telepathy-idle: Don't special-case tls handling in tests

Simon McVittie smcv at kemper.freedesktop.org
Wed May 1 09:01:42 PDT 2013 

Module: telepathy-idle
Branch: master
Commit: 8be8aa0d8d9b76173de796e6e32ce8eb9d5605fa
URL:    http://cgit.freedesktop.org/telepathy/telepathy-idle/commit/?id=8be8aa0d8d9b76173de796e6e32ce8eb9d5605fa

Author: Sjoerd Simons <sjoerd at luon.net>
Date:   Sun Apr 28 20:55:16 2013 +0200

Don't special-case tls handling in tests

Don't let the TLS tests accept errors that wouldn't be accepted when
idle runs normally, instead implement minimal ServerTLSConnection in the
test which need it and add a minimal test for rejecting certificates.

---

 src/idle-server-connection.c                 |   10 ---------
 tests/twisted/Makefile.am                    |    2 +-
 tests/twisted/connect/connect-fail-ssl.py    |    1 -
 tests/twisted/connect/connect-reject-ssl.py  |   29 ++++++++++++++++++++++++++
 tests/twisted/connect/connect-success-ssl.py |    8 +++++++
 5 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
index d6b8250..be8413a 100644
--- a/src/idle-server-connection.c
+++ b/src/idle-server-connection.c
@@ -606,14 +606,4 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
 void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
 	IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
 	g_socket_client_set_tls(priv->socket_client, tls);
-
-	/* The regression tests don't have a CA-issued certificate,
-	 * oddly enough. */
-	if (!tp_strdiff (g_getenv ("IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS"), "vulnerable")) {
-		g_socket_client_set_tls_validation_flags(priv->socket_client,
-			G_TLS_CERTIFICATE_VALIDATE_ALL
-			& ~G_TLS_CERTIFICATE_UNKNOWN_CA
-			& ~G_TLS_CERTIFICATE_BAD_IDENTITY
-			& ~G_TLS_CERTIFICATE_EXPIRED);
-	}
 }
diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am
index aa749ef..684918f 100644
--- a/tests/twisted/Makefile.am
+++ b/tests/twisted/Makefile.am
@@ -2,6 +2,7 @@ TWISTED_TESTS = \
 		cm/protocol.py \
 		connect/connect-success.py \
 		connect/connect-success-ssl.py \
+		connect/connect-reject-ssl.py \
 		connect/connect-fail.py \
 		connect/connect-fail-ssl.py \
 		connect/ping.py \
@@ -46,7 +47,6 @@ check-twisted:
 	rm -f tools/core
 	rm -f tools/idle-testing.log
 	failed=0; \
-	IDLE_TEST_BE_VULNERABLE_TO_MAN_IN_THE_MIDDLE_ATTACKS=vulnerable \
 	sh $(srcdir)/tools/with-session-bus.sh \
 		--config-file=tools/tmp-session-bus.conf \
 		-- $(MAKE) check-TESTS \
diff --git a/tests/twisted/connect/connect-fail-ssl.py b/tests/twisted/connect/connect-fail-ssl.py
index dd9658f..283bc03 100644
--- a/tests/twisted/connect/connect-fail-ssl.py
+++ b/tests/twisted/connect/connect-fail-ssl.py
@@ -14,4 +14,3 @@ def test(q, bus, conn, stream):
 if __name__ == '__main__':
     # there is no ssl server listening at port 5600, so this should fail
     exec_test(test, {'port': dbus.UInt32(5600), 'use-ssl': dbus.Boolean(True)})
-
diff --git a/tests/twisted/connect/connect-reject-ssl.py b/tests/twisted/connect/connect-reject-ssl.py
new file mode 100644
index 0000000..8028428
--- /dev/null
+++ b/tests/twisted/connect/connect-reject-ssl.py
@@ -0,0 +1,29 @@
+
+"""
+Test connecting to a SSL server.
+"""
+
+import dbus
+import constants as cs
+from idletest import exec_test, SSLIRCServer
+from servicetest import EventPattern, call_async
+
+def test(q, bus, conn, stream):
+    conn.Connect()
+    q.expect_many(
+            EventPattern('dbus-signal', signal='StatusChanged', args=[1, 1]),
+            EventPattern('irc-connected'))
+    e = q.expect('dbus-signal', signal='NewChannels')
+    channels = e.args[0]
+    path, props = channels[0]
+
+    cert = bus.get_object (conn.bus_name, props[cs.TLS_CERT_PATH])
+    cert.Reject([(cs.TLS_REJECT_REASON_UNTRUSTED, cs.CERT_UNTRUSTED, {})],
+        signature = 'a(usa{sv})')
+
+    q.expect('dbus-signal', signal='StatusChanged', args=[2, 2])
+    return True
+
+if __name__ == '__main__':
+    exec_test(test, {'use-ssl':dbus.Boolean(True)}, protocol=SSLIRCServer)
+
diff --git a/tests/twisted/connect/connect-success-ssl.py b/tests/twisted/connect/connect-success-ssl.py
index 627eeb8..33062c5 100644
--- a/tests/twisted/connect/connect-success-ssl.py
+++ b/tests/twisted/connect/connect-success-ssl.py
@@ -4,6 +4,7 @@ Test connecting to a SSL server.
 """
 
 import dbus
+import constants as cs
 from idletest import exec_test, SSLIRCServer
 from servicetest import EventPattern, call_async
 
@@ -12,6 +13,13 @@ def test(q, bus, conn, stream):
     q.expect_many(
             EventPattern('dbus-signal', signal='StatusChanged', args=[1, 1]),
             EventPattern('irc-connected'))
+    e = q.expect('dbus-signal', signal='NewChannels')
+    channels = e.args[0]
+    path, props = channels[0]
+
+    cert = bus.get_object (conn.bus_name, props[cs.TLS_CERT_PATH])
+    cert.Accept()
+
     q.expect('dbus-signal', signal='SelfHandleChanged',
         args=[1L])
     q.expect('dbus-signal', signal='StatusChanged', args=[0, 1])

More information about the telepathy-commits mailing list