diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-10-26 00:41:36 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-10-26 15:53:41 +0100 |
commit | fd3cf789304c68aec6def76b24f61ea840c1a919 (patch) | |
tree | 7f6e582b61c27b2dcd523d2cd4008a63a9b135f3 | |
parent | 48224640cb97b694c3ea2f159c3e60d64598ba65 (diff) |
Testsuite: variances for OpenSSL 1.1.1
-rw-r--r-- | test/confs/2119 | 13 | ||||
-rw-r--r-- | test/confs/2132 | 13 | ||||
-rw-r--r-- | test/lib/Exim/Runtest.pm | 8 | ||||
-rw-r--r-- | test/log/2102.openssl_1_1_1 | 46 | ||||
-rwxr-xr-x | test/runtest | 1 | ||||
-rw-r--r-- | test/scripts/2100-OpenSSL/2114 | 10 | ||||
-rw-r--r-- | test/scripts/2100-OpenSSL/2124 | 6 | ||||
-rw-r--r-- | test/scripts/2100-OpenSSL/2132 | 12 | ||||
-rw-r--r-- | test/src/client.c | 14 | ||||
-rw-r--r-- | test/stderr/2132 | 8 | ||||
-rw-r--r-- | test/stdout/2114.openssl_1_1_1 | 324 | ||||
-rw-r--r-- | test/stdout/2124.openssl_1_1_1 | 55 | ||||
-rw-r--r-- | test/stdout/2132.openssl_1_1_1 | 167 |
13 files changed, 642 insertions, 35 deletions
diff --git a/test/confs/2119 b/test/confs/2119 index d55232d05..fbd83769c 100644 --- a/test/confs/2119 +++ b/test/confs/2119 @@ -29,18 +29,7 @@ begin acl check_recipient: accept hosts = : deny hosts = HOSTIPV4 - !encrypted = AES256-SHA:\ - AES256-GCM-SHA384:\ - AES128-GCM-SHA256:\ - IDEA-CBC-MD5:\ - DES-CBC3-SHA:\ - DHE-RSA-AES256-SHA:\ - DHE-RSA-AES256-GCM-SHA384:\ - DHE_RSA_AES_256_CBC_SHA1:\ - DHE_RSA_3DES_EDE_CBC_SHA:\ - ECDHE-RSA-AES256-GCM-SHA384:\ - ECDHE-RSA-AES128-GCM-SHA256:\ - ECDHE-RSA-CHACHA20-POLY1305 + !encrypted = * accept diff --git a/test/confs/2132 b/test/confs/2132 index 7e491b8a6..4d90a9cd7 100644 --- a/test/confs/2132 +++ b/test/confs/2132 @@ -29,18 +29,7 @@ begin acl check_recipient: accept hosts = : deny hosts = HOSTIPV4 - !encrypted = AES256-SHA : \ - AES256-GCM-SHA384 : \ - AES128-GCM-SHA256 : \ - IDEA-CBC-MD5 : \ - DES-CBC3-SHA : \ - DHE-RSA-AES256-SHA : \ - DHE-RSA-AES256-GCM-SHA384 : \ - DHE_RSA_AES_256_CBC_SHA1 : \ - DHE_RSA_3DES_EDE_CBC_SHA : \ - ECDHE-RSA-AES256-GCM-SHA384 : \ - ECDHE-RSA-AES128-GCM-SHA256 : \ - ECDHE-RSA-CHACHA20-POLY1305 + !encrypted = * warn logwrite = ${if def:tls_in_ourcert \ {Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \ {We did not present a cert}} diff --git a/test/lib/Exim/Runtest.pm b/test/lib/Exim/Runtest.pm index e41a29c8c..7ba079051 100644 --- a/test/lib/Exim/Runtest.pm +++ b/test/lib/Exim/Runtest.pm @@ -119,6 +119,10 @@ sub flavour { $etc = shift; } + if (open(my $f, '-|', 'openssl version')) { + <$f> =~ /1.1.1/ && return "openssl_1_1_1"; + } + if (open(my $f, '<', "$etc/os-release")) { local $_ = join '', <$f>; my ($id) = /^ID="?(.*?)"?\s*$/m; @@ -137,7 +141,7 @@ sub flavour { sub flavours { my %h = map { /\.(\S+)$/, 1 } - grep { !/\.orig$/ } glob('stdout/*.*'), glob('stderr/*.*'); + grep { !/\.orig$/ } glob('stdout/*.*'), glob('stderr/*.*'), glob('log/*.*'); return sort keys %h; } @@ -174,7 +178,7 @@ typical files in the F</etc> directory. =item B<flavours>() -Return a list of available flavours. It does so by scanning F<stdout/> and +Return a list of available flavours. It does so by scanning F<log/>, F<stdout/> and F<stderr/> for I<flavour> files (extensions after the numerical prefix. =back diff --git a/test/log/2102.openssl_1_1_1 b/test/log/2102.openssl_1_1_1 new file mode 100644 index 000000000..0e8e5f67c --- /dev/null +++ b/test/log/2102.openssl_1_1_1 @@ -0,0 +1,46 @@ +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com> +1999-03-02 09:44:33 Peer did not present a cert +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss +1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com> +1999-03-02 09:44:33 Peer did not present a cert +1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss +1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com> +1999-03-02 09:44:33 Peer cert: +1999-03-02 09:44:33 ver 2 +1999-03-02 09:44:33 SR <c9> +1999-03-02 09:44:33 SN <CN=server2.example.com> +1999-03-02 09:44:33 IN <CN=clica Signing Cert rsa,O=example.com> +1999-03-02 09:44:33 IN/O <example.com> +1999-03-02 09:44:33 NB/r <Nov 1 12:34:04 2012 GMT> +1999-03-02 09:44:33 NB <Nov 1 12:34:04 2012 +0000> +1999-03-02 09:44:33 NB/i <1351773244> +1999-03-02 09:44:33 NA/i <2143283644> +1999-03-02 