Changeset 1c2b936 in mod_gnutls


Ignore:
Timestamp:
Dec 4, 2019, 6:20:53 AM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
851173b
Parents:
5c7e570
Message:

Test suite: Use the new Python-based test client

Location:
test
Files:
33 added
97 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    r5c7e570 r1c2b936  
    249249EXTRA_DIST = $(apache_data) $(cert_templates) $(shared_identities:=/uid.in) \
    250250        apache_service.bash common.bash runtests authority/server/crl.template \
    251         softhsm.bash
     251        softhsm.bash https-test-client.py
    252252
    253253# Lockfile for the main Apache process
  • test/runtests

    r5c7e570 r1c2b936  
    4646    kill_by_pidfile "${msva_pidfile}"
    4747    unset msva_pidfile
    48 }
    49 
    50 # Compare expected/actual outputs, filtering out headers from actual
    51 # output that are expected to change between runs or builds (currently
    52 # "Date", "Server" and "Content-Length"). The headers must be excluded
    53 # in the expected output.
    54 #
    55 # Parameters:
    56 # $1: path to expected output
    57 # $2: path to actual output
    58 # $3: additional options for diff (optional)
    59 function diff_output_filter_headers()
    60 {
    61     local expected="$1"
    62     local actual="$2"
    63     diff $3 -u "${expected}" <( cat "${actual}" | \
    64         grep -v -P '^Date:\s.*GMT\s?$' | \
    65         grep -v -P '^Server:\sApache'  | \
    66         grep -v -P '^Content-Length:\s\d+\s?$' | \
    67         tail -n "$(wc -l < ${expected})" )
    6848}
    6949
     
    10484    printf "FAILURE: %s\n" "$TEST_NAME"
    10585    ${APACHE2} -f "${testdir}/apache.conf" -k stop || true
    106     if [ -e output ]; then
    107         printf "\ngnutls-cli outputs:\n"
    108         diff_output_filter_headers "output" "$output" || true
    109     fi
    11086
    11187    if [ -r "${testdir}/backend.conf" ]; then
     
    11591    if [ -r "${testdir}/ocsp.conf" ]; then
    11692        apache_service "${testdir}" "ocsp.conf" stop || true
    117     fi
    118 
    119     if [ -n "${sleep_pidfile}" ]; then
    120         kill_by_pidfile "${sleep_pidfile}"
    12193    fi
    12294
     
    224196fi
    225197
    226 # PID file for sleep command (explanation below)
    227 sleep_pidfile="$(mktemp mod_gnutls_test-XXXXXX.pid)"
    228 
    229 # The sleep call keeps the pipe from the subshell to gnutls-cli
    230 # open. Without it gnutls-cli would terminate as soon as sed is
    231 # done, and not wait for a response from the server, leading to
    232 # failing tests. Sending sleep to the background allows the test
    233 # case to proceed instead of waiting for it to return. The sleep
    234 # process is stopped after gnutls-cli terminates.
    235 #
    236 # The line end manipulation in sed guarantees that all header lines
    237 # end with CRLF as required by RFC 7230, Section 3.1.1 regardless of
    238 # the line ends in the input file.
    239 if (sed -r "s/__HOSTNAME__/${TEST_HOST}/;s/\r?$/\r/" <${testdir}/input && \
    240            run_with_pidfile "${sleep_pidfile}" sleep "${TEST_QUERY_TIMEOUT}" &) | \
    241        gnutls-cli -p "${TEST_PORT}" $(cat ${testdir}/gnutls-cli.args) "${TARGET}" \
    242        | tee "$output" && test "${PIPESTATUS[1]}" -eq 0;
    243 then
    244     if [ -e ${testdir}/fail* ]; then
    245         printf "%s should have failed but succeeded\n" "$(basename "$testdir")" >&2
    246         exit 1
    247     fi
    248 else
    249     if [ ! -e ${testdir}/fail* ]; then
    250         printf "%s should have succeeded but failed\n" "$(basename "$testdir")" >&2
    251         exit 1
    252     fi
    253 fi
    254 
    255 kill_by_pidfile "${sleep_pidfile}"
    256 unset sleep_pidfile
    257 
    258 if [ -e ${testdir}/output ] ; then
    259     diff_output_filter_headers "${testdir}/output" "$output" >&2
    260 fi
     198${PYTHON} ${srcdir}/https-test-client.py -p "${TEST_PORT}" "${TARGET}" \
     199          --test-config "${testdir}/test.yml"\
     200    |& tee "$output"
     201# We care about the exit status of the Python script, not tee
     202if [ ${PIPESTATUS[0]} -ne 0 ]; then
     203    exit 1
     204fi
     205
    261206if [ -n "${USE_MSVA}" ]; then
    262207    trap stop_msva EXIT
  • test/tests/05_mismatched-priorities/apache.conf

