trafficserver git commit: TS-3573: Fix connection leak
Repository: trafficserver Updated Branches: refs/heads/master cec7e3c2a - e895bcc6a TS-3573: Fix connection leak Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e895bcc6 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e895bcc6 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e895bcc6 Branch: refs/heads/master Commit: e895bcc6aa64e595c31f682a5acf8e6537235c89 Parents: cec7e3c Author: shinrich shinr...@yahoo-inc.com Authored: Thu Apr 30 13:19:07 2015 -0500 Committer: shinrich shinr...@yahoo-inc.com Committed: Thu Apr 30 13:19:07 2015 -0500 -- CHANGES | 2 ++ iocore/net/UnixNetVConnection.cc | 19 +-- 2 files changed, 19 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e895bcc6/CHANGES -- diff --git a/CHANGES b/CHANGES index eae4f99..cb8ba65 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 6.0.0 + *) [TS-3575]: Fix connection leak. + *) [TS-3538]: Perform server certificate validity check. *) [TS-3549]: Configurable option to avoid thundering herd problem http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e895bcc6/iocore/net/UnixNetVConnection.cc -- diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc index ae4d028..2e44010 100644 --- a/iocore/net/UnixNetVConnection.cc +++ b/iocore/net/UnixNetVConnection.cc @@ -143,7 +143,7 @@ read_signal_and_update(int event, UnixNetVConnection *vc) case VC_EVENT_ERROR: case VC_EVENT_ACTIVE_TIMEOUT: case VC_EVENT_INACTIVITY_TIMEOUT: - Debug(inactivity_cop, event %d: null cont, closing vc %p, event, vc); + Debug(inactivity_cop, event %d: null read.vio cont, closing vc %p, event, vc); vc-closed = 1; break; default: @@ -166,8 +166,23 @@ static inline int write_signal_and_update(int event, UnixNetVConnection *vc) { vc-recursion++; - if (NULL != vc-write.vio._cont) + if (vc-write.vio._cont) { vc-write.vio._cont-handleEvent(event, vc-write.vio); + } else { +switch (event) { +case VC_EVENT_EOS: +case VC_EVENT_ERROR: +case VC_EVENT_ACTIVE_TIMEOUT: +case VC_EVENT_INACTIVITY_TIMEOUT: + Debug(inactivity_cop, event %d: null write.vio cont, closing vc %p, event, vc); + vc-closed = 1; + break; +default: + Error(Unexpected event %d for vc %p, event, vc); + ink_release_assert(0); + break; +} + } if (!--vc-recursion vc-closed) { /* BZ 31932 */ ink_assert(vc-thread == this_ethread());
[2/2] trafficserver git commit: Remove deprecated code paths
Remove deprecated code paths Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/2e51a727 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/2e51a727 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/2e51a727 Branch: refs/heads/master Commit: 2e51a7273871bbabc4154e29bc52ffa2af8c3a3c Parents: 1687830 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 14:17:29 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 14:17:29 2015 -0700 -- ci/tsqa/tests/test_regressions.py | 17 - 1 file changed, 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/2e51a727/ci/tsqa/tests/test_regressions.py -- diff --git a/ci/tsqa/tests/test_regressions.py b/ci/tsqa/tests/test_regressions.py index 8fec2eb..f8cd1f0 100644 --- a/ci/tsqa/tests/test_regressions.py +++ b/ci/tsqa/tests/test_regressions.py @@ -54,23 +54,6 @@ class TestRegressions(helpers.EnvironmentCase): cmd = [os.path.join(self.environment.layout.bindir, 'traffic_server'), '-R', '1'] tsqa.utils.run_sync_command(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) -class TestRegressionsReclaimableFreelist(TestRegressions): -''' -Run the built-in traffic_server regression test suite with ---enable-reclaimable-freelist. -''' -environment_factory = { -'configure': { 'enable-reclaimable-freelist': None }, -} - -class TestRegressionsInterimCache(TestRegressions): -''' -Run the built-in traffic_server regression test suite with ---enable-interim-cache. -''' -environment_factory = { -'configure': { 'enable-interim-cache': None }, -} class TestRegressionsLinuxNativeAIO(TestRegressions): '''
[1/2] trafficserver git commit: Add xunit output of the test results
Repository: trafficserver Updated Branches: refs/heads/master 157dd5032 - 2e51a7273 Add xunit output of the test results Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/1687830e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/1687830e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/1687830e Branch: refs/heads/master Commit: 1687830ecb2a0783c788ff2e62661e1d554c5189 Parents: 157dd50 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 14:04:22 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 14:04:22 2015 -0700 -- ci/tsqa/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/1687830e/ci/tsqa/Makefile -- diff --git a/ci/tsqa/Makefile b/ci/tsqa/Makefile index a46a684..c692857 100644 --- a/ci/tsqa/Makefile +++ b/ci/tsqa/Makefile @@ -20,7 +20,7 @@ VIRTUALENV_DIR = virtualenv # Run all tests. test: $(VIRTUALENV_DIR) - @source $(VIRTUALENV_DIR)/bin/activate $(VIRTUALENV_DIR)/bin/nosetests -sv --logging-level=INFO + $(VIRTUALENV_DIR)/bin/nosetests --with-xunit -sv --logging-level=INFO # Scan and list the tests. list: $(VIRTUALENV_DIR)
trafficserver-qa git commit: Allow for directory overrides
Repository: trafficserver-qa Updated Branches: refs/heads/master 3ed1bcd90 - 37f87d70b Allow for directory overrides Project: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/commit/37f87d70 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/tree/37f87d70 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/diff/37f87d70 Branch: refs/heads/master Commit: 37f87d70bdea70385bbf0c923e88128cb343bc87 Parents: 3ed1bcd Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 13:25:21 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 13:25:21 2015 -0700 -- tsqa/endpoint.py| 3 +++ tsqa/environment.py | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver-qa/blob/37f87d70/tsqa/endpoint.py -- diff --git a/tsqa/endpoint.py b/tsqa/endpoint.py index 76c9773..a2db090 100644 --- a/tsqa/endpoint.py +++ b/tsqa/endpoint.py @@ -18,6 +18,7 @@ import os import threading import requests import flask +import socket import SocketServer import ssl @@ -223,6 +224,8 @@ class DynamicHTTPEndpoint(threading.Thread): self.server = make_server('', self.port, self.app.wsgi_app) +# mark the socket as SO_REUSEADDR +self.server.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # mark it as ready self.ready.set() # serve it http://git-wip-us.apache.org/repos/asf/trafficserver-qa/blob/37f87d70/tsqa/environment.py -- diff --git a/tsqa/environment.py b/tsqa/environment.py index ef73b08..33589e8 100644 --- a/tsqa/environment.py +++ b/tsqa/environment.py @@ -332,7 +332,8 @@ class Environment(object): # First, make the prefix directory. if self.layout is None: -self.layout = Layout(tempfile.mkdtemp(prefix=os.environ.get('TSQA_LAYOUT_PREFIX', 'tsqa.env.'))) +self.layout = Layout(tempfile.mkdtemp(prefix=os.environ.get('TSQA_LAYOUT_PREFIX', 'tsqa.env.'), + dir=os.environ.get('TSQA_LAYOUR_DIR', None))) else: os.makedirs(self.layout.prefix) os.chmod(self.layout.prefix, 0777) # Make the tmp dir readable by all
[4/4] trafficserver git commit: Remove old tsqa, and replace it with the new python based one.
