diff options
author | Konstantin Pavlov <thresh@nginx.com> | 2023-08-31 09:41:46 -0700 |
---|---|---|
committer | Konstantin Pavlov <thresh@nginx.com> | 2023-08-31 09:41:46 -0700 |
commit | c45c8919c7232eb20023484f6d1fc9f1f50395d8 (patch) | |
tree | cc12eb307c1611494948645e4b487fa06495c3d2 /test/test_reconfigure_tls.py | |
parent | 88c90e1c351ab8c5bd487a5cd4b735014b08e271 (diff) | |
parent | 9b22b6957bc87b3df002d0bc691fdae6a20abdac (diff) | |
download | unit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.gz unit-c45c8919c7232eb20023484f6d1fc9f1f50395d8.tar.bz2 |
Merged with the default branch.1.31.0-1
Diffstat (limited to 'test/test_reconfigure_tls.py')
-rw-r--r-- | test/test_reconfigure_tls.py | 153 |
1 files changed, 80 insertions, 73 deletions
diff --git a/test/test_reconfigure_tls.py b/test/test_reconfigure_tls.py index 0f92a419..b473b147 100644 --- a/test/test_reconfigure_tls.py +++ b/test/test_reconfigure_tls.py @@ -3,103 +3,110 @@ import ssl import time import pytest -from unit.applications.tls import TestApplicationTLS +from unit.applications.tls import ApplicationTLS +prerequisites = {'modules': {'openssl': 'any'}} -class TestReconfigureTLS(TestApplicationTLS): - prerequisites = {'modules': {'openssl': 'any'}} +client = ApplicationTLS() - @pytest.fixture(autouse=True) - def setup_method_fixture(self): - if 'HAS_TLSv1_2' not in dir(ssl) or not ssl.HAS_TLSv1_2: - pytest.skip('OpenSSL too old') - self.certificate() +@pytest.fixture(autouse=True) +def setup_method_fixture(): + if 'HAS_TLSv1_2' not in dir(ssl) or not ssl.HAS_TLSv1_2: + pytest.skip('OpenSSL too old') - assert 'success' in self.conf( - { - "listeners": { - "*:7080": { - "pass": "routes", - "tls": {"certificate": "default"}, - } - }, - "routes": [{"action": {"return": 200}}], - "applications": {}, - } - ), 'load application configuration' + client.certificate() - def create_socket(self): - ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - ctx.check_hostname = False - ctx.verify_mode = ssl.CERT_NONE + assert 'success' in client.conf( + { + "listeners": { + "*:7080": { + "pass": "routes", + "tls": {"certificate": "default"}, + } + }, + "routes": [{"action": {"return": 200}}], + "applications": {}, + } + ), 'load application configuration' - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ssl_sock = ctx.wrap_socket( - s, server_hostname='localhost', do_handshake_on_connect=False - ) - ssl_sock.connect(('127.0.0.1', 7080)) - return ssl_sock +def create_socket(): + ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE - def clear_conf(self): - assert 'success' in self.conf({"listeners": {}, "applications": {}}) + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ssl_sock = ctx.wrap_socket( + s, server_hostname='localhost', do_handshake_on_connect=False + ) + ssl_sock.connect(('127.0.0.1', 7080)) - @pytest.mark.skip('not yet') - def test_reconfigure_tls_switch(self): - assert 'success' in self.conf_delete('listeners/*:7080/tls') + return ssl_sock - (_, sock) = self.get( - headers={'Host': 'localhost', 'Connection': 'keep-alive'}, - start=True, - read_timeout=1, - ) - assert 'success' in self.conf( - {"pass": "routes", "tls": {"certificate": "default"}}, - 'listeners/*:7080', - ) +def clear_conf(): + assert 'success' in client.conf({"listeners": {}, "applications": {}}) - assert self.get(sock=sock)['status'] == 200, 'reconfigure' - assert self.get_ssl()['status'] == 200, 'reconfigure tls' - def test_reconfigure_tls(self): - ssl_sock = self.create_socket() +@pytest.mark.skip('not yet') +def test_reconfigure_tls_switch(): + assert 'success' in client.conf_delete('listeners/*:7080/tls') - ssl_sock.sendall("""GET / HTTP/1.1\r\n""".encode()) + (_, sock) = client.get( + headers={'Host': 'localhost', 'Connection': 'keep-alive'}, + start=True, + read_timeout=1, + ) - self.clear_conf() + assert 'success' in client.conf( + {"pass": "routes", "tls": {"certificate": "default"}}, + 'listeners/*:7080', + ) - ssl_sock.sendall( - """Host: localhost\r\nConnection: close\r\n\r\n""".encode() - ) + assert client.get(sock=sock)['status'] == 200, 'reconfigure' + assert client.get_ssl()['status'] == 200, 'reconfigure tls' - assert ( - self.recvall(ssl_sock).decode().startswith('HTTP/1.1 200 OK') - ), 'finish request' - def test_reconfigure_tls_2(self): - ssl_sock = self.create_socket() +def test_reconfigure_tls(): + ssl_sock = create_socket() - # Waiting for connection completion. - # Delay should be more than TCP_DEFER_ACCEPT. - time.sleep(1.5) + ssl_sock.sendall("""GET / HTTP/1.1\r\n""".encode()) - self.clear_conf() + clear_conf() - try: - ssl_sock.do_handshake() - except ssl.SSLError: - ssl_sock.close() - success = True + ssl_sock.sendall( + """Host: localhost\r\nConnection: close\r\n\r\n""".encode() + ) - if not success: - pytest.fail('Connection is not closed.') + assert ( + client.recvall(ssl_sock).decode().startswith('HTTP/1.1 200 OK') + ), 'finish request' - def test_reconfigure_tls_3(self): - ssl_sock = self.create_socket() + +def test_reconfigure_tls_2(): + ssl_sock = create_socket() + + # Waiting for connection completion. + # Delay should be more than TCP_DEFER_ACCEPT. + time.sleep(1.5) + + clear_conf() + + try: ssl_sock.do_handshake() + except ssl.SSLError: + ssl_sock.close() + success = True + + if not success: + pytest.fail('Connection is not closed.') + + +def test_reconfigure_tls_3(): + ssl_sock = create_socket() + ssl_sock.do_handshake() - self.clear_conf() + clear_conf() - assert self.get(sock=ssl_sock)['status'] == 408, 'request timeout' + assert client.get(sock=ssl_sock)['status'] == 408, 'request timeout' |