From f652fa8083925080b92b02897f1ee872ff2d3bba Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 14 Aug 2014 20:28:02 +0100 Subject: Add testcase for TLSA record access --- test/stdout/5890 | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 test/stdout/5890 (limited to 'test/stdout') diff --git a/test/stdout/5890 b/test/stdout/5890 new file mode 100644 index 000000000..815d95942 --- /dev/null +++ b/test/stdout/5890 @@ -0,0 +1,4 @@ +> +> dnslookup tpda: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000 +> +> -- cgit v1.2.3 From 360c049264151071203aee2f957472321ff0dc41 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 14 Aug 2014 20:47:31 +0100 Subject: Shuffle test order --- test/confs/5800 | 68 +--------------------------- test/confs/5820 | 74 ++++++++++++++++++++++++++++++ test/confs/5840 | 80 +++++++++++++++++++++++++++++++++ test/confs/5850 | 80 --------------------------------- test/confs/5890 | 10 ----- test/log/5840 | 30 +++++++++++++ test/log/5850 | 30 ------------- test/scripts/5800-DANE-GnuTLS/5800 | 14 ------ test/scripts/5800-DANE-GnuTLS/REQUIRES | 3 -- test/scripts/5800-DANE/5800 | 12 +++++ test/scripts/5800-DANE/REQUIRES | 2 + test/scripts/5820-DANE-GnuTLS/5820 | 14 ++++++ test/scripts/5820-DANE-GnuTLS/REQUIRES | 3 ++ test/scripts/5840-DANE-OpenSSL/5840 | 30 +++++++++++++ test/scripts/5840-DANE-OpenSSL/REQUIRES | 3 ++ test/scripts/5850-DANE-OpenSSL/5850 | 30 ------------- test/scripts/5850-DANE-OpenSSL/REQUIRES | 3 -- test/scripts/5890-DANE/5890 | 12 ----- test/scripts/5890-DANE/REQUIRES | 2 - test/stdout/5800 | 4 ++ test/stdout/5890 | 4 -- 21 files changed, 254 insertions(+), 254 deletions(-) create mode 100644 test/confs/5820 create mode 100644 test/confs/5840 delete mode 100644 test/confs/5850 delete mode 100644 test/confs/5890 create mode 100644 test/log/5840 delete mode 100644 test/log/5850 delete mode 100644 test/scripts/5800-DANE-GnuTLS/5800 delete mode 100644 test/scripts/5800-DANE-GnuTLS/REQUIRES create mode 100644 test/scripts/5800-DANE/5800 create mode 100644 test/scripts/5800-DANE/REQUIRES create mode 100644 test/scripts/5820-DANE-GnuTLS/5820 create mode 100644 test/scripts/5820-DANE-GnuTLS/REQUIRES create mode 100644 test/scripts/5840-DANE-OpenSSL/5840 create mode 100644 test/scripts/5840-DANE-OpenSSL/REQUIRES delete mode 100644 test/scripts/5850-DANE-OpenSSL/5850 delete mode 100644 test/scripts/5850-DANE-OpenSSL/REQUIRES delete mode 100644 test/scripts/5890-DANE/5890 delete mode 100644 test/scripts/5890-DANE/REQUIRES create mode 100644 test/stdout/5800 delete mode 100644 test/stdout/5890 (limited to 'test/stdout') diff --git a/test/confs/5800 b/test/confs/5800 index f1bd09d1c..bd0b77df2 100644 --- a/test/confs/5800 +++ b/test/confs/5800 @@ -1,74 +1,10 @@ -# Exim test configuration 5800 -# DANE - -SERVER= +# Exim test configuration 5890 +# DANE common exim_path = EXIM_PATH host_lookup_order = bydns primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME # ----- Main settings ----- -acl_smtp_rcpt = accept - -log_selector = +tls_peerdn - -queue_only -queue_run_in_order - -tls_advertise_hosts = * -# needed to force generation -tls_dhparam = historic - -# Set certificate only if server - -tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} -tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} - -#tls_verify_hosts = * -#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} - - -# ----- Routers ----- - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - retry_use_local_part - transport = send_to_server - -server: - driver = redirect - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D -# tls_certificate = DIR/aux-fixed/cert2 -# tls_privatekey = DIR/aux-fixed/cert2 -# tls_verify_certificates = DIR/aux-fixed/cert2 - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/confs/5820 b/test/confs/5820 new file mode 100644 index 000000000..f1bd09d1c --- /dev/null +++ b/test/confs/5820 @@ -0,0 +1,74 @@ +# Exim test configuration 5800 +# DANE + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * +# needed to force generation +tls_dhparam = historic + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +#tls_verify_hosts = * +#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + +server: + driver = redirect + data = :blackhole: + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D +# tls_certificate = DIR/aux-fixed/cert2 +# tls_privatekey = DIR/aux-fixed/cert2 +# tls_verify_certificates = DIR/aux-fixed/cert2 + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/5840 b/test/confs/5840 new file mode 100644 index 000000000..c381ef616 --- /dev/null +++ b/test/confs/5840 @@ -0,0 +1,80 @@ +# Exim test configuration 5850 +# DANE + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +received_recipients +tls_peerdn +tls_certificate_verified + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +# Set certificate only if server +CDIR1 = DIR/aux-fixed +CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com + +tls_certificate = ${if eq {SERVER}{server} \ + {${if eq {DETAILS}{ta} \ + {CDIR2/fullchain.pem}\ + {CDIR1/cert1}}}\ + fail} + +tls_privatekey = ${if eq {SERVER}{server} \ + {${if eq {DETAILS}{ta} \ + {CDIR2/server1.example.com.unlocked.key}\ + {CDIR1/cert1}}}\ + fail} + + +# ----- Routers ----- + +begin routers + +client: + driver = dnslookup + condition = ${if eq {SERVER}{}} + dnssec_request_domains = * + self = send + transport = send_to_server + +server: + driver = redirect + data = :blackhole: + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + port = PORT_D + +# hosts_try_dane = * + hosts_require_dane = * + + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/5850 b/test/confs/5850 deleted file mode 100644 index c381ef616..000000000 --- a/test/confs/5850 +++ /dev/null @@ -1,80 +0,0 @@ -# Exim test configuration 5850 -# DANE - -SERVER= - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME - -# ----- Main settings ----- - -acl_smtp_rcpt = accept - -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified - -queue_only -queue_run_in_order - -tls_advertise_hosts = * - -# Set certificate only if server -CDIR1 = DIR/aux-fixed -CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com - -tls_certificate = ${if eq {SERVER}{server} \ - {${if eq {DETAILS}{ta} \ - {CDIR2/fullchain.pem}\ - {CDIR1/cert1}}}\ - fail} - -tls_privatekey = ${if eq {SERVER}{server} \ - {${if eq {DETAILS}{ta} \ - {CDIR2/server1.example.com.unlocked.key}\ - {CDIR1/cert1}}}\ - fail} - - -# ----- Routers ----- - -begin routers - -client: - driver = dnslookup - condition = ${if eq {SERVER}{}} - dnssec_request_domains = * - self = send - transport = send_to_server - -server: - driver = redirect - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - port = PORT_D - -# hosts_try_dane = * - hosts_require_dane = * - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/confs/5890 b/test/confs/5890 deleted file mode 100644 index bd0b77df2..000000000 --- a/test/confs/5890 +++ /dev/null @@ -1,10 +0,0 @@ -# Exim test configuration 5890 -# DANE common - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = myhost.test.ex -spool_directory = DIR/spool - -# ----- Main settings ----- - diff --git a/test/log/5840 b/test/log/5840 new file mode 100644 index 000000000..62dc13f02 --- /dev/null +++ b/test/log/5840 @@ -0,0 +1,30 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@mxdane256ta.test.ex R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@mxdane256ta.