summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2016-02-15 20:10:58 +0100
committerRob Crittenden <rcritten@redhat.com>2016-02-29 16:09:17 -0500
commit5b93aa509881c307050de41e88000c33e13080be (patch)
tree8c1b31947ff6a9f1a4fc863ab661b1d1758bf9cd
parent69a6b5dbb026f1bc35ae3aeeeacc9cef92da2851 (diff)
downloadmod_nss-5b93aa509881c307050de41e88000c33e13080be.tar.gz
mod_nss-5b93aa509881c307050de41e88000c33e13080be.tar.xz
mod_nss-5b93aa509881c307050de41e88000c33e13080be.zip
tests: Centralize the openssl ciphers flags when comparing
I used to have a separate set of options when comparing the NSS and OpenSSL ciphers. These differed between tests, sometimes being just a difference in order. This just made the tests hard to understand.
-rw-r--r--test/test_cipher.py120
1 files changed, 64 insertions, 56 deletions
diff --git a/test/test_cipher.py b/test/test_cipher.py
index d28b6ea..4e69fc6 100644
--- a/test/test_cipher.py
+++ b/test/test_cipher.py
@@ -4,7 +4,7 @@ import nose
from nose.tools import make_decorator
# This file is auto-generated by configure
-from variable import ENABLE_SHA384, ENABLE_GCM
+from variable import ENABLE_SHA384, ENABLE_GCM, ENABLE_SERVER_DHE
cwd = os.getcwd()
srcdir = os.path.dirname(cwd)
@@ -25,7 +25,14 @@ CIPHERS_NOT_IN_NSS = ['ECDH-RSA-AES128-SHA256',
'EXP-EDH-RSA-DES-CBC-SHA',
]
-def assert_equal_openssl(nss_ciphers, ossl_ciphers):
+OPENSSL_CIPHERS_IGNORE = ":-SSLv2:-KRB5:-PSK:-ADH:-DSS:-SEED:-IDEA"
+
+if ENABLE_SERVER_DHE == 0:
+ OPENSSL_CIPHERS_IGNORE += ':-DH'
+
+def assert_equal_openssl(ciphers):
+ nss_ciphers = ciphers
+ ossl_ciphers = ciphers + OPENSSL_CIPHERS_IGNORE
(nss, err, rc) = run([exe, "--o", nss_ciphers])
assert rc == 0
(ossl, err, rc) = run([openssl, "ciphers", ossl_ciphers])
@@ -73,66 +80,67 @@ class test_ciphers(object):
cls.ciphernum = int(out)
def test_RSA(self):
- assert_equal_openssl("RSA", "RSA:-SSLv2:-SEED:-IDEA")
+ assert_equal_openssl("RSA")
def test_kRSA(self):
- assert_equal_openssl("kRSA", "kRSA:-SSLv2:-SEED:-IDEA")
+ assert_equal_openssl("kRSA")
def test_aRSA(self):
- assert_equal_openssl("aRSA", "aRSA:-SSLv2:-SEED:-IDEA")
+ assert_equal_openssl("aRSA")
def test_EDH(self):
- # No DH ciphers supported yet
- (out, err, rc) = run([exe, "EDH"])
- assert rc == 1
+ assert_equal_openssl("EDH")
+
+ def test_DH(self):
+ assert_equal_openssl("DH")
def test_RC4(self):
- assert_equal_openssl("RC4", "RC4:-KRB5:-PSK:-ADH")
+ assert_equal_openssl("RC4")
def test_RC2(self):
- assert_equal_openssl("RC2", "RC2:-SSLv2:-KRB5")
+ assert_equal_openssl("RC2")
def test_AES(self):
- assert_equal_openssl("AES", "AES:-PSK:-ADH:-DSS")
+ assert_equal_openssl("AES")
def test_AESGCM(self):
- assert_equal_openssl("AESGCM", "AESGCM:-ADH:-DSS")
+ assert_equal_openssl("AESGCM")
def test_AES128(self):
- assert_equal_openssl("AES128", "AES128:-PSK:-ADH:-DSS")
+ assert_equal_openssl("AES128")