Remove old tsqa, and replace it with the new python based one. This includes a move of the actual tests as well as a replacement of the jenkins script. TS-3574 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/51ea4aa9 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/51ea4aa9 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/51ea4aa9 Branch: refs/heads/master Commit: 51ea4aa9d81ae8d93c7e7e137cb0aca178497b01 Parents: e895bcc Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 13:35:57 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 13:39:30 2015 -0700 -- ci/jenkins/bin/tsqa.sh | 37 +- ci/new_tsqa/Makefile | 43 -- ci/new_tsqa/TODO | 7 - ci/new_tsqa/files/cert.pem | 20 - ci/new_tsqa/files/ec_keys/README.rst | 29 -- ci/new_tsqa/files/ec_keys/ca.crt | 12 - ci/new_tsqa/files/ec_keys/ca.key | 8 - ci/new_tsqa/files/ec_keys/intermediate.crt | 10 - ci/new_tsqa/files/ec_keys/intermediate.key | 8 - ci/new_tsqa/files/ec_keys/www.example.com.pem | 15 - ci/new_tsqa/files/ec_keys/www.test.com.pem | 15 - ci/new_tsqa/files/key.pem | 28 -- ci/new_tsqa/files/rsa_keys/README.rst | 28 -- ci/new_tsqa/files/rsa_keys/ca.crt | 30 -- ci/new_tsqa/files/rsa_keys/ca.key | 51 --- ci/new_tsqa/files/rsa_keys/intermediate.crt| 29 -- ci/new_tsqa/files/rsa_keys/intermediate.key| 51 --- ci/new_tsqa/files/rsa_keys/www.example.com.pem | 52 --- ci/new_tsqa/files/rsa_keys/www.test.com.pem| 52 --- ci/new_tsqa/requirements.txt | 6 - ci/new_tsqa/tests/helpers.py | 56 --- ci/new_tsqa/tests/test_buildoptions.py | 61 --- ci/new_tsqa/tests/test_chunked.py | 196 ci/new_tsqa/tests/test_connect_attempts.py | 209 - ci/new_tsqa/tests/test_example.py | 234 -- ci/new_tsqa/tests/test_hostdb.py | 86 ci/new_tsqa/tests/test_https.py| 273 --- ci/new_tsqa/tests/test_keepalive.py| 476 ci/new_tsqa/tests/test_redirection.py | 41 -- ci/new_tsqa/tests/test_regressions.py | 82 ci/new_tsqa/tests/test_remap.py| 125 - ci/new_tsqa/tests/test_spdy_protocol_select.py | 156 --- ci/tsqa/Makefile | 43 ++ ci/tsqa/TODO | 7 + ci/tsqa/files/cert.pem | 20 + ci/tsqa/files/ec_keys/README.rst | 29 ++ ci/tsqa/files/ec_keys/ca.crt | 12 + ci/tsqa/files/ec_keys/ca.key | 8 + ci/tsqa/files/ec_keys/intermediate.crt | 10 + ci/tsqa/files/ec_keys/intermediate.key | 8 + ci/tsqa/files/ec_keys/www.example.com.pem | 15 + ci/tsqa/files/ec_keys/www.test.com.pem | 15 + ci/tsqa/files/key.pem | 28 ++ ci/tsqa/files/rsa_keys/README.rst | 28 ++ ci/tsqa/files/rsa_keys/ca.crt | 30 ++ ci/tsqa/files/rsa_keys/ca.key | 51 +++ ci/tsqa/files/rsa_keys/intermediate.crt| 29 ++ ci/tsqa/files/rsa_keys/intermediate.key| 51 +++ ci/tsqa/files/rsa_keys/www.example.com.pem | 52 +++ ci/tsqa/files/rsa_keys/www.test.com.pem| 52 +++ ci/tsqa/functions | 303 - ci/tsqa/requirements.txt | 6 + ci/tsqa/run_all.sh | 85 ci/tsqa/test-bootstrap | 41 -- ci/tsqa/test-log-configuration | 68 --- ci/tsqa/test-log-refcounting | 112 - ci/tsqa/test-multicert-loading | 81 ci/tsqa/test-privilege-elevation | 83 ci/tsqa/test-server-intercept | 80 ci/tsqa/test-ssl-certificates | 153 --- ci/tsqa/test-trafficline-metrics | 56 --- ci/tsqa/tests/helpers.py | 57 +++ ci/tsqa/tests/test_buildoptions.py | 61 +++ ci/tsqa/tests/test_chunked.py | 196 ci/tsqa/tests/test_connect_attempts.py | 209 + ci/tsqa/tests/test_example.py | 234 ++ ci/tsqa/tests/test_hostdb.py | 86 ci/tsqa/tests/test_https.py| 273 +++ ci/tsqa/tests/test_keepalive.py| 476 ci/tsqa/tests/test_redirection.py | 41 ++ ci/tsqa/tests/test_regressions.py | 82
[2/4] trafficserver git commit: Remove old tsqa, and replace it with the new python based one.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/51ea4aa9/ci/tsqa/functions -- diff --git a/ci/tsqa/functions b/ci/tsqa/functions deleted file mode 100644 index f839108..000 --- a/ci/tsqa/functions +++ /dev/null @@ -1,303 +0,0 @@ -#! /usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# License); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an AS IS BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -NCPU=${NCPU:-$(( $(getconf _NPROCESSORS_ONLN) * 2 ))} # Numer of CPUs to build with -PORT=${PORT:-9090}# Initial listen port for Traffic Server -VALGRIND=${VALGRIND:-N} # Whether to run under valgrind -TMPDIR=${TMPDIR:-/tmp}# Scratch directory for test instance construction - -TSQA_FAIL=0 # Test failure count -TSQA_TESNAME=${TSQA_TESTNAME:-tsqa} # Name of current test -TSQA_ROOT=${TSQA_ROOT:-/tmp/$TSQA_TESTNAME.$RANDOM} # Filesystem root for current test -TSQA_TSXS=${TSQA_TSXS:-tsxs} - -# Print a log message/ -msg() { - echo MSG: $@ -} - -msgwait() { - local secs=$1 - shift - - echo MSG: waiting ${secs}s $@ - sleep $secs -} - -# Print a failure message and increment the failure count. -fail() { - TSQA_FAIL=$(($TSQA_FAIL + 1)) - echo FAIL: $@ 12 -} - -# Fail and exit. -fatal() { - TSQA_FAIL=$(($TSQA_FAIL + 1)) - echo FATAL: $@ 12 - exit $TSQA_FAIL -} - -# Run a command and silence any output on stderr. -quiet() { - $@ 2/dev/null -} - -# Run a command with all output redirected to the pest log file. -logexec() { - echo $@ $TSQA_ROOT/$TSQA_TESTNAME.log 21 - $@ $TSQA_ROOT/$TSQA_TESTNAME.log 21 -} - -tsxs() { - $TSQA_TSXS $@ -} - -tsexec() { - local cmd=$1 - local run - shift - - case $VALGRIND in -y|yes|Y|YES|1) run=valgrind --trace-children=yes --trace-children-skip=env env ;; -*) run=env ;; - esac - - # XXX enabling MallocStackLogging on all processes is annoying - # because it logs 3 lines to stderr every time. We generally only - # want leaks detection on traffic_server, so this is a bit of a - # waste ... - - # MALLOC_CHECK_=2 = enable glibc malloc checking, abort on error - # MallocStackLogging=1 = record OS X malloc stacks for leak checking - $run \ - MALLOC_CHECK_=2 \ - MallocErrorAbort=1 \ - TS_ROOT=$TSQA_ROOT \ -$(bindir)/$cmd $@ -} - -reconfigure() { - local srcdir=$1 - msg running autoreconf in $srcdir ... - ( -cd $srcdir -autoreconf -i - ) autoreconf.log 21 -} - -install () { - [[ -d $BUILD ]] rm -rf $BUILD - [[ -d $PREFIX ]] rm -rf $PREFIX - - msg installing ... - mkdir -p $BUILD ( -cd $BUILD -$SRC/configure \ - --prefix=$PREFIX \ - --with-user=$(id -un) \ - --enable-debug \ - CCFLAGS=-O0 CXXFLAGS=-O0 -make -j $NCPU make install - ) /dev/null - - msg installed to $PREFIX -} - -logdir() { - local prefix=$(tsxs -q PREFIX) - tsxs -q LOGDIR | sed -es+$prefix/++ -} - -runtimedir() { - local prefix=$(tsxs -q PREFIX) - tsxs -q RUNTIMEDIR | sed -es+$prefix/++ -} - -sysconfdir() { - local prefix=$(tsxs -q PREFIX) - tsxs -q SYSCONFDIR | sed -es+$prefix/++ -} - -bindir() { - tsxs -q BINDIR -} - -# pidof(name): echo the pid of the given process name -pidof() { - case $1 in - cop|manager|server);; - *) fatal no such process name: $1 - esac - quiet cat $TSQA_ROOT/$(runtimedir)/${1}.lock -} - -# alive(name): Test whether the process name is alive. -alive() { - local pid=$(pidof $1) - if [[ ! -z $pid ]] ; then -quiet kill -0 $pid -return $? - fi - - false -} - -# Start up Traffic Server. Test for all the processes so that we have a better -# chance of delaying the test until traffic_server is ready. -startup() { - local log=$TSQA_ROOT/$(logdir)/cop.log - ( tsexec traffic_cop --stdout $log ) - for proc in cop manager server; do -for i in $(seq 10) ; do - alive $proc msg $proc is alive break - sleep 1 -done - done - - # And a final sleep to let traffic_server come up ... - sleep 2 -} - -# Shut down Traffic Server. -shutdown() { - - # Quick'n'dirty cleanup of background jobs. - jobs -p | while read pid ; do -kill $pid - done - - local pid=$(pidof cop) - if [[ -z $pid ]] ; then
[1/4] trafficserver git commit: Remove old tsqa, and replace it with the new python based one.
