From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 41: | Line 41: | ||
|results= | |results= | ||
# Step #1 completes without error | # Step #1 completes without error | ||
# commands complete without <code> | # commands complete without <code>FAIL</code> being printed | ||
}} | }} | ||
Revision as of 14:18, 27 March 2017
Description
Sanity of crypto-policies
How to test
We will test if system actually pays attention to crypto policy setting
- Prepare test directory for simple https server
- dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html
- Switch to LEGACY policy
- update-crypto-policies --set LEGACY || echo FAIL
- Setup server using only LEGACY ciphers
- openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &
- Check that OpenSSL software can connect
- wget -O - localhost:4433 |grep CONNECTED || echo FAIL
- Check that NSS software can connect
- curl localhost:4433 |grep CONNECTED || echo FAIL
- Switch to policy NORMAL
- update-crypto-policies --set NORMAL || echo FAIL
- Check OpenSSL software can NOT connect
- wget -O - localhost:4433 |grep CONNECTED && echo FAIL
- Check NSS software can NOT connect
- curl localhost:4433 |grep CONNECTED && echo FAIL
- Switch to policy FUTURE
- update-crypto-policies --set FUTURE || echo FAIL
- Check OpenSSL software can NOT connect
- wget -O - localhost:4433 |grep CONNECTED && echo FAIL
- Check NSS software can NOT connect
- curl localhost:4433 |grep CONNECTED && echo FAIL
- Cleanup test directory
- rm -rf $dir
Expected Results
- Step #1 completes without error
- commands complete without
FAILbeing printed