Deleted Added
1import ssl
2import subprocess
3
4import pytest
5
6from unit.applications.tls import TestApplicationTLS
7from unit.option import option
8
9
10class TestTLSSNI(TestApplicationTLS):
11 prerequisites = {'modules': {'openssl': 'any'}}
12
13 def setup_method(self):

--- 5 unchanged lines hidden (view full) ---

19 }
20 )
21
22 def openssl_date_to_sec_epoch(self, date):
23 return self.date_to_sec_epoch(date, '%b %d %H:%M:%S %Y %Z')
24
25 def add_tls(self, cert='default'):
26 assert 'success' in self.conf(
27 {"pass": "routes", "tls": {"certificate": cert}},
28 'listeners/*:7080',
29 )
30
31 def remove_tls(self):
32 assert 'success' in self.conf({"pass": "routes"}, 'listeners/*:7080')
33
34 def generate_ca_conf(self):
35 with open(option.temp_dir + '/ca.conf', 'w') as f:

--- 110 unchanged lines hidden (view full) ---

146 start=True,
147 )
148
149 assert resp['status'] == 200
150 assert sock.getpeercert()['subject'][0][0][1] == expect
151
152 def test_tls_sni(self):
153 bundles = {
154 "default": {"subj": "default", "alt_names": ["default"]},
155 "localhost.com": {
156 "subj": "localhost.com",
157 "alt_names": ["alt1.localhost.com"],
158 },
159 "example.com": {
160 "subj": "example.com",
161 "alt_names": ["alt1.example.com", "alt2.example.com"],
162 },

--- 32 unchanged lines hidden (view full) ---

195 self.config_bundles(bundles)
196 self.add_tls(["localhost.com"])
197
198 self.check_cert('domain.com', bundles['localhost.com']['subj'])
199 self.check_cert('alt1.domain.com', bundles['localhost.com']['subj'])
200
201 def test_tls_sni_wildcard(self):
202 bundles = {
203 "localhost.com": {"subj": "localhost.com", "alt_names": []},
204 "example.com": {
205 "subj": "example.com",
206 "alt_names": ["*.example.com", "*.alt.example.com"],
207 },
208 }
209 self.config_bundles(bundles)
210 self.add_tls(["localhost.com", "example.com"])
211

--- 23 unchanged lines hidden (view full) ---

235 }
236 self.config_bundles(bundles)
237 self.add_tls(["localhost", "example"])
238
239 self.check_cert('localhost', bundles['localhost']['subj'])
240 self.check_cert('example', bundles['localhost']['subj'])
241
242 def test_tls_sni_empty_cn(self):
243 bundles = {"localhost": {"alt_names": ["alt.localhost.com"]}}
244 self.config_bundles(bundles)
245 self.add_tls(["localhost"])
246
247 resp, sock = self.get_ssl(
248 headers={
249 'Host': 'domain.com',
250 'Content-Length': '0',
251 'Connection': 'close',
252 },
253 start=True,
254 )
255
256 assert resp['status'] == 200
257 assert (
258 sock.getpeercert()['subjectAltName'][0][1] == 'alt.localhost.com'
259 )
260
261 def test_tls_sni_invalid(self):
262 self.config_bundles({"localhost": {"subj": "subj1", "alt_names": ''}})
263 self.add_tls(["localhost"])
264
265 def check_certificate(cert):
266 assert 'error' in self.conf(
267 {"pass": "routes", "tls": {"certificate": cert}},
268 'listeners/*:7080',
269 )
270
271 check_certificate('')
272 check_certificate('blah')
273 check_certificate([])
274 check_certificate(['blah'])
275 check_certificate(['localhost', 'blah'])
276 check_certificate(['localhost', []])