Adjusted cipher related serverd tests to adapt to their environment better

craigcomstock · craigcomstock · commit 218188dc6da2 · 2025-11-06T10:02:33.000-06:00
The failure case was on RedHat 10 the hard-coded cipher in the test was not available in openssl 3.2.2 provided by the system. Ticket: ENT-13494 Changelog: none (cherry picked from commit 91dafa126fccc57214ab5c627d942f5821b63bf8)
diff --git a/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_fail.cf b/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_fail.cf
@@ -1,10 +1,20 @@
 body common control
 {
-      inputs => { "../../default.cf.sub", "../../run_with_server.cf.sub" };
+      inputs => {
+        "../../default.cf.sub",
+        "../../run_with_server.cf.sub",
+        "./render_single_cipher_server_config.cf.sub",
+      };
       bundlesequence => { default("$(this.promise_filename)") };
       version => "1.0";
 }
 
+bundle agent init
+{
+  methods:
+    "render_single_cipher_server_config";
+}
+
 bundle agent test
 {
   methods:
@@ -18,9 +28,9 @@ bundle agent test
 
       "any" usebundle => generate_key;
 
-      "any" usebundle => start_server("$(this.promise_dirname)/nondefault_ciphers_tlsversion.srv");
+      "any" usebundle => start_server("$(this.promise_dirname)/single_cipher_tlsversion.srv");
       "any" usebundle => start_server("$(this.promise_dirname)/default_ciphers_tlsversion.srv");
       "any" usebundle => run_test("$(this.promise_filename).sub");
-      "any" usebundle => stop_server("$(this.promise_dirname)/nondefault_ciphers_tlsversion.srv");
+      "any" usebundle => stop_server("$(this.promise_dirname)/single_cipher_tlsversion.srv");
       "any" usebundle => stop_server("$(this.promise_dirname)/default_ciphers_tlsversion.srv");
 }
diff --git a/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_fail.cf.sub b/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_fail.cf.sub
@@ -16,11 +16,7 @@ body common control
 
       # This cipher doesn't match neither of the two
       # servers "allowciphers" setting.
-      tls_ciphers => "AES128-SHA";
-}
-
-bundle agent init
-{
+      tls_ciphers => "NOPE";
 }
 
 bundle agent test
diff --git a/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_success.cf b/tests/acceptance/16_cf-serverd/serial/copy_from_ciphers_success.cf
@@ -1,10 +1,20 @@
 body common control
 {
-      inputs => { "../../default.cf.sub", "../../run_with_server.cf.sub" };
+      inputs => {
+        "../../default.cf.sub",
+        "../../run_with_server.cf.sub",
+        "./render_single_cipher_server_config.cf.sub"
+      };
       bundlesequence => { default("$(this.promise_filename)") };
       version => "1.0";
 }
 
+bundle agent init
+{
+  methods:
+    "render_single_cipher_server_config";
+}
+
 bundle agent test
 {
   meta:
@@ -22,9 +32,9 @@ bundle agent test
 
       "any" usebundle => generate_key;
 
-      "any" usebundle => start_server("$(this.promise_dirname)/nondefault_ciphers_tlsversion.srv");
+      "any" usebundle => start_server("$(this.promise_dirname)/single_cipher_tlsversion.srv");
       "any" usebundle => start_server("$(this.promise_dirname)/default_ciphers_tlsversion.srv");
       "any" usebundle => run_test("$(this.promise_filename).sub");
-      "any" usebundle => stop_server("$(this.promise_dirname)/nondefault_ciphers_tlsversion.srv");
+      "any" usebundle => stop_server("$(this.promise_dirname)/single_cipher_tlsversion.srv");
       "any" usebundle => stop_server("$(this.promise_dirname)/default_ciphers_tlsversion.srv");
 }
diff --git a/tests/acceptance/16_cf-serverd/serial/render_single_cipher_server_config.cf.sub b/tests/acceptance/16_cf-serverd/serial/render_single_cipher_server_config.cf.sub
@@ -0,0 +1,18 @@
+bundle agent render_single_cipher_server_config
+{
+  vars:
+    "openssl_command" string => ifelse(
+      fileexists("${sys.bindir}/openssl"),
+      "${sys.bindir}/openssl",
+      "openssl"),
+      comment => "Use vendored openssl if present, otherwise whatever is in PATH.";
+    "first_supported_cipher" string => execresult("openssl ciphers -s | cut -d: -f1", "useshell");
+    "data" data => '{ "cipher": "${first_supported_cipher}" }';
+
+  files:
+    "$(this.promise_dirname)/single_cipher_tlsversion.srv"
+      create => "true",
+      template_method => "mustache",
+      edit_template => "$(this.promise_dirname)/single_cipher_tlsversion.srv.mustache",
+      template_data => @(data);
+}
diff --git a/tests/acceptance/16_cf-serverd/serial/single_cipher_tlsversion.srv.mustache b/tests/acceptance/16_cf-serverd/serial/single_cipher_tlsversion.srv.mustache
@@ -15,7 +15,7 @@ body server control
       port => "9888";
 
       # Only this cipher is to be accepted
-      allowciphers    => "AES128-GCM-SHA256";
+      allowciphers    => "{{cipher}}";
 
       # Allow only TLSv1.1 or higher
       allowtlsversion => "1.1";
