This is an automated email from the ASF dual-hosted git repository.
masaori pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new 76aef19234 [9.2.x] Backport AuTest fixes for Fedora 40 (#11938)
76aef19234 is described below
commit 76aef19234b04560d0e42a3914b74b6b292797c6
Author: Masaori Koshiba <[email protected]>
AuthorDate: Tue Jan 7 07:55:11 2025 +0900
[9.2.x] Backport AuTest fixes for Fedora 40 (#11938)
* Fedora 40: update autest output expectations (#11290)
The fedora:40 gzip version compresses to a different size. This impacts
the compress.test.py autest. I verified that the compressed content can
be expanded correctly by previous versions of gzip going back to
CentOS:7.
The fedora:40 openssl library prints the common name (CN) without spaces
around CN. This updates test output expectations accordingly.
(cherry picked from commit da7d79a9461f7aa64c0fba8e3328ca1118d3482a)
Conflicts:
tests/gold_tests/pluginTest/certifier/certifier.test.py
tests/gold_tests/tls/tls_check_dual_cert_selection_plugin.test.py
* Fedora 40: autest output updates for new curl and openssl (#11296)
After landing this patch, all autests should now work with fedora:40.
* http2.test.py: normalize curl output for "bytes data"
* tls_verify_override_base.test.py: --resolv -> --resolve
Somehow older versions of curl perimissively let the user accidentally
pass `--resolv` instead of `--resolve`. 8.7.1 seems more picky. This
fixes all references to `--resolv` to `--resolve` in the autests.
* tls_0rtt_server.test.py: new openssl s_client output
openssl s_client 3.2 has slightly different output that the
tls_0rtt_server.test.py test needs to be updated to handle. This adds
logic to handle that new output.
(cherry picked from commit 5d01b8c858ba531d90c216eed5778d87c9018ca8)
Conflicts:
tests/gold_tests/h2/http2.test.py
* Fix verify cert store APIs detection
* Run traffic_manager in ssl_key_dialog test for traffic_ctl
---------
Co-authored-by: Brian Neradt <[email protected]>
---
build/crypto.m4 | 2 +-
include/tscore/ink_config.h.in | 1 -
tests/gold_tests/h2/gold/http2_8_stderr.gold | 18 ----------------
tests/gold_tests/h2/gold/http2_8_stdout.gold | 19 ++++++++++++++++-
tests/gold_tests/h2/http2.test.py | 8 +++++---
tests/gold_tests/pluginTest/compress/compress.gold | 24 +++++++++++-----------
tests/gold_tests/tls/h2_early_decode.py | 4 +++-
tests/gold_tests/tls/ssl_key_dialog.test.py | 2 +-
tests/gold_tests/tls/test-0rtt-s_client.py | 3 ++-
.../tls/tls_check_dual_cert_selection.test.py | 8 ++++----
.../tls/tls_check_dual_cert_selection2.test.py | 12 +++++------
.../tls/tls_verify_override_base.test.py | 4 ++--
12 files changed, 54 insertions(+), 51 deletions(-)
diff --git a/build/crypto.m4 b/build/crypto.m4
index ff176cb0f5..1d52db4adf 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -456,7 +456,7 @@ AC_DEFUN([TS_CHECK_BIO_GET_EX_NEW_INDEX], [
TS_ADDTO(LIBS, [$OPENSSL_LIBS])
bio_get_ex_new_index_check=no
- has_verify_cert_store=0
+ have_bio_get_ex_new_index=0
AC_MSG_CHECKING([for BIO_get_ex_new_index macro])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