Repository: trafficserver Updated Branches: refs/heads/master e895bcc6a - 51ea4aa9d http://git-wip-us.apache.org/repos/asf/trafficserver/blob/51ea4aa9/ci/tsqa/tests/test_keepalive.py -- diff --git a/ci/tsqa/tests/test_keepalive.py b/ci/tsqa/tests/test_keepalive.py new file mode 100644 index 000..0e501ce --- /dev/null +++ b/ci/tsqa/tests/test_keepalive.py @@ -0,0 +1,476 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# License); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an AS IS BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import uuid +import requests +import time +import logging +import socket + +import helpers + +import tsqa.test_cases +import tsqa.utils +import tsqa.endpoint + +log = logging.getLogger(__name__) + +import SocketServer + + +class KeepaliveTCPHandler(SocketServer.BaseRequestHandler): + +A subclass of RequestHandler which will return a connection uuid + + +def handle(self): +# Receive the data in small chunks and retransmit it +start = time.time() +conn_id = uuid.uuid4().hex +while True: +now = time.time() - start +data = self.request.recv(4096).strip() +if data: +log.debug('Sending data back to the client: {uid}'.format(uid=conn_id)) +else: +log.debug('Client disconnected: {timeout}seconds'.format(timeout=now)) +break +body = conn_id +resp = ('HTTP/1.1 200 OK\r\n' +'Content-Length: {content_length}\r\n' +'Content-Type: text/html; charset=UTF-8\r\n' +'Connection: keep-alive\r\n' +'\r\n' +'{body}'.format(content_length=len(body), body=body)) +self.request.sendall(resp) + + +class KeepAliveInMixin(object): +Mixin for keep alive in. + + TODO: Allow protocol to be specified for ssl traffic + +def _get_socket(self): +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect(('127.0.0.1', int(self.configs['records.config']['CONFIG']['proxy.config.http.server_ports']))) +return s + +def _headers_to_str(self, headers): +if headers is None: +headers = {} +request = '' +for k, v in headers.iteritems(): +request += '{0}: {1}\r\n'.format(k, v) +return request + +def _aux_KA_working_path_connid(self, protocol, headers=None): +# connect tcp +s = self._get_socket() + +request = ('GET / HTTP/1.1\r\n' + 'Host: foobar.com\r\n') +request += self._headers_to_str(headers) +request += '\r\n' + +for x in xrange(1, 10): +s.send(request) +response = s.recv(4096) +# cheat, since we know what the body should have +if '\r\n\r\n' not in response: +response += s.recv(4096) +self.assertIn('HTTP/1.1 200 OK', response) +self.assertIn('hello', response) + +def _aux_working_path(self, protocol, headers=None): +# connect tcp +s = self._get_socket() + +request = ('GET /exists/ HTTP/1.1\r\n' + 'Host: foobar.com\r\n') +request += self._headers_to_str(headers) +request += '\r\n' + +for x in xrange(1, 10): +s.send(request) +response = s.recv(4096) +# cheat, since we know what the body should have +if not response.endswith('hello'): +response += s.recv(4096) +self.assertIn('HTTP/1.1 200 OK', response) +self.assertIn('hello', response) + +def _aux_error_path(self, protocol, headers=None): +# connect tcp +s = self._get_socket() + +request = ('GET / HTTP/1.1\r\n' + 'Host: foobar.com\r\n') +request += self._headers_to_str(headers) +request += '\r\n' +for x in xrange(1, 10): +s.send(request) +response = s.recv(4096) +self.assertIn('HTTP/1.1 404 Not Found on Accelerator', response) + +def _aux_error_path_post(self, protocol, headers=None): +''' +Ensure that sending a request with a body doesn't break
[3/4] trafficserver git commit: Remove old tsqa, and replace it with the new python based one.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/51ea4aa9/ci/new_tsqa/tests/test_https.py -- diff --git a/ci/new_tsqa/tests/test_https.py b/ci/new_tsqa/tests/test_https.py deleted file mode 100644 index a8914e6..000 --- a/ci/new_tsqa/tests/test_https.py +++ /dev/null @@ -1,273 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# License); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an AS IS BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import logging -from OpenSSL import SSL -import socket - -import helpers -import tsqa.utils - -# some ciphers to test with -CIPHER_MAP = { -'rsa': 'ECDHE-RSA-AES256-GCM-SHA384', -'ecdsa': 'ECDHE-ECDSA-AES256-GCM-SHA384', -} - - -class CertSelectionMixin(object): -def _get_cert(self, addr, sni_name=None, ciphers=None): -''' -Return the certificate for addr. Optionally sending sni_name -''' -ctx = SSL.Context(SSL.TLSv1_2_METHOD) -# Set up client -sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) -sock.connect(addr) -if sni_name is not None: -sock.set_tlsext_host_name(sni_name) -if ciphers is not None: -ctx.set_cipher_list(ciphers) -sock.do_handshake() -return sock.get_peer_certificate() - -def _get_cert_chain(self, addr, sni_name=None, ciphers=None): -''' -Return the certificate chain for addr. Optionally sending sni_name -''' -ctx = SSL.Context(SSL.TLSv1_2_METHOD) -# Set up client -sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM)) -sock.connect(addr) -if sni_name is not None: -sock.set_tlsext_host_name(sni_name) -if ciphers is not None: -ctx.set_cipher_list(ciphers) -sock.do_handshake() -return sock.get_peer_cert_chain() - -def test_star_ordering(self): -''' -We should be served the first match, since we aren't sending SNI headers -''' -addr = ('127.0.0.1', self.ssl_port) -cert = self._get_cert(addr) -self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com') - -def test_star_sni(self): -''' -Make sure we get the certificate we asked for if we pass in SNI headers -''' -addr = ('127.0.0.1', self.ssl_port) -cert = self._get_cert(addr, sni_name='www.test.com') -self.assertEqual(cert.get_subject().commonName.decode(), 'www.test.com') - -cert = self._get_cert(addr, sni_name='www.example.com') -self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com') - -def test_ip_ordering(self): -''' -We should be served the first match, since we aren't sending SNI headers -''' -addr = ('127.0.0.2', self.ssl_port) -cert = self._get_cert(addr) -self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com') - -def test_ip_sni(self): -''' -Make sure we get the certificate we asked for if we pass in SNI headers -''' -addr = ('127.0.0.2', self.ssl_port) -cert = self._get_cert(addr, sni_name='www.test.com') -self.assertEqual(cert.get_subject().commonName.decode(), 'www.test.com') - -cert = self._get_cert(addr, sni_name='www.example.com') -self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com') - -def _intermediate_ca_t(self, cipher): -''' -Method for testing intermediate CAs. We assume that www.example.com should -return a certificate chaing of len 2 which includes intermediate. -We also assume that www.test.com returns a single cert in the chain which -is *not* intermediate -''' -# send a request that *should* get an intermediate CA -addr = ('127.0.0.1', self.ssl_port) -cert_chain = self._get_cert_chain(addr, ciphers=CIPHER_MAP[cipher]) -self.assertEqual(len(cert_chain), 2) -self.assertEqual(cert_chain[0].get_subject().commonName.decode(), 'www.example.com') -self.assertEqual(cert_chain[1].get_subject().commonName.decode(), 'intermediate') - -# send a request that
trafficserver git commit: Correct path for source
Repository: trafficserver Updated Branches: refs/heads/master 51ea4aa9d - 157dd5032 Correct path for source Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/157dd503 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/157dd503 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/157dd503 Branch: refs/heads/master Commit: 157dd50324f88922265f24fe4570c517c5c5d884 Parents: 51ea4aa Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 13:43:33 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 13:43:33 2015 -0700 -- ci/jenkins/bin/tsqa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/157dd503/ci/jenkins/bin/tsqa.sh -- diff --git a/ci/jenkins/bin/tsqa.sh b/ci/jenkins/bin/tsqa.sh index ca7f895..5531d24 100755 --- a/ci/jenkins/bin/tsqa.sh +++ b/ci/jenkins/bin/tsqa.sh @@ -18,7 +18,7 @@ # Run all the TSQA tests. TSQA_LAYOUT_DIR=${WORKSPACE}/${BUILD_NUMBER} -cd ci/tsqa || exit 2 +cd ${WORKSPACE}/src/ci/tsqa || exit 2 make test status=$?
