bneradt commented on code in PR #13198:
URL: https://github.com/apache/trafficserver/pull/13198#discussion_r3293720726
##########
tests/gold_tests/autest-site/conditions.test.ext:
##########
@@ -74,31 +163,32 @@ def HasLegacyTLSSupport(self):
"""
def check_tls1_support():
- try:
- # Connect to localhost on a port nothing is listening on.
- # This avoids external network dependency while still detecting
- # whether the crypto-policy allows TLSv1.0.
- result = subprocess.run(
- ['openssl', 's_client', '-tls1', '-connect', '127.0.0.1:1'],
- capture_output=True,
- text=True,
- timeout=5,
- input='' # Don't wait for interactive input
- )
- output = result.stdout + result.stderr
- # "no protocols available" means TLSv1 is disabled by crypto-policy
- if 'no protocols available' in output:
+
+ def client_probe(port, tls_flag):
Review Comment:
Done. I updated the docstring to describe the current behavior: the
condition now starts a local OpenSSL server and performs a real TLSv1.0 client
handshake, rather than inferring support from closed-port client output.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
