summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2015-08-02 13:44:31 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2015-08-02 13:50:05 +0100
commit98716abe2b636d275e866f3ad6374cb70bf6e504 (patch)
tree439aea08675bb56e79e5adfde5e8d7ecfbf1d059
parent5b881b5a8e0d7bc540f4b63cc9559d2cb1775965 (diff)
Testsuite: Add testcase for OCSP-nonaware client, to supporting server. Bug 1664
The logfile here is for (I hope) the passing case, though the fixed GnuTLS library is not yet available. Also due to the bug, client-gnutls is not usable for the test; client-openssl must be used - meaning that a GnuTLS-only system cannot run the testcase: OCSP-GnuTLS/5650 OCSP stapling, server ** Command 15 ("client-ssl", starting at line 98) ** Return code 127 (expected 0)
-rw-r--r--src/src/tls-gnu.c2
-rw-r--r--test/log/56506
-rw-r--r--test/scripts/5650-OCSP-GnuTLS/565049
-rw-r--r--test/stdout/565036
4 files changed, 89 insertions, 4 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 61ed0e81c..e2ac17c88 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -842,7 +842,7 @@ if ( !host /* server */
gnutls_certificate_set_ocsp_status_request_function(state->x509_cred,
server_ocsp_stapling_cb, state->exp_tls_ocsp_file);
- DEBUG(D_tls) debug_printf("Set OCSP response file %s\n", &state->exp_tls_ocsp_file);
+ DEBUG(D_tls) debug_printf("OCSP response file = %s\n", state->exp_tls_ocsp_file);
}
#endif
diff --git a/test/log/5650 b/test/log/5650
index 6bb550248..b70aebb0e 100644
--- a/test/log/5650
+++ b/test/log/5650
@@ -1,11 +1,17 @@
+1999-03-02 09:44:33 1: Server sends good staple on request
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone)
+1999-03-02 09:44:33 2: Server does not staple an outdated response
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated.
1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated.
1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index 440053ecb..9ebafb3e2 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -2,7 +2,9 @@
#
#
#
-# 1: Server sends good staple on request
+exim -z '1: Server sends good staple on request'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
@@ -30,7 +32,9 @@ killdaemon
#
#
#
-# 2: Server does not staple an outdated response
+exim -z '2: Server does not staple an outdated response'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
****
@@ -54,7 +58,9 @@ killdaemon
#
#
#
-# 3: Server does not staple a response for a revoked cert
+exim -z '3: Server does not staple a response for a revoked cert'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
****
@@ -78,3 +84,40 @@ killdaemon
#
#
#
+exim -z '4: Connection functions when server is prepared to staple but client does not request it'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+****
+#
+# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
+# stapling
+#
+#client-gnutls \
+client-ssl \
+ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+ehlo rhu.barb.tls
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+quit
+****
+killdaemon
+#
+#
+#
+#
+#
diff --git a/test/stdout/5650 b/test/stdout/5650
index e0bbf4507..7b5628c6a 100644
--- a/test/stdout/5650
+++ b/test/stdout/5650
@@ -78,3 +78,39 @@ Key file = aux-fixed/cert2
Attempting to start TLS
Bad certificate
End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+Succeeded in starting TLS
+>>> ehlo rhu.barb.tls
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb.tls [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250
+<<< 250 HELP
+>>> quit
+End of script