X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/306c6c7751cf6953dc544a607b584a9ca58623ad..4a7ad62b15ea97dd2de1c98d0cd0219f99233bce:/test/runtest diff --git a/test/runtest b/test/runtest index a6844bebb..d4cf9f90e 100755 --- a/test/runtest +++ b/test/runtest @@ -490,6 +490,11 @@ RESET_AFTER_EXTRA_LINE_READ: s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx; s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}(\s[+-]\d\d\d\d)?\s/2017-07-30 18:51:05.712 /gx; s/^Logwrite\s"\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Logwrite "1999-03-02 09:44:33/gx; + # Date/time in syslog test + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s/2017-07-30 18:51:05 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s/2017-07-30 18:51:05.712 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s[+-]\d\d\d\d\s/2017-07-30 18:51:05 +9999 /gx; + s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s[+-]\d\d\d\d\s/2017-07-30 18:51:05.712 +9999 /gx; s/((D|[RQD]T)=)\d+s/$1qqs/g; s/((D|[RQD]T)=)\d\.\d{3}s/$1q.qqqs/g; @@ -533,12 +538,16 @@ RESET_AFTER_EXTRA_LINE_READ: # Test machines might have various different TLS library versions supporting # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we # treat the standard algorithms the same. + # + # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ??? + # # So far, have seen: # TLSv1:AES128-GCM-SHA256:128 # TLSv1:AES256-SHA:256 # TLSv1.1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 # TLSv1.2:DHE-RSA-AES256-SHA:256 + # TLSv1.3:TLS_AES_256_GCM_SHA384:256 # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but @@ -548,10 +557,19 @@ RESET_AFTER_EXTRA_LINE_READ: # # Retain the authentication algorith field as we want to test that. - s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg; + s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg; s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g; s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g; + # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now, + # as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA". + # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that. + # + # TLSversion : "TLS" - C_iph_er - MAC : ??? + # + s/TLS_AES(_256)?_GCM_SHA384(?!:)/ke-RSA-AES256-SHA/g; + s/:TLS_AES(_256)?_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g; + # LibreSSL # TLSv1:AES256-GCM-SHA384:256 # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256 @@ -586,6 +604,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/No certificate was found/The peer did not send any certificate/g; #(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g; + s/\(gnutls_handshake\): \KNo supported cipher suites have been found.$/Could not negotiate a supported cipher suite./; # (this new one is a generic channel-read error, but the testsuite # only hits it in one place) @@ -661,7 +680,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/\bgid=\d+/gid=gggg/; s/\begid=\d+/egid=gggg/; - s/\bpid=\d+/pid=pppp/; + s/\b(pid=|PID: )\d+/$1pppp/; s/\buid=\d+/uid=uuuu/; s/\beuid=\d+/euid=uuuu/; s/set_process_info:\s+\d+/set_process_info: pppp/; @@ -675,8 +694,12 @@ RESET_AFTER_EXTRA_LINE_READ: s"test-mail/temp\.\d+\."test-mail/temp.pppp."; # Optional pid in log lines - s/^(\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d)(\s[+-]\d\d\d\d|)(\s\[\d+\])/ - "$1$2 [" . new_value($3, "%s", \$next_pid) . "]"/gxe; + s/^(\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d)(\.\d{3}|)(\s[+-]\d{4}|)(\s\[\d+\])/ + "$1$2$3 [" . new_value($4, "%s", \$next_pid) . "]"/gxe; + + # Optional pid in syslog test lines + s/^(SYSLOG:\s\'([-0-9]{10}\s[:.0-9]{8,12}\s([-+]\d{4}\s)?|))(\[\d+\] )/ + "$1\[" . new_value($4, "%s", \$next_pid) . "]"/gxe; # Detect a daemon stderr line with a pid and save the pid for subsequent # removal from following lines. @@ -912,6 +935,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/SSL3_READ_BYTES/ssl3_read_bytes/i; s/CONNECT_CR_FINISHED/ssl3_read_bytes/i; s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; + s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/; # gnutls version variances next if /^Error in the pull function./; @@ -922,6 +946,13 @@ RESET_AFTER_EXTRA_LINE_READ: # subsecond timstamp info in reported header-files s/^(-received_time_usec \.)\d{6}$/$1uuuuuu/; + + # Postgres server takes varible time to shut down; lives in various places + s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/; + s/^\/.*postgres /POSTGRES /; + + # ARC is not always supported by the build + next if /^arc_sign =/; } # ======== stderr ======== @@ -1002,7 +1033,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /name=localhost address=::1/; # drop pdkim debugging header - next if /^PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<+$/; + next if /^PDKIM( <<<<<<<<<<<<<<<<<<<<<<<<<<<<<+|: no signatures)$/; # Various other IPv6 lines must be omitted too @@ -1045,12 +1076,14 @@ RESET_AFTER_EXTRA_LINE_READ: # Some DBM libraries seem to make DBM files on opening with O_RDWR without # O_CREAT; other's don't. In the latter case there is some debugging output # which is not present in the former. Skip the relevant lines (there are - # two of them). + # three of them). - if (/TESTSUITE\/spool\/db\/\S+ appears not to exist: trying to create/) + if (/returned from EXIM_DBOPEN: \(nil\)/) { - $_ = ; - next; + $_ .= ; + s?