diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:01:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:01:30 +0000 |
commit | 6beeb1b708550be0d4a53b272283e17e5e35fe17 (patch) | |
tree | 1ce8673d4aaa948e5554000101f46536a1e4cc29 /test/modules/md/test_800_must_staple.py | |
parent | Initial commit. (diff) | |
download | apache2-upstream/2.4.57.tar.xz apache2-upstream/2.4.57.zip |
Adding upstream version 2.4.57.upstream/2.4.57
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/modules/md/test_800_must_staple.py')
-rw-r--r-- | test/modules/md/test_800_must_staple.py | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/test/modules/md/test_800_must_staple.py b/test/modules/md/test_800_must_staple.py new file mode 100644 index 0000000..32edee3 --- /dev/null +++ b/test/modules/md/test_800_must_staple.py @@ -0,0 +1,84 @@ +# test mod_md must-staple support +import pytest + +from .md_conf import MDConf +from .md_cert_util import MDCertUtil +from .md_env import MDTestEnv + + +@pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(), + reason="no ACME test server configured") +class TestMustStaple: + domain = None + + @pytest.fixture(autouse=True, scope='class') + def _class_scope(self, env, acme): + acme.start(config='default') + env.check_acme() + env.clear_store() + MDConf(env).install() + assert env.apache_restart() == 0 + + @pytest.fixture(autouse=True, scope='function') + def _method_scope(self, env, request): + self.domain = env.get_class_domain(self.__class__) + + def configure_httpd(self, env, domain, add_lines=""): + conf = MDConf(env, admin="admin@" + domain) + conf.add(add_lines) + conf.add_md([domain]) + conf.add_vhost(domain) + conf.install() + + # MD with default, e.g. not staple + def test_md_800_001(self, env): + self.configure_httpd(env, self.domain) + assert env.apache_restart() == 0 + assert env.await_completion([self.domain]) + env.check_md_complete(self.domain) + cert1 = MDCertUtil(env.store_domain_file(self.domain, 'pubcert.pem')) + assert not cert1.get_must_staple() + + # MD that should explicitly not staple + def test_md_800_002(self, env): + self.configure_httpd(env, self.domain, "MDMustStaple off") + assert env.apache_restart() == 0 + env.check_md_complete(self.domain) + cert1 = MDCertUtil(env.store_domain_file(self.domain, 'pubcert.pem')) + assert not cert1.get_must_staple() + stat = env.get_ocsp_status(self.domain) + assert 'ocsp' not in stat or stat['ocsp'] == "no response sent" + + # MD that must staple and toggle off again + @pytest.mark.skipif(MDTestEnv.lacks_ocsp(), reason="no OCSP responder") + def test_md_800_003(self, env): + self.configure_httpd(env, self.domain, "MDMustStaple on") + assert env.apache_restart() == 0 + assert env.await_completion([self.domain]) + env.check_md_complete(self.domain) + cert1 = MDCertUtil(env.store_domain_file(self.domain, 'pubcert.pem')) + assert cert1.get_must_staple() + self.configure_httpd(env, self.domain, "MDMustStaple off") + assert env.apache_restart() == 0 + assert env.await_completion([self.domain]) + env.check_md_complete(self.domain) + cert1 = MDCertUtil(env.store_domain_file(self.domain, 'pubcert.pem')) + assert not cert1.get_must_staple() + + # MD that must staple + @pytest.mark.skipif(MDTestEnv.lacks_ocsp(), reason="no OCSP responder") + @pytest.mark.skipif(MDTestEnv.get_ssl_module() != "mod_ssl", reason="only for mod_ssl") + def test_md_800_004(self, env): + # mod_ssl stapling is off, expect no stapling + stat = env.get_ocsp_status(self.domain) + assert stat['ocsp'] == "no response sent" + # turn mod_ssl stapling on, expect an answer + self.configure_httpd(env, self.domain, """ + LogLevel ssl:trace2 + SSLUseStapling On + SSLStaplingCache shmcb:stapling_cache(128000) + """) + assert env.apache_restart() == 0 + stat = env.get_ocsp_status(self.domain) + assert stat['ocsp'] == "successful (0x0)" + assert stat['verify'] == "0 (ok)" |