diff options
Diffstat (limited to 'test/modules/tls/test_03_sni.py')
-rw-r--r-- | test/modules/tls/test_03_sni.py | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/test/modules/tls/test_03_sni.py b/test/modules/tls/test_03_sni.py index eda9a33adb..cf421c0fe8 100644 --- a/test/modules/tls/test_03_sni.py +++ b/test/modules/tls/test_03_sni.py @@ -3,6 +3,7 @@ from datetime import timedelta import pytest from .conf import TlsTestConf +from .env import TlsTestEnv class TestSni: @@ -13,29 +14,28 @@ class TestSni: conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) conf.install() assert env.apache_restart() == 0 - env.curl_supports_tls_1_3() # init @pytest.fixture(autouse=True, scope='function') def _function_scope(self, env): pass - def test_03_sni_get_a(self, env): + def test_tls_03_sni_get_a(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_a, "/index.json") assert data == {'domain': env.domain_a} - def test_03_sni_get_b(self, env): + def test_tls_03_sni_get_b(self, env): # do we see the correct json for the domain_a? data = env.tls_get_json(env.domain_b, "/index.json") assert data == {'domain': env.domain_b} - def test_03_sni_unknown(self, env): + def test_tls_03_sni_unknown(self, env): # connection will be denied as cert does not cover this domain domain_unknown = "unknown.test" r = env.tls_get(domain_unknown, "/index.json") assert r.exit_code != 0 - def test_03_sni_request_other_same_config(self, env): + def test_tls_03_sni_request_other_same_config(self, env): # do we see the first vhost response for another domain with different certs? r = env.tls_get(env.domain_a, "/index.json", options=[ "-vvvv", "--header", "Host: {0}".format(env.domain_b) @@ -45,10 +45,7 @@ class TestSni: assert r.json is None assert r.response['status'] == 421 - def test_03_sni_request_other_other_honor(self, env): - if env.curl_supports_tls_1_3(): - # can't do this test then - return + def test_tls_03_sni_request_other_other_honor(self, env): # do we see the first vhost response for an unknown domain? conf = TlsTestConf(env=env, extras={ env.domain_a: "TLSProtocol TLSv1.2+", @@ -58,13 +55,14 @@ class TestSni: conf.install() assert env.apache_restart() == 0 r = env.tls_get(env.domain_a, "/index.json", options=[ - "-vvvv", "--header", "Host: {0}".format(env.domain_b) + "-vvvv", "--tls-max", "1.2", "--header", "Host: {0}".format(env.domain_b) ]) # request denied assert r.exit_code == 0 assert r.json is None - def test_03_sni_bad_hostname(self, env): + @pytest.mark.skip('openssl behaviour changed on ventura, unreliable') + def test_tls_03_sni_bad_hostname(self, env): # curl checks hostnames we give it, but the openssl client # does not. Good for us, since we need to test it. r = env.openssl(["s_client", "-connect", |