aboutsummaryrefslogtreecommitdiffstats
path: root/tests/tls-verify-peer
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-09 15:34:00 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-09 15:34:00 +0100
commit96c540042718e05161f03dd7edeaf0ae8820d3ce (patch)
tree44e65a9b7e477d1a414426f71e936c6533c26297 /tests/tls-verify-peer
parent34142cae2430d7b38a2542939709bbbc4a509703 (diff)
parentbb58678ba034e56f88db7202bf4e29ef3bd1bebd (diff)
Merge tag 'upstream/0.5.3' into debian
Upstream version 0.5.3
Diffstat (limited to 'tests/tls-verify-peer')
-rw-r--r--tests/tls-verify-peer/t18
1 files changed, 9 insertions, 9 deletions
diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t
index d84328a..9e4d9fa 100644
--- a/tests/tls-verify-peer/t
+++ b/tests/tls-verify-peer/t
@@ -1,5 +1,3 @@
-CERT=~/.dovecot/conf.d/dovecot.pem
-
unverified_peer() {
! interimap --debug || error
@@ -41,36 +39,38 @@ unverified_peer
step_done
step_start "peer verification result honored when pinned pubkey matches"
-pkey_sha256="$(openssl x509 -pubkey <"$CERT" | openssl pkey -pubin -outform DER \
+PKEY_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \
+ | openssl x509 -pubkey | openssl pkey -pubin -outform DER \
| openssl dgst -sha256 | sed -rn "/^.*=\\s*/ {s///p;q}")"
with_remote_config <<-EOF
- SSL_fingerprint = sha256\$$pkey_sha256
+ SSL_fingerprint = sha256\$$PKEY_SHA256
EOF
unverified_peer
! grep -Fx "remote: WARNING: Fingerprint doesn't match! MiTM in action?" <"$STDERR" || error
step_done
+capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX)
step_start "SSL_CAfile"
if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then
- # the self-signed cert should not be in there
+ # our self-signed test cert should not be in there
with_remote_config <<<"SSL_CAfile = /etc/ssl/certs/ca-certificates.crt"
unverified_peer
fi
-with_remote_config <<<"SSL_CAfile = $CERT"
+
+doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert >"$capath/ca-certificates.crt"
+with_remote_config <<<"SSL_CAfile = $capath/ca-certificates.crt"
verified_peer
step_done
step_start "SSL_CApath"
if [ -d "/etc/ssl/certs" ]; then
- # the self-signed cert should not be in there
+ # our self-signed test cert should not be in there
with_remote_config <<<"SSL_CApath = /etc/ssl/certs"
unverified_peer
fi
-capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX)
-cp -t"$capath" "$CERT"
c_rehash "$capath"
with_remote_config <<<"SSL_CApath = $capath"