Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ticket 49557 - Add config option for checking CRL on outbound SSL Con…
…nections Bug Description: There are cases where a CRL is not available during an outbound replication connection. This is seen as an error by openldap, and the connection fails. Fix Description: Add on/off option for checking the CRL. The default is not to check the CRL. https://pagure.io/389-ds-base/issue/49557 Reviewed by: wibrown, Ludwig Krispenz, Thierry Bordaz
- Loading branch information
1 parent
66ecdf9
commit ca8f1fd
Showing
7 changed files
with
135 additions
and
5 deletions.
There are no files selected for viewing
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# --- BEGIN COPYRIGHT BLOCK --- | ||
# Copyright (C) 2018 Red Hat, Inc. | ||
# All rights reserved. | ||
# | ||
# License: GPL (version 3 or any later version). | ||
# See LICENSE for details. | ||
# --- END COPYRIGHT BLOCK --- | ||
# | ||
|
||
|
||
import pytest | ||
import ldap | ||
from lib389.topologies import topology_st | ||
|
||
def test_tls_check_crl(topology_st): | ||
"""Test that TLS check_crl configurations work as expected. | ||
:id: | ||
:steps: | ||
1. Enable TLS | ||
2. Set invalid value | ||
3. Set valid values | ||
4. Check config reset | ||
:expectedresults: | ||
1. TlS is setup | ||
2. The invalid value is rejected | ||
3. The valid values are used | ||
4. The value can be reset | ||
""" | ||
standalone = topology_st.standalone | ||
# Enable TLS | ||
standalone.enable_tls() | ||
# Check all the valid values. | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'none') | ||
with pytest.raises(ldap.OPERATIONS_ERROR): | ||
standalone.config.set('nsslapd-tls-check-crl', 'tnhoeutnoeutn') | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'none') | ||
|
||
standalone.config.set('nsslapd-tls-check-crl', 'peer') | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'peer') | ||
|
||
standalone.config.set('nsslapd-tls-check-crl', 'none') | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'none') | ||
|
||
standalone.config.set('nsslapd-tls-check-crl', 'all') | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'all') | ||
|
||
standalone.config.remove_all('nsslapd-tls-check-crl') | ||
assert(standalone.config.get_attr_val_utf8('nsslapd-tls-check-crl') == 'none') | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters