aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-11 18:28:32 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-11 18:44:13 +0100
commited263d4a380036b654525ee268db615c17d0d216 (patch)
tree5c85ed20e3405a994293d4e0b8cc688b7fd2c3ee /tests
parentb99cd2fd12bc3a2c6b858e65182a47a4ef27dba2 (diff)
test suite: supply our own OpenSSL configuration file with MinProtocol=None.
So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later.
Diffstat (limited to 'tests')
-rw-r--r--tests/config/dovecot/ssl.conf1
-rw-r--r--tests/config/openssl.cnf14
-rwxr-xr-xtests/run4
-rw-r--r--tests/starttls/t2
-rw-r--r--tests/tls-verify-peer/t2
-rw-r--r--tests/tls/t2
6 files changed, 21 insertions, 4 deletions
diff --git a/tests/config/dovecot/ssl.conf b/tests/config/dovecot/ssl.conf
index 2d68c80..3fd99d5 100644
--- a/tests/config/dovecot/ssl.conf
+++ b/tests/config/dovecot/ssl.conf
@@ -2,3 +2,4 @@ ssl = required
ssl_cert = <dovecot.rsa.crt
ssl_key = <dovecot.rsa.key
ssl_dh = <dhparams.pem
+ssl_min_protocol = TLSv1
diff --git a/tests/config/openssl.cnf b/tests/config/openssl.cnf
new file mode 100644
index 0000000..980097d
--- /dev/null
+++ b/tests/config/openssl.cnf
@@ -0,0 +1,14 @@
+# as we want to test TLSv1 we need to set MinProtocol=None, see
+# see /usr/share/doc/libssl1.1/NEWS.Debian.gz
+
+openssl_conf = default_conf
+
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = None
+CipherString = DEFAULT
diff --git a/tests/run b/tests/run
index 994c257..29384ec 100755
--- a/tests/run
+++ b/tests/run
@@ -57,11 +57,13 @@ mkdir -- "$TMPDIR" "$ROOTDIR/home"
declare -a REMOTES=()
# Set environment for the given user
+OPENSSL_CONF="$BASEDIR/config/openssl.cnf"
environ_set() {
local user="$1" home
eval home="\$HOME_$user"
ENVIRON=(
PATH="$PATH"
+ OPENSSL_CONF="$OPENSSL_CONF"
USER="$user"
HOME="$home"
XDG_CONFIG_HOME="$home/.config"
@@ -443,7 +445,7 @@ passed() {
# Run test in a sub-shell
declare -a ENVIRON=()
environ_set "local"
-export TMPDIR TESTDIR STDERR "${ENVIRON[@]}"
+export TMPDIR TESTDIR STDERR "${ENVIRON[@]}" OPENSSL_CONF
export -f environ_set doveadm interimap interimap_init pullimap _interimap_cmd
export -f sqlite3 sample_message deliver ptree_abort step_start step_done passed
export -f check_mailbox_status check_mailbox_status_values check_mailbox_status2
diff --git a/tests/starttls/t b/tests/starttls/t
index 55caf99..62b2151 100644
--- a/tests/starttls/t
+++ b/tests/starttls/t
@@ -22,7 +22,7 @@ grep -Fx "remote: C: 000000 STARTTLS" <"$STDERR" || error
grep -Fx "remote: C: 000001 CAPABILITY" <"$STDERR" || error
grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" <"$STDERR" || error
-grep "^remote: SSL protocol: TLSv1\.[23] " <"$STDERR" || error
+grep "^remote: SSL protocol: TLSv" <"$STDERR" || error
grep "^remote: SSL cipher: " <"$STDERR" || error
check_mailbox_status "INBOX"
diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t
index 2461a1f..17018a6 100644
--- a/tests/tls-verify-peer/t
+++ b/tests/tls-verify-peer/t
@@ -31,7 +31,7 @@ verified_peer() {
[ -s "$TMPDIR/preverify" ] || error
! grep -Fvx "preverify=1" <"$TMPDIR/preverify" || error
- grep "^remote: SSL protocol: TLSv1\.[23] " <"$STDERR" || error
+ grep "^remote: SSL protocol: TLSv" <"$STDERR" || error
grep "^remote: SSL cipher: " <"$STDERR" || error
check_mailbox_status "INBOX"
diff --git a/tests/tls/t b/tests/tls/t
index 76f7c14..a674b28 100644
--- a/tests/tls/t
+++ b/tests/tls/t
@@ -9,7 +9,7 @@ done
interimap --debug || error
grep -Fx "remote: Peer certificate fingerprint: sha256\$$X509_SHA256" <"$STDERR" || error
-grep "^remote: SSL protocol: TLSv1\.[23] " <"$STDERR" || error
+grep "^remote: SSL protocol: TLSv" <"$STDERR" || error
grep "^remote: SSL cipher: " <"$STDERR" || error
check_mailbox_status "INBOX"