| 1 | from mgstest import require_match, TestExpectationFailed |
|---|
| 2 | import re |
|---|
| 3 | |
|---|
| 4 | def post_check(conn_log, response_log): |
|---|
| 5 | """Compare the TLS session information reported by gnutls-cli and the |
|---|
| 6 | mod_gnutls status listing.""" |
|---|
| 7 | |
|---|
| 8 | # Group 1 is the TLS version, group 2 the ciphers. The certificate |
|---|
| 9 | # type that may be enclosed in the same brackets as the TLS |
|---|
| 10 | # version is ignored. |
|---|
| 11 | re_session = r'\((TLS[\d\.]+).*?\)-(.*)' |
|---|
| 12 | |
|---|
| 13 | # Prefix for gnutls-cli output |
|---|
| 14 | re_cli = re.compile(r'(?<=^-\sDescription:\s)' + re_session + '$') |
|---|
| 15 | # Prefix in mod_status output provided by mod_gnutls |
|---|
| 16 | re_status = re.compile(r'(?<=^Current TLS session:\s)' + re_session + '$') |
|---|
| 17 | |
|---|
| 18 | cli_suite = require_match(re_cli, conn_log, |
|---|
| 19 | 'Client cipher suite information is missing!') |
|---|
| 20 | status_suite = require_match(re_status, response_log, |
|---|
| 21 | 'Server cipher suite information is missing!') |
|---|
| 22 | |
|---|
| 23 | print(f'Client session info: {cli_suite.group(0)}') |
|---|
| 24 | print(f'Server session info: {status_suite.group(0)}') |
|---|
| 25 | |
|---|
| 26 | if cli_suite.group(1) != status_suite.group(1): |
|---|
| 27 | raise TestExpectationFailed( |
|---|
| 28 | f'Client ({cli_suite.group(1)}) and server ' |
|---|
| 29 | f'({status_suite.group(1)}) report different protocols!') |
|---|
| 30 | |
|---|
| 31 | if cli_suite.group(2) != status_suite.group(2): |
|---|
| 32 | raise TestExpectationFailed( |
|---|
| 33 | f'Client ({cli_suite.group(2)}) and server ' |
|---|
| 34 | f'({status_suite.group(2)}) report different ciphers!') |
|---|
