aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-13 17:37:32 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-13 17:38:07 +0100
commitba9d8af01141a6d5d5b98a0e249c311814b844a6 (patch)
tree6b523c5b6361b56a67d7499b9b9fcf5e96d49b30
parent6dcf633e6dde4c2af549f374de885038f90b7258 (diff)
test suite: ensure we haven't started speaking IMAP when the SSL/TLS handshake is aborted.
(Unless STARTTLS is used to upgrade the connection.)
-rw-r--r--Changelog3
-rw-r--r--tests/tls-pin-fingerprint/t6
-rw-r--r--tests/tls-protocols/t6
-rw-r--r--tests/tls-verify-peer/t3
4 files changed, 13 insertions, 5 deletions
diff --git a/Changelog b/Changelog
index 931e526..9a36e8a 100644
--- a/Changelog
+++ b/Changelog
@@ -29,6 +29,9 @@ interimap (0.5.5) upstream;
- README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH
transport (note that variable expansion is only available in OpenSSH
8.4 and later).
+ - test suite: ensure we haven't started speaking IMAP when the SSL/TLS
+ handshake is aborted (unless STARTTLS is used to upgrade to
+ connection).
-- Guilhem Moulin <guilhem@fripost.org> Fri, 11 Dec 2020 14:55:53 +0100
diff --git a/tests/tls-pin-fingerprint/t b/tests/tls-pin-fingerprint/t
index 6716833..883a887 100644
--- a/tests/tls-pin-fingerprint/t
+++ b/tests/tls-pin-fingerprint/t
@@ -41,8 +41,9 @@ EOF
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
grep -Fx "remote: WARNING: Fingerprint doesn't match! MiTM in action?" <"$STDERR" || error
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
-# make sure we didn't send any credentials
+# make sure we didn't send any credentials or started speaking IMAP
! grep -E "^remote: C: .* (AUTHENTICATE|LOGIN) " <"$STDERR" || error
+grep -Fx "remote: IMAP traffic (bytes): recv 0 sent 0" <"$STDERR" || error
# two invalid ones
with_remote_config <<-EOF
@@ -53,8 +54,9 @@ EOF
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
grep -Fx "remote: WARNING: Fingerprint doesn't match! MiTM in action?" <"$STDERR" || error
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
-# make sure we didn't send any credentials
+# make sure we didn't send any credentials or started speaking IMAP
! grep -E "^remote: C: .* (AUTHENTICATE|LOGIN) " <"$STDERR" || error
+grep -Fx "remote: IMAP traffic (bytes): recv 0 sent 0" <"$STDERR" || error
# valid + invalid
diff --git a/tests/tls-protocols/t b/tests/tls-protocols/t
index b65d93c..ecf7e49 100644
--- a/tests/tls-protocols/t
+++ b/tests/tls-protocols/t
@@ -38,8 +38,9 @@ with_remote_tls_protocols "SSLv2" "SSLv3"
! interimap --debug || error
grep -Fx "remote: Disabling SSL protocols: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3" <"$STDERR" || error
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
-# make sure we didn't send any credentials
+# make sure we didn't send any credentials or started speaking IMAP
! grep -E "^remote: C: .* (AUTHENTICATE|LOGIN) " <"$STDERR" || error
+grep -Fx "remote: IMAP traffic (bytes): recv 0 sent 0" <"$STDERR" || error
# new interface: SSL_protocol_{min,max}
@@ -88,7 +89,8 @@ with_remote_tls_protocol_min_max "SSLv3" "SSLv3"
grep -Fx "remote: Minimum SSL/TLS protocol version: SSLv3" <"$STDERR" || error
grep -Fx "remote: Maximum SSL/TLS protocol version: SSLv3" <"$STDERR" || error
grep -Fx "remote: ERROR: Can't initiate TLS/SSL handshake" <"$STDERR" || error
-# make sure we didn't send any credentials
+# make sure we didn't send any credentials or started speaking IMAP
! grep -E "^remote: C: .* (AUTHENTICATE|LOGIN) " <"$STDERR" || error
+grep -Fx "remote: IMAP traffic (bytes): recv 0 sent 0" <"$STDERR" || error
# vim: set filetype=sh :
diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t
index 17018a6..8cc098a 100644
--- a/tests/tls-verify-peer/t
+++ b/tests/tls-verify-peer/t
@@ -15,8 +15,9 @@ unverified_peer() {
[ -s "$TMPDIR/preverify" ] || error
! grep -Fvx "preverify=0" <"$TMPDIR/preverify" || error
- # make sure we didn't send any credentials
+ # make sure we didn't send any credentials or started speaking IMAP
! grep -E "^remote: C: .* (AUTHENTICATE|LOGIN) " <"$STDERR" || error
+ grep -Fx "remote: IMAP traffic (bytes): recv 0 sent 0" <"$STDERR" || error
}
verified_peer() {
local i u