TLS: Fix handling for server cert/key file SNI re-expansion forced-fail

author: Jeremy Harris <jgh146exb@wizmail.org> 2022-12-11 15:14:54 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2022-12-11 16:54:54 +0000
commit: 520ef00f56cea3d35688bf4e13599a6e37ba275f (patch)
tree: d82a14604c5b1216213dcffcfe40ad43a715404b /test/scripts
parent: 4f7a93c27e3d43b44c42d3fc503f03b9b42ca622 (diff)
2 files changed, 86 insertions, 15 deletions
diff --git a/test/scripts/2000-GnuTLS/2031 b/test/scripts/2000-GnuTLS/2031
index d302738fd..fdf17f705 100644
--- a/test/scripts/2000-GnuTLS/2031
+++ b/test/scripts/2000-GnuTLS/2031
@@ -1,19 +1,56 @@
 # TLS server: SNI used to select certificate
+#
+# The interesting output is the DN of server logged by the client
 gnutls
 exim -DSERVER=server -bd -oX PORT_D
 ****
-# Extended: certificate choice is unchanged by received SNI
-exim CALLER@test.ex
+# certificate choice is unchanged by a received SNI
+exim -odf normal@test.ex
 Test message.
 ****
-sleep 1
 #
 #
-# Extended: server uses SNI to choose certificate
-exim abcd@test.ex
-Test message.
+# server uses SNI to choose certificate
+exim -odf alternate@test.ex
+****
+#
+# server picks a key file with bad content
+exim -odf badkey@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+# server picks a non-existing filenam for key
+exim -odf noneistkeyfile@test.ex
 ****
-sleep 1
+sudo rm DIR/spool/db/retry
+#
+#
+# server gets an expansion-fail for the keyfile
+exim -odf expansionfailkey@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+#
+#
+#
+# server picks a cert file with bad content
+exim -odf badcert@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+# server picks a non-existing filenam for cert
+exim -odf nonexistcertfile@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+#
+# server picks a non-existing filenam for cert
+exim -odf expansionfailedcert@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+#
 #
 #
 killdaemon
+no_msglog_check
diff --git a/test/scripts/2100-OpenSSL/2131 b/test/scripts/2100-OpenSSL/2131
index c1029bb8f..9a0885308 100644
--- a/test/scripts/2100-OpenSSL/2131
+++ b/test/scripts/2100-OpenSSL/2131
@@ -1,20 +1,54 @@
 # TLS server: SNI used to select certificate
 #
+# The interesting output is the DN of server logged by the client
 exim -DSERVER=server -bd -oX PORT_D
 ****
-# Extended: certificate choice is unchanged by received SNI
-exim CALLER@test.ex
+# certificate choice is unchanged by a received SNI
+exim -odf normal@test.ex
 Test message.
 ****
-sleep 2
 #
 #
-# Extended: server uses SNI to change certificate
-exim abcd@test.ex
-Test message.
+# server uses SNI to choose certificate
+exim -odf alternate@test.ex
+****
+#
+# server picks a key file with bad content
+exim -odf badkey@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+# server picks a non-existing filenam for key
+exim -odf noneistkeyfile@test.ex
 ****
-millisleep 500
+sudo rm DIR/spool/db/retry
+#
+#
+# server gets an expansion-fail for the keyfile
+exim -odf expansionfailkey@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+#
+#
+#
+# server picks a cert file with bad content
+exim -odf badcert@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+# server picks a non-existing filenam for cert
+exim -odf nonexistcertfile@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+# server gets an expansion-fail for the certfile
+exim -odf expansionfailedcert@test.ex
+****
+sudo rm DIR/spool/db/retry
+#
+#
 #
 #
 killdaemon
-sleep 2
+no_msglog_check
author	Jeremy Harris <jgh146exb@wizmail.org>	2022-12-11 15:14:54 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2022-12-11 16:54:54 +0000
commit	520ef00f56cea3d35688bf4e13599a6e37ba275f (patch)
tree	d82a14604c5b1216213dcffcfe40ad43a715404b /test/scripts
parent	4f7a93c27e3d43b44c42d3fc503f03b9b42ca622 (diff)