mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-08 07:10:56 +03:00
allow to configure the minimum version of TLS to be enabled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
@@ -663,6 +663,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__ADDRESS", "127.0.1.1")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__PORT", "2203")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__TLS_MODE", "1")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__MIN_TLS_VERSION", "13")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__FORCE_PASSIVE_IP", "127.0.1.1")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__PASSIVE_IP_OVERRIDES__3__IP", "192.168.1.1")
|
||||
os.Setenv("SFTPGO_FTPD__BINDINGS__9__PASSIVE_IP_OVERRIDES__3__NETWORKS", "192.168.1.0/24, 192.168.3.0/25")
|
||||
@@ -682,6 +683,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__ADDRESS")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__PORT")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__TLS_MODE")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__MIN_TLS_VERSION")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__FORCE_PASSIVE_IP")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__PASSIVE_IP_OVERRIDES__3__IP")
|
||||
os.Unsetenv("SFTPGO_FTPD__BINDINGS__9__PASSIVE_IP_OVERRIDES__3__NETWORKS")
|
||||
@@ -699,6 +701,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, "127.0.0.1", bindings[0].Address)
|
||||
require.False(t, bindings[0].ApplyProxyConfig)
|
||||
require.Equal(t, 2, bindings[0].TLSMode)
|
||||
require.Equal(t, 12, bindings[0].MinTLSVersion)
|
||||
require.Equal(t, "127.0.1.2", bindings[0].ForcePassiveIP)
|
||||
require.Len(t, bindings[0].PassiveIPOverrides, 0)
|
||||
require.Equal(t, 0, bindings[0].ClientAuthType)
|
||||
@@ -712,6 +715,7 @@ func TestFTPDBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, "127.0.1.1", bindings[1].Address)
|
||||
require.True(t, bindings[1].ApplyProxyConfig) // default value
|
||||
require.Equal(t, 1, bindings[1].TLSMode)
|
||||
require.Equal(t, 13, bindings[1].MinTLSVersion)
|
||||
require.Equal(t, "127.0.1.1", bindings[1].ForcePassiveIP)
|
||||
require.Len(t, bindings[1].PassiveIPOverrides, 1)
|
||||
require.Equal(t, "192.168.1.1", bindings[1].PassiveIPOverrides[0].IP)
|
||||
@@ -736,6 +740,7 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__ADDRESS", "127.0.1.1")
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__PORT", "9000")
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__ENABLE_HTTPS", "1")
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__MIN_TLS_VERSION", "13")
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__CLIENT_AUTH_TYPE", "1")
|
||||
os.Setenv("SFTPGO_WEBDAVD__BINDINGS__2__PREFIX", "/dav2")
|
||||
t.Cleanup(func() {
|
||||
@@ -747,6 +752,7 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__ADDRESS")
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__PORT")
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__ENABLE_HTTPS")
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__MIN_TLS_VERSION")
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__CLIENT_AUTH_TYPE")
|
||||
os.Unsetenv("SFTPGO_WEBDAVD__BINDINGS__2__PREFIX")
|
||||
})
|
||||
@@ -759,11 +765,13 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, 0, bindings[0].Port)
|
||||
require.Empty(t, bindings[0].Address)
|
||||
require.False(t, bindings[0].EnableHTTPS)
|
||||
require.Equal(t, 12, bindings[0].MinTLSVersion)
|
||||
require.Len(t, bindings[0].TLSCipherSuites, 0)
|
||||
require.Empty(t, bindings[0].Prefix)
|
||||
require.Equal(t, 8000, bindings[1].Port)
|
||||
require.Equal(t, "127.0.0.1", bindings[1].Address)
|
||||
require.False(t, bindings[1].EnableHTTPS)
|
||||
require.Equal(t, 12, bindings[1].MinTLSVersion)
|
||||
require.Equal(t, 0, bindings[1].ClientAuthType)
|
||||
require.Len(t, bindings[1].TLSCipherSuites, 1)
|
||||
require.Equal(t, "TLS_RSA_WITH_AES_128_CBC_SHA", bindings[1].TLSCipherSuites[0])
|
||||
@@ -772,6 +780,7 @@ func TestWebDAVBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, 9000, bindings[2].Port)
|
||||
require.Equal(t, "127.0.1.1", bindings[2].Address)
|
||||
require.True(t, bindings[2].EnableHTTPS)
|
||||
require.Equal(t, 13, bindings[2].MinTLSVersion)
|
||||
require.Equal(t, 1, bindings[2].ClientAuthType)
|
||||
require.Nil(t, bindings[2].TLSCipherSuites)
|
||||
require.Equal(t, "/dav2", bindings[2].Prefix)
|
||||
@@ -795,6 +804,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_WEB_CLIENT", "0")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__RENDER_OPENAPI", "0")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_HTTPS", "1 ")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__MIN_TLS_VERSION", "13")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__CLIENT_AUTH_TYPE", "1")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__TLS_CIPHER_SUITES", " TLS_AES_256_GCM_SHA384 , TLS_CHACHA20_POLY1305_SHA256")
|
||||
os.Setenv("SFTPGO_HTTPD__BINDINGS__2__PROXY_ALLOWED", " 192.168.9.1 , 172.16.25.0/24")
|
||||
@@ -820,6 +830,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ADDRESS")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__PORT")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_HTTPS")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__MIN_TLS_VERSION")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_WEB_ADMIN")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__ENABLE_WEB_CLIENT")
|
||||
os.Unsetenv("SFTPGO_HTTPD__BINDINGS__2__RENDER_OPENAPI")
|
||||
@@ -847,6 +858,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, 0, bindings[0].Port)
|
||||
require.Equal(t, sockPath, bindings[0].Address)
|
||||
require.False(t, bindings[0].EnableHTTPS)
|
||||
require.Equal(t, 12, bindings[0].MinTLSVersion)
|
||||
require.True(t, bindings[0].EnableWebAdmin)
|
||||
require.True(t, bindings[0].EnableWebClient)
|
||||
require.True(t, bindings[0].RenderOpenAPI)
|
||||
@@ -857,6 +869,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, 8000, bindings[1].Port)
|
||||
require.Equal(t, "127.0.0.1", bindings[1].Address)
|
||||
require.False(t, bindings[1].EnableHTTPS)
|
||||
require.Equal(t, 12, bindings[0].MinTLSVersion)
|
||||
require.True(t, bindings[1].EnableWebAdmin)
|
||||
require.True(t, bindings[1].EnableWebClient)
|
||||
require.True(t, bindings[1].RenderOpenAPI)
|
||||
@@ -866,6 +879,7 @@ func TestHTTPDBindingsFromEnv(t *testing.T) {
|
||||
require.Equal(t, 9000, bindings[2].Port)
|
||||
require.Equal(t, "127.0.1.1", bindings[2].Address)
|
||||
require.True(t, bindings[2].EnableHTTPS)
|
||||
require.Equal(t, 13, bindings[2].MinTLSVersion)
|
||||
require.False(t, bindings[2].EnableWebAdmin)
|
||||
require.False(t, bindings[2].EnableWebClient)
|
||||
require.False(t, bindings[2].RenderOpenAPI)
|
||||
|
||||
Reference in New Issue
Block a user