From 018058b21d17a988ed29cf31a7002da74b599d1a Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 7 May 2014 20:46:49 +0100 Subject: Make $tls_out_ocsp visible to TPDA (mostly testsuite) --- test/confs/5600 | 8 +- test/confs/5601 | 16 ++- test/confs/5608 | 157 ++++++++++++++++++++++++++ test/confs/5650 | 8 +- test/confs/5651 | 16 ++- test/confs/5658 | 161 +++++++++++++++++++++++++++ test/log/5600 | 8 +- test/log/5601 | 6 +- test/log/5608 | 66 +++++++++++ test/log/5650 | 8 +- test/log/5651 | 6 +- test/log/5658 | 57 ++++++++++ test/scripts/5608-OCSP-OpenSSL-TPDA/5608 | 82 ++++++++++++++ test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES | 4 + test/scripts/5658-OCSP-GnuTLS-TPDA/5658 | 82 ++++++++++++++ test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES | 4 + 16 files changed, 663 insertions(+), 26 deletions(-) create mode 100644 test/confs/5608 create mode 100644 test/confs/5658 create mode 100644 test/log/5608 create mode 100644 test/log/5658 create mode 100644 test/scripts/5608-OCSP-OpenSSL-TPDA/5608 create mode 100644 test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES create mode 100644 test/scripts/5658-OCSP-GnuTLS-TPDA/5658 create mode 100644 test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES (limited to 'test') diff --git a/test/confs/5600 b/test/confs/5600 index cd5f3c8e7..018ee3a78 100644 --- a/test/confs/5600 +++ b/test/confs/5600 @@ -40,10 +40,14 @@ tls_ocsp_file = OCSP begin acl check_connect: - accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp + accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_mail: - accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_recipient: deny message = certificate not verified: peerdn=$tls_peerdn diff --git a/test/confs/5601 b/test/confs/5601 index 7eb19f754..3e97fcbea 100644 --- a/test/confs/5601 +++ b/test/confs/5601 @@ -92,7 +92,9 @@ send_to_server1: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * hosts_request_ocsp = : - headers_add = X-TLS-out: ocsp status $tls_out_ocsp + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server2: driver = smtp @@ -102,7 +104,9 @@ send_to_server2: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * # note no ocsp mention here - headers_add = X-TLS-out: ocsp status $tls_out_ocsp + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server3: driver = smtp @@ -113,7 +117,9 @@ send_to_server3: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * hosts_require_ocsp = * - headers_add = X-TLS-out: ocsp status $tls_out_ocsp + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server4: driver = smtp @@ -125,7 +131,9 @@ send_to_server4: protocol = smtps hosts_require_tls = * hosts_require_ocsp = * - headers_add = X-TLS-out: ocsp status $tls_out_ocsp + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) # ----- Retry ----- diff --git a/test/confs/5608 b/test/confs/5608 new file mode 100644 index 000000000..55d9a2015 --- /dev/null +++ b/test/confs/5608 @@ -0,0 +1,157 @@ +# Exim test configuration 5601 +# OCSP stapling, client, tpda + +SERVER = + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data = check_data + +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} + +#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\ + +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + +check_data: + warn condition = ${if def:h_X-TLS-out:} + logwrite = client claims: $h_X-TLS-out: + accept + +logger: + warn logwrite = client ocsp status: $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{norequire} {2} \ + {${if eq{$local_part}{smtps} {4}{3}}} \ + }}} + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# nostaple: deliberately do not request cert-status +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * + hosts_request_ocsp = : + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +# norequire: request stapling but do not verify +send_to_server2: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * +# note no ocsp mention here + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +# (any other name): request and verify +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +# (any other name): request and verify, ssl-on-connect +send_to_server4: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/confs/5650 b/test/confs/5650 index 3d4a68ef3..2b8960366 100644 --- a/test/confs/5650 +++ b/test/confs/5650 @@ -41,10 +41,14 @@ tls_ocsp_file = OCSP begin acl check_connect: - accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp + accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_mail: - accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_recipient: accept diff --git a/test/confs/5651 b/test/confs/5651 index 4a1989f43..6b70d33b2 100644 --- a/test/confs/5651 +++ b/test/confs/5651 @@ -90,7 +90,9 @@ send_to_server1: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * hosts_request_ocsp = : - headers_add = X-TLS-out: OCSP status $tls_out_ocsp + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server2: driver = smtp @@ -100,7 +102,9 @@ send_to_server2: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * # note no ocsp mention here - headers_add = X-TLS-out: OCSP status $tls_out_ocsp + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server3: driver = smtp @@ -112,7 +116,9 @@ send_to_server3: tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem hosts_require_tls = * hosts_require_ocsp = * - headers_add = X-TLS-out: OCSP status $tls_out_ocsp + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) send_to_server4: driver = smtp @@ -125,7 +131,9 @@ send_to_server4: protocol = smtps hosts_require_tls = * hosts_require_ocsp = * - headers_add = X-TLS-out: OCSP status $tls_out_ocsp + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) # ----- Retry ----- diff --git a/test/confs/5658 b/test/confs/5658 new file mode 100644 index 000000000..e8f2494f6 --- /dev/null +++ b/test/confs/5658 @@ -0,0 +1,161 @@ +# Exim test configuration 5658 +# OCSP stapling, client, tpda + +SERVER = + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data = check_data + +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +# from cmdline define +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + +check_data: + warn condition = ${if def:h_X-TLS-out:} + logwrite = client claims: $h_X-TLS-out: + accept + +logger: + warn logwrite = client ocsp status: $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + accept + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{norequire} {2} \ + {${if eq{$local_part}{smtps} {4}{3}}} \ + }}} + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * + hosts_request_ocsp = : + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +send_to_server2: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * +# note no ocsp mention here + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + +send_to_server4: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + tpda_delivery_action = ${acl {logger}} + tpda_host_defer_action = ${acl {logger}} + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/log/5600 b/test/log/5600 index d0dc7b16e..f2a469d8b 100644 --- a/test/log/5600 +++ b/test/log/5600 @@ -1,10 +1,10 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; responding -1999-03-02 09:44:33 acl_mail: ocsp in status: 3 +1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding diff --git a/test/log/5601 b/test/log/5601 index d3c46eda0..1276861fc 100644 --- a/test/log/5601 +++ b/test/log/5601 @@ -23,17 +23,17 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding -1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 (notresp) 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: ocsp status 0 +1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: ocsp status 0 (notreq) 1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 3 +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 4 (verified) 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbA-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/log/5608 b/test/log/5608 new file mode 100644 index 000000000..2c0c98016 --- /dev/null +++ b/test/log/5608 @@ -0,0 +1,66 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" +1999-03-02 09:44:33 10HmbA-0005vi-00 client ocsp status: 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content +1999-03-02 09:44:33 10HmbF-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbG-0005vi-00 Server certificate revoked; reason: superseded +1999-03-02 09:44:33 10HmbG-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbH-0005vi-00 Server OSCP dates invalid +1999-03-02 09:44:33 10HmbH-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 4 +1999-03-02 09:44:33 10HmbD-0005vi-00 client claims: ocsp status 0 +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbA-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: ocsp status 4 +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; not responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/5650 b/test/log/5650 index 139d3e7b5..6bb550248 100644 --- a/test/log/5650 +++ b/test/log/5650 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 -1999-03-02 09:44:33 acl_mail: ocsp in status: 2 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 acl_conn: ocsp in status: 0 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated. 