Fixes the HSTS QA entries. They work with SSL now.

skinkie · Nov 20, 2011 · 4536bb7 · 4536bb7
1 parent 5eac693
commit 4536bb7
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 7 deletions.
diff --git a/qa/292-HSTS1.py b/qa/292-HSTS1.py
@@ -12,18 +12,32 @@
 vserver!2920!rule!1!handler = dirlist
 """
 
+# 6.2.  HTTP Request Type
+#
+#   If a HSTS Host receives a HTTP request message over a non-secure
+#   transport, it SHOULD send a HTTP response message containing a
+#   Status-Code of 301 and a Location header field value containing
+#   either the HTTP request's original Effective Request URI (see
+#   Section 12 "Constructing an Effective Request URI", below) altered as
+#   necessary to have a URI scheme of "https", or a URI generated
+#   according to local policy (which SHOULD employ a URI scheme of
+#   "https").
+
 class Test (TestBase):
     def __init__ (self):
         TestBase.__init__ (self, __file__)
         self.name             = "HSTS: Error code and Header"
         self.request          = "HTTP / HTTP/1.0\r\n" + \
                                 "Host: %s\r\n" %(NICK)
         self.expected_error   = 301
-        self.expected_content = ["Strict-Transport-Security:", "max-age=%d"%(MAX_AGE)]
+        self.expected_content = ["https://"]
 
     def Prepare (self, www):
         droot = self.Mkdir (www, "%s_droot"%(NICK))
 
         vars = globals()
         vars.update(locals())
         self.conf = CONF %(vars)
+
+    def Precondition (self):
+        return not self.is_ssl
diff --git a/qa/293-HSTS-subdomains1.py b/qa/293-HSTS-subdomains1.py
@@ -11,13 +11,23 @@
 vserver!2930!rule!1!handler = dirlist
 """
 
+# 6.1.  HTTP-over-Secure-Transport Request Type
+#
+#   When replying to an HTTP request that was conveyed over a secure
+#   transport, a HSTS Host SHOULD include in its response message a
+#   Strict-Transport-Security HTTP Response Header that MUST satisfy the
+#   grammar specified above in Section 5.1 "Strict-Transport-Security
+#   HTTP Response Header Field".  If a Strict-Transport-Security HTTP
+#   Response Header is included, the HSTS Host MUST include only one such
+#   header.
+
 class Test (TestBase):
     def __init__ (self):
         TestBase.__init__ (self, __file__)
-        self.name             = "HSTS: with Subdomains"
-        self.request          = "HTTP / HTTP/1.0\r\n" + \
+        self.name             = "HSTS over SSL"
+        self.request          = "GET / HTTP/1.0\r\n" + \
                                 "Host: %s\r\n" %(NICK)
-        self.expected_error   = 301
+        self.expected_error   = 200
         self.expected_content = ["Strict-Transport-Security:", "includeSubdomains"]
 
     def Prepare (self, www):
@@ -26,3 +36,6 @@ def Prepare (self, www):
         vars = globals()
         vars.update(locals())
         self.conf = CONF %(vars)
+
+    def Precondition (self):
+        return self.is_ssl
diff --git a/qa/294-HSTS-subdomains2.py b/qa/294-HSTS-subdomains2.py
@@ -14,10 +14,10 @@
 class Test (TestBase):
     def __init__ (self):
         TestBase.__init__ (self, __file__)
-        self.name              = "HSTS: without Subdomains"
-        self.request           = "HTTP / HTTP/1.0\r\n" + \
+        self.name              = "HSTS over SSL: without Subdomains"
+        self.request           = "GET / HTTP/1.0\r\n" + \
                                  "Host: %s\r\n" %(NICK)
-        self.expected_error    = 301
+        self.expected_error    = 200
         self.expected_content  = ["Strict-Transport-Security:"]
         self.forbidden_content = ["includeSubdomains"]
 
@@ -27,3 +27,6 @@ def Prepare (self, www):
         vars = globals()
         vars.update(locals())
         self.conf = CONF %(vars)
+
+    def Precondition (self):
+        return self.is_ssl