From 520ef00f56cea3d35688bf4e13599a6e37ba275f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 11 Dec 2022 15:14:54 +0000 Subject: TLS: Fix handling for server cert/key file SNI re-expansion forced-fail --- test/scripts/2000-GnuTLS/2031 | 51 ++++++++++++++++++++++++++++++++++++------ test/scripts/2100-OpenSSL/2131 | 50 ++++++++++++++++++++++++++++++++++------- 2 files changed, 86 insertions(+), 15 deletions(-) (limited to 'test/scripts') diff --git a/test/scripts/2000-GnuTLS/2031 b/test/scripts/2000-GnuTLS/2031 index d302738fd..fdf17f705 100644 --- a/test/scripts/2000-GnuTLS/2031 +++ b/test/scripts/2000-GnuTLS/2031 @@ -1,19 +1,56 @@ # TLS server: SNI used to select certificate +# +# The interesting output is the DN of server logged by the client gnutls exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 1 # # -# Extended: server uses SNI to choose certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -sleep 1 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# server picks a non-existing filenam for cert +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon +no_msglog_check diff --git a/test/scripts/2100-OpenSSL/2131 b/test/scripts/2100-OpenSSL/2131 index c1029bb8f..9a0885308 100644 --- a/test/scripts/2100-OpenSSL/2131 +++ b/test/scripts/2100-OpenSSL/2131 @@ -1,20 +1,54 @@ # TLS server: SNI used to select certificate # +# The interesting output is the DN of server logged by the client exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 2 # # -# Extended: server uses SNI to change certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -millisleep 500 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server gets an expansion-fail for the certfile +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon -sleep 2 +no_msglog_check -- cgit v1.2.3