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. diff --git a/test/log/5651 b/test/log/5651 index 194443aa8..d3a2775b8 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -19,16 +19,16 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp) 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: OCSP status 0 +1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: OCSP status 0 (notreq) 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 3 +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 4 (verified) 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbA-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/log/5658 b/test/log/5658 new file mode 100644 index 000000000..3479b6691 --- /dev/null +++ b/test/log/5658 @@ -0,0 +1,57 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" +1999-03-02 09:44:33 10HmbA-0005vi-00 client ocsp status: 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate status check failed) +1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbG-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate verification failed): certificate revoked +1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbH-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate status check failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 1 (notresp) +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 client claims: OCSP status 0 (notreq) +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbA-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: OCSP status 4 (verified) +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 b/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 new file mode 100644 index 000000000..409b48b1b --- /dev/null +++ b/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 @@ -0,0 +1,82 @@ +# OCSP stapling, client, tpda +# duplicate of 5601 +# +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim norequire@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client works when we request but don't require OCSP stapling and some arrives +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim norequire@test.ex +test message. +**** +# +# +# +# +# Client works when we don't request OCSP stapling +exim nostaple@test.ex +test message. +**** +# +# +# +# +# Client accepts good stapled info +exim good@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim failrequire@test.ex +test message. +**** +sleep 1 +killdaemon +no_msglog_check +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim failrevoked@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim failexpired@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# diff --git a/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES b/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES new file mode 100644 index 000000000..77fbd5bba --- /dev/null +++ b/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES @@ -0,0 +1,4 @@ +support OpenSSL +support Experimental_OCSP +support Experimental_TPDA +running IPv4 diff --git a/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 b/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 new file mode 100644 index 000000000..2e3028bb3 --- /dev/null +++ b/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 @@ -0,0 +1,82 @@ +# OCSP stapling, client, tpda +# duplicate of 5651 +# +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +**** +exim norequire@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client works when we request but don't require OCSP stapling and some arrives +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim norequire@test.ex +test message. +**** +# +# +# +# +# Client works when we don't request OCSP stapling +exim nostaple@test.ex +test message. +**** +# +# +# +# +# Client accepts good stapled info +exim good@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +**** +exim failrequire@test.ex +test message. +**** +sleep 1 +killdaemon +no_msglog_check +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim failrevoked@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim failexpired@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# diff --git a/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES b/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES new file mode 100644 index 000000000..2650bd997 --- /dev/null +++ b/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES @@ -0,0 +1,4 @@ +support GnuTLS +support Experimental_OCSP +support Experimental_TPDA +running IPv4 -- cgit v1.2.3 From e3dd1d67d7e5bfd0b123d6cb84e00a570415bdea Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 11 May 2014 12:27:29 +0100 Subject: Compiler quietening and testcase consistency Fix an unterminated comment from 018058b --- src/src/deliver.c | 2 +- src/src/expand.c | 14 +++++--------- src/src/malware.c | 12 +++++------- src/src/string.c | 2 +- src/src/tls-openssl.c | 1 - src/src/tlscert-openssl.c | 10 +++++----- src/src/transport.c | 1 - src/src/transports/smtp.c | 2 +- test/log/5608 | 32 ++++++++++++++++---------------- test/scripts/5608-OCSP-OpenSSL-TPDA/5608 | 2 ++ 10 files changed, 36 insertions(+), 42 deletions(-) (limited to 'test') diff --git a/src/src/deliver.c b/src/src/deliver.c index 851910eb4..3334ba2cb 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -4154,7 +4154,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); } # endif - #endif /*SUPPORT_TLS + #endif /*SUPPORT_TLS*/ if (client_authenticator) { diff --git a/src/src/expand.c b/src/src/expand.c index 01c6e05f4..127134dbc 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -5365,8 +5365,6 @@ while (*s != 0) #ifdef SUPPORT_TLS case EITEM_CERTEXTRACT: { - int i; - int field_number = 1; uschar *save_lookup_value = lookup_value; uschar *sub[2]; int save_expand_nmax = @@ -5382,7 +5380,6 @@ while (*s != 0) /* strip spaces fore & aft */ { int len; - int x = 0; uschar *p = sub[0]; while (isspace(*p)) p++; @@ -5725,7 +5722,7 @@ while (*s != 0) int c; uschar *arg = NULL; uschar *sub; - var_entry *vp; + var_entry *vp = NULL; /* Owing to an historical mis-design, an underscore may be part of the operator name, or it may introduce arguments. We therefore first scan the @@ -5763,7 +5760,6 @@ while (*s != 0) break; } } - vp = NULL; /*FALLTHROUGH*/ #endif default: @@ -5861,7 +5857,7 @@ while (*s != 0) if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_md5(*(void **)vp->value); - yield = string_cat(yield, &size, &ptr, cp, (int)strlen(cp)); + yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); } else #endif @@ -5882,7 +5878,7 @@ while (*s != 0) if (vp && *(void **)vp->value) { uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value); - yield = string_cat(yield, &size, &ptr, cp, (int)strlen(cp)); + yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); } else #endif @@ -6349,7 +6345,7 @@ while (*s != 0) case EOP_UTF8CLEAN: { int seq_len, index = 0; - int bytes_left = 0; + int bytes_left = 0; uschar seq_buff[4]; /* accumulate utf-8 here */ while (*sub != 0) @@ -6360,7 +6356,7 @@ while (*s != 0) complete = 0; c = *sub++; - if(bytes_left) + if (bytes_left) { if ((c & 0xc0) != 0x80) { diff --git a/src/src/malware.c b/src/src/malware.c index aaf3fcb7e..8260a4815 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -401,6 +401,7 @@ malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) case MC_TCP: sock = m_tcpsocket_fromdef(scanner_options, &errstr); break; case MC_UNIX: sock = m_unixsocket(scanner_options, &errstr); break; case MC_STRM: sock = m_streamsocket(scanner_options, &errstr); break; + default: /* compiler quietening */ break; } if (sock < 0) return m_errlog_defer(scanent, errstr); @@ -944,12 +945,10 @@ malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) sep = pclose(scanner_out); signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe); if (sep != 0) - if (sep == -1) return m_errlog_defer(scanent, - string_sprintf("running scanner failed: %s", strerror(sep))); - else - return m_errlog_defer(scanent, - string_sprintf("scanner returned error code: %d", sep)); + sep = -1 + ? string_sprintf("running scanner failed: %s", strerror(sep)) + : string_sprintf("scanner returned error code: %d", sep)); if (trigger) { uschar * s; @@ -1270,8 +1269,7 @@ malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) { free(clamav_fbuf); return m_errlog_defer_3(scanent, - string_sprintf("unable to send file body to socket (%s:%u)", - hostname, port), + string_sprintf("unable to send file body to socket (%s)", hostname), sock); } #endif diff --git a/src/src/string.c b/src/src/string.c index 365eaec03..7b5245557 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -997,7 +997,7 @@ if (list) new = string_cat(new, &sz, &off, &sep, 1); } -while (sp = Ustrchr(ele, sep)) +while((sp = Ustrchr(ele, sep))) { new = string_cat(new, &sz, &off, ele, sp-ele+1); new = string_cat(new, &sz, &off, &sep, 1); diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 16612d300..db2544c03 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -875,7 +875,6 @@ if(!