Disable tls test (#854)

docs/device_report.md

@@ -52,7 +52,7 @@ Overall device result FAIL
 |---|---|---|---|---|---|---|---|---|
 |Base|2|FAIL|1/0/1|0/0/0|0/0/0|0/0/0|0/0/0|0/0/0|
 |Connection|12|FAIL|3/5/4|0/0/0|0/0/0|0/0/0|0/0/0|0/0/0|
-|Security|13|FAIL|2/1/7|0/0/0|0/0/1|0/0/0|0/0/2|0/0/0|
+|Security|13|FAIL|2/4/4|0/0/0|0/0/1|0/0/0|0/2/0|0/0/0|
 |NTP|2|PASS|2/0/0|0/0/0|0/0/0|0/0/0|0/0/0|0/0/0|
 |DNS|1|SKIP|0/0/1|0/0/0|0/0/0|0/0/0|0/0/0|0/0/0|
 |Communication|2|PASS|2/0/0|0/0/0|0/0/0|0/0/0|0/0/0|0/0/0|
@@ -64,11 +64,11 @@ Syntax: Pass / Fail / Skip
 
 |Expectation|pass|fail|skip|gone|
 |---|---|---|---|---|
-|Required Pass|10|1|13|5|
+|Required Pass|10|1|10|8|
 |Required Pass for PoE Devices|0|0|1|0|
 |Required Pass for BACnet Devices|0|1|2|0|
 |Required Pass for IoT Devices|0|0|1|0|
-|Recommended Pass|0|0|2|0|
+|Recommended Pass|0|0|0|2|
 |Other|1|0|4|2|
 
 |Result|Test|Category|Expectation|Notes|
@@ -109,11 +109,11 @@ Syntax: Pass / Fail / Skip
 |skip|security.password.ssh|Security|Required Pass|Port 22 not open on target device.|
 |skip|security.password.telnet|Security|Required Pass|Port 23 not open on target device.|
 |gone|security.ssh.version|Security|Required Pass||
-|skip|security.tls.v1_2_client|Security|Required Pass|No client initiated TLS communication detected|
-|skip|security.tls.v1_2_server|Security|Required Pass|IOException unable to connect to server.|
-|skip|security.tls.v1_3_client|Security|Recommended Pass|No client initiated TLS communication detected|
-|skip|security.tls.v1_3_server|Security|Recommended Pass|IOException unable to connect to server.|
-|skip|security.tls.v1_server|Security|Required Pass|IOException unable to connect to server.|
+|gone|security.tls.v1_2_client|Security|Required Pass||
+|gone|security.tls.v1_2_server|Security|Required Pass||
+|gone|security.tls.v1_3_client|Security|Recommended Pass||
+|gone|security.tls.v1_3_server|Security|Recommended Pass||
+|gone|security.tls.v1_server|Security|Required Pass||
 |gone|unknown.fake.llama|Other|Other||
 |gone|unknown.fake.monkey|Other|Other||
 
@@ -336,90 +336,6 @@ RESULT fail protocol.bacext.pic PICS file defined however a BACnet device was no
 |---|---|
 |enabled|True|
 
-## Module tls
-
-
-#### Report
-
-```
---------------------
-Collecting TLS cert from target address
-
-Gathering TLS 1 Server Information....
-TLS 1Server Implementation Skipping Test, could not open connection
-TLS 1 Server Information Complete.
-
-
-Gathering TLS 1.2 Server Information....
-TLS 1.2Server Implementation Skipping Test, could not open connection
-TLS 1.2 Server Information Complete.
-
-
-Gathering TLS 1.3 Server Information....
-TLS 1.3Server Implementation Skipping Test, could not open connection
-TLS 1.3 Server Information Complete.
-
-
-Gathering TLS Client X.X.X.X Information....
-TLS Client Information Complete.
-Gathering TLS Client X.X.X.X Information....
-TLS Client Information Complete.
-
---------------------
-security.tls.v1_2_client
---------------------
-Verify the device supports at least TLS 1.2 (as a client)
---------------------
-See log above
---------------------
-RESULT skip security.tls.v1_2_client No client initiated TLS communication detected
-
---------------------
-security.tls.v1_2_server
---------------------
-Verify the device supports TLS 1.2 (as a server)
---------------------
-See log above
---------------------
-RESULT skip security.tls.v1_2_server IOException unable to connect to server.
-
---------------------
-security.tls.v1_3_client
---------------------
-Verify the device supports at least TLS 1.3 (as a client)
---------------------
-See log above
---------------------
-RESULT skip security.tls.v1_3_client No client initiated TLS communication detected
-
---------------------
-security.tls.v1_3_server
---------------------
-Verify the device supports TLS 1.3 (as a server)
---------------------
-See log above
---------------------
-RESULT skip security.tls.v1_3_server IOException unable to connect to server.
-
---------------------
-security.tls.v1_server
---------------------
-Verify the device supports at least TLS 1.0 (as a server)
---------------------
-See log above
---------------------
-RESULT skip security.tls.v1_server IOException unable to connect to server.
-
-```
-
-#### Module Config
-
-|Attribute|Value|
-|---|---|
-|enabled|True|
-|timeout_sec|0|
-|ca_file|CA_Faux.pem|
-
 ## Module password
 
