From 225b9366ca49ef0992146ea80a6e60e29e4d171a Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Wed, 16 Aug 2023 10:49:41 +0000 Subject: [PATCH] Merge of r1911718 from trunk Tests, workarounds for bugs in curl 8.1.x git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1911719 13f79535-47bb-0310-9956-ffa450edef68 --- test/modules/http2/test_101_ssl_reneg.py | 8 +++ test/modules/http2/test_200_header_invalid.py | 59 +++++++++++-------- .../modules/http2/test_601_h2proxy_twisted.py | 12 +++- test/pyhttpd/env.py | 14 +++++ 4 files changed, 68 insertions(+), 25 deletions(-) diff --git a/test/modules/http2/test_101_ssl_reneg.py b/test/modules/http2/test_101_ssl_reneg.py index 66f2638a7b5..528002fb88a 100644 --- a/test/modules/http2/test_101_ssl_reneg.py +++ b/test/modules/http2/test_101_ssl_reneg.py @@ -59,6 +59,8 @@ def test_h2_101_01(self, env): # try to renegotiate the cipher, should fail with correct code def test_h2_101_02(self, env): + if not (env.curl_is_at_least('8.2.0') or env.curl_is_less_than('8.1.0')): + pytest.skip("need curl != 8.1.x version") url = env.mkurl("https", "ssl", "/renegotiate/cipher/") r = env.curl_get(url, options=[ "-vvv", "--tlsv1.2", "--tls-max", "1.2", "--ciphers", "ECDHE-RSA-AES256-GCM-SHA384" @@ -70,6 +72,8 @@ def test_h2_101_02(self, env): # try to renegotiate a client certificate from Location # needs to fail with correct code def test_h2_101_03(self, env): + if not (env.curl_is_at_least('8.2.0') or env.curl_is_less_than('8.1.0')): + pytest.skip("need curl != 8.1.x version") url = env.mkurl("https", "ssl", "/renegotiate/verify/") r = env.curl_get(url, options=["-vvv", "--tlsv1.2", "--tls-max", "1.2"]) assert 0 != r.exit_code @@ -79,6 +83,8 @@ def test_h2_101_03(self, env): # try to renegotiate a client certificate from Directory # needs to fail with correct code def test_h2_101_04(self, env): + if not (env.curl_is_at_least('8.2.0') or env.curl_is_less_than('8.1.0')): + pytest.skip("need curl != 8.1.x version") url = env.mkurl("https", "ssl", "/ssl-client-verify/index.html") r = env.curl_get(url, options=["-vvv", "--tlsv1.2", "--tls-max", "1.2"]) assert 0 != r.exit_code, f"{r}" @@ -121,6 +127,8 @@ def test_h2_101_10b(self, env): # Check that status works with ErrorDoc, see pull #174, fixes #172 def test_h2_101_11(self, env): + if not (env.curl_is_at_least('8.2.0') or env.curl_is_less_than('8.1.0')): + pytest.skip("need curl != 8.1.x version") url = env.mkurl("https", "ssl", "/renegotiate/err-doc-cipher") r = env.curl_get(url, options=[ "-vvv", "--tlsv1.2", "--tls-max", "1.2", "--ciphers", "ECDHE-RSA-AES256-GCM-SHA384" diff --git a/test/modules/http2/test_200_header_invalid.py b/test/modules/http2/test_200_header_invalid.py index fe944878405..5b3aafd8fab 100644 --- a/test/modules/http2/test_200_header_invalid.py +++ b/test/modules/http2/test_200_header_invalid.py @@ -64,36 +64,49 @@ def test_h2_200_03(self, env): else: assert 0 != r.exit_code - # test header field lengths check, LimitRequestLine (default 8190) + # test header field lengths check, LimitRequestLine def test_h2_200_10(self, env): - url = env.mkurl("https", "cgi", "/") - val = "1234567890" # 10 chars - for i in range(3): # make a 10000 char string - val = "%s%s%s%s%s%s%s%s%s%s" % (val, val, val, val, val, val, val, val, val, val) - # LimitRequestLine 8190 ok, one more char -> 431 - r = env.curl_get(url, options=["-H", "x: %s" % (val[:8187])]) - assert r.response["status"] == 200 - r = env.curl_get(url, options=["-H", "x: %sx" % (val[:8188])]) - assert 431 == r.response["status"] - # same with field name - r = env.curl_get(url, options=["-H", "y%s: 1" % (val[:8186])]) + conf = H2Conf(env) + conf.add(""" + LimitRequestLine 1024 + """) + conf.add_vhost_cgi() + conf.install() + assert env.apache_restart() == 0 + val = 200*"1234567890" + url = env.mkurl("https", "cgi", f'/?