pytests: import test_tls_no_cert (test14)

parent d0cfac15
......@@ -66,3 +66,11 @@ def make_kresd_sock(request, kresd):
@pytest.fixture
def kresd_sock(make_kresd_sock):
return make_kresd_sock()
@pytest.fixture(params=[
socket.AF_INET,
socket.AF_INET6,
])
def sock_family(request):
return request.param
......@@ -2,7 +2,6 @@ from contextlib import ContextDecorator
import os
import re
import socket
import ssl
import subprocess
import time
......@@ -26,21 +25,6 @@ def create_file_from_template(template_path, dest, data):
fh.write(rendered_template)
def make_ssl_context():
# set TLS v1.2+
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
# turn off certificate verification
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
return context
class Kresd(ContextDecorator):
def __init__(self, workdir, port, tls_port, ip=None, ip6=None):
if ip is None and ip6 is None:
......@@ -154,7 +138,7 @@ class Kresd(ContextDecorator):
def _tls_socket(self, family):
sock, dest = self.stream_socket(family, tls=True)
ctx = make_ssl_context()
ctx = utils.make_ssl_context(insecure=True)
ssock = ctx.wrap_socket(sock)
try:
ssock.connect(dest)
......
"""Tests with TLS certificates"""
import utils
def test_tls_no_cert(kresd, sock_family):
sock, dest = kresd.stream_socket(sock_family, tls=True)
ctx = utils.make_ssl_context(insecure=True)
ssock = ctx.wrap_socket(sock)
ssock.connect(dest)
utils.ping_alive(ssock)
from contextlib import contextmanager
import ssl
import struct
import random
......@@ -93,3 +94,25 @@ def expect_kresd_close(rst_ok=False):
raise BrokenPipeError
else:
pytest.skip("kresd closed connection with TCP RST")
def make_ssl_context(insecure=False, verify_location=None):
# set TLS v1.2+
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
if insecure:
# turn off certificate verification
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
else:
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
if verify_location is not None:
context.load_verify_locations(verify_location)
return context
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment