git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Testsuite: tidying GnuTLS with TLS1.3
[exim.git]
/
test
/
runtest
diff --git
a/test/runtest
b/test/runtest
index e5f2a04759d374b76a8f5c4fa8dc30161a963c13..10ae833ffea1f16ae2ee7f611fb05824e0f00e3b 100755
(executable)
--- a/
test/runtest
+++ b/
test/runtest
@@
-460,7
+460,9
@@
RESET_AFTER_EXTRA_LINE_READ:
{
my($date1,$date2,$date3,$expired) = ($1,$2,$3,$4);
$expired = '' if !defined $expired;
{
my($date1,$date2,$date3,$expired) = ($1,$2,$3,$4);
$expired = '' if !defined $expired;
- my($increment) = date_seconds($date3) - date_seconds($date2);
+
+ # Round the time-difference up to nearest even value
+ my($increment) = ((date_seconds($date3) - date_seconds($date2) + 1) >> 1) << 1;
# We used to use globally unique replacement values, but timing
# differences make this impossible. Just show the increment on the
# We used to use globally unique replacement values, but timing
# differences make this impossible. Just show the increment on the
@@
-474,6
+476,13
@@
RESET_AFTER_EXTRA_LINE_READ:
# more_errno values in exim_dumpdb output which are times
s/T:(\S+)\s-22\s(\S+)\s/T:$1 -22 xxxx /;
# more_errno values in exim_dumpdb output which are times
s/T:(\S+)\s-22\s(\S+)\s/T:$1 -22 xxxx /;
+ # port numbers in dumpdb output
+ s/T:([a-z.]+(:[0-9.]+)?):$parm_port_n /T:$1:PORT_N /;
+
+ # port numbers in stderr
+ s/^set_process_info: .*\]:\K$parm_port_d /PORT_D /;
+ s/^set_process_info: .*\]:\K$parm_port_s /PORT_S /;
+
# ======== Dates and times ========
# ======== Dates and times ========
@@
-485,6
+494,9
@@
RESET_AFTER_EXTRA_LINE_READ:
# Date/time in header lines and SMTP responses
s/[A-Z][a-z]{2},\s\d\d?\s[A-Z][a-z]{2}\s\d\d\d\d\s\d\d\:\d\d:\d\d\s[-+]\d{4}
/Tue, 2 Mar 1999 09:44:33 +0000/gx;
# Date/time in header lines and SMTP responses
s/[A-Z][a-z]{2},\s\d\d?\s[A-Z][a-z]{2}\s\d\d\d\d\s\d\d\:\d\d:\d\d\s[-+]\d{4}
/Tue, 2 Mar 1999 09:44:33 +0000/gx;
+ # and in a French locale
+ s/\S{4},\s\d\d?\s[^,]+\s\d\d\d\d\s\d\d\:\d\d:\d\d\s[-+]\d{4}
+ /dim., 10 f\xE9vr 2019 20:05:49 +0000/gx;
# Date/time in logs and in one instance of a filter test
s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx;
# Date/time in logs and in one instance of a filter test
s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx;
@@
-515,7
+527,7
@@
RESET_AFTER_EXTRA_LINE_READ:
my($next) = $3 - $2;
$_ = " first failed=dddd last try=dddd next try=+$next $4\n";
}
my($next) = $3 - $2;
$_ = " first failed=dddd last try=dddd next try=+$next $4\n";
}
- s/^(\s*)now=\d+ first_failed=\d+ next_try=\d+ expired=(\
d
)/$1now=tttt first_failed=tttt next_try=tttt expired=$2/;
+ s/^(\s*)now=\d+ first_failed=\d+ next_try=\d+ expired=(\
w
)/$1now=tttt first_failed=tttt next_try=tttt expired=$2/;
s/^(\s*)received_time=\d+ diff=\d+ timeout=(\d+)/$1received_time=tttt diff=tttt timeout=$2/;
# Time to retry may vary
s/^(\s*)received_time=\d+ diff=\d+ timeout=(\d+)/$1received_time=tttt diff=tttt timeout=$2/;
# Time to retry may vary
@@
-557,9
+569,9
@@
RESET_AFTER_EXTRA_LINE_READ:
#
# Retain the authentication algorith field as we want to test that.
#
# Retain the authentication algorith field as we want to test that.
- s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1
\.[123]:/$1TLSv1
:/xg;
- s/(
(EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA
/g;
- s/(
(EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA
:xxx/g;
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1
(\.[123])?:/$1TLS1.x
:/xg;
+ s/(
?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHAnnn
/g;
+ s/(
?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHAnnn
:xxx/g;
# OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
# as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA".
# OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
# as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA".
@@
-567,8
+579,8
@@
RESET_AFTER_EXTRA_LINE_READ:
#
# TLSversion : "TLS" - C_iph_er - MAC : ???
#
#
# TLSversion : "TLS" - C_iph_er - MAC : ???
#
- s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHA/g;
- s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g;
+ s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHA
nnn
/g;
+ s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHA
nnn
:xxx/g;
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
# LibreSSL
# TLSv1:AES256-GCM-SHA384:256
@@
-578,10
+590,12
@@
RESET_AFTER_EXTRA_LINE_READ:
# AES256-GCM-SHA384
s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
# AES256-GCM-SHA384
s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
- s/(
(EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHA
/g;
- s/(
(EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHA
:xxx/g;
+ s/(
?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHAnnn
/g;
+ s/(
?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHAnnn
:xxx/g;
# GnuTLS have seen:
# GnuTLS have seen:
+ # TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
+ #
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
# TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
# TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical)
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
# TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
# TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical)
@@
-596,9
+610,9
@@
RESET_AFTER_EXTRA_LINE_READ:
# DHE-RSA-AES256-SHA256
# DHE-RSA-AES256-SHA
# picking latter as canonical simply because regex easier that way.
# DHE-RSA-AES256-SHA256
# DHE-RSA-AES256-SHA
# picking latter as canonical simply because regex easier that way.
- s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA
_AES_256_CBC_
SHA1:256/g;
- s/TLS1.[012
]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke_$3_AES_256_CBC_SHAnnn:256
/g;
- s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHA
xx
/g;
+ s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA
-AES256-
SHA1:256/g;
+ s/TLS1.[012
3]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke-$3-AES256-SHAnnn:xxx
/g;
+ s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHA
nnn
/g;
# GnuTLS library error message changes
s/No certificate was found/The peer did not send any certificate/g;
# GnuTLS library error message changes
s/No certificate was found/The peer did not send any certificate/g;
@@
-935,6
+949,7
@@
RESET_AFTER_EXTRA_LINE_READ:
s/SSL3_READ_BYTES/ssl3_read_bytes/i;
s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
s/SSL3_READ_BYTES/ssl3_read_bytes/i;
s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
+ s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/;
# gnutls version variances
next if /^Error in the pull function./;
# gnutls version variances
next if /^Error in the pull function./;
@@
-1075,12
+1090,14
@@
RESET_AFTER_EXTRA_LINE_READ:
# Some DBM libraries seem to make DBM files on opening with O_RDWR without
# O_CREAT; other's don't. In the latter case there is some debugging output
# which is not present in the former. Skip the relevant lines (there are
# Some DBM libraries seem to make DBM files on opening with O_RDWR without
# O_CREAT; other's don't. In the latter case there is some debugging output
# which is not present in the former. Skip the relevant lines (there are
- # t
wo
of them).
+ # t
hree
of them).
- if (/
TESTSUITE\/spool\/db\/\S+ appears not to exist: trying to create
/)
+ if (/
returned from EXIM_DBOPEN: \(nil\)
/)
{
{
- $_ = <IN>;
- next;
+ $_ .= <IN>;
+ s?\Q$parm_cwd\E?TESTSUITE?g;
+ if (/TESTSUITE\/spool\/db\/\S+ appears not to exist: trying to create/)
+ { $_ = <IN>; next; }
}
# Some tests turn on +expand debugging to check on expansions.
}
# Some tests turn on +expand debugging to check on expansions.
@@
-1101,9
+1118,11
@@
RESET_AFTER_EXTRA_LINE_READ:
