Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't cache certificates #22

Merged
merged 7 commits into from
Dec 20, 2018
Merged

Don't cache certificates #22

merged 7 commits into from
Dec 20, 2018

Conversation

markrwilliams
Copy link
Collaborator

Caching prevents the txsni: endpoint from loading regenerated certificates.

What might regenerate certificates? txacme or certbot!

@markrwilliams
Copy link
Collaborator Author

The failed test:

txsni.test.test_txsni
  TestCommunication
    test_specific_certificate ...                                          [OK]
  TestNegotiationStillWorks
    test_specific_cert_still_negotiates ...                                [OK]
  TestSNIDirectoryParser
    test_recreated_certificates ...                                      [FAIL]
  TestSNIMap
    test_snimap_default ...                                                [OK]
    test_snimap_makes_its_own_defaults ...                                 [OK]
===============================================================================
[FAIL]
Traceback (most recent call last):
  File "/home/travis/build/glyph/txsni/txsni/test/test_txsni.py", line 304, in maybeRethrow
    exception[0].raiseException()
  File "/home/travis/build/glyph/txsni/.tox/py36-twlatest/lib/python3.6/site-packages/twisted/python/failure.py", line 467, in raiseException
    raise self.value.with_traceback(self.tb)
  File "/home/travis/build/glyph/txsni/.tox/py36-twlatest/lib/python3.6/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
  File "/home/travis/build/glyph/txsni/txsni/test/test_txsni.py", line 291, in confirm_cert
    assert_cert_is(self, cert, HTTP2BIN_CERT_PATH)
  File "/home/travis/build/glyph/txsni/txsni/test/test_txsni.py", line 180, in assert_cert_is
    target_cert.digest('sha256')
  File "/home/travis/build/glyph/txsni/.tox/py36-twlatest/lib/python3.6/site-packages/twisted/trial/_synctest.py", line 432, in assertEqual
    super(_Assertions, self).assertEqual(first, second, msg)
  File "/opt/python/3.6.3/lib/python3.6/unittest/case.py", line 829, in assertEqual
    assertion_func(first, second, msg=msg)
  File "/opt/python/3.6.3/lib/python3.6/unittest/case.py", line 822, in _baseAssertEqual
    raise self.failureException(msg)
twisted.trial.unittest.FailTest: b'F2:48:95:DF:0E:1A:A0:DE:4C:CD:17:40:45:C0[50 chars]0:4B' != b'10:19:9A:D7:B9:F1:18:EB:CC:B0:A0:65:F4:69[50 chars]5:5E'
txsni.test.test_txsni.TestSNIDirectoryParser.test_recreated_certificates
-------------------------------------------------------------------------------
Ran 5 tests in 0.521s
FAILED (failures=1, successes=4)

@markrwilliams
Don't Cache HostDirectoryMap.
d04ff74 
This allows SNIMap to always serve the latest certificates from the
file system.
@codecov-io
Copy link

codecov-io commented Dec 19, 2018
edited
Loading

Codecov Report

Merging #22 into master will increase coverage by 5.98%.
The diff coverage is 93.87%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #22      +/-   ##
==========================================
+ Coverage   87.77%   93.76%   +5.98%     
==========================================
  Files           7        6       -1     
  Lines         360      385      +25     
  Branches       27       28       +1     
==========================================
+ Hits          316      361      +45     
+ Misses         33       14      -19     
+ Partials       11       10       -1
Impacted Files Coverage Δ
txsni/test/certs/cert_builder.py 97.29% <100%> (+13.96%) ⬆️
txsni/parser.py 100% <100%> (+30%) ⬆️
txsni/snimap.py 91% <100%> (ø) ⬆️
txsni/test/test_txsni.py 94.19% <92.5%> (-0.85%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fc638e8...7a14957. Read the comment docs.

@markrwilliams
Remove Travis bootstrap scripts.
7a14957 
We don't need pyenv because we can get a new enough PyPy (5.8.0) for
cryptography by specifying "trusty" in .travis.yml

We don't need OpenSSL 1.0.2 because cryptography ships manylinux
wheels statically linked against OpenSSL 1.1
glyph
glyph approved these changes Dec 20, 2018
View reviewed changes
Copy link
Owner

@glyph glyph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Love the test coverage. Thanks!

@glyph glyph merged commit 7e934ee into glyph:master Dec 20, 2018
@glyph glyph mentioned this pull request Dec 20, 2018
Closed
@cdunklau cdunklau mentioned this pull request Jul 22, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glyph glyph glyph approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@markrwilliams @codecov-io @glyph