|
@@ -408,3 +408,42 @@ def test_imap_server_uses_correct_dh_parameters(host):
|
|
|
"--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' localhost")
|
|
|
|
|
|
assert " - Using prime: 2048 bits" in connection.stdout
|
|
|
|
|
|
|
|
|
def test_imap_and_smtp_tls_files(host):
|
|
|
"""
|
|
|
Tests if IMAP and SMTP TLS private keys and certificates have been
|
|
|
deployed correctly.
|
|
|
"""
|
|
|
|
|
|
hostname = host.run('hostname').stdout.strip()
|
|
|
|
|
|
with host.sudo():
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/private/%s_smtp.key' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'root'
|
|
|
assert tls_file.mode == 0o640
|
|
|
assert tls_file.content_string == open("tests/data/x509/%s_smtp.key.pem" % hostname, "r").read().rstrip()
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/certs/%s_smtp.pem' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'root'
|
|
|
assert tls_file.mode == 0o644
|
|
|
assert tls_file.content_string == open("tests/data/x509/%s_smtp.cert.pem" % hostname, "r").read().rstrip()
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/private/%s_imap.key' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'root'
|
|
|
assert tls_file.mode == 0o640
|
|
|
assert tls_file.content_string == open("tests/data/x509/%s_imap.key.pem" % hostname, "r").read().rstrip()
|
|
|
|
|
|
tls_file = host.file('/etc/ssl/certs/%s_imap.pem' % hostname)
|
|
|
assert tls_file.is_file
|
|
|
assert tls_file.user == 'root'
|
|
|
assert tls_file.group == 'root'
|
|
|
assert tls_file.mode == 0o644
|
|
|
assert tls_file.content_string == open("tests/data/x509/%s_imap.cert.pem" % hostname, "r").read().rstrip()
|