 

resources/setups/common/base_config.json

@@ -65,7 +65,7 @@
       }
     },
     "tls": {
-      "enabled": true,
+      "enabled": false,
       "timeout_sec": 0
     },
     "hold": {

subset/security/build.conf

@@ -1,4 +1,5 @@
 build subset/security
-add tls
+# TODO: Enable TLS once tests are fixed
+# add tls
 add password
 add ssh

testing/test_aux.out

@@ -21,21 +21,6 @@ RESULT pass protocol.bacext.version Protocol version: 1
 RESULT skip protocol.bacext.pic BACnet device found, but pics.csv not found in device type directory.
 RESULT pass protocol.bacext.version Protocol version: 1
 RESULT pass protocol.bacext.pic The devices matches the PICS
-RESULT skip security.tls.v1_2_client No client initiated TLS communication detected
-RESULT skip security.tls.v1_2_server IOException unable to connect to server.
-RESULT skip security.tls.v1_3_client No client initiated TLS communication detected
-RESULT skip security.tls.v1_3_server IOException unable to connect to server.
-RESULT skip security.tls.v1_server IOException unable to connect to server.
-RESULT fail security.tls.v1_2_client Server Certificates Could not be validated.
-RESULT fail security.tls.v1_2_server Certificate is expired. Certificate has not been signed by a CA.
-RESULT pass security.tls.v1_3_client Client/Server completed handshake.
-RESULT fail security.tls.v1_3_server Certificate is expired. Certificate has not been signed by a CA.
-RESULT fail security.tls.v1_server Certificate is expired. Certificate has not been signed by a CA.
-RESULT pass security.tls.v1_2_client Client/Server completed handshake. ECDH/ECDSA supported ciphers. Server Certificates Valid.
-RESULT fail security.tls.v1_2_server Certificate has not been signed by a CA. Cipher Valid.
-RESULT pass security.tls.v1_3_client Client/Server completed handshake.
-RESULT fail security.tls.v1_3_server Certificate has not been signed by a CA.
-RESULT fail security.tls.v1_server Certificate has not been signed by a CA. Cipher Valid.
 RESULT skip security.password.http Port 80 not open on target device.
 RESULT skip security.password.https Port 443 not open on target device.
 RESULT skip security.password.ssh Port 22 not open on target device.
@@ -177,7 +162,7 @@ port-01 module_config modules
   },
   "tls": {
     "ca_file": "CA_Faux.pem",
-    "enabled": true,
+    "enabled": false,
     "timeout_sec": 0
   },
   "typeconf": {
@@ -274,7 +259,7 @@ port-02 module_config modules
   },
   "tls": {
     "ca_file": "CA_Faux.pem",
-    "enabled": true,
+    "enabled": false,
     "timeout_sec": 0
   },
   "udmi": {

testing/test_aux.sh

@@ -148,7 +148,8 @@ done
 
 # Add the RESULT lines from all aux test report files.
 capture_test_results bacext
-capture_test_results tls
+# TODO: Capture TLS results once tests are enabled
+# capture_test_results tls
 capture_test_results password
 capture_test_results discover
 capture_test_results network

testing/test_modules.out

@@ -1,23 +1,5 @@
 Running testing/test_modules.sh
 Base Tests
-Testing tls alt
-RESULT skip security.tls.v1_2_client No client initiated TLS communication detected
-RESULT skip security.tls.v1_2_server IOException unable to connect to server.
-RESULT skip security.tls.v1_3_client No client initiated TLS communication detected
-RESULT skip security.tls.v1_3_server IOException unable to connect to server.
-RESULT skip security.tls.v1_server IOException unable to connect to server.
-Testing tls alt tls
-RESULT skip security.tls.v1_2_client No client initiated TLS communication detected
-RESULT pass security.tls.v1_2_server Certificate public key length is >= 224. Certificate active for current date. Certificate has been signed by a CA. Cipher Valid.
-RESULT skip security.tls.v1_3_client No client initiated TLS communication detected
-RESULT pass security.tls.v1_3_server Certificate public key length is >= 224. Certificate active for current date. Certificate has been signed by a CA. Cipher check not required.
-RESULT pass security.tls.v1_server Certificate public key length is >= 224. Certificate active for current date. Certificate has been signed by a CA. Cipher Valid.
-Testing tls alt expiredtls
-RESULT skip security.tls.v1_2_client No client initiated TLS communication detected
-RESULT fail security.tls.v1_2_server Certificate is expired. Certificate has not been signed by a CA.
-RESULT skip security.tls.v1_3_client No client initiated TLS communication detected
-RESULT fail security.tls.v1_3_server Certificate is expired. Certificate has not been signed by a CA.
-RESULT fail security.tls.v1_server Certificate is expired. Certificate has not been signed by a CA.
 Testing ssh
 RESULT skip security.ssh.version Device is not running an SSH server
 Testing ssh ssh

testing/test_modules.sh

@@ -19,10 +19,11 @@ python3 daq/configurator.py --json \
     resources/test_site/site_config.json > $TLS_CONFIG_DIR/module_config.json
 
 TEST_LIST=/tmp/module_tests.txt
+# TODO: Enable TLS tests once fixed
+# tls alt
+# tls alt tls
+# tls alt expiredtls
 cat > $TEST_LIST <<EOF
-tls alt
-tls alt tls
-tls alt expiredtls
 ssh
 ssh ssh
 ssh sshv1