def test_AES256(self):
- assert_equal_openssl("AES256", "AES256:-PSK:-ADH:-DSS")
+ assert_equal_openssl("AES256")
def test_CAMELLIA(self):
- assert_equal_openssl("CAMELLIA", "CAMELLIA:-ADH:-DSS")
+ assert_equal_openssl("CAMELLIA")
def test_CAMELLIA128(self):
- assert_equal_openssl("CAMELLIA128", "CAMELLIA128:-ADH:-DSS")
+ assert_equal_openssl("CAMELLIA128")
def test_CAMELLIA256(self):
- assert_equal_openssl("CAMELLIA256", "CAMELLIA256:-ADH:-DSS")
+ assert_equal_openssl("CAMELLIA256")
def test_3DES(self):
- assert_equal_openssl("3DES", "3DES:-SSLv2:-PSK:-KRB5:-ADH:-DSS")
+ assert_equal_openssl("3DES")
def test_DES(self):
- assert_equal_openssl("DES", "DES:-SSLv2:-KRB5:-ADH:-DSS")
+ assert_equal_openssl("DES")
def test_ALL(self):
- assert_equal_openssl("ALL", "ALL:-SSLv2:-KRB5:-ADH:-DSS:-PSK:-SEED:-IDEA")
+ assert_equal_openssl("ALL")
def test_ALL_no_AES(self):
- assert_equal_openssl("ALL:-AES", "ALL:-AES:-SSLv2:-KRB5:-ADH:-DSS:-PSK:-SEED:-IDEA")
+ assert_equal_openssl("ALL:-AES")
def test_COMPLEMENTOFALL(self):
- assert_equal_openssl("COMPLEMENTOFALL", "COMPLEMENTOFALL")
+ assert_equal_openssl("COMPLEMENTOFALL")
# skipping DEFAULT as we use the NSS defaults
# skipping COMPLEMENTOFDEFAULT as these are all ADH ciphers
def test_SSLv3(self):
- assert_equal_openssl("SSLv3", "SSLv3:-KRB5:-PSK:-ADH:-SEED:-IDEA:-DSS")
+ assert_equal_openssl("SSLv3")
def test_SSLv3_equals_TLSv1(self):
(nss, err, rc) = run([exe, "--o", "SSLv3"])
@@ -142,10 +150,10 @@ class test_ciphers(object):
assert_equal(nss, nss2)
def test_TLSv12(self):
- assert_equal_openssl("TLSv1.2", "TLSv1.2:TLSv1.2:-ADH:-DSS")
+ assert_equal_openssl("TLSv1.2")
def test_NULL(self):
- assert_equal_openssl("NULL", "NULL")
+ assert_equal_openssl("NULL")
def test_nss_rsa_rc4_128(self):
# Test NSS cipher parsing
@@ -154,94 +162,94 @@ class test_ciphers(object):
assert_equal(out, 'rsa_rc4_128_md5, rsa_rc4_128_sha')
def test_EXP(self):
- assert_equal_openssl("EXP", "EXP:-SSLv2:-KRB5:-ADH:-DSS")
+ assert_equal_openssl("EXP")
def test_EXPORT(self):
- assert_equal_openssl("EXPORT", "EXPORT:-SSLv2:-KRB5:-ADH:-DSS")
+ assert_equal_openssl("EXPORT")
def test_EXPORT40(self):
- assert_equal_openssl("EXPORT40", "EXPORT40:-SSLv2:-ADH:-KRB5:-DSS")
+ assert_equal_openssl("EXPORT40")
def test_MD5(self):
- assert_equal_openssl("MD5", "MD5:-SSLv2:-KRB5:-ADH")
+ assert_equal_openssl("MD5")
def test_SHA(self):
- assert_equal_openssl("SHA", "SHA:-SSLv2:-KRB5:-PSK:-IDEA:-SEED:-ADH:-DSS")
+ assert_equal_openssl("SHA")
def test_HIGH(self):
- assert_equal_openssl("HIGH", "HIGH:-SSLv2:-ADH:-KRB5:-PSK:-DSS")
+ assert_equal_openssl("HIGH")
def test_MEDIUM(self):
- assert_equal_openssl("MEDIUM", "MEDIUM:-SSLv2:-ADH:-KRB5:-PSK:-SEED:-IDEA")
+ assert_equal_openssl("MEDIUM")
def test_LOW(self):
- assert_equal_openssl("LOW", "LOW:-SSLv2:-ADH:-KRB5:-DSS")
+ assert_equal_openssl("LOW")
def test_SHA256(self):
