On 25.11.2014 10:43, Petr Spacek wrote:
> On 7.11.2014 14:41, Martin Kosek wrote:
>> FreeIPA team will soon grow with a new member focusing on upstream QE tests. 
>> I
>> would like to collect ideas what are the biggest gaps in the current upstream
>> test suite from your POV.
>>
>> Existing requests are tracked here:
>> https://fedorahosted.org/freeipa/query?status=assigned&status=new&status=reopened&component=Tests&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priority&col=milestone&group=milestone&order=priority
>>
>>
>> First idea that I head proposed are Upgrade tests. These are often done
>> manually. I think that upgrade test from currently supported FreeIPA/Fedora
>> version would go a long way (like 3.3.5 on F20 upgraded built RPMs and 
>> running
>> unit tests).
>>
>> Second, it would be nice to try testing FreeIPA server in a container. Not
>> only it would verify our container efforts, but it may also allow easy
>> multi-master tests on one Jenkins VM or local host instead of expensive VM
>> orchestration.
>>
>> Any other areas worth focusing on (besides of course testing newly developed
>> features)?
> 
> At least simple automated MitM attack against TLS.
> 
> First thing which comes to mind is CLI<->server interaction and also
> certmonger<->server interaction.
> 
> TLS is hard to get right and if I recall it correctly we already had a problem
> with certificate validation...

Related link:
http://thehackernews.com/2014/11/nogotofail-Network-Security-Testing-Tool.html

"The Nogotofail tool requires Python 2.7 and pyOpenSSL>=0.13. It features an
on-path network Man-in-the-Middle (MiTM), designed to work on Linux machines,
as well and optional clients for the devices being tested."

-- 
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to