Commit graph

23 commits

Author SHA1 Message Date
Viktor Szakats
cb4465bfe6
pytest: close file handles after use (cont.), and tidy-ups
- dante.py, dnsd.py, sshd.py: drop redundant conditions.
  Spotted in sshd by GitHub Code Quality.
- curl.py: comment out `if` to silence CodeQL warning.

Reported by GitHub CodeQL

Follow-up to 8145476d5d #21916

Closes #21917
2026-06-09 10:24:07 +02:00
Stefan Eissing
e4139a73c8
h3-proxy: fixes around H3 proxy
code:
- less exception handling in existing code
- true ip happy eyeballing
- enable certificate verification
- cf-h2-proxy: abort connection when server closed connection

tests:
- remove all --insecure and --proxy-insecure args
- make session reuse test_60_12 a working one
- resolve port conflicts between h2o and nghttpx
- use proxy args better
- make test_60_06 run shorter
- kill h2o at the end of tests, normal stop takes too long

Ref: 59213f8248 #21789
Follow-up to e78b1b3ecc #21153

Closes #21798
2026-05-28 14:41:27 +02:00
Dan Fandrich
98e470b3a8 tests: alphabetize and group Python imports & add check
- De-duplicates, groups, and sorts imports based on the provided `isort` settings.
2026-04-08 10:28:05 -07:00
Dan Fandrich
4c1b6f5494 tests: enable more ruff checks
- Checks for missing explicit `return` statements at the end of functions
that can return non-`None` values.
- Checks for classes that inherit from `object`.
- Checks for useless expressions.
- Within an `except*` clause, raise exceptions with `raise ... from err`
or `raise ... from None` to distinguish them from errors in exception
handling
- Checks for variable assignments that immediately precede a `return` of the
assigned variable.
- Checks for `else` statements with a `return` statement in the preceding
`if` block.
- Checks for unnecessary parentheses on raised exceptions.

Closes: #21258
2026-04-08 10:28:05 -07:00
Stefan Eissing
14478429e7
pytest: quiche flakiness
Let nghttpx only use http/1.1 to backend. This reproduces the bug in
quiche with higher frequency. Allow test_14_05 to now return a 400 in
addition to the 431 we get from a h2 backend to nghttpx.

Skip test_05_02 in h3 on quiche not newer than version 0.24.4 in which
its bug is fixed: https://github.com/cloudflare/quiche/pull/2278

Ref: https://github.com/cloudflare/quiche/issues/2277
Closes #19770 (original Issue)
Closes #19916
2025-12-10 15:26:27 +01:00
Stefan Eissing
aba3c63ae8
pytest: fix and improve reliability
Address issues listed in #19770:
- allow for ngttpx to successfully shut down on last attempt that might
  extend beyond the finish timestamp
- timeline checks: allos `time_starttransfer` to appear anywhere in
  the timeline as a slow client might seen response data before setting
  the other counters
- dump logs on test_05_02 as it was not reproduced locally

Fixes #19970
Closes #19783
2025-12-02 17:15:36 +01:00
Viktor Szakats
a87383828e
badwords: fix issues found in tests
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.

There is no plan to enforce badwords on tests.

Also:
- badwords.txt: let a few `manpage[s]` occurrences through
  (in Perl code).

Closes #19541
2025-11-17 13:30:35 +01:00
Stefan Eissing
115fe808f2
ngtcp2: check error code on connect failure
Access the error codes of ngtcp2 when a connect attempt failes. Trace
the information for analysis. Treat errors as permanent failure by
default, trigger retrying only when the server refused without
indicating an error.

Closes #18521
2025-09-11 16:00:58 +02:00
Stefan Eissing
d9bebede59
pytest: adapt for runs with openssl-1.1.1
Fix use of nghttpx fixture to be present even when h3 is not
available in curl. Fix TLS protocol versions expectations for
older openssl versions.

Closes #17538
2025-06-05 13:52:29 +02:00
Stefan Eissing
dc60a82747
scorecard: rework format and add json print
Improve the JSON result format to be more descriptive and
easier to parse.

Add --print option to scorecard.py that prints a saved JSON file
Add date field to score card.

Closes #17465
2025-06-02 23:15:33 +02:00
Stefan Eissing
a85f1df480
pytest tls: extend coverage
Add possibility to reload QUIC test server with another certificate. Add
tests for more coverage of handshakes.

Closes #17382
2025-05-19 13:30:02 +02:00
Stefan Eissing
30ef79ed93
pytest-xdist: pytest in parallel
Require now pytest-xdist from tests/http/requirements.txt and
run pytest in 'auto' parallel mode (counts cpu cores).

For CI runs, set the worker count to 4, overriding the
core count of 2 exposed in the images.

