From 8e333d4b709dec066e8d808c9b476d93c2490eab Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Thu, 15 Nov 2018 17:10:06 +0100 Subject: [PATCH] pytests: import test_tls_no_cert (test14) --- tests/pytests/conftest.py | 8 ++++++++ tests/pytests/kresd.py | 18 +----------------- tests/pytests/test_tls_certs.py | 12 ++++++++++++ tests/pytests/utils.py | 23 +++++++++++++++++++++++ 4 files changed, 44 insertions(+), 17 deletions(-) create mode 100644 tests/pytests/test_tls_certs.py diff --git a/tests/pytests/conftest.py b/tests/pytests/conftest.py index cbb89a489..b065f9d43 100644 --- a/tests/pytests/conftest.py +++ b/tests/pytests/conftest.py @@ -66,3 +66,11 @@ def make_kresd_sock(request, kresd): @pytest.fixture def kresd_sock(make_kresd_sock): return make_kresd_sock() + + +@pytest.fixture(params=[ + socket.AF_INET, + socket.AF_INET6, +]) +def sock_family(request): + return request.param diff --git a/tests/pytests/kresd.py b/tests/pytests/kresd.py index 54617b8bc..72b856810 100644 --- a/tests/pytests/kresd.py +++ b/tests/pytests/kresd.py @@ -2,7 +2,6 @@ from contextlib import ContextDecorator import os import re import socket -import ssl import subprocess import time @@ -26,21 +25,6 @@ def create_file_from_template(template_path, dest, data): fh.write(rendered_template) -def make_ssl_context(): - # set TLS v1.2+ - context = ssl.SSLContext(ssl.PROTOCOL_TLS) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 - context.options |= ssl.OP_NO_TLSv1 - context.options |= ssl.OP_NO_TLSv1_1 - - # turn off certificate verification - context.check_hostname = False - context.verify_mode = ssl.CERT_NONE - - return context - - class Kresd(ContextDecorator): def __init__(self, workdir, port, tls_port, ip=None, ip6=None): if ip is None and ip6 is None: @@ -154,7 +138,7 @@ class Kresd(ContextDecorator): def _tls_socket(self, family): sock, dest = self.stream_socket(family, tls=True) - ctx = make_ssl_context() + ctx = utils.make_ssl_context(insecure=True) ssock = ctx.wrap_socket(sock) try: ssock.connect(dest) diff --git a/tests/pytests/test_tls_certs.py b/tests/pytests/test_tls_certs.py new file mode 100644 index 000000000..a4536969a --- /dev/null +++ b/tests/pytests/test_tls_certs.py @@ -0,0 +1,12 @@ +"""Tests with TLS certificates""" + +import utils + + +def test_tls_no_cert(kresd, sock_family): + sock, dest = kresd.stream_socket(sock_family, tls=True) + ctx = utils.make_ssl_context(insecure=True) + ssock = ctx.wrap_socket(sock) + ssock.connect(dest) + + utils.ping_alive(ssock) diff --git a/tests/pytests/utils.py b/tests/pytests/utils.py index 20218dfd5..a809d78d4 100644 --- a/tests/pytests/utils.py +++ b/tests/pytests/utils.py @@ -1,4 +1,5 @@ from contextlib import contextmanager +import ssl import struct import random @@ -93,3 +94,25 @@ def expect_kresd_close(rst_ok=False): raise BrokenPipeError else: pytest.skip("kresd closed connection with TCP RST") + + +def make_ssl_context(insecure=False, verify_location=None): + # set TLS v1.2+ + context = ssl.SSLContext(ssl.PROTOCOL_TLS) + context.options |= ssl.OP_NO_SSLv2 + context.options |= ssl.OP_NO_SSLv3 + context.options |= ssl.OP_NO_TLSv1 + context.options |= ssl.OP_NO_TLSv1_1 + + if insecure: + # turn off certificate verification + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + else: + context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = True + + if verify_location is not None: + context.load_verify_locations(verify_location) + + return context -- 2.47.2