summaryrefslogtreecommitdiff
path: root/lib/custodian/protocoltest
AgeCommit message (Collapse)Author
2016-11-03Send the server-name-indicator (SNI) when falling back to legacy.3-send-sni-when-falling-back-to-opensslSteve Kemp
If ruby-based SSL negotiation fails then we fallback to invoking (horridly!) openssl directly. Until now this didn't send the SNI hostname to connect to, so it could only test the first/default SSL site that was listening upon a given IP address. This commit updates things such that we send the correct hostname, from the URL under-test.
2016-07-18Fallback to using `openssl` if we can't get certificates.Steve Kemp
Since the ruby version available to wheezy doesn't support TLS 1.2 fetching the certificate from remote HTTPS servers will fail, if that is all that is available. If we hit that condition, and only that one, we'll fall back to invoking `openssl` natively. This will allow us to monitor expiration-time for remote SSL certificates, but the downside is that we no longr receive the bundle that the remote server might send - so we cannot validate the signature chain. This closes #2.
2016-07-13Update error message for validation-failuSteve Kemp
2016-07-13Retry SSL checks on negotiation failure.release-0.29Steve Kemp
This prevents an endless loop.
2016-04-22More updates to silence rubocop style-guides.Steve Kemp
These warnings were largely whitespace-based.
2016-04-22Simplified the parsing of the TFTP URI.Steve Kemp
2016-04-21added tftp protocol testJames F. Carter
2016-02-10Don't allow limiting protocl on HTTP/HTTPS tests.root
We cannot allow HTTP/HTTPS to be limited by protocol, such as IPv4-only or IPv6-only. Raise an error in the parser if this is attempted. Added test-case to confirm, and this closes #12488.
2016-02-10Adjusted greediness of regex in http with contentPatrick J Cherry
It should match the next occurrence of the opening quote type, not the last.
2016-02-10Adjusted http with content string parsing.Patrick J Cherry
It now matches "can't match" and 'he said "ha!"'. Added tests.
2016-01-11Allow expected-test to be double-quoted.Steve Kemp
This changes the parser from only allowing this: http://example.com/ must run http with content 'reserved'. To allowing both of these: http://example.com/ must run http with content "reservered". http://example.com/ must run http with content 'reserved'.
2015-11-30Don't do SHA1 signature testing by default.Steve Kemp
2015-10-29Allow testng for weak certificate signing algorithms.Steve Kemp
This is a good thing to do, as Chrome will apaprently be refusing to show sites with SHA-1 in use over SHA-256. This closes #12358.
2015-08-26Catch "RecvErr" exceptions from curb.Steve Kemp
This prevents a slightly ugly backtrace instead of a genuinely useful report.
2015-08-04Override the alert-test-type for the SSL-expiry check.Steve Kemp
This allows better alerting.
2015-07-29Loosen teh grammar on tcp-tests.Steve Kemp
In the past we needed to write: must run tcp on 3306. Now we can add the "port" to match the rest of the tests: must run tcp on port 3306.
2015-07-29Added handler for running RDP-tests.Steve Kemp
This just does a TCP-connection to port 3389.
2015-04-16Updated test-handler for new API.Steve Kemp
This update consists of two changes: * No longer return "true" or "false" instead return "TEST_FAILED", or "TEST_SUCCEEDED". * Removed the testing of test-inversion from the class, now it lives in the base-class where it should have done all along.
2015-04-16Removed SMTP-relay test entirelySteve Kemp
2015-04-16Ensure we load our base-class.Steve Kemp
2015-04-16Fixed to be valid.Steve Kemp
Due to some sloppy edits this module was not correct.
2015-04-16Fixed syntax error.Steve Kemp
2015-03-09Show error-message clearly on connection-failure.Steve Kemp
This was failing because '$ERROR_INFO' is only available if you require 'English'
2015-03-09Updated to test for more whitespace issues.Steve Kemp
2015-03-09Removed trailing whitespace from the codeSteve Kemp
2015-03-09Remove spaces inside blocks.Steve Kemp
2015-03-09More minor space fixupsSteve Kemp
2015-03-09Whitespace fixups.Steve Kemp
These were all identified and suggested by rubocop.
2015-03-09Removed spaces inside parenthesis.Steve Kemp
2015-03-09Prefer single-quotes when you don't need interpolation.Steve Kemp
So "foo" is less good than 'foo'.
2015-03-09 Prefer single-quoted strings inside interpolations.Steve Kemp
2015-03-09Do not terminate expressions with ";".Steve Kemp
Ruby is not Perl, much as I sometimes wish it were.
2015-03-09Avoid redudent returns.Steve Kemp
The last expression of a method is the return value. So: def foo; false ; end Is the same as: def foo; return false; end
2015-03-09Don't use parenthesis aroudn conditions in an if.Steve Kemp
2015-03-09Do not use parentheses for method calls with no arguments.Steve Kemp
This is neater. Flagged by rubocop
2015-03-09Avoid "Array.new" and "Hash.new"Steve Kemp
Instead use {} + ().
2015-03-09Removed bogus period.Steve Kemp
2015-03-09Minor indentation fixup.Steve Kemp
2015-03-09Don't use "::" for method-calls.Steve Kemp
Instead prefer ".". Flagged by rubocop
2015-03-09Avoid redundent ".to_s" methods.Steve Kemp
These are not required if the argument is string already, or has a _to_s method which will be automatically invoked by magic.
2015-03-09Don't rescue the 'Exception'Steve Kemp
Instead rescue a 'StandardError' which is slightly more specific. (Rescuing more specific exceptions is good.)
2015-03-09Avoid useless wrapping of return-value.Steve Kemp
This: def foo line end Is the same as this: def foo return( line ) end
2015-03-09File.exists? is deprecated.Steve Kemp
We prefer "File.exist?". Flagged by rubocop.
2015-03-09Use long-namesSteve Kemp
Instead of "$0" use $PROGRAM_NAME, instead of $! use "$LOAD_PATH". This is more explicit and less-magic. Flagged by rubocop
2015-03-04Allow SSL-check to be disabled, via "no_ssl_check"Steve Kemp
2015-03-04New release - reporting SSL errors correctly.Steve Kemp
2015-03-04Work correctly if SSL library is too old for SNI.Steve Kemp
2015-03-04Allow tests to be qualified IPv4/IPv6-only.Steve Kemp
Via "ipv6_only" and "IPv4_only"
2015-03-02Allow IPv4 and IPv6 tests to be carried out.Steve Kemp
If a target is a hostname we'll explicitly resolve it for both IPv4 and IPv6.
2015-03-02Added named-test.Steve Kemp
THis tests that a server is listening on :53.