- use Filelock to generate allocated ports at start for all
  workers and have subsequent workers just read the file and
  take the ports for their slot
- make httpd config clearing a function fixture so every test
  starts with a clean httpd config
- have fixture `configures_httpd` as parameter of test cases
  that configure httpd anyway, saving one reload
- add pytest-xdist and filelock to required pyhton modules
- add installs to ruff CI
- give live checks waiting for a server to start up longer time
- add fixtures to tests that rely on a server
- do not stop servers unnecessarily. failures may not start them
  properly again, leading to unexpected fails in whatever follows
- add a https: port to httpd that is *not* back by QUIC to allow
  failover tests without stopping the QUIC server

Closes #17295
2025-05-15 21:44:31 +02:00
Stefan Eissing
68bd759c2b
QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
When a QUIC TLS session announced early data support and
'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and
body (up to the 128k we buffer) as 0RTT when curl is built with
ngtcp2+gnutls.

QUIC 0RTT needs not only the TLS session but the QUIC transport
paramters as well. Store those and the earlydata max value together with
the session in the cache.

Add test case for h3 use of this. Enable quic early data in nghttpx for
testing.

Closes #15667
2024-12-23 17:07:15 +01:00
Stefan Eissing
0d475da1c4
pytest: fix run against multissl curl
Changes to make a curl built with OpenSSL + GnuTLS to run successfully
in our pytests. Run

CURL_SSL_BACKEND=openssl pytest

to test a TLS backend other than the default.

Closes #15443
2024-10-29 11:13:56 +01:00
Stefan Eissing
962097b8dd
TLS: TLSv1.3 earlydata support for curl
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
  bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
  that ALPN protocol for negoptiation with the server. When the
  sessions ALPN does not match the connections ALPN, earlydata
  will not be enabled.
- Check that the server selected the correct ALPN protocol for
  an earlydata connect. If the server does not confirm or reports
  something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
  if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211
2024-10-11 12:28:22 +02:00
Dan Fandrich
57cc523378 tests: enable additional ruff Python lint options
These all seem reasonable to enable for this code.
2024-10-04 14:03:17 -07:00
Dan Fandrich
0f7ba5c5bf tests: change Python code style to pass ruff checks
Most of the changes consisted of removing unused imports and unnecessary
f-strings.
2024-10-04 14:02:05 -07:00
Dan Fandrich
2f3b7f20fb tests: fix some Python typing issues
These otherwise raise errors in pytype. A few problematic methods
weren't being used and are deleted.
2024-10-04 13:57:04 -07:00
Stefan Eissing
0535f6ec71
http3: initial support for OpenSSL 3.2 QUIC stack
- HTTP/3 for curl using OpenSSL's own QUIC stack together
  with nghttp3
- configure with `--with-openssl-quic` to enable curl to
  build this. This requires the nghttp3 library
- implementation with the following restrictions:
  * macOS has to use an unconnected UDP socket due to an
    issue in OpenSSL's datagram implementation
    See https://github.com/openssl/openssl/issues/23251
    This makes connections to non-reponsive servers hang.
  * GET requests will send the indicator that they have
    no body in a separate QUIC packet. This may result
    in processing delays or Transfer-Encodings on proxied
    requests
  * uploads that encounter blocks will use 100% cpu as
    detection of these flow control issue is not working
    (we have not figured out to pry that from OpenSSL).

Closes #12734
2024-01-22 16:15:45 +01:00
Viktor Szakats
ce3dce9015
tidy-up: mostly whitespace nits
- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.

Closes #11772
2023-08-31 23:02:10 +00:00
Stefan Eissing
4ae2d9f24d
proxy: http2 proxy tunnel implementation
- currently only on debug build and when env variable
  CURL_PROXY_TUNNEL_H2 is present.
- will ALPN negotiate with the proxy server and switch
  tunnel filter based on the protocol negotiated.
- http/1.1 tunnel code moved into cf-h1-proxy.[ch]
- http/2 tunnel code implemented in cf-h2-proxy.[ch]
- tunnel start and ALPN set remains in http_proxy.c
- moving all haproxy related code into cf-haproxy.[ch]

VTLS changes
- SSL filters rely solely on the "alpn" specification they
  are created with and no longer check conn->bits.tls_enable_alpn.
- checks on which ALPN specification to use (or none at all) are
  done in vtls.c when creating the filter.

Testing
- added a nghttpx forward proxy to the pytest setup that
  speaks HTTP/2 and forwards all requests to the Apache httpd
  forward proxy server.
- extending test coverage in test_10 cases
- adding proxy tests for direct/tunnel h1/h2 use of basic auth.
- adding test for http/1.1 and h2 proxy tunneling to pytest

Closes #10780
2023-04-06 13:04:46 +02:00
Daniel Stenberg
c46761bd8b
tests/http: remove year ranges from copyrights
Closes #10763
2023-03-15 00:05:29 +01:00
Stefan Eissing
e497a96a0e
tests: rename tests/tests-httpd to tests/http
- httpd is only one server we test with
 - the suite coveres the HTTP protocol in general where
   the default test cases need a more beefy environment

Closes #10654
2023-03-02 14:05:19 +01:00
Renamed from tests/tests-httpd/testenv/nghttpx.py (Browse further)