\Q$parm_cwd\E?TESTSUITE?g; + if (/TESTSUITE\/spool\/db\/\S+ appears not to exist: trying to create/) + { $_ = ; next; } } # Some tests turn on +expand debugging to check on expansions. @@ -1080,6 +1113,15 @@ RESET_AFTER_EXTRA_LINE_READ: # Experimental_International next if / in smtputf8_advertise_hosts\? no \(option unset\)/; + # Experimental_REQUIRETLS + next if / in tls_advertise_requiretls?\? no \(end of list\)/; + + # TCP Fast Open + next if /^(ppppp )?setsockopt FASTOPEN: Network Error/; + + # Experimental_PIPE_CONNECT + next if / in (pipelining_connect_advertise_hosts|hosts_pipe_connect)?\? no /; + # Environment cleaning next if /\w+ in keep_environment\? (yes|no)/; @@ -1123,14 +1165,17 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/; # Specific pointer values reported for DB operations change from run to run - s/^(returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; - s/^(EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + s/^(\s*EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; # Platform-dependent output during MySQL startup next if /PerconaFT file system space/; next if /^Waiting for MySQL server to answer/; next if /mysqladmin: CREATE DATABASE failed; .* database exists/; + # Not all builds include DMARC + next if /^DMARC: no (dmarc_tld_file|sender_host_address)$/ ; + # When Exim is checking the size of directories for maildir, it uses # the check_dir_size() function to scan directories. Of course, the order # of the files that are obtained using readdir() varies from system to @@ -1190,6 +1235,28 @@ RESET_AFTER_EXTRA_LINE_READ: # openssl version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; + s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./; + + # DKIM timestamps + if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / ) + { + my ($prefix, $t_diff) = ($1, $3 - $2); + s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /; + } + } + + # ======== mail ======== + + elsif ($is_mail) + { + # DKIM timestamps, and signatures depending thereon + if ( /^(\s+)t=([0-9]*); x=([0-9]*); b=[A-Za-z0-9+\/]+$/ ) + { + my ($indent, $t_diff) = ($1, $3 - $2); + s/.*/${indent}t=T; x=T+${t_diff}; b=bbbb;/; + ; + ; + } } # ======== All files other than stderr ======== @@ -1519,6 +1586,11 @@ $munges = 'gnutls_handshake' => { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/' }, + 'gnutls_bad_clientcert' => + { 'mainlog' => 's/\(certificate verification failed\): certificate invalid/\(gnutls_handshake\): The peer did not send any certificate./', + 'stdout' => 's/Succeeded in starting TLS/A TLS fatal alert has been received.\nFailed to start TLS' + }, + 'optional_events' => { 'stdout' => '/event_action =/' }, @@ -1538,7 +1610,15 @@ $munges = { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' }, 'tls_anycipher' => - { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' }, + { 'mainlog' => 's! X=TLS\S+ ! X=TLS_proto_and_cipher !; + s! DN="C=! DN="/C=!; + s! DN="[^,"]*\K,!/!; + s! DN="[^,"]*\K,!/!; + s! DN="[^,"]*\K,!/!; + ', + 'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /', + 'mail' => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/', + }, 'debug_pid' => { 'stderr' => 's/(^\s{0,4}|(?<=Process )|(?<=child ))\d{1,5}/ppppp/g' }, @@ -1549,12 +1629,16 @@ $munges = 'optional_config' => { 'stdout' => '/^( - dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity) + dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity|timestamps) |gnutls_require_(kx|mac|protocols) + |hosts_pipe_connect |hosts_(requ(est|ire)|try)_(dane|ocsp) + |dane_require_tls_ciphers |hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls + |pipelining_connect_advertise_hosts |socks_proxy |tls_[^ ]* + |utf8_downconvert )($|[ ]=)/x' }, @@ -2577,7 +2661,7 @@ GetOptions( 'valgrind' => \$valgrind, 'range=s{2}' => \my @range_wanted, 'test=i@' => \my @tests_wanted, - 'flavor|flavour=s' => $flavour, + 'flavor|flavour=s' => \$flavour, 'help' => sub { pod2usage(-exit => 0) }, 'man' => sub { pod2usage( @@ -2783,6 +2867,7 @@ while () my(@temp); if (/^(Exim|Library) version/) { print; } + if (/Runtime: /) {print; } elsif (/^Size of off_t: (\d+)/) { @@ -3300,6 +3385,12 @@ if ($parm_hostname =~ /[[:upper:]]/) print "\n*** Host name has upper case characters: this may cause problems ***\n\n"; } +if ($parm_hostname =~ /\.example\.com$/) + { + die "\n*** Host name ends in .example.com; this conflicts with the testsuite use of that domain.\n" + . " Please change the host's name (or comment out this check, and fail several testcases)\n"; + } + ################################################## @@ -3529,6 +3620,32 @@ DIR: for (my $i = 0; $i < @test_dirs; $i++) { if (!defined $parm_malware{$1}) { $wantthis = 0; last; } } + elsif (/^feature (.*)$/) + { + # move to a subroutine? + my $eximinfo = "$parm_exim -C $parm_cwd/test-config -DDIR=$parm_cwd -bP macro $1"; + + open (IN, "$parm_cwd/confs/0000") || + tests_exit(-1, "Couldn't open $parm_cwd/confs/0000: $!\n"); + open (OUT, ">test-config") || + tests_exit(-1, "Couldn't open test-config: $!\n"); + while () + { + do_substitute($testno); + print OUT; + } + close(IN); + close(OUT); + + system($eximinfo . " >/dev/null 2>&1"); + if ($? != 0) { + unlink("$parm_cwd/test-config"); + $wantthis = 0; + $_ = "feature $1"; + last; + } + unlink("$parm_cwd/test-config"); + } else { tests_exit(-1, "Unknown line in \"scripts/$testdir/REQUIRES\": \"$_\"");