diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-17 08:16:11 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-17 08:16:11 -0400 |
commit | 6bf5d8f2ca7524fd63f803032cada89e54544cf3 (patch) | |
tree | f43a0bc11083072feb531b064bc4ccb30c823170 | |
parent | 1365611d62f130d0a096b322656b5b790628d2c7 (diff) |
Handle TLSv1.2 in test suite.
Normalise TLSv1.2 to TLSv1.
Normalise AES256-GCM-SHA384 to AES256-SHA.
Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs.
Have test suite print final test id during abort, make it easier to track down.
-rw-r--r-- | test/confs/2002 | 1 | ||||
-rw-r--r-- | test/confs/2019 | 1 | ||||
-rw-r--r-- | test/confs/2102 | 1 | ||||
-rw-r--r-- | test/confs/2119 | 1 | ||||
-rwxr-xr-x | test/runtest | 19 |
5 files changed, 23 insertions, 0 deletions
diff --git a/test/confs/2002 b/test/confs/2002 index 22dc68ee8..e8358da25 100644 --- a/test/confs/2002 +++ b/test/confs/2002 @@ -35,6 +35,7 @@ check_recipient: accept hosts = : deny hosts = HOSTIPV4 !encrypted = AES256-SHA : \ + AES256-GCM-SHA384 : \ IDEA-CBC-MD5 : \ DES-CBC3-SHA : \ DHE_RSA_AES_256_CBC_SHA1 : \ diff --git a/test/confs/2019 b/test/confs/2019 index 993c8e093..8e63c05ae 100644 --- a/test/confs/2019 +++ b/test/confs/2019 @@ -35,6 +35,7 @@ check_recipient: accept hosts = : deny hosts = HOSTIPV4 !encrypted = AES256-SHA:\ + AES256-GCM-SHA384:\ IDEA-CBC-MD5:\ DES-CBC3-SHA:\ DHE_RSA_AES_256_CBC_SHA1:\ diff --git a/test/confs/2102 b/test/confs/2102 index 3caab6f7c..83180721a 100644 --- a/test/confs/2102 +++ b/test/confs/2102 @@ -35,6 +35,7 @@ check_recipient: accept hosts = : deny hosts = HOSTIPV4 !encrypted = AES256-SHA : \ + AES256-GCM-SHA384 : \ IDEA-CBC-MD5 : \ DES-CBC3-SHA : \ DHE_RSA_AES_256_CBC_SHA1 : \ diff --git a/test/confs/2119 b/test/confs/2119 index b64ebf7c6..c5182a14e 100644 --- a/test/confs/2119 +++ b/test/confs/2119 @@ -35,6 +35,7 @@ check_recipient: accept hosts = : deny hosts = HOSTIPV4 !encrypted = AES256-SHA:\ + AES256-GCM-SHA384:\ IDEA-CBC-MD5:\ DES-CBC3-SHA:\ DHE_RSA_AES_256_CBC_SHA1:\ diff --git a/test/runtest b/test/runtest index 5f77e6256..51658b878 100755 --- a/test/runtest +++ b/test/runtest @@ -181,6 +181,8 @@ system("sudo /bin/rm -rf ./spool test-* ./dnszones/*") if ($rc == 0 && !$save_output); system("sudo /bin/rm -rf ./eximdir/*"); + +print "\nYou were in test $test at the end there.\n\n" if defined $test; exit $rc if ($rc >= 0); die "** runtest error: $_[1]\n"; } @@ -468,6 +470,23 @@ RESET_AFTER_EXTRA_LINE_READ: \d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Exim statistics from <time> to <time>/x; + # ======== TLS certificate algorithms ======== + # Test machines might have various different TLS library versions supporting + # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we + # treat the standard algorithms the same. + # So far, have seen: + # TLSv1:AES256-SHA:256 + # TLSv1.2:AES256-GCM-SHA384:256 + # We also need to handle the ciphersuite without the TLS part present, for + # client-ssl's output. We also see some older forced ciphersuites, but + # negotiating TLS 1.2 instead of 1.0. + # Mail headers (...), log-lines X=..., client-ssl output ... + # (and \b doesn't match between ' ' and '(' ) + + s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg; + s/\bAES256-GCM-SHA384\b/AES256-SHA/g; + + # ======== Caller's login, uid, gid, home, gecos ======== s/\Q$parm_caller_home\E/CALLER_HOME/g; # NOTE: these must be done |