X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/32dfdf8baa8ccf091a0d5d4d75e8627424898756..b24eb9cd4cd3bacbb044090cba7140a012b3eabb:/test/runtest?ds=sidebyside diff --git a/test/runtest b/test/runtest index 90c1758ca..102ec9ffc 100755 --- a/test/runtest +++ b/test/runtest @@ -490,9 +490,14 @@ RESET_AFTER_EXTRA_LINE_READ: s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx; s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}(\s[+-]\d\d\d\d)?\s/2017-07-30 18:51:05.712 /gx; s/^Logwrite\s"\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Logwrite "1999-03-02 09:44:33/gx; + # Date/time in syslog test + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s/2017-07-30 18:51:05 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s/2017-07-30 18:51:05.712 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s[+-]\d\d\d\d\s/2017-07-30 18:51:05 +9999 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s[+-]\d\d\d\d\s/2017-07-30 18:51:05.712 +9999 /gx; - s/([QD]T=)\d+s/$1qqs/g; - s/([QD]T=)\d\.\d{3}s/$1q.qqqs/g; + s/((D|[RQD]T)=)\d+s/$1qqs/g; + s/((D|[RQD]T)=)\d\.\d{3}s/$1q.qqqs/g; # Date/time in message separators s/(?:[A-Z][a-z]{2}\s){2}\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d @@ -539,22 +544,34 @@ RESET_AFTER_EXTRA_LINE_READ: # TLSv1.1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 # TLSv1.2:DHE-RSA-AES256-SHA:256 + # TLSv1.3:TLS_AES_256_GCM_SHA384:256 # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. # Mail headers (...), log-lines X=..., client-ssl output ... # (and \b doesn't match between ' ' and '(' ) + # + # Retain the authentication algorith field as we want to test that. + + s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg; + s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g; + s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g; - s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg; - s/\bAES128-GCM-SHA256:128\b/AES256-SHA:256/g; - s/\bAES128-GCM-SHA256\b/AES256-SHA/g; - s/\bAES256-GCM-SHA384\b/AES256-SHA/g; - s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g; + # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now, + # as it seems the protocol no longer supports a user choice. + s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g; # LibreSSL + # TLSv1:AES256-GCM-SHA384:256 # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256 - s/\bECDHE-RSA-CHACHA20-POLY1305\b/AES256-SHA/g; + # + # ECDHE-RSA-CHACHA20-POLY1305 + # AES256-GCM-SHA384 + + s/(?>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/; + s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/; # IP address lookups use gethostbyname() when IPv6 is not supported, # and gethostbyname2() or getipnodebyname() when it is. s/\b(gethostbyname2?|\bgetipnodebyname)(\(af=inet\))?/get[host|ipnode]byname[2]/; + # we don't care what TZ enviroment the testhost was running + next if /^Reset TZ to/; + # drop gnutls version strings next if /GnuTLS compile-time version: \d+[\.\d]+$/; next if /GnuTLS runtime version: \d+[\.\d]+$/; @@ -990,7 +1023,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /name=localhost address=::1/; # drop pdkim debugging header - next if /^PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<+$/; + next if /^PDKIM( <<<<<<<<<<<<<<<<<<<<<<<<<<<<<+|: no signatures)$/; # Various other IPv6 lines must be omitted too @@ -1081,9 +1114,9 @@ RESET_AFTER_EXTRA_LINE_READ: if (s/(with \$received_protocol)\}\} \$\{if def:tls_cipher \{\(\$tls_cipher\)\n$/$1/) { $_ .= ; - s/\s+\}\}(?=\(Exim )/\}\} /; + s/[\s╎]+\}\}(?=\(Exim )/\}\} /; } - if (/^ condition: def:tls_cipher$/) + if (/^ ├──condition: def:tls_cipher$/) { ; ; ; ; ; ; ; ; ; ; ; next; @@ -1111,8 +1144,16 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/; # Specific pointer values reported for DB operations change from run to run - s/^(returned from EXIM_DBOPEN: 0x)[0-9a-f]+/$1AAAAAAAA/; - s/^(EXIM_DBCLOSE.0x)[0-9a-f]+/$1AAAAAAAA/; + s/^(returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + s/^(EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + + # Platform-dependent output during MySQL startup + next if /PerconaFT file system space/; + next if /^Waiting for MySQL server to answer/; + next if /mysqladmin: CREATE DATABASE failed; .* database exists/; + + # Not all builds include DMARC + next if /^DMARC: no (dmarc_tld_file|sender_host_address)$/ ; # When Exim is checking the size of directories for maildir, it uses # the check_dir_size() function to scan directories. Of course, the order @@ -1146,6 +1187,7 @@ RESET_AFTER_EXTRA_LINE_READ: /^Support for:/ || /^Routers:/ || /^Transports:/ || + /^Malware:/ || /^log selectors =/ || /^cwd=/ || /^Fixed never_users:/ || @@ -1168,6 +1210,32 @@ RESET_AFTER_EXTRA_LINE_READ: # CHUNKING: exact sizes depend on hostnames in headers s/(=>.* K C="250- \d)\d+ (byte chunk, total \d)\d+/$1nn $2nn/; + + # openssl version variances + s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; + s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; + s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./; + + # DKIM timestamps + if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / ) + { + my ($prefix, $t_diff) = ($1, $3 - $2); + s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /; + } + } + + # ======== mail ======== + + elsif ($is_mail) + { + # DKIM timestamps, and signatures depending thereon + if ( /^(\s+)t=([0-9]*); x=([0-9]*); b=[A-Za-z0-9+\/]+$/ ) + { + my ($indent, $t_diff) = ($1, $3 - $2); + s/.*/${indent}t=T; x=T+${t_diff}; b=bbbb;/; + ; + ; + } } # ======== All files other than stderr ======== @@ -1527,13 +1595,15 @@ $munges = 'optional_config' => { 'stdout' => '/^( - dkim_(canon|domain|private_key|selector|sign_headers|strict) + dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity|timestamps) |gnutls_require_(kx|mac|protocols) |hosts_(requ(est|ire)|try)_(dane|ocsp) - |hosts_(avoid|nopass|require|verify_avoid)_tls + |dane_require_tls_ciphers + |hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls |socks_proxy |tls_[^ ]* - )($|[ ]=)/x' }, + )($|[ ]=)/x' + }, 'sys_bindir' => { 'mainlog' => 's%/(usr/(local/)?)?bin/%SYSBINDIR/%' }, @@ -1549,6 +1619,12 @@ $munges = 'timeout_errno' => # actual errno differs Solaris vs. Linux { 'mainlog' => 's/(host deferral .* errno) <\d+> /$1 /' }, + + 'peer_terminated_conn' => # actual error differs FreedBSD vs. Linux + { 'stderr' => 's/^( SMTP\()Connection reset by peer(\)<<)$/$1closed$2/' }, + + 'perl_variants' => # result of hash-in-scalar-context changed from bucket-fill to keycount + { 'stdout' => 's%^> X/X$%> X%' }, }; @@ -2405,6 +2481,7 @@ elsif (/^background$/) $_ =