summaryrefslogtreecommitdiffhomepage
path: root/test/test_reconfigure_tls.py
diff options
context:
space:
mode:
authorKonstantin Pavlov <thresh@nginx.com>2023-08-31 09:41:46 -0700
committerKonstantin Pavlov <thresh@nginx.com>2023-08-31 09:41:46 -0700
commitc45c8919c7232eb20023484f6d1fc9f1f50395d8 (patch)
treecc12eb307c1611494948645e4b487fa06495c3d2 /test/test_reconfigure_tls.py
parent88c90e1c351ab8c5bd487a5cd4b735014b08e271 (diff)
parent9b22b6957bc87b3df002d0bc691fdae6a20abdac (diff)
downloadunit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.gz
unit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.bz2
Merged with the default branch.1.31.0-1
Diffstat (limited to 'test/test_reconfigure_tls.py')
-rw-r--r--test/test_reconfigure_tls.py153
1 files changed, 80 insertions, 73 deletions
diff --git a/test/test_reconfigure_tls.py b/test/test_reconfigure_tls.py
index 0f92a419..b473b147 100644
--- a/test/test_reconfigure_tls.py
+++ b/test/test_reconfigure_tls.py
@@ -3,103 +3,110 @@ import ssl
import time
import pytest
-from unit.applications.tls import TestApplicationTLS
+from unit.applications.tls import ApplicationTLS
+prerequisites = {'modules': {'openssl': 'any'}}
-class TestReconfigureTLS(TestApplicationTLS):
- prerequisites = {'modules': {'openssl': 'any'}}
+client = ApplicationTLS()
- @pytest.fixture(autouse=True)
- def setup_method_fixture(self):
- if 'HAS_TLSv1_2' not in dir(ssl) or not ssl.HAS_TLSv1_2:
- pytest.skip('OpenSSL too old')
- self.certificate()
+@pytest.fixture(autouse=True)
+def setup_method_fixture():
+ if 'HAS_TLSv1_2' not in dir(ssl) or not ssl.HAS_TLSv1_2:
+ pytest.skip('OpenSSL too old')
- assert 'success' in self.conf(
- {
- "listeners": {
- "*:7080": {
- "pass": "routes",
- "tls": {"certificate": "default"},
- }
- },
- "routes": [{"action": {"return": 200}}],
- "applications": {},
- }
- ), 'load application configuration'
+ client.certificate()
- def create_socket(self):
- ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
- ctx.check_hostname = False
- ctx.verify_mode = ssl.CERT_NONE
+ assert 'success' in client.conf(
+ {
+ "listeners": {
+ "*:7080": {
+ "pass": "routes",
+ "tls": {"certificate": "default"},
+ }
+ },
+ "routes": [{"action": {"return": 200}}],
+ "applications": {},
+ }
+ ), 'load application configuration'
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- ssl_sock = ctx.wrap_socket(
- s, server_hostname='localhost', do_handshake_on_connect=False
- )
- ssl_sock.connect(('127.0.0.1', 7080))
- return ssl_sock
+def create_socket():
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ ctx.check_hostname = False
+ ctx.verify_mode = ssl.CERT_NONE
- def clear_conf(self):
- assert 'success' in self.conf({"listeners": {}, "applications": {}})
+ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ ssl_sock = ctx.wrap_socket(
+ s, server_hostname='localhost', do_handshake_on_connect=False
+ )
+ ssl_sock.connect(('127.0.0.1', 7080))
- @pytest.mark.skip('not yet')
- def test_reconfigure_tls_switch(self):
- assert 'success' in self.conf_delete('listeners/*:7080/tls')
+ return ssl_sock
- (_, sock) = self.get(
- headers={'Host': 'localhost', 'Connection': 'keep-alive'},
- start=True,
- read_timeout=1,
- )
- assert 'success' in self.conf(
- {"pass": "routes", "tls": {"certificate": "default"}},
- 'listeners/*:7080',
- )
+def clear_conf():
+ assert 'success' in client.conf({"listeners": {}, "applications": {}})
- assert self.get(sock=sock)['status'] == 200, 'reconfigure'
- assert self.get_ssl()['status'] == 200, 'reconfigure tls'
- def test_reconfigure_tls(self):
- ssl_sock = self.create_socket()
+@pytest.mark.skip('not yet')
+def test_reconfigure_tls_switch():
+ assert 'success' in client.conf_delete('listeners/*:7080/tls')
- ssl_sock.sendall("""GET / HTTP/1.1\r\n""".encode())
+ (_, sock) = client.get(
+ headers={'Host': 'localhost', 'Connection': 'keep-alive'},
+ start=True,
+ read_timeout=1,
+ )
- self.clear_conf()
+ assert 'success' in client.conf(
+ {"pass": "routes", "tls": {"certificate": "default"}},
+ 'listeners/*:7080',
+ )
- ssl_sock.sendall(
- """Host: localhost\r\nConnection: close\r\n\r\n""".encode()
- )
+ assert client.get(sock=sock)['status'] == 200, 'reconfigure'
+ assert client.get_ssl()['status'] == 200, 'reconfigure tls'
- assert (
- self.recvall(ssl_sock).decode().startswith('HTTP/1.1 200 OK')
- ), 'finish request'
- def test_reconfigure_tls_2(self):
- ssl_sock = self.create_socket()
+def test_reconfigure_tls():
+ ssl_sock = create_socket()
- # Waiting for connection completion.
- # Delay should be more than TCP_DEFER_ACCEPT.
- time.sleep(1.5)
+ ssl_sock.sendall("""GET / HTTP/1.1\r\n""".encode())
- self.clear_conf()
+ clear_conf()
- try:
- ssl_sock.do_handshake()
- except ssl.SSLError:
- ssl_sock.close()
- success = True
+ ssl_sock.sendall(
+ """Host: localhost\r\nConnection: close\r\n\r\n""".encode()
+ )
- if not success:
- pytest.fail('Connection is not closed.')
+ assert (
+ client.recvall(ssl_sock).decode().startswith('HTTP/1.1 200 OK')
+ ), 'finish request'
- def test_reconfigure_tls_3(self):
- ssl_sock = self.create_socket()
+
+def test_reconfigure_tls_2():
+ ssl_sock = create_socket()
+
+ # Waiting for connection completion.
+ # Delay should be more than TCP_DEFER_ACCEPT.
+ time.sleep(1.5)
+
+ clear_conf()
+
+ try:
ssl_sock.do_handshake()
+ except ssl.SSLError:
+ ssl_sock.close()
+ success = True
+
+ if not success:
+ pytest.fail('Connection is not closed.')
+
+
+def test_reconfigure_tls_3():
+ ssl_sock = create_socket()
+ ssl_sock.do_handshake()
- self.clear_conf()
+ clear_conf()
- assert self.get(sock=ssl_sock)['status'] == 408, 'request timeout'
+ assert client.get(sock=ssl_sock)['status'] == 408, 'request timeout'