From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 16 Oct 2024 14:21:03 +0000 (+0200)
Subject: tests/http: fix ubuntu GnuTLS CI failures
X-Git-Tag: curl-8_11_0~132
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c97cd8282119b2a743901b5e7b640ccea26aa7b5;p=thirdparty%2Fcurl.git

tests/http: fix ubuntu GnuTLS CI failures

Override the system default config in test_17_09, since we want to check
all TLS versions. Provide own, empty config file to gnutls, so that any
system wide file has no effect.

The latest ubunu image in GH CI disables TLS 1.0 and 1.1
system wide for GnuTLS. Good intentions.

Closes #15310
---

diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py
index 125b6387e7..c35abb35aa 100644
--- a/tests/http/test_17_ssl_use.py
+++ b/tests/http/test_17_ssl_use.py
@@ -280,7 +280,15 @@ class TestSSLUse:
         httpd.reload_if_config_changed()
         proto = 'http/1.1'
         run_env = os.environ.copy()
-        run_env['CURL_USE_EARLYDATA'] = '1'
+        if env.curl_uses_lib('gnutls'):
+            # we need to override any default system configuration since
+            # we want to test all protocol versions. Ubuntu (or the GH image)
+            # disable TSL1.0 and TLS1.1 system wide. We do not want.
+            our_config = os.path.join(env.gen_dir, 'gnutls_config')
+            if not os.path.exists(our_config):
+                with open(our_config, 'w') as fd:
+                    fd.write('# empty\n')
+            run_env['GNUTLS_SYSTEM_PRIORITY_FILE'] = our_config
         curl = CurlClient(env=env, run_env=run_env)
         url = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo'
         # SSL backend specifics
@@ -297,10 +305,11 @@ class TestSSLUse:
         # test
         extra_args = [[], ['--tlsv1'], ['--tlsv1.0'], ['--tlsv1.1'], ['--tlsv1.2'], ['--tlsv1.3']][min_ver+2] + \
             [['--tls-max', '1.0'], ['--tls-max', '1.1'], ['--tls-max', '1.2'], ['--tls-max', '1.3'], []][max_ver]
+        extra_args.extend(['--trace-config', 'ssl'])
         r = curl.http_get(url=url, alpn_proto=proto, extra_args=extra_args)
         if max_ver >= min_ver and tls_proto in supported[max(0, min_ver):min(max_ver, 3)+1]:
-            assert r.exit_code == 0 , r.dump_logs()
+            assert r.exit_code == 0, f'extra_args={extra_args}\n{r.dump_logs()}'
             assert r.json['HTTPS'] == 'on', r.dump_logs()
             assert r.json['SSL_PROTOCOL'] == tls_proto, r.dump_logs()
         else:
-            assert r.exit_code != 0, r.dump_logs()
+            assert r.exit_code != 0, f'extra_args={extra_args}\n{r.dump_logs()}'