diff --git a/certloader/acmetlsconfig.go b/certloader/acmetlsconfig.go index eeda7a8762..fe9bfd59ec 100644 --- a/certloader/acmetlsconfig.go +++ b/certloader/acmetlsconfig.go @@ -49,6 +49,7 @@ type ACMEConfig struct { MaxAttempts int } +// TLSConfigSourceFromACME creates a TLSConfigSource that obtains certificates via ACME. func TLSConfigSourceFromACME(acme *ACMEConfig) (TLSConfigSource, error) { certmagic.DefaultACME.DisableHTTPChallenge = true certmagic.DefaultACME.Agreed = acme.TOSAgreed diff --git a/certloader/decode.go b/certloader/decode.go index 5bed749a82..1f15ab2a1d 100644 --- a/certloader/decode.go +++ b/certloader/decode.go @@ -153,7 +153,7 @@ func readDERBlocks(reader io.Reader) ([]*pem.Block, error) { return blocks, nil } - return nil, fmt.Errorf("unable to parse DER data as X.509 (%v) or PKCS7 (%v)", err0, err1) + return nil, fmt.Errorf("unable to parse DER data as X.509 (%w) or PKCS7 (%w)", err0, err1) } func readPKCS12Blocks(reader io.Reader, password string) ([]*pem.Block, error) { diff --git a/certloader/jceks/modutf8.go b/certloader/jceks/modutf8.go index cdd0a8e896..62386109ec 100644 --- a/certloader/jceks/modutf8.go +++ b/certloader/jceks/modutf8.go @@ -48,7 +48,7 @@ func readModifiedUTF8(r io.Reader) (string, error) { var err error buf[0], err = br.ReadByte() if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } @@ -70,7 +70,7 @@ func readModifiedUTF8(r io.Reader) (string, error) { buf[1], err = br.ReadByte() if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { err = io.ErrUnexpectedEOF } @@ -97,7 +97,7 @@ func readModifiedUTF8(r io.Reader) (string, error) { buf[2], err = br.ReadByte() if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { err = io.ErrUnexpectedEOF } diff --git a/certloader/tlsconfig.go b/certloader/tlsconfig.go index ef405fa08e..58a7433296 100644 --- a/certloader/tlsconfig.go +++ b/certloader/tlsconfig.go @@ -39,8 +39,8 @@ type TLSConfigSource interface { // GetServerConfig returns a TLSServerConfig interface that can be used to // obtain TLS server configuration. The base configuration is cloned and - // used as a base for all returned TLS configuration. If the TLSConfig is - // not appropriate for use as a server, false is returned. + // used as a base for all returned TLS configuration. If the source is + // not appropriate for use as a server, an error is returned. GetServerConfig(base *tls.Config) (TLSServerConfig, error) } diff --git a/certstore/certstore_darwin.go b/certstore/certstore_darwin.go index 0149d77fcb..d753675959 100644 --- a/certstore/certstore_darwin.go +++ b/certstore/certstore_darwin.go @@ -16,6 +16,8 @@ import ( "fmt" "io" "log" + "sync" + "sync/atomic" "unsafe" ) @@ -117,9 +119,10 @@ func (s macStore) Close() {} // macIdentity implements the Identity interface. type macIdentity struct { + mu sync.Mutex ref C.SecIdentityRef - kref C.SecKeyRef - cref C.SecCertificateRef + kref atomic.Uintptr + cref atomic.Uintptr crt *x509.Certificate chain []*x509.Certificate } @@ -158,6 +161,7 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) { } policy := C.SecPolicyCreateSSL(0, nilCFStringRef) + defer C.CFRelease(C.CFTypeRef(policy)) var trustRef C.SecTrustRef if err := osStatusError(C.SecTrustCreateWithCertificates(C.CFTypeRef(certRef), C.CFTypeRef(policy), &trustRef)); err != nil { @@ -170,6 +174,9 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) { // us if the chain isn't trusted by the underlying system. var cerr C.CFErrorRef C.SecTrustEvaluateWithError(trustRef, &cerr) + if cerr != nilCFErrorRef { + C.CFRelease(C.CFTypeRef(cerr)) + } var ( nchain = C.SecTrustGetCertificateCount(trustRef) @@ -237,19 +244,20 @@ func (i *macIdentity) Delete() error { // Close implements the Identity interface. func (i *macIdentity) Close() { + i.mu.Lock() + defer i.mu.Unlock() + if i.ref != nilSecIdentityRef { C.CFRelease(C.CFTypeRef(i.ref)) i.ref = nilSecIdentityRef } - if i.kref != nilSecKeyRef { - C.CFRelease(C.CFTypeRef(i.kref)) - i.kref = nilSecKeyRef + if kref := C.SecKeyRef(i.kref.Swap(uintptr(nilSecKeyRef))); kref != nilSecKeyRef { + C.CFRelease(C.CFTypeRef(kref)) } - if i.cref != nilSecCertificateRef { - C.CFRelease(C.CFTypeRef(i.cref)) - i.cref = nilSecCertificateRef + if cref := C.SecCertificateRef(i.cref.Swap(uintptr(nilSecCertificateRef))); cref != nilSecCertificateRef { + C.CFRelease(C.CFTypeRef(cref)) } } @@ -378,10 +386,17 @@ func (i *macIdentity) getAlgo(hash crypto.Hash, opts crypto.SignerOpts) (algo C. return } -// getKeyRef gets the SecKeyRef for this identity's pricate key. +// getKeyRef gets the SecKeyRef for this identity's private key. func (i *macIdentity) getKeyRef() (C.SecKeyRef, error) { - if i.kref != nilSecKeyRef { - return i.kref, nil + if kref := C.SecKeyRef(i.kref.Load()); kref != nilSecKeyRef { + return kref, nil + } + + i.mu.Lock() + defer i.mu.Unlock() + + if kref := C.SecKeyRef(i.kref.Load()); kref != nilSecKeyRef { + return kref, nil } var keyRef C.SecKeyRef @@ -389,15 +404,22 @@ func (i *macIdentity) getKeyRef() (C.SecKeyRef, error) { return nilSecKeyRef, err } - i.kref = keyRef + i.kref.Store(uintptr(keyRef)) - return i.kref, nil + return keyRef, nil } // getCertRef gets the SecCertificateRef for this identity's certificate. func (i *macIdentity) getCertRef() (C.SecCertificateRef, error) { - if i.cref != nilSecCertificateRef { - return i.cref, nil + if cref := C.SecCertificateRef(i.cref.Load()); cref != nilSecCertificateRef { + return cref, nil + } + + i.mu.Lock() + defer i.mu.Unlock() + + if cref := C.SecCertificateRef(i.cref.Load()); cref != nilSecCertificateRef { + return cref, nil } var certRef C.SecCertificateRef @@ -405,9 +427,9 @@ func (i *macIdentity) getCertRef() (C.SecCertificateRef, error) { return nilSecCertificateRef, err } - i.cref = certRef + i.cref.Store(uintptr(certRef)) - return i.cref, nil + return certRef, nil } // exportCertRef gets a *x509.Certificate for the given SecCertificateRef. diff --git a/policy/policy.go b/policy/policy.go index 7e6bbd2759..e219fe0740 100644 --- a/policy/policy.go +++ b/policy/policy.go @@ -20,7 +20,7 @@ import ( "github.com/open-policy-agent/opa/v1/rego" ) -// Policy wraps a OPA policy and supports reloading at runtime. +// Policy wraps an OPA policy and supports reloading at runtime. type Policy interface { // Reload will reload the policy. Subsequent calls to Evaluate will run // the newly loaded policy, if reloading was successful. If reloading fails, diff --git a/tests/common.py b/tests/common.py index a34e9ecefc..41f1230f2d 100755 --- a/tests/common.py +++ b/tests/common.py @@ -362,11 +362,21 @@ def check_keytool(): print("keytool not available", file=sys.stderr) sys.exit(2) -def skip_on_windows(reason="not supported on Windows"): - """Skip the test on Windows.""" - if IS_WINDOWS: - print(reason, file=sys.stderr) - sys.exit(2) +def require_platform(*platforms): + """Skip the test unless running on one of the specified platforms. + + Platform names match platform.system() output: 'Darwin', 'Linux', 'Windows'. + The special name 'BSD' matches any platform ending in 'BSD' + (e.g. FreeBSD, OpenBSD, NetBSD). + """ + current = platform.system() + if current in platforms: + return + if 'BSD' in platforms and current.endswith('BSD'): + return + print("skipped: requires {0} (running on {1})".format( + '/'.join(platforms), current), file=sys.stderr) + sys.exit(2) def reload_args(): """Extra args to enable certificate reload on Windows via --timed-reload.""" diff --git a/tests/test-client-handles-client-closes-connection-unix.py b/tests/test-client-handles-client-closes-connection-unix.py index 356ca11cde..59e7c9f264 100755 --- a/tests/test-client-handles-client-closes-connection-unix.py +++ b/tests/test-client-handles-client-closes-connection-unix.py @@ -4,9 +4,9 @@ Ensures when client disconnects that the server connection also disconnects, with UNIX sockets. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, skip_on_windows, terminate, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, require_platform, terminate, TARGET_PORT -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-client-handles-server-closes-connection-unix.py b/tests/test-client-handles-server-closes-connection-unix.py index 2b08b30bf1..c7c5c3d8c7 100755 --- a/tests/test-client-handles-server-closes-connection-unix.py +++ b/tests/test-client-handles-server-closes-connection-unix.py @@ -4,9 +4,9 @@ Ensures when server disconnects that the client connection also disconnects, with UNIX sockets. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, skip_on_windows, terminate, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixClient, TlsServer, print_ok, run_ghostunnel, require_platform, terminate, TARGET_PORT -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-client-launchd-socket-activation-error.py b/tests/test-client-launchd-socket-activation-error.py index 3de114d714..007215a1d0 100755 --- a/tests/test-client-launchd-socket-activation-error.py +++ b/tests/test-client-launchd-socket-activation-error.py @@ -4,9 +4,9 @@ Spins up a client and tests systemd socket activation. """ -from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, skip_on_windows, terminate +from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, require_platform, terminate -skip_on_windows("requires launchd") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None diff --git a/tests/test-client-listen-port-conflict.py b/tests/test-client-listen-port-conflict.py old mode 100644 new mode 100755 diff --git a/tests/test-client-shutdown-sigterm.py b/tests/test-client-shutdown-sigterm.py index 63ff7e3dc3..4dfd1fafad 100755 --- a/tests/test-client-shutdown-sigterm.py +++ b/tests/test-client-shutdown-sigterm.py @@ -1,10 +1,10 @@ #!/usr/bin/env python3 -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpClient, TlsClient, TlsServer, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpClient, TlsClient, TlsServer, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT import time import os -skip_on_windows("SIGTERM not supported") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-client-shutdown-timeout.py b/tests/test-client-shutdown-timeout.py index ffbf28002a..7ad73f7095 100755 --- a/tests/test-client-shutdown-timeout.py +++ b/tests/test-client-shutdown-timeout.py @@ -1,10 +1,10 @@ #!/usr/bin/env python3 -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpClient, TlsClient, TlsServer, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpClient, TlsClient, TlsServer, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT import time import os -skip_on_windows("SIGTERM not supported") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-client-systemd-socket-activation-error.py b/tests/test-client-systemd-socket-activation-error.py index 9c382ecce5..36a5cf58d0 100755 --- a/tests/test-client-systemd-socket-activation-error.py +++ b/tests/test-client-systemd-socket-activation-error.py @@ -4,9 +4,9 @@ Spins up a client and tests systemd socket activation. """ -from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, skip_on_windows, terminate +from common import LOCALHOST, RootCert, STATUS_PORT, print_ok, run_ghostunnel, require_platform, terminate -skip_on_windows("requires systemd") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None diff --git a/tests/test-client-systemd-socket-activation.py b/tests/test-client-systemd-socket-activation.py index 71879b71e1..fe93ef7bf5 100755 --- a/tests/test-client-systemd-socket-activation.py +++ b/tests/test-client-systemd-socket-activation.py @@ -4,11 +4,11 @@ Spins up a client and tests systemd socket activation. """ -from common import LOCALHOST, RootCert, STATUS_PORT, TcpClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, TcpClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT from shutil import which import sys -skip_on_windows("requires systemd") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None diff --git a/tests/test-client-unix-socket-backend.py b/tests/test-client-unix-socket-backend.py index e1caeecad6..6f08b58d60 100755 --- a/tests/test-client-unix-socket-backend.py +++ b/tests/test-client-unix-socket-backend.py @@ -4,11 +4,11 @@ Ensures ghostunnel can listen on a unix socket. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TlsServer, UnixClient, print_ok, run_ghostunnel, skip_on_windows, terminate, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TlsServer, UnixClient, print_ok, run_ghostunnel, require_platform, terminate, TARGET_PORT import os import os.path -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-client-verify-cn.py b/tests/test-client-verify-cn.py old mode 100644 new mode 100755 diff --git a/tests/test-client-verify-ou.py b/tests/test-client-verify-ou.py old mode 100644 new mode 100755 diff --git a/tests/test-server-allow-all.py b/tests/test-server-allow-all.py old mode 100644 new mode 100755 diff --git a/tests/test-server-handles-client-closes-connection-unix.py b/tests/test-server-handles-client-closes-connection-unix.py index 4ddc88eb4b..8f4bbb8282 100755 --- a/tests/test-server-handles-client-closes-connection-unix.py +++ b/tests/test-server-handles-client-closes-connection-unix.py @@ -4,9 +4,9 @@ Ensures when client disconnects that the server connection also disconnects, with UNIX sockets. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixServer, TlsClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixServer, TlsClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-handles-server-closes-connection-unix.py b/tests/test-server-handles-server-closes-connection-unix.py index 42b8466c1f..3f2077d5e7 100755 --- a/tests/test-server-handles-server-closes-connection-unix.py +++ b/tests/test-server-handles-server-closes-connection-unix.py @@ -4,9 +4,9 @@ Ensures when server disconnects that the client connection also disconnects, with UNIX sockets. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixServer, TlsClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, UnixServer, TlsClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-invalid-uri-pattern.py b/tests/test-server-invalid-uri-pattern.py old mode 100644 new mode 100755 diff --git a/tests/test-server-keychain-identity.py b/tests/test-server-keychain-identity.py new file mode 100644 index 0000000000..78f89ff852 --- /dev/null +++ b/tests/test-server-keychain-identity.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python3 + +""" +Tests that ghostunnel server mode works with a macOS keychain identity +loaded via --keychain-identity flag. Creates a temporary keychain, +imports a test identity into it via the security CLI, and cleans up +after the test. +""" + +import os +import subprocess +from common import (LOCALHOST, LISTEN_PORT, RootCert, STATUS_PORT, + SocketPair, TARGET_PORT, TcpServer, TlsClient, print_ok, + run_ghostunnel, require_platform, terminate) + +KEYCHAIN_PASSWORD = 'keychain-test-password' +KEYCHAIN_PATH = os.path.join(os.getcwd(), 'ghostunnel-test.keychain') +P12_PASSWORD = 'testpass' + +# Save original keychain search list so we can restore it. +_original_keychains = None + + +def _parse_keychain_paths(output): + """Parse output of `security list-keychains` into a list of paths.""" + paths = [] + for line in output.strip().splitlines(): + kc = line.strip().strip('"') + if kc: + paths.append(kc) + return paths + + +def setup_temp_keychain(p12_path, p12_password): + """Create a temporary keychain, import a PKCS#12 identity, and add + the keychain to the search list so SecItemCopyMatching can find it.""" + global _original_keychains + + # Save original search list + out = subprocess.check_output( + ['security', 'list-keychains', '-d', 'user'], + text=True) + _original_keychains = _parse_keychain_paths(out) + + # Create temporary keychain + subprocess.check_call( + ['security', 'create-keychain', '-p', KEYCHAIN_PASSWORD, KEYCHAIN_PATH]) + + # Disable auto-lock + subprocess.check_call( + ['security', 'set-keychain-settings', KEYCHAIN_PATH]) + + # Unlock + subprocess.check_call( + ['security', 'unlock-keychain', '-p', KEYCHAIN_PASSWORD, KEYCHAIN_PATH]) + + # Import PKCS#12 identity (-A allows all applications to access) + subprocess.check_call( + ['security', 'import', p12_path, '-k', KEYCHAIN_PATH, + '-f', 'pkcs12', '-P', p12_password, '-A']) + + # Prepend temp keychain to user search list + subprocess.check_call( + ['security', 'list-keychains', '-d', 'user', '-s', KEYCHAIN_PATH] + + _original_keychains) + + +def cleanup_temp_keychain(): + """Restore original keychain search list and delete temp keychain.""" + try: + if _original_keychains is not None: + subprocess.call( + ['security', 'list-keychains', '-d', 'user', '-s'] + + _original_keychains) + subprocess.call(['security', 'delete-keychain', KEYCHAIN_PATH]) + except Exception as e: + print("warning: keychain cleanup failed: {}".format(e)) + + +require_platform('Darwin') + +ghostunnel = None +try: + # Create certs + root = RootCert('root') + root.create_signed_cert('server', p12_password=P12_PASSWORD) + root.create_signed_cert('client', p12_password=None) + + # Set up temporary keychain with server identity + setup_temp_keychain(os.path.abspath('server.p12'), P12_PASSWORD) + + # Start ghostunnel with keychain identity + ghostunnel = run_ghostunnel(['server', + '--listen={0}:{1}'.format(LOCALHOST, LISTEN_PORT), + '--target={0}:{1}'.format(LOCALHOST, TARGET_PORT), + '--keychain-identity=server', + '--cacert=root.crt', + '--allow-ou=client', + '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) + + # Validate the tunnel works + pair = SocketPair( + TlsClient('client', 'root', LISTEN_PORT), TcpServer(TARGET_PORT)) + pair.validate_can_send_from_client("hello", "client -> server") + pair.validate_can_send_from_server("world", "server -> client") + pair.validate_tunnel_ou("server", "ou=server") + pair.validate_closing_client_closes_server("client close -> server close") + + print_ok("OK") +finally: + terminate(ghostunnel) + cleanup_temp_keychain() diff --git a/tests/test-server-keystore-jceks.py b/tests/test-server-keystore-jceks.py index 70747b2e81..882c79ab15 100755 --- a/tests/test-server-keystore-jceks.py +++ b/tests/test-server-keystore-jceks.py @@ -9,9 +9,9 @@ using keytool -importkeystore. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, check_keytool, convert_p12_to_jceks, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, check_keytool, convert_p12_to_jceks, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT -skip_on_windows("requires keytool/JCEKS") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-listen-port-conflict.py b/tests/test-server-listen-port-conflict.py old mode 100644 new mode 100755 diff --git a/tests/test-server-max-concurrent-conns.py b/tests/test-server-max-concurrent-conns.py old mode 100644 new mode 100755 diff --git a/tests/test-server-pkcs11-module.py b/tests/test-server-pkcs11-module.py index 80a6b89bac..1dac5ce134 100755 --- a/tests/test-server-pkcs11-module.py +++ b/tests/test-server-pkcs11-module.py @@ -4,13 +4,13 @@ Test that ensures that PKCS11 module support works. """ -from common import LOCALHOST, STATUS_PORT, SocketPair, TcpClient, TcpServer, TlsClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT, _ROOT_DIR +from common import LOCALHOST, STATUS_PORT, SocketPair, TcpClient, TcpServer, TlsClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT, _ROOT_DIR from shutil import copyfile import os import signal import sys -skip_on_windows("requires PKCS#11") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-proxy-protocol.py b/tests/test-server-proxy-protocol.py old mode 100644 new mode 100755 diff --git a/tests/test-server-shutdown-sigterm.py b/tests/test-server-shutdown-sigterm.py index eb62eabab8..504557f82b 100755 --- a/tests/test-server-shutdown-sigterm.py +++ b/tests/test-server-shutdown-sigterm.py @@ -1,10 +1,10 @@ #!/usr/bin/env python3 -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT import time import os -skip_on_windows("SIGTERM not supported") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-shutdown-timeout.py b/tests/test-server-shutdown-timeout.py index a36d540669..b2fd0cf69b 100755 --- a/tests/test-server-shutdown-timeout.py +++ b/tests/test-server-shutdown-timeout.py @@ -1,10 +1,10 @@ #!/usr/bin/env python3 -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT, TARGET_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TcpServer, TlsClient, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT, TARGET_PORT import time import os -skip_on_windows("SIGTERM not supported") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: diff --git a/tests/test-server-status-port-unix.py b/tests/test-server-status-port-unix.py index 9b7b457deb..ce55ddc0ba 100755 --- a/tests/test-server-status-port-unix.py +++ b/tests/test-server-status-port-unix.py @@ -5,11 +5,11 @@ works. """ -from common import LOCALHOST, RootCert, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT +from common import LOCALHOST, RootCert, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT from tempfile import mkdtemp from shutil import rmtree -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') import socket import time import os diff --git a/tests/test-server-target-status.py b/tests/test-server-target-status.py old mode 100644 new mode 100755 diff --git a/tests/test-server-unix-socket-backend.py b/tests/test-server-unix-socket-backend.py index 9d52ef8092..3842161d2b 100755 --- a/tests/test-server-unix-socket-backend.py +++ b/tests/test-server-unix-socket-backend.py @@ -4,9 +4,9 @@ Ensures ghostunnel can connect to a unix socket. """ -from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TlsClient, UnixServer, print_ok, run_ghostunnel, skip_on_windows, terminate, LISTEN_PORT +from common import LOCALHOST, RootCert, STATUS_PORT, SocketPair, TlsClient, UnixServer, print_ok, run_ghostunnel, require_platform, terminate, LISTEN_PORT -skip_on_windows("requires Unix sockets") +require_platform('Darwin', 'Linux', 'BSD') ghostunnel = None try: