Thanks to visit codestin.com
Credit goes to github.com

Skip to content

tests/multi_net: Fix skipping of SSLContext tests when .der don't exist. #15546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 25, 2024
Merged

tests/multi_net: Fix skipping of SSLContext tests when .der don't exist. #15546

merged 1 commit into from
Jul 25, 2024

Conversation

dpgeorge
Copy link
Member

The sslcontext_server_client_ciphers.py test was using stat to test for the .der files after it already tried to open them for reading. That is now fixed. And sslcontext_server_client.py is adjusted to use the same pattern for skipping the test.

@dpgeorge dpgeorge added the tests Relates to tests/ directory in source label Jul 25, 2024
@dpgeorge
Copy link
Member Author

@andrewleech I saw you had problems in #15523 (comment) when running multi tests that rely on .der files. They should have skipped when the .der files did not exist, but one of them didn't skip.

That's fixed by this PR.

@codecov Codecov
Copy link

codecov bot commented Jul 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.43%. Comparing base (1f907a2) to head (b8c1717).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #15546   +/-   ##
=======================================
  Coverage   98.43%   98.43%           
=======================================
  Files         161      161           
  Lines       21281    21281           
=======================================
  Hits        20948    20948           
  Misses        333      333

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dpgeorge
tests/multi_net: Fix skipping of SSLContext tests when .der don't exist.
e1fe62f 
The `sslcontext_server_client_ciphers.py` test was using stat to test for
the .der files after it already tried to open them for reading.  That is
now fixed.  And `sslcontext_server_client.py` is adjusted to use the same
pattern for skipping the test.

Signed-off-by: Damien George <[email protected]>
@dpgeorge dpgeorge force-pushed the tests-multi-net-skip-no-cert-files branch from b8c1717 to e1fe62f Compare July 25, 2024 08:15
@dpgeorge dpgeorge merged commit e1fe62f into micropython:master Jul 25, 2024
24 checks passed
@dpgeorge dpgeorge deleted the tests-multi-net-skip-no-cert-files branch July 25, 2024 08:16
@andrewleech
Copy link
Contributor

On a related note:

multi_net/sslcontext_getpeercert.py on ttyACM0|ttyACM1: FAIL
### TEST ###
--- instance0 ---
b'client to server'
--- instance1 ---
308201d230820179a0030201020214500d37d45456234421e354a0e4db985cc02a8c01300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303732353036313633365a170d3235303732353036313633365a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d03010703420004105a7486ab47c8abbeb5137ab02da3798f78abac8f961ad17f50f6a4d3e559302aa351eba4a73b19de2606506de41fb66a5a218eb28ad2a0e2da13a1a0aa5b45a3533051301d0603551d0e041604147a228465b0367779b6cdfeca2dcb096bb7624b7b301f0603551d230418301680147a228465b0367779b6cdfeca2dcb096bb7624b7b300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020347003044022042b3b56c4938b2ae1baeae8e70c7e874f1029e6b5b015e20b8bea260aee80dcb02201e02d5853a091203707b461722b7bc5eb1f5787a89094b018d534e2a4c1e3dbf
b'server to client'
### TRUTH ###
--- instance0 ---
b'client to server'
--- instance1 ---
308201d330820179a00302010202144315a7cd8f69febe2640314e7c97d60a2523ad15300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303131343034353335335a170d3235303131333034353335335a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d0301070342000449b7f5fa687cb25a9464c397508149992f445c860bcf7002958eb4337636c6af840cd4c8cf3b96f2384860d8ae3ee3fa135dba051e8605e62bd871689c6af43ca3533051301d0603551d0e0416041441b3ae171d91e330411d8543ba45e0f2d5b2951b301f0603551d2304183016801441b3ae171d91e330411d8543ba45e0f2d5b2951b300f0603551d130101ff040530030101ff300a06082a8648ce3d04030203480030450220587f61c34739d6fab5802a674dcc54443ae9c87da374078c4ee1cd83f4ad1694022100cfc45dcf264888c6ba2c36e78bd27bb67856d7879a052dd7aa7ecf7215f7b992
b'server to client'
### DIFF ###
--- /tmp/tmp89ds5lz8    2024-07-25 17:03:51.732191016 +1000
+++ /tmp/tmpbxngf337    2024-07-25 17:03:51.732191016 +1000
@@ -1,5 +1,5 @@
 --- instance0 ---
 b'client to server'
 --- instance1 ---
-308201d330820179a00302010202144315a7cd8f69febe2640314e7c97d60a2523ad15300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303131343034353335335a170d3235303131333034353335335a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d0301070342000449b7f5fa687cb25a9464c397508149992f445c860bcf7002958eb4337636c6af840cd4c8cf3b96f2384860d8ae3ee3fa135dba051e8605e62bd871689c6af43ca3533051301d0603551d0e0416041441b3ae171d91e330411d8543ba45e0f2d5b2951b301f0603551d2304183016801441b3ae171d91e330411d8543ba45e0f2d5b2951b300f0603551d130101ff040530030101ff300a06082a8648ce3d04030203480030450220587f61c34739d6fab5802a674dcc54443ae9c87da374078c4ee1cd83f4ad1694022100cfc45dcf264888c6ba2c36e78bd27bb67856d7879a052dd7aa7ecf7215f7b992
+308201d230820179a0030201020214500d37d45456234421e354a0e4db985cc02a8c01300a06082a8648ce3d040302303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b3009060355040613024155301e170d3234303732353036313633365a170d3235303732353036313633365a303f311a301806035504030c116d6963726f707974686f6e2e6c6f63616c31143012060355040a0c0b4d6963726f507974686f6e310b30090603550406130241553059301306072a8648ce3d020106082a8648ce3d03010703420004105a7486ab47c8abbeb5137ab02da3798f78abac8f961ad17f50f6a4d3e559302aa351eba4a73b19de2606506de41fb66a5a218eb28ad2a0e2da13a1a0aa5b45a3533051301d0603551d0e041604147a228465b0367779b6cdfeca2dcb096bb7624b7b301f0603551d230418301680147a228465b0367779b6cdfeca2dcb096bb7624b7b300f0603551d130101ff040530030101ff300a06082a8648ce3d0403020347003044022042b3b56c4938b2ae1baeae8e70c7e874f1029e6b5b015e20b8bea260aee80dcb02201e02d5853a091203707b461722b7bc5eb1f5787a89094b018d534e2a4c1e3dbf
 b'server to client'

