diff options
author | Xavi Hernandez <xhernandez@users.noreply.github.com> | 2020-11-06 12:00:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-06 16:30:18 +0530 |
commit | 7875a5564c0f87ff0a8ef15963d242bda09661fa (patch) | |
tree | 30259110a627315504c2fd7dcbccac9c4680c5ca | |
parent | 24fbfad8f6508c1ede893e57ef87eb0bcdb3430c (diff) | |
download | glusterfs-7875a5564c0f87ff0a8ef15963d242bda09661fa.tar.gz glusterfs-7875a5564c0f87ff0a8ef15963d242bda09661fa.tar.xz glusterfs-7875a5564c0f87ff0a8ef15963d242bda09661fa.zip |
tests: Fix issues in CentOS 8 (#1756)
* tests: Fix issues in CentOS 8
Due to some configuration changes in CentOS 8/RHEL 8, ssl-ciphers.t
and bug-1053579.t were failing.
The first one was failing because TLS v1.0 is disabled by default. The
test hash been updated to check that at least one of TLS v1.0, v1.1 or
v1.2 succeeds.
For the second case, the issue is that the test assumed that the
latest added group to a user should always be listed the last, but
this is not always true because nsswitch.conf now uses 'sss' before
'files', which means that data comes from a db that could not be
sorted.
Updates: #1009
Change-Id: I4ca01a099854ec25926c3d76b3a98072175bab06
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
* tests: Fix TLS version detection
The old test didn't correctly determine which version of TLS should
be allowed by openssl.
Change-Id: Ic081c329d5ed1842fa9f5fd23742ae007738aec0
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
-rwxr-xr-x | tests/bugs/nfs/bug-1053579.t | 4 | ||||
-rw-r--r-- | tests/features/ssl-ciphers.t | 25 |
2 files changed, 23 insertions, 6 deletions
diff --git a/tests/bugs/nfs/bug-1053579.t b/tests/bugs/nfs/bug-1053579.t index 2f53172e24..d62df82876 100755 --- a/tests/bugs/nfs/bug-1053579.t +++ b/tests/bugs/nfs/bug-1053579.t @@ -39,6 +39,10 @@ do done TEST useradd -o -M -u ${NEW_UID} -g ${NEW_GID} -G ${NEW_USER}-${NEW_GIDS} ${NEW_USER} +# It's not guaranteed that the latest added group will be returned as the last +# group for the user. To be sure, we take the latest group returned by 'id' +LAST_GID="$(id -G ${NEW_USER} | tr ' ' '\n' | tail -1)" + # preparation done, start the tests TEST glusterd diff --git a/tests/features/ssl-ciphers.t b/tests/features/ssl-ciphers.t index b70fe360e0..53b6995575 100644 --- a/tests/features/ssl-ciphers.t +++ b/tests/features/ssl-ciphers.t @@ -110,15 +110,28 @@ EXPECT "N" openssl_connect -ssl2 -connect $H0:$BRICK_PORT # Test SSLv3 protocol fails EXPECT "N" openssl_connect -ssl3 -connect $H0:$BRICK_PORT -# Test TLSv1 protocol based on openssl version -cmd="openssl version" -ver=$(eval $cmd | awk -F " " '{print $2}' | grep "^1.1") -if [ "x${ver}" = "x" ]; then - supp="N" +TLS10="$(openssl_connect -tls1 -connect $H0:$BRICK_PORT)" +TLS11="$(openssl_connect -tls1_1 -connect $H0:$BRICK_PORT)" +TLS12="$(openssl_connect -tls1_2 -connect $H0:$BRICK_PORT)" +TLS13="$(openssl_connect -tls1_3 -connect $H0:$BRICK_PORT)" + +# TLS support depends on openssl version. +# +# TLS v1.0 requires openssl v0.9.6 or higher +# TLS v1.1 requires openssl v1.0.1 or higher +# TLS v1.2 requires openssl v1.0.1 or higher +# TLS v1.3 requires openssl v1.1.1 or higher +# +# If TLS is supported by the current version of openssl, at least one of the +# protocols should connect successfully. Otherwise all connections should fail. + +if [[ "$(openssl version | awk '{ print $2; }')" < "0.9.6" ]]; then + supp="^NNNN$" else supp="Y" fi -EXPECT "${supp}" openssl_connect -tls1 -connect $H0:$BRICK_PORT + +EXPECT "${supp}" echo "${TLS10}${TLS11}${TLS12}${TLS13}" # Test a HIGH CBC cipher cph=`check_cipher -cipher AES256-SHA -connect $H0:$BRICK_PORT` |