summaryrefslogtreecommitdiffhomepage
path: root/test/test_tls_tickets.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_tls_tickets.py')
-rw-r--r--test/test_tls_tickets.py306
1 files changed, 157 insertions, 149 deletions
diff --git a/test/test_tls_tickets.py b/test/test_tls_tickets.py
index acb03428..0d8e4f36 100644
--- a/test/test_tls_tickets.py
+++ b/test/test_tls_tickets.py
@@ -9,186 +9,194 @@ from OpenSSL.SSL import (
Connection,
_lib,
)
-from unit.applications.tls import TestApplicationTLS
+from unit.applications.tls import ApplicationTLS
prerequisites = {'modules': {'openssl': 'any'}}
+client = ApplicationTLS()
-class TestTLSTicket(TestApplicationTLS):
- ticket = 'U1oDTh11mMxODuw12gS0EXX1E/PkZG13cJNQ6m5+6BGlfPTjNlIEw7PSVU3X1gTE'
- ticket2 = '5AV0DSYIYbZWZQB7fCnTHZmMxtotb/aXjam+n2XS79lTvX3Tq9xGqpC8XKNEF2lt'
- ticket80 = '6Pfil8lv/k8zf8MndPpfXaO5EAV6dhME6zs6CfUyq2yziynQwSywtKQMqHGnJ2HR\
+TICKET = 'U1oDTh11mMxODuw12gS0EXX1E/PkZG13cJNQ6m5+6BGlfPTjNlIEw7PSVU3X1gTE'
+TICKET2 = '5AV0DSYIYbZWZQB7fCnTHZmMxtotb/aXjam+n2XS79lTvX3Tq9xGqpC8XKNEF2lt'
+TICKET80 = '6Pfil8lv/k8zf8MndPpfXaO5EAV6dhME6zs6CfUyq2yziynQwSywtKQMqHGnJ2HR\
49TZXi/Y4/8RSIO7QPsU51/HLR1gWIMhVM2m9yh93Bw='
- @pytest.fixture(autouse=True)
- def setup_method_fixture(self):
- self.certificate()
- listener_conf = {
- "pass": "routes",
- "tls": {
- "certificate": "default",
- "session": {"cache_size": 0, "tickets": True},
+@pytest.fixture(autouse=True)
+def setup_method_fixture():
+ client.certificate()
+
+ listener_conf = {
+ "pass": "routes",
+ "tls": {
+ "certificate": "default",
+ "session": {"cache_size": 0, "tickets": True},
+ },
+ }
+
+ assert 'success' in client.conf(
+ {
+ "listeners": {
+ "*:7080": listener_conf,
+ "*:7081": listener_conf,
+ "*:7082": listener_conf,
},
+ "routes": [{"action": {"return": 200}}],
+ "applications": {},
}
+ ), 'load application configuration'
- assert 'success' in self.conf(
- {
- "listeners": {
- "*:7080": listener_conf,
- "*:7081": listener_conf,
- "*:7082": listener_conf,
- },
- "routes": [{"action": {"return": 200}}],
- "applications": {},
- }
- ), 'load application configuration'
-
- def set_tickets(self, tickets=True, port=7080):
- assert 'success' in self.conf(
- {"cache_size": 0, "tickets": tickets},
- f'listeners/*:{port}/tls/session',
- )
- def connect(self, ctx=None, session=None, port=7080):
- sock = socket.create_connection(('127.0.0.1', port))
+def connect(ctx=None, session=None, port=7080):
+ sock = socket.create_connection(('127.0.0.1', port))
- if ctx is None:
- ctx = Context(TLSv1_2_METHOD)
+ if ctx is None:
+ ctx = Context(TLSv1_2_METHOD)
- client = Connection(ctx, sock)
- client.set_connect_state()
+ conn = Connection(ctx, sock)
+ conn.set_connect_state()
- if session is not None:
- client.set_session(session)
+ if session is not None:
+ conn.set_session(session)
- client.do_handshake()
- client.shutdown()
+ conn.do_handshake()
+ conn.shutdown()
+
+ return (
+ conn.get_session(),
+ ctx,
+ _lib.SSL_session_reused(conn._ssl),
+ )
- return (
- client.get_session(),
- ctx,
- _lib.SSL_session_reused(client._ssl),
- )
- def has_ticket(self, sess):
- return _lib.SSL_SESSION_has_ticket(sess._session)
+def has_ticket(sess):
+ return _lib.SSL_SESSION_has_ticket(sess._session)
- @pytest.mark.skipif(
- not hasattr(_lib, 'SSL_SESSION_has_ticket'),
- reason='ticket check is not supported',
+
+def set_tickets(tickets=True, port=7080):
+ assert 'success' in client.conf(
+ {"cache_size": 0, "tickets": tickets},
+ f'listeners/*:{port}/tls/session',
)
- def test_tls_ticket(self):
