Testsuite: OpenSSL/LibreSSL version output variances

[users/jgh/exim.git] / test / runtest
diff --git a/test/runtest b/test/runtest

index 94ecd69440f71c5c99c3753b194259dbb65545ab..d30936db037a402ae8451c026a31f2f3a0a76fa8 100755 (executable)
--- a/test/runtest
+++ b/test/runtest
@@ -545,16 +545,23 @@ RESET_AFTER_EXTRA_LINE_READ:
    # negotiating TLS 1.2 instead of 1.0.
    # Mail headers (...), log-lines X=..., client-ssl output ...
    # (and \b doesn't match between ' ' and '(' )
+  #
+  # Retain the authentication algorith field as we want to test that.
  
    s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
-  s/\bAES128-GCM-SHA256:128\b/AES256-SHA:256/g;
-  s/\bAES128-GCM-SHA256\b/AES256-SHA/g;
-  s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
-  s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g;
+  s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
+  s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
  
    # LibreSSL
+  # TLSv1:AES256-GCM-SHA384:256
    # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
-  s/\bECDHE-RSA-CHACHA20-POLY1305\b/AES256-SHA/g;
+  #
+  # ECDHE-RSA-CHACHA20-POLY1305
+  # AES256-GCM-SHA384
+
+  s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
+  s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHA/g;
+  s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHA:xxx/g;
  
    # GnuTLS have seen:
    #   TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
@@ -572,8 +579,8 @@ RESET_AFTER_EXTRA_LINE_READ:
    #   DHE-RSA-AES256-SHA
    # picking latter as canonical simply because regex easier that way.
    s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g;
-  s/TLS1.[012]:((EC)?DHE_)?RSA_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g;
-  s/\b(ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-SHA256)\b/AES256-SHA/g;
+  s/TLS1.[012]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke_$3_AES_256_CBC_SHAnnn:256/g;
+  s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAxx/g;
  
    # GnuTLS library error message changes
    s/No certificate was found/The peer did not send any certificate/g;
@@ -1175,8 +1182,8 @@ RESET_AFTER_EXTRA_LINE_READ:
      s/(=>.* K C="250- \d)\d+ (byte chunk, total \d)\d+/$1nn $2nn/;
  
      # openssl version variances
-    s/(TLS error on connection .*: error:)[0-9A-F]{8}(:system library):func\(4095\):(No such file or
- directory)$/$1xxxxxxxx$2:fopen:$3/;
+    s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
+    s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1ssl3_get_server_certificate/;
      }
  
    # ======== All files other than stderr ========
@@ -3321,7 +3328,6 @@ system("sudo cp eximdir/exim eximdir/exim_exim;" .
         "sudo chgrp $parm_eximgroup eximdir/exim_exim;" .
         "sudo chmod 06755 eximdir/exim_exim");
  
-
  ##################################################
  #     Make copies of utilities we might need     #
  ##################################################
@@ -3364,6 +3370,15 @@ if (system("cp $parm_exim_dir/eximstats eximdir") != 0)
    tests_exit(-1, "Failed to make a copy of eximstats: $!");
    }
  
+# Collect some version information
+print '-' x 78, "\n";
+print "Perl version for runtest: $]\n";
+foreach (map { "./eximdir/$_" } qw(exigrep exinext eximstats)) {
+  # fold (or unfold?) multiline output into a one-liner
+  print join(', ', map { chomp; $_ } `$_ --version`), "\n";
+}
+print '-' x 78, "\n";
+
  
  ##################################################
  #    Check that the Exim user can access stuff   #