test_ssl: reorganize to continue test on error/warning

b2013e79 · Nicolas KAROLAK · 63790f57 · b2013e79
Commit b2013e79 authored 6 years ago by Nicolas KAROLAK
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -36,6 +36,9 @@ conf_servers = (
    ('CM_SERVER_NAME', 'campusmanager'),
 )
+all_ok = True
+failure = False
 with open('/etc/hosts', 'r') as fo:
    hosts = fo.read()
@@ -47,34 +50,39 @@ for s, d in conf_servers:
    if v not in hosts:
        # the domain is not in the hosts file, the service is surely not installed
        continue
-    try:
-        # further tests
-        conn = ssl.create_connection((v, 443))
-        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        sock = context.wrap_socket(conn, server_hostname=v)
-        cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
-        x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
-        not_after = x509.get_notAfter().decode('ascii')
-        expires = datetime.datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
+    conn = ssl.create_connection((v, 443))
-        print('TLS cert for {} expires at {}'.format(v, expires.isoformat()))
+    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+    sock = context.wrap_socket(conn, server_hostname=v)
+    cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
+    x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
+    not_after = x509.get_notAfter().decode('ascii')
+    expires = datetime.datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
+    print('TLS cert for {} expires at {}'.format(v, expires.isoformat()))
-        remaining = expires - datetime.datetime.utcnow()
+    remaining = expires - datetime.datetime.utcnow()
-        if remaining < datetime.timedelta(days=0):
+    if remaining < datetime.timedelta(days=0):
-            print('Error, already expired…')
+        print('Error, already expired…')
-            sys.exit(1)
+        failure = True
-        elif remaining < datetime.timedelta(days=14):
+    elif remaining < datetime.timedelta(days=14):
-            print('Warning, will expire soon!')
+        print('Warning, will expire soon!')
-            sys.exit(3)
+        all_ok = False
-        else:
+    else:
-            print('Good, enough time before expiration.')
+        print('Good, enough time before expiration.')
+    try:
        url = 'https://%s' % v
        print('Checking TLS certificate of %s' % url)
        requests.get(url)
    except requests.exceptions.SSLError:
        print('%sTLS certificate for %s is not valid%s' % (YELLOW, url, DEF))
-        sys.exit(3)
+        all_ok = False
+if failure:
+    sys.exit(1)
+if not all_ok:
+    sys.exit(3)
 sys.exit(0)