1 | from mgstest import require_match, TestExpectationFailed |
---|
2 | import re |
---|
3 | |
---|
4 | def post_check(conn_log, response_log): |
---|
5 | """Compare the TLS session information reported by gnutls-cli and the |
---|
6 | mod_gnutls status listing.""" |
---|
7 | |
---|
8 | # Group 1 is the TLS version, group 2 the ciphers. The certificate |
---|
9 | # type that may be enclosed in the same brackets as the TLS |
---|
10 | # version is ignored. |
---|
11 | re_session = r'\((TLS[\d\.]+).*?\)-(.*)' |
---|
12 | |
---|
13 | # Prefix for gnutls-cli output |
---|
14 | re_cli = re.compile(r'(?<=^-\sDescription:\s)' + re_session + '$') |
---|
15 | # Prefix in mod_status output provided by mod_gnutls |
---|
16 | re_status = re.compile(r'(?<=^Current TLS session:\s)' + re_session + '$') |
---|
17 | |
---|
18 | cli_suite = require_match(re_cli, conn_log, |
---|
19 | 'Client cipher suite information is missing!') |
---|
20 | status_suite = require_match(re_status, response_log, |
---|
21 | 'Server cipher suite information is missing!') |
---|
22 | |
---|
23 | print(f'Client session info: {cli_suite.group(0)}') |
---|
24 | print(f'Server session info: {status_suite.group(0)}') |
---|
25 | |
---|
26 | if cli_suite.group(1) != status_suite.group(1): |
---|
27 | raise TestExpectationFailed( |
---|
28 | f'Client ({cli_suite.group(1)}) and server ' |
---|
29 | f'({status_suite.group(1)}) report different protocols!') |
---|
30 | |
---|
31 | if cli_suite.group(2) != status_suite.group(2): |
---|
32 | raise TestExpectationFailed( |
---|
33 | f'Client ({cli_suite.group(2)}) and server ' |
---|
34 | f'({status_suite.group(2)}) report different ciphers!') |
---|