|
 |
f92ce9 |
From 8a412f7c540ac2925ad33ee633e60bf7e55e929c Mon Sep 17 00:00:00 2001
|
|
|
f92ce9 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
f92ce9 |
Date: Wed, 22 Oct 2014 17:11:17 -0700
|
|
|
f92ce9 |
Subject: [PATCH 23/28] Ticket 47928 - CI test: added test cases for ticket
|
|
|
f92ce9 |
47928
|
|
|
f92ce9 |
|
|
|
f92ce9 |
Description:
|
|
|
f92ce9 |
test_ticket47928_run_0 - Test Case 13 - No SSL version config parameters
|
|
|
f92ce9 |
test_ticket47928_run_1 - Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
|
|
|
f92ce9 |
test_ticket47928_run_2 - Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
|
|
|
f92ce9 |
test_ticket47928_run_3 - Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
|
|
|
f92ce9 |
|
|
|
f92ce9 |
(cherry picked from commit 958be1271ab440a15649046e7927b44b57a4e19a)
|
|
|
f92ce9 |
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
f92ce9 |
---
|
|
|
f92ce9 |
dirsrvtests/tickets/ticket47838_test.py | 165 +++++++++++++++++++++++++++++++-
|
|
|
f92ce9 |
1 file changed, 161 insertions(+), 4 deletions(-)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
|
|
|
f92ce9 |
index c98c36e..50a4b50 100644
|
|
|
f92ce9 |
--- a/dirsrvtests/tickets/ticket47838_test.py
|
|
|
f92ce9 |
+++ b/dirsrvtests/tickets/ticket47838_test.py
|
|
|
f92ce9 |
@@ -201,7 +201,8 @@ def test_ticket47838_init(topology):
|
|
|
f92ce9 |
|
|
|
f92ce9 |
log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
|
|
|
f92ce9 |
topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'on'),
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
|
|
|
f92ce9 |
(ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),
|
|
|
f92ce9 |
(ldap.MOD_REPLACE, 'allowWeakCipher', 'on'),
|
|
|
f92ce9 |
(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])
|
|
|
f92ce9 |
@@ -645,19 +646,171 @@ def test_ticket47838_run_11(topology):
|
|
|
f92ce9 |
|
|
|
f92ce9 |
comp_nsSSLEnableCipherCount(topology, 0)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
+def test_ticket47928_run_0(topology):
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ No SSL version config parameters.
|
|
|
f92ce9 |
+ Check SSL3 (TLS1.0) is off.
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ _header(topology, 'Test Case 13 - No SSL version config parameters')
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
+ # add them once and remove them
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2')])
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3', None),
|
|
|
f92ce9 |
+ (ldap.MOD_DELETE, 'nsTLS1', None),
|
|
|
f92ce9 |
+ (ldap.MOD_DELETE, 'sslVersionMin', None),
|
|
|
f92ce9 |
+ (ldap.MOD_DELETE, 'sslVersionMax', None)])
|
|
|
f92ce9 |
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ log.info("\n######################### Restarting the server ######################\n")
|
|
|
f92ce9 |
+ topology.standalone.stop(timeout=10)
|
|
|
f92ce9 |
+ os.system('mv %s %s.47838_11' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
+ os.system('touch %s' % (topology.standalone.errlog))
|
|
|
f92ce9 |
+ topology.standalone.start(timeout=120)
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Default SSL Version settings; Configuring the version range as min: TLS1.1"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+def test_ticket47928_run_1(topology):
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
|
|
|
f92ce9 |
+ Check sslVersionMax is ignored.
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ _header(topology, 'Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax')
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.2'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.1')])
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ log.info("\n######################### Restarting the server ######################\n")
|
|
|
f92ce9 |
+ topology.standalone.stop(timeout=10)
|
|
|
f92ce9 |
+ os.system('mv %s %s.47838_12' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
+ os.system('touch %s' % (topology.standalone.errlog))
|
|
|
f92ce9 |
+ topology.standalone.start(timeout=120)
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "The min value of NSS version range"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.2, max: TLS1"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+def test_ticket47928_run_2(topology):
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
|
|
|
f92ce9 |
+ Conflict between nsSSL3 and range; nsSSL3 is disabled
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ _header(topology, 'Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'nsSSL3', 'on')])
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ log.info("\n######################### Restarting the server ######################\n")
|
|
|
f92ce9 |
+ topology.standalone.stop(timeout=10)
|
|
|
f92ce9 |
+ os.system('mv %s %s.47838_13' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
+ os.system('touch %s' % (topology.standalone.errlog))
|
|
|
f92ce9 |
+ topology.standalone.start(timeout=120)
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the supported range."' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+def test_ticket47928_run_3(topology):
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
|
|
|
f92ce9 |
+ Conflict between nsSSL3/nsTLS1 and range; nsSSL3 is disabled; nsTLS1 is enabled.
