search

tempesta-tech / tempesta-test

Test suite for Tempesta FW
10 stars 4 forks source link

New TLSHandshake #338

Closed pale-emperor closed 1 year ago

const-t commented 1 year ago

@b3b @pale-emperor Also, I suggest to move ModifiedTLSClientAutomaton to separate file.

pale-emperor commented 1 year ago

  • ValueError: filedescriptor out of range in select() is raised on full run. And test run is hangs. Maybe tests that supposed to be run only with the separate_run.py should be disabled by default?

    • Error on ./run_tests.py tls:
======================================================================
FAIL: test_empty_ticket (tls.test_tls_tickets.TlsTicketTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_tickets.py", line 91, in test_empty_ticket
    self.assertTrue(res, "Wrong handshake result: %s" % res)
AssertionError: False is not true : Wrong handshake result: False

----------------------------------------------------------------------
* Test is broken `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_sni_not_matched`
======================================================================
ERROR: test_sni_not_matched (tls.test_tls_cert.TlsCertSelectBySan) [Trying TLS handshake with expected unknown SNI] (sni='\n.example.com')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 514, in test_sni_not_matched
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_various_san_and_sni_not_matched`
======================================================================
ERROR: test_various_san_and_sni_not_matched (tls.test_tls_cert.TlsCertSelectBySan) [Trying TLS handshake with expected unknown SNI] (san=['example.onion'], sni='example.onion')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 558, in test_various_san_and_sni_not_matched
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_unknown_server_name_warning`
======================================================================
ERROR: test_unknown_server_name_warning (tls.test_tls_cert.TlsCertSelectBySan) [Check 'unknown server name' warning] (sni='\n\n\n')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 580, in test_unknown_server_name_warning
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_sni_match_after_reload`
======================================================================
ERROR: test_sni_match_after_reload (tls.test_tls_cert.TlsCertSelectBySan)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 616, in test_sni_match_after_reload
    tls.TLSProtocolError, msg=f"SNI should not match to the current certificate [i={i}]"
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* Black style was not applied.
  1. ValueError: filedescriptor out of range in select() - fixed by setting up operation system limits
  2. Update scapy to 2.5.0rc2 and rerun tests
  3. Tests with tls.TLSProtocolError tls.test_tls_cert.TlsCertSelectBySan is disabled by issue #1688 - so i cant run it to fix. This PR target is rework TLSHandshake and working tests to avoid sporadic failure decribed in issue-154. Tests which disabled by other issues will be fixed when we can run it without tempesta-side problems

@b3b @pale-emperor Also, I suggest to move ModifiedTLSClientAutomaton to separate file.

Agreed, i can move it in separate file, but we will have additional imports - so i think its not pretty

b3b commented 1 year ago

  • ValueError: filedescriptor out of range in select() is raised on full run. And test run is hangs. Maybe tests that supposed to be run only with the separate_run.py should be disabled by default?

    • Error on ./run_tests.py tls:
======================================================================
FAIL: test_empty_ticket (tls.test_tls_tickets.TlsTicketTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_tickets.py", line 91, in test_empty_ticket
    self.assertTrue(res, "Wrong handshake result: %s" % res)
AssertionError: False is not true : Wrong handshake result: False

----------------------------------------------------------------------
* Test is broken `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_sni_not_matched`
======================================================================
ERROR: test_sni_not_matched (tls.test_tls_cert.TlsCertSelectBySan) [Trying TLS handshake with expected unknown SNI] (sni='\n.example.com')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 514, in test_sni_not_matched
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_various_san_and_sni_not_matched`
======================================================================
ERROR: test_various_san_and_sni_not_matched (tls.test_tls_cert.TlsCertSelectBySan) [Trying TLS handshake with expected unknown SNI] (san=['example.onion'], sni='example.onion')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 558, in test_various_san_and_sni_not_matched
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_unknown_server_name_warning`
======================================================================
ERROR: test_unknown_server_name_warning (tls.test_tls_cert.TlsCertSelectBySan) [Check 'unknown server name' warning] (sni='\n\n\n')
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 580, in test_unknown_server_name_warning
    self.check_handshake_unrecognized_name(sni=sni)
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 463, in check_handshake_unrecognized_name
    with self.assertRaises(tls.TLSProtocolError):
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* `./run_tests.py tls.test_tls_cert.TlsCertSelectBySan.test_sni_match_after_reload`
======================================================================
ERROR: test_sni_match_after_reload (tls.test_tls_cert.TlsCertSelectBySan)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test1/tls/test_tls_cert.py", line 616, in test_sni_match_after_reload
    tls.TLSProtocolError, msg=f"SNI should not match to the current certificate [i={i}]"
NameError: name 'tls' is not defined

----------------------------------------------------------------------
* Black style was not applied.
  1. ValueError: filedescriptor out of range in select() - fixed by setting up operation system limits
  2. Update scapy to 2.5.0rc2 and rerun tests
  3. Tests with tls.TLSProtocolError tls.test_tls_cert.TlsCertSelectBySan is disabled by issue #1688 - so i cant run it to fix. This PR target is rework TLSHandshake and working tests to avoid sporadic failure decribed in issue-154. Tests which disabled by other issues will be fixed when we can run it without tempesta-side problems

@b3b @pale-emperor Also, I suggest to move ModifiedTLSClientAutomaton to separate file.

Agreed, i can move it in separate file, but we will have additional imports - so i think its not pretty

  1. filedescriptor out of range is very unexpected behaviour. No operation system limits was required before this PR. If special tuning is needed now, it should be done by run_tests.py or explicitly documented.

  2. tls.test_tls_tickets.TlsTicketTest works after update to Scapy 2.5.0rc2

  3. I think it's better to fix it. Tests was disabled for reasons that are not related to this PR. But this PR changes how hs.do_12() performs. TLSProtocolError is not raised anymore, and this tests becomes unusable to reproduce Tempesta failures.

pale-emperor commented 1 year ago

@b3b @const-t Problem with filedescriptors has been fixed: Automaton had not reached final state - cause i make wrong logic override for WAIT_CLIENTDATA. Now descriptors are released correctly Please run tests like ./run_tests.py -R 15 tls.test_tls_cert.TlsCertSelectBySanwitMultipleSections.test or whole test-suite to ensure filedescriptor out of range exception is gone

Also remove TLSProtocolError from tls.test_tls_cert.TlsCertSelectBySan