From 5597be318c5e115d2a9502d81038a8a279bea38c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 5 Aug 2015 21:19:40 +0100 Subject: [PATCH] Dup GnuTLS test to OpenSSL --- test/log/5600 | 6 ++++ test/scripts/5600-OCSP-OpenSSL/5600 | 45 ++++++++++++++++++++++-- test/scripts/5650-OCSP-GnuTLS/5650 | 3 -- test/src/client.c | 6 ++-- test/stdout/5600 | 53 +++++++++++++++++++++++++++++ 5 files changed, 104 insertions(+), 9 deletions(-) diff --git a/test/log/5600 b/test/log/5600 index a680612a7..65ce55118 100644 --- a/test/log/5600 +++ b/test/log/5600 @@ -1,7 +1,13 @@ +1999-03-02 09:44:33 1: Server sends good staple on request 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified) +1999-03-02 09:44:33 2: Server does not staple an outdated response 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) diff --git a/test/scripts/5600-OCSP-OpenSSL/5600 b/test/scripts/5600-OCSP-OpenSSL/5600 index c7a700fde..2e63d0e0a 100644 --- a/test/scripts/5600-OCSP-OpenSSL/5600 +++ b/test/scripts/5600-OCSP-OpenSSL/5600 @@ -2,7 +2,9 @@ # # # -# 1: Server sends good staple on request +exim -z '1: Server sends good staple on request' +**** +# exim -bd -oX PORT_D -DSERVER=server \ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** @@ -30,7 +32,9 @@ killdaemon # # # -# 2: Server does not staple an outdated response +exim -z '2: Server does not staple an outdated response' +**** +# exim -bd -oX PORT_D -DSERVER=server \ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp **** @@ -54,7 +58,9 @@ killdaemon # # # -# 3: Server does not staple a response for a revoked cert +exim -z '3: Server does not staple a response for a revoked cert' +**** +# exim -bd -oX PORT_D -DSERVER=server \ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp **** @@ -78,3 +84,36 @@ killdaemon # # # +exim -z '4: Connection functions when server is prepared to staple but client does not request it' +**** +# +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +# +client-ssl \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +ehlo rhu.barb.tls +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +quit +**** +killdaemon +# +# +# +# +# diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650 index 343d6af2f..749d87048 100644 --- a/test/scripts/5650-OCSP-GnuTLS/5650 +++ b/test/scripts/5650-OCSP-GnuTLS/5650 @@ -91,9 +91,6 @@ exim -bd -oX PORT_D -DSERVER=server \ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** # -# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands) -# stapling -# client-gnutls \ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 ??? 220 diff --git a/test/src/client.c b/test/src/client.c index dd7df5bd6..ee00912bc 100644 --- a/test/src/client.c +++ b/test/src/client.c @@ -84,9 +84,9 @@ latter needs a whole pile of tables. */ # if GNUTLS_VERSION_NUMBER >= 0x030103 # define HAVE_OCSP # include -# ifndef GNUTLS_NO_EXTENSIONS -# define GNUTLS_NO_EXTENSIONS 0 -# endif +# endif +# ifndef GNUTLS_NO_EXTENSIONS +# define GNUTLS_NO_EXTENSIONS 0 # endif # define DH_BITS 768 diff --git a/test/stdout/5600 b/test/stdout/5600 index ce8638213..d2d28dce6 100644 --- a/test/stdout/5600 +++ b/test/stdout/5600 @@ -133,3 +133,56 @@ SSL info: SSL negotiation finished successfully SSL connection using AES256-SHA Succeeded in starting TLS End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +>>> ehlo rhu.barb.tls +??? 250- +<<< 250-server1.example.com Hello rhu.barb.tls [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250 +<<< 250 HELP +>>> quit +End of script -- 2.30.2