def test_init(topology_st): """ Generate self signed cert and import it to the DS cert db. Enable SSL """ _header(topology_st, 'Testing Ticket 48194 - harden the list of ciphers available by default') nss_ssl = NssSsl(dbpath=topology_st.standalone.get_cert_dir()) nss_ssl.reinit() nss_ssl.create_rsa_ca() nss_ssl.create_rsa_key_and_cert() log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n") topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) topology_st.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', b'off'), (ldap.MOD_REPLACE, 'nsTLS1', b'on'), (ldap.MOD_REPLACE, 'nsSSLClientAuth', b'allowed'), (ldap.MOD_REPLACE, 'allowWeakCipher', b'on'), (ldap.MOD_REPLACE, 'nsSSL3Ciphers', b'+all')]) topology_st.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', b'on'), (ldap.MOD_REPLACE, 'nsslapd-ssl-check-hostname', b'off'), (ldap.MOD_REPLACE, 'nsslapd-secureport', ensure_bytes(LDAPSPORT))]) if ds_is_older('1.4.0'): topology_st.standalone.add_s(Entry((RSA_DN, {'objectclass': "top nsEncryptionModule".split(), 'cn': RSA, 'nsSSLPersonalitySSL': SERVERCERT, 'nsSSLToken': 'internal (software)', 'nsSSLActivation': 'on'})))
def enable_ssl(server, ldapsport): server.stop() nss_ssl = NssSsl(dbpath=server.get_cert_dir()) nss_ssl.reinit() nss_ssl.create_rsa_ca() nss_ssl.create_rsa_key_and_cert() server.start() server.config.set('nsslapd-secureport', '%s' % ldapsport) server.config.set('nsslapd-security', 'on') server.sslport = SECUREPORT_STANDALONE1 server.restart()