From Fedora Project Wiki

No edit summary
No edit summary
Line 3: Line 3:
|actions=
|actions=
We will test if at least some utilities using different libraries (gnutls, openssl, nss) pay attention to crypto policy setting
We will test if at least some utilities using different libraries (gnutls, openssl, nss) pay attention to crypto policy setting
# Check LEGACY profile
# Check LEGACY profile - '''currently FAILs''' with gnutls/wget ([https://bugzilla.redhat.com/show_bug.cgi?id=1437213 bug]) and openssl/s_client ([https://bugzilla.redhat.com/show_bug.cgi?id=1437209 bug])
#:<pre>
#:<pre>
#::update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
#::update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"

Revision as of 19:06, 29 March 2017

Description

Sanity of crypto-policies


How to test

We will test if at least some utilities using different libraries (gnutls, openssl, nss) pay attention to crypto policy setting

  1. Check LEGACY profile - currently FAILs with gnutls/wget (bug) and openssl/s_client (bug) 
    update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
    

    wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget LEGACY rc4"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null || echo "FAIL s_client LEGACY rc4"
    

    curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"
  2. Check DEFAULT profile 
    update-crypto-policies --set DEFAULT || echo "FAIL update DEFAULT"
    

    wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
    

    wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null && echo "FAIL s_client DEFAULT rc4
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null || echo "FAIL s_client DEFAULT 3des
    

    curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
    

    curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"
  3. Check FUTURE profile 
    update-crypto-policies --set FUTURE || echo "FAIL update FUTURE"
    

    wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
    

    wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null && echo "FAIL s_client FUTURE 3des
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect mozilla-modern.badssl.com:443 -servername mozilla-modern.badssl.com &>/dev/null || echo "FAIL s_client FUTURE modern
    

    curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
    

    curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"

Expected Results

  1. commands complete without FAIL being printed



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=489415"