upstream_port: Optional[int] = None,
certname: Optional[str] = 'tt',
close: Optional[int] = None,
- rehandshake: bool = False
+ rehandshake: bool = False,
+ force_tls13: bool = False
) -> None:
super().__init__(local_ip, local_port, upstream_ip, upstream_port)
if certname is not None:
self.key_path = None
self.close = close
self.rehandshake = rehandshake
+ self.force_tls13 = force_tls13
def get_args(self):
args = super().get_args()
args.append(str(self.close))
if self.rehandshake:
args.append('--rehandshake')
+ if self.force_tls13:
+ args.append('--tls13')
return args
import re
import time
-from proxy import HINTS, kresd_tls_client, resolve_hint, TLSProxy
+import pytest
+from proxy import HINTS, kresd_tls_client, resolve_hint, TLSProxy
-def test_proxy_rehandshake(tmpdir):
- proxy = TLSProxy(rehandshake=True)
+def verify_rehandshake(tmpdir, proxy):
with kresd_tls_client(str(tmpdir), proxy) as kresd:
sock2 = kresd.ip_tcp_socket()
try:
n_rehandshake += 1
assert n_connecting_to == 1 # should connect exactly once
assert n_rehandshake > 0
+
+
+def test_proxy_rehandshake_tls12(tmpdir):
+ proxy = TLSProxy(rehandshake=True)
+ verify_rehandshake(tmpdir, proxy)
+
+
+# TODO fix TLS v1.3 proxy / kresd rehandshake
+@pytest.mark.xfail(
+ reason="TLS 1.3 rehandshake isn't properly supported either in tlsproxy or in kresd")
+def test_proxy_rehandshake_tls13(tmpdir):
+ proxy = TLSProxy(rehandshake=True, force_tls13=True)
+ verify_rehandshake(tmpdir, proxy)
projects / thirdparty / knot-resolver.git / commitdiff
