tests/http: add pytest to GHA and improve tests

- added to: ngtcp2-quictls, ngtcp2-gnutls and the linux varians
  quiche, bearssl, libressl, mbedtls, openssl3, rustls
- added disabled in ngtcp2-wolfssl due to weird SSL_connect() errors
  not reproducable locally

Improvements on pytest:

-  handling of systems with nghttpx in $PATH
   - configure will seach $PATH got nghttpx used in pytest
   - pytest fixes for managing nghttpx without h3 support
   - ngtcp2-wolfssl: use a fully enabled wolfssl build

- lower parallel count for http/1.1 tests, since we do not
   want to test excessive connections.
- check built curl for HTTPS-proxy support in proxy tests
- bearssl does not like one of our critical cert extensions, making
  it non-critical now
- bearssl is too slow for test_12, skipping
- making sure we do h3 tests only when curl and server support is there

Closes #10699

.github/workflows/linux.yml

@@ -51,12 +51,12 @@ jobs:
         build:
         - name: quiche
           install_packages: zlib1g-dev
-          install_steps: quiche
+          install_steps: quiche pytest
           configure: LDFLAGS="-Wl,-rpath,/home/runner/work/curl/curl/quiche/target/release" --with-openssl=/home/runner/work/curl/curl/quiche/quiche/deps/boringssl/src --enable-debug --with-quiche=/home/runner/work/curl/curl/quiche/target/release
 
         - name: bearssl
           install_packages: zlib1g-dev
-          install_steps: bearssl
+          install_steps: bearssl pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/bear/lib" --with-bearssl=$HOME/bear --enable-debug
 
         - name: bearssl-clang
@@ -66,7 +66,7 @@ jobs:
 
         - name: libressl
           install_packages: zlib1g-dev
-          install_steps: libressl
+          install_steps: libressl pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
 
         - name: libressl-clang
@@ -76,7 +76,7 @@ jobs:
 
         - name: mbedtls
           install_packages: libnghttp2-dev
-          install_steps: mbedtls
+          install_steps: mbedtls pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/mbed/lib" --with-mbedtls=$HOME/mbed --enable-debug
 
         - name: mbedtls-clang
@@ -91,7 +91,7 @@ jobs:
 
         - name: openssl3
           install_packages: zlib1g-dev
-          install_steps: gcc-11 openssl3
+          install_steps: gcc-11 openssl3 pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib64" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
 
         - name: openssl3-O3
@@ -114,7 +114,7 @@ jobs:
           configure: LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" --with-openssl --with-hyper=$HOME/hyper --enable-debug --enable-websockets
 
         - name: rustls
-          install_steps: rust rustls
+          install_steps: rust rustls pytest
           configure: --with-rustls=$HOME/rustls --enable-debug
 
         - name: Intel compiler - without SSL
@@ -265,6 +265,18 @@ jobs:
         printenv >> $GITHUB_ENV
       name: 'install Intel compilers'
 
+    - if: ${{ contains(matrix.build.install_steps, 'pytest') }}
+      run: |
+        sudo apt-get install apache2 apache2-dev libnghttp2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install pytest and apach2-dev mod-h2'
+
     - run: autoreconf -fi
       name: 'autoreconf'
 
@@ -284,3 +296,12 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - if: ${{ contains(matrix.build.install_steps, 'pytest') }}
+      # run for `tests` directory, so pytest does not pick up any other
+      # packages we might have built here
+      run:
+        pytest tests
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"

.github/workflows/ngtcp2-gnutls.yml

@@ -70,8 +70,9 @@ jobs:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
         git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
@@ -120,6 +121,15 @@ jobs:
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -141,3 +151,8 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - run: pytest -v
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"

.github/workflows/ngtcp2-quictls.yml

@@ -61,8 +61,9 @@ jobs:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
         git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
@@ -95,6 +96,15 @@ jobs:
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -116,3 +126,9 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - run: pytest -v
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"
+

