Add test to check if OpenSSL detection is working on different systems

tests/letstest/scripts/test_apache2.sh

@@ -58,6 +58,22 @@ if [ $? -ne 0 ] ; then
     FAIL=1
 fi
 
+# Check that ssl_module detection is working on various systems
+if [ "$OS_TYPE" = "ubuntu" ] ; then
+    MOD_SSL_LOCATION="/usr/lib/apache2/modules/mod_ssl.so"
+    APACHE_NAME=apache2
+elif [ "$OS_TYPE" = "centos" ]; then
+    MOD_SSL_LOCATION="/usr/lib/httpd/modules/mod_ssl.so"
+    APACHE_NAME=httpd
+fi
+OPENSSL_VERSION=$(strings "$MOD_SSL_LOCATION" | egrep -o '^OpenSSL ([0-9]\.[^ ]+) ' | tail -c -8)
+APACHE_VERSION=$($APACHE_NAME -v | egrep -o 'Apache/([0-9]\.[^ ]+)' | tail -c -7)
+"$PYTHON_NAME" test_openssl_version.py "$OPENSSL_VERSION" "$APACHE_VERSION"
+if [ $? -ne 0 ] ; then
+    FAIL=1
+fi
+
+
 if [ "$OS_TYPE" = "ubuntu" ] ; then
     export SERVER="$BOULDER_URL"
     "$VENV_PATH/bin/tox" -e apacheconftest

tests/letstest/scripts/test_openssl_version.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+# Test script for OpenSSL version checking
+from distutils.version import LooseVersion
+import sys
+
+
+def main(openssl_version, apache_version):
+    conf_file_location = "/etc/letsencrypt/options-ssl-apache.conf"
+    with open(conf_file_location) as f:
+        contents = f.read()
+    if tuple(apache_version.split(".")) < (2, 4, 11) or \
+        LooseVersion(openssl_version) < LooseVersion('1.0.2l'):
+        # should be old version
+        # assert SSLSessionTickets not in conf file
+        if "SSLSessionTickets" in contents:
+            raise Exception("Apache or OpenSSL version is too old, "
+                "but SSLSessionTickets is enabled.")
+    else:
+        # should be current version
+        # assert SSLSessionTickets in conf file
+        if "SSLSessionTickets" not in contents:
+            raise Exception("Apache and OpenSSL versions are sufficiently new, "
+                "but SSLSessionTickets is not enabled.")
+
+if __name__ == '__main__':
+    main(*sys.argv[1:])