# negotiating TLS 1.2 instead of 1.0.
# Mail headers (...), log-lines X=..., client-ssl output ...
# (and \b doesn't match between ' ' and '(' )
+ #
+ # Retain the authentication algorith field as we want to test that.
s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
- s/\bAES128-GCM-SHA256:128\b/AES256-SHA:256/g;
- s/\bAES128-GCM-SHA256\b/AES256-SHA/g;
- s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
- s/\bDHE-RSA-AES256-SHA\b/AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
# LibreSSL
+ # TLSv1:AES256-GCM-SHA384:256
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
- s/\bECDHE-RSA-CHACHA20-POLY1305\b/AES256-SHA/g;
+ #
+ # ECDHE-RSA-CHACHA20-POLY1305
+ # AES256-GCM-SHA384
+
+ s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
+ s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHA:xxx/g;
# GnuTLS have seen:
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
# DHE-RSA-AES256-SHA
# picking latter as canonical simply because regex easier that way.
s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g;
- s/TLS1.[012]:((EC)?DHE_)?RSA_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256/g;
- s/\b(ECDHE-RSA-AES256-SHA|DHE-RSA-AES256-SHA256)\b/AES256-SHA/g;
+ s/TLS1.[012]:((EC)?DHE_)?(RSA|ECDSA)_AES_(256|128)_(CBC|GCM)_SHA(1|256|384):(256|128)/TLS1.x:ke_$3_AES_256_CBC_SHAnnn:256/g;
+ s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAxx/g;
# GnuTLS library error message changes
s/No certificate was found/The peer did not send any certificate/g;
next if /^SSL info:/;
next if /SSL verify error: depth=0 error=certificate not trusted/;
s/SSL3_READ_BYTES/ssl3_read_bytes/i;
- s/^\d+:error:\d+(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
+ s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
+ s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
# gnutls version variances
next if /^Error in the pull function./;
s/^Exim version .*/Exim version x.yz ..../;
- # Debugging lines for Exim terminations
+ # Debugging lines for Exim terminations and process-generation
s/(?<=^>>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/;
+ s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/;
# IP address lookups use gethostbyname() when IPv6 is not supported,
# and gethostbyname2() or getipnodebyname() when it is.
s/\b(gethostbyname2?|\bgetipnodebyname)(\(af=inet\))?/get[host|ipnode]byname[2]/;
+ # we don't care what TZ enviroment the testhost was running
+ next if /^Reset TZ to/;
+
# drop gnutls version strings
next if /GnuTLS compile-time version: \d+[\.\d]+$/;
next if /GnuTLS runtime version: \d+[\.\d]+$/;
if (s/(with \$received_protocol)\}\} \$\{if def:tls_cipher \{\(\$tls_cipher\)\n$/$1/)
{
$_ .= <IN>;
- s/\s+\}\}(?=\(Exim )/\}\} /;
+ s/[\sā]+\}\}(?=\(Exim )/\}\} /;
}
- if (/^ condition: def:tls_cipher$/)
+ if (/^ āāācondition: def:tls_cipher$/)
{
<IN>; <IN>; <IN>; <IN>; <IN>; <IN>;
<IN>; <IN>; <IN>; <IN>; <IN>; next;
next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/;
# Specific pointer values reported for DB operations change from run to run
- s/^(returned from EXIM_DBOPEN: 0x)[0-9a-f]+/$1AAAAAAAA/;
- s/^(EXIM_DBCLOSE.0x)[0-9a-f]+/$1AAAAAAAA/;
+ s/^(returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
+ s/^(EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/;
# When Exim is checking the size of directories for maildir, it uses
# the check_dir_size() function to scan directories. Of course, the order
# CHUNKING: exact sizes depend on hostnames in headers
s/(=>.* K C="250- \d)\d+ (byte chunk, total \d)\d+/$1nn $2nn/;
+
+ # openssl version variances
+ s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
+ s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1ssl3_get_server_certificate/;
}
# ======== All files other than stderr ========
dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity)
|gnutls_require_(kx|mac|protocols)
|hosts_(requ(est|ire)|try)_(dane|ocsp)
- |hosts_(avoid|nopass|require|verify_avoid)_tls
+ |hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls
|socks_proxy
|tls_[^ ]*
- )($|[ ]=)/x' },
+ )($|[ ]=)/x'
+ },
'sys_bindir' =>
{ 'mainlog' => 's%/(usr/(local/)?)?bin/%SYSBINDIR/%' },
'timeout_errno' => # actual errno differs Solaris vs. Linux
{ 'mainlog' => 's/(host deferral .* errno) <\d+> /$1 <EEE> /' },
+
+ 'peer_terminated_conn' => # actual error differs FreedBSD vs. Linux
+ { 'stderr' => 's/^( SMTP\()Connection reset by peer(\)<<)$/$1closed$2/' },
+
+ 'perl_variants' => # result of hash-in-scalar-context changed from bucket-fill to keycount
+ { 'stdout' => 's%^> X/X$%> X%' },
};
"sudo chgrp $parm_eximgroup eximdir/exim_exim;" .
"sudo chmod 06755 eximdir/exim_exim");
-
##################################################
# Make copies of utilities we might need #
##################################################
tests_exit(-1, "Failed to make a copy of eximstats: $!");
}
+# Collect some version information
+print '-' x 78, "\n";
+print "Perl version for runtest: $]\n";
+foreach (map { "./eximdir/$_" } qw(exigrep exinext eximstats)) {
+ # fold (or unfold?) multiline output into a one-liner
+ print join(', ', map { chomp; $_ } `$_ --version`), "\n";
+}
+print '-' x 78, "\n";
+
##################################################
# Check that the Exim user can access stuff #
}
if ($force_continue)
{
- print "\nstderr tail:\n";
+ print "\nstdout tail:\n";
+ print "==================>\n";
+ system("tail -20 test-stdout");
print "===================\n";
+ print "stderr tail:\n";
+ print "==================>\n";
system("tail -20 test-stderr");
print "===================\n";
print "... continue forced\n";