diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:26:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:26:00 +0000 |
commit | 830407e88f9d40d954356c3754f2647f91d5c06a (patch) | |
tree | d6a0ece6feea91f3c656166dbaa884ef8a29740e /tests/pytests/test_rehandshake.py | |
parent | Initial commit. (diff) | |
download | knot-resolver-830407e88f9d40d954356c3754f2647f91d5c06a.tar.xz knot-resolver-830407e88f9d40d954356c3754f2647f91d5c06a.zip |
Adding upstream version 5.6.0.upstream/5.6.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | tests/pytests/test_rehandshake.py | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/tests/pytests/test_rehandshake.py b/tests/pytests/test_rehandshake.py new file mode 100644 index 0000000..f07ba58 --- /dev/null +++ b/tests/pytests/test_rehandshake.py @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +"""TLS rehandshake test + +Test is using TLS proxy with rehandshake. When queries are sent, they are +simply forwarded. When the responses are sent back, a rehandshake is performed +after every 8 bytes. + +It is expected the answer will be received by the source kresd instance +and sent back to the client (this test). +""" + +import re +import time + +import pytest + +from proxy import HINTS, kresd_tls_client, resolve_hint, TLSProxy + + +def verify_rehandshake(tmpdir, proxy): + with kresd_tls_client(str(tmpdir), proxy) as kresd: + sock2 = kresd.ip_tcp_socket() + try: + for hint in HINTS: + resolve_hint(sock2, hint) + time.sleep(0.1) + finally: + # verify log + n_connecting_to = 0 + n_rehandshake = 0 + partial_log = kresd.partial_log() + print(partial_log) + for line in partial_log.splitlines(): + if re.search(r"connecting to: .*", line) is not None: + n_connecting_to += 1 + elif re.search(r"TLS rehandshake .* has started", line) is not None: + n_rehandshake += 1 + assert n_connecting_to == 1 # should connect exactly once + assert n_rehandshake > 0 + + +def test_proxy_rehandshake_tls12(tmpdir): + proxy = TLSProxy(rehandshake=True) + verify_rehandshake(tmpdir, proxy) + + +# TODO fix TLS v1.3 proxy / kresd rehandshake +@pytest.mark.xfail( + reason="TLS 1.3 rehandshake isn't properly supported either in tlsproxy or in kresd") +def test_proxy_rehandshake_tls13(tmpdir): + proxy = TLSProxy(rehandshake=True, force_tls13=True) + verify_rehandshake(tmpdir, proxy) |