From e5de15b6291e882cf936f384b87a0d5d368d1caa Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 11 Nov 2017 18:39:09 +0000 Subject: Testsuite: another go at munging cipher-suite strings --- test/runtest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 5640a5f58..58a31ea06 100755 --- a/test/runtest +++ b/test/runtest @@ -554,7 +554,7 @@ RESET_AFTER_EXTRA_LINE_READ: # LibreSSL # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256 - s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305\b/ke-$3-AES256-SHA:xxx/g; + s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305:256/ke-$3-AES256-SHA:xxx/g; # GnuTLS have seen: # TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 -- cgit v1.2.3 From 205aba45c7693e77489a1fd5d4a73d1d3f2a5cf0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 11 Nov 2017 21:19:50 +0000 Subject: Testsuite: another go at munging cipher-suite strings --- test/runtest | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 58a31ea06..023289265 100755 --- a/test/runtest +++ b/test/runtest @@ -553,8 +553,15 @@ RESET_AFTER_EXTRA_LINE_READ: s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g; # LibreSSL + # TLSv1:AES256-GCM-SHA384:256 # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256 - s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305:256/ke-$3-AES256-SHA:xxx/g; + # + # ECDHE-RSA-CHACHA20-POLY1305 + # AES256-GCM-SHA384 + + s/(? Date: Wed, 15 Nov 2017 20:38:19 +0000 Subject: Testsuite: OpenSSL/LibreSSL version output variances --- test/runtest | 1 + 1 file changed, 1 insertion(+) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 023289265..8faed952a 100755 --- a/test/runtest +++ b/test/runtest @@ -1183,6 +1183,7 @@ RESET_AFTER_EXTRA_LINE_READ: # openssl version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; + s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=certificate verify failed$)/$1ssl3_get_server_certificate/; } # ======== All files other than stderr ======== -- cgit v1.2.3 From a9a4ec099f74b6d56b1669af253cb0d28ddea28f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 15 Nov 2017 22:09:10 +0000 Subject: Testsuite: OpenSSL/LibreSSL version output variances --- test/runtest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 8faed952a..d30936db0 100755 --- a/test/runtest +++ b/test/runtest @@ -1183,7 +1183,7 @@ RESET_AFTER_EXTRA_LINE_READ: # openssl version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; - s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=certificate verify failed$)/$1ssl3_get_server_certificate/; + s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1ssl3_get_server_certificate/; } # ======== All files other than stderr ======== -- cgit v1.2.3 From ea5aef3deb917659e57ddbba024539793f194ac5 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 15 Nov 2017 23:24:23 +0000 Subject: Testsuite: OpenSSL/LibreSSL version output variances --- test/log/5840 | 8 ++++---- test/log/5860 | 2 +- test/runtest | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'test/runtest') diff --git a/test/log/5840 b/test/log/5840 index 98f18bd86..6da82e43f 100644 --- a/test/log/5840 +++ b/test/log/5840 @@ -8,12 +8,12 @@ 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed +1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:xxxxxxxx:SSL routines:ssl3_get_server_certificate:certificate verify failed 1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@mxdane256ta.test.ex R=client T=send_to_server defer (-37) H=dane256ta.test.ex [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@thishost.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed +1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:xxxxxxxx:SSL routines:ssl3_get_server_certificate:certificate verify failed 1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@mxdane256ta.test.ex R=client T=send_to_server defer (-37) H=dane256ta.test.ex [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbC-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmbC-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="thishost.test.ex" @@ -22,7 +22,7 @@ 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@thishost.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed +1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:xxxxxxxx:SSL routines:ssl3_get_server_certificate:certificate verify failed 1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@mxdane256ta.test.ex R=client T=send_to_server defer (-37) H=dane256ta.test.ex [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbE-0005vi-00 => CALLER@thishost.test.ex R=client T=send_to_server H=thishost.test.ex [127.0.0.1] X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00" 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed @@ -34,7 +34,7 @@ 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane.no.3.test.ex 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane.no.4.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed +1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:xxxxxxxx:SSL routines:ssl3_get_server_certificate:certificate verify failed 1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@mxdane256ta.test.ex R=client T=send_to_server defer (-37) H=dane256ta.test.ex [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbG-0005vi-00 H=danelazy.test.ex [ip4.ip4.ip4.ip4]: DANE error: tlsa lookup DEFER 1999-03-02 09:44:33 10HmbG-0005vi-00 H=danelazy2.test.ex [127.0.0.1]: DANE error: tlsa lookup DEFER diff --git a/test/log/5860 b/test/log/5860 index 79fbe0406..343759259 100644 --- a/test/log/5860 +++ b/test/log/5860 @@ -13,7 +13,7 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 -1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed +1999-03-02 09:44:33 10HmbB-0005vi-00 DANE attempt failed; TLS connection to dane256ta.test.ex [ip4.ip4.ip4.ip4]: (SSL_connect): error:xxxxxxxx:SSL routines:ssl3_get_server_certificate:certificate verify failed 1999-03-02 09:44:33 10HmbB-0005vi-00 msg:host:defer dane=no 1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@mxdane256ta.test.ex R=client T=send_to_server defer (-37) H=dane256ta.test.ex [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbB-0005vi-00 ** CALLER@mxdane256ta.test.ex: retry timeout exceeded diff --git a/test/runtest b/test/runtest index d30936db0..2a13b4832 100755 --- a/test/runtest +++ b/test/runtest @@ -1183,7 +1183,7 @@ RESET_AFTER_EXTRA_LINE_READ: # openssl version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; - s/(DANE attempt failed.*error:[0-9A-F]{8}:SSL routines:)(tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1ssl3_get_server_certificate/; + s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; } # ======== All files other than stderr ======== -- cgit v1.2.3 From 01c594601670c7e48e676d6c6d32d0f0084067fa Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 18 Nov 2017 15:22:48 +0000 Subject: Testsuite: more pre-run configuration checks --- test/runtest | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 2a13b4832..a1259f769 100755 --- a/test/runtest +++ b/test/runtest @@ -2762,6 +2762,9 @@ die "CONFIGURE_GROUP ($parm_configure_group) does not match the group invoking $ if 0020 & (stat "$parm_cwd/test-config")[2] and $parm_configure_group != $); +die "aux-fixed file is world-writeable; best to strip them all, recursively\n" + if 0020 & (stat "aux-fixed/0037.f-1")[2]; + open(EXIMINFO, "$parm_exim -d-all+transport -bV -C $parm_cwd/test-config -DDIR=$parm_cwd |") || die "** Cannot run $parm_exim: $!\n"; @@ -3146,6 +3149,12 @@ unless (defined $parm_eximgroup) die "** ABANDONING.\n"; } +if ($parm_caller_home eq $parm_cwd) + { + print "will confuse working dir with homedir; change homedir\n"; + die "** ABANDONING.\n"; + } + print "You need to be in the Exim group to run these tests. Checking ..."; if (`groups` =~ /\b\Q$parm_eximgroup\E\b/) -- cgit v1.2.3