Don't special-case tls handling in tests

Don't let the TLS tests accept errors that wouldn't be accepted when
idle runs normally, instead implement minimal ServerTLSConnection in the
test which need it and add a minimal test for rejecting certificates.

4 files changed, 38 insertions, 2 deletions

diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am
index aa749ef..684918f 100644
--- a/tests/twisted/Makefile.am
+++ b/tests/twisted/Makefile.am
@@ -2,6 +2,7 @@ TWISTED_TESTS = \
 		cm/protocol.py \
 		connect/connect-success.py \
 		connect/connect-success-ssl.py \
+		connect/connect-reject-ssl.py \
 		connect/connect-fail.py \
 		connect/connect-fail-ssl.py \
 		connect/ping.py \
@@ -46,7 +47,6 @@ check-twisted:
 	rm -f tools/core
 	rm -f tools/idle-testing.log
 	failed=0; \
-	IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS=vulnerable \
 	sh $(srcdir)/tools/with-session-bus.sh \
 		--config-file=tools/tmp-session-bus.conf \
 		-- $(MAKE) check-TESTS \
diff --git a/tests/twisted/connect/connect-fail-ssl.py b/tests/twisted/connect/connect-fail-ssl.py
index dd9658f..283bc03 100644
--- a/tests/twisted/connect/connect-fail-ssl.py
+++ b/tests/twisted/connect/connect-fail-ssl.py
@@ -14,4 +14,3 @@ def test(q, bus, conn, stream):
 if __name__ == '__main__':
     # there is no ssl server listening at port 5600, so this should fail
     exec_test(test, {'port': dbus.UInt32(5600), 'use-ssl': dbus.Boolean(True)})
-
diff --git a/tests/twisted/connect/connect-reject-ssl.py b/tests/twisted/connect/connect-reject-ssl.py
new file mode 100644
index 0000000..8028428
--- /dev/null
+++ b/tests/twisted/connect/connect-reject-ssl.py
@@ -0,0 +1,29 @@
+
+"""
+Test connecting to a SSL server.
+"""
+
+import dbus
+import constants as cs
+from idletest import exec_test, SSLIRCServer
+from servicetest import EventPattern, call_async
+
+def test(q, bus, conn, stream):
+    conn.Connect()
+    q.expect_many(
+            EventPattern('dbus-signal', signal='StatusChanged', args=[1, 1]),
+            EventPattern('irc-connected'))
+    e = q.expect('dbus-signal', signal='NewChannels')
+    channels = e.args[0]
+    path, props = channels[0]
+
+    cert = bus.get_object (conn.bus_name, props[cs.TLS_CERT_PATH])
+    cert.Reject([(cs.TLS_REJECT_REASON_UNTRUSTED, cs.CERT_UNTRUSTED, {})],
+        signature = 'a(usa{sv})')
+
+    q.expect('dbus-signal', signal='StatusChanged', args=[2, 2])
+    return True
+
+if __name__ == '__main__':
+    exec_test(test, {'use-ssl':dbus.Boolean(True)}, protocol=SSLIRCServer)
+
diff --git a/tests/twisted/connect/connect-success-ssl.py b/tests/twisted/connect/connect-success-ssl.py
index 627eeb8..33062c5 100644
--- a/tests/twisted/connect/connect-success-ssl.py
+++ b/tests/twisted/connect/connect-success-ssl.py
@@ -4,6 +4,7 @@ Test connecting to a SSL server.
 """
 
 import dbus
+import constants as cs
 from idletest import exec_test, SSLIRCServer
 from servicetest import EventPattern, call_async
 
@@ -12,6 +13,13 @@ def test(q, bus, conn, stream):
     q.expect_many(
             EventPattern('dbus-signal', signal='StatusChanged', args=[1, 1]),
             EventPattern('irc-connected'))
+    e = q.expect('dbus-signal', signal='NewChannels')
+    channels = e.args[0]
+    path, props = channels[0]
+
+    cert = bus.get_object (conn.bus_name, props[cs.TLS_CERT_PATH])
+    cert.Accept()
+
     q.expect('dbus-signal', signal='SelfHandleChanged',
         args=[1L])
     q.expect('dbus-signal', signal='StatusChanged', args=[0, 1])