From: Jeremy Harris Date: Thu, 1 Sep 2016 20:08:32 +0000 (+0100) Subject: Testsuite: fix GnuTLS OCSP testing X-Git-Tag: exim-4_88_RC1~18 X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/0a6583aeed9a8f69d8c93785c11ece2a36e9c3d8 Testsuite: fix GnuTLS OCSP testing --- diff --git a/test/confs/5650 b/test/confs/5650 index ee1ae3c50..ef73220fd 100644 --- a/test/confs/5650 +++ b/test/confs/5650 @@ -3,7 +3,7 @@ CRL= -.include DIR/aux-var/std_conf_prefix +.include DIR/aux-var/tls_conf_prefix primary_hostname = server1.example.com @@ -23,7 +23,7 @@ tls_advertise_hosts = * tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key tls_crl = CRL -tls_ocsp_file = OCSP +tls_ocsp_file = OPT #tls_verify_hosts = HOSTIPV4 #tls_try_verify_hosts = * diff --git a/test/confs/5651 b/test/confs/5651 index 32f8ab67b..5803c3ce9 100644 --- a/test/confs/5651 +++ b/test/confs/5651 @@ -3,7 +3,7 @@ SERVER = -.include DIR/aux-var/std_conf_prefix +.include DIR/aux-var/tls_conf_prefix primary_hostname = server1.example.com @@ -29,7 +29,7 @@ tls_privatekey = ${if eq {SERVER}{server}\ fail} # from cmdline define -tls_ocsp_file = OCSP +tls_ocsp_file = OPT # ------ ACL ------ diff --git a/test/confs/5730 b/test/confs/5730 index 65fde950d..625decec7 100644 --- a/test/confs/5730 +++ b/test/confs/5730 @@ -3,7 +3,7 @@ SERVER = -.include DIR/aux-var/std_conf_prefix +.include DIR/aux-var/tls_conf_prefix primary_hostname = server1.example.com @@ -30,7 +30,7 @@ tls_privatekey = ${if eq {SERVER}{server}\ fail} # from cmdline define -tls_ocsp_file = OCSP +tls_ocsp_file = OPT # ------ ACL ------ diff --git a/test/log/5650 b/test/log/5650 index b70aebb0e..dfe8f4363 100644 --- a/test/log/5650 +++ b/test/log/5650 @@ -1,17 +1,19 @@ 1999-03-02 09:44:33 1: Server sends good staple on request +1999-03-02 09:44:33 2: Server does not staple an outdated response +1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert +1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it + +******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone) -1999-03-02 09:44:33 2: Server does not staple an outdated response 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650 index 749d87048..f67111424 100644 --- a/test/scripts/5650-OCSP-GnuTLS/5650 +++ b/test/scripts/5650-OCSP-GnuTLS/5650 @@ -6,7 +6,7 @@ exim -z '1: Server sends good staple on request' **** # exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** client-gnutls \ -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ @@ -36,7 +36,7 @@ exim -z '2: Server does not staple an outdated response' **** # exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp **** # XXX test sequence might not be quite right; this is for a server refusal # and we're expecting a client refusal. @@ -62,7 +62,7 @@ exim -z '3: Server does not staple a response for a revoked cert' **** # exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp **** client-gnutls \ -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ @@ -88,7 +88,7 @@ exim -z '4: Connection functions when server is prepared to staple but client do **** # exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** # client-gnutls \ diff --git a/test/scripts/5650-OCSP-GnuTLS/5651 b/test/scripts/5650-OCSP-GnuTLS/5651 index 2015d43b9..e100baece 100644 --- a/test/scripts/5650-OCSP-GnuTLS/5651 +++ b/test/scripts/5650-OCSP-GnuTLS/5651 @@ -2,7 +2,7 @@ # # # Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +exim -bd -oX PORT_D -DSERVER=server -DOPT="" **** exim norequire@test.ex test message. @@ -15,7 +15,7 @@ killdaemon # # Client works when we don't request OCSP stapling exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** exim nostaple@test.ex test message. @@ -35,7 +35,7 @@ killdaemon # # # Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +exim -bd -oX PORT_D -DSERVER=server -DOPT="" **** exim CALLER@test.ex test message. @@ -48,7 +48,7 @@ no_msglog_check # # Client fails on revoked stapled info EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp **** exim CALLER@test.ex test message. @@ -61,7 +61,7 @@ killdaemon # # Client fails on expired stapled info EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp **** exim CALLER@test.ex test message. diff --git a/test/scripts/5730-OCSP-GnuTLS-events/5730 b/test/scripts/5730-OCSP-GnuTLS-events/5730 index 6085a361e..b86b03264 100644 --- a/test/scripts/5730-OCSP-GnuTLS-events/5730 +++ b/test/scripts/5730-OCSP-GnuTLS-events/5730 @@ -3,7 +3,7 @@ # # # Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +exim -bd -oX PORT_D -DSERVER=server -DOPT="" **** exim norequire@test.ex test message. @@ -16,7 +16,7 @@ killdaemon # # Client works when we request but don't require OCSP stapling and some arrives exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp **** exim norequire@test.ex test message. @@ -45,7 +45,7 @@ killdaemon # # # Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +exim -bd -oX PORT_D -DSERVER=server -DOPT="" **** exim failrequire@test.ex test message. @@ -58,7 +58,7 @@ no_msglog_check # # Client fails on revoked stapled info EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp **** exim failrevoked@test.ex test message. @@ -71,7 +71,7 @@ killdaemon # # Client fails on expired stapled info EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp + -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp **** exim failexpired@test.ex test message.