# more_errno values in exim_dumpdb output which are times
s/T:(\S+)\s-22\s(\S+)\s/T:$1 -22 xxxx /;
+ # port numbers in dumpdb output
+ s/T:([a-z.]+(:[0-9.]+)?):$parm_port_n /T:$1:PORT_N /;
+
+ # port numbers in stderr
+ s/^set_process_info: .*\]:\K$parm_port_d /PORT_D /;
+ s/^set_process_info: .*\]:\K$parm_port_s /PORT_S /;
+
# ======== Dates and times ========
# Date/time in header lines and SMTP responses
s/[A-Z][a-z]{2},\s\d\d?\s[A-Z][a-z]{2}\s\d\d\d\d\s\d\d\:\d\d:\d\d\s[-+]\d{4}
/Tue, 2 Mar 1999 09:44:33 +0000/gx;
+ # and in a French locale
+ s/\S{4},\s\d\d?\s[^,]+\s\d\d\d\d\s\d\d\:\d\d:\d\d\s[-+]\d{4}
+ /dim., 10 f\xE9vr 2019 20:05:49 +0000/gx;
# Date/time in logs and in one instance of a filter test
s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx;
my($next) = $3 - $2;
$_ = " first failed=dddd last try=dddd next try=+$next $4\n";
}
- s/^(\s*)now=\d+ first_failed=\d+ next_try=\d+ expired=(\d)/$1now=tttt first_failed=tttt next_try=tttt expired=$2/;
+ s/^(\s*)now=\d+ first_failed=\d+ next_try=\d+ expired=(\w)/$1now=tttt first_failed=tttt next_try=tttt expired=$2/;
s/^(\s*)received_time=\d+ diff=\d+ timeout=(\d+)/$1received_time=tttt diff=tttt timeout=$2/;
# Time to retry may vary
#
# Retain the authentication algorith field as we want to test that.
- s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg;
- s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
- s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1(\.[123])?:/$1TLS1.x:/xg;
+ s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHAnnn/g;
+ s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHAnnn:xxx/g;
# OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
# as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA".
#
# TLSversion : "TLS" - C_iph_er - MAC : ???
#
- s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHA/g;
- s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g;
+ s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHAnnn/g;
+ s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHAnnn:xxx/g;
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
# AES256-GCM-SHA384
s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
- s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHA/g;
- s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHA:xxx/g;
+ s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHAnnn/g;
+ s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHAnnn:xxx/g;
# GnuTLS have seen:
+ # TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
+ #
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
# TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
# TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical)
# DHE-RSA-AES256-SHA256
# DHE-RSA-AES256-SHA
# picking latter as canonical simply because regex easier that way.
- s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g;
- s/TLS1.[012]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke_$3_AES_256_CBC_SHAnnn:256/g;
- s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAxx/g;
+ s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA-AES256-SHA1:256/g;
+ s/TLS1.[0123]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke-$3-AES256-SHAnnn:xxx/g;
+ s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAnnn/g;
# GnuTLS library error message changes
s/No certificate was found/The peer did not send any certificate/g;
# Skip hosts_require_dane checks when the options
# are unset, because dane ain't always there.
-
next if /in\shosts_require_dane\?\sno\s\(option\sunset\)/x;
+ # DISABLE_OCSP
+ next if /in hosts_requ(est|ire)_ocsp\? (no|yes)/;
+
# SUPPORT_PROXY
next if /host in hosts_proxy\?/;
s/Address family not supported by protocol family/Network Error/;
s/Network is unreachable/Network Error/;
}
-
next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/;
+ s/^(Connecting to .* \.\.\. sending) \d+ (nonTFO early-data)$/$1 dd $2/;
# Specific pointer values reported for DB operations change from run to run
s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;
+ # gnutls version variances
+ if (/TLS error on connection \(recv\): .* Decode error/)
+ {
+ my $prev = $_;
+ $_ = <IN>;
+ if (/error on first read/)
+ {
+ s/TLS session: \Kerror on first read:/(gnutls_handshake): A TLS fatal alert has been received.:/;
+ goto RESET_AFTER_EXTRA_LINE_READ;
+ }
+ else
+ { $_ = $prev; }
+ }
+
# DKIM timestamps
if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / )
{
# The "munge" command selects one of a hardwired set of test-result modifications
-# to be made before result compares are run agains the golden set. This lets
+# to be made before result compares are run against the golden set. This lets
# us account for test-system dependent things which only affect a few, but known,
# test-cases.
# Currently only the last munge takes effect.