Testsuite: GnuTLS version of DANE/events testcase
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 6 Mar 2018 16:23:31 +0000 (16:23 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 6 Mar 2018 21:59:30 +0000 (21:59 +0000)
Followon from: c0635b6dfe

src/src/tls-gnu.c
test/confs/5880 [new file with mode: 0644]
test/log/5880 [new file with mode: 0644]
test/scripts/5860-DANE-OpenSSL-events/5860
test/scripts/5880-DANE-GnuTLS-events/5880 [new file with mode: 0644]
test/scripts/5880-DANE-GnuTLS-events/REQUIRES [new file with mode: 0644]

index e0ac6a546dc858561a73a51f82612a95b6adce23..6de0f023ad771521f2b6419882b50360da172059 100644 (file)
@@ -1621,7 +1621,7 @@ else
     (needed for TA but not EE). */
 
     if (usage == ((1<<DANESSL_USAGE_DANE_TA) | (1<<DANESSL_USAGE_DANE_EE)))
-    {                                          /* a mixed-usage bundle */
+      {                                                /* a mixed-usage bundle */
       int i, j, nrec;
       const char ** dd;
       int * ddl;
@@ -1920,12 +1920,10 @@ int rc;
 uschar * yield;
 exim_gnutls_state_st * state = gnutls_session_get_ptr(session);
 
-cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
-if (cert_list)
+if ((cert_list = gnutls_certificate_get_peers(session, &cert_list_size)))
   while (cert_list_size--)
   {
-  rc = import_cert(&cert_list[cert_list_size], &crt);
-  if (rc != GNUTLS_E_SUCCESS)
+  if ((rc = import_cert(&cert_list[cert_list_size], &crt)) != GNUTLS_E_SUCCESS)
     {
     DEBUG(D_tls) debug_printf("TLS: peer cert problem: depth %d: %s\n",
       cert_list_size, gnutls_strerror(rc));
diff --git a/test/confs/5880 b/test/confs/5880
new file mode 100644 (file)
index 0000000..4becdd4
--- /dev/null
@@ -0,0 +1,78 @@
+# Exim test configuration 5880
+# DANE
+
+SERVER=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+
+log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
+
+queue_only
+queue_run_in_order
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail}
+tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail}
+
+
+begin acl
+
+logger:
+  accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
+        logwrite = $event_name depth = $event_data \
+                       <${certextract {subject} {$tls_out_peercert}}>
+#  message = noooo
+
+  accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
+        logwrite = $event_name dane=$tls_out_dane
+  accept
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver = dnslookup
+  condition = ${if eq {SERVER}{}}
+  dnssec_request_domains = *
+  self = send
+  transport = send_to_server
+
+server:
+  driver = redirect
+  data = :blackhole:
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server:
+  driver = smtp
+  allow_localhost
+  port = PORT_D
+
+#  hosts_try_dane = *
+  hosts_require_dane = *
+
+  # required for TA-mode testing
+  tls_verify_certificates = CDIR2/ca_chain.pem
+.ifdef _HAVE_OCSP
+  hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
+                                {= {0}{$tls_out_tlsa_usage}} } \
+                        {*}{}}
+.endif
+
+  event_action =   ${acl {logger}}
+
+# End
diff --git a/test/log/5880 b/test/log/5880
new file mode 100644 (file)
index 0000000..9d4b56d
--- /dev/null
@@ -0,0 +1,42 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane512ee.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@mxdane256ta.test.ex R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@mxdane512ee.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@mxdane512ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@mxdane256ta.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@mxdane256ta.test.ex> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
index 730c40f498dca1947192d324570508d3e232f6e4..baf48c8953d862802acd6197bffd1bb41af4b15c 100644 (file)
@@ -1,4 +1,4 @@
-# DANE client: events
+# DANE client, OpenSSL: events
 #
 exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
 ****
diff --git a/test/scripts/5880-DANE-GnuTLS-events/5880 b/test/scripts/5880-DANE-GnuTLS-events/5880
new file mode 100644 (file)
index 0000000..9efd00c
--- /dev/null
@@ -0,0 +1,30 @@
+# DANE client, GnuTLS: events
+#
+exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
+****
+# TLSA (3 1 1)
+exim CALLER@dane256ee.test.ex
+Testing
+****
+# TLSA (3 1 2)
+exim CALLER@mxdane512ee.test.ex
+Testing
+****
+exim -qf
+****
+killdaemon
+exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf
+****
+#
+#
+exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D
+****
+# TLSA (2 0 1)
+exim CALLER@mxdane256ta.test.ex
+Testing
+****
+exim -qf
+****
+killdaemon
+exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf
+****
diff --git a/test/scripts/5880-DANE-GnuTLS-events/REQUIRES b/test/scripts/5880-DANE-GnuTLS-events/REQUIRES
new file mode 100644 (file)
index 0000000..39c50e4
--- /dev/null
@@ -0,0 +1,4 @@
+support DANE
+support Event
+support GnuTLS
+running IPv4