# Skip hosts_require_dane checks when the options
# are unset, because dane ain't always there.
# Skip hosts_require_dane checks when the options
# are unset, because dane ain't always there.
-
next if /in\shosts_require_dane\?\sno\s\(option\sunset\)/x;
next if /in\shosts_require_dane\?\sno\s\(option\sunset\)/x;
+ # DISABLE_OCSP
+ next if /in hosts_requ(est|ire)_ocsp\? (no|yes)/;
+
# SUPPORT_PROXY
next if /host in hosts_proxy\?/;
# SUPPORT_PROXY
next if /host in hosts_proxy\?/;
@@
-1113,6
+1132,12
@@
RESET_AFTER_EXTRA_LINE_READ:
# Experimental_REQUIRETLS
next if / in tls_advertise_requiretls?\? no \(end of list\)/;
# Experimental_REQUIRETLS
next if / in tls_advertise_requiretls?\? no \(end of list\)/;
+ # TCP Fast Open
+ next if /^(ppppp )?setsockopt FASTOPEN: Network Error/;
+
+ # Experimental_PIPE_CONNECT
+ next if / in (pipelining_connect_advertise_hosts|hosts_pipe_connect)?\? no /;
+
# Environment cleaning
next if /\w+ in keep_environment\? (yes|no)/;
# Environment cleaning
next if /\w+ in keep_environment\? (yes|no)/;
@@
-1152,8
+1177,8
@@
RESET_AFTER_EXTRA_LINE_READ:
s/Address family not supported by protocol family/Network Error/;
s/Network is unreachable/Network Error/;
}
s/Address family not supported by protocol family/Network Error/;
s/Network is unreachable/Network Error/;
}
-
next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/;
next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/;
+ s/^(Connecting to .* \.\.\. sending) \d+ (nonTFO early-data)$/$1 dd $2/;
# Specific pointer values reported for DB operations change from run to run
s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
# Specific pointer values reported for DB operations change from run to run
s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
@@
-1622,9
+1647,11
@@
$munges =
{ 'stdout' => '/^(
dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity|timestamps)
|gnutls_require_(kx|mac|protocols)
{ 'stdout' => '/^(
dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity|timestamps)
|gnutls_require_(kx|mac|protocols)
+ |hosts_pipe_connect
|hosts_(requ(est|ire)|try)_(dane|ocsp)
|dane_require_tls_ciphers
|hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls
|hosts_(requ(est|ire)|try)_(dane|ocsp)
|dane_require_tls_ciphers
|hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls
+ |pipelining_connect_advertise_hosts
|socks_proxy
|tls_[^ ]*
|utf8_downconvert
|socks_proxy
|tls_[^ ]*
|utf8_downconvert
@@
-2177,7
+2204,7
@@
elsif (/^millisleep\s+(.*)$/)
# The "munge" command selects one of a hardwired set of test-result modifications
# The "munge" command selects one of a hardwired set of test-result modifications
-# to be made before result compares are run agains the golden set. This lets
+# to be made before result compares are run agains
t
the golden set. This lets
# us account for test-system dependent things which only affect a few, but known,
# test-cases.
# Currently only the last munge takes effect.
# us account for test-system dependent things which only affect a few, but known,
# test-cases.
# Currently only the last munge takes effect.
@@
-2650,7
+2677,7
@@
GetOptions(
'valgrind' => \$valgrind,
'range=s{2}' => \my @range_wanted,
'test=i@' => \my @tests_wanted,
'valgrind' => \$valgrind,
'range=s{2}' => \my @range_wanted,
'test=i@' => \my @tests_wanted,
- 'flavor|flavour=s' => $flavour,
+ 'flavor|flavour=s' =>
\
$flavour,
'help' => sub { pod2usage(-exit => 0) },
'man' => sub {
pod2usage(
'help' => sub { pod2usage(-exit => 0) },
'man' => sub {
pod2usage(
@@
-3374,6
+3401,12
@@
if ($parm_hostname =~ /[[:upper:]]/)
print "\n*** Host name has upper case characters: this may cause problems ***\n\n";
}
print "\n*** Host name has upper case characters: this may cause problems ***\n\n";
}
+if ($parm_hostname =~ /\.example\.com$/)
+ {
+ die "\n*** Host name ends in .example.com; this conflicts with the testsuite use of that domain.\n"
+ . " Please change the host's name (or comment out this check, and fail several testcases)\n";
+ }
+
##################################################
##################################################