{val[:1022]}') + r = env.curl_get(url) assert r.response["status"] == 200 - r = env.curl_get(url, options=["-H", "y%s: 1" % (val[:8188])]) - assert 431 == r.response["status"] + url = env.mkurl("https", "cgi", f'/?{val[:1023]}') + r = env.curl_get(url) + # URI too long + assert 414 == r.response["status"] # test header field lengths check, LimitRequestFieldSize (default 8190) def test_h2_200_11(self, env): + conf = H2Conf(env) + conf.add(""" + LimitRequestFieldSize 1024 + """) + conf.add_vhost_cgi() + conf.install() + assert env.apache_restart() == 0 url = env.mkurl("https", "cgi", "/") - val = "1234567890" # 10 chars - for i in range(3): # make a 10000 char string - val = "%s%s%s%s%s%s%s%s%s%s" % (val, val, val, val, val, val, val, val, val, val) - # LimitRequestFieldSize 8190 ok, one more char -> 400 in HTTP/1.1 - # (we send 4000+4185 since they are concatenated by ", " and start with "x: " - r = env.curl_get(url, options=["-H", "x: %s" % (val[:4000]), "-H", "x: %s" % (val[:4185])]) - assert r.response["status"] == 200 - r = env.curl_get(url, options=["--http1.1", "-H", "x: %s" % (val[:4000]), "-H", "x: %s" % (val[:4189])]) + val = 200*"1234567890" + # two fields, concatenated with ', ' + # LimitRequestFieldSize, one more char -> 400 in HTTP/1.1 + r = env.curl_get(url, options=[ + '-H', f'x: {val[:500]}', '-H', f'x: {val[:519]}' + ]) + assert r.exit_code == 0, f'{r}' + assert r.response["status"] == 200, f'{r}' + r = env.curl_get(url, options=[ + '--http1.1', '-H', f'x: {val[:500]}', '-H', f'x: {val[:523]}' + ]) assert 400 == r.response["status"] - r = env.curl_get(url, options=["-H", "x: %s" % (val[:4000]), "-H", "x: %s" % (val[:4191])]) + r = env.curl_get(url, options=[ + '-H', f'x: {val[:500]}', '-H', f'x: {val[:520]}' + ]) assert 431 == r.response["status"] # test header field count, LimitRequestFields (default 100) diff --git a/test/modules/http2/test_601_h2proxy_twisted.py b/test/modules/http2/test_601_h2proxy_twisted.py index 276558eeed5..06b8ce76ebb 100644 --- a/test/modules/http2/test_601_h2proxy_twisted.py +++ b/test/modules/http2/test_601_h2proxy_twisted.py @@ -63,7 +63,11 @@ def test_h2_601_04_echo_fail_late(self, env, name): url = env.mkurl("https", "cgi", f"/h2proxy/h2test/echo?fail_after={os.path.getsize(fpath)}") r = env.curl_upload(url, fpath, options=[]) # 92 is curl's CURLE_HTTP2_STREAM - assert r.exit_code == 92 or r.response["status"] == 502 + if r.exit_code != 0: + # H2 stream or partial file error + assert r.exit_code == 92 or r.exit_code == 18, f'{r}' + else: + assert r.response["status"] == 502, f'{r}' def test_h2_601_05_echo_fail_many(self, env): if not env.httpd_is_at_least('2.5.0'): @@ -88,4 +92,8 @@ def test_h2_601_05_echo_fail_many(self, env): stats.append(json.loads(line)) assert len(stats) == count for st in stats: - assert st['exitcode'] == 92 or st['http_code'] == 502, f'unexpected: {st}' + if st['exitcode'] != 0: + # H2 stream or partial file error + assert st['exitcode'] == 92 or st['exitcode'] == 18, f'{r}' + else: + assert st['http_code'] == 502, f'{r}' diff --git a/test/pyhttpd/env.py b/test/pyhttpd/env.py index 842e369cbce..39741cd684d 100644 --- a/test/pyhttpd/env.py +++ b/test/pyhttpd/env.py @@ -493,6 +493,20 @@ def curl_is_at_least(self, minv): return self._curl_version >= self._versiontuple(minv) return False + def curl_is_less_than(self, version): + if self._curl_version is None: + p = subprocess.run([self._curl, '-V'], capture_output=True, text=True) + if p.returncode != 0: + return False + for l in p.stdout.splitlines(): + m = re.match(r'curl ([0-9.]+)[- ].*', l) + if m: + self._curl_version = self._versiontuple(m.group(1)) + break + if self._curl_version is not None: + return self._curl_version < self._versiontuple(version) + return False + def has_nghttp(self): return self._nghttp != ""