aboutsummaryrefslogtreecommitdiffstats
path: root/tests/tls-verify-peer
Commit message (Collapse)AuthorAgeFiles
* libinterimap: use default locations for trusted CA certificates when neither ↵Guilhem Moulin2020-12-131
| | | | | | | | | | | CAfile nor CApath are set. In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used).
* test suite: ensure we haven't started speaking IMAP when the SSL/TLS ↵Guilhem Moulin2020-12-131
| | | | | | handshake is aborted. (Unless STARTTLS is used to upgrade the connection.)
* test suite: supply our own OpenSSL configuration file with MinProtocol=None.Guilhem Moulin2020-12-111
| | | | | | | | So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later.
* libinterimap: make SSL_verify check the hostname as well.Guilhem Moulin2020-12-112
| | | | | | | | | | More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
* test suite: always generate new certificates on `make test`.Guilhem Moulin2020-12-111
| | | | | In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later.
* libinterimap: show the matching pinned SPKI in --debug mode.Guilhem Moulin2020-12-111
|
* test suite: use a RSA certificate rather than ECDSA.Guilhem Moulin2020-12-091
| | | | | | | | | It's arguably the most common use-case. Generated with $ openssl genpkey -algorithm RSA -out tests/snippets/dovecot/dovecot.rsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.rsa.key \ -out tests/snippets/dovecot/dovecot.rsa.crt
* Test suite: add new tests for SSL/TLS.Guilhem Moulin2019-11-133
SSL connections are accepted on TCP port 10993. Also, fix STARTTLS directive, broken since fba1c36…