Arrange more tests.

jfclere · Apr 12, 2024 · c400393 · c400393
1 parent 6de48da
commit c400393
Show file tree

Hide file tree

Showing 6 changed files with 126 additions and 14 deletions.
diff --git a/test/modules/tls/conf.py b/test/modules/tls/conf.py
@@ -13,7 +13,10 @@ def __init__(self, env: HttpdTestEnv, extras: Dict[str, Any] = None):
 
     def start_tls_vhost(self, domains: List[str], port=None, ssl_module=None):
         if ssl_module is None:
-            ssl_module = 'mod_tls'
+            if not self.env.has_shared_module("tls"):
+                ssl_module = "mod_ssl"
+            else:
+                ssl_module = 'mod_tls'
         super().start_vhost(domains=domains, port=port, doc_root=f"htdocs/{domains[0]}", ssl_module=ssl_module)
 
     def end_tls_vhost(self):
@@ -39,8 +42,12 @@ def add_md_vhosts(self, domains: List[str], port = None):
                     f"    MDCertificateKeyFile {pkey_file}",
                     ])
             self.add("</MDomain>")
+            if self.env.has_shared_module("tls"):
+                ssl_module= "mod_tls"
+            else:
+                ssl_module= "mod_ssl"
             super().add_vhost(domains=[domain], port=port, doc_root=f"htdocs/{domain}",
-                              with_ssl=True, with_certificates=False, ssl_module='mod_tls')
+                              with_ssl=True, with_certificates=False, ssl_module=ssl_module)
 
     def add_md_base(self, domain: str):
         self.add([

diff --git a/test/modules/tls/test_02_conf.py b/test/modules/tls/test_02_conf.py
@@ -64,9 +64,15 @@ def test_tls_02_conf_cert_listen_wrong(self, env):
     ])
     def test_tls_02_conf_cert_listen_valid(self, env, listen: str):
         conf = TlsTestConf(env=env)
-        conf.add("TLSEngine {listen}".format(listen=listen))
-        conf.install()
-        assert env.apache_restart() == 0
+        if not env.has_shared_module("tls"):
+            # Without cert/key openssl will complain
+            conf.add("SSLEngine on");
+            conf.install()
+            assert env.apache_restart() == 1
+        else:
+            conf.add("TLSEngine {listen}".format(listen=listen))
+            conf.install()
+            assert env.apache_restart() == 0
 
     def test_tls_02_conf_cert_listen_cert(self, env):
         domain = env.domain_a

diff --git a/test/modules/tls/test_05_proto.py b/test/modules/tls/test_05_proto.py
@@ -50,8 +50,8 @@ def test_tls_05_proto_close(self, env):
     def test_tls_05_proto_ssl_close(self, env):
         conf = TlsTestConf(env=env, extras={
             'base': "LogLevel ssl:debug",
-            env.domain_a: "SSLProtocol TLSv1.3",
-            env.domain_b: "SSLProtocol TLSv1.2",
+            env.domain_a: "TLSProtocol TLSv1.3",
+            env.domain_b: "TLSProtocol TLSv1.2",
         })
         for d in [env.domain_a, env.domain_b]:
             conf.add_vhost(domains=[d], port=env.https_port)

diff --git a/test/modules/tls/test_06_ciphers.py b/test/modules/tls/test_06_ciphers.py
@@ -181,7 +181,10 @@ def test_tls_06_ciphers_pref_unsupported(self, env):
         })
         conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b])
         conf.install()
-        assert env.apache_restart() == 0
+        if not conf.env.has_shared_module("tls"):
+            assert env.apache_restart() != 0
+        else:
+            assert env.apache_restart() == 0
         #
         env.httpd_error_log.ignore_recent(
             lognos = [
@@ -204,4 +207,6 @@ def test_tls_06_ciphers_supp_unsupported(self, env):
         })
         conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b])
         conf.install()
+        if not conf.env.has_shared_module("tls"):
+            return
         assert env.apache_restart() == 0
diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py
@@ -23,7 +23,10 @@ def _class_scope(self, env):
     def test_tls_08_vars_root(self, env):
         # in domain_b root, the StdEnvVars is switch on
         exp_proto = "TLSv1.2"
-        exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+        if env.has_shared_module("tls"):
+            exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+        else:
+            exp_cipher = "ECDHE-ECDSA-AES256-GCM-SHA384"
         options = [ '--tls-max', '1.2']
         r = env.tls_get(env.domain_b, "/vars.py", options=options)
         assert r.exit_code == 0, r.stderr
@@ -47,7 +50,12 @@ def test_tls_08_vars_root(self, env):
     def test_tls_08_vars_const(self, env, name: str, value: str):
         r = env.tls_get(env.domain_b, f"/vars.py?name={name}")
         assert r.exit_code == 0, r.stderr
-        assert r.json == {name: value}, r.stdout
+        if env.has_shared_module("tls"):
+            assert r.json == {name: value}, r.stdout
+        else:
+            if name == "SSL_SECURE_RENEG":
+                value = "true"
+            assert r.json == {name: value}, r.stdout
 
