interimap/tests, branch debian/buster-backports

libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.

2020-12-17T16:41:30+00:00

Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below.
See SSL_CTX_set_cipher_list(3ssl).

test suite: use stock OpenSSL config except for tests/tls-protocols.

2020-12-17T12:47:09+00:00

It's best to use a stock (clean) environment when possible.  We only
need to test TLS protocol version <1.2 for tests/tls-protocols.

typofix

2020-12-13T22:47:15+00:00

libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set.

2020-12-13T17:44:18+00:00

In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).

This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).

test suite: ensure we haven't started speaking IMAP when the SSL/TLS handshake is aborted.

2020-12-13T16:38:07+00:00

(Unless STARTTLS is used to upgrade the connection.)

Make error messages more uniform and consistent.

2020-12-13T14:11:11+00:00

typofix, spelling

2020-12-12T10:15:36+00:00

libinterimap: deprecate SSL_protocols and introduce SSL_protocol_{min,max}.

2020-12-11T18:33:30+00:00

Using the libssl interface simplifies our protocol black/whitelist
greatly; this only allows simple min/max bounds, but holes are arguably
not very useful here.

Using the new settings bumps the required libssl version to 1.1.0.

test suite: supply our own OpenSSL configuration file with MinProtocol=None.

2020-12-11T17:44:13+00:00

So we can test TLSv1 as well, not just TLSv1.2 and later.

Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration
file (the default as of 2.3.11.3), hence running TLS tests now require
Dovecot 2.3 or later.

test suite: `mv tests/snippets tests/config`

2020-12-11T17:32:43+00:00