------------------- # test case: a wildcard name and 2nd normal vhost, overlapping def test_md_720_006(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py") @@ -205,7 +194,6 @@ class TestWildcard: for domain in [domain, dwild]: assert domain in altnames - # ----------------------------------------------------------------------------------------------- # test case: a MDomain with just a wildcard, see #239 def test_md_720_007(self, env): dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py") @@ -231,3 +219,36 @@ class TestWildcard: cert_a = env.get_cert(wwwdomain) altnames = cert_a.get_san_list() assert domains == altnames + + # test case: a plain name, only dns-01 configured, + # http-01 should not be intercepted. See #279 + def test_md_720_008(self, env): + dns01cmd = os.path.join(env.test_dir, "../modules/md/dns01.py") + domain = self.test_domain + domains = [domain] + + conf = MDConf(env) + conf.add("MDCAChallenges dns-01") + conf.add(f"MDChallengeDns01 {dns01cmd}") + conf.add_md(domains) + conf.add_vhost(domains) + conf.add("LogLevel http:trace4") + conf.install() + + challengedir = os.path.join(env.server_dir, "htdocs/test1/.well-known/acme-challenge") + env.mkpath(challengedir) + content = b'not a challenge' + with open(os.path.join(challengedir, "123456"), "wb") as fd: + fd.write(content) + + # restart, check that md is in store + assert env.apache_restart() == 0 + env.check_md(domains) + # await drive completion + assert env.await_completion([domain], restart=False) + # access a fake http-01 challenge on the domain + r = env.curl_get(f"http://{domain}:{env.http_port}/.well-known/acme-challenge/123456") + assert r.response['status'] == 200 + assert r.response['body'] == content + assert env.apache_restart() == 0 + env.check_md_complete(domain) diff --git a/test/modules/md/test_800_must_staple.py b/test/modules/md/test_800_must_staple.py index 06e881c2f1..32edee3393 100644 --- a/test/modules/md/test_800_must_staple.py +++ b/test/modules/md/test_800_must_staple.py @@ -47,7 +47,7 @@ class TestMustStaple: cert1 = MDCertUtil(env.store_domain_file(self.domain, 'pubcert.pem')) assert not cert1.get_must_staple() stat = env.get_ocsp_status(self.domain) - assert stat['ocsp'] == "no response sent" + assert 'ocsp' not in stat or stat['ocsp'] == "no response sent" # MD that must staple and toggle off again @pytest.mark.skipif(MDTestEnv.lacks_ocsp(), reason="no OCSP responder") diff --git a/test/modules/tls/env.py b/test/modules/tls/env.py index e60c321712..a39fcaaa64 100644 --- a/test/modules/tls/env.py +++ b/test/modules/tls/env.py @@ -3,13 +3,9 @@ import logging import os import re import subprocess -import sys -import time from datetime import timedelta, datetime -from http.client import HTTPConnection from typing import List, Optional, Dict, Tuple, Union -from urllib.parse import urlparse from pyhttpd.certs import CertificateSpec from pyhttpd.env import HttpdTestEnv, HttpdTestSetup @@ -57,6 +53,22 @@ class TlsCipher: class TlsTestEnv(HttpdTestEnv): + CURL_SUPPORTS_TLS_1_3 = None + + @classmethod + def curl_supports_tls_1_3(cls) -> bool: + if cls.CURL_SUPPORTS_TLS_1_3 is None: + # Unfortunately, there is no reliable, platform-independant + # way to verify that TLSv1.3 is properly supported by curl. + # + # p = subprocess.run(['curl', '--tlsv1.3', 'https://shouldneverexistreally'], + # stderr=subprocess.PIPE, stdout=subprocess.PIPE) + # return code 6 means the site could not be resolved, but the + # tls parameter was recognized + cls.CURL_SUPPORTS_TLS_1_3 = False + return cls.CURL_SUPPORTS_TLS_1_3 + + # current rustls supported ciphers in their order of preference # used to test cipher selection, see test_06_ciphers.py RUSTLS_CIPHERS = [ @@ -159,14 +171,6 @@ class TlsTestEnv(HttpdTestEnv): args.extend([]) return self.openssl(args) - CURL_SUPPORTS_TLS_1_3 = None - - def curl_supports_tls_1_3(self) -> bool: - if self.CURL_SUPPORTS_TLS_1_3 is None: - r = self.tls_get(self.domain_a, "/index.json", options=["--tlsv1.3"]) - self.CURL_SUPPORTS_TLS_1_3 = r.exit_code == 0 - return self.CURL_SUPPORTS_TLS_1_3 - OPENSSL_SUPPORTED_PROTOCOLS = None @staticmethod diff --git a/test/modules/tls/htdocs/a.mod-tls.test/vars.py b/test/modules/tls/htdocs/a.mod-tls.test/vars.py index 4ab491b583..f41ec6a5e8 100755 --- a/test/modules/tls/htdocs/a.mod-tls.test/vars.py +++ b/test/modules/tls/htdocs/a.mod-tls.test/vars.py @@ -1,7 +1,25 @@ #!