From a4accc44ac1fddffba31d9bf52b76738a3562057 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 6 Mar 2024 14:52:56 +0100 Subject: tests/*/t: Explicitly pass `-in /dev/stdin` to openssl(1). --- tests/starttls/t | 2 +- tests/tls-pin-fingerprint/t | 3 ++- tests/tls-rsa+ecdsa/t | 5 +++-- tests/tls-sni/t | 4 ++-- tests/tls-verify-peer/t | 5 +++-- tests/tls/t | 2 +- 6 files changed, 12 insertions(+), 9 deletions(-) diff --git a/tests/starttls/t b/tests/starttls/t index 668419f..7b76469 100644 --- a/tests/starttls/t +++ b/tests/starttls/t @@ -1,5 +1,5 @@ X509_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -noout -fingerprint -sha256 \ + | openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]")" for ((i = 0; i < 32; i++)); do diff --git a/tests/tls-pin-fingerprint/t b/tests/tls-pin-fingerprint/t index c8806c7..6c045a1 100644 --- a/tests/tls-pin-fingerprint/t +++ b/tests/tls-pin-fingerprint/t @@ -1,5 +1,6 @@ PKEY_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -pubkey | openssl pkey -pubin -outform DER \ + | openssl x509 -in /dev/stdin -pubkey \ + | openssl pkey -in /dev/stdin -pubin -outform DER \ | openssl dgst -sha256 | sed -rn "/^.*=\\s*/ {s///p;q}")" INVALID_FPR="sha256\$deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef" INVALID_FPR2="sha256\$deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbee2" diff --git a/tests/tls-rsa+ecdsa/t b/tests/tls-rsa+ecdsa/t index 605d7b6..16ec9d9 100644 --- a/tests/tls-rsa+ecdsa/t +++ b/tests/tls-rsa+ecdsa/t @@ -2,11 +2,12 @@ doveconf_remote() { doveconf -c "$HOME_remote/.dovecot/config" -hx "$1" } pkey_sha256() { - openssl x509 -pubkey | openssl pkey -pubin -outform DER \ + openssl x509 -in /dev/stdin -pubkey \ + | openssl pkey -in /dev/stdin -pubin -outform DER \ | openssl dgst -sha256 | sed -rn "/^.*=\\s*/ {s///p;q}" } x509_sha256() { - openssl x509 -noout -fingerprint -sha256 \ + openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]" } diff --git a/tests/tls-sni/t b/tests/tls-sni/t index 6f3af1f..0565e49 100644 --- a/tests/tls-sni/t +++ b/tests/tls-sni/t @@ -1,9 +1,9 @@ SERVERNAME="imap.example.net" # cf local_name{} section in the dovecot config X509_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -noout -fingerprint -sha256 \ + | openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]")" X509_2_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -f lname="$SERVERNAME" -hx ssl_cert \ - | openssl x509 -noout -fingerprint -sha256 \ + | openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]")" # check that empty SSL_hostname disables SNI diff --git a/tests/tls-verify-peer/t b/tests/tls-verify-peer/t index 7e50b24..ee4cd88 100644 --- a/tests/tls-verify-peer/t +++ b/tests/tls-verify-peer/t @@ -1,8 +1,9 @@ X509_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -noout -fingerprint -sha256 \ + | openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]")" PKEY_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -pubkey | openssl pkey -pubin -outform DER \ + | openssl x509 -in /dev/stdin -pubkey \ + | openssl pkey -in /dev/stdin -pubin -outform DER \ | openssl dgst -sha256 | sed -rn "/^.*=\\s*/ {s///p;q}")" unverified_peer() { diff --git a/tests/tls/t b/tests/tls/t index c78925d..aee0678 100644 --- a/tests/tls/t +++ b/tests/tls/t @@ -1,5 +1,5 @@ X509_SHA256="$(doveconf -c "$HOME_remote/.dovecot/config" -hx ssl_cert \ - | openssl x509 -noout -fingerprint -sha256 \ + | openssl x509 -in /dev/stdin -noout -fingerprint -sha256 \ | sed -rn "/^.*=\\s*/ {s///p;q}" | tr -d : | tr "[A-Z]" "[a-z]")" for ((i = 0; i < 32; i++)); do -- cgit v1.2.3