Skip to content

Commit

Permalink
tests: add test_17_09_ssl_min_max
Browse files Browse the repository at this point in the history 
Test setting all combinations of --tlsv1.x and --tls-max.
  • Loading branch information
@jan2000
jan2000 committed Aug 18, 2024
1 parent a05de4c commit 9bbf1d4
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions tests/http/test_17_ssl_use.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,3 +258,35 @@ def test_17_08_cert_status(self, env: Env, httpd, nghttpx, repeat, proto):
])
# CURLE_SSL_INVALIDCERTSTATUS, our certs have no OCSP info
assert r.exit_code == 91, f'{r}'

@pytest.mark.parametrize("server_ver", ['TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'])
def test_17_09_ssl_min_max(self, env: Env, httpd, nghttpx, server_ver):
httpd.set_extra_config('base', [
f'SSLProtocol {server_ver}'
])
httpd.reload()
proto = 'http/1.1'
curl = CurlClient(env=env)
url = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo'
if env.curl_uses_lib('bearssl') or env.curl_uses_lib('sectransp'):
supported = ['TLSv1', 'TLSv1.1', 'TLSv1.2', None]
elif env.curl_uses_lib('mbedtls') and not env.curl_lib_version_at_least('mbedtls', '3.6.0'):
supported = ['TLSv1.2', 'TLSv1.2', 'TLSv1.2', None] # tls-max is minimal 1.2
elif env.curl_uses_lib('rustls') or env.curl_uses_lib('mbedtls'):
supported = ['TLSv1.2', 'TLSv1.2', 'TLSv1.2', 'TLSv1.3'] # tls-max is minimal 1.2
else:
supported = ['TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3']
for max_ver in range(0, 5):
for min_ver in range(-2, 4):
extra_args = []
if min_ver >= -1:
extra_args += [['--tlsv1', '--tlsv1.0', '--tlsv1.1', '--tlsv1.2', '--tlsv1.3'][min_ver + 1]]
if max_ver < 4:
extra_args += ['--tls-max', ['1.0', '1.1', '1.2', '1.3'][max_ver]]
r = curl.http_get(url=url, alpn_proto=proto, extra_args=extra_args)
if max_ver >= min_ver and server_ver in supported[max(0, min_ver):min(max_ver, 3)+1]:
assert r.exit_code == 0 , f'{r}'
assert r.json['HTTPS'] == 'on', f'{r}'
assert r.json['SSL_PROTOCOL'] == server_ver, f'{r}'
else:
assert r.exit_code != 0, f'{r}'

0 comments on commit 9bbf1d4

Please sign in to comment.