def test_is_acceptable_protocols(self): from certbot_postfix.util import is_acceptable_value # SSLv2 and SSLv3 are both not supported, unambiguously self.assertFalse( is_acceptable_value('tls_mandatory_protocols_lol', 'SSLv2, SSLv3', None)) self.assertFalse( is_acceptable_value('tls_protocols_lol', 'SSLv2, SSLv3', None)) self.assertFalse( is_acceptable_value('tls_protocols_lol', '!SSLv2, !TLSv1', None)) self.assertFalse( is_acceptable_value('tls_protocols_lol', '!SSLv2, SSLv3, !SSLv3, ', None)) self.assertTrue( is_acceptable_value('tls_protocols_lol', '!SSLv2, !SSLv3', None)) self.assertTrue( is_acceptable_value('tls_protocols_lol', '!SSLv3, !TLSv1, !SSLv2', None)) # TLSv1.2 is supported unambiguously self.assertFalse( is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1,', None)) self.assertFalse( is_acceptable_value('tls_protocols_lol', 'TLSv1.2, !TLSv1.2,', None)) self.assertTrue( is_acceptable_value('tls_protocols_lol', 'TLSv1.2, ', None)) self.assertTrue( is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1, TLSv1.2', None))
def _set_vars(self, var_dict): """Sets all parameters in var_dict to config file. If current value is already set as more secure (acceptable), then don't set/overwrite it. """ for param, acceptable in six.iteritems(var_dict): if not util.is_acceptable_value(param, self.postconf.get(param), acceptable): self.postconf.set(param, acceptable[0], acceptable)
def test_is_acceptable_protocols(self): from certbot_postfix.util import is_acceptable_value # SSLv2 and SSLv3 are both not supported, unambiguously self.assertFalse(is_acceptable_value('tls_mandatory_protocols_lol', 'SSLv2, SSLv3', None)) self.assertFalse(is_acceptable_value('tls_protocols_lol', 'SSLv2, SSLv3', None)) self.assertFalse(is_acceptable_value('tls_protocols_lol', '!SSLv2, !TLSv1', None)) self.assertFalse(is_acceptable_value('tls_protocols_lol', '!SSLv2, SSLv3, !SSLv3, ', None)) self.assertTrue(is_acceptable_value('tls_protocols_lol', '!SSLv2, !SSLv3', None)) self.assertTrue(is_acceptable_value('tls_protocols_lol', '!SSLv3, !TLSv1, !SSLv2', None)) # TLSv1.2 is supported unambiguously self.assertFalse(is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1,', None)) self.assertFalse(is_acceptable_value('tls_protocols_lol', 'TLSv1.2, !TLSv1.2,', None)) self.assertTrue(is_acceptable_value('tls_protocols_lol', 'TLSv1.2, ', None)) self.assertTrue(is_acceptable_value('tls_protocols_lol', 'TLSv1, TLSv1.1, TLSv1.2', None))
def test_is_acceptable_tuples(self): from certbot_postfix.util import is_acceptable_value self.assertTrue( is_acceptable_value('name', 'value', ('value', 'value1'))) self.assertFalse( is_acceptable_value('name', 'bad', ('value', 'value1')))
def test_no_acceptable_value(self): from certbot_postfix.util import is_acceptable_value self.assertFalse(is_acceptable_value('name', 'value', None))
def test_is_acceptable_tuples(self): from certbot_postfix.util import is_acceptable_value self.assertTrue(is_acceptable_value('name', 'value', ('value', 'value1'))) self.assertFalse(is_acceptable_value('name', 'bad', ('value', 'value1')))