trafficserver git commit: pass a layout dir with make test
Repository: trafficserver Updated Branches: refs/heads/master 2e51a7273 - 189c843f3 pass a layout dir with make test Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/189c843f Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/189c843f Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/189c843f Branch: refs/heads/master Commit: 189c843f3bafe306a5d1869ab73286c036b27cf1 Parents: 2e51a72 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:30:09 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:30:09 2015 -0700 -- ci/jenkins/bin/tsqa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/189c843f/ci/jenkins/bin/tsqa.sh -- diff --git a/ci/jenkins/bin/tsqa.sh b/ci/jenkins/bin/tsqa.sh index 5531d24..744bdb5 100755 --- a/ci/jenkins/bin/tsqa.sh +++ b/ci/jenkins/bin/tsqa.sh @@ -19,7 +19,7 @@ # Run all the TSQA tests. TSQA_LAYOUT_DIR=${WORKSPACE}/${BUILD_NUMBER} cd ${WORKSPACE}/src/ci/tsqa || exit 2 -make test +make test TSQA_LAYOUT_DIR=${TSQA_LAYOUT_DIR} status=$? # Exit with proper status
trafficserver git commit: Fix import error
Repository: trafficserver Updated Branches: refs/heads/master 7e75f960f - 5bb5b237b Fix import error Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/5bb5b237 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/5bb5b237 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/5bb5b237 Branch: refs/heads/master Commit: 5bb5b237b7a5324390fbd495e9027f54ed9b1706 Parents: 7e75f96 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:22:51 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:22:51 2015 -0700 -- ci/tsqa/tests/test_connect_attempts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5bb5b237/ci/tsqa/tests/test_connect_attempts.py -- diff --git a/ci/tsqa/tests/test_connect_attempts.py b/ci/tsqa/tests/test_connect_attempts.py index 0a29632..08dc74b 100644 --- a/ci/tsqa/tests/test_connect_attempts.py +++ b/ci/tsqa/tests/test_connect_attempts.py @@ -182,7 +182,7 @@ class TestOriginServerConnectAttempts(helpers.EnvironmentCase): # TODO: FIX THIS!!! The test is correct, ATS isn't! # we should fail in this case-- or at least have a config which lets you control # TODO: remove once TS-3440 is resolved -@unittest.expectedFailure +@helpers.unittest.expectedFailure def test_partial_response_origin(self): ''' Verify that we get 504s from origins that return a partial_response
trafficserver git commit: TS-3576: Added comments in code on what I am doing
Repository: trafficserver Updated Branches: refs/heads/master d09c98003 - e09749ca9 TS-3576: Added comments in code on what I am doing Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e09749ca Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e09749ca Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e09749ca Branch: refs/heads/master Commit: e09749ca94e8667079076a290180ca35589ea2d8 Parents: d09c980 Author: Bryan Call bc...@apache.org Authored: Thu Apr 30 19:02:31 2015 -0700 Committer: Bryan Call bc...@apache.org Committed: Thu Apr 30 19:02:31 2015 -0700 -- iocore/net/SSLUtils.cc | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e09749ca/iocore/net/SSLUtils.cc -- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 0b73244..881ca2f 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -143,6 +143,7 @@ SSL_locking_callback(int mode, int type, const char *file, int line) ink_assert(type CRYPTO_num_locks()); #ifdef OPENSSL_FIPS + // don't need to lock for FIPS if it has POSTed and we are not going to change the mode on the fly if (type == CRYPTO_LOCK_FIPS || type == CRYPTO_LOCK_FIPS2) { return; } @@ -766,6 +767,8 @@ SSLInitializeLibrary() SSL_library_init(); #ifdef OPENSSL_FIPS +// calling FIPS_mode_set() will force FIPS to POST (Power On Self Test) +// After POST we don't have to lock for FIPS int mode = FIPS_mode(); FIPS_mode_set(mode); Debug(ssl, FIPS_mode: %d, mode);
trafficserver git commit: Flake8 cleanup
Repository: trafficserver Updated Branches: refs/heads/master e09749ca9 - 9b5235de8 Flake8 cleanup Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/9b5235de Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/9b5235de Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/9b5235de Branch: refs/heads/master Commit: 9b5235de8cb24445ae51500627ead9b77ebbcbf1 Parents: e09749c Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 19:25:34 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 19:25:50 2015 -0700 -- ci/tsqa/tests/helpers.py | 2 ++ ci/tsqa/tests/test_buildoptions.py | 20 --- ci/tsqa/tests/test_chunked.py | 6 ++-- ci/tsqa/tests/test_connect_attempts.py | 46 ++--- ci/tsqa/tests/test_example.py | 16 + ci/tsqa/tests/test_hostdb.py | 3 -- ci/tsqa/tests/test_https.py| 27 --- ci/tsqa/tests/test_keepalive.py| 46 +++-- ci/tsqa/tests/test_redirection.py | 1 + ci/tsqa/tests/test_regressions.py | 6 ++-- ci/tsqa/tests/test_remap.py| 19 ++ ci/tsqa/tests/test_spdy_protocol_select.py | 44 +-- 12 files changed, 129 insertions(+), 107 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/9b5235de/ci/tsqa/tests/helpers.py -- diff --git a/ci/tsqa/tests/helpers.py b/ci/tsqa/tests/helpers.py index 7333569..167c0dc 100644 --- a/ci/tsqa/tests/helpers.py +++ b/ci/tsqa/tests/helpers.py @@ -22,6 +22,7 @@ import tsqa.utils unittest = tsqa.utils.import_unittest() + # TODO: check that the given path is relative def tests_file_path(path): ''' @@ -30,6 +31,7 @@ def tests_file_path(path): base = os.path.realpath(os.path.join(__file__, '..', '..', 'files')) return os.path.join(base, path) + class EnvironmentCase(tsqa.test_cases.EnvironmentCase): ''' This class will get an environment (which is unique) but won't start it http://git-wip-us.apache.org/repos/asf/trafficserver/blob/9b5235de/ci/tsqa/tests/test_buildoptions.py -- diff --git a/ci/tsqa/tests/test_buildoptions.py b/ci/tsqa/tests/test_buildoptions.py index 986e53d..d3588bb 100644 --- a/ci/tsqa/tests/test_buildoptions.py +++ b/ci/tsqa/tests/test_buildoptions.py @@ -18,16 +18,8 @@ Test that configuration options successfully compile # See the License for the specific language governing permissions and # limitations under the License. -import os -import sys -import requests -import time -import subprocess import logging - import helpers -import tsqa.test_cases -import tsqa.utils log = logging.getLogger(__name__) @@ -42,29 +34,31 @@ class TestBuildOption(helpers.EnvironmentCase): class TestBuildOptionFastSDK(TestBuildOption): '''Build with --enable-fast-sdk''' -environment_factory = { 'configure': { 'enable-fast-sdk': None }, } +environment_factory = {'configure': {'enable-fast-sdk': None}} class TestBuildOptionDisableDiags(TestBuildOption): '''Build with --disable-diags''' -environment_factory = { 'configure': { 'disable-diags': None }, } +environment_factory = {'configure': {'disable-diags': None}} class TestBuildOptionDisableTests(TestBuildOption): '''Build with --disable-tests''' -environment_factory = { 'configure': { 'disable-tests': None }, } +environment_factory = {'configure': {'disable-tests': None}} class TestBuildOptionEnableStaticProxy(TestBuildOption): '''Build with --enable-static-proxy''' -environment_factory = { 'configure': { 'enable-static-proxy': None }, } +environment_factory = {'configure': {'enable-static-proxy': None}} + @classmethod def setUpClass(cls): raise helpers.unittest.SkipTest('Skip until TS-3577 is resolved') + class TestBuildOptionEnableCxxApi(TestBuildOption): '''Build with --enable-cppapi''' -environment_factory = { 'configure': { 'enable-cppapi': None }, } +environment_factory = {'configure': {'enable-cppapi': None}} @classmethod def setUpClass(cls): http://git-wip-us.apache.org/repos/asf/trafficserver/blob/9b5235de/ci/tsqa/tests/test_chunked.py -- diff --git a/ci/tsqa/tests/test_chunked.py b/ci/tsqa/tests/test_chunked.py index 5d265f4..8d2e3af 100644 --- a/ci/tsqa/tests/test_chunked.py +++ b/ci/tsqa/tests/test_chunked.py @@ -17,7 +17,6 @@ Test chunked request/responses # See the License for the specific language governing
