From 75fe387d4b7dd458b79fc22d593095cd84ca8ea4 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 17:24:36 -0400 Subject: [PATCH] fix tls_cipher memory lifetime. Some tests had not been updated for the new cert because they were missing an X= log-line. Updated those tests now. --- src/src/tls-gnu.c | 34 ++++++++++++++++++++++++++-------- test/log/2007 | 2 +- test/log/2008 | 8 ++++---- test/log/2012 | 4 ++-- test/log/2013 | 4 ++-- test/log/2017 | 4 ++-- test/log/2019 | 2 +- test/log/2026 | 2 +- test/log/3451 | 4 ++-- test/log/3452 | 4 ++-- test/mail/2019.userx | 2 +- test/runtest | 15 +++++++++++++++ test/stderr/2008 | 8 ++++---- test/stderr/2013 | 4 ++-- 14 files changed, 65 insertions(+), 32 deletions(-) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 328466cc3..1953be1e4 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -79,6 +79,7 @@ typedef struct exim_gnutls_state { BOOL have_set_peerdn; const struct host_item *host; uschar *peerdn; + uschar *ciphersuite; uschar *received_sni; const uschar *tls_certificate; @@ -99,17 +100,14 @@ typedef struct exim_gnutls_state { int xfer_buffer_hwm; int xfer_eof; int xfer_error; - - uschar cipherbuf[256]; } exim_gnutls_state_st; static const exim_gnutls_state_st exim_gnutls_state_init = { NULL, NULL, NULL, VERIFY_NONE, -1, -1, FALSE, FALSE, FALSE, - NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0, - "" }; /* Not only do we have our own APIs which don't pass around state, assuming @@ -313,7 +311,7 @@ cipher = gnutls_cipher_get(state->session); /* returns size in "bytes" */ tls_bits = gnutls_cipher_get_key_size(cipher) * 8; -tls_cipher = state->cipherbuf; +tls_cipher = state->ciphersuite; DEBUG(D_tls) debug_printf("cipher: %s\n", tls_cipher); @@ -975,6 +973,20 @@ return OK; Only this is allowed to set state->peerdn and state->have_set_peerdn and we use that to detect double-calls. +NOTE: the state blocks last while the TLS connection is up, which is fine +for logging in the server side, but for the client side, we log after teardown +in src/deliver.c. While the session is up, we can twist about states and +repoint tls_* globals, but those variables used for logging or other variable +expansion that happens _after_ delivery need to have a longer life-time. + +So for those, we get the data from POOL_PERM; the re-invoke guard keeps us from +doing this more than once per generation of a state context. We set them in +the state context, and repoint tls_* to them. After the state goes away, the +tls_* copies of the pointers remain valid and client delivery logging is happy. + +tls_certificate_verified is a BOOL, so the tls_peerdn and tls_cipher issues +don't apply. + Arguments: state exim_gnutls_state_st * @@ -984,8 +996,9 @@ Returns: OK/DEFER/FAIL static int peer_status(exim_gnutls_state_st *state) { +uschar cipherbuf[256]; const gnutls_datum *cert_list; -int rc; +int old_pool, rc; unsigned int cert_list_size = 0; gnutls_protocol_t protocol; gnutls_cipher_algorithm_t cipher; @@ -1008,7 +1021,7 @@ protocol = gnutls_protocol_get_version(state->session); mac = gnutls_mac_get(state->session); kx = gnutls_kx_get(state->session); -string_format(state->cipherbuf, sizeof(state->cipherbuf), +string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%d", gnutls_protocol_get_name(protocol), gnutls_cipher_suite_get_name(kx, cipher, mac), @@ -1017,9 +1030,14 @@ string_format(state->cipherbuf, sizeof(state->cipherbuf), /* I don't see a way that spaces could occur, in the current GnuTLS code base, but it was a concern in the old code and perhaps older GnuTLS releases did return "TLS 1.0"; play it safe, just in case. */ -for (p = state->cipherbuf; *p != '\0'; ++p) +for (p = cipherbuf; *p != '\0'; ++p) if (isspace(*p)) *p = '-'; +old_pool = store_pool; +store_pool = POOL_PERM; +state->ciphersuite = string_copy(cipherbuf); +store_pool = old_pool; +tls_cipher = state->ciphersuite; /* tls_peerdn */ cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size); diff --git a/test/log/2007 b/test/log/2007 index 012677e0c..dbd395ed7 100644 --- a/test/log/2007 +++ b/test/log/2007 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2008 b/test/log/2008 index 98494f105..72aa471e5 100644 --- a/test/log/2008 +++ b/test/log/2008 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" -1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" -1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2012 b/test/log/2012 index bdcff3832..2d15992b0 100644 --- a/test/log/2012 +++ b/test/log/2012 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (certificate verification failed): invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 CV=yes DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf @@ -9,4 +9,4 