travis unittests: add more test cases #22
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Current versions of sslpsk requires identity and password as bytes, not strings. This commit adapts the example scripts.
Without this change, a test failure will be displayed, but not recognized as error by travis or other tools.
And execute unittest in verbose and buffered mode.
Added tests for different ciphers and different TLS Protocol versions.
Unfortenatlty, the TLS Protocol setting "ssl.PROTOCOL_TLS",
which is the Python ssl module default
and with which the ssl modul should choose the best matching protocol version
fails for the sslpsk client side.
Therefore we mark the test using this as "expected failure".
To improve readablity of the test results,
Python warnings will not be displayed (warnings="ignored").
Also test should best be started in buffered mode ("-b" on command line).
Code is formated by the tool "black".
Test multiple identities with different PSKs. Also switched default TLS protocol from ssl.PROTOCOL_TLSv1 to ssl.PROTOCOL_TLSv1_2 as this also works with Ubuntu 20.04.
The Bareos backup software also uses TLS-PSK and offers a Python module to access the backup server. As their identity uses a special format (TEXT + recordseperator (0x1E) + TEXT) this test verifies, that this format does not cause problems inside sslpsk.
Test the client and server part of sslpsk independently.
This makes it easier to find potential problems.
The corresponding part is handled by the openssl binary
("openssl s_client" resp. "openssl s_server").
Change default TLS protocol from ssl.PROTOCOL_TLSv1_2 to ssl.PROTOCOL_TLS with fallback to ssl.PROTOCOL_SSLv23. On Mac osx stick to ssl.PROTOCOL_TLSv1_2, as ssl.PROTOCOL_TLS and ssl.PROTOCOL_SSLv23 are known to fail in the Travis.org Mac osx test environment. Also skip tests, if the required TLS protocol is not available.
This protocol version is deprecated since Python >= 3.6. Instead ssl.PROTOCOL_TLS should be used. However, some platforms in our test environment are to old to support ssl.PROTOCOL_TLS.
joergsteffens
force-pushed
the
bareos3
branch
from
0e793fa to
86923de
Compare
Contributor
Author
|
My main reason for adding theses tests is that I run into problems on other Linux platforms than Ubuntu 16.04 used by Travis here. In https://github.com/joergsteffens/sslpsk/tree/unittest-distris I added Ubuntu 18.04 and Ubuntu 20.04 to the platforms tested by Travis.
Mac osx seams to have similar problems than Ubunutu 18.04. |
This was referenced Nov 1, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add more test cases and makes it possible to separately test client and server parts (by connecting against the openssl binary).