I looks to me like the .exp file has an expected key snippet in it already, which doesn't match the newly generated one? Or amy I missing something here?

@dpgeorge
Copy link
Member Author

I looks to me like the .exp file has an expected key snippet in it already, which doesn't match the newly generated one?

It looks OK to me, the exp was updated with the der files in this commit: f3d1495

Testing on unix (after enabling MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) this test passes.

It also passes when one instance is an ESP32 and the other instance is unix (in both permutations):

$ mpremote rtc --set
$ mpremote cp multi_net/ec* :
cp multi_net/ec_cert.der :
cp multi_net/ec_key.der :
$ ./run-multitests.py -i pyb:u0 -p2 multi_net/sslcontext_getpeercert.py
multi_net/sslcontext_getpeercert.py on ttyUSB0|micropython: pass
1 tests performed
1 tests passed
multi_net/sslcontext_getpeercert.py on micropython|ttyUSB0: pass
1 tests performed
1 tests passed

@projectgus
Copy link
Contributor

Bit late to bring this up, but I actually think these tests should fail with a (clear) error if the files are missing. Otherwise we're nudging people towards not testing this functionality, rather than testing it.

(The actual thing I think these tests are missing are docs on how to correctly run them. I also had to figure it through trial and error, and I made a note to submit some instructions in a PR when I get a chance.)

@andrewleech
Copy link
Contributor

andrewleech commented Jul 26, 2024
edited
Loading

Ah, I didn't realise pre-made der files were available in the multi_net folder. I created my own from the readme: https://github.com/micropython/micropython/blob/8e01a97d3280959efa946d7f8bad81b5f0914138/tests/README.md#test-keycertificates

I've updated my readme PR some more thanks :-) #15552

With that, the cert tests all pass for me between C3 and S3, though the udp data is giving me some packet loss. That could be just related to router disance / low quality antennas .

@dpgeorge
Copy link
Member Author

I agree it's unexpected to have to copy the der files to the device for the test to run/work.

A better solution would be for the tests to run without copying across the files. This could be done:

  • using mpremote mount as a back-end runner for the test
  • using a simpler version of mount to inject files into the test, similar to how injected_import_hook_code already works to inject .mpy files

@andrewleech
Copy link
Contributor

I added a one-liner instruction in my readme update to copy the files and set rtc, I don't think that's too bad :-) mpremote a0 rtc --set cp multi_net/*.der :

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
tests Relates to tests/ directory in source
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dpgeorge @andrewleech @projectgus