/usr/bin/env python3 import json -import os, cgi -import re +import os, sys +import multipart +from urllib import parse + + +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() jenc = json.JSONEncoder() @@ -15,13 +33,7 @@ def get_json_var(name: str, def_val: str = ""): return jenc.encode(var) -name = None -try: - form = cgi.FieldStorage() - if 'name' in form: - name = str(form['name'].value) -except Exception: - pass +name = forms['name'] if 'name' in forms else None print("Content-Type: application/json\n") if name: diff --git a/test/modules/tls/htdocs/b.mod-tls.test/vars.py b/test/modules/tls/htdocs/b.mod-tls.test/vars.py index 9289c5cb09..f41ec6a5e8 100755 --- a/test/modules/tls/htdocs/b.mod-tls.test/vars.py +++ b/test/modules/tls/htdocs/b.mod-tls.test/vars.py @@ -1,6 +1,25 @@ #!/usr/bin/env python3 import json -import os, cgi +import os, sys +import multipart +from urllib import parse + + +def get_request_params(): + oforms = {} + if "REQUEST_URI" in os.environ: + qforms = parse.parse_qs(parse.urlsplit(os.environ["REQUEST_URI"]).query) + for name, values in qforms.items(): + oforms[name] = values[0] + myenv = os.environ.copy() + myenv['wsgi.input'] = sys.stdin.buffer + mforms, ofiles = multipart.parse_form_data(environ=myenv) + for name, item in mforms.items(): + oforms[name] = item + return oforms, ofiles + + +forms, files = get_request_params() jenc = json.JSONEncoder() @@ -14,13 +33,7 @@ def get_json_var(name: str, def_val: str = ""): return jenc.encode(var) -name = None -try: - form = cgi.FieldStorage() - if 'name' in form: - name = str(form['name'].value) -except Exception: - pass +name = forms['name'] if 'name' in forms else None print("Content-Type: application/json\n") if name: diff --git a/test/modules/tls/test_01_apache.py b/test/modules/tls/test_01_apache.py index eb9b32e199..cb6af6d461 100644 --- a/test/modules/tls/test_01_apache.py +++ b/test/modules/tls/test_01_apache.py @@ -10,5 +10,5 @@ class TestApache: TlsTestConf(env=env).install() assert env.apache_restart() == 0 - def test_01_apache_http(self, env): + def test_tls_01_apache_http(self, env): assert env.is_live(env.http_base_url) diff --git a/test/modules/tls/test_02_conf.py b/test/modules/tls/test_02_conf.py index f34b85e59e..4d6aa60200 100644 --- a/test/modules/tls/test_02_conf.py +++ b/test/modules/tls/test_02_conf.py @@ -18,25 +18,25 @@ class TestConf: if env.is_live(timeout=timedelta(milliseconds=100)): assert env.apache_stop() == 0 - def test_02_conf_cert_args_missing(self, env): + def test_tls_02_conf_cert_args_missing(self, env): conf = TlsTestConf(env=env) conf.add("TLSCertificate") conf.install() assert env.apache_fail() == 0 - def test_02_conf_cert_single_arg(self, env): + def test_tls_02_conf_cert_single_arg(self, env): conf = TlsTestConf(env=env) conf.add("TLSCertificate cert.pem") conf.install() assert env.apache_fail() == 0 - def test_02_conf_cert_file_missing(self, env): + def test_tls_02_conf_cert_file_missing(self, env): conf = TlsTestConf(env=env) conf.add("TLSCertificate cert.pem key.pem") conf.install() assert env.apache_fail() == 0 - def test_02_conf_cert_file_exist(self, env): + def test_tls_02_conf_cert_file_exist(self, env): conf = TlsTestConf(env=env) conf.add("TLSCertificate test-02-cert.pem test-02-key.pem") conf.install() @@ -45,13 +45,13 @@ class TestConf: fd.write("") assert env.apache_fail() == 0 - def test_02_conf_cert_listen_missing(self, env): + def test_tls_02_conf_cert_listen_missing(self, env): conf = TlsTestConf(env=env) conf.add("TLSEngine") conf.install() assert env.apache_fail() == 0 - def test_02_conf_cert_listen_wrong(self, env): + def test_tls_02_conf_cert_listen_wrong(self, env): conf = TlsTestConf(env=env) conf.add("TLSEngine ^^^^^") conf.install() @@ -62,20 +62,20 @@ class TestConf: "129.168.178.188:443", "[::]:443", ]) - def test_02_conf_cert_listen_valid(self, env, listen: str): + def test_tls_02_conf_cert_listen_valid(self, env, listen: str): conf = TlsTestConf(env=env) conf.add("TLSEngine {listen}".format(listen=listen)) conf.install() assert env.apache_restart() == 0 - def test_02_conf_cert_listen_cert(self, env): + def test_tls_02_conf_cert_listen_cert(self, env): domain = env.domain_a conf = TlsTestConf(env=env) conf.add_tls_vhosts(domains=[domain]) conf.install() assert env.apache_restart() == 0 - def test_02_conf_proto_wrong(self, env): + def test_tls_02_conf_proto_wrong(self, env): conf = TlsTestConf(env=env) conf.add("TLSProtocol wrong") conf.install() @@ -87,13 +87,13 @@ class TestConf: "TLSv1.3+", "TLSv0x0303+", ]) - def test_02_conf_proto_valid(self, env, proto): + def test_tls_02_conf_proto_valid(self, env, proto): conf = TlsTestConf(env=env) conf.add("TLSProtocol {proto}".format(proto=proto)) conf.install() assert env.apache_restart() == 0 - def test_02_conf_honor_wrong(self, env): + def test_tls_02_conf_honor_wrong(self, env): conf = TlsTestConf(env=env) conf.add("TLSHonorClientOrder wrong") conf.install() @@ -103,7 +103,7 @@ class TestConf: "on", "OfF", ]) - def test_02_conf_honor_valid(self, env, honor: str): + def test_tls_02_conf_honor_valid(self, env, honor: str): conf = TlsTestConf(env=env) conf.add("TLSHonorClientOrder {honor}".format(honor=honor)) conf.install() @@ -119,7 +119,7 @@ class TestConf: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\\ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256""" ]) - def test_02_conf_cipher_valid(self, env, cipher): + def test_tls_02_conf_cipher_valid(self, env, cipher): conf = TlsTestConf(env=env) conf.add("TLSCiphersPrefer {cipher}".format(cipher=cipher)) conf.install() @@ -131,7 +131,7 @@ class TestConf: "TLS_NULL_WITH_NULL_NULLX", # not supported "TLS_DHE_RSA_WITH_AES128_GCM_SHA256", # not supported ]) - def test_02_conf_cipher_wrong(self, env, cipher): + def test_tls_02_conf_cipher_wrong(self, env, cipher): conf = TlsTestConf(env=env) conf.add("TLSCiphersPrefer {cipher}".format(cipher=cipher)) conf.install() diff --git a/test/modules/tls/test_03_sni.py b/test/modules/tls/test_03_sni.py index eda9a33adb..cf421c0fe8 100644 --- a/test/modules/tls/test_03_sni.py +++ b/test/modules/tls/test_03_sni.py @@ -3,6 +3,7 @@ from datetime import timedelta import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestSni: @@ -13,29 +14,28 @@ class TestSni: conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) conf.install() assert env.apache_restart() == 0 - env.curl_supports_tls_1_3() # init @pytest.fixture(autouse=True, scope='function') def _function_scope(self, env): pass - def test_03_sni_get_a(self, env): + def test_tls_03_sni_get_a(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_a, "/index.json") assert data == {'domain': env.domain_a} - def test_03_sni_get_b(self, env): + def test_tls_03_sni_get_b(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_b, "/index.json") assert data == {'domain': env.domain_b} - def test_03_sni_unknown(self, env): + def test_tls_03_sni_unknown(self, env): # connection will be denied as cert does not cover this domain domain_unknown = "unknown.test" r = env.tls_get(domain_unknown, "/index.json") assert r.exit_code != 0 - def test_03_sni_request_other_same_config(self, env): + def test_tls_03_sni_request_other_same_config(self, env): # do we see the first vhost response for another domain with different certs? r = env.tls_get(env.domain_a, "/index.json", options=[ "-vvvv", "--header", "Host: {0}".format(env.domain_b) @@ -45,10 +45,7 @@ class TestSni: assert r.json is None assert r.response['status'] == 421 - def test_03_sni_request_other_other_honor(self, env): - if env.curl_supports_tls_1_3(): - # can't do this test then - return + def test_tls_03_sni_request_other_other_honor(self, env): # do we see the first vhost response for an unknown domain? conf = TlsTestConf(env=env, extras={ env.domain_a: "TLSProtocol TLSv1.2+", @@ -58,13 +55,14 @@ class TestSni: conf.install() assert env.apache_restart() == 0 r = env.tls_get(env.domain_a, "/index.json", options=[ - "-vvvv", "--header", "Host: {0}".format(env.domain_b) + "-vvvv", "--tls-max", "1.2", "--header", "Host: {0}".format(env.domain_b) ]) # request denied assert r.exit_code == 0 assert r.json is None - def test_03_sni_bad_hostname(self, env): + @pytest.mark.skip('openssl behaviour changed on ventura, unreliable') + def test_tls_03_sni_bad_hostname(self, env): # curl checks hostnames we give it, but the openssl client # does not. Good for us, since we need to test it. r = env.openssl(["s_client", "-connect", diff --git a/test/modules/tls/test_04_get.py b/test/modules/tls/test_04_get.py index 6621f8aa24..4412a66d9a 100644 --- a/test/modules/tls/test_04_get.py +++ b/test/modules/tls/test_04_get.py @@ -39,7 +39,7 @@ class TestGet: ("1m.txt", 1000 * 1024), ("10m.txt", 10000 * 1024), ]) - def test_04_get(self, env, fname, flen): + def test_tls_04_get(self, env, fname, flen): # do we see the correct json for the domain_a? docs_a = os.path.join(env.server_docs_dir, env.domain_a) r = env.tls_get(env.domain_a, "/{0}".format(fname)) @@ -55,7 +55,7 @@ class TestGet: @pytest.mark.parametrize("fname, flen", [ ("1k.txt", 1024), ]) - def test_04_double_get(self, env, fname, flen): + def test_tls_04_double_get(self, env, fname, flen): # we'd like to check that we can do >1 requests on the same connection # however curl hides that from us, unless we analyze its verbose output docs_a = os.path.join(env.server_docs_dir, env.domain_a) diff --git a/test/modules/tls/test_05_proto.py b/test/modules/tls/test_05_proto.py index 7165f21b84..447d052b42 100644 --- a/test/modules/tls/test_05_proto.py +++ b/test/modules/tls/test_05_proto.py @@ -6,6 +6,7 @@ from threading import Thread import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestProto: @@ -29,28 +30,26 @@ class TestProto: def _function_scope(self, env): pass - CURL_SUPPORTS_TLS_1_3 = None - - def test_05_proto_1_2(self, env): + def test_tls_05_proto_1_2(self, env): r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.2"]) assert r.exit_code == 0, r.stderr - if env.curl_supports_tls_1_3(): + if TlsTestEnv.curl_supports_tls_1_3(): r = env.tls_get(env.domain_b, "/index.json", options=["--tlsv1.3"]) assert r.exit_code == 0, r.stderr - def test_05_proto_1_3(self, env): + def test_tls_05_proto_1_3(self, env): r = env.tls_get(env.domain_a, "/index.json", options=["--tlsv1.3"]) - if env.curl_supports_tls_1_3(): + if TlsTestEnv.curl_supports_tls_1_3(): assert r.exit_code == 0, r.stderr else: assert r.exit_code == 4, r.stderr - def test_05_proto_close(self, env): + def test_tls_05_proto_close(self, env): s = socket.create_connection(('localhost', env.https_port)) time.sleep(0.1) s.close() - def test_05_proto_ssl_close(self, env): + def test_tls_05_proto_ssl_close(self, env): conf = TlsTestConf(env=env, extras={ 'base': "LogLevel ssl:debug", env.domain_a: "SSLProtocol TLSv1.3", diff --git a/test/modules/tls/test_06_ciphers.py b/test/modules/tls/test_06_ciphers.py index 650c0dabea..2e60bdd756 100644 --- a/test/modules/tls/test_06_ciphers.py +++ b/test/modules/tls/test_06_ciphers.py @@ -35,7 +35,7 @@ class TestCiphers: cipher = m.group(1) return protocol, cipher - def test_06_ciphers_ecdsa(self, env): + def test_tls_06_ciphers_ecdsa(self, env): ecdsa_1_2 = [c for c in env.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'ECDSA'][0] # client speaks only this cipher, see that it gets it @@ -46,7 +46,7 @@ class TestCiphers: assert protocol == "TLSv1.2", r.stdout assert cipher == ecdsa_1_2.openssl_name, r.stdout - def test_06_ciphers_rsa(self, env): + def test_tls_06_ciphers_rsa(self, env): rsa_1_2 = [c for c in env.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'RSA'][0] # client speaks only this cipher, see that it gets it @@ -62,7 +62,7 @@ class TestCiphers: ], ids=[ c.name for c in TlsTestEnv.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'ECDSA' ]) - def test_06_ciphers_server_prefer_ecdsa(self, env, cipher): + def test_tls_06_ciphers_server_prefer_ecdsa(self, env, cipher): # Select a ECSDA ciphers as preference and suppress all RSA ciphers. # The last is not strictly necessary since rustls prefers ECSDA anyway suppress_names = [c.name for c in env.RUSTLS_CIPHERS @@ -89,7 +89,7 @@ class TestCiphers: ], ids=[ c.name for c in TlsTestEnv.