summaryrefslogtreecommitdiffstats
path: root/test/modules/tls/test_02_conf.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/modules/tls/test_02_conf.py')
-rw-r--r--test/modules/tls/test_02_conf.py138
1 files changed, 138 insertions, 0 deletions
diff --git a/test/modules/tls/test_02_conf.py b/test/modules/tls/test_02_conf.py
new file mode 100644
index 0000000..4d6aa60
--- /dev/null
+++ b/test/modules/tls/test_02_conf.py
@@ -0,0 +1,138 @@
+import os
+from datetime import timedelta
+
+import pytest
+
+from .conf import TlsTestConf
+
+
+class TestConf:
+
+ @pytest.fixture(autouse=True, scope='class')
+ def _class_scope(self, env):
+ TlsTestConf(env=env).install()
+ assert env.apache_restart() == 0
+
+ @pytest.fixture(autouse=True, scope='function')
+ def _function_scope(self, env):
+ if env.is_live(timeout=timedelta(milliseconds=100)):
+ assert env.apache_stop() == 0
+
+ def test_tls_02_conf_cert_args_missing(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCertificate")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ def test_tls_02_conf_cert_single_arg(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCertificate cert.pem")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ def test_tls_02_conf_cert_file_missing(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCertificate cert.pem key.pem")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ def test_tls_02_conf_cert_file_exist(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCertificate test-02-cert.pem test-02-key.pem")
+ conf.install()
+ for name in ["test-02-cert.pem", "test-02-key.pem"]:
+ with open(os.path.join(env.server_dir, name), "w") as fd:
+ fd.write("")
+ assert env.apache_fail() == 0
+
+ def test_tls_02_conf_cert_listen_missing(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSEngine")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ def test_tls_02_conf_cert_listen_wrong(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSEngine ^^^^^")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ @pytest.mark.parametrize("listen", [
+ "443",
+ "129.168.178.188:443",
+ "[::]:443",
+ ])
+ def test_tls_02_conf_cert_listen_valid(self, env, listen: str):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSEngine {listen}".format(listen=listen))
+ conf.install()
+ assert env.apache_restart() == 0
+
+ def test_tls_02_conf_cert_listen_cert(self, env):
+ domain = env.domain_a
+ conf = TlsTestConf(env=env)
+ conf.add_tls_vhosts(domains=[domain])
+ conf.install()
+ assert env.apache_restart() == 0
+
+ def test_tls_02_conf_proto_wrong(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSProtocol wrong")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ @pytest.mark.parametrize("proto", [
+ "default",
+ "TLSv1.2+",
+ "TLSv1.3+",
+ "TLSv0x0303+",
+ ])
+ def test_tls_02_conf_proto_valid(self, env, proto):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSProtocol {proto}".format(proto=proto))
+ conf.install()
+ assert env.apache_restart() == 0
+
+ def test_tls_02_conf_honor_wrong(self, env):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSHonorClientOrder wrong")
+ conf.install()
+ assert env.apache_fail() == 0
+
+ @pytest.mark.parametrize("honor", [
+ "on",
+ "OfF",
+ ])
+ def test_tls_02_conf_honor_valid(self, env, honor: str):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSHonorClientOrder {honor}".format(honor=honor))
+ conf.install()
+ assert env.apache_restart() == 0
+
+ @pytest.mark.parametrize("cipher", [
+ "default",
+ "TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:"
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:"
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+ """TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \\
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\\
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"""
+ ])
+ def test_tls_02_conf_cipher_valid(self, env, cipher):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCiphersPrefer {cipher}".format(cipher=cipher))
+ conf.install()
+ assert env.apache_restart() == 0
+
+ @pytest.mark.parametrize("cipher", [
+ "wrong",
+ "YOLO",
+ "TLS_NULL_WITH_NULL_NULLX", # not supported
+ "TLS_DHE_RSA_WITH_AES128_GCM_SHA256", # not supported
+ ])
+ def test_tls_02_conf_cipher_wrong(self, env, cipher):
+ conf = TlsTestConf(env=env)
+ conf.add("TLSCiphersPrefer {cipher}".format(cipher=cipher))
+ conf.install()
+ assert env.apache_fail() == 0