interimap/tests/run, branch debian/0.5.7-4 Fast bidirectional synchronization for QRESYNC-capable IMAP servers interimap, pullimap: Ensure DB and statefiles are created with mode 0600. 2022-02-23T22:43:58+00:00 Guilhem Moulin guilhem@fripost.org 2022-02-23T21:30:45+00:00 2447861913835637bbf49d96728ce9ac6ab0ae22 It wasn't the case for interimap(1), see https://bugs.debian.org/608604 … Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but there is no reason to have the DB world-readable. Since we can't rely on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600). 
It wasn't the case for interimap(1), see https://bugs.debian.org/608604 …
Fortunately we create $XDG_DATA_HOME/interimap with a secure mode, but
there is no reason to have the DB world-readable.  Since we can't rely
on SQLITE_OPEN_CREATE for secure mode we use sysopen(,,O_CREAT,0600).
Don't assume Net::IMAP::InterIMAP is always in @INC. 2022-02-23T20:23:55+00:00 Guilhem Moulin guilhem@fripost.org 2022-02-22T23:35:41+00:00 eeed44617b8b2bf4c941f6de334a9006804615fb And make the installation path configurable at `make` time. Moreover, adjust the 'test' target so the site directory and interimap/pullimap path are configurable with INTERIMAP_I and INTERIMAP_PATH respectively. That way one can run `tests/run foo` to check the source, `make test` to check what's been built, and we also have the possibility to check the installed program e.g. for autopkgtests. 
And make the installation path configurable at `make` time.  Moreover,
adjust the 'test' target so the site directory and interimap/pullimap
path are configurable with INTERIMAP_I and INTERIMAP_PATH respectively.
That way one can run `tests/run foo` to check the source, `make test` to
check what's been built, and we also have the possibility to check the
installed program e.g. for autopkgtests.
test suite: use stock OpenSSL config except for tests/tls-protocols. 2020-12-17T12:47:09+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-17T12:47:09+00:00 30c2bc3c362a4eb6b35560cff0bd95404360fe22 It's best to use a stock (clean) environment when possible. We only need to test TLS protocol version <1.2 for tests/tls-protocols. 
It's best to use a stock (clean) environment when possible.  We only
need to test TLS protocol version <1.2 for tests/tls-protocols.
libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set. 2020-12-13T17:44:18+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-13T16:43:52+00:00 8c43ed9baa905d907a6aad77de2282a852ba69a9 In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used). 
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).

This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).
test suite: supply our own OpenSSL configuration file with MinProtocol=None. 2020-12-11T17:44:13+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-11T17:28:32+00:00 ed263d4a380036b654525ee268db615c17d0d216 So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later. 
So we can test TLSv1 as well, not just TLSv1.2 and later.

Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later.
test suite: `mv tests/snippets tests/config` 2020-12-11T17:32:43+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-11T16:57:22+00:00 b99cd2fd12bc3a2c6b858e65182a47a4ef27dba2 






libinterimap: make SSL_verify check the hostname as well.
2020-12-11T10:20:41+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-10T18:39:10+00:00

265f133600e9812726a52ea3067409ed3578e882

More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.





More precisely, ensure that the certificate Subject Alternative Name
(SAN) or Subject CommonName (CN) matches the hostname or IP literal
specified by the 'host' option.  Previously it was only verifying the
chain of trust.

This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version
1.0.2.







test suite: always generate new certificates on `make test`.
2020-12-11T10:20:41+00:00

Guilhem Moulin
guilhem@fripost.org

2020-12-10T13:34:48+00:00

26e5c04abfb81bdcbd4d89d9f9329b8433920b26

In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.





In addition, sign test certificates with the same root CA.  Hence
running `make test` now requires OpenSSL 1.1.1 or later.







Upgrade URLs to secure HTTP.
2020-08-04T00:35:05+00:00

Guilhem Moulin
guilhem@fripost.org

2020-08-04T00:35:05+00:00

11cd204852f665670b5d4271eab86a3d9f5e5624












tests/run: Don't redirect stderr by process substitution.
2019-12-15T02:39:04+00:00

Guilhem Moulin
guilhem@fripost.org

2019-12-15T02:38:59+00:00

49d7a90c159b12173ce202fb9b101465b87da96c

This seems to cause timing issues.





This seems to cause timing issues.