    r5c7e570 r1c2b936  
    88 GnuTLSCertificateFile  authority/server/x509.pem
    99 GnuTLSKeyFile          authority/server/secret.key
    10  GnuTLSPriorities NORMAL:-VERS-SSL3.0
     10 GnuTLSPriorities NORMAL:-VERS-TLS1.2
    1111</VirtualHost>
  • test/tests/Makefile.am

    r5c7e570 r1c2b936  
    11EXTRA_DIST = \
    2         00_basic/apache.conf 00_basic/gnutls-cli.args 00_basic/input 00_basic/output \
    3         01_serverwide_priorities/apache.conf 01_serverwide_priorities/gnutls-cli.args 01_serverwide_priorities/input 01_serverwide_priorities/output \
    4         02_cache_in_vhost/apache.conf 02_cache_in_vhost/fail.server 02_cache_in_vhost/gnutls-cli.args 02_cache_in_vhost/input \
    5         03_cachetimeout_in_vhost/apache.conf 03_cachetimeout_in_vhost/gnutls-cli.args 03_cachetimeout_in_vhost/input 03_cachetimeout_in_vhost/output \
    6         04_basic_nosni/apache.conf 04_basic_nosni/gnutls-cli.args 04_basic_nosni/input 04_basic_nosni/output \
    7         05_mismatched-priorities/apache.conf 05_mismatched-priorities/fail.client 05_mismatched-priorities/gnutls-cli.args 05_mismatched-priorities/input \
    8         06_verify_sni_a/apache.conf 06_verify_sni_a/gnutls-cli.args 06_verify_sni_a/input 06_verify_sni_a/output \
    9         07_verify_sni_b/apache.conf 07_verify_sni_b/gnutls-cli.args 07_verify_sni_b/input 07_verify_sni_b/output \
    10         08_verify_no_sni_fallback_to_first_vhost/apache.conf 08_verify_no_sni_fallback_to_first_vhost/gnutls-cli.args 08_verify_no_sni_fallback_to_first_vhost/input 08_verify_no_sni_fallback_to_first_vhost/output \
    11         09_verify_no_sni_fails_with_wrong_order/apache.conf 09_verify_no_sni_fails_with_wrong_order/fail.client 09_verify_no_sni_fails_with_wrong_order/gnutls-cli.args 09_verify_no_sni_fails_with_wrong_order/input \
    12         10_basic_client_verification/apache.conf 10_basic_client_verification/gnutls-cli.args 10_basic_client_verification/input 10_basic_client_verification/output \
    13         11_basic_client_verification_fail/apache.conf 11_basic_client_verification_fail/fail.client 11_basic_client_verification_fail/gnutls-cli.args 11_basic_client_verification_fail/input \
    14         12_cgi_variables/apache.conf 12_cgi_variables/gnutls-cli.args 12_cgi_variables/input 12_cgi_variables/output \
    15         13_cgi_variables_no_client_cert/apache.conf 13_cgi_variables_no_client_cert/gnutls-cli.args 13_cgi_variables_no_client_cert/input 13_cgi_variables_no_client_cert/output \
    16         14_resume_session/apache.conf 14_resume_session/gnutls-cli.args 14_resume_session/input 14_resume_session/output \
    17         15_basic_msva/apache.conf 15_basic_msva/gnutls-cli.args 15_basic_msva/input 15_basic_msva/output \
    18         16_view-status/apache.conf 16_view-status/gnutls-cli.args 16_view-status/input \
    19         17_cgi_vars_large_cert/apache.conf 17_cgi_vars_large_cert/gnutls-cli.args 17_cgi_vars_large_cert/input 17_cgi_vars_large_cert/output \