- assert_equal_openssl("SHA256", "SHA256:-ADH:-DSS")
+ assert_equal_openssl("SHA256")
def test_SHA_MD5_minus_AES(self):
- assert_equal_openssl("SHA:MD5:-AES", "SHA:MD5:-AES:-SSLv2:-DSS:-KRB5:-SEED:-PSK:-IDEA:-ADH")
+ assert_equal_openssl("SHA:MD5:-AES")
def test_SHA_MD5_not_AES(self):
- assert_equal_openssl("!AES:SHA:MD5", "!AES:SHA:MD5:-SSLv2:-KRB5:-DSS:-SEED:-PSK:-IDEA:-ADH")
+ assert_equal_openssl("!AES:SHA:MD5")
def test_aECDH(self):
- assert_equal_openssl("aECDH", "aECDH")
+ assert_equal_openssl("aECDH")
def test_kECDH(self):
- assert_equal_openssl("kECDH", "kECDH")
+ assert_equal_openssl("kECDH")
def test_kECDHe(self):
- assert_equal_openssl("kECDHe", "kECDHe")
+ assert_equal_openssl("kECDHe")
def test_kECDHr(self):
- assert_equal_openssl("kECDHr", "kECDHr")
+ assert_equal_openssl("kECDHr")
def test_kEECDH(self):
- assert_equal_openssl("kEECDH", "kEECDH")
+ assert_equal_openssl("kEECDH")
def test_AECDH(self):
- assert_equal_openssl("AECDH", "AECDH")
+ assert_equal_openssl("AECDH")
def test_EECDH(self):
- assert_equal_openssl("EECDH", "EECDH")
+ assert_equal_openssl("EECDH")
def test_ECDSA(self):
- assert_equal_openssl("ECDSA", "ECDSA")
+ assert_equal_openssl("ECDSA")
def test_aECDSA(self):
- assert_equal_openssl("aECDSA", "aECDSA")
+ assert_equal_openssl("aECDSA")
def test_ECDH(self):
- assert_equal_openssl("ECDH", "ECDH")
+ assert_equal_openssl("ECDH")
def test_AES_no_ECDH(self):
- assert_equal_openssl("AES:-ECDH", "AES:-ECDH:-ADH:-PSK:-ADH:-DSS")
+ assert_equal_openssl("AES:-ECDH")
def test_AES_plus_RSA(self):
- assert_equal_openssl("AES+RSA", "AES+RSA:-ADH:-DSS")
+ assert_equal_openssl("AES+RSA")
def test_logical_and_3DES_RSA(self):
- assert_equal_openssl("3DES+RSA", "3DES+RSA:-SSLv2")
+ assert_equal_openssl("3DES+RSA")
def test_logical_and_RSA_RC4(self):
- assert_equal_openssl("RSA+RC4", "RSA+RC4:-SSLv2")
+ assert_equal_openssl("RSA+RC4")
def test_logical_and_ECDH_SHA(self):
- assert_equal_openssl("ECDH+SHA", "ECDH+SHA")
+ assert_equal_openssl("ECDH+SHA")
def test_logical_and_RSA_RC4_no_SHA(self):
- assert_equal_openssl("RSA+RC4:!SHA", "RSA+RC4:-SSLv2:!SHA")
+ assert_equal_openssl("RSA+RC4:!SHA")
def test_additive_RSA_RC4(self):
- assert_equal_openssl("RSA:+RC4", "RSA:+RC4:-SSLv2:-SEED:-IDEA")
+ assert_equal_openssl("RSA:+RC4")
def test_additive_ECDH_plus_aRSA(self):
- assert_equal_openssl("ECDH+aRSA", "ECDH+aRSA")
+ assert_equal_openssl("ECDH+aRSA")
def test_negative_plus_RSA_MD5(self):
- assert_equal_openssl("-RC2:RSA+MD5", "-RC2:RSA+MD5:-SSLv2")
+ assert_equal_openssl("-RC2:RSA+MD5")
def test_DEFAULT_aRSA(self):
assert_no_NULL("DEFAULT:aRSA")
@@ -273,7 +281,7 @@ class test_ciphers(object):
assert_equal(out, 'aes_128_sha_256')
def test_openssl_single_cipher(self):
- assert_equal_openssl("RC4-SHA", "RC4-SHA")
+ assert_equal_openssl("RC4-SHA")
def test_invalid_format(self):
(out, err, rc) = run([exe, "none"])