diff --git a/include/tscore/ink_config.h.in b/include/tscore/ink_config.h.in
index 125d894b6f..b49e9c040c 100644
--- a/include/tscore/ink_config.h.in
+++ b/include/tscore/ink_config.h.in
@@ -83,7 +83,6 @@
#define TS_HAS_TLS_EARLY_DATA @has_tls_early_data@
#define TS_HAS_TLS_SESSION_TICKET @has_tls_session_ticket@
#define TS_HAS_VERIFY_CERT_STORE @has_verify_cert_store@
-#define TS_HAS_VERIFY_CERT_STORE @has_verify_cert_store@
#define HAVE_BIO_GET_EX_NEW_INDEX @have_bio_get_ex_new_index@
#define TS_USE_HRW_GEOIP @use_hrw_geoip@
diff --git a/tests/gold_tests/h2/gold/http2_8_stderr.gold
b/tests/gold_tests/h2/gold/http2_8_stderr.gold
deleted file mode 100644
index f5d57eb4c5..0000000000
--- a/tests/gold_tests/h2/gold/http2_8_stderr.gold
+++ /dev/null
@@ -1,18 +0,0 @@
-``
-> GET /huge_resp_hdrs HTTP/2
-> Host: ``
-> User-Agent: curl/``
-> Accept: */*
-``
-< HTTP/2 200 ``
-< server: ATS/``
-< content-length: 6
-< date: ``
-< age: ``
-< x-huge-0:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-< x-huge-1:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-< x-huge-2:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-< x-huge-3:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-< x-huge-4:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-< x-huge-5:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
-``
diff --git a/tests/gold_tests/h2/gold/http2_8_stdout.gold
b/tests/gold_tests/h2/gold/http2_8_stdout.gold
index fb1fe7d2ce..f5d57eb4c5 100644
--- a/tests/gold_tests/h2/gold/http2_8_stdout.gold
+++ b/tests/gold_tests/h2/gold/http2_8_stdout.gold
@@ -1 +1,18 @@
-200 OK``
+``
+> GET /huge_resp_hdrs HTTP/2
+> Host: ``
+> User-Agent: curl/``
+> Accept: */*
+``
+< HTTP/2 200 ``
+< server: ATS/``
+< content-length: 6
+< date: ``
+< age: ``
+< x-huge-0:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+< x-huge-1:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+< x-huge-2:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+< x-huge-3:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+< x-huge-4:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+< x-huge-5:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789ab
[...]
+``
diff --git a/tests/gold_tests/h2/http2.test.py
b/tests/gold_tests/h2/http2.test.py
index 9283ab37ac..e5f6f7c044 100644
--- a/tests/gold_tests/h2/http2.test.py
+++ b/tests/gold_tests/h2/http2.test.py
@@ -220,11 +220,13 @@ tr.StillRunningAfter = server
# Test Case 8: Huge response header
tr = Test.AddTestRun()
-tr.Processes.Default.Command = 'curl -vs -k --http2
https://127.0.0.1:{0}/huge_resp_hdrs'.format(ts.Variables.ssl_port)
+# Different versions of curl have "bytes data" at various places in the output.
+# Normalize them by simply filtering out those lines since they are not
+# important to this test.
+tr.Processes.Default.Command = f'curl -vs -k --http2
https://127.0.0.1:{ts.Variables.ssl_port}/huge_resp_hdrs |& grep -v "bytes
data"'
tr.Processes.Default.ReturnCode = 0
-tr.Processes.Default.Streams.stdout = "gold/http2_8_stdout.gold"
