Testsuite: OpenSSL version differences
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 7 Jun 2022 17:44:36 +0000 (18:44 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Fri, 10 Jun 2022 15:08:42 +0000 (16:08 +0100)
(cherry picked from commit 4468bfff7dc28b9c54a5225d3f10a6aa6a67a1d9)

test/confs/2100
test/lib/Exim/Runtest.pm
test/runtest

index 63a2f255a2b9d87c091dd7edf4ad05c02c2e8ef6..6425f3a0fee021dae33d49469ba09100f93c66cc 100644 (file)
@@ -20,14 +20,9 @@ queue_run_in_order
 
 tls_advertise_hosts = *
 
-# Set certificate only if server
-
-#tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 tls_certificate = DIR/aux-fixed/cert1
-#tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 
 tls_verify_hosts = *
-#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
 tls_verify_certificates = DIR/aux-fixed/cert2
 
 
index 7ba079051c9e88fb9515408e303f57428f996606..6c2262f558646d36d1420865f2f6d6271bc59d4f 100644 (file)
@@ -120,7 +120,7 @@ sub flavour {
     }
 
     if (open(my $f, '-|', 'openssl version')) {
-       <$f> =~ /1.1.1/ && return "openssl_1_1_1";
+       <$f> =~ /(1\.1\.1|3\.\d+\.\d+)/ && return "openssl_1_1_1";
     }
 
     if (open(my $f, '<', "$etc/os-release")) {
index c88a8929ecbd4254c5877dcec7304c3bf42f06a0..d760a00909792d15e3db6faddb9a08cd4a25a8c4 100755 (executable)
@@ -432,6 +432,8 @@ RESET_AFTER_EXTRA_LINE_READ:
 
   # There are differences in error messages between OpenSSL versions
   s/SSL_CTX_set_cipher_list/SSL_connect/;
+  s/error=\Kauthority and subject key identifier mismatch/self signed certificate/;
+  s/error=\Kself-signed certificate/self signed certificate/;
 
   # One error test in expansions mentions base 62 or 36
   s/is not a base (36|62) number/is not a base 36\/62 number/;
@@ -906,9 +908,10 @@ RESET_AFTER_EXTRA_LINE_READ:
   # numbers, or handle specific bad conditions in different ways, leading to
   # different wording in the error messages, so we cannot compare them.
 
-#XXX This loses any trailing "deliving unencypted to" which is unfortunate
+#XXX This loses any trailing "delivering unencypted to" which is unfortunate
 #    but I can't work out how to deal with that.
   s/(TLS session: \(SSL_\w+\): error:)(.*)(?!: delivering)/$1 <<detail omitted>>/;
+  s/TLS error on connection from .*\K\(SSL_accept\): error:.*:unexpected eof while reading$/(tls lib accept fn): TCP connection closed by peer/;
   s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
   next if /SSL verify error: depth=0 error=certificate not trusted/;
 
@@ -1008,8 +1011,10 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /SSL verify error: depth=0 error=certificate not trusted/;
     s/SSL3_READ_BYTES/ssl3_read_bytes/i;
     s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
-    s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
-    s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/;
+    s/^[[:xdigit:]]+:error:[[:xdigit:]]+(?:E[[:xdigit:]]+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
+    s/^error:\K[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/dddddddd:$1/;
+    s/^error:\K[[:xdigit:]]+:SSL routines::(tlsv13 alert certificate required)$/dddddddd:SSL routines:ssl3_read_bytes:$1/;
+    s/^error:\K[[:xdigit:]]+:SSL routines::((tlsv1|sslv3) alert (unknown ca|certificate revoked))$/dddddddd:SSL routines:ssl3_read_bytes:$1/;
 
     # gnutls version variances
     next if /^Error in the pull function./;