From 62b56dbfa456b107f09154ba014c98129a28ba3b Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 20 Apr 2014 20:53:32 +0100
Subject: [PATCH] Update testsuite for gnuTLS 3.1.23

---
 test/log/2025 |  2 +-
 test/log/2029 |  2 +-
 test/log/3454 |  2 +-
 test/runtest  | 16 ++++++++++++++--
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/test/log/2025 b/test/log/2025
index aa2745cfc..fafc68d5b 100644
--- a/test/log/2025
+++ b/test/log/2025
@@ -1,6 +1,6 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
 1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (gnutls_handshake): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 10HmaX-0005vi-00 a TLS session is required for ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4], but an attempt to start TLS failed
 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp -qf
diff --git a/test/log/2029 b/test/log/2029
index fc79930b2..e4510feb1 100644
--- a/test/log/2029
+++ b/test/log/2029
@@ -1,3 +1,3 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection from [127.0.0.1] (recv): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated.
 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP connection lost after final dot H=[127.0.0.1] P=smtps
diff --git a/test/log/3454 b/test/log/3454
index cb4757977..e6e0cb963 100644
--- a/test/log/3454
+++ b/test/log/3454
@@ -1,5 +1,5 @@
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated.
 1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason.
 1999-03-02 09:44:33 no MAIL in SMTP connection from [127.0.0.1] D=0s X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C=EHLO,STARTTLS,AUTH
 1999-03-02 09:44:33 no MAIL in SMTP connection from (foobar) [127.0.0.1] D=0s A=plain:userx X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C=EHLO,STARTTLS,EHLO,AUTH,QUIT
diff --git a/test/runtest b/test/runtest
index 443d7fcf4..fb23242e3 100755
--- a/test/runtest
+++ b/test/runtest
@@ -512,6 +512,8 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g;
 
   # GnuTLS have seen:
+  #   TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
+  #   TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
   #   TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical)
   #   TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
   #
@@ -520,12 +522,22 @@ RESET_AFTER_EXTRA_LINE_READ:
   #   X=TLS1.1:RSA_AES_256_CBC_SHA1:256
   #   X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256
   # and as stand-alone cipher:
+  #   ECDHE-RSA-AES256-SHA
   #   DHE-RSA-AES256-SHA256
   #   DHE-RSA-AES256-SHA
   # picking latter as canonical simply because regex easier that way.
   s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g;
-  s/TLS1.[012]:(DHE_)?RSA_AES_256_CBC_SHA(1|256):256/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g;
-  s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g;
+  s/TLS1.[012]:((EC)?DHE_)?RSA_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g;
+  s/\b(ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-SHA256)\b/AES256-SHA/g;
+
+  # GnuTLS library error message changes
+  s/No certificate was found/The peer did not send any certificate/g;
+#(dodgy test?)  s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g;
+  s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g;
+
+  # (replace old with new, hoping that old only happens in one situation)
+  s/TLS error on connection to ip4.ip4.ip4.ip4 \[ip4.ip4.ip4.ip4\] \(gnutls_handshake\): A TLS packet with unexpected length was received./a TLS session is required for ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4], but an attempt to start TLS failed/g;
+  s/TLS error on connection from [127.0.0.1] (recv): A TLS packet with unexpected length was received./TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated./g;
 
 
   # ======== Caller's login, uid, gid, home, gecos ========
-- 
2.30.2