# Different versions of curl will have different cases for HTTP/2 field names.
-tr.Processes.Default.Streams.stderr =
Testers.GoldFile("gold/http2_8_stderr.gold", case_insensitive=True)
+tr.Processes.Default.Streams.stdout =
Testers.GoldFile("gold/http2_8_stdout.gold", case_insensitive=True)
tr.StillRunningAfter = server
# Test Case 9: Header Only Response - e.g. 204
diff --git a/tests/gold_tests/pluginTest/compress/compress.gold
b/tests/gold_tests/pluginTest/compress/compress.gold
index fc4444bcb5..6ea1a62eee 100644
--- a/tests/gold_tests/pluginTest/compress/compress.gold
+++ b/tests/gold_tests/pluginTest/compress/compress.gold
@@ -14,7 +14,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/br
@@ -39,7 +39,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-1/obj1 HTTP/1.1
> X-Ats-Compress-Test: 1/gzip
@@ -48,7 +48,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-1/obj1 HTTP/1.1
> X-Ats-Compress-Test: 1/br
@@ -80,7 +80,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-2/obj2 HTTP/1.1
> X-Ats-Compress-Test: 2/br
@@ -105,7 +105,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/gzip;q=0.666x
@@ -114,7 +114,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/gzip;q=#0.666
@@ -123,7 +123,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/gzip; Q = 0.666
@@ -132,7 +132,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/gzip;q=0.0
@@ -148,7 +148,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/aaa, gzip;q=0.666, bbb
@@ -157,7 +157,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> GET http://ae-0/obj0 HTTP/1.1
> X-Ats-Compress-Test: 0/ br ; q=0.666, bbb
@@ -175,7 +175,7 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
> POST http://ae-3/obj3 HTTP/1.1
> X-Ats-Compress-Test: 3/gzip
@@ -184,5 +184,5 @@
< Content-Type: text/javascript
< Content-Encoding: gzip
< Vary: Accept-Encoding
-< Content-Length: 71
+< Content-Length: 7``
===
diff --git a/tests/gold_tests/tls/h2_early_decode.py
b/tests/gold_tests/tls/h2_early_decode.py
index 2035e2842b..9247dd2a34 100755
--- a/tests/gold_tests/tls/h2_early_decode.py
+++ b/tests/gold_tests/tls/h2_early_decode.py
@@ -213,7 +213,9 @@ class Decoder:
def decode(self, data):
temp_data = data
frames = []
- while len(temp_data) >= 9:
+ loop_limiter_count = 0
+ while len(temp_data) >= 9 and loop_limiter_count < 1000:
+ loop_limiter_count += 1
frame_header = temp_data[0:9]
frame = self.read_frame_header(frame_header)
if frame.length > len(temp_data[9:]):
diff --git a/tests/gold_tests/tls/ssl_key_dialog.test.py
b/tests/gold_tests/tls/ssl_key_dialog.test.py
index 70bb365c70..24c813eb80 100644
--- a/tests/gold_tests/tls/ssl_key_dialog.test.py
+++ b/tests/gold_tests/tls/ssl_key_dialog.test.py
@@ -20,7 +20,7 @@ Test.Summary = '''
Test that Trafficserver starts with default configurations.
'''
-ts = Test.MakeATSProcess("ts", enable_tls=True)
+ts = Test.MakeATSProcess("ts", command="traffic_manager", enable_tls=True)
server = Test.MakeOriginServer("server")
ts.addSSLfile("ssl/passphrase.pem")
diff --git a/tests/gold_tests/tls/test-0rtt-s_client.py
b/tests/gold_tests/tls/test-0rtt-s_client.py
index 3c971a542c..7a9d8505ef 100644
--- a/tests/gold_tests/tls/test-0rtt-s_client.py
+++ b/tests/gold_tests/tls/test-0rtt-s_client.py
@@ -58,7 +58,8 @@ def main():
data = b''
for line in lines:
line += b'\n'
- if line.startswith(bytes('SSL_connect:', 'utf-8')) or \
+ if line.startswith(bytes('Connecting to', 'utf-8')) or \
+ line.startswith(bytes('SSL_connect:', 'utf-8')) or \
line.startswith(bytes('SSL3 alert', 'utf-8')) or \
bytes('Can\'t use SSL_get_servername', 'utf-8') in line:
continue
diff --git a/tests/gold_tests/tls/tls_check_dual_cert_selection.test.py
b/tests/gold_tests/tls/tls_check_dual_cert_selection.test.py
index 2a5592b524..f6853342c8 100644
--- a/tests/gold_tests/tls/tls_check_dual_cert_selection.test.py
+++ b/tests/gold_tests/tls/tls_check_dual_cert_selection.test.py
@@ -124,7 +124,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_ec_string,
"Should select EC cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a RSA cert
tr = Test.AddTestRun("Only offer RSA ciphers, should receive RSA cert")