.github/workflows/ngtcp2-wolfssl.yml

@@ -59,15 +59,15 @@ jobs:
           ngtcp2-configure: >-
             --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
           wolfssl-configure: >-
-            --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
-            --enable-harden --enable-altcertchains
+            --enable-all --enable-quic
 
     steps:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
         git clone https://github.com/wolfSSL/wolfssl.git
@@ -108,6 +108,15 @@ jobs:
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -129,3 +138,10 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    # Disabled for now, we see spurious SSL_connect() errors when talking
+    # http/1.1 to apache and this, so far, is not reproducable in local testing
+    #- run: pytest -v
+    #  name: 'run pytest'
+    #  env:
+    #    TFLAGS: "${{ matrix.build.tflags }}"

.github/workflows/pytest.yml

@@ -1,128 +0,0 @@
-# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# SPDX-License-Identifier: curl
-
-name: pytest
-
-on:
-  push:
-    branches:
-    - master
-    - '*/ci'
-    paths-ignore:
-    - '**/*.md'
-    - '.azure-pipelines.yml'
-    - '.circleci/**'
-    - '.cirrus.yml'
-    - 'appveyor.yml'
-    - 'packages/**'
-    - 'plan9/**'
-    - 'projects/**'
-    - 'winbuild/**'
-  pull_request:
-    branches:
-    - master
-    paths-ignore:
-    - '**/*.md'
-    - '.azure-pipelines.yml'
-    - '.circleci/**'
-    - '.cirrus.yml'
-    - 'appveyor.yml'
-    - 'packages/**'
-    - 'plan9/**'
-    - 'projects/**'
-    - 'winbuild/**'
-
-concurrency:
-  # Hardcoded workflow filename as workflow name above is just Linux again
-  group: pytest-openssl-${{ github.event.pull_request.number || github.sha }}
-  cancel-in-progress: true
-
-jobs:
-  autotools:
-    name: ${{ matrix.build.name }}
-    runs-on: 'ubuntu-latest'
-    timeout-minutes: 60
-    strategy:
-      fail-fast: false
-      matrix:
-        build:
-        - name: quictls
-          install: >-
-            libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev
-          configure: >-
-            PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/all/lib"
-            --with-ngtcp2=$HOME/all --enable-warnings --enable-werror --enable-debug
-            --with-test-nghttpx="$HOME/all/bin/nghttpx"
-          ngtcp2-configure: >-
-            --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
-
-    steps:
-    - run: |
-        sudo apt-get update
-        sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo apt-get install apache2 apache2-dev
-        sudo python3 -m pip install impacket pytest cryptography
-      name: 'install prereqs and impacket, pytest, crypto'
-
-    - run: |
-        git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
-        cd openssl
-        ./config --prefix=$HOME/all --libdir=$HOME/all/lib
-        make install_sw
-      name: 'install quictls'
-
-    - run: |
-        git clone --depth=1 -b v0.8.0 https://github.com/ngtcp2/nghttp3
-        cd nghttp3
-        autoreconf -fi
-        ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
-        make install
-      name: 'install nghttp3'
-
-    - run: |
-        git clone --depth=1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2
-        cd ngtcp2
-        autoreconf -fi
-        ./configure ${{ matrix.build.ngtcp2-configure }} --with-openssl
-        make install
-      name: 'install ngtcp2'
-
-    - run: |
-        git clone --depth=1 -b v1.52.0 https://github.com/nghttp2/nghttp2
-        cd nghttp2
-        autoreconf -fi
-        ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-http3
-        make install
-      name: 'install nghttp2'
-
-    - run: |
-        git clone --depth=1 -b master https://github.com/icing/mod_h2
-        cd mod_h2
-        autoreconf -fi
-        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
-        make
-        sudo make install
-      name: 'install mod_h2'
-
-    - uses: actions/checkout@v3
-
-    - run: autoreconf -fi
-      name: 'autoreconf'
-
-    - run: ./configure --with-openssl=$HOME/all ${{ matrix.build.configure }}
-      name: 'configure'
-
-    - run: make V=1
-      name: 'make'
-
-    - run: make V=1 examples
-      name: 'make examples'
-
-    - run: make V=1 -C tests
-      name: 'make tests'
-
-    - run: pytest -v
-      name: 'run pytest'
-      env:
-        TFLAGS: "${{ matrix.build.tflags }}"

configure.ac

@@ -368,12 +368,12 @@ AC_SUBST(APACHECTL)
 AC_SUBST(APXS)
 
