def test_is_acceptable_protocols(self):
from certbot_postfix.util import is_acceptable_value
# SSLv2 and SSLv3 are both not supported, unambiguously
self.assertFalse(
is_acceptable_value('tls_mandatory_protocols_lol', 'SSLv2, SSLv3',
None))
self.assertFalse(
is_acceptable_value('tls_protocols_lol', 'SSLv2, SSLv3', None))
self.assertFalse(
is_acceptable_value('tls_protocols_lol', '!SSLv2, !TLSv1', None))
self.assertFalse(
is_acceptable_value('tls_protocols_lol', '!SSLv2, SSLv3, !SSLv3, ',
None))
self.assertTrue(
is_acceptable_value('tls_protocols_lol', '!SSLv2, !SSLv3', None))
self.assertTrue(
is_acceptable_value('tls_protocols_lol', '!SSLv3, !TLSv1, !SSLv2',
None))
# TLSv1.2 is supported unambiguously
self.assertFalse(
is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1,', None))
self.assertFalse(
is_acceptable_value('tls_protocols_lol', 'TLSv1.2, !TLSv1.2,',
None))
self.assertTrue(
is_acceptable_value('tls_protocols_lol', 'TLSv1.2, ', None))
self.assertTrue(
is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1, TLSv1.2',
None))
def _set_vars(self, var_dict):
"""Sets all parameters in var_dict to config file. If current value is already set
as more secure (acceptable), then don't set/overwrite it.
"""
for param, acceptable in six.iteritems(var_dict):
if not util.is_acceptable_value(param, self.postconf.get(param), acceptable):
self.postconf.set(param, acceptable[0], acceptable)
def _set_vars(self, var_dict):
"""Sets all parameters in var_dict to config file. If current value is already set
as more secure (acceptable), then don't set/overwrite it.
"""
for param, acceptable in six.iteritems(var_dict):
if not util.is_acceptable_value(param, self.postconf.get(param), acceptable):
self.postconf.set(param, acceptable[0], acceptable)
def test_is_acceptable_protocols(self):
from certbot_postfix.util import is_acceptable_value
# SSLv2 and SSLv3 are both not supported, unambiguously
self.assertFalse(is_acceptable_value('tls_mandatory_protocols_lol',
'SSLv2, SSLv3', None))
self.assertFalse(is_acceptable_value('tls_protocols_lol',
'SSLv2, SSLv3', None))
self.assertFalse(is_acceptable_value('tls_protocols_lol',
'!SSLv2, !TLSv1', None))
self.assertFalse(is_acceptable_value('tls_protocols_lol',
'!SSLv2, SSLv3, !SSLv3, ', None))
self.assertTrue(is_acceptable_value('tls_protocols_lol',
'!SSLv2, !SSLv3', None))
self.assertTrue(is_acceptable_value('tls_protocols_lol',
'!SSLv3, !TLSv1, !SSLv2', None))
# TLSv1.2 is supported unambiguously
self.assertFalse(is_acceptable_value('tls_protocols_lol',
'TLSv1, TLSv1.1,', None))
self.assertFalse(is_acceptable_value('tls_protocols_lol',
'TLSv1.2, !TLSv1.2,', None))
self.assertTrue(is_acceptable_value('tls_protocols_lol',
'TLSv1.2, ', None))
self.assertTrue(is_acceptable_value('tls_protocols_lol',
'TLSv1, TLSv1.1, TLSv1.2', None))
def test_is_acceptable_tuples(self):
from certbot_postfix.util import is_acceptable_value
self.assertTrue(
is_acceptable_value('name', 'value', ('value', 'value1')))
self.assertFalse(
is_acceptable_value('name', 'bad', ('value', 'value1')))
def test_no_acceptable_value(self):
from certbot_postfix.util import is_acceptable_value
self.assertFalse(is_acceptable_value('name', 'value', None))
def test_is_acceptable_tuples(self):
from certbot_postfix.util import is_acceptable_value
self.assertTrue(is_acceptable_value('name', 'value', ('value', 'value1')))
self.assertFalse(is_acceptable_value('name', 'bad', ('value', 'value1')))
def test_no_acceptable_value(self):
from certbot_postfix.util import is_acceptable_value
self.assertFalse(is_acceptable_value('name', 'value', None))