@@ -134,7 +134,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_rsa_string,
"Should select RSA cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a RSA cert
tr = Test.AddTestRun("rsa.com only in rsa cert")
@@ -144,7 +144,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_rsa_string,
"Should select RSA cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a EC cert
tr = Test.AddTestRun("ec.com only in ec cert")
@@ -154,4 +154,4 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_ec_string,
"Should select EC cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
diff --git a/tests/gold_tests/tls/tls_check_dual_cert_selection2.test.py
b/tests/gold_tests/tls/tls_check_dual_cert_selection2.test.py
index c6d771af36..4e984533af 100644
--- a/tests/gold_tests/tls/tls_check_dual_cert_selection2.test.py
+++ b/tests/gold_tests/tls/tls_check_dual_cert_selection2.test.py
@@ -135,7 +135,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_ec_string,
"Should select EC cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a RSA cert
tr = Test.AddTestRun("Only offer RSA ciphers, should receive RSA cert")
@@ -145,7 +145,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_rsa_string,
"Should select RSA cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a RSA cert
tr = Test.AddTestRun("rsa.com only in rsa cert")
@@ -155,7 +155,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_rsa_string,
"Should select RSA cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a EC cert
tr = Test.AddTestRun("ec.com only in ec cert")
@@ -165,7 +165,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All += Testers.ContainsExpression(san_ec_string,
"Should select EC cert", reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
group.com", "Should select a group SAN")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?group.com", "Should select a group SAN")
# Should receive a EC cert
tr = Test.AddTestRun("Default for combined.com should return EC cert")
@@ -175,7 +175,7 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All +=
Testers.ContainsExpression(combo_ec_string, "Should select EC cert",
reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
combined.com", "Should select combined pem")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?combined.com", "Should select combined pem")
# Should receive a RSA cert
tr = Test.AddTestRun("Only offer RSA ciphers, should receive RSA cert")
@@ -185,4 +185,4 @@ tr.ReturnCode = 0
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
tr.Processes.Default.Streams.All +=
Testers.ContainsExpression(combo_rsa_string, "Should select RSA cert",
reflags=re.S | re.M)
-tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN =
combined.com", "Should select combined pem")
+tr.Processes.Default.Streams.All += Testers.ContainsExpression("CN ?=
?combined.com", "Should select combined pem")
diff --git a/tests/gold_tests/tls/tls_verify_override_base.test.py
b/tests/gold_tests/tls/tls_verify_override_base.test.py
index e83974884a..a0b027df69 100644
--- a/tests/gold_tests/tls/tls_verify_override_base.test.py
+++ b/tests/gold_tests/tls/tls_verify_override_base.test.py
@@ -204,7 +204,7 @@ tr.Processes.Default.Streams.stdout =
Testers.ContainsExpression("Could not conn
# Should fail
tr = Test.AddTestRun("foo-to-bar-sni-policy-servername")
-tr.Processes.Default.Command = "curl -k --resolv foo.com:{0}:127.0.0.1
https://foo.com:{0}/snipolicybarservername".format(
+tr.Processes.Default.Command = "curl -k --resolve foo.com:{0}:127.0.0.1
https://foo.com:{0}/snipolicybarservername".format(
ts.Variables.ssl_port)
tr.ReturnCode = 0
tr.StillRunningAfter = server
@@ -229,7 +229,7 @@ tr.Processes.Default.Streams.stdout =
Testers.ExcludesExpression("Could not conn
# Should succeed
tr = Test.AddTestRun("bar-to-foo-sni-policy-servername")
-tr.Processes.Default.Command = "curl -k --resolv bar.com:{0}:127.0.0.1
https://bar.com:{0}/snipolicyfooservername".format(
+tr.Processes.Default.Command = "curl -k --resolve bar.com:{0}:127.0.0.1
https://bar.com:{0}/snipolicyfooservername".format(
ts.Variables.ssl_port)
tr.ReturnCode = 0
tr.StillRunningAfter = server