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/5850 b/test/log/5850 deleted file mode 100644 index 62dc13f02..000000000 --- a/test/log/5850 +++ /dev/null @@ -1,30 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane512ee.test.ex -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@mxdane256ta.test.ex R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@mxdane512ee.test.ex -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@mxdane256ta.test.ex -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/scripts/5800-DANE-GnuTLS/5800 b/test/scripts/5800-DANE-GnuTLS/5800 deleted file mode 100644 index 07ad7406d..000000000 --- a/test/scripts/5800-DANE-GnuTLS/5800 +++ /dev/null @@ -1,14 +0,0 @@ -# DANE client: general -# -gnutls -# -exim -DSERVER=server -bd -oX PORT_D -**** -exim CALLER@test.ex -Testing -**** -exim -qf -**** -killdaemon -exim -DSERVER=server -DNOTDAEMON -qf -**** diff --git a/test/scripts/5800-DANE-GnuTLS/REQUIRES b/test/scripts/5800-DANE-GnuTLS/REQUIRES deleted file mode 100644 index 4234c92f8..000000000 --- a/test/scripts/5800-DANE-GnuTLS/REQUIRES +++ /dev/null @@ -1,3 +0,0 @@ -support Experimental_DANE -support GnuTLS -running IPv4 diff --git a/test/scripts/5800-DANE/5800 b/test/scripts/5800-DANE/5800 new file mode 100644 index 000000000..98a70c115 --- /dev/null +++ b/test/scripts/5800-DANE/5800 @@ -0,0 +1,12 @@ +# Expansion test for DANE. +# +# Some systems seem to use 1-byte fields for the leading +# 3 fields in a TLSA record, others 2-bytes. +# We need the result to match the string in dnszones-src/db.test.ex + +exim -be + +dnslookup tlsa: ${lookup dnsdb {tlsa=_1225._tcp.dane512ee.test.ex} \ + {$value}{none}} + +**** diff --git a/test/scripts/5800-DANE/REQUIRES b/test/scripts/5800-DANE/REQUIRES new file mode 100644 index 000000000..2314a3236 --- /dev/null +++ b/test/scripts/5800-DANE/REQUIRES @@ -0,0 +1,2 @@ +support Experimental_DANE +running IPv4 diff --git a/test/scripts/5820-DANE-GnuTLS/5820 b/test/scripts/5820-DANE-GnuTLS/5820 new file mode 100644 index 000000000..07ad7406d --- /dev/null +++ b/test/scripts/5820-DANE-GnuTLS/5820 @@ -0,0 +1,14 @@ +# DANE client: general +# +gnutls +# +exim -DSERVER=server -bd -oX PORT_D +**** +exim CALLER@test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DNOTDAEMON -qf +**** diff --git a/test/scripts/5820-DANE-GnuTLS/REQUIRES b/test/scripts/5820-DANE-GnuTLS/REQUIRES new file mode 100644 index 000000000..4234c92f8 --- /dev/null +++ b/test/scripts/5820-DANE-GnuTLS/REQUIRES @@ -0,0 +1,3 @@ +support Experimental_DANE +support GnuTLS +running IPv4 diff --git a/test/scripts/5840-DANE-OpenSSL/5840 b/test/scripts/5840-DANE-OpenSSL/5840 new file mode 100644 index 000000000..814b4b0e8 --- /dev/null +++ b/test/scripts/5840-DANE-OpenSSL/5840 @@ -0,0 +1,30 @@ +# DANE client: general +# +exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D +**** +# TLSA (3 1 1) +exim CALLER@dane256ee.test.ex +Testing +**** +# TLSA (3 1 2) +exim CALLER@mxdane512ee.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf +**** +# +# +exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D +**** +# TLSA (2 0 1) +exim CALLER@mxdane256ta.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf +**** diff --git a/test/scripts/5840-DANE-OpenSSL/REQUIRES b/test/scripts/5840-DANE-OpenSSL/REQUIRES new file mode 100644 index 000000000..59cb7dc91 --- /dev/null +++ b/test/scripts/5840-DANE-OpenSSL/REQUIRES @@ -0,0 +1,3 @@ +support Experimental_DANE +support OpenSSL +running IPv4 diff --git a/test/scripts/5850-DANE-OpenSSL/5850 b/test/scripts/5850-DANE-OpenSSL/5850 deleted file mode 100644 index 814b4b0e8..000000000 --- a/test/scripts/5850-DANE-OpenSSL/5850 +++ /dev/null @@ -1,30 +0,0 @@ -# DANE client: general -# -exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D -**** -# TLSA (3 1 1) -exim CALLER@dane256ee.test.ex -Testing -**** -# TLSA (3 1 2) -exim CALLER@mxdane512ee.test.ex -Testing -**** -exim -qf -**** -killdaemon -exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf -**** -# -# -exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D -**** -# TLSA (2 0 1) -exim CALLER@mxdane256ta.test.ex -Testing -**** -exim -qf -**** -killdaemon -exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf -**** diff --git a/test/scripts/5850-DANE-OpenSSL/REQUIRES b/test/scripts/5850-DANE-OpenSSL/REQUIRES deleted