Testsuite: GnuTLS version of DANE/events testcase

Followon from: c0635b6dfe
author: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-06 16:23:31 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-06 21:59:30 +0000
commit: bd5b3f3c47654ba803f2a71daa4b739a2af39467 (patch)
tree: e9feb45335b175686ce9fc9ba0bf7d67a8cf80d1 /test
parent: 12fa0e31a7141100d816dcd6d4eba165fdfa8df7 (diff)
5 files changed, 155 insertions, 1 deletions
diff --git a/test/confs/5880 b/test/confs/5880
new file mode 100644
index 000000000..4becdd423
--- /dev/null
+++ b/test/confs/5880
@@ -0,0 +1,78 @@
+# Exim test configuration 5880
+# DANE
+
+SERVER=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+
+log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
+
+queue_only
+queue_run_in_order
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail}
+tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail}
+
+
+begin acl
+
+logger:
+  accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
+	 logwrite = $event_name depth = $event_data \
+			<${certextract {subject} {$tls_out_peercert}}>
+#  message = noooo
+
+  accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
+	 logwrite = $event_name dane=$tls_out_dane
+  accept
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver = dnslookup
+  condition = ${if eq {SERVER}{}}
+  dnssec_request_domains = *
+  self = send
+  transport = send_to_server
+
+server:
+  driver = redirect
+  data = :blackhole:
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server:
+  driver = smtp
+  allow_localhost
+  port = PORT_D
+
+#  hosts_try_dane = *
+  hosts_require_dane = *
+
+  # required for TA-mode testing
+  tls_verify_certificates = CDIR2/ca_chain.pem
+.ifdef _HAVE_OCSP
+  hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
+				 {= {0}{$tls_out_tlsa_usage}} } \
+                        {*}{}}
+.endif
+
+  event_action =   ${acl {logger}}
+
+# End
diff --git a/test/log/5880 b/test/log/5880
new file mode 100644
index 000000000..9d4b56dd5
--- /dev/null
+++ b/test/log/5880
@@ -0,0 +1,42 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane512ee.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa>
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa>
+1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com>
+1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@mxdane256ta.test.ex R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 msg:delivery dane=yes
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@mxdane512ee.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@mxdane512ee.test.ex> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@mxdane256ta.test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@mxdane256ta.test.ex> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
diff --git a/test/scripts/5860-DANE-OpenSSL-events/5860 b/test/scripts/5860-DANE-OpenSSL-events/5860
index 730c40f49..baf48c895 100644
--- a/test/scripts/5860-DANE-OpenSSL-events/5860
+++ b/test/scripts/5860-DANE-OpenSSL-events/5860
@@ -1,4 +1,4 @@
-# DANE client: events
+# DANE client, OpenSSL: events
 #
 exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
 ****
diff --git a/test/scripts/5880-DANE-GnuTLS-events/5880 b/test/scripts/5880-DANE-GnuTLS-events/5880
new file mode 100644
index 000000000..9efd00c96
--- /dev/null
+++ b/test/scripts/5880-DANE-GnuTLS-events/5880
@@ -0,0 +1,30 @@
+# DANE client, GnuTLS: events
+#
+exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
+****
+# TLSA (3 1 1)
+exim CALLER@dane256ee.test.ex
+Testing
+****
+# TLSA (3 1 2)
+exim CALLER@mxdane512ee.test.ex
+Testing
+****
+exim -qf
+****
+killdaemon
+exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf
+****
+#
+#
+exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D
+****
+# TLSA (2 0 1)
+exim CALLER@mxdane256ta.test.ex
+Testing
+****
+exim -qf
+****
+killdaemon
+exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf
+****
diff --git a/test/scripts/5880-DANE-GnuTLS-events/REQUIRES b/test/scripts/5880-DANE-GnuTLS-events/REQUIRES
new file mode 100644
index 000000000..39c50e405
--- /dev/null
+++ b/test/scripts/5880-DANE-GnuTLS-events/REQUIRES
@@ -0,0 +1,4 @@
+support DANE
+support Event
+support GnuTLS
+running IPv4
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-06 16:23:31 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-06 21:59:30 +0000
commit	bd5b3f3c47654ba803f2a71daa4b739a2af39467 (patch)
tree	e9feb45335b175686ce9fc9ba0bf7d67a8cf80d1 /test
parent	12fa0e31a7141100d816dcd6d4eba165fdfa8df7 (diff)