diff --git a/test/modules/tls/conf.py b/test/modules/tls/conf.py index ddeb91f99a8..b34f746004c 100644 --- a/test/modules/tls/conf.py +++ b/test/modules/tls/conf.py @@ -13,7 +13,10 @@ def __init__(self, env: HttpdTestEnv, extras: Dict[str, Any] = None): def start_tls_vhost(self, domains: List[str], port=None, ssl_module=None): if ssl_module is None: - ssl_module = 'mod_tls' + if not self.env.has_shared_module("tls"): + ssl_module = "mod_ssl" + else: + ssl_module = 'mod_tls' super().start_vhost(domains=domains, port=port, doc_root=f"htdocs/{domains[0]}", ssl_module=ssl_module) def end_tls_vhost(self): @@ -39,8 +42,12 @@ def add_md_vhosts(self, domains: List[str], port = None): f" MDCertificateKeyFile {pkey_file}", ]) self.add("") + if self.env.has_shared_module("tls"): + ssl_module= "mod_tls" + else: + ssl_module= "mod_ssl" super().add_vhost(domains=[domain], port=port, doc_root=f"htdocs/{domain}", - with_ssl=True, with_certificates=False, ssl_module='mod_tls') + with_ssl=True, with_certificates=False, ssl_module=ssl_module) def add_md_base(self, domain: str): self.add([ diff --git a/test/modules/tls/test_02_conf.py b/test/modules/tls/test_02_conf.py index 4d6aa60200a..88be80c3a67 100644 --- a/test/modules/tls/test_02_conf.py +++ b/test/modules/tls/test_02_conf.py @@ -64,9 +64,15 @@ def test_tls_02_conf_cert_listen_wrong(self, env): ]) def test_tls_02_conf_cert_listen_valid(self, env, listen: str): conf = TlsTestConf(env=env) - conf.add("TLSEngine {listen}".format(listen=listen)) - conf.install() - assert env.apache_restart() == 0 + if not env.has_shared_module("tls"): + # Without cert/key openssl will complain + conf.add("SSLEngine on"); + conf.install() + assert env.apache_restart() == 1 + else: + conf.add("TLSEngine {listen}".format(listen=listen)) + conf.install() + assert env.apache_restart() == 0 def test_tls_02_conf_cert_listen_cert(self, env): domain = env.domain_a diff --git a/test/modules/tls/test_05_proto.py b/test/modules/tls/test_05_proto.py index d874a905efb..a2ccfd9accf 100644 --- a/test/modules/tls/test_05_proto.py +++ b/test/modules/tls/test_05_proto.py @@ -50,8 +50,8 @@ def test_tls_05_proto_close(self, env): def test_tls_05_proto_ssl_close(self, env): conf = TlsTestConf(env=env, extras={ 'base': "LogLevel ssl:debug", - env.domain_a: "SSLProtocol TLSv1.3", - env.domain_b: "SSLProtocol TLSv1.2", + env.domain_a: "TLSProtocol TLSv1.3", + env.domain_b: "TLSProtocol TLSv1.2", }) for d in [env.domain_a, env.domain_b]: conf.add_vhost(domains=[d], port=env.https_port) diff --git a/test/modules/tls/test_06_ciphers.py b/test/modules/tls/test_06_ciphers.py index 6f515e4d777..4bedd692ceb 100644 --- a/test/modules/tls/test_06_ciphers.py +++ b/test/modules/tls/test_06_ciphers.py @@ -181,7 +181,10 @@ def test_tls_06_ciphers_pref_unsupported(self, env): }) conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) conf.install() - assert env.apache_restart() == 0 + if not conf.env.has_shared_module("tls"): + assert env.apache_restart() != 0 + else: + assert env.apache_restart() == 0 # env.httpd_error_log.ignore_recent( lognos = [ @@ -204,4 +207,6 @@ def test_tls_06_ciphers_supp_unsupported(self, env): }) conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) conf.install() + if not conf.env.has_shared_module("tls"): + return assert env.apache_restart() == 0 diff --git a/test/modules/tls/test_08_vars.py b/test/modules/tls/test_08_vars.py index f1bd9b418a2..ad764a7985a 100644 --- a/test/modules/tls/test_08_vars.py +++ b/test/modules/tls/test_08_vars.py @@ -23,7 +23,10 @@ def _class_scope(self, env): def test_tls_08_vars_root(self, env): # in domain_b root, the StdEnvVars is switch on exp_proto = "TLSv1.2" - exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + if env.has_shared_module("tls"): + exp_cipher = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + else: + exp_cipher = "ECDHE-ECDSA-AES256-GCM-SHA384" options = [ '--tls-max', '1.2'] r = env.tls_get(env.domain_b, "/vars.py", options=options) assert r.exit_code == 0, r.stderr @@ -47,7 +50,12 @@ def test_tls_08_vars_root(self, env): def test_tls_08_vars_const(self, env, name: str, value: str): r = env.tls_get(env.domain_b, f"/vars.py?name={name}") assert r.exit_code == 0, r.stderr - assert r.json == {name: value}, r.stdout + if env.has_shared_module("tls"): + assert r.json == {name: value}, r.stdout + else: + if name == "SSL_SECURE_RENEG": + value = "true" + assert r.json == {name: value}, r.stdout @pytest.mark.parametrize("name, pattern", [ ("SSL_VERSION_INTERFACE", r'mod_tls/\d+\.