From 12ee8cf9db5b6c81b0e492c64f305d7ba1cf4dc2 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 8 Aug 2014 20:45:24 +0100 Subject: [PATCH] Testsuite basics. Not actually excercising DANE yet, this will take additions in the fakedns and probably changes in certificates. --- src/src/tls-openssl.c | 3 +- test/confs/5800 | 74 +++++++++++++++++++++++++ test/confs/5850 | 72 ++++++++++++++++++++++++ test/log/5850 | 13 +++++ test/scripts/2100-OpenSSL/2100 | 2 +- test/scripts/5800-DANE-GnuTLS/5800 | 14 +++++ test/scripts/5800-DANE-GnuTLS/REQUIRES | 3 + test/scripts/5850-DANE-OpenSSL/5850 | 12 ++++ test/scripts/5850-DANE-OpenSSL/REQUIRES | 3 + 9 files changed, 194 insertions(+), 2 deletions(-) create mode 100644 test/confs/5800 create mode 100644 test/confs/5850 create mode 100644 test/log/5850 create mode 100644 test/scripts/5800-DANE-GnuTLS/5800 create mode 100644 test/scripts/5800-DANE-GnuTLS/REQUIRES create mode 100644 test/scripts/5850-DANE-OpenSSL/5850 create mode 100644 test/scripts/5850-DANE-OpenSSL/REQUIRES diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 8a4e5a7ae..201636db0 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1829,7 +1829,8 @@ rc = SSL_connect(client_ssl); alarm(0); #ifdef EXPERIMENTAL_DANE -DANESSL_cleanup(client_ssl); /*XXX earliest possible callpoint. Too early? */ +if (dane) + DANESSL_cleanup(client_ssl); /*XXX earliest possible callpoint. Too early? */ #endif if (rc <= 0) diff --git a/test/confs/5800 b/test/confs/5800 new file mode 100644 index 000000000..f1bd09d1c --- /dev/null +++ b/test/confs/5800 @@ -0,0 +1,74 @@ +# Exim test configuration 5800 +# DANE + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * +# needed to force generation +tls_dhparam = historic + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +#tls_verify_hosts = * +#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + +server: + driver = redirect + data = :blackhole: + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D +# tls_certificate = DIR/aux-fixed/cert2 +# tls_privatekey = DIR/aux-fixed/cert2 +# tls_verify_certificates = DIR/aux-fixed/cert2 + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/5850 b/test/confs/5850 new file mode 100644 index 000000000..ac967fcb8 --- /dev/null +++ b/test/confs/5850 @@ -0,0 +1,72 @@ +# Exim test configuration 5850 +# DANE + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +#tls_verify_hosts = * +#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + +server: + driver = redirect + data = :blackhole: + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D +# tls_certificate = DIR/aux-fixed/cert2 +# tls_privatekey = DIR/aux-fixed/cert2 +# tls_verify_certificates = DIR/aux-fixed/cert2 + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/log/5850 b/test/log/5850 new file mode 100644 index 000000000..2913e7c4a --- /dev/null +++ b/test/log/5850 @@ -0,0 +1,13 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/scripts/2100-OpenSSL/2100 b/test/scripts/2100-OpenSSL/2100 index 61c2fd6fb..c2b0f8981 100644 --- a/test/scripts/2100-OpenSSL/2100 +++ b/test/scripts/2100-OpenSSL/2100 @@ -4,7 +4,7 @@ exim -DSERVER=server -bd -oX PORT_D exim CALLER@test.ex Testing **** -exim -d+all -qf +exim -qf **** killdaemon no_msglog_check diff --git a/test/scripts/5800-DANE-GnuTLS/5800 b/test/scripts/5800-DANE-GnuTLS/5800 new file mode 100644 index 000000000..07ad7406d --- /dev/null +++ b/test/scripts/5800-DANE-GnuTLS/5800 @@ -0,0 +1,14 @@ +# DANE client: general +# +gnutls +# +exim -DSERVER=server -bd -oX PORT_D +**** +exim CALLER@test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DNOTDAEMON -qf +**** diff --git a/test/scripts/5800-DANE-GnuTLS/REQUIRES b/test/scripts/5800-DANE-GnuTLS/REQUIRES new file mode 100644 index 000000000..4234c92f8 --- /dev/null +++ b/test/scripts/5800-DANE-GnuTLS/REQUIRES @@ -0,0 +1,3 @@ +support Experimental_DANE +support GnuTLS +running IPv4 diff --git a/test/scripts/5850-DANE-OpenSSL/5850 b/test/scripts/5850-DANE-OpenSSL/5850 new file mode 100644 index 000000000..419930e11 --- /dev/null +++ b/test/scripts/5850-DANE-OpenSSL/5850 @@ -0,0 +1,12 @@ +# DANE client: general +# +exim -DSERVER=server -bd -oX PORT_D +**** +exim CALLER@test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DNOTDAEMON -qf +**** diff --git a/test/scripts/5850-DANE-OpenSSL/REQUIRES b/test/scripts/5850-DANE-OpenSSL/REQUIRES new file mode 100644 index 000000000..59cb7dc91 --- /dev/null +++ b/test/scripts/5850-DANE-OpenSSL/REQUIRES @@ -0,0 +1,3 @@ +support Experimental_DANE +support OpenSSL +running IPv4 -- 2.30.2