From: Jeremy Harris Date: Sat, 20 Jul 2024 19:24:31 +0000 (+0100) Subject: Testsuite: split testcase for non-OCSP build X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/bfba2a3018912e44d89b52e6649fc11f37a42ecb Testsuite: split testcase for non-OCSP build --- diff --git a/test/confs/1102 b/test/confs/1102 index 23afc36ee..c8379e0f4 100644 --- a/test/confs/1102 +++ b/test/confs/1102 @@ -1,4 +1,4 @@ -# Exim test configuration 1102 +# Exim test configuration 1102 & 5680 .include DIR/aux-var/tls_conf_prefix @@ -10,7 +10,9 @@ tls_advertise_hosts = * tls_certificate = DIR/tmp/certs/servercert tls_privatekey = DIR/tmp/certs/serverkey +.ifdef OPT tls_ocsp_file = DIR/tmp/certs/ocsp_proof +.endif #tls_verify_certificates = DIR/aux-fixed/cert2 tls_verify_certificates = system,cache diff --git a/test/confs/5680 b/test/confs/5680 new file mode 120000 index 000000000..4d642625f --- /dev/null +++ b/test/confs/5680 @@ -0,0 +1 @@ +1102 \ No newline at end of file diff --git a/test/log/5680 b/test/log/5680 new file mode 100644 index 000000000..89933f709 --- /dev/null +++ b/test/log/5680 @@ -0,0 +1,5 @@ + +******** SERVER ******** +2017-07-30 18:51:05.712 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D +2017-07-30 18:51:05.712 server cert: CN=server1.example.com +2017-07-30 18:51:05.712 server cert: CN=server1.example.net diff --git a/test/scripts/1100-Basic-TLS/1102 b/test/scripts/1100-Basic-TLS/1102 index 285b3be09..a29ef0ba4 100644 --- a/test/scripts/1100-Basic-TLS/1102 +++ b/test/scripts/1100-Basic-TLS/1102 @@ -1,15 +1,13 @@ # TLS server: creds caching # -# mkdir -p DIR/tmp/certs cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey -cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof # #exim -d-all+tls+receive+timestamp -DSERVER=server -bd -oX PORT_D exim -DSERVER=server -bd -oX PORT_D **** -client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D +client-anytls 127.0.0.1 PORT_D ??? 220 EHLO rhu.barb ????250 @@ -26,13 +24,11 @@ QUIT **** sleep 1 # Now overwrite the cert -# XXX using server2.com fails here, on the ocsp verify. Why? cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey -cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof # The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message sleep 7 -client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D +client-anytls 127.0.0.1 PORT_D ??? 220 EHLO rhu.barb ????250 diff --git a/test/scripts/5680-OCSP/5680 b/test/scripts/5680-OCSP/5680 new file mode 100644 index 000000000..ac56b8448 --- /dev/null +++ b/test/scripts/5680-OCSP/5680 @@ -0,0 +1,54 @@ +# TLS server: creds caching, OCSP +# +# +mkdir -p DIR/tmp/certs +cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert +cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey +cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof +# +#exim -d-all+tls+receive+timestamp -DSERVER=server -DOPT=ocsp -bd -oX PORT_D +exim -DSERVER=server -DOPT=ocsp -bd -oX PORT_D +**** +client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D +??? 220 +EHLO rhu.barb +????250 +STARTTLS +??? 220 +EHLO rhu.barb +????250 +MAIL FROM:<> +RCPT TO:test@example.com +??? 250 +??? 250 +QUIT +??? 221 +**** +sleep 1 +# Now overwrite the cert +# XXX using server2.com fails here, on the ocsp verify. Why? +cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert +cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey +cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof +# The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message +sleep 7 +client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D +??? 220 +EHLO rhu.barb +????250 +STARTTLS +??? 220 +EHLO rhu.barb +????250 +MAIL FROM:<> +RCPT TO:test@example.com +??? 250 +??? 250 +QUIT +??? 221 +**** +# +killdaemon +# +sudo rm -fr DIR/tmp +no_msglog_check diff --git a/test/scripts/5680-OCSP/REQUIRES b/test/scripts/5680-OCSP/REQUIRES new file mode 100644 index 000000000..64054f671 --- /dev/null +++ b/test/scripts/5680-OCSP/REQUIRES @@ -0,0 +1,3 @@ +feature _HAVE_TLS +support OCSP +running IPv4 diff --git a/test/stdout/1102 b/test/stdout/1102 index 3803fb2a9..0e9c0b366 100644 --- a/test/stdout/1102 +++ b/test/stdout/1102 @@ -7,8 +7,7 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS -OCSP status response: good signature -Succeeded in starting TLS (with OCSP) +Succeeded in starting TLS >>> EHLO rhu.barb ????250 >>> MAIL FROM:<> @@ -30,8 +29,7 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS -OCSP status response: good signature -Succeeded in starting TLS (with OCSP) +Succeeded in starting TLS >>> EHLO rhu.barb ????250 >>> MAIL FROM:<> diff --git a/test/stdout/5680 b/test/stdout/5680 new file mode 100644 index 000000000..3803fb2a9 --- /dev/null +++ b/test/stdout/5680 @@ -0,0 +1,46 @@ +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> EHLO rhu.barb +????250 +>>> STARTTLS +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +OCSP status response: good signature +Succeeded in starting TLS (with OCSP) +>>> EHLO rhu.barb +????250 +>>> MAIL FROM:<> +>>> RCPT TO:test@example.com +??? 250 +<<< 250 OK +??? 250 +<<< 250 Accepted +>>> QUIT +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> EHLO rhu.barb +????250 +>>> STARTTLS +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +OCSP status response: good signature +Succeeded in starting TLS (with OCSP) +>>> EHLO rhu.barb +????250 +>>> MAIL FROM:<> +>>> RCPT TO:test@example.com +??? 250 +<<< 250 OK +??? 250 +<<< 250 Accepted +>>> QUIT +??? 221 +<<< 221 myhost.test.ex closing connection +End of script