|
|
|
f92ce9 |
+ """
|
|
|
f92ce9 |
+ _header(topology, 'Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'nsSSL3', 'on'),
|
|
|
f92ce9 |
+ (ldap.MOD_REPLACE, 'nsTLS1', 'off')])
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ log.info("\n######################### Restarting the server ######################\n")
|
|
|
f92ce9 |
+ topology.standalone.stop(timeout=10)
|
|
|
f92ce9 |
+ os.system('mv %s %s.47838_14' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
+ os.system('touch %s' % (topology.standalone.errlog))
|
|
|
f92ce9 |
+ topology.standalone.start(timeout=120)
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the configured range."' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
|
|
|
f92ce9 |
+ if errmsg != "":
|
|
|
f92ce9 |
+ log.info("Expected message:")
|
|
|
f92ce9 |
+ log.info("%s" % errmsg.readline())
|
|
|
f92ce9 |
+ else:
|
|
|
f92ce9 |
+ log.info("Expected message was not found")
|
|
|
f92ce9 |
+ assert False
|
|
|
f92ce9 |
+
|
|
|
f92ce9 |
def test_ticket47838_run_last(topology):
|
|
|
f92ce9 |
"""
|
|
|
f92ce9 |
Check nssSSL3Chiphers: all <== invalid value
|
|
|
f92ce9 |
All ciphers are disabled.
|
|
|
f92ce9 |
"""
|
|
|
f92ce9 |
- _header(topology, 'Test Case 13 - Check nssSSL3Chiphers: all, which is invalid')
|
|
|
f92ce9 |
+ _header(topology, 'Test Case 17 - Check nssSSL3Chiphers: all, which is invalid')
|
|
|
f92ce9 |
|
|
|
f92ce9 |
topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])
|
|
|
f92ce9 |
topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'all')])
|
|
|
f92ce9 |
|
|
|
f92ce9 |
log.info("\n######################### Restarting the server ######################\n")
|
|
|
f92ce9 |
topology.standalone.stop(timeout=10)
|
|
|
f92ce9 |
- os.system('mv %s %s.47838_10' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
+ os.system('mv %s %s.47838_15' % (topology.standalone.errlog, topology.standalone.errlog))
|
|
|
f92ce9 |
os.system('touch %s' % (topology.standalone.errlog))
|
|
|
f92ce9 |
topology.standalone.start(timeout=120)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
@@ -671,7 +824,7 @@ def test_ticket47838_run_last(topology):
|
|
|
f92ce9 |
|
|
|
f92ce9 |
comp_nsSSLEnableCipherCount(topology, 0)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
- topology.standalone.log.info("ticket47838, 47880, 47908 were successfully verified.");
|
|
|
f92ce9 |
+ topology.standalone.log.info("ticket47838, 47880, 47908, 47928 were successfully verified.");
|
|
|
f92ce9 |
|
|
|
f92ce9 |
def test_ticket47838_final(topology):
|
|
|
f92ce9 |
topology.standalone.simple_bind_s(DN_DM, PASSWORD)
|
|
|
f92ce9 |
@@ -706,6 +859,10 @@ def run_isolated():
|
|
|
f92ce9 |
test_ticket47838_run_9(topo)
|
|
|
f92ce9 |
test_ticket47838_run_10(topo)
|
|
|
f92ce9 |
test_ticket47838_run_11(topo)
|
|
|
f92ce9 |
+ test_ticket47928_run_0(topo)
|
|
|
f92ce9 |
+ test_ticket47928_run_1(topo)
|
|
|
f92ce9 |
+ test_ticket47928_run_2(topo)
|
|
|
f92ce9 |
+ test_ticket47928_run_3(topo)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
test_ticket47838_run_last(topo)
|
|
|
f92ce9 |
|
|
|
f92ce9 |
--
|
|
|
f92ce9 |
1.9.3
|
|
|
f92ce9 |
|