     @pytest.mark.parametrize("name, pattern", [
         ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'),
@@ -57,4 +65,11 @@ def test_tls_08_vars_match(self, env, name: str, pattern: str):
         r = env.tls_get(env.domain_b, f"/vars.py?name={name}")
         assert r.exit_code == 0, r.stderr
         assert name in r.json
-        assert re.match(pattern, r.json[name]), r.json
+        if env.has_shared_module("tls"):
+            assert re.match(pattern, r.json[name]), r.json
+        else:
+            if name == "SSL_VERSION_INTERFACE":
+                pattern = r'mod_ssl/\d+\.\d+\.\d+'
+            else:
+                pattern = r'OpenSSL/\d+\.\d+\.\d+'
+            assert re.match(pattern, r.json[name]), r.json
diff --git a/test/pyhttpd/conf.py b/test/pyhttpd/conf.py
@@ -26,15 +26,94 @@ def __repr__(self):
     def install(self):
         self.env.install_test_conf(self._lines)
 
+    def replacetlsstr(self, line):
+            l = line.replace("TLS_", "")
+            l = l.replace("\n", " ")
+            l = l.replace("\\", " ")
+            l = " ".join(l.split())
+            l = l.replace(" ", ":")
+            l = l.replace("_", "-")
+            l = l.replace("-WITH", "")
+            l = l.replace("AES-", "AES")
+            l = l.replace("POLY1305-SHA256", "POLY1305")
+            return l
+
+    def replaceinstr(self, line):
+        if line.startswith("TLSCiphersPrefer"):
+            # the "TLS_" are changed into "".
+            l = self.replacetlsstr(line)
+            l = l.replace("TLSCiphersPrefer:", "SSLCipherSuite ")
+        elif line.startswith("TLSCiphersSuppress"):
+            # like SSLCipherSuite but with :!
+            l = self.replacetlsstr(line)
+            l = l.replace("TLSCiphersSuppress:", "SSLCipherSuite !")
+            l = l.replace(":", ":!")
+        elif line.startswith("TLSCertificate"):
+            l = line.replace("TLSCertificate", "SSLCertificateFile")
+        elif line.startswith("TLSProtocol"):
+            # mod_ssl is different (+ no supported and 0x code have to be translated)
+            l = line.replace("TLSProtocol", "SSLProtocol")
+            l = l.replace("+", "")
+            l = l.replace("default", "all")
+            l = l.replace("0x0303", "1.3") # need to check 1.2 and 1.1
+        elif line.startswith("TLSHonorClientOrder"):
+            # mod_ssl has SSLHonorCipherOrder on = use server off = use client.
+            l = line.lower()
+            if "on" in l:
+                l = "SSLHonorCipherOrder off"
+            else:
+                l = "SSLHonorCipherOrder on"
+        elif line.startswith("TLSEngine"):
+            # In fact it should go in the corresponding VirtualHost... Not sure how to do that.
+            l = "SSLEngine On"
+        else:
+            if line != "":
+                l = line.replace("TLS", "SSL")
+            else:
+                l = line
+        return l
+
     def add(self, line: Any):
+        # make we transform the TLS to SSL if we are using mod_ssl
         if isinstance(line, str):
+            if not HttpdTestEnv.has_shared_module("tls"):
+                line = self.replaceinstr(line)
             if self._indents > 0:
                 line = f"{'  ' * self._indents}{line}"
             self._lines.append(line)
         else:
-            if self._indents > 0:
-                line = [f"{'  ' * self._indents}{l}" for l in line]
-            self._lines.extend(line)
+            if not HttpdTestEnv.has_shared_module("tls"):
+                new = []
+                previous = ""
+                for l in line:
+                    if previous.startswith("SSLCipherSuite"):
+                        if l.startswith("TLSCiphersPrefer") or l.startswith("TLSCiphersSuppress"):
+                            # we need to merge it   
+                            l = self.replaceinstr(l)
+                            l = l.replace("SSLCipherSuite ", ":")
+                            previous = previous + l
+                            continue
+                        else:
+                            if self._indents > 0:
+                                previous = f"{'  ' * self._indents}{previous}"
+                            new.append(previous)
+                            previous = ""
+                    l = self.replaceinstr(l)
+                    if l.startswith("SSLCipherSuite"):
+                        previous = l
+                        continue
+                    if self._indents > 0:
+                        l = f"{'  ' * self._indents}{l}"
+                    new.append(l)
+                if previous != "":
+                    if self._indents > 0:
+                        previous = f"{'  ' * self._indents}{previous}"
+                    new.append(previous)
+                self._lines.extend(new)
+            else:
+                if self._indents > 0:
+                    line = [f"{'  ' * self._indents}{l}" for l in line]
+                self._lines.extend(line)
         return self
 
     def add_certificate(self, cert_file, key_file, ssl_module=None):