GnuTLS: Fix client detection of server reject of client cert under TLS1.3

[exim.git] / test / runtest

diff --git a/test/runtest b/test/runtest
index 77b701c0b4bf3354b58ff65ee9230d9ebebd20d0..7aaf1032da0630743d7d4cee8f5afd19a4c17180 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -553,7 +553,7 @@ RESET_AFTER_EXTRA_LINE_READ:
   # (discarding kex, cipher, mac).  For TLS 1.3 there is no kex
   # element (and no _WITH); insert a spurious "RSA".
 
-  s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-\1-AES256-SHAnnn:xxx)/;
+  s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-$1-AES256-SHAnnn:xxx)/;
   s/^\s+by .+ with .+ \K tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/;
 
   # Test machines might have various different TLS library versions supporting
@@ -1263,6 +1263,20 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;
     s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:(PEM routines):get_name:(no start line)/0906D06C:$1:PEM_read_bio:$2/;
 
+    # gnutls version variances
+    if (/TLS error on connection \(recv\): .* Decode error/)
+      {
+      my $prev = $_;
+      $_ = <IN>;
+      if (/error on first read/)
+       {
+       s/TLS session: \Kerror on first read:/(gnutls_handshake): A TLS fatal alert has been received.:/;
+       goto RESET_AFTER_EXTRA_LINE_READ;
+       }
+      else
+       { $_ = $prev; }
+      }
+
     # DKIM timestamps
     if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / )
       {