X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/2ea74e31a95b19ea49e951cc9405b42d00f0b562..6010e708237477b8fab5fbed0a972a937d89fc56:/test/runtest diff --git a/test/runtest b/test/runtest index c25c654c9..b6d419bba 100755 --- a/test/runtest +++ b/test/runtest @@ -604,11 +604,18 @@ RESET_AFTER_EXTRA_LINE_READ: # GnuTLS have seen: # TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 + # TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 + # TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 + # TLS1.3:ECDHE_PSK_SECP256R1__AES_256_GCM__AEAD:256 # # TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 # TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256 + # TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 + # TLS1.2:ECDHE_SECP256R1__ECDSA_SHA512__AES_256_GCM:256 + # TLS1.2:RSA__CAMELLIA_256_GCM:256 (leave the cipher name) # # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 # X=TLS1.2:RSA_AES_256_CBC_SHA1:256 @@ -620,11 +627,21 @@ RESET_AFTER_EXTRA_LINE_READ: # DHE-RSA-AES256-SHA # picking latter as canonical simply because regex easier that way. s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA-AES256-SHA1:256/g; - s/TLS1.[0123]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke-$3-AES256-SHAnnn:xxx/g; + s/TLS1.[0123]: # TLS version + ((EC)?DHE(_((?PSK)_)?(SECP256R1|X25519))?__?)? # key-exchange + ((?RSA|ECDSA)((_PSS_RSAE)?_SHA(512|256))?__?)? # authentication + AES_(256|128)_(CBC|GCM) # cipher + (__?SHA(1|256|384))?: # PRF + (256|128) # cipher strength + /"TLS1.x:ke-" + . (defined($+{psk}) ? $+{psk} : "") + . (defined($+{auth}) ? $+{auth} : "") + . "-AES256-SHAnnn:xxx"/gex; + s/TLS1.2:RSA__CAMELLIA_256_GCM(_SHA384)?:256/TLS1.2:RSA_CAMELLIA_256_GCM-SHAnnn:256/g; s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAnnn/g; # GnuTLS library error message changes - s/No certificate was found/The peer did not send any certificate/g; + s/(No certificate was found|Certificate is required)/The peer did not send any certificate/g; #(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g; s/\(gnutls_handshake\): \KNo supported cipher suites have been found.$/Could not negotiate a supported cipher suite./; @@ -733,9 +750,6 @@ RESET_AFTER_EXTRA_LINE_READ: s/waiting for children of \d+/waiting for children of pppp/; s/waiting for (\S+) \(\d+\)/waiting for $1 (pppp)/; - # The spool header file name varies with PID - s%^(Writing spool header file: .*/hdr).[0-9]{1,5}%$1.pppp%; - # ======== Port numbers ======== # Incoming port numbers may vary, but not in daemon startup line. @@ -974,6 +988,9 @@ RESET_AFTER_EXTRA_LINE_READ: s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/; s/^\/.*postgres /POSTGRES /; + # DMARC is not always supported by the build + next if /^dmarc_tld_file =/; + # ARC is not always supported by the build next if /^arc_sign =/; } @@ -1264,7 +1281,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:(PEM routines):get_name:(no start line)/0906D06C:$1:PEM_read_bio:$2/; # gnutls version variances - if (/TLS error on connection \(recv\): .* Decode error/) + if (/TLS error on connection \(recv\): .* (Decode error|peer did not send any certificate)/) { my $prev = $_; $_ = ; @@ -1283,6 +1300,16 @@ RESET_AFTER_EXTRA_LINE_READ: my ($prefix, $t_diff) = ($1, $3 - $2); s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /; } + + # port numbers + s/(?:\[[^\]]*\]:|port )\K$parm_port_d/PORT_D/; + s/(?:\[[^\]]*\]:|port )\K$parm_port_d2/PORT_D2/; + s/(?:\[[^\]]*\]:|port )\K$parm_port_d3/PORT_D3/; + s/(?:\[[^\]]*\]:|port )\K$parm_port_d4/PORT_D4/; + s/(?:\[[^\]]*\]:|port )\K$parm_port_s/PORT_S/; + s/(?:\[[^\]]*\]:|port )\K$parm_port_n/PORT_N/; + s/I=\[[^\]]*\]:\K\d+/ppppp/; + } # ======== mail ======== @@ -2818,7 +2845,6 @@ foreach (@eximinfo) my $git = `git describe --dirty=-XX --match 'exim-4*'`; if (defined $git and $? == 0) { chomp $git; - $version =~ s/^\d+\K\./_/; $git =~ s/^exim-//i; $git =~ s/.*-\Kg([[:xdigit:]]+(?:-XX)?)/$1/; print <<___ @@ -3323,7 +3349,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = )) $parm_ipv4 = $1; } - if (not $parm_ipv6 and /^\s*inet6(?:\saddr)?:?\s?([abcdef\d:]+)(?:\/\d+)/i) + if (not $parm_ipv6 and /^\s*inet6(?:\saddr)?:?\s?([abcdef\d:]+)(?:%[^ \/]+)?(?:\/\d+)?/i) { next if $1 eq '::1' or $1 =~ /^fe80/i; $parm_ipv6 = $1; @@ -3383,6 +3409,7 @@ else print "IPv4 address is $parm_ipv4\n"; print "IPv6 address is $parm_ipv6\n"; +$parm_ipv6 =~ /^[^%\/]*/; # For munging test output, we need the reversed IP addresses.