 dnl the nghttpx we might use in httpd testing
-if test "x$TEST_NGHTTPX" != "x"; then
+if test "x$TEST_NGHTTPX" != "x" -a "x$TEST_NGHTTPX" != "xnghttpx"; then
   HTTPD_NGHTTPX="$TEST_NGHTTPX"
 else
-  AC_PATH_PROG([HTTPD_NGHTTPX], [nghttpx])
+  AC_PATH_PROG([HTTPD_NGHTTPX], [nghttpx], [],
+    [$PATH:/usr/bin:/usr/local/bin])
 fi
-    AC_PATH_PROG([APXS], [apxs])
 AC_SUBST(HTTPD_NGHTTPX)
 
 dnl the Caddy server we might use in testing

tests/conftest.py

@@ -37,7 +37,7 @@ def pytest_report_header(config, startdir):
         f'  httpd: {env.httpd_version()}, http:{env.http_port} https:{env.https_port}',
         f'  httpd-proxy: {env.httpd_version()}, http:{env.proxy_port} https:{env.proxys_port}'
     ]
-    if env.have_h3_server():
+    if env.have_h3():
         report.extend([
             f'  nghttpx: {env.nghttpx_version()}, h3:{env.https_port}'
         ])

tests/http/conftest.py

@@ -59,11 +59,10 @@ def httpd(env) -> Httpd:
 
 @pytest.fixture(scope='package')
 def nghttpx(env, httpd) -> Optional[Nghttpx]:
-    if env.have_h3_server():
-        nghttpx = Nghttpx(env=env)
+    nghttpx = Nghttpx(env=env)
+    if env.have_h3():
         nghttpx.clear_logs()
         assert nghttpx.start()
-        yield nghttpx
-        nghttpx.stop()
-    return None
+    yield nghttpx
+    nghttpx.stop()
 

tests/http/test_01_basic.py

@@ -62,7 +62,7 @@ class TestBasic:
         assert r.json['server'] == env.domain1
 
     # simple https: GET, h2 wanted and got
-    def test_01_02_h2_get(self, env: Env, httpd):
+    def test_01_03_h2_get(self, env: Env, httpd):
         curl = CurlClient(env=env)
         url = f'https://{env.domain1}:{env.https_port}/data.json'
         r = curl.http_get(url=url, extra_args=['--http2'])
@@ -72,7 +72,7 @@ class TestBasic:
         assert r.json['server'] == env.domain1
 
     # simple https: GET, h2 unsupported, fallback to h1
-    def test_01_02_h2_unsupported(self, env: Env, httpd):
+    def test_01_04_h2_unsupported(self, env: Env, httpd):
         curl = CurlClient(env=env)
         url = f'https://{env.domain2}:{env.https_port}/data.json'
         r = curl.http_get(url=url, extra_args=['--http2'])
@@ -82,9 +82,8 @@ class TestBasic:
         assert r.json['server'] == env.domain2
 
     # simple h3: GET, want h3 and get it
-    @pytest.mark.skipif(condition=not Env.have_h3_curl(), reason="no h3 curl")
-    @pytest.mark.skipif(condition=not Env.have_h3_server(), reason="no h3 server")
-    def test_01_03_h3_get(self, env: Env, httpd, nghttpx):
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
+    def test_01_05_h3_get(self, env: Env, httpd, nghttpx):
         curl = CurlClient(env=env)
         url = f'https://{env.domain1}:{env.h3_port}/data.json'
         r = curl.http_get(url=url, extra_args=['--http3'])

tests/http/test_02_download.py

@@ -44,6 +44,8 @@ class TestDownload:
     def _class_scope(self, env, httpd, nghttpx):
         if env.have_h3():
             nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     @pytest.fixture(autouse=True, scope='class')
     def _class_scope(self, env, httpd):
@@ -93,10 +95,12 @@ class TestDownload:
                                          httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
+        max_parallel = 6 if proto == 'http/1.1' else 50
         curl = CurlClient(env=env)
         urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-99]'
-        r = curl.http_download(urls=[urln], alpn_proto=proto,
-                               extra_args=['--parallel'])
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel', '--parallel-max', f'{max_parallel}'
+        ])
         assert r.exit_code == 0
         r.check_stats(count=100, exp_status=200)
         if proto == 'http/1.1':
@@ -124,24 +128,23 @@ class TestDownload:
             # http2 parallel transfers will use one connection (common limit is 100)
             assert r.total_connects == 1
 