09:44:33 NA <Dec 1 12:34:04 2037 +0000> +1999-03-02 09:44:33 SA <sha256WithRSAEncryption> +1999-03-02 09:44:33 SG < 80:00:39:4c:bb:2c:16:e6:be:ee:54:b7:f6:9f:89:fe:71:62:\n 79:2f:90:57:95:07:54:67:2f:e9:12:96:41:1b:c5:9b:dd:de:\n 68:2d:e5:d7:a7:35:c7:ea:b1:d9:95:12:40:49:0c:07:3d:0c:\n 74:df:57:d1:b6:04:5f:83:5c:15:fe:9a:7f:b7:35:7d:ec:f8:\n b7:4d:ac:76:ea:8c:44:8a:86:e0:42:38:78:ff:68:8a:09:83:\n 44:10:67:b4:fd:a4:5c:a4:ea:91:41:e7:8e:a7:79:37:f6:e2:\n f8:de:9d:0f:96:85:18:22:2c:5c:06:af:01:85:94:62:c1:69:\n 8d:2e\n> +1999-03-02 09:44:33 SAN <DNS=*.test.ex\nDNS=server2.example.com> +1999-03-02 09:44:33 OCU <http://oscp.example.com/> +1999-03-02 09:44:33 (no CRU) +1999-03-02 09:44:33 md5 fingerprint 313E07141F2FF0CBC0A76EB57CA49D58 +1999-03-02 09:44:33 sha1 fingerprint 778B892247D2ABD365BA1530A50141AF052E271E +1999-03-02 09:44:33 sha256 fingerprint 05F3012D41AE8A8173BE3AE71F7F9B3535391CACF77003B723F14B21064F6648 +1999-03-02 09:44:33 der_b64 MIICszCCAhygAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTIzNDA0WhcNMzcxMjAxMTIzNDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCf6MdoozlJCZPwdIHXdFHddXJfZ5xn2e6XoMmSjqOrOJYIIFKdgtlrMhtTVU1VLlK6V7H8142r78YQ4RKcj9QhTuQJxrrVtVuRt38Zy4RW0/+ujMcXoV8nV7Yt1c1z/tIJ4afSapAnAAm5wVdIbUhUeM/K5Wozm1gV5OCtNZPa4QIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADgYEAgAA5TLssFua+7lS39p+J/nFieS+QV5UHVGcv6RKWQRvFm93eaC3l16c1x+qx2ZUSQEkMBz0MdN9X0bYEX4NcFf6af7c1fez4t02sduqMRIqG4EI4eP9oigmDRBBntP2kXKTqkUHnjqd5N/bi+N6dD5aFGCIsXAavAYWUYsFpjS4= +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server2.example.com" S=sss +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com> +1999-03-02 09:44:33 Peer did not present a cert +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-ECDSA-AES256-SHA:xxx CV=no S=sss diff --git a/test/runtest b/test/runtest index 7c89f10b0..efb352b23 100755 --- a/test/runtest +++ b/test/runtest @@ -935,6 +935,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/SSL3_READ_BYTES/ssl3_read_bytes/i; s/CONNECT_CR_FINISHED/ssl3_read_bytes/i; s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; + s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/; # gnutls version variances next if /^Error in the pull function./; diff --git a/test/scripts/2100-OpenSSL/2114 b/test/scripts/2100-OpenSSL/2114 index cc78ab0fb..edf3b6c11 100644 --- a/test/scripts/2100-OpenSSL/2114 +++ b/test/scripts/2100-OpenSSL/2114 @@ -2,7 +2,7 @@ exim -DSERVER=server -bd -oX PORT_D **** ### No certificate, certificate required -client-ssl HOSTIPV4 PORT_D +client-ssl -t2 HOSTIPV4 PORT_D ??? 220 ehlo rhu.barb ??? 250- @@ -14,10 +14,12 @@ ehlo rhu.barb starttls ??? 220 noop +????554 Security failure +noop ??? 554 Security failure quit ????554 Security failure -??? 221 +????221 ???* **** ### No certificate, certificate optional at TLS time, required by ACL @@ -92,6 +94,8 @@ ehlo rhu.barb starttls ??? 220 noop +????554 Security failure +noop ??? 554 Security failure **** ### Bad certificate, certificate optional at TLS time, reject at ACL time @@ -133,6 +137,8 @@ ehlo rhu.barb starttls ??? 220 noop +????554 Security failure +noop ??? 554 Security failure **** ### Revoked certificate, certificate optional at TLS time, reject at ACL time diff --git a/test/scripts/2100-OpenSSL/2124 b/test/scripts/2100-OpenSSL/2124 index eb999d6bf..6649ed968 100644 --- a/test/scripts/2100-OpenSSL/2124 +++ b/test/scripts/2100-OpenSSL/2124 @@ -1,7 +1,7 @@ # TLS server: empty/non-existent certificate file exim -DSERVER=server -bd -oX PORT_D **** -client-ssl HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +client-ssl -t2 HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 ??? 220 ehlo rhu.barb ??? 250- @@ -12,6 +12,10 @@ ehlo rhu.barb ??? 250 starttls ??? 220 +noop +????554 Security failure +noop +??? 554 Security failure **** killdaemon exim -DSERVER=server -DCERT=/non/exist -bd -oX PORT_D diff --git a/test/scripts/2100-OpenSSL/2132 b/test/scripts/2100-OpenSSL/2132 index 4a12fb0bb..cdf4ed2fd 100644 --- a/test/scripts/2100-OpenSSL/2132 +++ b/test/scripts/2100-OpenSSL/2132 @@ -1,6 +1,8 @@ # TLS server: server ca cert from directory exim -DSERVER=server -bd -oX PORT_D **** +# +### Should accept message client-ssl 127.0.0.1 PORT_D ??? 