\d+\.\d+'), @@ -57,4 +65,11 @@ def test_tls_08_vars_match(self, env, name: str, pattern: str): r = env.tls_get(env.domain_b, f"/vars.py?name={name}") assert r.exit_code == 0, r.stderr assert name in r.json - assert re.match(pattern, r.json[name]), r.json + if env.has_shared_module("tls"): + assert re.match(pattern, r.json[name]), r.json + else: + if name == "SSL_VERSION_INTERFACE": + pattern = r'mod_ssl/\d+\.\d+\.\d+' + else: + pattern = r'OpenSSL/\d+\.\d+\.\d+' + assert re.match(pattern, r.json[name]), r.json diff --git a/test/pyhttpd/conf.py b/test/pyhttpd/conf.py index cd3363fb73a..99735cc2c67 100644 --- a/test/pyhttpd/conf.py +++ b/test/pyhttpd/conf.py @@ -26,15 +26,94 @@ def __repr__(self): def install(self): self.env.install_test_conf(self._lines) + def replacetlsstr(self, line): + l = line.replace("TLS_", "") + l = l.replace("\n", " ") + l = l.replace("\\", " ") + l = " ".join(l.split()) + l = l.replace(" ", ":") + l = l.replace("_", "-") + l = l.replace("-WITH", "") + l = l.replace("AES-", "AES") + l = l.replace("POLY1305-SHA256", "POLY1305") + return l + + def replaceinstr(self, line): + if line.startswith("TLSCiphersPrefer"): + # the "TLS_" are changed into "". + l = self.replacetlsstr(line) + l = l.replace("TLSCiphersPrefer:", "SSLCipherSuite ") + elif line.startswith("TLSCiphersSuppress"): + # like SSLCipherSuite but with :! + l = self.replacetlsstr(line) + l = l.replace("TLSCiphersSuppress:", "SSLCipherSuite !") + l = l.replace(":", ":!") + elif line.startswith("TLSCertificate"): + l = line.replace("TLSCertificate", "SSLCertificateFile") + elif line.startswith("TLSProtocol"): + # mod_ssl is different (+ no supported and 0x code have to be translated) + l = line.replace("TLSProtocol", "SSLProtocol") + l = l.replace("+", "") + l = l.replace("default", "all") + l = l.replace("0x0303", "1.3") # need to check 1.2 and 1.1 + elif line.startswith("TLSHonorClientOrder"): + # mod_ssl has SSLHonorCipherOrder on = use server off = use client. + l = line.lower() + if "on" in l: + l = "SSLHonorCipherOrder off" + else: + l = "SSLHonorCipherOrder on" + elif line.startswith("TLSEngine"): + # In fact it should go in the corresponding VirtualHost... Not sure how to do that. + l = "SSLEngine On" + else: + if line != "": + l = line.replace("TLS", "SSL") + else: + l = line + return l + def add(self, line: Any): + # make we transform the TLS to SSL if we are using mod_ssl if isinstance(line, str): + if not HttpdTestEnv.has_shared_module("tls"): + line = self.replaceinstr(line) if self._indents > 0: line = f"{' ' * self._indents}{line}" self._lines.append(line) else: - if self._indents > 0: - line = [f"{' ' * self._indents}{l}" for l in line] - self._lines.extend(line) + if not HttpdTestEnv.has_shared_module("tls"): + new = [] + previous = "" + for l in line: + if previous.startswith("SSLCipherSuite"): + if l.startswith("TLSCiphersPrefer") or l.startswith("TLSCiphersSuppress"): + # we need to merge it + l = self.replaceinstr(l) + l = l.replace("SSLCipherSuite ", ":") + previous = previous + l + continue + else: + if self._indents > 0: + previous = f"{' ' * self._indents}{previous}" + new.append(previous) + previous = "" + l = self.replaceinstr(l) + if l.startswith("SSLCipherSuite"): + previous = l + continue + if self._indents > 0: + l = f"{' ' * self._indents}{l}" + new.append(l) + if previous != "": + if self._indents > 0: + previous = f"{' ' * self._indents}{previous}" + new.append(previous) + self._lines.extend(new) + else: + if self._indents > 0: + line = [f"{' ' * self._indents}{l}" for l in line] + self._lines.extend(line) return self def add_certificate(self, cert_file, key_file, ssl_module=None):