- sess, ctx, reused = self.connect()
- assert self.has_ticket(sess), 'tickets True'
- assert not reused, 'tickets True not reused'
- sess, ctx, reused = self.connect(ctx, sess)
- assert self.has_ticket(sess), 'tickets True reconnect'
- assert reused, 'tickets True reused'
- self.set_tickets(tickets=False)
+@pytest.mark.skipif(
+ not hasattr(_lib, 'SSL_SESSION_has_ticket'),
+ reason='ticket check is not supported',
+)
+def test_tls_ticket():
+ sess, ctx, reused = connect()
+ assert has_ticket(sess), 'tickets True'
+ assert not reused, 'tickets True not reused'
+
+ sess, ctx, reused = connect(ctx, sess)
+ assert has_ticket(sess), 'tickets True reconnect'
+ assert reused, 'tickets True reused'
- sess, _, _ = self.connect()
- assert not self.has_ticket(sess), 'tickets False'
+ set_tickets(tickets=False)
- assert 'success' in self.conf_delete(
- 'listeners/*:7080/tls/session/tickets'
- ), 'tickets default configure'
+ sess, _, _ = connect()
+ assert not has_ticket(sess), 'tickets False'
- sess, _, _ = self.connect()
- assert not self.has_ticket(sess), 'tickets default (false)'
+ assert 'success' in client.conf_delete(
+ 'listeners/*:7080/tls/session/tickets'
+ ), 'tickets default configure'
- @pytest.mark.skipif(
- not hasattr(_lib, 'SSL_SESSION_has_ticket'),
- reason='ticket check is not supported',
- )
- def test_tls_ticket_string(self):
- self.set_tickets(self.ticket)
- sess, ctx, _ = self.connect()
- assert self.has_ticket(sess), 'tickets string'
+ sess, _, _ = connect()
+ assert not has_ticket(sess), 'tickets default (false)'
- sess2, _, reused = self.connect(ctx, sess)
- assert self.has_ticket(sess2), 'tickets string reconnect'
- assert reused, 'tickets string reused'
- sess2, _, reused = self.connect(ctx, sess, port=7081)
- assert self.has_ticket(sess2), 'connect True'
- assert not reused, 'connect True not reused'
+@pytest.mark.skipif(
+ not hasattr(_lib, 'SSL_SESSION_has_ticket'),
+ reason='ticket check is not supported',
+)
+def test_tls_ticket_string():
+ set_tickets(TICKET)
+ sess, ctx, _ = connect()
+ assert has_ticket(sess), 'tickets string'
- self.set_tickets(self.ticket2, port=7081)
+ sess2, _, reused = connect(ctx, sess)
+ assert has_ticket(sess2), 'tickets string reconnect'
+ assert reused, 'tickets string reused'
- sess2, _, reused = self.connect(ctx, sess, port=7081)
- assert self.has_ticket(sess2), 'wrong ticket'
- assert not reused, 'wrong ticket not reused'
+ sess2, _, reused = connect(ctx, sess, port=7081)
+ assert has_ticket(sess2), 'connect True'
+ assert not reused, 'connect True not reused'
- self.set_tickets(self.ticket80)
+ set_tickets(TICKET2, port=7081)
- sess, ctx, _ = self.connect()
- assert self.has_ticket(sess), 'tickets string 80'
+ sess2, _, reused = connect(ctx, sess, port=7081)
+ assert has_ticket(sess2), 'wrong ticket'
+ assert not reused, 'wrong ticket not reused'
- sess2, _, reused = self.connect(ctx, sess)
- assert self.has_ticket(sess2), 'tickets string 80 reconnect'
- assert reused, 'tickets string 80 reused'
+ set_tickets(TICKET80)
- sess2, _, reused = self.connect(ctx, sess, port=7081)
- assert self.has_ticket(sess2), 'wrong ticket 80'
- assert not reused, 'wrong ticket 80 not reused'
+ sess, ctx, _ = connect()
+ assert has_ticket(sess), 'tickets string 80'
- @pytest.mark.skipif(
- not hasattr(_lib, 'SSL_SESSION_has_ticket'),
- reason='ticket check is not supported',
- )
- def test_tls_ticket_array(self):
- self.set_tickets([])
-
- sess, ctx, _ = self.connect()
- assert not self.has_ticket(sess), 'tickets array empty'
-
- self.set_tickets([self.ticket, self.ticket2])
