diff --git a/test/mail_dhparams_default.bats b/test/mail_dhparams_default.bats index bfc18db2..97c081f0 100644 --- a/test/mail_dhparams_default.bats +++ b/test/mail_dhparams_default.bats @@ -1,5 +1,17 @@ load 'test_helper/common' +# Test case +# --------- +# By default, this image is using audited FFDHE groups (https://github.com/tomav/docker-mailserver/pull/1463) +# +# This test suite cover the described situation for ONE_DIR=1 and for ONE_DIR=0. +# +# Description: +# - when using a default DHE parameters: +# ~ repo FFDHE4096 file is unchanged. +# ~ ffdhe4096 params file is copied in postfix and dovecot configuration. + + function setup() { run_setup_file_if_necessary } diff --git a/test/mail_dhparams_manual_not_one_dir.bats b/test/mail_dhparams_manual_not_one_dir.bats index 620bec0a..eb713dfe 100644 --- a/test/mail_dhparams_manual_not_one_dir.bats +++ b/test/mail_dhparams_manual_not_one_dir.bats @@ -1,5 +1,18 @@ load 'test_helper/common' +# Test case +# --------- +# By default, this image is using audited FFDHE groups (https://github.com/tomav/docker-mailserver/pull/1463) +# However, an advanced user could want to supply custom DHE parameters. +# +# This test suite cover the described situation when ONE_DIR=0 is set. +# +# Description: +# - when using a CUSTOM DHE parameters: +# ~ custom dhe params file is copied in postfix and dovecot configuration. +# ~ a warning is raised about usage of insecure parameters. + + function setup() { run_setup_file_if_necessary } @@ -10,7 +23,7 @@ function teardown() { function setup_file() { # copy the custom DHE params in local config - cp `pwd`/test/test-files/ssl/ffdhe2048.pem `pwd`/test/config/dhparams.pem + cp `pwd`/test/test-files/ssl/custom-dhe-params.pem `pwd`/test/config/dhparams.pem docker run -d --name mail_manual_dhparams_not_one_dir \ -v "`pwd`/test/config":/tmp/docker-mailserver \ @@ -33,7 +46,7 @@ function teardown_file() { } @test "checking dhparams: ONE_DIR=0 check manual dhparams is used" { - test_checksum=$(sha512sum "$(pwd)/test/test-files/ssl/ffdhe2048.pem" | awk '{print $1}') + test_checksum=$(sha512sum "$(pwd)/test/test-files/ssl/custom-dhe-params.pem" | awk '{print $1}') run echo "$test_checksum" refute_output '' # checksum must not be empty diff --git a/test/mail_dhparams_manual_one_dir.bats b/test/mail_dhparams_manual_one_dir.bats index 1496172d..d9ce6d64 100644 --- a/test/mail_dhparams_manual_one_dir.bats +++ b/test/mail_dhparams_manual_one_dir.bats @@ -1,5 +1,17 @@ load 'test_helper/common' +# Test case +# --------- +# By default, this image is using audited FFDHE groups (https://github.com/tomav/docker-mailserver/pull/1463) +# However, an advanced user could want to supply custom DHE parameters. +# +# This test suite cover the described situation when ONE_DIR=1 is set. +# +# Description: +# - when using a CUSTOM DHE parameters: +# ~ custom dhe params file is copied in postfix and dovecot configuration. +# ~ a warning is raised about usage of insecure parameters. + function setup() { run_setup_file_if_necessary } @@ -12,7 +24,7 @@ function setup_file() { docker run -d --name mail_manual_dhparams_one_dir \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \ - -v "`pwd`/test/test-files/ssl/ffdhe2048.pem":/var/mail-state/lib-shared/dhparams.pem:ro \ + -v "`pwd`/test/test-files/ssl/custom-dhe-params.pem":/var/mail-state/lib-shared/dhparams.pem:ro \ -e DMS_DEBUG=0 \ -e ONE_DIR=1 \ -h mail.my-domain.com -t ${NAME} @@ -29,7 +41,7 @@ function teardown_file() { } @test "checking dhparams: ONE_DIR=1 check manual dhparams is used" { - test_checksum=$(sha512sum "$(pwd)/test/test-files/ssl/ffdhe2048.pem" | awk '{print $1}') + test_checksum=$(sha512sum "$(pwd)/test/test-files/ssl/custom-dhe-params.pem" | awk '{print $1}') run echo "$test_checksum" refute_output '' # checksum must not be empty diff --git a/test/test-files/ssl/ffdhe2048.pem b/test/test-files/ssl/custom-dhe-params.pem similarity index 100% rename from test/test-files/ssl/ffdhe2048.pem rename to test/test-files/ssl/custom-dhe-params.pem