[Freeipa-devel] [freeipa PR#3812][opened] ipatests: add tests to check that only secure TLS protocols are enabled in Apache

Fri, 18 Oct 2019 05:55:21 -0700 

   URL: https://github.com/freeipa/freeipa/pull/3812
Author: wladich
 Title: #3812: ipatests: add tests to check that only secure TLS protocols are 
enabled in Apache
Action: opened

PR body:
"""
Related to: https://pagure.io/freeipa/issue/7995
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3812/head:pr3812
git checkout pr3812

From 884a696e653ee5ebdffe730d82fde34f3ed1009e Mon Sep 17 00:00:00 2001
From: Sergey Orlov <sor...@redhat.com>
Date: Fri, 18 Oct 2019 14:53:02 +0200
Subject: [PATCH] ipatests: add tests to check that only secure TLS protocols
 are enabled in Apache

Related to: https://pagure.io/freeipa/issue/7995
---
 ipatests/test_integration/test_commands.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index d3c6ca9f5a..0648e833f6 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -679,3 +679,18 @@ def test_user_mod_change_capitalization_issue5879(self):
         assert 'Modified user "%s"' % (ipauser) in cmd.stdout_text
         assert 'First name: %s' % (modfirst) in cmd.stdout_text
         assert 'Last name: %s' % (modlast) in cmd.stdout_text
+
+    def is_tls_version_enabled(self, tls_version):
+        res = self.master.run_command(
+            ['openssl', 's_client',
+             '-connect', '{}:443'.format(self.master.hostname),
+             '-{}'.format(tls_version)],
+            stdin_text='\n',
+            ok_returncode=[0, 1]
+        )
+        return res.returncode == 0
+
+    def test_enabled_tls_protocols(self):
+        assert not self.is_tls_version_enabled('tls1')
+        assert not self.is_tls_version_enabled('tls1_1')
+        assert self.is_tls_version_enabled('tls1_2')

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to