- self.set_tickets(self.ticket, port=7081)
- self.set_tickets(self.ticket2, port=7082)
-
- sess, ctx, _ = self.connect()
- _, _, reused = self.connect(ctx, sess, port=7081)
- assert not reused, 'not last ticket'
- _, _, reused = self.connect(ctx, sess, port=7082)
- assert reused, 'last ticket'
-
- sess, ctx, _ = self.connect(port=7081)
- _, _, reused = self.connect(ctx, sess)
- assert reused, 'first ticket'
-
- sess, ctx, _ = self.connect(port=7082)
- _, _, reused = self.connect(ctx, sess)
- assert reused, 'second ticket'
-
- assert 'success' in self.conf_delete(
- 'listeners/*:7080/tls/session/tickets/0'
- ), 'removed first ticket'
- assert 'success' in self.conf_post(
- f'"{self.ticket}"', 'listeners/*:7080/tls/session/tickets'
- ), 'add new ticket to the end of array'
-
- sess, ctx, _ = self.connect()
- _, _, reused = self.connect(ctx, sess, port=7082)
- assert not reused, 'not last ticket 2'
- _, _, reused = self.connect(ctx, sess, port=7081)
- assert reused, 'last ticket 2'
-
- def test_tls_ticket_invalid(self):
- def check_tickets(tickets):
- assert 'error' in self.conf(
- {"tickets": tickets},
- 'listeners/*:7080/tls/session',
- )
-
- check_tickets({})
- check_tickets('!?&^' * 16)
- check_tickets(f'{self.ticket[:-2]}!{self.ticket[3:]}')
- check_tickets(self.ticket[:-1])
- check_tickets(f'{self.ticket}b')
- check_tickets(f'{self.ticket}blah')
- check_tickets([True, self.ticket, self.ticket2])
- check_tickets([self.ticket, 'blah', self.ticket2])
- check_tickets([self.ticket, self.ticket2, []])
+ sess2, _, reused = connect(ctx, sess)
+ assert has_ticket(sess2), 'tickets string 80 reconnect'
+ assert reused, 'tickets string 80 reused'
+
+ sess2, _, reused = connect(ctx, sess, port=7081)
+ assert has_ticket(sess2), 'wrong ticket 80'
+ assert not reused, 'wrong ticket 80 not reused'
+
+
+@pytest.mark.skipif(
+ not hasattr(_lib, 'SSL_SESSION_has_ticket'),
+ reason='ticket check is not supported',
+)
+def test_tls_ticket_array():
+ set_tickets([])
+
+ sess, ctx, _ = connect()
+ assert not has_ticket(sess), 'tickets array empty'
+
+ set_tickets([TICKET, TICKET2])
+ set_tickets(TICKET, port=7081)
+ set_tickets(TICKET2, port=7082)
+
+ sess, ctx, _ = connect()
+ _, _, reused = connect(ctx, sess, port=7081)
+ assert not reused, 'not last ticket'
+ _, _, reused = connect(ctx, sess, port=7082)
+ assert reused, 'last ticket'
+
+ sess, ctx, _ = connect(port=7081)
+ _, _, reused = connect(ctx, sess)
+ assert reused, 'first ticket'
+
+ sess, ctx, _ = connect(port=7082)
+ _, _, reused = connect(ctx, sess)
+ assert reused, 'second ticket'
+
+ assert 'success' in client.conf_delete(
+ 'listeners/*:7080/tls/session/tickets/0'
+ ), 'removed first ticket'
+ assert 'success' in client.conf_post(
+ f'"{TICKET}"', 'listeners/*:7080/tls/session/tickets'
+ ), 'add new ticket to the end of array'
+
+ sess, ctx, _ = connect()
+ _, _, reused = connect(ctx, sess, port=7082)
+ assert not reused, 'not last ticket 2'
+ _, _, reused = connect(ctx, sess, port=7081)
+ assert reused, 'last ticket 2'
+
+
+def test_tls_ticket_invalid():
+ def check_tickets(tickets):
+ assert 'error' in client.conf(
+ {"tickets": tickets},
+ 'listeners/*:7080/tls/session',
+ )
+
+ check_tickets({})
+ check_tickets('!?&^' * 16)
+ check_tickets(f'{TICKET[:-2]}!{TICKET[3:]}')
+ check_tickets(TICKET[:-1])
+ check_tickets(f'{TICKET}b')
+ check_tickets(f'{TICKET}blah')
+ check_tickets([True, TICKET, TICKET2])
+ check_tickets([TICKET, 'blah', TICKET2])
+ check_tickets([TICKET, TICKET2, []])
generated by cgit (git 2.34.1) at 2024-11-16 20:28:20 +0000