mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-23 20:24:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tests: Reference the new testssl image location (#4454)

Browse source
This commit is contained in:
Brennan Kinney 2025-04-24 08:16:36 +12:00 committed by GitHub
parent f2e5891b16
commit 4b0e3a5002
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/config/security/ssl.md
View file

@ -13,7 +13,7 @@ There are multiple options to enable SSL (via [`SSL_TYPE`][docs-env::ssl-type]):
After installation, you can test your setup with: After installation, you can test your setup with:
- [`checktls.com`](https://www.checktls.com/TestReceiver) - [`checktls.com`](https://www.checktls.com/TestReceiver)
- [`testssl.sh`](https://github.com/drwetter/testssl.sh) - [`testssl.sh`](https://github.com/testssl/testssl.sh)
!!! warning "Exposure of DNS labels through Certificate Transparency" !!! warning "Exposure of DNS labels through Certificate Transparency"

8
test/tests/parallel/set2/tls_cipherlists.bats
View file

@ -25,7 +25,7 @@ function setup_file() {
# Pull `testssl.sh` image in advance to avoid it interfering with the `run` captured output. # Pull `testssl.sh` image in advance to avoid it interfering with the `run` captured output.
# Only interferes (potential test failure) with `assert_output` not `assert_success`? # Only interferes (potential test failure) with `assert_output` not `assert_success`?
docker pull drwetter/testssl.sh:3.2 docker pull ghcr.io/testssl/testssl.sh:3.2
# Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output: # Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
# `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables # `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables
@ -111,7 +111,7 @@ function _configure_and_run_dms_container() {
function _should_support_expected_cipherlists() { function _should_support_expected_cipherlists() {
# Make a directory with test user ownership. Avoids Docker creating this with root ownership. # Make a directory with test user ownership. Avoids Docker creating this with root ownership.
# TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845 # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/testssl/testssl.sh/issues/1845
local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}" local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}"
mkdir -p "${RESULTS_PATH}" mkdir -p "${RESULTS_PATH}"
@ -156,7 +156,7 @@ function _collect_cipherlists() {
# NOTE: Batch testing ports via `--file` doesn't properly bubble up failure. # NOTE: Batch testing ports via `--file` doesn't properly bubble up failure.
# If the failure for a test is misleading consider testing a single port with: # If the failure for a test is misleading consider testing a single port with:
# local TESTSSL_CMD=(--quiet --jsonfile-pretty "/output/port_${PORT}.json" --starttls smtp "${TEST_DOMAIN}:${PORT}") # local TESTSSL_CMD=(--quiet --jsonfile-pretty "/output/port_${PORT}.json" --starttls smtp "${TEST_DOMAIN}:${PORT}")
# TODO: Can use `jq` to check for failure when this is resolved: https://github.com/drwetter/testssl.sh/issues/1844 # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/testssl/testssl.sh/issues/1844
# `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid. # `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid.
run docker run --rm \ run docker run --rm \
@ -166,7 +166,7 @@ function _collect_cipherlists() {
--volume "${TLS_CONFIG_VOLUME}" \ --volume "${TLS_CONFIG_VOLUME}" \
--volume "${RESULTS_PATH}:/output" \ --volume "${RESULTS_PATH}:/output" \
--workdir "/output" \ --workdir "/output" \
drwetter/testssl.sh:3.2 "${TESTSSL_CMD[@]}" ghcr.io/testssl/testssl.sh:3.2 "${TESTSSL_CMD[@]}"
assert_success assert_success
} }