summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-17 08:16:11 -0400
committerPhil Pennock <pdp@exim.org>2012-05-17 08:16:11 -0400
commit6bf5d8f2ca7524fd63f803032cada89e54544cf3 (patch)
treef43a0bc11083072feb531b064bc4ccb30c823170
parent1365611d62f130d0a096b322656b5b790628d2c7 (diff)
Handle TLSv1.2 in test suite.
Normalise TLSv1.2 to TLSv1. Normalise AES256-GCM-SHA384 to AES256-SHA. Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs. Have test suite print final test id during abort, make it easier to track down.
-rw-r--r--test/confs/20021
-rw-r--r--test/confs/20191
-rw-r--r--test/confs/21021
-rw-r--r--test/confs/21191
-rwxr-xr-xtest/runtest19
5 files changed, 23 insertions, 0 deletions
diff --git a/test/confs/2002 b/test/confs/2002
index 22dc68ee8..e8358da25 100644
--- a/test/confs/2002
+++ b/test/confs/2002
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA : \
+ AES256-GCM-SHA384 : \
IDEA-CBC-MD5 : \
DES-CBC3-SHA : \
DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2019 b/test/confs/2019
index 993c8e093..8e63c05ae 100644
--- a/test/confs/2019
+++ b/test/confs/2019
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA:\
+ AES256-GCM-SHA384:\
IDEA-CBC-MD5:\
DES-CBC3-SHA:\
DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/confs/2102 b/test/confs/2102
index 3caab6f7c..83180721a 100644
--- a/test/confs/2102
+++ b/test/confs/2102
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA : \
+ AES256-GCM-SHA384 : \
IDEA-CBC-MD5 : \
DES-CBC3-SHA : \
DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2119 b/test/confs/2119
index b64ebf7c6..c5182a14e 100644
--- a/test/confs/2119
+++ b/test/confs/2119
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA:\
+ AES256-GCM-SHA384:\
IDEA-CBC-MD5:\
DES-CBC3-SHA:\
DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/runtest b/test/runtest
index 5f77e6256..51658b878 100755
--- a/test/runtest
+++ b/test/runtest
@@ -181,6 +181,8 @@ system("sudo /bin/rm -rf ./spool test-* ./dnszones/*")
if ($rc == 0 && !$save_output);
system("sudo /bin/rm -rf ./eximdir/*");
+
+print "\nYou were in test $test at the end there.\n\n" if defined $test;
exit $rc if ($rc >= 0);
die "** runtest error: $_[1]\n";
}
@@ -468,6 +470,23 @@ RESET_AFTER_EXTRA_LINE_READ:
\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Exim statistics from <time> to <time>/x;
+ # ======== TLS certificate algorithms ========
+ # Test machines might have various different TLS library versions supporting
+ # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
+ # treat the standard algorithms the same.
+ # So far, have seen:
+ # TLSv1:AES256-SHA:256
+ # TLSv1.2:AES256-GCM-SHA384:256
+ # We also need to handle the ciphersuite without the TLS part present, for
+ # client-ssl's output. We also see some older forced ciphersuites, but
+ # negotiating TLS 1.2 instead of 1.0.
+ # Mail headers (...), log-lines X=..., client-ssl output ...
+ # (and \b doesn't match between ' ' and '(' )
+
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg;
+ s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
+
+
# ======== Caller's login, uid, gid, home, gecos ========
s/\Q$parm_caller_home\E/CALLER_HOME/g; # NOTE: these must be done