From 675f826d4a85c1cd26e30d0f8ef52d5b592c0d1c Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Fri, 6 Nov 2015 00:16:24 +0100
Subject: [bug] [jessie] check for 1 stunnel instance only

- Resolves: #7574
---
 tests/white-box/network.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'tests/white-box/network.rb')

diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index acb5c5e6..382f857b 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -28,11 +28,18 @@ class Network < LeapTest
   def test_02_Is_stunnel_running?
     ignore unless $node['stunnel']
     good_stunnel_pids = []
+    release = `facter lsbmajdistrelease`
+    if release.to_i > 7
+      # on jessie, there is only one stunnel proc running instead of 6
+      expected = 1
+    else
+      expected = 6
+    end
     $node['stunnel']['clients'].each do |stunnel_type, stunnel_configs|
       stunnel_configs.each do |stunnel_name, stunnel_conf|
         config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
         processes = pgrep(config_file_name)
-        assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
+        assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
         good_stunnel_pids += processes.map{|ps| ps[:pid]}
         assert port = stunnel_conf['accept_port'], 'Field `accept_port` must be present in `stunnel` property.'
         assert_tcp_socket('localhost', port)
@@ -41,7 +48,7 @@ class Network < LeapTest
     $node['stunnel']['servers'].each do |stunnel_name, stunnel_conf|
       config_file_name = "/etc/stunnel/#{stunnel_name}.conf"
       processes = pgrep(config_file_name)
-      assert_equal 6, processes.length, "There should be six stunnel processes running for `#{config_file_name}`"
+      assert_equal expected, processes.length, "There should be #{expected} stunnel processes running for `#{config_file_name}`"
       good_stunnel_pids += processes.map{|ps| ps[:pid]}
       assert accept_port = stunnel_conf['accept_port'], "Field `accept` must be present in property `stunnel.servers.#{stunnel_name}`"
       assert_tcp_socket('localhost', accept_port)
-- 
cgit v1.2.3


From 393d46feb9890a87c5764f40b61c51d03fe0a4fe Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 24 Feb 2016 11:10:25 -0800
Subject: check server cert expiry in tests, closes #7910

---
 tests/white-box/network.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'tests/white-box/network.rb')

diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index 382f857b..2436230b 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -1,4 +1,5 @@
 require 'socket'
+require 'openssl'
 
 raise SkipTest if $node["dummy"]
 
@@ -69,4 +70,21 @@ class Network < LeapTest
     pass
   end
 
+  THIRTY_DAYS = 60*60*24*30
+
+  def test_04_Are_server_certificates_valid?
+    cert_paths = ["/etc/x509/certs/leap_commercial.crt", "/etc/x509/certs/leap.crt"]
+    cert_paths.each do |cert_path|
+      if File.exists?(cert_path)
+        cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
+        if cert.not_after > Time.now
+          fail "The certificate #{cert_path} expired on #{cert.not_after}"
+        elsif cert.not_after > Time.now + THIRTY_DAYS
+          fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
+        end
+      end
+    end
+    pass
+  end
+
 end
-- 
cgit v1.2.3


From 25204787dfa9fd3486a9244de56d92fe3d5bfb99 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 24 Feb 2016 13:08:19 -0800
Subject: fix time comparison bug in network test

---
 tests/white-box/network.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'tests/white-box/network.rb')

diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb
index 2436230b..436fc8a8 100644
--- a/tests/white-box/network.rb
+++ b/tests/white-box/network.rb
@@ -77,9 +77,9 @@ class Network < LeapTest
     cert_paths.each do |cert_path|
       if File.exists?(cert_path)
         cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
-        if cert.not_after > Time.now
+        if Time.now > cert.not_after
           fail "The certificate #{cert_path} expired on #{cert.not_after}"
-        elsif cert.not_after > Time.now + THIRTY_DAYS
+        elsif Time.now + THIRTY_DAYS > cert.not_after
           fail "The certificate #{cert_path} will expire soon, on #{cert.not_after}"
         end
       end
-- 
cgit v1.2.3