tests: Improve error handling output and use regular string comparisons

As this project isn't exactly python focused apart from the test suite, I'll assume other contributors are probably not as experienced with python either. Since this is a rather technical test, the extra comments should help grok the functionality without floundering around with the docs. When the subprocess raises an exception due to an issue with the command (_eg using `-CAfile` arg to `openssl` with an invalid path_), the tests would output large walls of text that wasn't particularly helpful in troubleshooting the issue. `stderr` was also leaking out inbetween the test case results in the terminal, this has been resolved by ensuring that output is caught and piped, which keeps it available to python when an exception is raised. Identifying the actual error cause and location is now much nicer. Updated the output to be plain string content instead of byte strings, this works fine :)
2025-02-24 09:48:14 +00:00 · 2021-09-28 19:47:59 +13:00 · 2021-09-28 19:47:59 +13:00 · e81001615c
commit e81001615c
parent 1d2f308cdf
1 changed files with 22 additions and 10 deletions
--- a/test/test_ssl/test_dhparam.py
+++ b/test/test_ssl/test_dhparam.py
@ -62,31 +62,43 @@ def require_openssl(required_version):
 def negotiate_cipher(sut_container, additional_params='', grep='Cipher is'):
    host = f"{sut_container.attrs['NetworkSettings']['IPAddress']}:443"

-    return subprocess.check_output(
-        f"echo '' | openssl s_client -connect {host} -tls1_2 {additional_params} | grep '{grep}'",
-        shell=True
-    )
+    try:
+        # Enforce TLS 1.2 as newer versions don't support custom dhparam or ciphersuite preference.
+        # The empty `echo` is to provide `openssl` user input, so that the process exits: https://stackoverflow.com/a/28567565
+        # `shell=True` enables using a single string to execute as a shell command.
+        # `text=True` prevents the need to compare against byte strings.
+        # `stderr=subprocess.PIPE` removes the output to stderr being interleaved with test case status (output during exceptions).
+        return subprocess.check_output(
+            f"echo '' | openssl s_client -connect {host} -tls1_2 {additional_params} | grep '{grep}'",
+            shell=True,
+            text=True,
+            stderr=subprocess.PIPE,
+        )
+    except subprocess.CalledProcessError as e:
+        # Output a more helpful error, the original exception in this case isn't that helpful.
+        # `from None` to ignore undesired output from exception chaining.
+        raise Exception("Failed to process CLI request:\n" + e.stderr) from None


 def can_negotiate_dhe_ciphersuite(sut_container):
    r = negotiate_cipher(sut_container, "-cipher 'EDH'")
-    assert b"New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384\n" == r
+    assert "New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384\n" == r

    r2 = negotiate_cipher(sut_container, "-cipher 'EDH'", "Server Temp Key")
-    assert b"DH" in r2
+    assert "DH" in r2


 def cannot_negotiate_dhe_ciphersuite(sut_container):
    # Fail to negotiate a DHE cipher suite:
    r = negotiate_cipher(sut_container, "-cipher 'EDH'")
-    assert b"New, (NONE), Cipher is (NONE)\n" == r
+    assert "New, (NONE), Cipher is (NONE)\n" == r

    # Correctly establish a connection (TLS 1.2):
    r2 = negotiate_cipher(sut_container)
-    assert b"New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384\n" == r2
+    assert "New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384\n" == r2

    r3 = negotiate_cipher(sut_container, grep="Server Temp Key")
-    assert b"X25519" in r3
+    assert "X25519" in r3


 # Parse array of container ENV, splitting at the `=` and returning the value, otherwise `None`