diff options
author | Ruslan N. Marchenko <me@ruff.mobi> | 2020-05-11 02:28:58 +0200 |
---|---|---|
committer | Ruslan N. Marchenko <me@ruff.mobi> | 2020-05-11 04:36:16 +0200 |
commit | aa31ef0b5192bf674044eec9678c08250405453f (patch) | |
tree | 449b978c9f75142fa64336e87d9418ec46d87c18 | |
parent | fa256a3ab3e777aab3bb1c866aacf31541416e9a (diff) |
Update test suite to latest changes
* Update test certificate to use SHA2 to avoid INSECURE error
* Add certificate refresh dependency to Makefile
* Add SASL SCRAM worng password test workaround
* Suppress CRL verification tests as not supported by GIO-TLS
* Fix summarise-tests.py to handle deprecations and new syntax
-rw-r--r-- | tests/Makefile.am | 10 | ||||
-rw-r--r-- | tests/certs/tls-cert.pem | 45 | ||||
-rwxr-xr-x | tests/summarise-tests.py | 12 | ||||
-rw-r--r-- | tests/wocky-connector-test.c | 4 | ||||
-rw-r--r-- | tests/wocky-test-sasl-auth-server.c | 7 |
5 files changed, 49 insertions, 29 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 1b16bd1..b00e77c 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -44,6 +44,13 @@ TLSDEFS := -DTLS_CA_KEY_FILE='"$(CA_KEY)"' \ -DTLS_BADWILD_KEY_FILE='"$(BADWILD_KEY)"' \ -DTLS_CRL_DIR='"$(CRL_DIR)"' \ -DTLS_CA_DIR='"$(CA_DIR)"' + +CA0S = $(BADWILD_CERT) $(WILD_CERT) $(TLS_CERT) $(NEW_CERT) $(EXP_CERT) $(REV_CERT) $(SS_CERT) + +certs: $(CA0S) + +$(CA0S): $(CERT_DIR)/%-cert.pem: $(CERT_DIR)/%-cert.cfg $(CA_CERT) $(CA_KEY) + certtool --generate-certificate --template $< --outfile $@ --load-privkey certs/$*-key.pem --load-ca-certificate $(CA_CERT) --load-ca-privkey $(CA_KEY) ############################################################################ TEST_PROGS = \ wocky-bare-contact-test \ @@ -248,7 +255,8 @@ test-report: test-report.xml test-report.xml: ${TEST_PROGS} test test: ${TEST_PROGS} - gtester -o test-report.xml -k --verbose ${TEST_PROGS} + G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:-VERS-TLS1.3' \ + gtester -o test-report.xml -k --verbose ${TEST_PROGS} @if [ -x $(which python) ] ; then \ $(SUMMARY) $@-report.xml ; \ else \ diff --git a/tests/certs/tls-cert.pem b/tests/certs/tls-cert.pem index 0a393c1..461d0f4 100644 --- a/tests/certs/tls-cert.pem +++ b/tests/certs/tls-cert.pem @@ -1,24 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwagAwIBAgIBAjALBgkqhkiG9w0BAQUwbDELMAkGA1UEBhMCVUsxEjAQ -BgNVBAoTCUNvbGxhYm9yYTEZMBcGA1UECxMQV29ja3kgVGVzdCBTdWl0ZTERMA8G -A1UECBMIQ29uZnVzZWQxGzAZBgNVBAMTEldvY2t5IFhNUFAgTGlicmFyeTAeFw0w -OTA5MTgxMjU0MDdaFw0zNzA5MTExMjU0MDdaMGkxCzAJBgNVBAYTAlVLMRIwEAYD -VQQKEwlDb2xsYWJvcmExGTAXBgNVBAsTEFdvY2t5IFRlc3QgU3VpdGUxDjAMBgNV -BAgTBURhemVkMRswGQYDVQQDExJXb2NreSBYTVBQIExpYnJhcnkwggEfMAsGCSqG -SIb3DQEBAQOCAQ4AMIIBCQKCAQDC30AXWnLcakXrq3rHIfy+0u7zNAmdRYw88MIA -7wpZZ4LxMHMqu4YnnyysoRNI9wblCPkJ29XyBmhfLc9Gmnnl6phzf04n9x93Z8t9 -JHnnwqqJzdtxfuHsAWa/+2He3uNxWML+dUy/OB5iazPeCwKtqwmh57oLFLHkF+Dh -hrweUkoQDDnJ/1xT0bHmdslQ9qnMIxhjDUoZ9TkAk+8PpsoHbPclfr6ytnCjGfLO -oA9vWehPokTDvQPQmXc52vIFNp8A3h05jep3DBYzkG+WJcJRNhyxC0dzFqyrFJW2 -XMtCs0p1cPaHgXVPCe4icXLY48ehVaFvBR02K3jVQ7WketzxAgMBAAGjgdIwgc8w -DAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwIQYD -VR0RBBowGIIQd2Vhc2VsLWp1aWNlLm9yZ4cEfwAAATAPBgNVHQ8BAf8EBQMDByAA -MB0GA1UdDgQWBBRDAfw/7QRZO5a0qmJ75Oeo3hA01zAfBgNVHSMEGDAWgBRJMCYI -jJrWac2LwMwOXAKOSh+mjDAsBgNVHR8EJTAjMCGgH6AdhhtmaWxlOi8vL3RtcC93 -b2NreS10ZXN0cy9jcmwwCwYJKoZIhvcNAQEFA4IBAQAIcwQ8FN7lnnQPm4al6y5v -zrGzVSxkUuN+I8457E9ZAoFpItMGqWWKjjbOgjS3d95yJWmEW2eBVC3/LMEAvv4z -Q6HkTRhafkiLWmXNa8DtbUq1cZ2hNrR1lNTOL4zXwg9JQbtFw0EAM7LfSgqHhTzs -xO0AbXaO0TlbYkn9/amPCNQcFjg6Dgdm3x0T3g/tLQjtzjro/hdgYZqPng0MYBpG -AUj99FwahI5D8cAPoUjtpxZOlsexz4r8UVGNRvL0Wqg57w8KKF7GVr15b2ZAeQwo -pNJkMSXAyPpKW24Q06zwYFnC+Cp32udf2wIB9FEC3zNQugUbtFitHzPjzhum13iR +MIIELTCCAxWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVSzES +MBAGA1UEChMJQ29sbGFib3JhMRkwFwYDVQQLExBXb2NreSBUZXN0IFN1aXRlMREw +DwYDVQQIEwhDb25mdXNlZDEbMBkGA1UEAxMSV29ja3kgWE1QUCBMaWJyYXJ5MB4X +DTIwMDUxMDIwMTI0NVoXDTQ4MDUwMzIwMTI0NVowaTEbMBkGA1UEAxMSV29ja3kg +WE1QUCBMaWJyYXJ5MRkwFwYDVQQLExBXb2NreSBUZXN0IFN1aXRlMRIwEAYDVQQK +EwlDb2xsYWJvcmExDjAMBgNVBAgTBURhemVkMQswCQYDVQQGEwJVSzCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLfQBdactxqReuresch/L7S7vM0CZ1F +jDzwwgDvCllngvEwcyq7hiefLKyhE0j3BuUI+Qnb1fIGaF8tz0aaeeXqmHN/Tif3 +H3dny30keefCqonN23F+4ewBZr/7Yd7e43FYwv51TL84HmJrM94LAq2rCaHnugsU +seQX4OGGvB5SShAMOcn/XFPRseZ2yVD2qcwjGGMNShn1OQCT7w+mygds9yV+vrK2 +cKMZ8s6gD29Z6E+iRMO9A9CZdzna8gU2nwDeHTmN6ncMFjOQb5YlwlE2HLELR3MW +rKsUlbZcy0KzSnVw9oeBdU8J7iJxctjjx6FVoW8FHTYreNVDtaR63PECAwEAAaOB +3DCB2TAMBgNVHRMBAf8EAjAAMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcD +AQYIKwYBBQUHAwgwIQYDVR0RBBowGIIQd2Vhc2VsLWp1aWNlLm9yZ4cEfwAAATAP +BgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBSnm0ure0FMVwcbd37kVDoq2IC49zAf +BgNVHSMEGDAWgBRJMCYIjJrWac2LwMwOXAKOSh+mjDAsBgNVHR8EJTAjMCGgH6Ad +hhtmaWxlOi8vL3RtcC93b2NreS10ZXN0cy9jcmwwDQYJKoZIhvcNAQELBQADggEB +AFujRXAlEdlLW/QcedCfloA5OCFhDhMQSScu/QHTirgQ7yuFpS0XEeWkfWbgv3Iz +q0StLZdDbd8xLU47boiOYx6fep6aKwRsomeewIoydxvBWLmgX8u+Re5BzWiDXif+ +w0xbiIuL5/vRADs2XpMNjC8hRlDQ0DiwO4zQ7JdfXuULZI6fnmLFXBGHn4ROModv +ihbnALXBphRhS6Jx2vPT9vSUcl1EodxXkAevL1gAGpx/h9AY0C8hg4mgt1KBgUMh +yPtDiUUji/mssUVS+ovCDIwNxUdJmjnVHwuyheroU1DHLKuNLywv6anzchtbpQSb +AArp9feDlebDbxJf7hu+zck= -----END CERTIFICATE----- diff --git a/tests/summarise-tests.py b/tests/summarise-tests.py index 684635e..abe62f0 100755 --- a/tests/summarise-tests.py +++ b/tests/summarise-tests.py @@ -26,11 +26,11 @@ def process(testbinary): return (cases, failures) doc = minidom.parse(sys.argv[1]) - +rep = doc.childNodes[0] if doc.childNodes[0].nodeType == doc.childNodes[0].ELEMENT_NODE else doc.childNodes[1] okay = True tests = {} -for e in doc.childNodes[0].childNodes: +for e in rep.childNodes: if e.nodeType != e.ELEMENT_NODE or e.localName != 'testbinary': continue path = e.getAttribute("path") @@ -39,17 +39,17 @@ for e in doc.childNodes[0].childNodes: ocases, ofailures = tests.get (path, [ 0, []]) tests[path] = [ ocases + cases, ofailures + failures ] -for name, [cases, failures] in tests.iteritems(): +for name, [cases, failures] in tests.items(): if failures == []: result = 'PASS' else: result = 'FAIL' okay = False - print "%s: %s: %u/%u tests passed" % (result, name, cases - len (failures), cases) + print("%s: %s: %u/%u tests passed" % (result, name, cases - len (failures), cases)) for f in failures: - print "\tFailure: %s" % f + print("\tFailure: %s" % f) if not okay: - print "Disaster! Calamity!" + print("Disaster! Calamity!") sys.exit(1) diff --git a/tests/wocky-connector-test.c b/tests/wocky-connector-test.c index fae3922..f985406 100644 --- a/tests/wocky-connector-test.c +++ b/tests/wocky-connector-test.c @@ -2821,6 +2821,7 @@ test_t tests[] = { "moose@weasel-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_STRICT, TLS_CA_DIR } } }, +#ifdef GIO_TLS_CRL_ENABLED { "/connector/cert-verification/tls/revoked/fail", QUIET, { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_REVOKED, -1 }, @@ -2844,6 +2845,7 @@ test_t tests[] = { TLS_REQUIRED, { "moose@weasel-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1, STARTTLS, CERT_CHECK_LENIENT, TLS_CA_DIR } } }, +#endif /* GIO_TLS_CRL_ENABLED */ /* ********************************************************************* */ /* as above but with legacy ssl */ @@ -2991,6 +2993,7 @@ test_t tests[] = { "moose@weasel-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_STRICT, TLS_CA_DIR } } }, +#ifdef GIO_TLS_CRL_ENABLED { "/connector/cert-verification/ssl/revoked/fail", QUIET, { S_WOCKY_TLS_CERT_ERROR, WOCKY_TLS_CERT_REVOKED, -1 }, @@ -3014,6 +3017,7 @@ test_t tests[] = { TLS_REQUIRED, { "moose@weasel-juice.org", "something", PLAIN, TLS }, { NULL, 0, XMPP_V1, OLD_SSL, CERT_CHECK_LENIENT, TLS_CA_DIR } } }, +#endif /* GIO_TLS_CRL_ENABLED */ /* ********************************************************************* */ /* certificate non-verification tests */ diff --git a/tests/wocky-test-sasl-auth-server.c b/tests/wocky-test-sasl-auth-server.c index 375cc94..c76a658 100644 --- a/tests/wocky-test-sasl-auth-server.c +++ b/tests/wocky-test-sasl-auth-server.c @@ -494,6 +494,13 @@ check_sasl_return (TestSaslAuthServer *self, int ret) g_assert_cmpint (priv->problem, ==, SERVER_PROBLEM_INVALID_PASSWORD); not_authorized (self); return FALSE; +#if SASL_VERSION_FULL <= 0x02011B + case SASL_BADPROT: + /* Bad password provided - scram pre #545 */ + g_assert_cmpint (priv->problem, ==, SERVER_PROBLEM_INVALID_PASSWORD); + not_authorized (self); + return FALSE; +#endif /* SASL_VERSION_FULL */ case SASL_NOUSER: /* Unknown user */ g_assert_cmpint (priv->problem, ==, SERVER_PROBLEM_INVALID_USERNAME); |