trafficserver git commit: Fix naming collision
Repository: trafficserver Updated Branches: refs/heads/master 9b5235de8 - 31c544114 Fix naming collision Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/31c54411 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/31c54411 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/31c54411 Branch: refs/heads/master Commit: 31c54411470ea8965a757fa4c0928907e4d489d4 Parents: 9b5235d Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 19:49:04 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 19:49:04 2015 -0700 -- ci/tsqa/tests/test_connect_attempts.py | 15 --- 1 file changed, 8 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/31c54411/ci/tsqa/tests/test_connect_attempts.py -- diff --git a/ci/tsqa/tests/test_connect_attempts.py b/ci/tsqa/tests/test_connect_attempts.py index ce44fe2..bb5e1a2 100644 --- a/ci/tsqa/tests/test_connect_attempts.py +++ b/ci/tsqa/tests/test_connect_attempts.py @@ -57,7 +57,7 @@ def thread_delayed_accept_after_connect(sock): 'HTTP/1.1 200 OK\r\n' 'Content-Length: {body_len}\r\n' 'Content-Type: text/html; charset=UTF-8\r\n' -'Connection: close\r\n\r\n{body}'.format(body_len=len(str(requests)), body=requests) +'Connection: close\r\n\r\n{body}'.format(body_len=len(str(num_requests)), body=num_requests) )) connection.close() num_requests += 1 @@ -71,10 +71,10 @@ def thread_delayed_accept_after_connect(sock): def thread_reset_after_accept(sock): sock.listen(0) first = True -requests = 0 +num_requests = 0 while True: connection, addr = sock.accept() -requests += 1 +num_requests += 1 if first: first = False connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0)) @@ -84,7 +84,7 @@ def thread_reset_after_accept(sock): 'HTTP/1.1 200 OK\r\n' 'Content-Length: {body_len}\r\n' 'Content-Type: text/html; charset=UTF-8\r\n' -'Connection: close\r\n\r\n{body}'.format(body_len=len(str(requests)), body=requests) +'Connection: close\r\n\r\n{body}'.format(body_len=len(str(num_requests)), body=num_requests) )) connection.close() @@ -92,10 +92,10 @@ def thread_reset_after_accept(sock): def thread_partial_response(sock): sock.listen(0) first = True -requests = 0 +num_requests = 0 while True: connection, addr = sock.accept() -requests += 1 +num_requests += 1 if first: connection.send('HTTP/1.1 200 OK\r\n') connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0)) @@ -106,7 +106,7 @@ def thread_partial_response(sock): 'HTTP/1.1 200 OK\r\n' 'Content-Length: {body_len}\r\n' 'Content-Type: text/html; charset=UTF-8\r\n' -'Connection: close\r\n\r\n{body}'.format(body_len=len(str(requests)), body=requests) +'Connection: close\r\n\r\n{body}'.format(body_len=len(str(num_requests)), body=num_requests) )) connection.close() @@ -212,4 +212,5 @@ class TestOriginServerConnectAttempts(helpers.EnvironmentCase): # make sure it worked self.assertEqual(ret.status_code, 200) # make sure its not the first one (otherwise the test messed up somehow) +print ret.text self.assertGreater(int(ret.text), 0)
[2/2] trafficserver git commit: TS-3576: Remove the need for FIPS locking for OpenSSL
TS-3576: Remove the need for FIPS locking for OpenSSL Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/d41e96fa Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/d41e96fa Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/d41e96fa Branch: refs/heads/master Commit: d41e96fafb097c0918c7c57728adf1afd08f3e91 Parents: ba1d6f7 Author: Bryan Call bc...@apache.org Authored: Thu Apr 30 18:42:30 2015 -0700 Committer: Bryan Call bc...@apache.org Committed: Thu Apr 30 18:44:45 2015 -0700 -- iocore/net/SSLUtils.cc | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d41e96fa/iocore/net/SSLUtils.cc -- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 2fae482..0b73244 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -137,10 +137,17 @@ SSL_pthreads_thread_id() } static void -SSL_locking_callback(int mode, int type, const char * /* file ATS_UNUSED */, int /* line ATS_UNUSED */) +SSL_locking_callback(int mode, int type, const char *file, int line) { + Debug(ssl_lock, file: %s line: %d type: %d, file, line, type); ink_assert(type CRYPTO_num_locks()); +#ifdef OPENSSL_FIPS + if (type == CRYPTO_LOCK_FIPS || type == CRYPTO_LOCK_FIPS2) { +return; + } +#endif + if (mode CRYPTO_LOCK) { pthread_mutex_lock(mutex_buf[type]); } else if (mode CRYPTO_UNLOCK) { @@ -151,6 +158,7 @@ SSL_locking_callback(int mode, int type, const char * /* file ATS_UNUSED */, int } } + static bool SSL_CTX_add_extra_chain_cert_file(SSL_CTX *ctx, const char *chainfile) { @@ -757,6 +765,12 @@ SSLInitializeLibrary() SSL_load_error_strings(); SSL_library_init(); +#ifdef OPENSSL_FIPS +int mode = FIPS_mode(); +FIPS_mode_set(mode); +Debug(ssl, FIPS_mode: %d, mode); +#endif + mutex_buf = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); for (int i = 0; i CRYPTO_num_locks(); i++) {
[2/2] trafficserver git commit: Correctly pass headers in request to ATS
Correctly pass headers in request to ATS Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/502a3b50 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/502a3b50 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/502a3b50 Branch: refs/heads/master Commit: 502a3b5040fcf86a9d836a13029843299f3b8c0d Parents: ba2f123 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:49:37 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:49:37 2015 -0700 -- ci/tsqa/tests/test_keepalive.py | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/502a3b50/ci/tsqa/tests/test_keepalive.py -- diff --git a/ci/tsqa/tests/test_keepalive.py b/ci/tsqa/tests/test_keepalive.py index 3e77388..5216282 100644 --- a/ci/tsqa/tests/test_keepalive.py +++ b/ci/tsqa/tests/test_keepalive.py @@ -77,11 +77,13 @@ class KeepAliveInMixin(object): return request def _aux_KA_working_path_connid(self, protocol, headers=None): +if headers is None: +headers = {} with requests.Session() as s: url = '{0}://127.0.0.1:{1}/'.format(protocol, int(self.configs['records.config']['CONFIG']['proxy.config.http.server_ports'])) conn_id = None for x in xrange(1, 10): -ret = requests.get(url) +ret = requests.get(url, headers=headers) self.assertEqual(ret.status_code, 200) if conn_id is None: conn_id = ret.text @@ -440,6 +442,7 @@ class TestKeepAlive_Authorization_private(helpers.EnvironmentCase, BasicTestsOut self._aux_KA_working_path_connid(http, headers={'Authorization': 'Foo'}) + class TestKeepAlive_Authorization_no_private(helpers.EnvironmentCase, BasicTestsOutMixin, KeepAliveInMixin): @classmethod def setUpEnv(cls, env):
[1/2] trafficserver git commit: Disable tests of enable-static-proxy until TS-3577 is resolved
