Switch from property to method for openssl and add tests for coverage.

2026-06-07 07:42:08 -04:00 · 2020-02-14 14:25:48 -08:00 · 2020-02-14 14:25:48 -08:00 · 2864de6185
commit 2864de6185
parent 707511006c
2 changed files with 32 additions and 7 deletions
--- a/certbot-apache/certbot_apache/_internal/configurator.py
+++ b/certbot-apache/certbot_apache/_internal/configurator.py
@ -125,8 +125,8 @@ class ApacheConfigurator(common.Installer):
        """
        # Disabling TLS session tickets is supported by Apache 2.4.11+ and OpenSSL 1.0.2l+.
        # So for old versions of Apache we pick a configuration without this option.
-        if self.version < (2, 4, 11) or not self.openssl_version or\
-            LooseVersion(self.openssl_version) < LooseVersion('1.0.2l'):
+        if self.version < (2, 4, 11) or not self.openssl_version() or\
+            LooseVersion(self.openssl_version()) < LooseVersion('1.0.2l'):
            return apache_util.find_ssl_apache_conf("old")
        return apache_util.find_ssl_apache_conf("current")

@ -238,7 +238,6 @@ class ApacheConfigurator(common.Installer):
        """Full absolute path to digest of updated SSL configuration file."""
        return os.path.join(self.config.config_dir, constants.UPDATED_MOD_SSL_CONF_DIGEST)

-    @property
    def openssl_version(self):
        """Lazily retrieve openssl version"""
        if self._openssl_version:
@ -248,8 +247,6 @@ class ApacheConfigurator(common.Installer):
            ssl_module_location = self.parser.modules['ssl_module']
        except KeyError:
            return None
-        if not ssl_module_location:
-            return None
        # Step 2. Grep in the .so for openssl version
        try:
            with open(ssl_module_location) as f:
--- a/certbot-apache/tests/configurator_test.py
+++ b/certbot-apache/tests/configurator_test.py
@ -1802,10 +1802,38 @@ class InstallSslOptionsConfTest(util.ApacheTest):
            AH02556: "SSLOpenSSLConfCmd %s %s" applied to %s
            OpenSSL 1.0.2g  1 Mar 2016
            """
+        self.config.parser.modules['ssl_module'] = '/fake/path'
        with mock.patch("%s.open" % six.moves.builtins.__name__,
            mock.mock_open(read_data=some_string_contents)) as mock_file:
-            self.config.parser.modules['ssl_module'] = '/fake/path'
-            self.assertEqual(self.config.openssl_version, "1.0.2g")
+            self.assertEqual(self.config.openssl_version(), "1.0.2g")
+
+    def test_current_version(self):
+        self.config.version = (2, 4, 10)
+        self.config._openssl_version = '1.0.2m'
+        self.assertTrue('old' in self.config.pick_apache_config())
+
+        self.config.version = (2, 4, 11)
+        self.config._openssl_version = '1.0.2m'
+        self.assertTrue('current' in self.config.pick_apache_config())
+
+        self.config._openssl_version = '1.0.2a'
+        self.assertTrue('old' in self.config.pick_apache_config())
+
+    def test_openssl_version_errors(self):
+        self.config._openssl_version = '1.0.2a'
+        self.assertEqual(self.config.openssl_version(), '1.0.2a')
+
+        self.config._openssl_version = None
+        self.config.parser.modules['ssl_module'] = "/fake/path"
+        self.assertRaises(errors.PluginError, self.config.openssl_version)
+
+        contents_missing_openssl = "these contents won't match the regex"
+        with mock.patch("%s.open" % six.moves.builtins.__name__,
+            mock.mock_open(read_data=contents_missing_openssl)) as mock_file:
+            with mock.patch("certbot_apache._internal.configurator.logger.warning") as mock_log:
+                # Check that correct logger.warning was printed
+                self.assertEqual(self.config.openssl_version(), None)
+                self.assertTrue("Could not find" in mock_log.call_args[0][0])


 if __name__ == "__main__":