summaryrefslogtreecommitdiff
path: root/test/runtest
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-17 17:24:36 -0400
committerPhil Pennock <pdp@exim.org>2012-05-17 17:24:36 -0400
commit75fe387d4b7dd458b79fc22d593095cd84ca8ea4 (patch)
tree5277f61ddc0ad8abde4d7eeaada57111c85668a2 /test/runtest
parent4fe99a6c7949056e1bf27f146ad604061b6a3669 (diff)
fix tls_cipher memory lifetime.
Some tests had not been updated for the new cert because they were missing an X= log-line. Updated those tests now.
Diffstat (limited to 'test/runtest')
-rwxr-xr-xtest/runtest15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/runtest b/test/runtest
index 9bcace082..6418d8d3f 100755
--- a/test/runtest
+++ b/test/runtest
@@ -484,6 +484,7 @@ RESET_AFTER_EXTRA_LINE_READ:
# So far, have seen:
# TLSv1:AES256-SHA:256
# TLSv1.2:AES256-GCM-SHA384:256
+ # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
# We also need to handle the ciphersuite without the TLS part present, for
# client-ssl's output. We also see some older forced ciphersuites, but
# negotiating TLS 1.2 instead of 1.0.
@@ -493,6 +494,20 @@ RESET_AFTER_EXTRA_LINE_READ:
s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg;
s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
+ # GnuTLS have seen:
+ # TLS1.2:RSA_AES_256_CBC_SHA1:256 (canonical)
+ # TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
+ #
+ # X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256
+ # X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256
+ # and as stand-alone cipher:
+ # DHE-RSA-AES256-SHA256
+ # DHE-RSA-AES256-SHA
+ # picking latter as canonical simply because regex easier that way.
+ s/\bDHE_RSA_AES_128_CBC_SHA1:128/RSA_AES_256_CBC_SHA1:256/g;
+ s/X=TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256/X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256/g;
+ s/\bDHE-RSA-AES256-SHA256\b/DHE-RSA-AES256-SHA/g;
+
# ======== Caller's login, uid, gid, home, gecos ========