Repository: trafficserver Updated Branches: refs/heads/master 5bb5b237b - 502a3b504 Disable tests of enable-static-proxy until TS-3577 is resolved Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ba2f1239 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ba2f1239 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ba2f1239 Branch: refs/heads/master Commit: ba2f1239d5b4cc1ece8c1df199310d12a5e9de86 Parents: 5bb5b23 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:35:47 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:35:47 2015 -0700 -- ci/tsqa/tests/test_buildoptions.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ba2f1239/ci/tsqa/tests/test_buildoptions.py -- diff --git a/ci/tsqa/tests/test_buildoptions.py b/ci/tsqa/tests/test_buildoptions.py index 35e97b7..986e53d 100644 --- a/ci/tsqa/tests/test_buildoptions.py +++ b/ci/tsqa/tests/test_buildoptions.py @@ -58,7 +58,9 @@ class TestBuildOptionDisableTests(TestBuildOption): class TestBuildOptionEnableStaticProxy(TestBuildOption): '''Build with --enable-static-proxy''' environment_factory = { 'configure': { 'enable-static-proxy': None }, } - +@classmethod +def setUpClass(cls): +raise helpers.unittest.SkipTest('Skip until TS-3577 is resolved') class TestBuildOptionEnableCxxApi(TestBuildOption): '''Build with --enable-cppapi'''
trafficserver git commit: Initial add of README for tests
Repository: trafficserver Updated Branches: refs/heads/master 502a3b504 - ba1d6f7c9 Initial add of README for tests Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ba1d6f7c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ba1d6f7c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ba1d6f7c Branch: refs/heads/master Commit: ba1d6f7c9394c5efadb68cf9cf06f9b90f267b09 Parents: 502a3b5 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 18:21:46 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 18:30:07 2015 -0700 -- ci/tsqa/README.rst | 52 + 1 file changed, 52 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ba1d6f7c/ci/tsqa/README.rst -- diff --git a/ci/tsqa/README.rst b/ci/tsqa/README.rst new file mode 100644 index 000..236ffb7 --- /dev/null +++ b/ci/tsqa/README.rst @@ -0,0 +1,52 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + License); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +== +How do I run TSQA? +== +TSQA is mostly self contained (using python's virutalenv). There are currently only +two external depencies (below package names are for RHEL/Centos): +- python-virtualenv +- libcffi-devel + +Once these two packages are available you simply need to run make test in this +directory to run all tests. + +If you wish to run single tests you may do so by using nosetests from the +virtualenv directly-- this can be done by running something like: + +./virtualenv/bin/nosetests tests/test_example.py + + += +How do I write tests? += +There are examples here in the trafficserver source tree (test_example.py), in +trafficserver-qa (https://github.com/apache/trafficserver-qa/tree/master/examples), +and other test cases to read through. If you have any questions please feel free +to send mail to the mailing lists, or pop onto IRC. + + += +Where do I put tests? += +At this point there aren't a lot of tests, so it may be difficult to know *where* +to put your test. The general plan is to group tests by functionality. For example, +if you have a keepalive test it should go with the rest of the keepalive tests. +In general where we put the test is a lot less important than the test itself. +So if you are confused about where to put it please write the test and submit a +patch or pull request, and someone will help you place it.
[2/2] trafficserver-qa git commit: Add info messages for build start/complete
Add info messages for build start/complete Project: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/commit/9ba51c9a Tree: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/tree/9ba51c9a Diff: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/diff/9ba51c9a Branch: refs/heads/master Commit: 9ba51c9a2f0c64abf2cd617cb69963626c1e4835 Parents: 4baa3a0 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:31:49 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:31:49 2015 -0700 -- tsqa/environment.py | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver-qa/blob/9ba51c9a/tsqa/environment.py -- diff --git a/tsqa/environment.py b/tsqa/environment.py index 7fff3ed..0e5c78d 100644 --- a/tsqa/environment.py +++ b/tsqa/environment.py @@ -160,8 +160,11 @@ class EnvironmentFactory(object): } if log.isEnabledFor(logging.DEBUG): -kwargs.pop('stdout') -kwargs.pop('stderr') +# if this is debug, lets not capture the output and let it go to +# stdout and stderr +kwargs['stdout'] = None +kwargs['stderr'] = None +log.info('Starting build ({0}): configure {1}'.format(key, configure)) # configure args = [os.path.join(self.source_dir, 'configure'), '--prefix=/'] + tsqa.utils.configure_list(configure) @@ -181,6 +184,7 @@ class EnvironmentFactory(object): 'configuration': args, 'env': env_key, } +log.info('Build completed ({0}): configure {1}'.format(key, configure)) except Exception as e: EnvironmentFactory.negative_cache[key] = e raise
[1/2] trafficserver-qa git commit: Correct debug output of builds
Repository: trafficserver-qa Updated Branches: refs/heads/master 12e3fa62b - 9ba51c9a2 Correct debug output of builds Project: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/commit/4baa3a0a Tree: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/tree/4baa3a0a Diff: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/diff/4baa3a0a Branch: refs/heads/master Commit: 4baa3a0aaddc502960a6c1f69b16eae67037e1a9 Parents: 12e3fa6 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:26:06 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:26:06 2015 -0700 -- tsqa/environment.py | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver-qa/blob/4baa3a0a/tsqa/environment.py -- diff --git a/tsqa/environment.py b/tsqa/environment.py index 513588c..7fff3ed 100644 --- a/tsqa/environment.py +++ b/tsqa/environment.py @@ -160,8 +160,8 @@ class EnvironmentFactory(object): } if log.isEnabledFor(logging.DEBUG): -kwargs['stdout'] = sys.stdout.fileno() -kwargs['stderr'] = sys.stderr.fileno() +kwargs.pop('stdout') +kwargs.pop('stderr') # configure args = [os.path.join(self.source_dir, 'configure'), '--prefix=/'] + tsqa.utils.configure_list(configure) @@ -178,7 +178,8 @@ class EnvironmentFactory(object): # stash the env self.environment_stash[key] = { 'path': installdir, -'configuration': args +'configuration': args, +'env': env_key, } except Exception as e: EnvironmentFactory.negative_cache[key] = e
trafficserver git commit: Increase proxy.config.hostdb.lookup_timeout for tests, since Jenkins is a bit slow
Repository: trafficserver Updated Branches: refs/heads/master 6f71be9b3 - c52ad16c0 Increase proxy.config.hostdb.lookup_timeout for tests, since Jenkins is a bit slow Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c52ad16c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c52ad16c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c52ad16c Branch: refs/heads/master Commit: c52ad16c0bee26e40777f3841e35db219dfdbc63 Parents: 6f71be9 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:03:03 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:03:03 2015 -0700 -- ci/tsqa/tests/test_hostdb.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c52ad16c/ci/tsqa/tests/test_hostdb.py -- diff --git a/ci/tsqa/tests/test_hostdb.py b/ci/tsqa/tests/test_hostdb.py index 46bec6a..6d0ce9c 100644 --- a/ci/tsqa/tests/test_hostdb.py +++ b/ci/tsqa/tests/test_hostdb.py @@ -37,7 +37,7 @@ class TestHostDBPartiallyFailedDNS(helpers.EnvironmentCase): cls.configs['records.config']['CONFIG'].update({ 'proxy.config.http.response_server_enabled': 2, # only add server headers when there weren't any -'proxy.config.hostdb.lookup_timeout': 1, +'proxy.config.hostdb.lookup_timeout': 2, 'proxy.config.dns.resolv_conf': resolv_conf_path, 'proxy.config.url_remap.remap_required': 0, @@ -66,7 +66,7 @@ class TestHostDBFailedDNS(helpers.EnvironmentCase): cls.configs['records.config']['CONFIG'].update({ 'proxy.config.http.response_server_enabled': 2, # only add server headers when there weren't any -'proxy.config.hostdb.lookup_timeout': 1, +'proxy.config.hostdb.lookup_timeout': 2, 'proxy.config.dns.resolv_conf': resolv_conf_path, 'proxy.config.url_remap.remap_required': 0,
