X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/0c3807a8165cbc982f330831a429571f2ff7beec..4e9287801772d5aae181a9db0ef1dd1b514b2129:/test/runtest diff --git a/test/runtest b/test/runtest index a35796c2c..d6bc7b03d 100755 --- a/test/runtest +++ b/test/runtest @@ -538,6 +538,9 @@ RESET_AFTER_EXTRA_LINE_READ: # Test machines might have various different TLS library versions supporting # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we # treat the standard algorithms the same. + # + # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ??? + # # So far, have seen: # TLSv1:AES128-GCM-SHA256:128 # TLSv1:AES256-SHA:256 @@ -559,8 +562,12 @@ RESET_AFTER_EXTRA_LINE_READ: s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g; # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now, - # as it seems the protocol no longer supports a user choice. - s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g; + # as it seems the protocol no longer supports a user choice. Replace the "TLS" field with "RSA". + # Also insert a key-exchange field for back-compat, even though 1.3 doesn't do that. + # + # TLSversion : "TLS" - C_iph_er - MAC : ??? + # + s/:TLS_AES(_256)_GCM_SHA384:256/:ke-RSA-AES256-SHA:xxx/g; # LibreSSL # TLSv1:AES256-GCM-SHA384:256 @@ -596,6 +603,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/No certificate was found/The peer did not send any certificate/g; #(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; s/\(gnutls_priority_set\): No or insufficient priorities were set/\(gnutls_handshake\): Could not negotiate a supported cipher suite/g; + s/\(gnutls_handshake\): \KNo supported cipher suites have been found.$/Could not negotiate a supported cipher suite./; # (this new one is a generic channel-read error, but the testsuite # only hits it in one place) @@ -1101,6 +1109,9 @@ RESET_AFTER_EXTRA_LINE_READ: # Experimental_International next if / in smtputf8_advertise_hosts\? no \(option unset\)/; + # Experimental_REQUIRETLS + next if / in tls_advertise_requiretls?\? no \(end of list\)/; + # Environment cleaning next if /\w+ in keep_environment\? (yes|no)/; @@ -1144,8 +1155,8 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/; # Specific pointer values reported for DB operations change from run to run - s/^(returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; - s/^(EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + s/^(\s*returned from EXIM_DBOPEN: )(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; + s/^(\s*EXIM_DBCLOSE.)(0x)?[0-9a-f]+/${1}0xAAAAAAAA/; # Platform-dependent output during MySQL startup next if /PerconaFT file system space/; @@ -1217,16 +1228,22 @@ RESET_AFTER_EXTRA_LINE_READ: s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./; # DKIM timestamps - s/(DKIM: d=.*) t=([0-9]*) x=([0-9]*)(?{ return $3 - $2; }) /$1 t=T x=T+$^R /; + if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / ) + { + my ($prefix, $t_diff) = ($1, $3 - $2); + s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /; + } } # ======== mail ======== elsif ($is_mail) { - # DKIM timestamps - if ( /^\s+t=[0-9]*; x=[0-9]*; b=[A-Za-z0-9+\/]+$/ ) { - s/^(\s+)t=([0-9]*); x=([0-9]*);(?{ return $3 - $2; }) b=[A-Za-z0-9+\/]+$/$1t=T; x=T+$^R; b=bbbb;/; + # DKIM timestamps, and signatures depending thereon + if ( /^(\s+)t=([0-9]*); x=([0-9]*); b=[A-Za-z0-9+\/]+$/ ) + { + my ($indent, $t_diff) = ($1, $3 - $2); + s/.*/${indent}t=T; x=T+${t_diff}; b=bbbb;/; ; ; } @@ -1559,6 +1576,11 @@ $munges = 'gnutls_handshake' => { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/' }, + 'gnutls_bad_clientcert' => + { 'mainlog' => 's/\(certificate verification failed\): certificate invalid/\(gnutls_handshake\): The peer did not send any certificate./', + 'stdout' => 's/Succeeded in starting TLS/A TLS fatal alert has been received.\nFailed to start TLS' + }, + 'optional_events' => { 'stdout' => '/event_action =/' }, @@ -1578,7 +1600,15 @@ $munges = { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' }, 'tls_anycipher' => - { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' }, + { 'mainlog' => 's! X=TLS\S+ ! X=TLS_proto_and_cipher !; + s! DN="C=! DN="/C=!; + s! DN="[^,"]*\K,!/!; + s! DN="[^,"]*\K,!/!; + s! DN="[^,"]*\K,!/!; + ', + 'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /', + 'mail' => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/', + }, 'debug_pid' => { 'stderr' => 's/(^\s{0,4}|(?<=Process )|(?<=child ))\d{1,5}/ppppp/g' }, @@ -1596,6 +1626,7 @@ $munges = |hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls |socks_proxy |tls_[^ ]* + |utf8_downconvert )($|[ ]=)/x' },