From Fedora Project Wiki

(Created page with "{{QA/Test_Case |description=Sanity of crypto-policies |actions= We will test if system actually pays attention to crypto policy setting # Setup server using only LEGACY cipher...")
 
No edit summary
Line 3: Line 3:
|actions=
|actions=
We will test if system actually pays attention to crypto policy setting
We will test if system actually pays attention to crypto policy setting
# Prepare test directory for simplw https server
#:<pre>
#::dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html</pre>
# Switch to LEGACY policy
#:<pre>
#::update-crypto-policies --set LEGACY || echo FAIL</pre>
# Setup server using only LEGACY ciphers
# Setup server using only LEGACY ciphers
#:<pre>
#:<pre>
#::dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html && \
#::openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &</pre>
#::openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO </pre>
# Switch to LEGACY policy and make sure connection works
#:<pre>
#::update-crypto-policies --set LEGACY  curl localhost:4433 |grep CONNECTED</pre>
# Check OpenSSL software can connect
# Check OpenSSL software can connect
#: <pre>
#: <pre>
#:: wget -O - localhost:4433 |grep CONNECTED</pre>
#:: wget -O - localhost:4433 |grep CONNECTED || echo FAIL</pre>
# Check NSS software can connect
#:<pre>
#::curl localhost:4433 |grep CONNECTED || echo FAIL</pre>
# Switch to policy NORMAL
#:<pre>
#::update-crypto-policies --set NORMAL || echo FAIL</pre>
# Check OpenSSL software can NOT connect
#:<pre>
#::wget -O - localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Check NSS software can NOT connect
#:<pre>
#::curl localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Switch to policy FUTURE
#:<pre>
#::update-crypto-policies --set FUTURE || echo FAIL</pre>
# Check OpenSSL software can NOT connect
#:<pre>
#::wget -O - localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Check NSS software can NOT connect
#:<pre>
#::curl localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Cleanup test directory
#:<pre>
#::rm -rf $dir</pre>
|results=
|results=
# Step #1 completes without error
# Step #1 completes without error
# command prints <code>CONNECTED</code>
# commands complete without <code>FAILcode> being printed
# command prints <code>CONNECTED</code>
}}
}}

Revision as of 18:03, 24 March 2017

Description

Sanity of crypto-policies


How to test

We will test if system actually pays attention to crypto policy setting

  1. Prepare test directory for simplw https server 
    dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html
  2. Switch to LEGACY policy 
    update-crypto-policies --set LEGACY || echo FAIL
  3. Setup server using only LEGACY ciphers 
    openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &
  4. Check OpenSSL software can connect 
    wget -O - localhost:4433 |grep CONNECTED || echo FAIL
  5. Check NSS software can connect 
    curl localhost:4433 |grep CONNECTED || echo FAIL
  6. Switch to policy NORMAL 
    update-crypto-policies --set NORMAL || echo FAIL
  7. Check OpenSSL software can NOT connect 
    wget -O - localhost:4433 |grep CONNECTED && echo FAIL
  8. Check NSS software can NOT connect 
    curl localhost:4433 |grep CONNECTED && echo FAIL
  9. Switch to policy FUTURE 
    update-crypto-policies --set FUTURE || echo FAIL
  10. Check OpenSSL software can NOT connect 
    wget -O - localhost:4433 |grep CONNECTED && echo FAIL
  11. Check NSS software can NOT connect 
    curl localhost:4433 |grep CONNECTED && echo FAIL
  12. Cleanup test directory 
    rm -rf $dir

Expected Results

  1. Step #1 completes without error
  2. commands complete without FAILcode> being printed



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=488801"