file mode 100644 index 59cb7dc91..000000000 --- a/test/scripts/5850-DANE-OpenSSL/REQUIRES +++ /dev/null @@ -1,3 +0,0 @@ -support Experimental_DANE -support OpenSSL -running IPv4 diff --git a/test/scripts/5890-DANE/5890 b/test/scripts/5890-DANE/5890 deleted file mode 100644 index fd7b6d6d3..000000000 --- a/test/scripts/5890-DANE/5890 +++ /dev/null @@ -1,12 +0,0 @@ -# Expansion test for DANE. -# -# Some systems seem to use 1-byte fields for the leading -# 3 fields in a TLSA record, others 2-bytes. -# We need the result to match the string in dnszones-src/db.test.ex - -exim -be - -dnslookup tpda: ${lookup dnsdb {tlsa=_1225._tcp.dane512ee.test.ex} \ - {$value}{none}} - -**** diff --git a/test/scripts/5890-DANE/REQUIRES b/test/scripts/5890-DANE/REQUIRES deleted file mode 100644 index 2314a3236..000000000 --- a/test/scripts/5890-DANE/REQUIRES +++ /dev/null @@ -1,2 +0,0 @@ -support Experimental_DANE -running IPv4 diff --git a/test/stdout/5800 b/test/stdout/5800 new file mode 100644 index 000000000..bcbbd88e0 --- /dev/null +++ b/test/stdout/5800 @@ -0,0 +1,4 @@ +> +> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000 +> +> diff --git a/test/stdout/5890 b/test/stdout/5890 deleted file mode 100644 index 815d95942..000000000 --- a/test/stdout/5890 +++ /dev/null @@ -1,4 +0,0 @@ -> -> dnslookup tpda: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000 -> -> -- cgit v1.2.3 From 36b894a60b9431d20a8b8b1aa557673c747c4b47 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 14 Aug 2014 21:21:45 +0100 Subject: Fix fakens TLSA generation and DANE TLSA lookup --- src/src/tls-openssl.c | 18 ++++++++++++++---- test/src/fakens.c | 19 ++++++++++++++++--- test/stdout/5800 | 2 +- 3 files changed, 31 insertions(+), 8 deletions(-) (limited to 'test/stdout') diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 1ec7786bd..79beffadf 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1806,6 +1806,7 @@ if (dane) dns_record * rr; dns_scan dnss; uschar * hostnames[2] = { host->name, NULL }; + int found = 0; if (DANESSL_init(client_ssl, NULL, hostnames) != 1) return tls_error(US"hostnames load", host, NULL); @@ -1819,13 +1820,16 @@ if (dane) int usage, selector, mtype; const char * mdname; - GETSHORT(usage, p); - GETSHORT(selector, p); - GETSHORT(mtype, p); + found++; + usage = *p++; + selector = *p++; + mtype = *p++; switch (mtype) { - default: /* log bad */ return FAIL; + default: + log_write(0, LOG_MAIN, "DANE error: TLSA record w/bad mtype 0x%x", mtype); + return FAIL; case 0: mdname = NULL; break; case 1: mdname = "sha256"; break; case 2: mdname = "sha512"; break; @@ -1841,6 +1845,12 @@ if (dane) case 1: break; } } + + if (!found) + { + log_write(0, LOG_MAIN, "DANE error: No TLSA records"); + return FAIL; + } } #endif diff --git a/test/src/fakens.c b/test/src/fakens.c index 912f41984..fd3604a3c 100644 --- a/test/src/fakens.c +++ b/test/src/fakens.c @@ -194,6 +194,19 @@ while (*name != 0) return pk; } +uschar * +bytefield(uschar ** pp, uschar * pk) +{ +unsigned value = 0; +uschar * p = *pp; + +while (isdigit(*p)) value = value*10 + *p++ - '0'; +while (isspace(*p)) p++; +*pp = p; +*pk++ = value & 255; +return pk; +} + uschar * shortfield(uschar ** pp, uschar * pk) { @@ -420,9 +433,9 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) break; case ns_t_tlsa: - pk = shortfield(&p, pk); /* usage */ - pk = shortfield(&p, pk); /* selector */ - pk = shortfield(&p, pk); /* match type */ + pk = bytefield(&p, pk); /* usage */ + pk = bytefield(&p, pk); /* selector */ + pk = bytefield(&p, pk); /* match type */ while (isxdigit(*p)) { value = toupper(*p) - (isdigit(*p) ? '0' : '7') << 4; diff --git a/test/stdout/5800 b/test/stdout/5800 index bcbbd88e0..b9c64fea0 100644 --- a/test/stdout/5800 +++ b/test/stdout/5800 @@ -1,4 +1,4 @@ > -> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000 +> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d > > -- cgit v1.2.3