From: Stefan Eissing Date: Fri, 15 Mar 2024 09:10:13 +0000 (+0100) Subject: mbedtls: fix pytest for newer versions X-Git-Tag: curl-8_7_0~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d0fd382a29b95561b90b7ea3e7eb04dfdd43538;p=thirdparty%2Fcurl.git mbedtls: fix pytest for newer versions Fix the expectations in pytest for newer versions of mbedtls Closes #13132 --- diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 3fefb612bd..5f07e78ef7 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -687,14 +687,13 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) &backend->clicert, &backend->pk); } - if(connssl->peer.sni) { - if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni)) { - /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and - the name to set in the SNI extension. So even if curl connects to a - host specified as an IP address, this function must be used. */ - failf(data, "Failed to set SNI"); - return CURLE_SSL_CONNECT_ERROR; - } + if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni? + connssl->peer.sni : connssl->peer.hostname)) { + /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and + the name to set in the SNI extension. So even if curl connects to a + host specified as an IP address, this function must be used. */ + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; } #ifdef HAS_ALPN diff --git a/tests/http/test_10_proxy.py b/tests/http/test_10_proxy.py index ad3a5990f1..c191432fb0 100644 --- a/tests/http/test_10_proxy.py +++ b/tests/http/test_10_proxy.py @@ -362,6 +362,10 @@ class TestProxy: xargs = curl.get_proxy_args(proto=proto, use_ip=True) r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True, extra_args=xargs) - r.check_response(count=1, http_status=200, - protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1') + if env.curl_uses_lib('mbedtls') and \ + not env.curl_lib_version_at_least('mbedtls', '3.5.0'): + r.check_exit_code(60) # CURLE_PEER_FAILED_VERIFICATION + else: + r.check_response(count=1, http_status=200, + protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1') diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py index 29f9726f7b..a207059dcd 100644 --- a/tests/http/testenv/env.py +++ b/tests/http/testenv/env.py @@ -185,15 +185,15 @@ class EnvConfig: log.error(f'{self.apxs} failed to run: {e}') return self._httpd_version - def _versiontuple(self, v): + def versiontuple(self, v): v = re.sub(r'(\d+\.\d+(\.\d+)?)(-\S+)?', r'\1', v) return tuple(map(int, v.split('.'))) def httpd_is_at_least(self, minv): if self.httpd_version is None: return False - hv = self._versiontuple(self.httpd_version) - return hv >= self._versiontuple(minv) + hv = self.versiontuple(self.httpd_version) + return hv >= self.versiontuple(minv) def is_complete(self) -> bool: return os.path.isfile(self.httpd) and \ @@ -275,6 +275,14 @@ class Env: return lversion[len(prefix):] return 'unknown' + @staticmethod + def curl_lib_version_at_least(libname: str, min_version) -> str: + lversion = Env.curl_lib_version(libname) + if lversion != 'unknown': + return Env.CONFIG.versiontuple(min_version) <= \ + Env.CONFIG.versiontuple(lversion) + return False + @staticmethod def curl_os() -> str: return Env.CONFIG.curl_props['os']