X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/71c158466dab1d452d450843e8c204a42200b7a8..a3970a881934e1fc6be1993bfe544dd17abf6082:/test/runtest

diff --git a/test/runtest b/test/runtest
index a38f112af..d6bc7b03d 100755
--- a/test/runtest
+++ b/test/runtest
@@ -538,6 +538,9 @@ RESET_AFTER_EXTRA_LINE_READ:
   # Test machines might have various different TLS library versions supporting
   # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
   # treat the standard algorithms the same.
+  #
+  # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ???
+  #
   # So far, have seen:
   #   TLSv1:AES128-GCM-SHA256:128
   #   TLSv1:AES256-SHA:256
@@ -559,8 +562,12 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
 
   # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
-  # as it seems the protocol no longer supports a user choice.
-  s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+  # as it seems the protocol no longer supports a user choice.  Replace the "TLS" field with "RSA".
+  # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that.
+  #
+  # TLSversion : "TLS" - C_iph_er - MAC : ???
+  #
+  s/:TLS_AES(_256)_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g;
 
   # LibreSSL
   # TLSv1:AES256-GCM-SHA384:256
@@ -596,6 +603,7 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/No certificate was found/The peer did not send any certificate/g;
 #(dodgy test?)  s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g;
   s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g;
+  s/\(gnutls_handshake\): \KNo supported cipher suites have been found.$/Could not negotiate a supported cipher suite./;
 
   # (this new one is a generic channel-read error, but the testsuite
   # only hits it in one place)
@@ -1147,8 +1155,8 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/;
 
     # Specific pointer values reported for DB operations change from run to run
-    s/^(returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
-    s/^(EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
+    s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
+    s/^(\s*EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
 
     # Platform-dependent output during MySQL startup
     next if /PerconaFT file system space/;
@@ -1568,6 +1576,11 @@ $munges =
     'gnutls_handshake' =>
     { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/' },
 
+    'gnutls_bad_clientcert' =>
+    { 'mainlog' => 's/\(certificate verification failed\): certificate invalid/\(gnutls_handshake\): The peer did not send any certificate./',
+      'stdout'  => 's/Succeeded in starting TLS/A TLS fatal alert has been received.\nFailed to start TLS'
+    },
+
     'optional_events' =>
     { 'stdout' => '/event_action =/' },