    20         18_client_verification_wrong_cert/apache.conf 18_client_verification_wrong_cert/gnutls-cli.args 18_client_verification_wrong_cert/input 18_client_verification_wrong_cert/output \
    21         19_TLS_reverse_proxy/apache.conf 19_TLS_reverse_proxy/backend.conf 19_TLS_reverse_proxy/gnutls-cli.args 19_TLS_reverse_proxy/input 19_TLS_reverse_proxy/output \
    22         20_TLS_reverse_proxy_client_auth/apache.conf 20_TLS_reverse_proxy_client_auth/backend.conf 20_TLS_reverse_proxy_client_auth/gnutls-cli.args 20_TLS_reverse_proxy_client_auth/input 20_TLS_reverse_proxy_client_auth/output \
    23         21_TLS_reverse_proxy_wrong_cert/apache.conf 21_TLS_reverse_proxy_wrong_cert/backend.conf 21_TLS_reverse_proxy_wrong_cert/gnutls-cli.args 21_TLS_reverse_proxy_wrong_cert/input 21_TLS_reverse_proxy_wrong_cert/output \
    24         22_TLS_reverse_proxy_crl_revoke/apache.conf 22_TLS_reverse_proxy_crl_revoke/backend.conf 22_TLS_reverse_proxy_crl_revoke/gnutls-cli.args 22_TLS_reverse_proxy_crl_revoke/input 22_TLS_reverse_proxy_crl_revoke/output \
    25         23_TLS_reverse_proxy_mismatched_priorities/apache.conf 23_TLS_reverse_proxy_mismatched_priorities/backend.conf 23_TLS_reverse_proxy_mismatched_priorities/gnutls-cli.args 23_TLS_reverse_proxy_mismatched_priorities/input 23_TLS_reverse_proxy_mismatched_priorities/output \
    26         24_pkcs11_cert/apache.conf 24_pkcs11_cert/gnutls-cli.args 24_pkcs11_cert/input 24_pkcs11_cert/output \
    27         25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/fail.client 25_Disable_TLS_1.0/gnutls-cli.args 25_Disable_TLS_1.0/input \
     2        00_basic/apache.conf 00_basic/test.yml \
     3        01_serverwide_priorities/apache.conf 01_serverwide_priorities/test.yml \
     4        02_cache_in_vhost/apache.conf 02_cache_in_vhost/fail.server 02_cache_in_vhost/test.yml \
     5        03_cachetimeout_in_vhost/apache.conf 03_cachetimeout_in_vhost/test.yml \
     6        04_basic_nosni/apache.conf 04_basic_nosni/test.yml \
     7        05_mismatched-priorities/apache.conf 05_mismatched-priorities/test.yml \
     8        06_verify_sni_a/apache.conf 06_verify_sni_a/test.yml \
     9        07_verify_sni_b/apache.conf 07_verify_sni_b/test.yml \
     10        08_verify_no_sni_fallback_to_first_vhost/apache.conf 08_verify_no_sni_fallback_to_first_vhost/test.yml \
     11        09_verify_no_sni_fails_with_wrong_order/apache.conf 09_verify_no_sni_fails_with_wrong_order/test.yml \
     12        10_basic_client_verification/apache.conf 10_basic_client_verification/test.yml \
     13        11_basic_client_verification_fail/apache.conf 11_basic_client_verification_fail/test.yml \
     14        12_cgi_variables/apache.conf 12_cgi_variables/test.yml \
     15        13_cgi_variables_no_client_cert/apache.conf 13_cgi_variables_no_client_cert/test.yml \
     16        14_resume_session/apache.conf 14_resume_session/test.yml \
     17        15_basic_msva/apache.conf 15_basic_msva/test.yml \
     18        16_view-status/apache.conf 16_view-status/test.yml \
