#!/usr/bin/env python3 # -*- coding: utf-8 -*- #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | # / __| | | | |_) | | # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # # Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at https://curl.se/docs/copyright.html. # # You may opt to use, copy, modify, merge, publish, distribute and/or sell # copies of the Software, and permit persons to whom the Software is # furnished to do so, under the terms of the COPYING file. # # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # # SPDX-License-Identifier: curl # ########################################################################### # import difflib import filecmp import json import logging import os from datetime import timedelta import pytest from testenv import Env, CurlClient, LocalClient, ExecResult log = logging.getLogger(__name__) class TestSSLUse: @pytest.fixture(autouse=True, scope='class') def _class_scope(self, env, httpd, nghttpx): if env.have_h3(): nghttpx.start_if_needed() httpd.clear_extra_configs() httpd.reload() def test_17_01_sslinfo_plain(self, env: Env, httpd, nghttpx, repeat): proto = 'http/1.1' curl = CurlClient(env=env) url = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo' r = curl.http_get(url=url, alpn_proto=proto) assert r.json['HTTPS'] == 'on', f'{r.json}' assert 'SSL_SESSION_ID' in r.json, f'{r.json}' assert 'SSL_SESSION_RESUMED' in r.json, f'{r.json}' assert r.json['SSL_SESSION_RESUMED'] == 'Initial', f'{r.json}' @pytest.mark.parametrize("tls_max", ['1.2', '1.3']) def test_17_02_sslinfo_reconnect(self, env: Env, httpd, nghttpx, tls_max, repeat): proto = 'http/1.1' count = 3 exp_resumed = 'Resumed' xargs = ['--sessionid', '--tls-max', tls_max, f'--tlsv{tls_max}'] if env.curl_uses_lib('gnutls'): if tls_max == '1.3': exp_resumed = 'Initial' # 1.2 works in gnutls, but 1.3 does not, TODO if env.curl_uses_lib('libressl'): if tls_max == '1.3': exp_resumed = 'Initial' # 1.2 works in libressl, but 1.3 does not, TODO if env.curl_uses_lib('wolfssl'): xargs = ['--sessionid', f'--tlsv{tls_max}'] if tls_max == '1.3': exp_resumed = 'Initial' # 1.2 works in wolfssl, but 1.3 does not, TODO if env.curl_uses_lib('rustls-ffi'): exp_resumed = 'Initial' # rustls does not support sessions, TODO if env.curl_uses_lib('bearssl') and tls_max == '1.3': pytest.skip('BearSSL does not support TLSv1.3') if env.curl_uses_lib('mbedtls') and tls_max == '1.3': pytest.skip('mbedtls does not support TLSv1.3') curl = CurlClient(env=env) # tell the server to close the connection after each request urln = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo?'\ f'id=[0-{count-1}]&close' r = curl.http_download(urls=[urln], alpn_proto=proto, with_stats=True, extra_args=xargs) r.check_response(count=count, http_status=200) # should have used one connection for each request, sessions after # first should have been resumed assert r.total_connects == count, r.dump_logs() for i in range(count): dfile = curl.download_file(i) assert os.path.exists(dfile) with open(dfile) as f: djson = json.load(f) assert djson['HTTPS'] == 'on', f'{i}: {djson}' if i == 0: assert djson['SSL_SESSION_RESUMED'] == 'Initial', f'{i}: {djson}' else: assert djson['SSL_SESSION_RESUMED'] == exp_resumed, f'{i}: {djson}'