-    # download 500 files parallel (default max of 100)
-    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    # download 500 files parallel
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
     def test_02_06_download_500_parallel(self, env: Env,
                                          httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
+        count = 500
+        max_parallel = 50
         curl = CurlClient(env=env)
-        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[000-499]'
-        r = curl.http_download(urls=[urln], alpn_proto=proto,
-                               extra_args=['--parallel'])
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[000-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel', '--parallel-max', f'{max_parallel}'
+        ])
         assert r.exit_code == 0
-        r.check_stats(count=500, exp_status=200)
-        if proto == 'http/1.1':
-            # http/1.1 parallel transfers will open multiple connections
-            assert r.total_connects > 1
-        else:
-            # http2 parallel transfers will use one connection (common limit is 100)
-            assert r.total_connects == 1
+        r.check_stats(count=count, exp_status=200)
+        # http2 parallel transfers will use one connection (common limit is 100)
+        assert r.total_connects == 1
 
     # download files parallel, check connection reuse/multiplex
     @pytest.mark.parametrize("proto", ['h2', 'h3'])
@@ -149,7 +152,7 @@ class TestDownload:
                                   httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
-        count=200
+        count = 200
         curl = CurlClient(env=env)
         urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
         r = curl.http_download(urls=[urln], alpn_proto=proto,
@@ -165,12 +168,12 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['http/1.1'])
     def test_02_07b_download_reuse(self, env: Env,
                                    httpd, nghttpx, repeat, proto):
-        count=20
+        count = 20
         curl = CurlClient(env=env)
         urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
         r = curl.http_download(urls=[urln], alpn_proto=proto,
                                with_stats=True, extra_args=[
-            '--parallel', '--parallel-max', '200'
+            '--parallel'
         ])
         assert r.exit_code == 0, f'{r}'
         r.check_stats(count=count, exp_status=200)
@@ -180,6 +183,8 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
     def test_02_08_1MB_serial(self, env: Env,
                               httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 20
         urln = f'https://{env.authority_for(env.domain1, proto)}/data-1m?[0-{count-1}]'
         curl = CurlClient(env=env)
@@ -190,6 +195,8 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
     def test_02_09_1MB_parallel(self, env: Env,
                               httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 20
         urln = f'https://{env.authority_for(env.domain1, proto)}/data-1m?[0-{count-1}]'
         curl = CurlClient(env=env)
@@ -202,6 +209,8 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
     def test_02_10_10MB_serial(self, env: Env,
                               httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 20
         urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
         curl = CurlClient(env=env)
@@ -212,6 +221,8 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
     def test_02_11_10MB_parallel(self, env: Env,
                               httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 20
         urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
         curl = CurlClient(env=env)
@@ -221,9 +232,11 @@ class TestDownload:
         assert r.exit_code == 0
         r.check_stats(count=count, exp_status=200)
 
-    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
     def test_02_12_head_serial_https(self, env: Env,
                                      httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 100
         urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
         curl = CurlClient(env=env)
@@ -236,6 +249,8 @@ class TestDownload:
     @pytest.mark.parametrize("proto", ['h2'])
     def test_02_13_head_serial_h2c(self, env: Env,
                                     httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
         count = 100
         urln = f'http://{env.domain1}:{env.http_port}/data-10m?[0-{count-1}]'
         curl = CurlClient(env=env)

tests/http/test_03_goaway.py

@@ -41,9 +41,11 @@ log = logging.getLogger(__name__)
 class TestGoAway:
 
     @pytest.fixture(autouse=True, scope='class')
-    def _class_scope(self, env, nghttpx):
+    def _class_scope(self, env, httpd, nghttpx):
         if env.have_h3():
             nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download files sequentially with delay, reload server for GOAWAY
     def test_03_01_h2_goaway(self, env: Env, httpd, nghttpx, repeat):
@@ -78,7 +80,7 @@ class TestGoAway:
         assert r.duration >= timedelta(seconds=count)
 
