diff options
Diffstat (limited to 'test/modules/tls/test_15_proxy_tls.py')
-rw-r--r-- | test/modules/tls/test_15_proxy_tls.py | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/test/modules/tls/test_15_proxy_tls.py b/test/modules/tls/test_15_proxy_tls.py new file mode 100644 index 0000000..f2f670d --- /dev/null +++ b/test/modules/tls/test_15_proxy_tls.py @@ -0,0 +1,86 @@ +import re +from datetime import timedelta + +import pytest + +from .conf import TlsTestConf + + +class TestProxyTLS: + + @pytest.fixture(autouse=True, scope='class') + def _class_scope(self, env): + # add vhosts a+b and a ssl proxy from a to b + conf = TlsTestConf(env=env, extras={ + 'base': [ + "LogLevel proxy:trace1 proxy_http:trace1 proxy_http2:trace2 http2:trace2 cgid:trace4", + "TLSProxyProtocol TLSv1.3+", + f"<Proxy https://127.0.0.1:{env.https_port}/>", + " TLSProxyEngine on", + f" TLSProxyCA {env.ca.cert_file}", + " TLSProxyProtocol TLSv1.2+", + " TLSProxyCiphersPrefer TLS13_AES_256_GCM_SHA384", + " TLSProxyCiphersSuppress TLS13_AES_128_GCM_SHA256", + " ProxyPreserveHost on", + "</Proxy>", + f"<Proxy https://localhost:{env.https_port}/>", + " ProxyPreserveHost on", + "</Proxy>", + f"<Proxy h2://127.0.0.1:{env.https_port}/>", + " TLSProxyEngine on", + f" TLSProxyCA {env.ca.cert_file}", + " TLSProxyCiphersSuppress TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256", + " ProxyPreserveHost on", + "</Proxy>", + ], + env.domain_b: [ + "Protocols h2 http/1.1", + f"ProxyPass /proxy-tls/ https://127.0.0.1:{env.https_port}/", + f"ProxyPass /proxy-local/ https://localhost:{env.https_port}/", + f"ProxyPass /proxy-h2-tls/ h2://127.0.0.1:{env.https_port}/", + "TLSOptions +StdEnvVars", + ], + }) + conf.add_tls_vhosts(domains=[env.domain_a, env.domain_b]) + conf.install() + assert env.apache_restart() == 0 + + def test_tls_15_proxy_tls_get(self, env): + data = env.tls_get_json(env.domain_b, "/proxy-tls/index.json") + assert data == {'domain': env.domain_b} + + def test_tls_15_proxy_tls_get_local(self, env): + # does not work, since SSLProxy* not configured + data = env.tls_get_json(env.domain_b, "/proxy-local/index.json") + assert data is None + + def test_tls_15_proxy_tls_h2_get(self, env): + r = env.tls_get(env.domain_b, "/proxy-h2-tls/index.json") + assert r.exit_code == 0 + assert r.json == {'domain': env.domain_b}, f"{r.stdout}" + + @pytest.mark.parametrize("name, value", [ + ("SERVER_NAME", "b.mod-tls.test"), + ("SSL_PROTOCOL", "TLSv1.3"), + ("SSL_CIPHER", "TLS_AES_256_GCM_SHA384"), + ("SSL_SESSION_RESUMED", "Initial"), + ("SSL_SECURE_RENEG", "false"), + ("SSL_COMPRESS_METHOD", "NULL"), + ("SSL_CIPHER_EXPORT", "false"), + ("SSL_CLIENT_VERIFY", "NONE"), + ]) + def test_tls_15_proxy_tls_h1_vars(self, env, name: str, value: str): + r = env.tls_get(env.domain_b, f"/proxy-tls/vars.py?name={name}") + assert r.exit_code == 0, r.stderr + assert r.json == {name: value}, r.stdout + + @pytest.mark.parametrize("name, value", [ + ("SERVER_NAME", "b.mod-tls.test"), + ("SSL_PROTOCOL", "TLSv1.3"), + ("SSL_CIPHER", "TLS_CHACHA20_POLY1305_SHA256"), + ("SSL_SESSION_RESUMED", "Initial"), + ]) + def test_tls_15_proxy_tls_h2_vars(self, env, name: str, value: str): + r = env.tls_get(env.domain_b, f"/proxy-h2-tls/vars.py?name={name}") + assert r.exit_code == 0, r.stderr + assert r.json == {name: value}, r.stdout |