diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 15:34:00 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-09 15:34:00 +0100 |
commit | 96c540042718e05161f03dd7edeaf0ae8820d3ce (patch) | |
tree | 44e65a9b7e477d1a414426f71e936c6533c26297 /tests/tls-verify-peer | |
parent | 34142cae2430d7b38a2542939709bbbc4a509703 (diff) | |
parent | bb58678ba034e56f88db7202bf4e29ef3bd1bebd (diff) |
Merge tag 'upstream/0.5.3' into debian
Upstream version 0.5.3
Diffstat (limited to 'tests/tls-verify-peer')
-rw-r--r-- | tests/tls-verify-peer/t | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t index d84328a..9e4d9fa 100644 --- a/tests/tls-verify-peer/t +++ b/tests/tls-verify-peer/t @@ -1,5 +1,3 @@ -CERT=~/.dovecot/conf.d/dovecot.pem - unverified_peer() { ! interimap --debug || error @@ -41,36 +39,38 @@ unverified_peer step_done step_start "peer verification result honored when pinned pubkey matches" -pkey_sha256="$(openssl x509 -pubkey <"$CERT" | openssl pkey -pubin -outform DER \ +PKEY_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ + | openssl x509 -pubkey | openssl pkey -pubin -outform DER \ | openssl dgst -sha256 | sed -rn "/^.*=\\s*/ {s///p;q}")" with_remote_config <<-EOF - SSL_fingerprint = sha256\$$pkey_sha256 + SSL_fingerprint = sha256\$$PKEY_SHA256 EOF unverified_peer ! grep -Fx "remote: WARNING: Fingerprint doesn't match! MiTM in action?" <"$STDERR" || error step_done +capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX) step_start "SSL_CAfile" if [ -f "/etc/ssl/certs/ca-certificates.crt" ]; then - # the self-signed cert should not be in there + # our self-signed test cert should not be in there with_remote_config <<<"SSL_CAfile = /etc/ssl/certs/ca-certificates.crt" unverified_peer fi -with_remote_config <<<"SSL_CAfile = $CERT" + +doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert >"$capath/ca-certificates.crt" +with_remote_config <<<"SSL_CAfile = $capath/ca-certificates.crt" verified_peer step_done step_start "SSL_CApath" if [ -d "/etc/ssl/certs" ]; then - # the self-signed cert should not be in there + # our self-signed test cert should not be in there with_remote_config <<<"SSL_CApath = /etc/ssl/certs" unverified_peer fi -capath=$(mktemp --tmpdir="$TMPDIR" --directory capath.XXXXXX) -cp -t"$capath" "$CERT" c_rehash "$capath" with_remote_config <<<"SSL_CApath = $capath" |