You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by cl...@apache.org on 2021/06/23 15:59:54 UTC
[qpid-proton] branch main updated: PROTON-2397: test fixes and
extra test
This is an automated email from the ASF dual-hosted git repository.
cliffjansen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
The following commit(s) were added to refs/heads/main by this push:
new 1151c36 PROTON-2397: test fixes and extra test
1151c36 is described below
commit 1151c36ee65a43d380f12eeebead2d2fe73b76d7
Author: Cliff Jansen <cl...@apache.org>
AuthorDate: Wed Jun 23 08:55:03 2021 -0700
PROTON-2397: test fixes and extra test
---
python/tests/proton_tests/ssl.py | 51 +++++++++++++++++++++++++++++++++++++---
1 file changed, 48 insertions(+), 3 deletions(-)
diff --git a/python/tests/proton_tests/ssl.py b/python/tests/proton_tests/ssl.py
index a2efeb2..55facd0 100644
--- a/python/tests/proton_tests/ssl.py
+++ b/python/tests/proton_tests/ssl.py
@@ -100,8 +100,33 @@ class SslTest(common.Test):
def test_anonymous_cipher(self):
if os.name == "nt":
raise Skipped("Windows SChannel lacks anonymous cipher support.")
- """ By default, both the server and the client support anonymous
- ciphers - they should connect without need for a certificate.
+ """ With no configuration at all, the client default
+ VERIFY_PEER_NAME should preclude anonymous cipher TLS negotiation.
+ """
+ server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER)
+ client = SslTest.SslTestConnection(self.client_domain)
+
+ # check that no SSL connection exists
+ assert not server.ssl.cipher_name()
+ assert not client.ssl.protocol_name()
+
+ # client.transport.trace(Transport.TRACE_DRV)
+ # server.transport.trace(Transport.TRACE_DRV)
+
+ client.connection.open()
+ server.connection.open()
+ self._pump(client, server)
+
+ assert client.transport.closed
+ assert server.transport.closed
+ assert client.connection.state & Endpoint.REMOTE_UNINIT
+ assert server.connection.state & Endpoint.REMOTE_UNINIT
+
+ def test_simple_anonymous(self):
+ if os.name == "nt":
+ raise Skipped("Windows SChannel lacks anonymous cipher support.")
+ """ The simplest SSL configuration using anonymous
+ ciphers.
"""
self.client_domain.set_peer_authentication(SSLDomain.ANONYMOUS_PEER)
server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER)
@@ -147,13 +172,33 @@ class SslTest(common.Test):
server.connection.close()
self._pump(client, server)
- def test_server_certificate(self):
+ def test_server_certificate_fail(self):
+ """ Test that default configured clients cannot connect to a server that has
+ a certificate configured.
+ """
+ self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
+ self._testpath("server-private-key.pem"),
+ "server-password")
+ server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER)
+ client = SslTest.SslTestConnection(self.client_domain)
+
+ client.connection.open()
+ server.connection.open()
+ self._pump(client, server)
+
+ assert client.transport.closed
+ assert server.transport.closed
+ assert client.connection.state & Endpoint.REMOTE_UNINIT
+ assert server.connection.state & Endpoint.REMOTE_UNINIT
+
+ def test_server_certificate_no_verify(self):
""" Test that anonymous clients can still connect to a server that has
a certificate configured.
"""
self.server_domain.set_credentials(self._testpath("server-certificate.pem"),
self._testpath("server-private-key.pem"),
"server-password")
+ self.client_domain.set_peer_authentication(SSLDomain.ANONYMOUS_PEER)
server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER)
client = SslTest.SslTestConnection(self.client_domain)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org