mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
ipatests: add test to check that only TLS 1.2 is enabled in Apache
Related to: https://pagure.io/freeipa/issue/7995 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
73796c7797
commit
14be271533
@ -679,3 +679,23 @@ class TestIPACommand(IntegrationTest):
|
||||
assert 'Modified user "%s"' % (ipauser) in cmd.stdout_text
|
||||
assert 'First name: %s' % (modfirst) in cmd.stdout_text
|
||||
assert 'Last name: %s' % (modlast) in cmd.stdout_text
|
||||
|
||||
def test_enabled_tls_protocols(self):
|
||||
"""Check that only TLS 1.2 is enabled in Apache.
|
||||
|
||||
This is the regression test for issue
|
||||
https://pagure.io/freeipa/issue/7995.
|
||||
"""
|
||||
def is_tls_version_enabled(tls_version):
|
||||
res = self.master.run_command(
|
||||
['openssl', 's_client',
|
||||
'-connect', '{}:443'.format(self.master.hostname),
|
||||
'-{}'.format(tls_version)],
|
||||
stdin_text='\n',
|
||||
ok_returncode=[0, 1]
|
||||
)
|
||||
return res.returncode == 0
|
||||
|
||||
assert not is_tls_version_enabled('tls1')
|
||||
assert not is_tls_version_enabled('tls1_1')
|
||||
assert is_tls_version_enabled('tls1_2')
|
||||
|
Loading…
Reference in New Issue
Block a user