File diff e9c5e116996a → 4c0b2aa9cb69
roles/mail_server/molecule/default/tests/test_optional.py
Show inline comments
 
@@ -87,13 +87,7 @@ def test_postfix_main_cf_file_content(host):
 
    Tests if the Postfix main configuration file content is correct.
 
    """
 

			




	
	
	
		
 
    # Ugly hack, but not sure how to make it work otherwise. IP

			




	
	
	
		
 
    # address of client1 (jessie/stretch variant).

			




	
	
	
		
 
    distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]

			




	
	
	
		
 
    if distribution_release == "jessie":

			




	
	
	
		
 
        allow_relay_from_ip = "10.31.127.20"

			




	
	
	
		
 
    elif distribution_release == "stretch":

			




	
	
	
		
 
        allow_relay_from_ip = "10.31.127.22"

			




	
	
	
		
 
    allow_relay_from_ip = "10.31.127.22"

			




	
	
	
		
 

			




	
	
	
		
 
    hostname = host.run('hostname').stdout.strip()

			




	
	
	
		
 

			




	
	
		
 
@@ -198,15 +192,11 @@ def test_imap_tls_configuration(host):

			




	
	
	
		
 

			




	
	
	
		
 
    starttls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -starttls imap -no_tls1_1 -no_tls1_2 -connect parameters-optional:143")

			




	
	
	
		
 
    assert starttls.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert "write:errno=104" in starttls.stderr or 'SSL alert number 70' in starttls.stderr

			




	
	
	
		
 
    assert 'SSL alert number 70' in starttls.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    tls = host.run("echo 'a0001 LOGOUT' | openssl s_client -quiet -no_tls1_1 -no_tls1_2 -connect parameters-optional:993")

			




	
	
	
		
 
    assert tls.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert "write:errno=104" in tls.stderr or 'SSL alert number 70' in tls.stderr

			




	
	
	
		
 
    assert 'SSL alert number 70' in tls.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    # Test at least one strong TLS cipher.

			




	
	
	
		
 
    starttls_cipher = host.run("echo 'a0001 LOGOUT' | openssl s_client -starttls imap -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:143")

			




	
	
		
 
@@ -282,9 +272,7 @@ def test_postfix_tls_configuration(host):

			




	
	
	
		
 

			




	
	
	
		
 
    starttls = host.run("echo 'QUIT' | openssl s_client -quiet -starttls smtp -no_tls1_1 -no_tls1_2 -connect parameters-optional:587")

			




	
	
	
		
 
    assert starttls.rc != 0

			




	
	
	
		
 
    # First error message from OpenSSL in Debian 8 Jessie, second from

			




	
	
	
		
 
    # OpenSSL in Debian 9 Stretch.

			




	
	
	
		
 
    assert 'write:errno=104' in starttls.stderr or 'SSL alert number 70' in starttls.stderr

			




	
	
	
		
 
    assert 'SSL alert number 70' in starttls.stderr

			




	
	
	
		
 

			




	
	
	
		
 
    # Test ciphers for default port (less restrictive).

			




	
	
	
		
 
    starttls_cipher = host.run("echo 'QUIT' | openssl s_client -starttls smtp -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-optional:25")

			




        

    



    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.