1 files changed, 108 insertions, 20 deletions
diff --git a/test/basicserver/testbasicserver.cpp b/test/basicserver/testbasicserver.cpp
index 4aeded6c..9285dfc9 100644
--- a/test/basicserver/testbasicserver.cpp
+++ b/test/basicserver/testbasicserver.cpp
@@ -15,18 +15,17 @@
 
 #include <typeinfo>
 
-#include "Test.h"
-#include "Daemon.h"
+#include "CollectInBufferStream.h"
 #include "Configuration.h"
-#include "ServerStream.h"
-#include "SocketStream.h"
+#include "Daemon.h"
 #include "IOStreamGetLine.h"
+#include "ServerControl.h"
+#include "ServerStream.h"
 #include "ServerTLS.h"
-#include "CollectInBufferStream.h"
-
+#include "SocketStream.h"
+#include "Test.h"
 #include "TestContext.h"
 #include "autogen_TestProtocol.h"
-#include "ServerControl.h"
 
 #include "MemLeakFindOn.h"
 
@@ -98,7 +97,7 @@ void testservers_connection(SocketStream &rStream)
 	while(!getline.IsEOF())
 	{
 		std::string line;
-		while(!getline.GetLine(line))
+		while(!getline.GetLine(line, false, SHORT_TIMEOUT))
 			;
 		if(line == "QUIT")
 		{
@@ -208,11 +207,16 @@ const ConfigurationVerify *testserver::GetConfigVerify() const
 		}
 	};
 
+	static ConfigurationVerifyKey root_keys[] =
+	{
+		ssl_security_level_key,
+	};
+
 	static ConfigurationVerify verify =
 	{
 		"root", /* mName */
 		verifyserver, /* mpSubConfigurations */
-		0, /* mpKeys */
+		root_keys, // mpKeys
 		ConfigTest_Exists | ConfigTest_LastEntry,
 		0
 	};
@@ -449,7 +453,7 @@ void TestStreamReceive(TestProtocolClient &protocol, int value, bool uncertainst
 	TEST_THAT(count == (24273*3));	// over 64 k of data, definately
 }
 
-bool test_security_level(int cert_level)
+bool test_security_level(int cert_level, int test_level, bool expect_failure_on_connect = false)
 {
 	int old_num_failures = num_failures;
 
@@ -460,21 +464,24 @@ bool test_security_level(int cert_level)
 		context.Initialise(false /* client */,
 			"testfiles/clientCerts.pem",
 			"testfiles/clientPrivKey.pem",
-			"testfiles/clientTrustedCAs.pem");
+			"testfiles/clientTrustedCAs.pem",
+			test_level); // SecurityLevel
 	}
 	else if(cert_level == 1)
 	{
 		context.Initialise(false /* client */,
 			"testfiles/seclevel2-sha1/ca/clients/1234567-cert.pem",
 			"testfiles/seclevel2-sha1/bbackupd/1234567-key.pem",
-			"testfiles/seclevel2-sha1/ca/roots/serverCA.pem");
+			"testfiles/seclevel2-sha1/ca/roots/serverCA.pem",
+			test_level); // SecurityLevel
 	}
 	else if(cert_level == 2)
 	{
 		context.Initialise(false /* client */,
 			"testfiles/seclevel2-sha256/ca/clients/1234567-cert.pem",
 			"testfiles/seclevel2-sha256/bbackupd/1234567-key.pem",
-			"testfiles/seclevel2-sha256/ca/roots/serverCA.pem");
+			"testfiles/seclevel2-sha256/ca/roots/serverCA.pem",
+			test_level); // SecurityLevel
 	}
 	else
 	{
@@ -483,7 +490,17 @@ bool test_security_level(int cert_level)
 	}
 
 	SocketStreamTLS conn;
-	conn.Open(context, Socket::TypeINET, "localhost", 2003);
+
+	if(expect_failure_on_connect)
+	{
+		TEST_CHECK_THROWS(
+			conn.Open(context, Socket::TypeINET, "localhost", 2003),
+			ConnectionException, TLSPeerWeakCertificate);
+	}
+	else
+	{
+		conn.Open(context, Socket::TypeINET, "localhost", 2003);
+	}
 
 	return (num_failures == old_num_failures); // no new failures -> good
 }
@@ -495,7 +512,25 @@ bool test_ancient_certificates()
 	int old_num_failures = num_failures;
 
