[trafficserver] branch master updated: Fix autest for OpenSSL 3.0 (#9753)

Fri, 30 Jun 2023 19:41:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

bneradt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new e6d2fb1235 Fix autest for OpenSSL 3.0 (#9753)
e6d2fb1235 is described below

commit e6d2fb1235d351de2d8d8ac94757932778857163
Author: midchildan <[email protected]>
AuthorDate: Sat Jul 1 11:41:38 2023 +0900

    Fix autest for OpenSSL 3.0 (#9753)
    
    * Fix forward-non-http autest for OpenSSL 3.0
    
    * Fix tls-verify-override autest for OpenSSL 3.0
    
    * Fix tls_client_versions autest with OpenSSL 3.0
    
    * Update test-nc-s_client.sh
    
    Added an EOF to test-nc-s_client.sh
---
 tests/gold_tests/tls/test-nc-s_client.sh              | 5 +++--
 tests/gold_tests/tls/tls_client_versions.test.py      | 2 +-
 tests/gold_tests/tls/tls_forward_nonhttp.test.py      | 5 ++++-
 tests/gold_tests/tls/tls_verify_override.test.py      | 4 ++--
 tests/gold_tests/tls/tls_verify_override_base.test.py | 2 +-
 5 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/tests/gold_tests/tls/test-nc-s_client.sh 
b/tests/gold_tests/tls/test-nc-s_client.sh
index 4252f4c2b4..f08574e045 100644
--- a/tests/gold_tests/tls/test-nc-s_client.sh
+++ b/tests/gold_tests/tls/test-nc-s_client.sh
@@ -16,11 +16,12 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
+
 # See https://github.com/apache/trafficserver/issues/9880
 ignore_unexpecte_eof=''
 if openssl s_client --help 2>&1 | grep -q ignore_unexpected_eof
 then
   ignore_unexpected_eof='-ignore_unexpected_eof'
 fi
-nc -l -p $1 -c 'echo -e "This is a reply"' -o test.out &
-echo "This is a test" | openssl s_client -servername bar.com -connect 
localhost:$2 -ign_eof ${ignore_unexpected_eof}
+nc -l -p "$1" -c 'echo -e "This is a reply"' -o test.out &
+echo "This is a test" | openssl s_client -servername bar.com -connect 
"localhost:$2" -ign_eof ${ignore_unexpected_eof} "${@:3}"
diff --git a/tests/gold_tests/tls/tls_client_versions.test.py 
b/tests/gold_tests/tls/tls_client_versions.test.py
index 8d19c78669..67b57f82c6 100644
--- a/tests/gold_tests/tls/tls_client_versions.test.py
+++ b/tests/gold_tests/tls/tls_client_versions.test.py
@@ -49,7 +49,7 @@ ts.Disk.ssl_multicert_config.AddLine(
 ts.Disk.records_config.update({
     'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.ssl.server.private_key.path': 
'{0}'.format(ts.Variables.SSLDir),
-    'proxy.config.ssl.server.cipher_suite': 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2',
+    'proxy.config.ssl.server.cipher_suite': 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES256-SHA:DES-CBC3-SHA!SRP:!DSS:!PSK:!aNULL:!eNULL:!SSLv2:@SECLEVEL=0',
     'proxy.config.ssl.client.CA.cert.path': '{0}'.format(ts.Variables.SSLDir),
     'proxy.config.url_remap.pristine_host_hdr': 1,
     'proxy.config.ssl.TLSv1': 0,
diff --git a/tests/gold_tests/tls/tls_forward_nonhttp.test.py 
b/tests/gold_tests/tls/tls_forward_nonhttp.test.py
index dd5304c4c4..43d781cdb9 100644
--- a/tests/gold_tests/tls/tls_forward_nonhttp.test.py
+++ b/tests/gold_tests/tls/tls_forward_nonhttp.test.py
@@ -64,7 +64,10 @@ ts.Disk.sni_yaml.AddLines([
 
