From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 20 Jul 2024 19:24:31 +0000 (+0100)
Subject: Testsuite: split testcase for non-OCSP build
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/bfba2a3018912e44d89b52e6649fc11f37a42ecb

Testsuite: split testcase for non-OCSP build
---

diff --git a/test/confs/1102 b/test/confs/1102
index 23afc36ee..c8379e0f4 100644
--- a/test/confs/1102
+++ b/test/confs/1102
@@ -1,4 +1,4 @@
-# Exim test configuration 1102
+# Exim test configuration 1102 & 5680
 
 .include DIR/aux-var/tls_conf_prefix
 
@@ -10,7 +10,9 @@ tls_advertise_hosts = *
 
 tls_certificate = DIR/tmp/certs/servercert
 tls_privatekey =  DIR/tmp/certs/serverkey
+.ifdef OPT
 tls_ocsp_file =   DIR/tmp/certs/ocsp_proof
+.endif
 
 #tls_verify_certificates = DIR/aux-fixed/cert2
 tls_verify_certificates = system,cache
diff --git a/test/confs/5680 b/test/confs/5680
new file mode 120000
index 000000000..4d642625f
--- /dev/null
+++ b/test/confs/5680
@@ -0,0 +1 @@
+1102
\ No newline at end of file
diff --git a/test/log/5680 b/test/log/5680
new file mode 100644
index 000000000..89933f709
--- /dev/null
+++ b/test/log/5680
@@ -0,0 +1,5 @@
+
+******** SERVER ********
+2017-07-30 18:51:05.712 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+2017-07-30 18:51:05.712 server cert: CN=server1.example.com
+2017-07-30 18:51:05.712 server cert: CN=server1.example.net
diff --git a/test/scripts/1100-Basic-TLS/1102 b/test/scripts/1100-Basic-TLS/1102
index 285b3be09..a29ef0ba4 100644
--- a/test/scripts/1100-Basic-TLS/1102
+++ b/test/scripts/1100-Basic-TLS/1102
@@ -1,15 +1,13 @@
 # TLS server: creds caching
 #
-#
 mkdir -p DIR/tmp/certs
 cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem            DIR/tmp/certs/servercert
 cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key   DIR/tmp/certs/serverkey
-cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof
 #
 #exim -d-all+tls+receive+timestamp -DSERVER=server -bd -oX PORT_D
 exim -DSERVER=server -bd -oX PORT_D
 ****
-client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D
+client-anytls 127.0.0.1 PORT_D
 ??? 220
 EHLO rhu.barb
 ????250
@@ -26,13 +24,11 @@ QUIT
 ****
 sleep 1
 # Now overwrite the cert
-# XXX using server2.com fails here, on the ocsp verify.  Why?
 cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem            DIR/tmp/certs/servercert
 cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key   DIR/tmp/certs/serverkey
-cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof
 # The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message
 sleep 7
-client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D
+client-anytls 127.0.0.1 PORT_D
 ??? 220
 EHLO rhu.barb
 ????250
diff --git a/test/scripts/5680-OCSP/5680 b/test/scripts/5680-OCSP/5680
new file mode 100644
index 000000000..ac56b8448
--- /dev/null
+++ b/test/scripts/5680-OCSP/5680
@@ -0,0 +1,54 @@
+# TLS server: creds caching, OCSP
+#
+#
+mkdir -p DIR/tmp/certs
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem            DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key   DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof
+#
+#exim -d-all+tls+receive+timestamp -DSERVER=server -DOPT=ocsp -bd -oX PORT_D
+exim -DSERVER=server -DOPT=ocsp -bd -oX PORT_D
+****
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D
+??? 220
+EHLO rhu.barb
+????250
+STARTTLS
+??? 220
+EHLO rhu.barb
+????250
+MAIL FROM:<>
+RCPT TO:test@example.com
+??? 250
+??? 250
+QUIT
+??? 221
+****
+sleep 1
+# Now overwrite the cert
+# XXX using server2.com fails here, on the ocsp verify.  Why?
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem            DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key   DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof
+# The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message
+sleep 7
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D
+??? 220
+EHLO rhu.barb
+????250
+STARTTLS
+??? 220
+EHLO rhu.barb
+????250
+MAIL FROM:<>
+RCPT TO:test@example.com
+??? 250
+??? 250
+QUIT
+??? 221
+****
+#
+killdaemon
+#
+sudo rm -fr DIR/tmp
+no_msglog_check
diff --git a/test/scripts/5680-OCSP/REQUIRES b/test/scripts/5680-OCSP/REQUIRES
new file mode 100644
index 000000000..64054f671
--- /dev/null
+++ b/test/scripts/5680-OCSP/REQUIRES
@@ -0,0 +1,3 @@
+feature _HAVE_TLS
+support OCSP
+running IPv4
diff --git a/test/stdout/1102 b/test/stdout/1102
index 3803fb2a9..0e9c0b366 100644
--- a/test/stdout/1102
+++ b/test/stdout/1102
@@ -7,8 +7,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-OCSP status response: good signature
-Succeeded in starting TLS (with OCSP)
+Succeeded in starting TLS
 >>> EHLO rhu.barb
 ????250
 >>> MAIL FROM:<>
@@ -30,8 +29,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
-OCSP status response: good signature
-Succeeded in starting TLS (with OCSP)
+Succeeded in starting TLS
 >>> EHLO rhu.barb
 ????250
 >>> MAIL FROM:<>
diff --git a/test/stdout/5680 b/test/stdout/5680
new file mode 100644
index 000000000..3803fb2a9
--- /dev/null
+++ b/test/stdout/5680
@@ -0,0 +1,46 @@
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO rhu.barb
+????250
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+OCSP status response: good signature
+Succeeded in starting TLS (with OCSP)
+>>> EHLO rhu.barb
+????250
+>>> MAIL FROM:<>
+>>> RCPT TO:test@example.com
+??? 250
+<<< 250 OK
+??? 250
+<<< 250 Accepted
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO rhu.barb
+????250
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+OCSP status response: good signature
+Succeeded in starting TLS (with OCSP)
+>>> EHLO rhu.barb
+????250
+>>> MAIL FROM:<>
+>>> RCPT TO:test@example.com
+??? 250
+<<< 250 OK
+??? 250
+<<< 250 Accepted
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script