 	// Level -1 (allow weaker, with warning) should pass with any certificates:
-	TEST_THAT(test_security_level(0)); // cert_level
+	TEST_THAT(test_security_level(0, -1)); // cert_level, test_level
+
+	// We do not test level 0 (system-wide default) because the system
+	// may have it set high, and our old certificate will not be usable
+	// in that case, and the user has no way to fix that, so it's not a
+	// useful test.
+
+	// Level 1 (allow weaker, without a warning) should pass with any certificates:
+	TEST_THAT(test_security_level(0, 1)); // cert_level, test_level
+
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+	// Level 2 (disallow weaker, without a warning) should NOT pass with old certificates:
+	TEST_CHECK_THROWS(
+		test_security_level(0, 2), // cert_level, test_level
+		ServerException, TLSServerWeakCertificate);
+#else
+	// We have no way to increase the security level, so it should still pass:
+	test_security_level(0, 2); // cert_level, test_level
+#endif
 
 	return (num_failures == old_num_failures); // no new failures -> good
 }
@@ -507,18 +542,58 @@ bool test_old_certificates()
 	int old_num_failures = num_failures;
 
 	// Level -1 (allow weaker, with warning) should pass with any certificates:
-	TEST_THAT(test_security_level(1)); // cert_level
+	TEST_THAT(test_security_level(1, -1)); // cert_level, test_level
+
+	// We do not test level 0 (system-wide default) because the system
+	// may have it set high, and our old certificate will not be usable
+	// in that case, and the user has no way to fix that, so it's not a
+	// useful test.
+
+	// Level 1 (allow weaker, without a warning) should pass with any certificates:
+	TEST_THAT(test_security_level(1, 1)); // cert_level, test_level
+
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+	// Level 2 (disallow weaker, without a warning) should NOT pass with old certificates:
+	TEST_CHECK_THROWS(
+		test_security_level(1, 2), // cert_level, test_level
+		ServerException, TLSServerWeakCertificate);
+#else
+	// We have no way to increase the security level, so it should still pass:
+	test_security_level(1, 2); // cert_level, test_level
+#endif
 
 	return (num_failures == old_num_failures); // no new failures -> good
 }
 
 
-bool test_new_certificates()
+bool test_new_certificates(bool expect_failure_level_2)
 {
 	int old_num_failures = num_failures;
 
 	// Level -1 (allow weaker, with warning) should pass with any certificates:
-	TEST_THAT(test_security_level(2)); // cert_level
+	TEST_THAT(test_security_level(2, -1)); // cert_level, test_level
+
+	// Level 0 (system dependent). This will fail if the user (or their
+	// distro) sets the system-wide security level very high. We check
+	// this because *we* may need to update Box Backup if this happens
+	// again, as it did when Debian increased the default level.
+	// Newly generated certificates may need to be strengthened.
+	// And we may need to update the documentation.
+	TEST_THAT(test_security_level(2, 0)); // cert_level, test_level
+
+	// Level 1 (allow weaker, without a warning) should pass with any certificates:
+	TEST_THAT(test_security_level(2, 1)); // cert_level, test_level
+
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+	// Level 2 (disallow weaker, without a warning) should pass with new certificates,
+	// but might fail to connect to a peer with weak (insecure) certificates:
+	TEST_THAT(test_security_level(2, 2, expect_failure_level_2));
+	// cert_level, test_level, expect_failure
+#else
+	// We have no way to increase the security level, so it should not fail to connect to a
+	// daemon with weak certificates:
+	test_security_level(2, 2, false); // cert_level, test_level, expect_failure
+#endif
 
 	return (num_failures == old_num_failures); // no new failures -> good
 }
@@ -718,6 +793,7 @@ int test(int argc, const char *argv[])
 						"testfiles/clientCerts.pem",
 						"testfiles/clientPrivKey.pem",
 						"testfiles/clientTrustedCAs.pem");
+				// SecurityLevel == -1 by default (old security + warnings)
 
 				SocketStreamTLS conn1;
 				conn1.Open(context, Socket::TypeINET, "localhost", 2003);
@@ -786,7 +862,19 @@ int test(int argc, const char *argv[])
 		pid = LaunchServer(cmd, "testfiles/srv3.pid");
 
 		TEST_THAT(pid != -1 && pid != 0);
-		TEST_THAT(test_new_certificates());
+		TEST_THAT(test_new_certificates(false)); // !expect_failure_level_2
+		TEST_THAT(KillServer(pid));
+
+		// Start a daemon using old, insecure certificates. We should get an error when we
+		// try to connect to it:
+
+		cmd = TEST_EXECUTABLE " --test-daemon-args=";
+		cmd += test_args;
+		cmd += " srv3 testfiles/srv3-insecure-daemon.conf";
+		pid = LaunchServer(cmd, "testfiles/srv3.pid");
+
+		TEST_THAT(pid != -1 && pid != 0);
+		TEST_THAT(test_new_certificates(true)); // expect_failure_level_2
 		TEST_THAT(KillServer(pid));
 	}
 	
@@ -795,7 +883,7 @@ int test(int argc, const char *argv[])
 	{
 		std::string cmd = TEST_EXECUTABLE " --test-daemon-args=";
 		cmd += test_args;
-		cmd += " srv4 testfiles/srv4.conf";
+		cmd += " srv4 testfiles/srv4-seclevel1.conf";
 		int pid = LaunchServer(cmd, "testfiles/srv4.pid");
 
 		TEST_THAT(pid != -1 && pid != 0);