     # download files sequentially with delay, reload server for GOAWAY
-    @pytest.mark.skipif(condition=not Env.have_h3_server(), reason="no h3 server")
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
     def test_03_02_h3_goaway(self, env: Env, httpd, nghttpx, repeat):
         proto = 'h3'
         count = 3

tests/http/test_04_stuttered.py

@@ -39,9 +39,11 @@ log = logging.getLogger(__name__)
 class TestStuttered:
 
     @pytest.fixture(autouse=True, scope='class')
-    def _class_scope(self, env, nghttpx):
+    def _class_scope(self, env, httpd, nghttpx):
         if env.have_h3():
             nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download 1 file, check that delayed response works in general
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])

tests/http/test_05_errors.py

@@ -42,9 +42,11 @@ log = logging.getLogger(__name__)
 class TestErrors:
 
     @pytest.fixture(autouse=True, scope='class')
-    def _class_scope(self, env, nghttpx):
+    def _class_scope(self, env, httpd, nghttpx):
         if env.have_h3():
             nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download 1 file, check that we get CURLE_PARTIAL_FILE
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])

tests/http/test_06_eyeballs.py

@@ -40,9 +40,11 @@ log = logging.getLogger(__name__)
 class TestEyeballs:
 
     @pytest.fixture(autouse=True, scope='class')
-    def _class_scope(self, env, nghttpx):
+    def _class_scope(self, env, httpd, nghttpx):
         if env.have_h3():
             nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download using only HTTP/3 on working server
     @pytest.mark.skipif(condition=not Env.have_h3(), reason=f"missing HTTP/3 support")

tests/http/test_07_upload.py

@@ -44,6 +44,8 @@ class TestUpload:
             nghttpx.start_if_needed()
         env.make_data_file(indir=env.gen_dir, fname="data-100k", fsize=100*1024)
         env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024)
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # upload small data, check that this is what was echoed
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
@@ -91,10 +93,11 @@ class TestUpload:
             assert respdata == [data]
 
     # upload data parallel, check that they were echoed
-    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
     def test_07_11_upload_parallel(self, env: Env, httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
+        # limit since we use a separate connection in h1
         count = 50
         data = '0123456789'
         curl = CurlClient(env=env)
@@ -144,10 +147,11 @@ class TestUpload:
             assert respdata == indata
 
     # upload data parallel, check that they were echoed
-    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
     def test_07_20_upload_parallel(self, env: Env, httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
+        # limit since we use a separate connection in h1
         count = 50
         data = '0123456789'
         curl = CurlClient(env=env)
@@ -161,13 +165,14 @@ class TestUpload:
             assert respdata == [data]
 
     # upload large data parallel, check that this is what was echoed
-    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
     def test_07_21_upload_parallel_large(self, env: Env, httpd, nghttpx, repeat, proto):
         if proto == 'h3' and not env.have_h3():
             pytest.skip("h3 not supported")
         if proto == 'h3' and env.curl_uses_lib('quiche'):
             pytest.skip("quiche stalls on parallel, large uploads, unless --trace is used???")
         fdata = os.path.join(env.gen_dir, 'data-100k')
+        # limit since we use a separate connection in h1
         count = 50
         curl = CurlClient(env=env)
         url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'

tests/http/test_09_push.py

@@ -58,6 +58,9 @@ class TestPush:
         ])
         # activate the new config
         httpd.reload()
+        yield
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download a file that triggers a "103 Early Hints" response
     def test_09_01_early_hints(self, env: Env, httpd, repeat):

tests/http/test_10_proxy.py

@@ -43,6 +43,8 @@ class TestProxy:
         push_dir = os.path.join(httpd.docs_dir, 'push')
         if not os.path.exists(push_dir):
             os.makedirs(push_dir)
+        httpd.clear_extra_configs()
+        httpd.reload()
 
     # download via http: proxy (no tunnel)
     def test_10_01_proxy_http(self, env: Env, httpd, repeat):
@@ -57,6 +59,8 @@ class TestProxy:
         r.check_stats(count=1, exp_status=200)
 
