summaryrefslogtreecommitdiffhomepage
path: root/test/test_tls_sni.py
diff options
context:
space:
mode:
authorKonstantin Pavlov <thresh@nginx.com>2023-05-10 10:29:16 -0700
committerKonstantin Pavlov <thresh@nginx.com>2023-05-10 10:29:16 -0700
commit69235c513277c64b513447d9b92c3c03d616f577 (patch)
tree0780c92ba28d92b547c85ea0bee5e3040e14dee2 /test/test_tls_sni.py
parentb9bc222021e77bbdfb12576b3e315b962cf6b399 (diff)
parentfaf97dc06058de1c929af33a68adb34d3932b374 (diff)
downloadunit-1.30.0-1.tar.gz
unit-1.30.0-1.tar.bz2
Merged with the default branch.1.30.0-1
Diffstat (limited to 'test/test_tls_sni.py')
-rw-r--r--test/test_tls_sni.py51
1 files changed, 19 insertions, 32 deletions
diff --git a/test/test_tls_sni.py b/test/test_tls_sni.py
index 44cc21e1..e918bb20 100644
--- a/test/test_tls_sni.py
+++ b/test/test_tls_sni.py
@@ -30,17 +30,17 @@ class TestTLSSNI(TestApplicationTLS):
assert 'success' in self.conf({"pass": "routes"}, 'listeners/*:7080')
def generate_ca_conf(self):
- with open(option.temp_dir + '/ca.conf', 'w') as f:
+ with open(f'{option.temp_dir}/ca.conf', 'w') as f:
f.write(
- """[ ca ]
+ f"""[ ca ]
default_ca = myca
[ myca ]
-new_certs_dir = %(dir)s
-database = %(database)s
+new_certs_dir = {option.temp_dir}
+database = {option.temp_dir}/certindex
default_md = sha256
policy = myca_policy
-serial = %(certserial)s
+serial = {option.temp_dir}/certserial
default_days = 1
x509_extensions = myca_extensions
copy_extensions = copy
@@ -50,17 +50,12 @@ commonName = optional
[ myca_extensions ]
basicConstraints = critical,CA:TRUE"""
- % {
- 'dir': option.temp_dir,
- 'database': option.temp_dir + '/certindex',
- 'certserial': option.temp_dir + '/certserial',
- }
)
- with open(option.temp_dir + '/certserial', 'w') as f:
+ with open(f'{option.temp_dir}/certserial', 'w') as f:
f.write('1000')
- with open(option.temp_dir + '/certindex', 'w') as f:
+ with open(f'{option.temp_dir}/certindex', 'w') as f:
f.write('')
def config_bundles(self, bundles):
@@ -68,11 +63,7 @@ basicConstraints = critical,CA:TRUE"""
for b in bundles:
self.openssl_conf(rewrite=True, alt_names=bundles[b]['alt_names'])
- subj = (
- '/CN={}/'.format(bundles[b]['subj'])
- if 'subj' in bundles[b]
- else '/'
- )
+ subj = f'/CN={bundles[b]["subj"]}/' if 'subj' in bundles[b] else '/'
subprocess.check_output(
[
@@ -82,11 +73,11 @@ basicConstraints = critical,CA:TRUE"""
'-subj',
subj,
'-config',
- option.temp_dir + '/openssl.conf',
+ f'{option.temp_dir}/openssl.conf',
'-out',
- option.temp_dir + '/{}.csr'.format(b),
+ f'{option.temp_dir}/{b}.csr',
'-keyout',
- option.temp_dir + '/{}.key'.format(b),
+ f'{option.temp_dir}/{b}.key',
],
stderr=subprocess.STDOUT,
)
@@ -94,11 +85,7 @@ basicConstraints = critical,CA:TRUE"""
self.generate_ca_conf()
for b in bundles:
- subj = (
- '/CN={}/'.format(bundles[b]['subj'])
- if 'subj' in bundles[b]
- else '/'
- )
+ subj = f'/CN={bundles[b]["subj"]}/' if 'subj' in bundles[b] else '/'
subprocess.check_output(
[
@@ -108,15 +95,15 @@ basicConstraints = critical,CA:TRUE"""
'-subj',
subj,
'-config',
- option.temp_dir + '/ca.conf',
+ f'{option.temp_dir}/ca.conf',
'-keyfile',
- option.temp_dir + '/root.key',
+ f'{option.temp_dir}/root.key',
'-cert',
- option.temp_dir + '/root.crt',
+ f'{option.temp_dir}/root.crt',
'-in',
- option.temp_dir + '/{}.csr'.format(b),
+ f'{option.temp_dir}/{b}.csr',
'-out',
- option.temp_dir + '/{}.crt'.format(b),
+ f'{option.temp_dir}/{b}.crt',
],
stderr=subprocess.STDOUT,
)
@@ -124,7 +111,7 @@ basicConstraints = critical,CA:TRUE"""
self.context = ssl.create_default_context()
self.context.check_hostname = False
self.context.verify_mode = ssl.CERT_REQUIRED
- self.context.load_verify_locations(option.temp_dir + '/root.crt')
+ self.context.load_verify_locations(f'{option.temp_dir}/root.crt')
self.load_certs(bundles)
@@ -132,7 +119,7 @@ basicConstraints = critical,CA:TRUE"""
for bname, bvalue in bundles.items():
assert 'success' in self.certificate_load(
bname, bname
- ), 'certificate {} upload'.format(bvalue['subj'])
+ ), f'certificate {bvalue["subj"]} upload'
def check_cert(self, host, expect):
resp, sock = self.get_ssl(