bneradt commented on code in PR #13198:
URL: https://github.com/apache/trafficserver/pull/13198#discussion_r3300913766
##########
tests/gold_tests/autest-site/conditions.test.ext:
##########
@@ -20,6 +20,107 @@ import os
import subprocess
import json
import re
+import tempfile
+import time
+
+from ports import get_port_number
+
+OPENSSL_TLS_FLAGS = {
+ "1.0": "-tls1",
+ "1.1": "-tls1_1",
+ "1.2": "-tls1_2",
+ "1.3": "-tls1_3",
+}
+
+
+def _terminate_process(process):
+ if process.poll() is not None:
+ return
+ process.terminate()
+ try:
+ process.wait(timeout=2)
+ except subprocess.TimeoutExpired:
+ process.kill()
+ process.wait(timeout=2)
+
+
+def _probe_openssl_server(tls_version, client_probe):
+ """Run a local OpenSSL server for TLS capability probes.
+
+ This owns the temporary certificate, port allocation, and server process
+ lifecycle so AuTest conditions can perform a real handshake with the client
+ being checked. Local setup failures return ``False`` so callers can skip
+ dependent tests instead of failing the harness.
+
+ :param tls_version: TLS version string to look up in
+ ``OPENSSL_TLS_FLAGS``.
+ :param client_probe: Callable that receives the server port and TLS flag
+ and returns whether the client completed the expected handshake.
+ :returns: ``True`` if the client probe succeeds against the local server,
+ otherwise ``False``.
+ """
+ tls_flag = OPENSSL_TLS_FLAGS.get(tls_version)
+ if tls_flag is None:
+ return False
+
+ try:
+ with tempfile.TemporaryDirectory() as tmpdir:
+ cert_path = os.path.join(tmpdir, "cert.pem")
+ key_path = os.path.join(tmpdir, "key.pem")
+ result = subprocess.run(
+ [
+ "openssl",
+ "req",
+ "-x509",
+ "-newkey",
+ "rsa:2048",
+ "-nodes",
+ "-sha256",
+ "-keyout",
+ key_path,
+ "-out",
+ cert_path,
+ "-subj",
+ "/CN=localhost",
+ "-days",
+ "1",
+ ],
+ stdout=subprocess.DEVNULL,
+ stderr=subprocess.DEVNULL,
+ timeout=10,
+ )
+ if result.returncode != 0:
+ return False
+
+ port = get_port_number()
+ server = subprocess.Popen(
+ [
+ "openssl",
+ "s_server",
Review Comment:
Done. The OpenSSL probe now owns the port reservation with a with block, so
the port is returned after the server process is cleaned up.
##########
tests/gold_tests/autest-site/conditions.test.ext:
##########
@@ -20,6 +20,107 @@ import os
import subprocess
import json
import re
+import tempfile
+import time
+
+from ports import get_port_number
+
+OPENSSL_TLS_FLAGS = {
+ "1.0": "-tls1",
+ "1.1": "-tls1_1",
+ "1.2": "-tls1_2",
+ "1.3": "-tls1_3",
+}
+
+
+def _terminate_process(process):
+ if process.poll() is not None:
+ return
+ process.terminate()
+ try:
+ process.wait(timeout=2)
+ except subprocess.TimeoutExpired:
+ process.kill()
+ process.wait(timeout=2)
Review Comment:
Done. Process cleanup now treats terminate/kill/wait as best-effort and
catches OSError / TimeoutExpired on both paths.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