trafficserver git commit: Skip atscppapi builds until it supports out-of-tree builds
Repository: trafficserver Updated Branches: refs/heads/master c52ad16c0 - 7e75f960f Skip atscppapi builds until it supports out-of-tree builds Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/7e75f960 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/7e75f960 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/7e75f960 Branch: refs/heads/master Commit: 7e75f960ffc75fbbf2cab597ba0daf3c140c15af Parents: c52ad16 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:13:31 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:13:31 2015 -0700 -- ci/tsqa/tests/test_buildoptions.py | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7e75f960/ci/tsqa/tests/test_buildoptions.py -- diff --git a/ci/tsqa/tests/test_buildoptions.py b/ci/tsqa/tests/test_buildoptions.py index 2279062..35e97b7 100644 --- a/ci/tsqa/tests/test_buildoptions.py +++ b/ci/tsqa/tests/test_buildoptions.py @@ -31,31 +31,39 @@ import tsqa.utils log = logging.getLogger(__name__) + class TestBuildOption(helpers.EnvironmentCase): ''' Run the built-in traffic_server regression test suite. ''' - def test_buildoption(self): pass + class TestBuildOptionFastSDK(TestBuildOption): '''Build with --enable-fast-sdk''' environment_factory = { 'configure': { 'enable-fast-sdk': None }, } + class TestBuildOptionDisableDiags(TestBuildOption): '''Build with --disable-diags''' environment_factory = { 'configure': { 'disable-diags': None }, } + class TestBuildOptionDisableTests(TestBuildOption): '''Build with --disable-tests''' environment_factory = { 'configure': { 'disable-tests': None }, } + class TestBuildOptionEnableStaticProxy(TestBuildOption): '''Build with --enable-static-proxy''' environment_factory = { 'configure': { 'enable-static-proxy': None }, } + class TestBuildOptionEnableCxxApi(TestBuildOption): '''Build with --enable-cppapi''' environment_factory = { 'configure': { 'enable-cppapi': None }, } +@classmethod +def setUpClass(cls): +raise helpers.unittest.SkipTest('Skip until atscppapi supports out of tree builds')
trafficserver-qa git commit: Stop doing distclean between builds. This will significantly reduce build times
Repository: trafficserver-qa Updated Branches: refs/heads/master 37f87d70b - 12e3fa62b Stop doing distclean between builds. This will significantly reduce build times Project: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/commit/12e3fa62 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/tree/12e3fa62 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver-qa/diff/12e3fa62 Branch: refs/heads/master Commit: 12e3fa62b05b0e354cc69ff6259db75f4bc07dae Parents: 37f87d7 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 15:58:02 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 15:58:02 2015 -0700 -- tsqa/environment.py | 5 - 1 file changed, 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver-qa/blob/12e3fa62/tsqa/environment.py -- diff --git a/tsqa/environment.py b/tsqa/environment.py index 33589e8..513588c 100644 --- a/tsqa/environment.py +++ b/tsqa/environment.py @@ -83,11 +83,6 @@ class EnvironmentFactory(object): kwargs['stdout'] = None kwargs['stderr'] = None -# run autoreconf in source tree -try: -tsqa.utils.run_sync_command(['make', 'distclean'], **kwargs) -except: -pass tsqa.utils.run_sync_command(['autoreconf', '-if'], **kwargs) @property
[4/4] trafficserver git commit: Correct exception name, now that we enforce a timeout
Correct exception name, now that we enforce a timeout Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/6f71be9b Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/6f71be9b Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/6f71be9b Branch: refs/heads/master Commit: 6f71be9b33e9f64581ec06529b90377fdc890208 Parents: 3ac5114 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 17:00:38 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 17:00:48 2015 -0700 -- ci/tsqa/tests/test_chunked.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/6f71be9b/ci/tsqa/tests/test_chunked.py -- diff --git a/ci/tsqa/tests/test_chunked.py b/ci/tsqa/tests/test_chunked.py index 9b7fdc0..5d265f4 100644 --- a/ci/tsqa/tests/test_chunked.py +++ b/ci/tsqa/tests/test_chunked.py @@ -192,5 +192,5 @@ class TestChunked(helpers.EnvironmentCase): def test_chunked_bad_close(self): url = 'http://127.0.0.1:{0}/5/0.1/false'.format(self.port) -with self.assertRaises(requests.exceptions.ConnectionError): +with self.assertRaises(socket.timeout): ret = requests.get(url, proxies=self.proxies, timeout=2)
[3/4] trafficserver git commit: Add ExpectedFailure for testcase of TS-3440
Add ExpectedFailure for testcase of TS-3440 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/3ac5114c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/3ac5114c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/3ac5114c Branch: refs/heads/master Commit: 3ac5114cd4d9c11db4ad7052ba5612c7399b4d10 Parents: 7759b24 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:53:19 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:53:19 2015 -0700 -- ci/tsqa/tests/test_connect_attempts.py | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/3ac5114c/ci/tsqa/tests/test_connect_attempts.py -- diff --git a/ci/tsqa/tests/test_connect_attempts.py b/ci/tsqa/tests/test_connect_attempts.py index 9979e33..0a29632 100644 --- a/ci/tsqa/tests/test_connect_attempts.py +++ b/ci/tsqa/tests/test_connect_attempts.py @@ -181,6 +181,8 @@ class TestOriginServerConnectAttempts(helpers.EnvironmentCase): # TODO: FIX THIS!!! The test is correct, ATS isn't! # we should fail in this case-- or at least have a config which lets you control +# TODO: remove once TS-3440 is resolved +@unittest.expectedFailure def test_partial_response_origin(self): ''' Verify that we get 504s from origins that return a partial_response
[1/4] trafficserver git commit: Use requests instead of raw sockets
Repository: trafficserver Updated Branches: refs/heads/master 189c843f3 - 6f71be9b3 Use requests instead of raw sockets Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c4a18790 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c4a18790 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c4a18790 Branch: refs/heads/master Commit: c4a187905cbdb719b428010d2d4c032e00b76fe1 Parents: 189c843 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:44:04 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:44:04 2015 -0700 -- ci/tsqa/tests/test_keepalive.py | 26 ++ 1 file changed, 10 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c4a18790/ci/tsqa/tests/test_keepalive.py -- diff --git a/ci/tsqa/tests/test_keepalive.py b/ci/tsqa/tests/test_keepalive.py index 0e501ce..3e77388 100644 --- a/ci/tsqa/tests/test_keepalive.py +++ b/ci/tsqa/tests/test_keepalive.py @@ -77,22 +77,16 @@ class KeepAliveInMixin(object): return request def _aux_KA_working_path_connid(self, protocol, headers=None): -# connect tcp -s = self._get_socket() - -request = ('GET / HTTP/1.1\r\n' - 'Host: foobar.com\r\n') -request += self._headers_to_str(headers) -request += '\r\n' - -for x in xrange(1, 10): -s.send(request) -response = s.recv(4096) -# cheat, since we know what the body should have -if '\r\n\r\n' not in response: -response += s.recv(4096) -self.assertIn('HTTP/1.1 200 OK', response) -self.assertIn('hello', response) +with requests.Session() as s: +url = '{0}://127.0.0.1:{1}/'.format(protocol, int(self.configs['records.config']['CONFIG']['proxy.config.http.server_ports'])) +conn_id = None +for x in xrange(1, 10): +ret = requests.get(url) +self.assertEqual(ret.status_code, 200) +if conn_id is None: +conn_id = ret.text +else: +self.assertEqual(ret.text, conn_id) def _aux_working_path(self, protocol, headers=None): # connect tcp
