From 83e2f8a2515d1cd787ac68b052f6e4539dd48752 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Thu, 17 May 2012 11:17:20 -0400 Subject: Handle absent tls_require_ciphers correctly. Fix test-suite certs to not use MD5. Document that we do not support MD5 certs any longer. Make test-suite generate probably-correct gnutls-params filename for us. --- test/runtest | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'test/runtest') diff --git a/test/runtest b/test/runtest index 51658b878..53516d00a 100755 --- a/test/runtest +++ b/test/runtest @@ -25,6 +25,13 @@ use Time::Local; $testversion = "4.78 (08-May-12)"; +# This gets embedded in the D-H params filename, and the value comes +# from asking GnuTLS for "normal", but there appears to be no way to +# use certtool/... to ask what that value currently is. *sigh* +# This value is correct as of GnuTLS 2.12.18. +# +$gnutls_dh_bits_normal = 2432; + $cf = "bin/cf -exact"; $cr = "\r"; $debug = 0; @@ -1578,9 +1585,10 @@ if (/^eximstats\s+(.*)/) if (/^gnutls/) { - run_system "sudo cp -p aux-fixed/gnutls-params spool/gnutls-params;" . - "sudo chown $parm_eximuser:$parm_eximgroup spool/gnutls-params;" . - "sudo chmod 0400 spool/gnutls-params"; + my $gen_fn = "spool/gnutls-params-$gnutls_dh_bits_normal"; + run_system "sudo cp -p aux-fixed/gnutls-params $gen_fn;" . + "sudo chown $parm_eximuser:$parm_eximgroup $gen_fn;" . + "sudo chmod 0400 $gen_fn"; return 1; } -- cgit v1.2.3