Latest revision as of 08:40, 30 March 2017

Description

Sanity of crypto-policies

How to test

We will test if at least some utilities using different libraries (gnutls, openssl, nss) pay attention to crypto policy setting

Check LEGACY profile

update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"

echo https://bugzilla.redhat.com/show_bug.cgi?id=1437213 >/dev/null
echo wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget LEGACY rc4" >/dev/null

echo https://bugzilla.redhat.com/show_bug.cgi?id=1437209 >/dev/null
echo '(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null || echo "FAIL s_client LEGACY rc4"' >/dev/null

curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"

Check DEFAULT profile

update-crypto-policies --set DEFAULT || echo "FAIL update DEFAULT"
wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null && echo "FAIL s_client DEFAULT rc4"

echo https://bugzilla.redhat.com/show_bug.cgi?id=1437363 >/dev/null
echo '(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null || echo "FAIL s_client DEFAULT 3des"' >/dev/null

curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"

Check FUTURE profile

update-crypto-policies --set FUTURE || echo "FAIL update FUTURE"
wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null && echo "FAIL s_client FUTURE 3des"
(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect mozilla-modern.badssl.com:443 -servername mozilla-modern.badssl.com &>/dev/null || echo "FAIL s_client FUTURE modern"
curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"

Expected Results

Commands complete without FAIL being printed.

@@ Line 2: / Line 2: @@
 |description=Sanity of crypto-policies
 |actions=
-We will test if system actually pays attention to crypto policy setting
+We will test if at least some utilities using different libraries (gnutls, openssl, nss) pay attention to crypto policy setting
 # Check LEGACY profile
 #:<pre>
 #::update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
-#::wget -O - https://rc4.badssl.com/ || echo "FAIL wget rc4"
+#::
+#::echo https://bugzilla.redhat.com/show_bug.cgi?id=1437213 >/dev/null
+#::echo wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget LEGACY rc4" >/dev/null
+#::
+#::echo https://bugzilla.redhat.com/show_bug.cgi?id=1437209 >/dev/null
+#::echo '(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null || echo "FAIL s_client LEGACY rc4"' >/dev/null
+#::
 #::curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"</pre>
 # Check DEFAULT profile
 #:<pre>
 #::update-crypto-policies --set DEFAULT || echo "FAIL update DEFAULT"
-#::wget -O - https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
+#::wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
-#::wget -O - https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
+#::wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
+#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null && echo "FAIL s_client DEFAULT rc4"
+#::
+#::echo https://bugzilla.redhat.com/show_bug.cgi?id=1437363 >/dev/null
+#::echo '(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null || echo "FAIL s_client DEFAULT 3des"' >/dev/null
+#::
 #::curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
 #::curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"</pre>
@@ Line 18: / Line 29: @@
 #:<pre>
 #::update-crypto-policies --set FUTURE || echo "FAIL update FUTURE"
-#::wget -O - https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
+#::wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
-#::wget -O - https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
+#::wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
+#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null && echo "FAIL s_client FUTURE 3des"
+#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect mozilla-modern.badssl.com:443 -servername mozilla-modern.badssl.com &>/dev/null || echo "FAIL s_client FUTURE modern"
 #::curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
 #::curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"</pre>
 |results=
-# commands complete without <code>FAIL</code> being printed
+Commands complete without <code>FAIL</code> being printed.
 }}

Search

QA:Testcase CryptoPolicies Sanity: Difference between revisions

Latest revision as of 08:40, 30 March 2017

Description

How to test

Expected Results