[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] HSTS ready
From: |
Ander Juaristi |
Subject: |
Re: [Bug-wget] HSTS ready |
Date: |
Mon, 06 Jul 2015 22:23:45 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
Hi,
I've reworked my patch according to Tim's suggestions:
- Removed the countchars() function.
- Removed the macros SEPARATOR, SETPARAM and COPYPARAM.
- Fixed some issues detected by Valgrind.
I also include the second patch with the test 'Test-hsts.py', plus some
modifications in the core testing engine. In short:
1. I've added a new optional parameter 'req_protocols', which allows to
specify with protocol we'll be making the request with. Until now, the request
protocol was coupled to the HTTP server: if the server was listening in HTTP,
the protocol passed to Wget was automatically 'http://', and there was no way
to override this. This need became apparent when testing HSTS, where we request
'http://', but expect Wget to rewrite it to 'https://', and thus we need an
HTTPS server. If this parameter is omitted, it preserves the original behaviour
in which the requested protocols are the same as the ones used by the server
(the parameter 'protocols').
test = HTTPTest(
name = TEST_NAME,
pre_hook = pre_test,
post_hook = post_test,
test_params = test_options,
protocols = Servers,
req_protocols = Requests
)
2. I've decoupled the calls to server_setup() and do_test(), and put them
into two different functions, setup() and begin(). The first one is used to
launch the test HTTP server, but not the test. The second one launches the test
itself, and, in case setup() hasn't been called before, it calls it. This way
we preserve backward-compatibility with original tests that only call begin(),
but not setup().
This is how the HSTS test, in 'Test-hsts.py' works: it first calls setup(), and
retrieves the port in which the HTTP server is listening. It then creates a
temporary HSTS database with that port, and launches Wget (with begin())
against it.
On 07/01/2015 04:47 PM, Ander Juaristi wrote:
Here goes the HSTS engine! Leave your comments, please.
I must say Tim's feedback was both strict and invaluable. Two good things :D
I'm very happy with the end result. I think it's of a high quality, which
wouldn't be if it wasn't for his feedback.
I'm late with the test cases, though. They'll follow in short. I thought they'd
be straightforward, as the other tests, but I noticed that the Python test
suite lacks some features which are needed to test HSTS, so I had to dig into
the core of the testing engine and tweak some things, while still maintaining
compatibility with existing tests. I hope I'll have them ready before next
week, so that we can discuss whether the approach I took to fulfil my
requirements for testing HSTS was the best one or not. Also, I hope that my
enhancements to the test suite core will be in some way beneficial for the
existing tests, and for those that will be written in the future, not only for
HSTS.
--
Regards,
- AJ
0001-Added-support-for-HSTS.patch
Description: Text Data
0002-Enhancements-in-testsuite-engine-new-HSTS-test.patch
Description: Text Data