From 9f5f6f757d86cd2539cbfba1f3230df743c30189 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 7 Jun 2022 18:44:36 +0100 Subject: [PATCH] Testsuite: OpenSSL version differences (cherry picked from commit 4468bfff7dc28b9c54a5225d3f10a6aa6a67a1d9) --- test/confs/2100 | 5 ----- test/lib/Exim/Runtest.pm | 2 +- test/runtest | 11 ++++++++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/test/confs/2100 b/test/confs/2100 index 63a2f255a..6425f3a0f 100644 --- a/test/confs/2100 +++ b/test/confs/2100 @@ -20,14 +20,9 @@ queue_run_in_order tls_advertise_hosts = * -# Set certificate only if server - -#tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_certificate = DIR/aux-fixed/cert1 -#tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} tls_verify_hosts = * -#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} tls_verify_certificates = DIR/aux-fixed/cert2 diff --git a/test/lib/Exim/Runtest.pm b/test/lib/Exim/Runtest.pm index 7ba079051..6c2262f55 100644 --- a/test/lib/Exim/Runtest.pm +++ b/test/lib/Exim/Runtest.pm @@ -120,7 +120,7 @@ sub flavour { } if (open(my $f, '-|', 'openssl version')) { - <$f> =~ /1.1.1/ && return "openssl_1_1_1"; + <$f> =~ /(1\.1\.1|3\.\d+\.\d+)/ && return "openssl_1_1_1"; } if (open(my $f, '<', "$etc/os-release")) { diff --git a/test/runtest b/test/runtest index c88a8929e..d760a0090 100755 --- a/test/runtest +++ b/test/runtest @@ -432,6 +432,8 @@ RESET_AFTER_EXTRA_LINE_READ: # There are differences in error messages between OpenSSL versions s/SSL_CTX_set_cipher_list/SSL_connect/; + s/error=\Kauthority and subject key identifier mismatch/self signed certificate/; + s/error=\Kself-signed certificate/self signed certificate/; # One error test in expansions mentions base 62 or 36 s/is not a base (36|62) number/is not a base 36\/62 number/; @@ -906,9 +908,10 @@ RESET_AFTER_EXTRA_LINE_READ: # numbers, or handle specific bad conditions in different ways, leading to # different wording in the error messages, so we cannot compare them. -#XXX This loses any trailing "deliving unencypted to" which is unfortunate +#XXX This loses any trailing "delivering unencypted to" which is unfortunate # but I can't work out how to deal with that. s/(TLS session: \(SSL_\w+\): error:)(.*)(?!: delivering)/$1 <>/; + s/TLS error on connection from .*\K\(SSL_accept\): error:.*:unexpected eof while reading$/(tls lib accept fn): TCP connection closed by peer/; s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <>/; next if /SSL verify error: depth=0 error=certificate not trusted/; @@ -1008,8 +1011,10 @@ RESET_AFTER_EXTRA_LINE_READ: next if /SSL verify error: depth=0 error=certificate not trusted/; s/SSL3_READ_BYTES/ssl3_read_bytes/i; s/CONNECT_CR_FINISHED/ssl3_read_bytes/i; - s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; - s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/; + s/^[[:xdigit:]]+:error:[[:xdigit:]]+(?:E[[:xdigit:]]+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; + s/^error:\K[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/dddddddd:$1/; + s/^error:\K[[:xdigit:]]+:SSL routines::(tlsv13 alert certificate required)$/dddddddd:SSL routines:ssl3_read_bytes:$1/; + s/^error:\K[[:xdigit:]]+:SSL routines::((tlsv1|sslv3) alert (unknown ca|certificate revoked))$/dddddddd:SSL routines:ssl3_read_bytes:$1/; # gnutls version variances next if /^Error in the pull function./; -- 2.30.2