mbedtls: fix pytest for newer versions

Fix the expectations in pytest for newer versions of mbedtls Closes #13132
2024-12-27 06:59:43 +08:00 · 2024-03-15 10:10:13 +01:00 · 2024-03-15 10:10:13 +01:00 · 3d0fd382a2
commit 3d0fd382a2
parent 79cdae4fc7
3 changed files with 24 additions and 13 deletions
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@ -687,14 +687,13 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
                              &backend->clicert, &backend->pk);
  }

-  if(connssl->peer.sni) {
-    if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni)) {
-      /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
-         the name to set in the SNI extension. So even if curl connects to a
-         host specified as an IP address, this function must be used. */
-      failf(data, "Failed to set SNI");
-      return CURLE_SSL_CONNECT_ERROR;
-    }
+  if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni?
+                              connssl->peer.sni : connssl->peer.hostname)) {
+    /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and
+       the name to set in the SNI extension. So even if curl connects to a
+       host specified as an IP address, this function must be used. */
+    failf(data, "Failed to set SNI");
+    return CURLE_SSL_CONNECT_ERROR;
  }

 #ifdef HAS_ALPN
--- a/tests/http/test_10_proxy.py
+++ b/tests/http/test_10_proxy.py
@ -362,6 +362,10 @@ class TestProxy:
        xargs = curl.get_proxy_args(proto=proto, use_ip=True)
        r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
                               extra_args=xargs)
-        r.check_response(count=1, http_status=200,
-                         protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1')
+        if env.curl_uses_lib('mbedtls') and \
+                not env.curl_lib_version_at_least('mbedtls', '3.5.0'):
+            r.check_exit_code(60) # CURLE_PEER_FAILED_VERIFICATION
+        else:
+            r.check_response(count=1, http_status=200,
+                             protocol='HTTP/2' if proto == 'h2' else 'HTTP/1.1')

--- a/tests/http/testenv/env.py
+++ b/tests/http/testenv/env.py
@ -185,15 +185,15 @@ class EnvConfig:
                log.error(f'{self.apxs} failed to run: {e}')
        return self._httpd_version

-    def _versiontuple(self, v):
+    def versiontuple(self, v):
        v = re.sub(r'(\d+\.\d+(\.\d+)?)(-\S+)?', r'\1', v)
        return tuple(map(int, v.split('.')))

    def httpd_is_at_least(self, minv):
        if self.httpd_version is None:
            return False
-        hv = self._versiontuple(self.httpd_version)
-        return hv >= self._versiontuple(minv)
+        hv = self.versiontuple(self.httpd_version)
+        return hv >= self.versiontuple(minv)

    def is_complete(self) -> bool:
        return os.path.isfile(self.httpd) and \
@ -275,6 +275,14 @@ class Env:
                return lversion[len(prefix):]
        return 'unknown'

+    @staticmethod
+    def curl_lib_version_at_least(libname: str, min_version) -> str:
+        lversion = Env.curl_lib_version(libname)
+        if lversion != 'unknown':
+            return Env.CONFIG.versiontuple(min_version) <= \
+                   Env.CONFIG.versiontuple(lversion)
+        return False
+
    @staticmethod
    def curl_os() -> str:
        return Env.CONFIG.curl_props['os']