220 ehlo rhu.barb @@ -24,6 +26,7 @@ This is a test encrypted message. quit ??? 221 **** +### Should accept message (with a difficult env-from) client-ssl 127.0.0.1 PORT_D ??? 220 ehlo rhu.barb @@ -47,7 +50,8 @@ This is a test encrypted message. quit ??? 221 **** -client-ssl HOSTIPV4 PORT_D +### client cert verify required; none given +client-ssl -t2 HOSTIPV4 PORT_D ??? 220 ehlo rhu.barb ??? 250- @@ -58,10 +62,12 @@ ehlo rhu.barb ??? 250 starttls ??? 220 -+++ 1 -help +noop +????554 +noop ??? 554 **** +### client cert verify required; good one supplied client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 ehlo rhu.barb diff --git a/test/src/client.c b/test/src/client.c index de36ef065..c143739d0 100644 --- a/test/src/client.c +++ b/test/src/client.c @@ -578,18 +578,24 @@ nextinput: case SSL_ERROR_ZERO_RETURN: break; case SSL_ERROR_SYSCALL: - printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); break; + printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); rc = -1; + break; case SSL_ERROR_SSL: - printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); break; + printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL)); SSL_shutdown(srv->ssl); SSL_free(srv->ssl); srv->tls_active = FALSE; + { /* OpenSSL leaves it in restartsys mode */ + struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0}; + sigalrm_seen = 1; + sigaction(SIGALRM, &act, NULL); + } + *inptr = 0; goto nextinput; default: printf("SSL error code %d\n", error); } - #endif #ifdef HAVE_GNUTLS rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1); @@ -601,6 +607,8 @@ nextinput: if (rc < 0) { + if (errno == EINTR && sigalrm_seen && resp_optional) + continue; /* next scriptline */ printf("Read error %s\n", strerror(errno)); exit(81); } diff --git a/test/stderr/2132 b/test/stderr/2132 index 59f338294..6babd94f1 100644 --- a/test/stderr/2132 +++ b/test/stderr/2132 @@ -1,3 +1,7 @@ +### Should accept message +### Should accept message (with a difficult env-from) +### client cert verify required; none given +### client cert verify required; good one supplied >>> host in hosts_connection_nolog? no (option unset) >>> host in host_lookup? no (option unset) >>> host in host_reject_connection? no (option unset) @@ -8,3 +12,7 @@ >>> host in helo_accept_junk_hosts? no (option unset) ******** SERVER ******** +### Should accept message +### Should accept message (with a difficult env-from) +### client cert verify required; none given +### client cert verify required; good one supplied diff --git a/test/stdout/2114.openssl_1_1_1 b/test/stdout/2114.openssl_1_1_1 new file mode 100644 index 000000000..744d0e2fa --- /dev/null +++ b/test/stdout/2114.openssl_1_1_1 @@ -0,0 +1,324 @@ +### No certificate, certificate required +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> noop +????554 Security failure +error:dddddddd:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required +TLS terminated +>>> noop +??? 554 Security failure +<<< 554 Security failure +>>> quit +????554 Security failure +????221 +???* +Expected EOF read +End of script +### No certificate, certificate optional at TLS time, required by ACL +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> helo rhu.barb +??? 250 +<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1] +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 550 +<<< 550 certificate not verified: peerdn= +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate required +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 250 +<<< 250 Accepted +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate optional at TLS time, checked by ACL +Connecting to 127.0.0.1 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 250 +<<< 250 Accepted +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Bad certificate, certificate required +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> noop +????554 Security failure +error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca +TLS terminated +>>> noop +??? 554 Security failure +<<< 554 Security failure +End of script +### Bad certificate, certificate optional at TLS time, reject at ACL time +Connecting to 127.0.0.1 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 550 +<<< 550 certificate not verified: peerdn=/CN=server1.example.net +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Otherwise good but revoked certificate, certificate required +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> noop +????554 Security failure +error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked +TLS terminated +>>> noop +??? 