mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-04 21:01:36 +00:00
generalize TLS test
This commit is contained in:
@@ -134,7 +134,9 @@ script:
|
|||||||
- $gam version | grep travis # travis should be part of the path (not /tmp or such)
|
- $gam version | grep travis # travis should be part of the path (not /tmp or such)
|
||||||
- if [ "$VMTYPE" == "build" ]; then $gam version | grep "Python ${BUILD_PYTHON_VERSION//./\\.}"; fi # We should be building with latest Python
|
- if [ "$VMTYPE" == "build" ]; then $gam version | grep "Python ${BUILD_PYTHON_VERSION//./\\.}"; fi # We should be building with latest Python
|
||||||
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep "OpenSSL ${BUILD_OPENSSL_VERSION//./\\.}"; fi # We should be using OpenSSL 1.1.1+
|
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep "OpenSSL ${BUILD_OPENSSL_VERSION//./\\.}"; fi # We should be using OpenSSL 1.1.1+
|
||||||
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep TLSv1\.[23]; fi # Builds should support TLS 1.2 or 1.3 to Google
|
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep TLSv1\.[23]; fi # Builds should default TLS 1.2 or 1.3 to Google
|
||||||
|
- if [ "$VMTYPE" == "build" ]; then GAM_TLS_MIN_VERSION=TLSv1 GAM_TLS_MAX_VERSION=TLSv1 $gam version extended | grep TLSv1\.0; fi # Force TLS 1.0
|
||||||
|
- if [ "$VMTYPE" == "build" ]; then GAM_TLS_MIN_VERSION=TLSv1_2 gamd version extended location tls-v1-0.badssl.com:1010; [[ $? == 3 ]]
|
||||||
- export jid="$(cut -d'.' -f2 <<<"$TRAVIS_JOB_NUMBER")"
|
- export jid="$(cut -d'.' -f2 <<<"$TRAVIS_JOB_NUMBER")"
|
||||||
- if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then export e2e=true; fi
|
- if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then export e2e=true; fi
|
||||||
- if [ "$e2e" = true ]; then export gam_user=gam-travis-$jid@pdl.jaylee.us; fi
|
- if [ "$e2e" = true ]; then export gam_user=gam-travis-$jid@pdl.jaylee.us; fi
|
||||||
|
|||||||
19
src/gam.py
19
src/gam.py
@@ -53,7 +53,7 @@ import http.client as http_client
|
|||||||
from email.mime.text import MIMEText
|
from email.mime.text import MIMEText
|
||||||
from multiprocessing import Pool
|
from multiprocessing import Pool
|
||||||
from multiprocessing import freeze_support
|
from multiprocessing import freeze_support
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode, urlparse
|
||||||
from passlib.hash import sha512_crypt
|
from passlib.hash import sha512_crypt
|
||||||
import dns.resolver
|
import dns.resolver
|
||||||
import dateutil.parser
|
import dateutil.parser
|
||||||
@@ -808,6 +808,7 @@ def doGAMVersion(checkForArgs=True):
|
|||||||
force_check = False
|
force_check = False
|
||||||
simple = False
|
simple = False
|
||||||
extended = False
|
extended = False
|
||||||
|
testLocation = 'www.googleapis.com'
|
||||||
if checkForArgs:
|
if checkForArgs:
|
||||||
i = 2
|
i = 2
|
||||||
while i < len(sys.argv):
|
while i < len(sys.argv):
|
||||||
@@ -821,6 +822,9 @@ def doGAMVersion(checkForArgs=True):
|
|||||||
elif myarg == 'extended':
|
elif myarg == 'extended':
|
||||||
extended = True
|
extended = True
|
||||||
i += 1
|
i += 1
|
||||||
|
elif myarg == 'location':
|
||||||
|
testLocation = sys.argv[i+1]
|
||||||
|
i += 2
|
||||||
else:
|
else:
|
||||||
systemErrorExit(2, '%s is not a valid argument for "gam version"' % sys.argv[i])
|
systemErrorExit(2, '%s is not a valid argument for "gam version"' % sys.argv[i])
|
||||||
if simple:
|
if simple:
|
||||||
@@ -835,10 +839,17 @@ def doGAMVersion(checkForArgs=True):
|
|||||||
doGAMCheckForUpdates(forceCheck=True)
|
doGAMCheckForUpdates(forceCheck=True)
|
||||||
if extended:
|
if extended:
|
||||||
print(ssl.OPENSSL_VERSION)
|
print(ssl.OPENSSL_VERSION)
|
||||||
|
tls_ver, cipher_name = _getServerTLSUsed(testLocation)
|
||||||
|
print('%s connects using %s %s' % (testLocation, tls_ver, cipher_name))
|
||||||
|
|
||||||
|
def _getServerTLSUsed(location):
|
||||||
|
url = 'https://%s' % location
|
||||||
|
_, netloc, _, _, _, _ = urlparse(url)
|
||||||
|
conn = 'https:%s' % netloc
|
||||||
httpc = _createHttpObj()
|
httpc = _createHttpObj()
|
||||||
httpc.request('https://www.googleapis.com')
|
httpc.request(url)
|
||||||
cipher_name, tls_ver, _ = httpc.connections['https:www.googleapis.com'].sock.cipher()
|
cipher_name, tls_ver, _ = httpc.connections[conn].sock.cipher()
|
||||||
print('www.googleapis.com connects using %s %s' % (tls_ver, cipher_name))
|
return tls_ver, cipher_name
|
||||||
|
|
||||||
def handleOAuthTokenError(e, soft_errors):
|
def handleOAuthTokenError(e, soft_errors):
|
||||||
if e.replace('.', '') in OAUTH2_TOKEN_ERRORS or e.startswith('Invalid response'):
|
if e.replace('.', '') in OAUTH2_TOKEN_ERRORS or e.startswith('Invalid response'):
|
||||||
|
|||||||
Reference in New Issue
Block a user