1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Since the velox test server seems to be dropping using iptables to drop requests from aws, test via a different website instead

This commit is contained in:
Toshio Kuratomi 2015-12-20 11:33:42 -08:00
parent 8d7892cc7b
commit 3792a586b5

View file

@ -85,23 +85,51 @@
- "result.changed == true" - "result.changed == true"
- "stat_result.stat.exists == true" - "stat_result.stat.exists == true"
# SNI Tests # At the moment, AWS can't make an https request to velox.ch... connection
# SNI is only built into the stdlib from python-2.7.9 onwards # timed out. So we'll use a different test until/unless the problem is resolved
## SNI Tests
## SNI is only built into the stdlib from python-2.7.9 onwards
#- name: Test that SNI works
# get_url:
# # A test site that returns a page with information on what SNI information
# # the client sent. A failure would have the string: did not send a TLS server name indication extension
# url: 'https://foo.sni.velox.ch/'
# dest: "{{ output_dir }}/sni.html"
# register: get_url_result
# ignore_errors: True
#
#- command: "grep 'sent the following TLS server name indication extension' {{ output_dir}}/sni.html"
# register: data_result
# when: "{{ python_has_ssl_context }}"
#
#- debug: var=get_url_result
#- name: Assert that SNI works with this python version
# assert:
# that:
# - 'data_result.rc == 0'
# - '"failed" not in get_url_result'
# when: "{{ python_has_ssl_context }}"
#
## If the client doesn't support SNI then get_url should have failed with a certificate mismatch
#- name: Assert that hostname verification failed because SNI is not supported on this version of python
# assert:
# that:
# - 'get_url_result["failed"]'
# when: "{{ not python_has_ssl_context }}"
# These tests are just side effects of how the site is hosted. It's not
# specifically a test site. So the tests may break due to the hosting changing
- name: Test that SNI works - name: Test that SNI works
get_url: get_url:
# A test site that returns a page with information on what SNI information url: 'https://www.mnot.net/blog/2014/05/09/if_you_can_read_this_youre_sniing'
# the client sent. A failure would have the string: did not send a TLS server name indication extension
url: 'https://foo.sni.velox.ch/'
dest: "{{ output_dir }}/sni.html" dest: "{{ output_dir }}/sni.html"
register: get_url_result register: get_url_result
ignore_errors: True ignore_errors: True
- command: "grep 'sent the following TLS server name indication extension' {{ output_dir}}/sni.html" - command: "grep '<h2>If You Can Read This, You're SNIing</h2>' {{ output_dir}}/sni.html"
register: data_result register: data_result
when: "{{ python_has_ssl_context }}" when: "{{ python_has_ssl_context }}"
# If distros start backporting SNI, can make a new conditional based on whether this works:
# python -c 'from ssl import SSLContext'
- debug: var=get_url_result - debug: var=get_url_result
- name: Assert that SNI works with this python version - name: Assert that SNI works with this python version
assert: assert:
@ -116,3 +144,4 @@
that: that:
- 'get_url_result["failed"]' - 'get_url_result["failed"]'
when: "{{ not python_has_ssl_context }}" when: "{{ not python_has_ssl_context }}"
# End hacky SNI test section