From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Mon, 21 Jan 2019 13:41:31 +0000 (+0100)
Subject: pytests/proxy: run test_rehandshake with TLS 1.3 as well
X-Git-Tag: v4.0.0~47^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d8ff621b0d892ca407d6b95879d7f15212a4eec;p=thirdparty%2Fknot-resolver.git

pytests/proxy: run test_rehandshake with TLS 1.3 as well
---

diff --git a/tests/pytests/proxy.py b/tests/pytests/proxy.py
index dd402e822..610ca21a1 100644
--- a/tests/pytests/proxy.py
+++ b/tests/pytests/proxy.py
@@ -89,7 +89,8 @@ class TLSProxy(Proxy):
                 upstream_port: Optional[int] = None,
                 certname: Optional[str] = 'tt',
                 close: Optional[int] = None,
-                rehandshake: bool = False
+                rehandshake: bool = False,
+                force_tls13: bool = False
             ) -> None:
         super().__init__(local_ip, local_port, upstream_ip, upstream_port)
         if certname is not None:
@@ -100,6 +101,7 @@ class TLSProxy(Proxy):
             self.key_path = None
         self.close = close
         self.rehandshake = rehandshake
+        self.force_tls13 = force_tls13
 
     def get_args(self):
         args = super().get_args()
@@ -114,6 +116,8 @@ class TLSProxy(Proxy):
             args.append(str(self.close))
         if self.rehandshake:
             args.append('--rehandshake')
+        if self.force_tls13:
+            args.append('--tls13')
         return args
 
 
diff --git a/tests/pytests/test_rehandshake.py b/tests/pytests/test_rehandshake.py
index 27c207000..6a0f5915e 100644
--- a/tests/pytests/test_rehandshake.py
+++ b/tests/pytests/test_rehandshake.py
@@ -11,12 +11,12 @@ and sent back to the client (this test).
 import re
 import time
 
-from proxy import HINTS, kresd_tls_client, resolve_hint, TLSProxy
+import pytest
 
+from proxy import HINTS, kresd_tls_client, resolve_hint, TLSProxy
 
-def test_proxy_rehandshake(tmpdir):
-    proxy = TLSProxy(rehandshake=True)
 
+def verify_rehandshake(tmpdir, proxy):
     with kresd_tls_client(str(tmpdir), proxy) as kresd:
         sock2 = kresd.ip_tcp_socket()
         try:
@@ -36,3 +36,16 @@ def test_proxy_rehandshake(tmpdir):
                     n_rehandshake += 1
             assert n_connecting_to == 1  # should connect exactly once
             assert n_rehandshake > 0
+
+
+def test_proxy_rehandshake_tls12(tmpdir):
+    proxy = TLSProxy(rehandshake=True)
+    verify_rehandshake(tmpdir, proxy)
+
+
+# TODO fix TLS v1.3 proxy / kresd rehandshake
+@pytest.mark.xfail(
+    reason="TLS 1.3 rehandshake isn't properly supported either in tlsproxy or in kresd")
+def test_proxy_rehandshake_tls13(tmpdir):
+    proxy = TLSProxy(rehandshake=True, force_tls13=True)
+    verify_rehandshake(tmpdir, proxy)