Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fix PKI OWS tests: use TLS 1.2
- Loading branch information
|
|
@@ -460,7 +460,7 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): |
|
|
keyfile=QGIS_SERVER_OAUTH2_KEY, |
|
|
server_side=True, |
|
|
# cert_reqs=ssl.CERT_REQUIRED, # No certs for OAuth2 |
|
|
ssl_version=ssl.PROTOCOL_TLSv1) |
|
|
ssl_version=ssl.PROTOCOL_TLSv1_2) |
|
|
else: |
|
|
server.socket = ssl.wrap_socket( |
|
|
server.socket, |
|
|
@@ -469,7 +469,7 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): |
|
|
ca_certs=QGIS_SERVER_PKI_AUTHORITY, |
|
|
cert_reqs=ssl.CERT_REQUIRED, |
|
|
server_side=True, |
|
|
ssl_version=ssl.PROTOCOL_TLSv1) |
|
|
ssl_version=ssl.PROTOCOL_TLSv1_2) |
|
|
|
|
|
print('Starting server on %s://%s:%s, use <Ctrl-C> to stop' % |
|
|
('https' if HTTPS_ENABLED else 'http', QGIS_SERVER_HOST, server.server_port), flush=True) |
|
|
|
|
|
@@ -64,9 +64,9 @@ def setUpAuth(cls): |
|
|
"""Run before all tests and set up authentication""" |
|
|
authm = QgsApplication.authManager() |
|
|
assert (authm.setMasterPassword('masterpassword', True)) |
|
|
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem') |
|
|
cls.sslcert = os.path.join(cls.certsdata_path, 'gerardus_cert.pem') |
|
|
cls.sslkey = os.path.join(cls.certsdata_path, 'gerardus_key.pem') |
|
|
cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'qgis_ca.crt') |
|
|
cls.sslcert = os.path.join(cls.certsdata_path, 'Gerardus.crt') |
|
|
cls.sslkey = os.path.join(cls.certsdata_path, 'Gerardus.key') |
|
|
assert os.path.isfile(cls.sslcert) |
|
|
assert os.path.isfile(cls.sslkey) |
|
|
assert os.path.isfile(cls.sslrootcert_path) |
|
|
@@ -86,10 +86,8 @@ def setUpAuth(cls): |
|
|
assert (authm.storeAuthenticationConfig(cls.auth_config)[0]) |
|
|
assert cls.auth_config.isValid() |
|
|
|
|
|
# cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem') |
|
|
cls.server_cert = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_cert.pem') |
|
|
# cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem') |
|
|
cls.server_key = os.path.join(cls.certsdata_path, '127_0_0_1_ssl_key.pem') |
|
|
cls.server_cert = os.path.join(cls.certsdata_path, '127_0_0_1.crt') |
|
|
cls.server_key = os.path.join(cls.certsdata_path, '127_0_0_1.key') |
|
|
cls.server_rootcert = cls.sslrootcert_path |
|
|
os.chmod(cls.server_cert, stat.S_IRUSR) |
|
|
os.chmod(cls.server_key, stat.S_IRUSR) |
|
|
@@ -115,7 +113,7 @@ def setUpClass(cls): |
|
|
except KeyError: |
|
|
pass |
|
|
cls.testdata_path = unitTestDataPath('qgis_server') |
|
|
cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys') |
|
|
cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys_2048') |
|
|
cls.project_path = os.path.join(cls.testdata_path, "test_project.qgs") |
|
|
# cls.hostname = 'localhost' |
|
|
cls.protocol = 'https' |
|
|
|