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'RSA' ]) - def test_06_ciphers_server_prefer_rsa(self, env, cipher): + def test_tls_06_ciphers_server_prefer_rsa(self, env, cipher): # Select a RSA ciphers as preference and suppress all ECDSA ciphers. # The last is necessary since rustls prefers ECSDA and openssl leaks that it can. suppress_names = [c.name for c in env.RUSTLS_CIPHERS @@ -116,7 +116,7 @@ class TestCiphers: ], ids=[ c.openssl_name for c in TlsTestEnv.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'RSA' ]) - def test_06_ciphers_server_prefer_rsa_alias(self, env, cipher): + def test_tls_06_ciphers_server_prefer_rsa_alias(self, env, cipher): # same as above, but using openssl names for ciphers suppress_names = [c.openssl_name for c in env.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'ECDSA'] @@ -142,7 +142,7 @@ class TestCiphers: ], ids=[ c.id_name for c in TlsTestEnv.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'RSA' ]) - def test_06_ciphers_server_prefer_rsa_id(self, env, cipher): + def test_tls_06_ciphers_server_prefer_rsa_id(self, env, cipher): # same as above, but using openssl names for ciphers suppress_names = [c.id_name for c in env.RUSTLS_CIPHERS if c.max_version == 1.2 and c.flavour == 'ECDSA'] @@ -161,7 +161,7 @@ class TestCiphers: assert client_proto == "TLSv1.2", r.stdout assert client_cipher == cipher.openssl_name, r.stdout - def test_06_ciphers_pref_unknown(self, env): + def test_tls_06_ciphers_pref_unknown(self, env): conf = TlsTestConf(env=env, extras={ env.domain_b: "TLSCiphersPrefer TLS_MY_SUPER_CIPHER:SSL_WHAT_NOT" }) @@ -174,7 +174,7 @@ class TestCiphers: conf.install() env.apache_restart() - def test_06_ciphers_pref_unsupported(self, env): + def test_tls_06_ciphers_pref_unsupported(self, env): # a warning on preferring a known, but not supported cipher env.httpd_error_log.ignore_recent() conf = TlsTestConf(env=env, extras={ @@ -187,7 +187,7 @@ class TestCiphers: assert errors == 0 assert warnings == 2 # once on dry run, once on start - def test_06_ciphers_supp_unknown(self, env): + def test_tls_06_ciphers_supp_unknown(self, env): conf = TlsTestConf(env=env, extras={ env.domain_b: "TLSCiphersSuppress TLS_MY_SUPER_CIPHER:SSL_WHAT_NOT" }) @@ -195,7 +195,7 @@ class TestCiphers: conf.install() assert env.apache_restart() != 0 - def test_06_ciphers_supp_unsupported(self, env): + def test_tls_06_ciphers_supp_unsupported(self, env): # no warnings on suppressing known, but not supported ciphers env.httpd_error_log.ignore_recent() conf = TlsTestConf(env=env, extras={ diff --git a/test/modules/tls/test_07_alpn.py b/test/modules/tls/test_07_alpn.py index 9f70f5f698..06aff3caae 100644 --- a/test/modules/tls/test_07_alpn.py +++ b/test/modules/tls/test_07_alpn.py @@ -23,19 +23,19 @@ class TestAlpn: def _get_protocol(self, output: str): for line in output.splitlines(): - m = re.match(r'^\*\s+ALPN, server accepted to use\s+(.*)$', line) + m = re.match(r'^\*\s+ALPN[:,] server accepted (to use\s+)?(.*)$', line) if m: - return m.group(1) + return m.group(2) return None - def test_07_alpn_get_a(self, env): + def test_tls_07_alpn_get_a(self, env): # do we see the correct json for the domain_a? - r = env.tls_get(env.domain_a, "/index.json", options=["-vvvvvv"]) + r = env.tls_get(env.domain_a, "/index.json", options=["-vvvvvv", "--http1.1"]) assert r.exit_code == 0, r.stderr protocol = self._get_protocol(r.stderr) assert protocol == "http/1.1", r.stderr - def test_07_alpn_get_b(self, env): + def test_tls_07_alpn_get_b(self, env): # do we see the correct json for the domain_a? r = env.tls_get(env.domain_b, "/index.json", options=["-vvvvvv"]) assert r.exit_code == 0, r.stderr diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py index 4527213346..f1bd9b418a 100644 --- a/test/modules/tls/test_08_vars.py +++ b/test/modules/tls/test_08_vars.py @@ -20,7 +20,7 @@ class TestVars: conf.install() assert env.apache_restart() == 0 - def test_08_vars_root(self, env): + def test_tls_08_vars_root(self, env): # in domain_b root, the StdEnvVars is switch on exp_proto = "TLSv1.2" exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" @@ -44,7 +44,7 @@ class TestVars: ("SSL_CIPHER_EXPORT", "false"), ("SSL_CLIENT_VERIFY", "NONE"), ]) - def test_08_vars_const(self, env, name: str, value: str): + def test_tls_08_vars_const(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout @@ -53,7 +53,7 @@ class TestVars: ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'), ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+\.\d+'), ]) - def test_08_vars_match(self, env, name: str, pattern: str): + def test_tls_08_vars_match(self, env, name: str, pattern: str): r = env.tls_get(env.domain_b, f"/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert name in r.json diff --git a/test/modules/tls/test_09_timeout.py b/test/modules/tls/test_09_timeout.py index 567f256291..70cc89417a 100644 --- a/test/modules/tls/test_09_timeout.py +++ b/test/modules/tls/test_09_timeout.py @@ -21,7 +21,7 @@ class TestTimeout: def _function_scope(self, env): pass - def test_09_timeout_handshake(self, env): + def test_tls_09_timeout_handshake(self, env): # in domain_b root, the StdEnvVars is switch on s = socket.create_connection(('localhost', env.https_port)) s.send(b'1234') diff --git a/test/modules/tls/test_10_session_id.py b/test/modules/tls/test_10_session_id.py index 1ac03e94b7..848bc1a556 100644 --- a/test/modules/tls/test_10_session_id.py +++ b/test/modules/tls/test_10_session_id.py @@ -25,7 +25,7 @@ class TestSessionID: ids.append(m.group(1)) return ids - def test_10_session_id_12(self, env): + def test_tls_10_session_id_12(self, env): r = env.openssl_client(env.domain_b, extra_args=[ "-reconnect", "-tls1_2" ]) @@ -37,7 +37,7 @@ class TestSessionID: @pytest.mark.skipif(True or not TlsTestEnv.openssl_supports_tls_1_3(), reason="openssl TLSv1.3 session storage test incomplete") - def test_10_session_id_13(self, env): + def test_tls_10_session_id_13(self, env): r = env.openssl_client(env.domain_b, extra_args=[ "-reconnect", "-tls1_3" ]) diff --git a/test/modules/tls/test_11_md.py b/test/modules/tls/test_11_md.py index de318c9e3a..9d733db9d1 100644 --- a/test/modules/tls/test_11_md.py +++ b/test/modules/tls/test_11_md.py @@ -17,17 +17,17 @@ class TestMD: conf.install() assert env.apache_restart() == 0 - def test_11_get_a(self, env): + def test_tls_11_get_a(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_a, "/index.json") assert data == {'domain': env.domain_a} - def test_11_get_b(self, env): + def test_tls_11_get_b(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_b, "/index.json") assert data == {'domain': env.domain_b} - def test_11_get_base(self, env): + def test_tls_11_get_base(self, env): # give the base server domain_a and lookup its index.json conf = TlsTestConf(env=env) conf.add_md_base(domain=env.domain_a) diff --git a/test/modules/tls/test_12_cauth.py b/test/modules/tls/test_12_cauth.py index 580df77383..14116091c6 100644 --- a/test/modules/tls/test_12_cauth.py +++ b/test/modules/tls/test_12_cauth.py @@ -45,7 +45,7 @@ class TestTLS: assert r.json, r.stderr + r.stdout return r.json[name] if name in r.json else None - def test_12_set_ca_non_existing(self, env): + def test_tls_12_set_ca_non_existing(self, env): conf = TlsTestConf(env=env, extras={ env.domain_a: "TLSClientCA xxx" }) @@ -53,7 +53,7 @@ class TestTLS: conf.install() assert env.apache_restart() == 1 - def test_12_set_ca_existing(self, env, cax_file): + def test_tls_12_set_ca_existing(self, env, cax_file): conf = TlsTestConf(env=env, extras={ env.domain_a: f"TLSClientCA {cax_file}" }) @@ -61,7 +61,7 @@ class TestTLS: conf.install() assert env.apache_restart() == 0 - def test_12_set_auth_no_ca(self, env): + def test_tls_12_set_auth_no_ca(self, env): conf = TlsTestConf(env=env, extras={ env.domain_a: "TLSClientCertificate required" }) @@ -70,7 +70,7 @@ class TestTLS: # will fail bc lacking clien CA assert env.apache_restart() == 1 - def test_12_auth_option_std(self, env, cax_file, clients_x): + def test_tls_12_auth_option_std(self, env, cax_file, clients_x): conf = TlsTestConf(env=env, extras={ env.domain_b: [ f"TLSClientCertificate required", @@ -102,7 +102,7 @@ class TestTLS: val = self.get_ssl_var(env, env.domain_b, ccert, "SSL_CLIENT_CERT") assert val == "" - def test_12_auth_option_cert(self, env, test_ca, cax_file, clients_x): + def test_tls_12_auth_option_cert(self, env, test_ca, cax_file, clients_x): conf = TlsTestConf(env=env, extras={ env.domain_b: [ "TLSClientCertificate required", @@ -124,7 +124,7 @@ class TestTLS: server_certs = test_ca.get_credentials_for_name(env.domain_b) assert val in [c.cert_pem.decode() for c in server_certs] - def test_12_auth_ssl_optional(self, env, cax_file, clients_x): + def test_tls_12_auth_ssl_optional(self, env, cax_file, clients_x): domain = env.domain_b conf = TlsTestConf(env=env, extras={ domain: [ @@ -164,7 +164,7 @@ class TestTLS: val = self.get_ssl_var(env, env.domain_b, ccert, "SSL_CLIENT_CERT") assert val == ccert.cert_pem.decode() - def test_12_auth_optional(self, env, cax_file, clients_x): + def test_tls_12_auth_optional(self, env, cax_file, clients_x): domain = env.domain_b conf = TlsTestConf(env=env, extras={ domain: [ @@ -197,7 +197,7 @@ class TestTLS: 'SSL_CLIENT_S_DN_CN': 'Not Implemented', }, r.stdout - def test_12_auth_expired(self, env, cax_file, clients_x): + def test_tls_12_auth_expired(self, env, cax_file, clients_x): conf = TlsTestConf(env=env, extras={ env.domain_b: [ "TLSClientCertificate required", @@ -213,7 +213,7 @@ class TestTLS: ]) assert r.exit_code != 0 - def test_12_auth_other_ca(self, env, cax_file, clients_y): + def test_tls_12_auth_other_ca(self, env, cax_file, clients_y): conf = TlsTestConf(env=env, extras={ env.domain_b: [ "TLSClientCertificate required", diff --git a/test/modules/tls/test_13_proxy.py b/test/modules/tls/test_13_proxy.py index affea9791d..8bd305f718 100644 --- a/test/modules/tls/test_13_proxy.py +++ b/test/modules/tls/test_13_proxy.py @@ -22,7 +22,7 @@ class TestProxy: conf.install() assert env.apache_restart() == 0 - def test_13_proxy_http_get(self, env): + def test_tls_13_proxy_http_get(self, env): data = env.tls_get_json(env.domain_b, "/proxy/index.json") assert data == {'domain': env.domain_b} @@ -34,7 +34,7 @@ class TestProxy: ("SSL_CIPHER_EXPORT", ""), ("SSL_CLIENT_VERIFY", ""), ]) - def test_13_proxy_http_vars(self, env, name: str, value: str): + def test_tls_13_proxy_http_vars(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/proxy/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout diff --git a/test/modules/tls/test_14_proxy_ssl.py b/test/modules/tls/test_14_proxy_ssl.py index 18b7b0f1c3..79b2fb4b04 100644 --- a/test/modules/tls/test_14_proxy_ssl.py +++ b/test/modules/tls/test_14_proxy_ssl.py @@ -40,16 +40,16 @@ class TestProxySSL: conf.install() assert env.apache_restart() == 0 - def test_14_proxy_ssl_get(self, env): + def test_tls_14_proxy_ssl_get(self, env): data = env.tls_get_json(env.domain_b, "/proxy-ssl/index.json") assert data == {'domain': env.domain_b} - def test_14_proxy_ssl_get_local(self, env): + def test_tls_14_proxy_ssl_get_local(self, env): # does not work, since SSLProxy* not configured data = env.tls_get_json(env.domain_b, "/proxy-local/index.json") assert data is None - def test_14_proxy_ssl_h2_get(self, env): + def test_tls_14_proxy_ssl_h2_get(self, env): r = env.tls_get(env.domain_b, "/proxy-h2-ssl/index.json") assert r.exit_code == 0 assert r.json == {'domain': env.domain_b} @@ -62,7 +62,7 @@ class TestProxySSL: ("SSL_CIPHER_EXPORT", "false"), ("SSL_CLIENT_VERIFY", "NONE"), ]) - def test_14_proxy_ssl_vars_const(self, env, name: str, value: str): + def test_tls_14_proxy_ssl_vars_const(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/proxy-ssl/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout @@ -71,7 +71,7 @@ class TestProxySSL: ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'), ("SSL_VERSION_LIBRARY", r'rustls-ffi/\d+\.\d+\.\d+/rustls/\d+\.\d+\.