dnsdist: Add regression tests for outgoing SNI

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)
diff --git a/regression-tests.dnsdist/test_OutgoingDOH.py b/regression-tests.dnsdist/test_OutgoingDOH.py

index 217c885fef0e9d478b73f78fa4d2ecb74bf9eee1..55c7ba57ca2fc21a26659d312390ca98920cbeea 100644 (file)
--- a/regression-tests.dnsdist/test_OutgoingDOH.py
+++ b/regression-tests.dnsdist/test_OutgoingDOH.py
@@ -283,11 +283,19 @@ class TestOutgoingDOHOpenSSL(DNSDistTest, OutgoingDOHTests):
      addAction(SuffixMatchNodeRule(smn), PoolAction('cache'))
      """
  
+    @staticmethod
+    def sniCallback(sslSocket, sni, sslContext):
+        assert(sni == 'powerdns.com')
+        return None
+
      @classmethod
      def startResponders(cls):
          tlsContext = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
          tlsContext.set_alpn_protocols(["h2"])
          tlsContext.load_cert_chain('server.chain', 'server.key')
+        # requires Python 3.7+
+        if hasattr(tlsContext, 'sni_callback'):
+            tlsContext.sni_callback = cls.sniCallback
  
          print("Launching DOH responder..")
          cls._DOHResponder = threading.Thread(name='DOH Responder', target=cls.DOHResponder, args=[cls._tlsBackendPort, cls._toResponderQueue, cls._fromResponderQueue, False, False, None, tlsContext])
diff --git a/regression-tests.dnsdist/test_OutgoingTLS.py b/regression-tests.dnsdist/test_OutgoingTLS.py

index c07be663375ed8461c368522bb22a1fc9363f321..87db8c461f29fabfeea459ce45a60f7e3d3a7eb6 100644 (file)
--- a/regression-tests.dnsdist/test_OutgoingTLS.py
+++ b/regression-tests.dnsdist/test_OutgoingTLS.py
@@ -146,10 +146,18 @@ class TestOutgoingTLSOpenSSL(DNSDistTest, OutgoingTLSTests):
      setWebserverConfig({password="%s", apiKey="%s"})
      """
  
+    @staticmethod
+    def sniCallback(sslSocket, sni, sslContext):
+        assert(sni == 'powerdns.com')
+        return None
+
      @classmethod
      def startResponders(cls):
          tlsContext = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
          tlsContext.load_cert_chain('server.chain', 'server.key')
+        # requires Python 3.7+
+        if hasattr(tlsContext, 'sni_callback'):
+            tlsContext.sni_callback = cls.sniCallback
  
          print("Launching TLS responder..")
          cls._TLSResponder = threading.Thread(name='TLS Responder', target=cls.TCPResponder, args=[cls._tlsBackendPort, cls._toResponderQueue, cls._fromResponderQueue, False, False, None, tlsContext])
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 1 Feb 2022 10:50:51 +0000 (11:50 +0100)
regression-tests.dnsdist/test_OutgoingDOH.py		patch \| blob \| blame \| history
regression-tests.dnsdist/test_OutgoingTLS.py		patch \| blob \| blame \| history