     19        17_cgi_vars_large_cert/apache.conf 17_cgi_vars_large_cert/test.yml \
     20        18_client_verification_wrong_cert/apache.conf 18_client_verification_wrong_cert/test.yml \
     21        19_TLS_reverse_proxy/apache.conf 19_TLS_reverse_proxy/backend.conf 19_TLS_reverse_proxy/test.yml \
     22        20_TLS_reverse_proxy_client_auth/apache.conf 20_TLS_reverse_proxy_client_auth/backend.conf 20_TLS_reverse_proxy_client_auth/test.yml \
     23        21_TLS_reverse_proxy_wrong_cert/apache.conf 21_TLS_reverse_proxy_wrong_cert/backend.conf 21_TLS_reverse_proxy_wrong_cert/test.yml \
     24        22_TLS_reverse_proxy_crl_revoke/apache.conf 22_TLS_reverse_proxy_crl_revoke/backend.conf 22_TLS_reverse_proxy_crl_revoke/test.yml \
     25        23_TLS_reverse_proxy_mismatched_priorities/apache.conf 23_TLS_reverse_proxy_mismatched_priorities/backend.conf 23_TLS_reverse_proxy_mismatched_priorities/test.yml \
     26        24_pkcs11_cert/apache.conf 24_pkcs11_cert/test.yml \
     27        25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/test.yml \
    2828        26_redirect_HTTP_to_HTTPS/apache.conf \
    29         27_OCSP_server/apache.conf 27_OCSP_server/gnutls-cli.args 27_OCSP_server/input 27_OCSP_server/ocsp.conf 27_OCSP_server/output \
     29        27_OCSP_server/apache.conf 27_OCSP_server/ocsp.conf 27_OCSP_server/test.yml \
    3030        28_HTTP2_support/apache.conf \
    31         29_force_handshake_vhost/apache.conf 29_force_handshake_vhost/gnutls-cli.args 29_force_handshake_vhost/input 29_force_handshake_vhost/output \
    32         30_ip_based_vhosts/apache.conf 30_ip_based_vhosts/gnutls-cli.args 30_ip_based_vhosts/input 30_ip_based_vhosts/output 31_vhost_SNI_serveralias_match \
    33         31_vhost_SNI_serveralias_match/gnutls-cli.args 31_vhost_SNI_serveralias_match/input 31_vhost_SNI_serveralias_match/apache.conf 31_vhost_SNI_serveralias_match/output \
    34         32_vhost_SNI_serveralias_mismatch/gnutls-cli.args 32_vhost_SNI_serveralias_mismatch/input 32_vhost_SNI_serveralias_mismatch/apache.conf 32_vhost_SNI_serveralias_mismatch/output \
    35         33_vhost_SNI_serveralias_missinghost/gnutls-cli.args 33_vhost_SNI_serveralias_missinghost/input 33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/output \
    36         34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/gnutls-cli.args 34_TLS_reverse_proxy_h2/input 34_TLS_reverse_proxy_h2/output
     31        29_force_handshake_vhost/apache.conf 29_force_handshake_vhost/test.yml \
     32        30_ip_based_vhosts/apache.conf 30_ip_based_vhosts/test.yml \
     33        31_vhost_SNI_serveralias_match/apache.conf 31_vhost_SNI_serveralias_match/test.yml \
     34        32_vhost_SNI_serveralias_mismatch/apache.conf 32_vhost_SNI_serveralias_mismatch/test.yml \
     35        33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/test.yml \
     36        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/test.yml
Note: See TracChangeset for help on using the changeset viewer.