|
|
49b7d4 |
From 9736af2af69bd7fc924bb30a4849f55bd6d497cf Mon Sep 17 00:00:00 2001
|
|
|
49b7d4 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
49b7d4 |
Date: Mon, 23 May 2016 18:34:36 -0400
|
|
|
49b7d4 |
Subject: [PATCH] Disable SNI and proxy tests, AES128 cipher test
|
|
|
49b7d4 |
|
|
|
49b7d4 |
The SNI tests rely on a tweaked /etc/hosts that points multiple
|
|
|
49b7d4 |
hostnames to one.
|
|
|
49b7d4 |
|
|
|
49b7d4 |
The proxy test requires Internet access
|
|
|
49b7d4 |
|
|
|
49b7d4 |
The python client isn't returning the re-negotiated cipher
|
|
|
49b7d4 |
which causes the AES128 to report a failure. Drop the test.
|
|
|
49b7d4 |
---
|
|
|
49b7d4 |
test/suite1.tmpl | 6 ------
|
|
|
49b7d4 |
test/test.py | 28 ----------------------------
|
|
|
49b7d4 |
2 files changed, 34 deletions(-)
|
|
|
49b7d4 |
|
|
|
49b7d4 |
diff --git a/test/suite1.tmpl b/test/suite1.tmpl
|
|
|
49b7d4 |
index 2c09a89..291e173 100644
|
|
|
49b7d4 |
--- a/test/suite1.tmpl
|
|
|
49b7d4 |
+++ b/test/suite1.tmpl
|
|
|
49b7d4 |
@@ -45,12 +45,6 @@ CoreDumpDirectory $SERVER_ROOT
|
|
|
49b7d4 |
NSSCipherSuite RC4-SHA
|
|
|
49b7d4 |
</Location>
|
|
|
49b7d4 |
|
|
|
49b7d4 |
- <Location "/openssl_aes_cipher">
|
|
|
49b7d4 |
- # In openssl equivalent of AES:-ECDH:-ADH:-PSK:-DH
|
|
|
49b7d4 |
- # In NSS equivalent of AES:-ECDH
|
|
|
49b7d4 |
- NSSCipherSuite AES+RSA
|
|
|
49b7d4 |
- </Location>
|
|
|
49b7d4 |
-
|
|
|
49b7d4 |
<Location "/dhe_cipher">
|
|
|
49b7d4 |
NSSCipherSuite +dhe_rsa_aes_128_sha
|
|
|
49b7d4 |
</Location>
|
|
|
49b7d4 |
diff --git a/test/test.py b/test/test.py
|
|
|
49b7d4 |
index 866e388..4fdb59a 100644
|
|
|
49b7d4 |
--- a/test/test.py
|
|
|
49b7d4 |
+++ b/test/test.py
|
|
|
49b7d4 |
@@ -60,13 +60,6 @@ class test_suite1(Declarative):
|
|
|
49b7d4 |
),
|
|
|
49b7d4 |
|
|
|
49b7d4 |
dict(
|
|
|
49b7d4 |
- desc='SSL AES128-SHA cipher check',
|
|
|
49b7d4 |
- request=('/index.html', {}),
|
|
|
49b7d4 |
- expected=200,
|
|
|
49b7d4 |
- cipher='AES128-SHA',
|
|
|
49b7d4 |
- ),
|
|
|
49b7d4 |
-
|
|
|
49b7d4 |
- dict(
|
|
|
49b7d4 |
desc='Default protocol check',
|
|
|
49b7d4 |
request=('/', {}),
|
|
|
49b7d4 |
expected=200,
|
|
|
49b7d4 |
@@ -271,27 +264,6 @@ class test_suite1(Declarative):
|
|
|
49b7d4 |
expected=requests.exceptions.SSLError(),
|
|
|
49b7d4 |
),
|
|
|
49b7d4 |
|
|
|
49b7d4 |
- dict(
|
|
|
49b7d4 |
- desc='Basic reverse proxy request',
|
|
|
49b7d4 |
- request=('/google/', {}),
|
|
|
49b7d4 |
- expected=200,
|
|
|
49b7d4 |
- ),
|
|
|
49b7d4 |
-
|
|
|
49b7d4 |
- dict(
|
|
|
49b7d4 |
- desc='SNI request when SNI is disabled',
|
|
|
49b7d4 |
- request=('/index.html',
|
|
|
49b7d4 |
- {'host': 'www1.example.com', 'port': 8000}
|
|
|
49b7d4 |
- ),
|
|
|
49b7d4 |
- expected=requests.exceptions.SSLError(),
|
|
|
49b7d4 |
- expected_str='doesn\'t match',
|
|
|
49b7d4 |
- ),
|
|
|
49b7d4 |
-
|
|
|
49b7d4 |
- dict(
|
|
|
49b7d4 |
- desc='Reverse proxy request when SNI is disabled',
|
|
|
49b7d4 |
- request=('/proxy/index.html', {}),
|
|
|
49b7d4 |
- expected=400,
|
|
|
49b7d4 |
- ),
|
|
|
49b7d4 |
-
|
|
|
49b7d4 |
]
|
|
|
49b7d4 |
|
|
|
49b7d4 |
if ENABLE_SERVER_DHE:
|
|
|
49b7d4 |
--
|
|
|
49b7d4 |
2.5.5
|
|
|
49b7d4 |
|