\d+'), ]) - def test_14_proxy_ssl_vars_match(self, env, name: str, pattern: str): + def test_tls_14_proxy_ssl_vars_match(self, env, name: str, pattern: str): r = env.tls_get(env.domain_b, f"/proxy-ssl/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert name in r.json diff --git a/test/modules/tls/test_15_proxy_tls.py b/test/modules/tls/test_15_proxy_tls.py index efc270173e..f2f670d7e9 100644 --- a/test/modules/tls/test_15_proxy_tls.py +++ b/test/modules/tls/test_15_proxy_tls.py @@ -45,16 +45,16 @@ class TestProxyTLS: conf.install() assert env.apache_restart() == 0 - def test_15_proxy_tls_get(self, env): + def test_tls_15_proxy_tls_get(self, env): data = env.tls_get_json(env.domain_b, "/proxy-tls/index.json") assert data == {'domain': env.domain_b} - def test_15_proxy_tls_get_local(self, env): + def test_tls_15_proxy_tls_get_local(self, env): # does not work, since SSLProxy* not configured data = env.tls_get_json(env.domain_b, "/proxy-local/index.json") assert data is None - def test_15_proxy_tls_h2_get(self, env): + def test_tls_15_proxy_tls_h2_get(self, env): r = env.tls_get(env.domain_b, "/proxy-h2-tls/index.json") assert r.exit_code == 0 assert r.json == {'domain': env.domain_b}, f"{r.stdout}" @@ -69,21 +69,18 @@ class TestProxyTLS: ("SSL_CIPHER_EXPORT", "false"), ("SSL_CLIENT_VERIFY", "NONE"), ]) - def test_15_proxy_tls_h1_vars(self, env, name: str, value: str): + def test_tls_15_proxy_tls_h1_vars(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/proxy-tls/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout @pytest.mark.parametrize("name, value", [ ("SERVER_NAME", "b.mod-tls.test"), - ("SERVER_NAME", "b.mod-tls.test"), - ("SERVER_NAME", "b.mod-tls.test"), - ("SERVER_NAME", "b.mod-tls.test"), ("SSL_PROTOCOL", "TLSv1.3"), ("SSL_CIPHER", "TLS_CHACHA20_POLY1305_SHA256"), ("SSL_SESSION_RESUMED", "Initial"), ]) - def test_15_proxy_tls_h2_vars(self, env, name: str, value: str): + def test_tls_15_proxy_tls_h2_vars(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/proxy-h2-tls/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout diff --git a/test/modules/tls/test_16_proxy_mixed.py b/test/modules/tls/test_16_proxy_mixed.py index a37c530ba2..ca082362d7 100644 --- a/test/modules/tls/test_16_proxy_mixed.py +++ b/test/modules/tls/test_16_proxy_mixed.py @@ -1,3 +1,5 @@ +import time + import pytest from .conf import TlsTestConf @@ -9,7 +11,7 @@ class TestProxyMixed: def _class_scope(self, env): conf = TlsTestConf(env=env, extras={ 'base': [ - "LogLevel proxy:trace1 proxy_http:trace1 ssl:trace1 proxy_http2:trace1", + "LogLevel proxy:trace1 proxy_http:trace1 ssl:trace1 proxy_http2:trace1 http2:debug", "ProxyPreserveHost on", ], env.domain_a: [ @@ -34,10 +36,12 @@ class TestProxyMixed: conf.install() assert env.apache_restart() == 0 - def test_16_proxy_mixed_ssl_get(self, env): + def test_tls_16_proxy_mixed_ssl_get(self, env, repeat): data = env.tls_get_json(env.domain_b, "/proxy-ssl/index.json") assert data == {'domain': env.domain_b} - def test_16_proxy_mixed_tls_get(self, env): + def test_tls_16_proxy_mixed_tls_get(self, env, repeat): data = env.tls_get_json(env.domain_a, "/proxy-tls/index.json") + if data is None: + time.sleep(300) assert data == {'domain': env.domain_a} diff --git a/test/modules/tls/test_17_proxy_machine_cert.py b/test/modules/tls/test_17_proxy_machine_cert.py index efaa15af57..7b5ef44d6f 100644 --- a/test/modules/tls/test_17_proxy_machine_cert.py +++ b/test/modules/tls/test_17_proxy_machine_cert.py @@ -54,7 +54,7 @@ class TestProxyMachineCert: conf.install() assert env.apache_restart() == 0 - def test_17_proxy_machine_cert_get_a(self, env): + def test_tls_17_proxy_machine_cert_get_a(self, env): data = env.tls_get_json(env.domain_a, "/proxy-tls/index.json") assert data == {'domain': env.domain_a} @@ -63,7 +63,7 @@ class TestProxyMachineCert: ("SSL_CLIENT_VERIFY", "SUCCESS"), ("REMOTE_USER", "user1"), ]) - def test_17_proxy_machine_cert_vars(self, env, name: str, value: str): + def test_tls_17_proxy_machine_cert_vars(self, env, name: str, value: str): r = env.tls_get(env.domain_a, f"/proxy-tls/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert r.json == {name: value}, r.stdout |