X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/75fe387d4b7dd458b79fc22d593095cd84ca8ea4..7d99e6a1f26e03dea6988a18bf950c428ff4b5aa:/test/runtest diff --git a/test/runtest b/test/runtest index 6418d8d3f..3e961ca98 100755 --- a/test/runtest +++ b/test/runtest @@ -28,9 +28,10 @@ $testversion = "4.80 (08-May-12)"; # This gets embedded in the D-H params filename, and the value comes # from asking GnuTLS for "normal", but there appears to be no way to # use certtool/... to ask what that value currently is. *sigh* -# This value is correct as of GnuTLS 2.12.18. -# -$gnutls_dh_bits_normal = 2432; +# We also clamp it because of NSS interop, see addition of tls_dh_max_bits. +# This value is correct as of GnuTLS 2.12.18 as clamped by tls_dh_max_bits. +# normal = 2432 tls_dh_max_bits = 2236 +$gnutls_dh_bits_normal = 2236; $cf = "bin/cf -exact"; $cr = "\r"; @@ -499,13 +500,15 @@ RESET_AFTER_EXTRA_LINE_READ: # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.2:RSA_AES_256_CBC_SHA1:256 + # X=TLS1.1:RSA_AES_256_CBC_SHA1:256 # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 # and as stand-alone cipher: # DHE-RSA-AES256-SHA256 # DHE-RSA-AES256-SHA # picking latter as canonical simply because regex easier that way. s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; - s/X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256/X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256/g; + s/TLS1.[012]:(DHE_)?RSA_AES_256_CBC_SHA(1|256):256/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g; s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g; @@ -714,7 +717,6 @@ RESET_AFTER_EXTRA_LINE_READ: s/(TLS error on connection (?:from|to) .*? \(SSL_\w+\): error:)(.*)/$1 <>/; - # ======== Maildir things ======== # timestamp output in maildir processing s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g; @@ -847,6 +849,15 @@ RESET_AFTER_EXTRA_LINE_READ: # be the case next if /^changing group to \d+ failed: Operation not permitted/; + # We might not keep this check; rather than change all the tests, just + # ignore it as long as it succeeds; then we only need to change the + # TLS tests where tls_require_ciphers has been set. + if (m{^changed uid/gid: calling tls_validate_require_cipher}) { + my $discard = ; + next; + } + next if /^tls_validate_require_cipher child \d+ ended: status=0x0/; + # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: next if /^macros_trusted overridden to true by whitelisting/; @@ -2712,6 +2723,11 @@ if ($parm_hostname !~ /\./) print "\n*** Host name is not fully qualified: this may cause problems ***\n\n"; } +if ($parm_hostname =~ /[[:upper:]]/) + { + print "\n*** Host name has upper case characters: this may cause problems ***\n\n"; + } + # Find the user's shell $parm_shell = $ENV{'SHELL'};