X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/966e829c812abf574896810d3313247348a6532c..43d1f6cd753b9104d58a48e0a8f9afca8ddd74b2:/test/runtest diff --git a/test/runtest b/test/runtest index 7a7f661ba..e5f2a0475 100755 --- a/test/runtest +++ b/test/runtest @@ -538,6 +538,9 @@ RESET_AFTER_EXTRA_LINE_READ: # Test machines might have various different TLS library versions supporting # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we # treat the standard algorithms the same. + # + # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ??? + # # So far, have seen: # TLSv1:AES128-GCM-SHA256:128 # TLSv1:AES256-SHA:256 @@ -559,8 +562,13 @@ RESET_AFTER_EXTRA_LINE_READ: s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g; # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now, - # as it seems the protocol no longer supports a user choice. - s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g; + # as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA". + # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that. + # + # TLSversion : "TLS" - C_iph_er - MAC : ??? + # + s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHA/g; + s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g; # LibreSSL # TLSv1:AES256-GCM-SHA384:256 @@ -596,6 +604,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/No certificate was found/The peer did not send any certificate/g; #(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g; + s/\(gnutls_handshake\): \KNo supported cipher suites have been found.$/Could not negotiate a supported cipher suite./; # (this new one is a generic channel-read error, but the testsuite # only hits it in one place) @@ -1568,6 +1577,11 @@ $munges = 'gnutls_handshake' => { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/' }, + 'gnutls_bad_clientcert' => + { 'mainlog' => 's/\(certificate verification failed\): certificate invalid/\(gnutls_handshake\): The peer did not send any certificate./', + 'stdout' => 's/Succeeded in starting TLS/A TLS fatal alert has been received.\nFailed to start TLS' + }, + 'optional_events' => { 'stdout' => '/event_action =/' },