 tr = Test.AddTestRun("forward-non-http")
 tr.Setup.Copy("test-nc-s_client.sh")
-tr.Processes.Default.Command = "sh test-nc-s_client.sh {1} 
{0}".format(ts.Variables.ssl_port, ts.Variables.s_client_port)
+cmd_args = ["sh", "test-nc-s_client.sh", str(ts.Variables.s_client_port), 
str(ts.Variables.ssl_port)]
+if Condition.HasOpenSSLVersion("3.0.0"):
+    cmd_args += ["-ignore_unexpected_eof"]
+tr.Processes.Default.Command = " ".join(cmd_args)
 tr.ReturnCode = 0
 tr.Processes.Default.StartBefore(nameserver)
 tr.Processes.Default.StartBefore(Test.Processes.ts)
diff --git a/tests/gold_tests/tls/tls_verify_override.test.py 
b/tests/gold_tests/tls/tls_verify_override.test.py
index 7989d3055c..1d216e6b02 100644
--- a/tests/gold_tests/tls/tls_verify_override.test.py
+++ b/tests/gold_tests/tls/tls_verify_override.test.py
@@ -73,7 +73,7 @@ ts.Disk.remap_config.AddLine(
     'map http://bar.com/overridesignature https://bar.com:{0} 
@plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.properties=SIGNATURE 
@plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.policy=ENFORCED'.format(
         server_foo.Variables.SSL_Port))
 ts.Disk.remap_config.AddLine(
-    'map http://bar.com/overridenone https://bar.com:{0} @plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.properties=NONE 
@plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.policy=ENFORCED"'.format(
+    'map http://bar.com/overridenone https://bar.com:{0} @plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.properties=NONE 
@plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.policy=ENFORCED'.format(
         server_foo.Variables.SSL_Port))
 ts.Disk.remap_config.AddLine(
     'map http://bar.com/overrideenforced https://bar.com:{0} 
@plugin=conf_remap.so 
@pparam=proxy.config.ssl.client.verify.server.policy=ENFORCED'.format(
@@ -252,7 +252,7 @@ tr.Processes.Default.Streams.stdout = 
Testers.ExcludesExpression("Could not conn
 
 # checks on random.com should fail with message only
 ts.Disk.diags_log.Content = Testers.ContainsExpression(
-    r"WARNING: Core server certificate verification failed for \(random.com\). 
Action=Continue Error=self signed certificate server=random.com\(127.0.0.1\) 
depth=0",
+    r"WARNING: Core server certificate verification failed for \(random.com\). 
Action=Continue Error=self.signed certificate server=random.com\(127.0.0.1\) 
depth=0",
     "Warning for self signed certificate")
 # permissive failure for bar.com
 ts.Disk.diags_log.Content += Testers.ContainsExpression(
diff --git a/tests/gold_tests/tls/tls_verify_override_base.test.py 
b/tests/gold_tests/tls/tls_verify_override_base.test.py
index 4063898bde..0f97467871 100644
--- a/tests/gold_tests/tls/tls_verify_override_base.test.py
+++ b/tests/gold_tests/tls/tls_verify_override_base.test.py
@@ -241,7 +241,7 @@ tr.Processes.Default.Streams.stdout = 
Testers.ExcludesExpression("Could not conn
 
 # checks on random.com should fail with message only
 ts.Disk.diags_log.Content = Testers.ContainsExpression(
-    r"WARNING: Core server certificate verification failed for \(random.com\). 
Action=Continue Error=self signed certificate server=127.0.0.1\(127.0.0.1\) 
depth=0",
+    r"WARNING: Core server certificate verification failed for \(random.com\). 
Action=Continue Error=self.signed certificate server=127.0.0.1\(127.0.0.1\) 
depth=0",
     "Warning for self signed certificate")
 # permissive failure for bar.com
 ts.Disk.diags_log.Content += Testers.ContainsExpression(

Reply via email to