generalize TLS test

This commit is contained in:
Jay Lee
2019-06-07 11:28:16 -04:00
parent d7283d17e2
commit 9d5e79725c
2 changed files with 19 additions and 6 deletions

View File

@@ -134,7 +134,9 @@ script:
- $gam version | grep travis # travis should be part of the path (not /tmp or such)
- if [ "$VMTYPE" == "build" ]; then $gam version | grep "Python ${BUILD_PYTHON_VERSION//./\\.}"; fi # We should be building with latest Python
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep "OpenSSL ${BUILD_OPENSSL_VERSION//./\\.}"; fi # We should be using OpenSSL 1.1.1+
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep TLSv1\.[23]; fi # Builds should support TLS 1.2 or 1.3 to Google
- if [ "$VMTYPE" == "build" ]; then $gam version extended | grep TLSv1\.[23]; fi # Builds should default TLS 1.2 or 1.3 to Google
- if [ "$VMTYPE" == "build" ]; then GAM_TLS_MIN_VERSION=TLSv1 GAM_TLS_MAX_VERSION=TLSv1 $gam version extended | grep TLSv1\.0; fi # Force TLS 1.0
- if [ "$VMTYPE" == "build" ]; then GAM_TLS_MIN_VERSION=TLSv1_2 gamd version extended location tls-v1-0.badssl.com:1010; [[ $? == 3 ]]
- export jid="$(cut -d'.' -f2 <<<"$TRAVIS_JOB_NUMBER")"
- if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then export e2e=true; fi
- if [ "$e2e" = true ]; then export gam_user=gam-travis-$jid@pdl.jaylee.us; fi

View File

@@ -53,7 +53,7 @@ import http.client as http_client
from email.mime.text import MIMEText
from multiprocessing import Pool
from multiprocessing import freeze_support
from urllib.parse import urlencode
from urllib.parse import urlencode, urlparse
from passlib.hash import sha512_crypt
import dns.resolver
import dateutil.parser
@@ -808,6 +808,7 @@ def doGAMVersion(checkForArgs=True):
force_check = False
simple = False
extended = False
testLocation = 'www.googleapis.com'
if checkForArgs:
i = 2
while i < len(sys.argv):
@@ -821,6 +822,9 @@ def doGAMVersion(checkForArgs=True):
elif myarg == 'extended':
extended = True
i += 1
elif myarg == 'location':
testLocation = sys.argv[i+1]
i += 2
else:
systemErrorExit(2, '%s is not a valid argument for "gam version"' % sys.argv[i])
if simple:
@@ -835,10 +839,17 @@ def doGAMVersion(checkForArgs=True):
doGAMCheckForUpdates(forceCheck=True)
if extended:
print(ssl.OPENSSL_VERSION)
httpc = _createHttpObj()
httpc.request('https://www.googleapis.com')
cipher_name, tls_ver, _ = httpc.connections['https:www.googleapis.com'].sock.cipher()
print('www.googleapis.com connects using %s %s' % (tls_ver, cipher_name))
tls_ver, cipher_name = _getServerTLSUsed(testLocation)
print('%s connects using %s %s' % (testLocation, tls_ver, cipher_name))
def _getServerTLSUsed(location):
url = 'https://%s' % location
_, netloc, _, _, _, _ = urlparse(url)
conn = 'https:%s' % netloc
httpc = _createHttpObj()
httpc.request(url)
cipher_name, tls_ver, _ = httpc.connections[conn].sock.cipher()
return tls_ver, cipher_name
def handleOAuthTokenError(e, soft_errors):
if e.replace('.', '') in OAUTH2_TOKEN_ERRORS or e.startswith('Invalid response'):