diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2026-02-05 21:18:40 +0000 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2026-06-10 13:07:30 +0000 |
| commit | 49e91b96d9faeca50ab0b212174744938d446132 (patch) | |
| tree | 6b31bc0201214aa2d10a51b2edbf30032fa49889 /test/integration/test-apt-helper | |
| parent | 5b49a25a292dd3ed2355fadaca68753a72eb2422 (diff) | |
aptwebserver: Refuse client immediately on TLS handshake
We implement a HTTP-only server here (that is wrapped by stunnel for
HTTPS support), so if a TLS handshake reaches us it is always wrong
and we can just close the connection immediately instead of accepting
it and letting the client run into a timeout as we will never receive
the message(s) we expect.
This happens e.g. with browsers like Firefox that opportunistically
try https first (even if you ask for http and specify a port).
Diffstat (limited to 'test/integration/test-apt-helper')
| -rwxr-xr-x | test/integration/test-apt-helper | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper index 4f883b440..7c16d291e 100755 --- a/test/integration/test-apt-helper +++ b/test/integration/test-apt-helper @@ -12,6 +12,11 @@ changetohttpswebserver echo 'foo' > aptarchive/foo echo 'bar' > aptarchive/foo2 +msgtest 'aptwebserver instantly resets connection' 'on HTTP-only TLS' +# the reported error is currently (but that seems a bit brittle to check for explicitly): +# SSL connection failed: error:00000000:lib(0)::reason(0) / Connection reset by peer +testfailure --nomsg apthelper download-file "https://localhost:${APTHTTPPORT}/foo" './downloaded/foo' -o Acquire::Retries=0 + test_apt_helper_download() { msgmsg 'Test with' "$1" |