[2/4] trafficserver git commit: Mark the failures from TS-3518 as expected failures until a fix is committed
Mark the failures from TS-3518 as expected failures until a fix is committed Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/7759b247 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/7759b247 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/7759b247 Branch: refs/heads/master Commit: 7759b24709625f1f6e619713108efed1526f8b3b Parents: c4a1879 Author: Thomas Jackson jackso...@apache.org Authored: Thu Apr 30 16:47:21 2015 -0700 Committer: Thomas Jackson jackso...@apache.org Committed: Thu Apr 30 16:47:21 2015 -0700 -- ci/tsqa/tests/test_https.py | 5 + 1 file changed, 5 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7759b247/ci/tsqa/tests/test_https.py -- diff --git a/ci/tsqa/tests/test_https.py b/ci/tsqa/tests/test_https.py index a8914e6..9273b4f 100644 --- a/ci/tsqa/tests/test_https.py +++ b/ci/tsqa/tests/test_https.py @@ -20,6 +20,7 @@ import socket import helpers import tsqa.utils +unittest = tsqa.utils.import_unittest() # some ciphers to test with CIPHER_MAP = { @@ -266,8 +267,12 @@ class TestMix(helpers.EnvironmentCase, CertSelectionMixin): cert = self._get_cert(addr, ciphers=CIPHER_MAP['ecdsa']) self.assertEqual(cert.get_subject().commonName.decode(), 'www.example.com') +# TODO: remove once TS-3518 is resolved +@unittest.expectedFailure def test_intermediate_ca_rsa(self): self._intermediate_ca_t('rsa') +# TODO: remove once TS-3518 is resolved +@unittest.expectedFailure def test_intermediate_ca_ecdsa(self): self._intermediate_ca_t('ecdsa')
trafficserver git commit: TS-3538: ATS should perform validity checks on certificate prior to serving. This closes #195.
Repository: trafficserver Updated Branches: refs/heads/master c2ed99714 - ac5f73a03 TS-3538: ATS should perform validity checks on certificate prior to serving. This closes #195. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ac5f73a0 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ac5f73a0 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ac5f73a0 Branch: refs/heads/master Commit: ac5f73a0398df7581ccb34b0d6c6d400ea810336 Parents: c2ed997 Author: Dave Thompson da...@yahoo-inc.com Authored: Thu Apr 30 10:19:32 2015 -0500 Committer: shinrich shinr...@yahoo-inc.com Committed: Thu Apr 30 10:19:32 2015 -0500 -- CHANGES| 2 ++ iocore/net/SSLUtils.cc | 76 + 2 files changed, 78 insertions(+) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ac5f73a0/CHANGES -- diff --git a/CHANGES b/CHANGES index 7760948..eae4f99 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 6.0.0 + *) [TS-3538]: Perform server certificate validity check. + *) [TS-3549]: Configurable option to avoid thundering herd problem for multiple concurrent requests. The initial POC patch for this solution came from Justin Laue. This patch will further be http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ac5f73a0/iocore/net/SSLUtils.cc -- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 76727c5..2fae482 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1148,6 +1148,74 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const ats_scop return true; } +static int +SSLCheckServerCertNow(const char *certFilename) +{ +BIO*bioFP = NULL; +X509 *myCert; +inttimeCmpValue; +time_t currentTime; + +// SSLCheckServerCertNow() - returns 0 on OK or negative value on failure +// and update log as appropriate. +// Will check: +// - if file exists, and has read permissions +// - for truncation or other PEM read fail +// - current time is between notBefore and notAfter dates of certificate +// if anything is not kosher, a negative value is returned and appropriate error logged. + +if ((!certFilename) || (!(*certFilename))) { +return -2; +} + +if ((bioFP = BIO_new(BIO_s_file())) == NULL) { +Error(BIO_new() failed for server certificate check. Out of memory?); +return -1; +} + +if (BIO_read_filename(bioFP, certFilename) = 0) { +// file not found, or not accessible due to permissions +Error(Can't open server certificate file: \%s\\n,certFilename); +BIO_free(bioFP); +return -2; +} + +myCert = PEM_read_bio_X509(bioFP, NULL, 0, NULL); +BIO_free(bioFP); +if (! myCert) { +// a truncated certificate would fall into here +Error(Error during server certificate PEM read. Is this a PEM format certificate?: \%s\\n,certFilename); +return -3; +} + +time(currentTime); +if (!(timeCmpValue = X509_cmp_time(X509_get_notBefore(myCert), currentTime))) { +// an error occured parsing the time, which we'll call a bogosity +Error(Error occured while parsing server certificate notBefore time.); +return -3; +} else if ( 0 timeCmpValue) { +// cert contains a date before the notBefore +Error(Server certificate notBefore date is in the future - INVALID CERTIFICATE: %s,certFilename); +return -4; +} + +if (!(timeCmpValue = X509_cmp_time(X509_get_notAfter(myCert), currentTime))) { +// an error occured parsing the time, which we'll call a bogosity +Error(Error occured while parsing server certificate notAfter time.); +return -3; +} else if ( 0 timeCmpValue) { +// cert is expired +Error(Server certificate EXPIRED - INVALID CERTIFICATE: %s,certFilename); +return -5; +} + +Debug(ssl,Server certificate passed accessibility and date checks: \%s\,certFilename); +return 0; // all good + +} /* CheckServerCertNow() */ + + + SSL_CTX * SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config sslMultCertSettings) { @@ -1624,6 +1692,14 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons certpath = NULL; } + if (0 SSLCheckServerCertNow((const char *) certpath)) { +/* At this point, we know cert is bad, and we've already printed a + descriptive reason as to why cert is bad to the log file */ +
trafficserver git commit: Remove the normalization for the @header, which are never leaked externally (Incidentally, the @DataInfo has also been renamed as @Ats-Internal with TS-3549)
Repository: trafficserver Updated Branches: refs/heads/master ac5f73a03 - cec7e3c2a Remove the normalization for the @header, which are never leaked externally (Incidentally, the @DataInfo has also been renamed as @Ats-Internal with TS-3549) Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cec7e3c2 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cec7e3c2 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cec7e3c2 Branch: refs/heads/master Commit: cec7e3c2a6a373ff37430d6bb03976d1e42f3726 Parents: ac5f73a Author: Sudheer Vinukonda sudhe...@yahoo-inc.com Authored: Thu Apr 30 16:12:14 2015 + Committer: Sudheer Vinukonda sudhe...@yahoo-inc.com Committed: Thu Apr 30 16:12:14 2015 + -- plugins/experimental/header_normalize/header_normalize.cc | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cec7e3c2/plugins/experimental/header_normalize/header_normalize.cc -- diff --git a/plugins/experimental/header_normalize/header_normalize.cc b/plugins/experimental/header_normalize/header_normalize.cc index 1a49965..97e6bbf 100644 --- a/plugins/experimental/header_normalize/header_normalize.cc +++ b/plugins/experimental/header_normalize/header_normalize.cc @@ -134,7 +134,6 @@ buildHdrMap() hdrMap[warning] = Warning; hdrMap[www-authenticate] = Www-Authenticate; hdrMap[xref] = Xref; - hdrMap[@datainfo] = @DataInfo; hdrMap[x-id] = X-ID; hdrMap[x-forwarded-for] = X-Forwarded-For; hdrMap[sec-websocket-key] = Sec-WebSocket-Key;