def test_well_known_endpoints(managed_process, protocol, endpoint): port = "443" client_options = ProviderOptions(mode=Provider.ClientMode, host=endpoint['endpoint'], port=port, insecure=False, client_trust_store=TRUST_STORE_BUNDLE, protocol=protocol) if get_flag(S2N_FIPS_MODE) is True: client_options.client_trust_store = "../integration/trust-store/ca-bundle.trust.crt" else: client_options.client_trust_store = "../integration/trust-store/ca-bundle.crt" if 'cipher_preference_version' in endpoint: client_options.cipher = endpoint['cipher_preference_version'] client = managed_process(S2N, client_options, timeout=5) for results in client.get_results(): if results.exception is not None or results.exit_code != 0: assert endpoint['endpoint'] in expected_failures if 'expected_cipher' in endpoint: assert bytes( endpoint['expected_cipher'].encode('utf-8')) in results.stdout
def test_sslyze_scans(managed_process, protocol, scan_command): port = next(available_ports) server_options = ProviderOptions(mode=S2N.ServerMode, host=HOST, port=port, protocol=protocol, extra_flags=["--parallelize"]) # test 1.3 exclusively if protocol == Protocols.TLS13: server_options.cipher = Cipher("test_all_tls13", Protocols.TLS13, False, False, s2n=True) if scan_command == sslyze.ScanCommand.SESSION_RESUMPTION: server_options.reconnect = True, server_options.use_session_ticket = True, if scan_command == sslyze.ScanCommand.TLS_1_3_EARLY_DATA: server_options.insecure = True server_options.use_session_ticket = True server_options.extra_flags.extend([ "--max-early-data", "65535", "--https-server" # early data scan sends http requests ]) server = managed_process(S2N, server_options, timeout=30) scan_results = run_sslyze_scan(HOST, port, [scan_command]) for result in scan_results: assert_scan_result_completed(result) scan_results = result.scan_result scan_attempts = get_scan_attempts(scan_results) for scan_attempt in scan_attempts: validate_scan_result(scan_attempt, protocol) server.kill()
def test_well_known_endpoints(managed_process, protocol, endpoint): port = "443" client_options = ProviderOptions(mode=Provider.ClientMode, host=endpoint['endpoint'], port=port, insecure=False, protocol=protocol) if 'cipher_preference_version' in endpoint: client_options.cipher = endpoint['cipher_preference_version'] client = managed_process(S2N, client_options, timeout=5) for results in client.get_results(): assert results.exception is None if results.exit_code != 0: assert endpoint['endpoint'] in expected_failures if 'expected_cipher' in endpoint: assert bytes( endpoint['expected_cipher'].encode('utf-8')) in results.stdout