From Fedora Project Wiki

Revision as of 14:18, 27 March 2017 by Szidek (talk | contribs)

Description

Sanity of crypto-policies


How to test

We will test if system actually pays attention to crypto policy setting

  1. Prepare test directory for simple https server 
    dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html
  2. Switch to LEGACY policy 
    update-crypto-policies --set LEGACY || echo FAIL
  3. Setup server using only LEGACY ciphers 
    openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &
  4. Check that OpenSSL software can connect 
    wget -O - localhost:4433 |grep CONNECTED || echo FAIL
  5. Check that NSS software can connect 
    curl localhost:4433 |grep CONNECTED || echo FAIL
  6. Switch to policy NORMAL 
    update-crypto-policies --set NORMAL || echo FAIL
  7. Check OpenSSL software can NOT connect 
    wget -O - localhost:4433 |grep CONNECTED && echo FAIL
  8. Check NSS software can NOT connect 
    curl localhost:4433 |grep CONNECTED && echo FAIL
  9. Switch to policy FUTURE 
    update-crypto-policies --set FUTURE || echo FAIL
  10. Check OpenSSL software can NOT connect 
    wget -O - localhost:4433 |grep CONNECTED && echo FAIL
  11. Check NSS software can NOT connect 
    curl localhost:4433 |grep CONNECTED && echo FAIL
  12. Cleanup test directory 
    rm -rf $dir

Expected Results

  1. Step #1 completes without error
  2. commands complete without FAILcode> being printed
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=488883"