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received.: Certificate is bad 1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.2:RSA_AES_256_CBC_SHA1:256 CV=yes DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.2:RSA_AES_256_CBC_SHA1:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2013 b/test/log/2013 index b41a3488a..95706bd4c 100644 --- a/test/log/2013 +++ b/test/log/2013 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2017 b/test/log/2017 index d4e9518f0..94eb483e2 100644 --- a/test/log/2017 +++ b/test/log/2017 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2019 b/test/log/2019 index 33b2ea2d5..630e36094 100644 --- a/test/log/2019 +++ b/test/log/2019 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTPS on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:256 S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex H=[ip4.ip4.ip4.ip4] P=smtp X=TLS1.0:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex H=[ip4.ip4.ip4.ip4] P=smtp X=TLS1.0:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx R=abc T=local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/2026 b/test/log/2026 index e26465089..59145cb0e 100644 --- a/test/log/2026 +++ b/test/log/2026 @@ -7,7 +7,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=r0 T=t2 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery R=r0 T=t2 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/3451 b/test/log/3451 index f575700a5..ee29c63f4 100644 --- a/test/log/3451 +++ b/test/log/3451 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/3452 b/test/log/3452 index f575700a5..ee29c63f4 100644 --- a/test/log/3452 +++ b/test/log/3452 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/mail/2019.userx b/test/mail/2019.userx index fa92f6055..6ac2073a3 100644 --- a/test/mail/2019.userx +++ b/test/mail/2019.userx @@ -16,7 +16,7 @@ Received: from [ip4.ip4.ip4.ip4] (envelope-from ) id 10HmaY-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -TLS: cipher=TLS1.0:RSA_AES_256_CBC_SHA1:256 peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel +TLS: cipher=TLS1.0:RSA_AES_256_CBC_SHA1:256 peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock This is a test encrypted message from a verified host. diff --git a/test/runtest b/test/runtest index 9bcace082..6418d8d3f 100755 --- a/test/runtest +++ b/test/runtest @@ -484,6 +484,7 @@ RESET_AFTER_EXTRA_LINE_READ: # So far, have seen: # TLSv1:AES256-SHA:256 # TLSv1.2:AES256-GCM-SHA384:256 + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 # We also need to handle the ciphersuite without the TLS part present, for # client-ssl's output. We also see some older forced ciphersuites, but # negotiating TLS 1.2 instead of 1.0. @@ -493,6 +494,20 @@ RESET_AFTER_EXTRA_LINE_READ: s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + # GnuTLS have seen: + # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical) + # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128 + # + # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256 + # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 + # and as stand-alone cipher: + # DHE-RSA-AES256-SHA256 + # DHE-RSA-AES256-SHA + # picking latter as canonical simply because regex easier that way. + s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g; + s/X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256/X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256/g; + s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g; + # ======== Caller's login, uid, gid, home, gecos ======== diff --git a/test/stderr/2008 b/test/stderr/2008 index b16aa4ef2..5d33ca7fa 100644 --- a/test/stderr/2008 +++ b/test/stderr/2008 @@ -28,7 +28,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmaZ-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" LOG: MAIN Completed delivering 10HmaY-0005vi-00 (queue run pid ppppp) @@ -61,9 +61,9 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" LOG: MAIN - -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 SMTP>> EHLO myhost.test.ex @@ -91,7 +91,7 @@ Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 250 OK id=10HmbB-0005vi-00 SMTP>> QUIT LOG: MAIN - => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" LOG: MAIN Completed LOG: queue_run MAIN diff --git a/test/stderr/2013 b/test/stderr/2013 index a95f1557e..6a4c1d6fa 100644 --- a/test/stderr/2013 +++ b/test/stderr/2013 @@ -35,7 +35,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected 250-STARTTLS 250 HELP LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" LOG: MAIN Completed Exim version x.yz .... @@ -59,7 +59,7 @@ admin user SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.2:RSA_AES_256_CBC_SHA1:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> -- 2.30.2