554 Security failure +<<< 554 Security failure +End of script +### Revoked certificate, certificate optional at TLS time, reject at ACL time +Connecting to 127.0.0.1 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 550 +<<< 550 certificate not verified: peerdn=/CN=revoked1.example.com +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate required - but nonmatching CRL also present +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<userx@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<userx@test.ex> +??? 250 +<<< 250 Accepted +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script + +******** SERVER ******** +### No certificate, certificate required +### No certificate, certificate optional at TLS time, required by ACL +### Good certificate, certificate required +### Good certificate, certificate optional at TLS time, checked by ACL +### Bad certificate, certificate required +### Bad certificate, certificate optional at TLS time, reject at ACL time +### Otherwise good but revoked certificate, certificate required +### Revoked certificate, certificate optional at TLS time, reject at ACL time +### Good certificate, certificate required - but nonmatching CRL also present diff --git a/test/stdout/2124.openssl_1_1_1 b/test/stdout/2124.openssl_1_1_1 new file mode 100644 index 000000000..e7777a1b2 --- /dev/null +++ b/test/stdout/2124.openssl_1_1_1 @@ -0,0 +1,55 @@ +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> noop +????554 Security failure +error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca +TLS terminated +>>> noop +??? 554 Security failure +<<< 554 Security failure +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 454 +<<< 454 TLS currently unavailable +Abandoning TLS start attempt +End of script diff --git a/test/stdout/2132.openssl_1_1_1 b/test/stdout/2132.openssl_1_1_1 new file mode 100644 index 000000000..179a9ef32 --- /dev/null +++ b/test/stdout/2132.openssl_1_1_1 @@ -0,0 +1,167 @@ +### Should accept message +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<CALLER@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<CALLER@test.ex> +??? 250 +<<< 250 Accepted +>>> DATA +??? 3 +<<< 354 Enter message, ending with "." on a line by itself +>>> This is a test encrypted message. +>>> . +??? 250 +<<< 250 OK id=10HmaX-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Should accept message (with a difficult env-from) +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<"name with spaces"@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<CALLER@test.ex> +??? 250 +<<< 250 Accepted +>>> DATA +??? 3 +<<< 354 Enter message, ending with "." on a line by itself +>>> This is a test encrypted message. +>>> . +??? 250 +<<< 250 OK id=10HmaY-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### client cert verify required; none given +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> noop +????554 +error:dddddddd:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required +TLS terminated +>>> noop +??? 554 +<<< 554 Security failure +End of script +### client cert verify required; good one supplied +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +Key file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from:<CALLER@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to:<CALLER@test.ex> +??? 250 +<<< 250 Accepted +>>> DATA +??? 3 +<<< 354 Enter message, ending with "." on a line by itself +>>> This is a test encrypted message from a verified host. +>>> . +??? 250 +<<< 250 OK id=10HmaZ-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script + +**** SMTP testing session as if from host 10.0.0.1 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+503 STARTTLS command used when not advertised
+221 myhost.test.ex closing connection
+ +******** SERVER ******** +### Should accept message +### Should accept message (with a difficult env-from) +### client cert verify required; none given +### client cert verify required; good one supplied |