     # download via https: proxy (no tunnel)
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
     def test_10_02_proxy_https(self, env: Env, httpd, repeat):
         curl = CurlClient(env=env)
         url = f'http://localhost:{env.http_port}/data.json'
@@ -83,6 +87,8 @@ class TestProxy:
         r.check_stats(count=1, exp_status=200)
 
     # download http: via https: proxytunnel
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
     def test_10_04_proxy_https(self, env: Env, httpd, repeat):
         curl = CurlClient(env=env)
         url = f'http://localhost:{env.http_port}/data.json'
@@ -114,6 +120,8 @@ class TestProxy:
         assert r.response['protocol'] == exp_proto
 
     # download https: with proto via https: proxytunnel
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
     @pytest.mark.parametrize("proto", ['http/1.1', 'h2'])
     def test_10_06_proxy_https(self, env: Env, httpd, proto, repeat):
         curl = CurlClient(env=env)

tests/http/test_11_unix.py

@@ -118,6 +118,7 @@ class TestUnix:
         assert r.exit_code == 35  # CONNECT_ERROR (as faker is not TLS)
 
     # download HTTP/3 via unix socket
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason='h3 not supported')
     def test_11_03_unix_connect_quic(self, env: Env, httpd, uds_faker, repeat):
         curl = CurlClient(env=env)
         url = f'https://{env.domain1}:{env.https_port}/data.json'

tests/http/test_12_reuse.py

@@ -38,18 +38,9 @@ log = logging.getLogger(__name__)
 
 @pytest.mark.skipif(condition=Env.setup_incomplete(),
                     reason=f"missing: {Env.incomplete_reason()}")
+@pytest.mark.skipif(condition=Env.curl_uses_lib('bearssl'), reason='BearSSL too slow')
 class TestReuse:
 
-    @pytest.fixture(autouse=True, scope='class')
-    def _class_scope(self, env, httpd, nghttpx):
-        env.make_data_file(indir=httpd.docs_dir, fname="data-100k", fsize=100*1024)
-        env.make_data_file(indir=httpd.docs_dir, fname="data-1m", fsize=1024*1024)
-        env.make_data_file(indir=httpd.docs_dir, fname="data-10m", fsize=10*1024*1024)
-        yield
-        # restore default config
-        httpd.clear_extra_configs()
-        httpd.reload()
-
     # check if HTTP/1.1 handles 'Connection: close' correctly
     @pytest.mark.parametrize("proto", ['http/1.1'])
     def test_12_01_h1_conn_close(self, env: Env,

tests/http/testenv/certs.py

@@ -441,7 +441,7 @@ class TestCA:
             x509.ExtendedKeyUsage([
                 ExtendedKeyUsageOID.SERVER_AUTH,
             ]),
-            critical=True
+            critical=False
         )
 
     @staticmethod

tests/http/testenv/env.py

@@ -96,8 +96,6 @@ class EnvConfig:
                 self.curl_props['protocols'] = [
                     prot.lower() for prot in l[11:].split(' ')
                 ]
-        self.nghttpx_with_h3 = re.match(r'.* nghttp3/.*', p.stdout.strip())
-        log.debug(f'nghttpx -v: {p.stdout}')
 
         self.ports = alloc_ports(port_specs={
             'http': socket.SOCK_STREAM,
@@ -133,10 +131,10 @@ class EnvConfig:
         ]
 
         self.nghttpx = self.config['nghttpx']['nghttpx']
+        if len(self.nghttpx.strip()) == 0:
+            self.nghttpx = None
         self._nghttpx_version = None
         self.nghttpx_with_h3 = False
-        if len(self.nghttpx) == 0:
-            self.nghttpx = 'nghttpx'
         if self.nghttpx is not None:
             p = subprocess.run(args=[self.nghttpx, '-v'],
                                capture_output=True, text=True)
@@ -235,6 +233,10 @@ class Env:
     def curl_uses_lib(libname: str) -> bool:
         return libname.lower() in Env.CONFIG.curl_props['libs']
 
+    @staticmethod
+    def curl_has_feature(feature: str) -> bool:
+        return feature.lower() in Env.CONFIG.curl_props['features']
+
     @staticmethod
     def curl_lib_version(libname: str) -> str:
         prefix = f'{libname.lower()}/'