test_tls_sni.py (1843:1dab4306e8da) test_tls_sni.py (1848:4bd548074e2c)
1import subprocess
2import ssl
1import ssl
2import subprocess
3
4import pytest
3
4import pytest
5
5from unit.applications.tls import TestApplicationTLS
6from unit.option import option
7
8
9class TestTLSSNI(TestApplicationTLS):
10 prerequisites = {'modules': {'openssl': 'any'}}
11
12 def setup_method(self):

--- 5 unchanged lines hidden (view full) ---

18 }
19 )
20
21 def openssl_date_to_sec_epoch(self, date):
22 return self.date_to_sec_epoch(date, '%b %d %H:%M:%S %Y %Z')
23
24 def add_tls(self, cert='default'):
25 assert 'success' in self.conf(
6from unit.applications.tls import TestApplicationTLS
7from unit.option import option
8
9
10class TestTLSSNI(TestApplicationTLS):
11 prerequisites = {'modules': {'openssl': 'any'}}
12
13 def setup_method(self):

--- 5 unchanged lines hidden (view full) ---

19 }
20 )
21
22 def openssl_date_to_sec_epoch(self, date):
23 return self.date_to_sec_epoch(date, '%b %d %H:%M:%S %Y %Z')
24
25 def add_tls(self, cert='default'):
26 assert 'success' in self.conf(
26 {
27 "pass": "routes",
28 "tls": {"certificate": cert}
29 },
27 {"pass": "routes", "tls": {"certificate": cert}},
30 'listeners/*:7080',
31 )
32
33 def remove_tls(self):
34 assert 'success' in self.conf({"pass": "routes"}, 'listeners/*:7080')
35
36 def generate_ca_conf(self):
37 with open(option.temp_dir + '/ca.conf', 'w') as f:

--- 110 unchanged lines hidden (view full) ---

148 start=True,
149 )
150
151 assert resp['status'] == 200
152 assert sock.getpeercert()['subject'][0][0][1] == expect
153
154 def test_tls_sni(self):
155 bundles = {
28 'listeners/*:7080',
29 )
30
31 def remove_tls(self):
32 assert 'success' in self.conf({"pass": "routes"}, 'listeners/*:7080')
33
34 def generate_ca_conf(self):
35 with open(option.temp_dir + '/ca.conf', 'w') as f:

--- 110 unchanged lines hidden (view full) ---

146 start=True,
147 )
148
149 assert resp['status'] == 200
150 assert sock.getpeercert()['subject'][0][0][1] == expect
151
152 def test_tls_sni(self):
153 bundles = {
156 "default": {
157 "subj": "default",
158 "alt_names": ["default"],
159 },
154 "default": {"subj": "default", "alt_names": ["default"]},
160 "localhost.com": {
161 "subj": "localhost.com",
162 "alt_names": ["alt1.localhost.com"],
163 },
164 "example.com": {
165 "subj": "example.com",
166 "alt_names": ["alt1.example.com", "alt2.example.com"],
167 },

--- 32 unchanged lines hidden (view full) ---

200 self.config_bundles(bundles)
201 self.add_tls(["localhost.com"])
202
203 self.check_cert('domain.com', bundles['localhost.com']['subj'])
204 self.check_cert('alt1.domain.com', bundles['localhost.com']['subj'])
205
206 def test_tls_sni_wildcard(self):
207 bundles = {
155 "localhost.com": {
156 "subj": "localhost.com",
157 "alt_names": ["alt1.localhost.com"],
158 },
159 "example.com": {
160 "subj": "example.com",
161 "alt_names": ["alt1.example.com", "alt2.example.com"],
162 },

--- 32 unchanged lines hidden (view full) ---

195 self.config_bundles(bundles)
196 self.add_tls(["localhost.com"])
197
198 self.check_cert('domain.com', bundles['localhost.com']['subj'])
199 self.check_cert('alt1.domain.com', bundles['localhost.com']['subj'])
200
201 def test_tls_sni_wildcard(self):
202 bundles = {
208 "localhost.com": {
209 "subj": "localhost.com",
210 "alt_names": [],
211 },
203 "localhost.com": {"subj": "localhost.com", "alt_names": []},
212 "example.com": {
213 "subj": "example.com",
214 "alt_names": ["*.example.com", "*.alt.example.com"],
215 },
216 }
217 self.config_bundles(bundles)
218 self.add_tls(["localhost.com", "example.com"])
219

--- 23 unchanged lines hidden (view full) ---

243 }
244 self.config_bundles(bundles)
245 self.add_tls(["localhost", "example"])
246
247 self.check_cert('localhost', bundles['localhost']['subj'])
248 self.check_cert('example', bundles['localhost']['subj'])
249
250 def test_tls_sni_empty_cn(self):
204 "example.com": {
205 "subj": "example.com",
206 "alt_names": ["*.example.com", "*.alt.example.com"],
207 },
208 }
209 self.config_bundles(bundles)
210 self.add_tls(["localhost.com", "example.com"])
211

--- 23 unchanged lines hidden (view full) ---

235 }
236 self.config_bundles(bundles)
237 self.add_tls(["localhost", "example"])
238
239 self.check_cert('localhost', bundles['localhost']['subj'])
240 self.check_cert('example', bundles['localhost']['subj'])
241
242 def test_tls_sni_empty_cn(self):
251 bundles = {
252 "localhost": {
253 "alt_names": ["alt.localhost.com"],
254 }
255 }
243 bundles = {"localhost": {"alt_names": ["alt.localhost.com"]}}
256 self.config_bundles(bundles)
257 self.add_tls(["localhost"])
258
259 resp, sock = self.get_ssl(
260 headers={
261 'Host': 'domain.com',
262 'Content-Length': '0',
263 'Connection': 'close',
264 },
265 start=True,
266 )
267
268 assert resp['status'] == 200
244 self.config_bundles(bundles)
245 self.add_tls(["localhost"])
246
247 resp, sock = self.get_ssl(
248 headers={
249 'Host': 'domain.com',
250 'Content-Length': '0',
251 'Connection': 'close',
252 },
253 start=True,
254 )
255
256 assert resp['status'] == 200
269 assert sock.getpeercert()['subjectAltName'][0][1] == 'alt.localhost.com'
257 assert (
258 sock.getpeercert()['subjectAltName'][0][1] == 'alt.localhost.com'
259 )
270
271 def test_tls_sni_invalid(self):
272 self.config_bundles({"localhost": {"subj": "subj1", "alt_names": ''}})
273 self.add_tls(["localhost"])
274
275 def check_certificate(cert):
276 assert 'error' in self.conf(
277 {"pass": "routes", "tls": {"certificate": cert}},
278 'listeners/*:7080',
279 )
280
281 check_certificate('')
282 check_certificate('blah')
283 check_certificate([])
284 check_certificate(['blah'])
285 check_certificate(['localhost', 'blah'])
286 check_certificate(['localhost', []])
260
261 def test_tls_sni_invalid(self):
262 self.config_bundles({"localhost": {"subj": "subj1", "alt_names": ''}})
263 self.add_tls(["localhost"])
264
265 def check_certificate(cert):
266 assert 'error' in self.conf(
267 {"pass": "routes", "tls": {"certificate": cert}},
268 'listeners/*:7080',
269 )
270
271 check_certificate('')
272 check_certificate('blah')
273 check_certificate([])
274 check_certificate(['blah'])
275 check_certificate(['localhost', 'blah'])
276 check_certificate(['localhost', []])