summaryrefslogtreecommitdiffstats
path: root/tests/pytests/test_tls.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 04:15:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 04:15:13 +0000
commit672fd03e83f0333e8d8cb98c222520cd61a2f7a9 (patch)
tree271a0f975ff09b00661f2aba4b9eb2cf21e8457b /tests/pytests/test_tls.py
parentAdding debian version 5.7.2-1. (diff)
downloadknot-resolver-672fd03e83f0333e8d8cb98c222520cd61a2f7a9.tar.xz
knot-resolver-672fd03e83f0333e8d8cb98c222520cd61a2f7a9.zip
Merging upstream version 5.7.3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--tests/pytests/test_tls.py47
1 files changed, 0 insertions, 47 deletions
diff --git a/tests/pytests/test_tls.py b/tests/pytests/test_tls.py
index 3e1328a..2187efb 100644
--- a/tests/pytests/test_tls.py
+++ b/tests/pytests/test_tls.py
@@ -1,15 +1,8 @@
# SPDX-License-Identifier: GPL-3.0-or-later
"""TLS-specific tests"""
-import itertools
-import os
-from socket import AF_INET, AF_INET6
import ssl
-import sys
-
import pytest
-
-from kresd import make_kresd
import utils
@@ -41,43 +34,3 @@ def test_tls_cert_hostname_mismatch(kresd_tt, sock_family):
with pytest.raises(ssl.CertificateError):
ssock.connect(dest)
-
-
-@pytest.mark.skipif(sys.version_info < (3, 6),
- reason="requires python3.6 or higher")
-@pytest.mark.parametrize('sf1, sf2, sf3', itertools.product(
- [AF_INET, AF_INET6], [AF_INET, AF_INET6], [AF_INET, AF_INET6]))
-def test_tls_session_resumption(tmpdir, sf1, sf2, sf3):
- """Attempt TLS session resumption against the same kresd instance and a different one."""
- # TODO ensure that session can't be resumed after session ticket key regeneration
- # at the first kresd instance
-
- # NOTE TLS 1.3 is intentionally disabled for session resumption tests,
- # because python's SSLSocket.session isn't compatible with TLS 1.3
- # https://docs.python.org/3/library/ssl.html?highlight=ssl%20ticket#tls-1-3
-
- def connect(kresd, ctx, sf, session=None):
- sock, dest = kresd.stream_socket(sf, tls=True)
- ssock = ctx.wrap_socket(
- sock, server_hostname='transport-test-server.com', session=session)
- ssock.connect(dest)
- new_session = ssock.session
- assert new_session.has_ticket
- assert ssock.session_reused == (session is not None)
- utils.ping_alive(ssock)
- ssock.close()
- return new_session
-
- workdir = os.path.join(str(tmpdir), 'kresd')
- os.makedirs(workdir)
-
- with make_kresd(workdir, 'tt') as kresd:
- ctx = utils.make_ssl_context(
- verify_location=kresd.tls_cert_path, extra_options=[ssl.OP_NO_TLSv1_3])
- session = connect(kresd, ctx, sf1) # initial conn
- connect(kresd, ctx, sf2, session) # resume session on the same instance
-
- workdir2 = os.path.join(str(tmpdir), 'kresd2')
- os.makedirs(workdir2)
- with make_kresd(workdir2, 'tt') as kresd2:
- connect(kresd2, ctx, sf3, session) # resume session on a different instance