示例#1
0
def test_well_known_endpoints(managed_process, protocol, endpoint):
    port = "443"

    client_options = ProviderOptions(mode=Provider.ClientMode,
                                     host=endpoint['endpoint'],
                                     port=port,
                                     insecure=False,
                                     client_trust_store=TRUST_STORE_BUNDLE,
                                     protocol=protocol)

    if get_flag(S2N_FIPS_MODE) is True:
        client_options.client_trust_store = "../integration/trust-store/ca-bundle.trust.crt"
    else:
        client_options.client_trust_store = "../integration/trust-store/ca-bundle.crt"

    if 'cipher_preference_version' in endpoint:
        client_options.cipher = endpoint['cipher_preference_version']

    client = managed_process(S2N, client_options, timeout=5)

    for results in client.get_results():
        if results.exception is not None or results.exit_code != 0:
            assert endpoint['endpoint'] in expected_failures

        if 'expected_cipher' in endpoint:
            assert bytes(
                endpoint['expected_cipher'].encode('utf-8')) in results.stdout
示例#2
0
def test_sslyze_scans(managed_process, protocol, scan_command):
    port = next(available_ports)

    server_options = ProviderOptions(mode=S2N.ServerMode,
                                     host=HOST,
                                     port=port,
                                     protocol=protocol,
                                     extra_flags=["--parallelize"])

    # test 1.3 exclusively
    if protocol == Protocols.TLS13:
        server_options.cipher = Cipher("test_all_tls13",
                                       Protocols.TLS13,
                                       False,
                                       False,
                                       s2n=True)

    if scan_command == sslyze.ScanCommand.SESSION_RESUMPTION:
        server_options.reconnect = True,
        server_options.use_session_ticket = True,

    if scan_command == sslyze.ScanCommand.TLS_1_3_EARLY_DATA:
        server_options.insecure = True
        server_options.use_session_ticket = True
        server_options.extra_flags.extend([
            "--max-early-data",
            "65535",
            "--https-server"  # early data scan sends http requests
        ])

    server = managed_process(S2N, server_options, timeout=30)

    scan_results = run_sslyze_scan(HOST, port, [scan_command])

    for result in scan_results:
        assert_scan_result_completed(result)

        scan_results = result.scan_result
        scan_attempts = get_scan_attempts(scan_results)
        for scan_attempt in scan_attempts:
            validate_scan_result(scan_attempt, protocol)

    server.kill()
示例#3
0
def test_well_known_endpoints(managed_process, protocol, endpoint):
    port = "443"

    client_options = ProviderOptions(mode=Provider.ClientMode,
                                     host=endpoint['endpoint'],
                                     port=port,
                                     insecure=False,
                                     protocol=protocol)

    if 'cipher_preference_version' in endpoint:
        client_options.cipher = endpoint['cipher_preference_version']

    client = managed_process(S2N, client_options, timeout=5)

    for results in client.get_results():
        assert results.exception is None
        if results.exit_code != 0:
            assert endpoint['endpoint'] in expected_failures

        if 'expected_cipher' in endpoint:
            assert bytes(
                endpoint['expected_cipher'].encode('utf-8')) in results.stdout