From 30c2bc3c362a4eb6b35560cff0bd95404360fe22 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 17 Dec 2020 13:47:09 +0100 Subject: test suite: use stock OpenSSL config except for tests/tls-protocols. It's best to use a stock (clean) environment when possible. We only need to test TLS protocol version <1.2 for tests/tls-protocols. --- Changelog | 2 +- tests/config/openssl.cnf | 14 -------------- tests/run | 9 +++++---- tests/tls-protocols/openssl.cnf | 14 ++++++++++++++ tests/tls-protocols/t | 3 +++ 5 files changed, 23 insertions(+), 19 deletions(-) delete mode 100644 tests/config/openssl.cnf create mode 100644 tests/tls-protocols/openssl.cnf diff --git a/Changelog b/Changelog index 000e3a1..c401c2d 100644 --- a/Changelog +++ b/Changelog @@ -24,7 +24,7 @@ interimap (0.5.5) upstream; - libinterimap: use Net::SSLeay::get_version() to get the protocol version string. - test suite: `mv tests/snippets tests/config` - - test suite: supply our own OpenSSL configuration file with + - tests/tls-protocols: use custom OpenSSL configuration file with MinProtocol=None so we can test TLSv1 as well, not just TLSv1.2 and later. - test suite: explicitly set ssl_min_protocol=TLSv1 in the Dovecot diff --git a/tests/config/openssl.cnf b/tests/config/openssl.cnf deleted file mode 100644 index 980097d..0000000 --- a/tests/config/openssl.cnf +++ /dev/null @@ -1,14 +0,0 @@ -# as we want to test TLSv1 we need to set MinProtocol=None, see -# see /usr/share/doc/libssl1.1/NEWS.Debian.gz - -openssl_conf = default_conf - -[default_conf] -ssl_conf = ssl_sect - -[ssl_sect] -system_default = system_default_sect - -[system_default_sect] -MinProtocol = None -CipherString = DEFAULT diff --git a/tests/run b/tests/run index 329f3e3..1eaad54 100755 --- a/tests/run +++ b/tests/run @@ -35,6 +35,9 @@ if [ ! -d "$TESTDIR" ]; then exit 1 fi +# cleanup environment +unset OPENSSL_CONF SSL_CERT_FILE SSL_CERT_DIR + ROOTDIR="$(mktemp --tmpdir="${TMPDIR:-/dev/shm}" --directory "$1.XXXXXXXXXX")" declare -a DOVECOT_SERVER=() trap cleanup EXIT INT TERM @@ -57,13 +60,11 @@ mkdir -- "$TMPDIR" "$ROOTDIR/home" declare -a REMOTES=() # Set environment for the given user -OPENSSL_CONF="$BASEDIR/config/openssl.cnf" environ_set() { local user="$1" home eval home="\$HOME_$user" ENVIRON=( PATH="$PATH" - OPENSSL_CONF="$OPENSSL_CONF" USER="$user" HOME="$home" XDG_CONFIG_HOME="$home/.config" @@ -209,6 +210,7 @@ _interimap_cmd() { local script="$1" rv=0 shift environ_set "local" + [ -z "${OPENSSL_CONF+x}" ] || ENVIRON+=( OPENSSL_CONF="$OPENSSL_CONF" ) [ -z "${SSL_CERT_FILE+x}" ] || ENVIRON+=( SSL_CERT_FILE="$SSL_CERT_FILE" ) [ -z "${SSL_CERT_DIR+x}" ] || ENVIRON+=( SSL_CERT_DIR="$SSL_CERT_DIR" ) env -i "${ENVIRON[@]}" perl -I./lib -T "./$script" "$@" 2>"$STDERR" || rv=$? @@ -447,8 +449,7 @@ passed() { # Run test in a sub-shell declare -a ENVIRON=() environ_set "local" -unset SSL_CERT_FILE SSL_CERT_DIR -export TMPDIR TESTDIR STDERR "${ENVIRON[@]}" OPENSSL_CONF +export TMPDIR TESTDIR STDERR "${ENVIRON[@]}" export -f environ_set doveadm interimap interimap_init pullimap _interimap_cmd export -f sqlite3 sample_message deliver ptree_abort step_start step_done passed export -f check_mailbox_status check_mailbox_status_values check_mailbox_status2 diff --git a/tests/tls-protocols/openssl.cnf b/tests/tls-protocols/openssl.cnf new file mode 100644 index 0000000..980097d --- /dev/null +++ b/tests/tls-protocols/openssl.cnf @@ -0,0 +1,14 @@ +# as we want to test TLSv1 we need to set MinProtocol=None, see +# see /usr/share/doc/libssl1.1/NEWS.Debian.gz + +openssl_conf = default_conf + +[default_conf] +ssl_conf = ssl_sect + +[ssl_sect] +system_default = system_default_sect + +[system_default_sect] +MinProtocol = None +CipherString = DEFAULT diff --git a/tests/tls-protocols/t b/tests/tls-protocols/t index c302731..72f7db2 100644 --- a/tests/tls-protocols/t +++ b/tests/tls-protocols/t @@ -5,6 +5,9 @@ interimap --debug || error ! grep -E "^remote: Maximum SSL/TLS protocol version: " <"$STDERR" || error grep -E "^remote: SSL protocol: TLSv" <"$STDERR" || error +# load custom OpenSSL configuration to allow TLS protocol version <=1.1 +export OPENSSL_CONF="$TESTDIR/openssl.cnf" + # backup config install -m0600 "$XDG_CONFIG_HOME/interimap/config" "$XDG_CONFIG_HOME/interimap/config~" with_remote_tls_protocols() { -- cgit v1.2.3