(bs = OCSP_response_get1_basic(rsp))) */ { BIO * bp = NULL; - OCSP_CERTID *id; int status, reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index cddde4cdc..a36ec2ee2 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -81,7 +81,7 @@ X509_free((X509 *)cert); static uschar * bio_string_copy(BIO * bp, int len) { -uschar * cp = ""; +uschar * cp = US""; len = len > 0 ? (int) BIO_get_mem_data(bp, &cp) : 0; cp = string_copyn(cp, len); BIO_free(bp); @@ -164,7 +164,7 @@ return cp; uschar * tls_cert_signature_algorithm(void * cert, uschar * mod) { -return string_copy(OBJ_nid2ln(X509_get_signature_type((X509 *)cert))); +return string_copy(US OBJ_nid2ln(X509_get_signature_type((X509 *)cert))); } uschar * @@ -182,7 +182,7 @@ return string_sprintf("%d", X509_get_version((X509 *)cert)); uschar * tls_cert_ext_by_oid(void * cert, uschar * oid, int idx) { -int nid = OBJ_create(oid, "", ""); +int nid = OBJ_create(CS oid, "", ""); int nidx = X509_get_ext_by_NID((X509 *)cert, nid, idx); X509_EXTENSION * ex = X509_get_ext((X509 *)cert, nidx); ASN1_OCTET_STRING * adata = X509_EXTENSION_get_data(ex); @@ -201,7 +201,7 @@ cp3 = cp2 = store_get(len*3+1); while(len) { - sprintf(cp2, "%.2x ", *cp1++); + sprintf(CS cp2, "%.2x ", *cp1++); cp2 += 3; len--; } @@ -341,7 +341,7 @@ if (!X509_digest(cert,fdig,md,&n)) return NULL; } cp = store_get(n*2+1); -for (j = 0; j < (int)n; j++) sprintf(cp+2*j, "%02X", md[j]); +for (j = 0; j < (int)n; j++) sprintf(CS cp+2*j, "%02X", md[j]); return(cp); } diff --git a/src/src/transport.c b/src/src/transport.c index 92de4b92b..00b8fa9d8 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -837,7 +837,6 @@ internal_transport_write_message(address_item *addr, int fd, int options, { int written = 0; int len; -header_line *h; BOOL use_crlf = (options & topt_use_crlf) != 0; /* Initialize pointer in output buffer. */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 1232965b9..fd8948620 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -636,7 +636,7 @@ tpda_defer_errstr = addr->message ? string_sprintf("%s: %s", addr->message, strerror(addr->basic_errno)) : string_copy(addr->message) : addr->basic_errno > 0 - ? string_copy(strerror(addr->basic_errno)) + ? string_copy(US strerror(addr->basic_errno)) : NULL; DEBUG(D_transport) diff --git a/test/log/5608 b/test/log/5608 index 2c0c98016..7c8e5d7e0 100644 --- a/test/log/5608 +++ b/test/log/5608 @@ -3,17 +3,17 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 4 (verified) 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" -1999-03-02 09:44:33 10HmbA-0005vi-00 client ocsp status: 0 (notreq) -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content 1999-03-02 09:44:33 10HmbF-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> @@ -39,17 +39,17 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; responding -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 4 -1999-03-02 09:44:33 10HmbD-0005vi-00 client claims: ocsp status 0 -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: ocsp status 4 +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 0 +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbA-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding 1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: ocsp status 4 -1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbD-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 b/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 index 409b48b1b..8010507dc 100644 --- a/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 +++ b/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 @@ -21,6 +21,7 @@ exim -bd -oX PORT_D -DSERVER=server \ exim norequire@test.ex test message. **** +millisleep 500 # # # @@ -29,6 +30,7 @@ test message. exim nostaple@test.ex test message. **** +millisleep 500 # # # -- cgit v1.2.3 From 2381c830c6f89e3abc2dc153d483251a4403e71f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 11 May 2014 20:27:04 +0100 Subject: More testcase serialization --- src/src/malware.c | 2 +- test/log/5601 | 18 +++++++++--------- test/log/5651 | 18 +++++++++--------- test/log/5658 | 32 ++++++++++++++++---------------- test/scripts/5600-OCSP-OpenSSL/5601 | 1 + test/scripts/5650-OCSP-GnuTLS/5651 | 1 + test/scripts/5658-OCSP-GnuTLS-TPDA/5658 | 2 ++ 7 files changed, 39 insertions(+), 35 deletions(-) (limited to 'test') diff --git a/src/src/malware.c b/src/src/malware.c index 8260a4815..cae0cdd99 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -946,7 +946,7 @@ malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) signal(SIGCHLD,eximsigchld); signal(SIGPIPE,eximsigpipe); if (sep != 0) return m_errlog_defer(scanent, - sep = -1 + sep == -1 ? string_sprintf("running scanner failed: %s", strerror(sep)) : string_sprintf("scanner returned error code: %d", sep)); diff --git a/test/log/5601 b/test/log/5601 index 1276861fc..4daccd975 100644 --- a/test/log/5601 +++ b/test/log/5601 @@ -2,11 +2,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content 1999-03-02 09:44:33 10HmbD-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> @@ -28,13 +28,13 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: ocsp status 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: ocsp status 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 4 (verified) -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbA-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmbB-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/5651 b/test/log/5651 index d3a2775b8..f19900e9e 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -2,11 +2,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbD-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate status check failed) 1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37): failure while setting up TLS session @@ -24,12 +24,12 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbB-0005vi-00 client claims: OCSP status 0 (notreq) -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 4 (verified) -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbA-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbB-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/5658 b/test/log/5658 index 3479b6691..16f5b31f2 100644 --- a/test/log/5658 +++ b/test/log/5658 @@ -3,17 +3,17 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 1 (notresp) 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" -1999-03-02 09:44:33 10HmbA-0005vi-00 client ocsp status: 0 (notreq) -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate status check failed) 1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed) @@ -34,16 +34,16 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 1 (notresp) -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 1 (notresp) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 0 (notreq) +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 client claims: OCSP status 0 (notreq) -1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbA-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: OCSP status 4 (verified) -1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmbD-0005vi-00@server1.example.com 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/scripts/5600-OCSP-OpenSSL/5601 b/test/scripts/5600-OCSP-OpenSSL/5601 index cf0f68fc7..521f8fd71 100644 --- a/test/scripts/5600-OCSP-OpenSSL/5601 +++ b/test/scripts/5600-OCSP-OpenSSL/5601 @@ -20,6 +20,7 @@ exim -bd -oX PORT_D -DSERVER=server \ exim nostaple@test.ex test message. **** +millisleep 500 # # # diff --git a/test/scripts/5650-OCSP-GnuTLS/5651 b/test/scripts/5650-OCSP-GnuTLS/5651 index 5ed784be2..2015d43b9 100644 --- a/test/scripts/5650-OCSP-GnuTLS/5651 +++ b/test/scripts/5650-OCSP-GnuTLS/5651 @@ -20,6 +20,7 @@ exim -bd -oX PORT_D -DSERVER=server \ exim nostaple@test.ex test message. **** +millisleep 500 # # # diff --git a/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 b/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 index 2e3028bb3..759810613 100644 --- a/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 +++ b/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 @@ -21,6 +21,7 @@ exim -bd -oX PORT_D -DSERVER=server \ exim norequire@test.ex test message. **** +millisleep 500 # # # @@ -29,6 +30,7 @@ test message. exim nostaple@test.ex test message. **** +millisleep 500 # # # -- cgit v1.2.3 From 9ef9101c7dc24878b83931e716021378ae789d78 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 10 May 2014 15:37:52 +0100 Subject: New expansion operator sha256 for certificates. Bug 1170 --- doc/doc-docbook/spec.xfpt | 14 ++++++++++++++ doc/doc-txt/ChangeLog | 1 + doc/doc-txt/NewStuff | 3 ++- src/src/expand.c | 17 ++++++++++++++++- src/src/functions.h | 1 + src/src/tlscert-gnu.c | 6 ++++++ src/src/tlscert-openssl.c | 6 ++++++ test/confs/2002 | 3 ++- test/confs/2102 | 5 +++-- test/log/2002 | 3 ++- test/log/2102 | 5 +++-- 11 files changed, 56 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 3dd72e9f9..cbe5c1851 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -10036,6 +10036,7 @@ Letters in IPv6 addresses are always output in lower case. .vitem &*${md5:*&<&'string'&>&*}*& .cindex "MD5 hash" .cindex "expansion" "MD5 hash" +.cindex "certificate fingerprint" .cindex "&%md5%& expansion item" The &%md5%& operator computes the MD5 hash value of the string, and returns it as a 32-digit hexadecimal number, in which any letters are in lower case. @@ -10173,11 +10174,24 @@ variables or headers inside regular expressions. .vitem &*${sha1:*&<&'string'&>&*}*& .cindex "SHA-1 hash" .cindex "expansion" "SHA-1 hashing" +.cindex "certificate fingerprint" .cindex "&%sha2%& expansion item" The &%sha1%& operator computes the SHA-1 hash value of the string, and returns it as a 40-digit hexadecimal number, in which any letters are in upper case. +.vitem &*${sha256:*&<&'certificate'&>&*}*& +.cindex "SHA-256 hash" +.cindex "certificate fingerprint" +.cindex "expansion" "SHA-256 hashing" +.cindex "&%sha256%& expansion item" +The &%sha256%& operator computes the SHA-256 hash fingerprint of the +certificate, +and returns +it as a 64-digit hexadecimal number, in which any letters are in upper case. +Only arguments which are a single variable of certificate type are supported. + + .vitem &*${stat:*&<&'string'&>&*}*& .cindex "expansion" "statting a file" .cindex "file" "extracting characteristics" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9704295e3..33e43b196 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -113,6 +113,7 @@ JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling JH/22 Expansion operators ${md5:string} and ${sha1::string} can now operate on certificate variables to give certificate fingerprints + Also new ${sha256:cert_variable}. Exim version 4.82 diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 87bb8a37b..9eebd089f 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -46,7 +46,8 @@ Version 4.83 10. New variables "tls_(in,out)_(our,peer)cert" and expansion item "certextract" to extract fields from them. Hash operators md5 and sha1 - work over them for generating fingerprints. + work over them for generating fingerprints, and a new sha256 operator + for them added. Version 4.82 diff --git a/src/src/expand.c b/src/src/expand.c index 127134dbc..9afc036fa 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -205,6 +205,7 @@ static uschar *op_table_main[] = { US"rxquote", US"s", US"sha1", + US"sha256", US"stat", US"str2b64", US"strlen", @@ -242,6 +243,7 @@ enum { EOP_RXQUOTE, EOP_S, EOP_SHA1, + EOP_SHA256, EOP_STAT, EOP_STR2B64, EOP_STRLEN, @@ -5745,8 +5747,9 @@ while (*s != 0) switch(c) { #ifdef SUPPORT_TLS - case EOP_SHA1: case EOP_MD5: + case EOP_SHA1: + case EOP_SHA256: if (s[1] == '$') { uschar * s1 = s; @@ -5894,6 +5897,18 @@ while (*s != 0) } continue; + case EOP_SHA256: +#ifdef SUPPORT_TLS + if (vp && *(void **)vp->value) + { + uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value); + yield = string_cat(yield, &size, &ptr, cp, (int)strlen(cp)); + } + else +#endif + expand_string_message = US"sha256 only supported for certificates"; + continue; + /* Convert hex encoding to base64 encoding */ case EOP_HEX2B64: diff --git a/src/src/functions.h b/src/src/functions.h index 38ba7f39d..792f3df4d 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -41,6 +41,7 @@ extern uschar * tls_cert_version(void *, uschar * mod); extern uschar * tls_cert_fprt_md5(void *); extern uschar * tls_cert_fprt_sha1(void *); +extern uschar * tls_cert_fprt_sha256(void *); extern int tls_client_start(int, host_item *, address_item *, void *); diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index 32b1986b8..5a4c231bb 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -421,6 +421,12 @@ tls_cert_fprt_sha1(void * cert) return fingerprint((gnutls_x509_crt_t)cert, GNUTLS_DIG_SHA1); } +uschar * +tls_cert_fprt_sha256(void * cert) +{ +return fingerprint((gnutls_x509_crt_t)cert, GNUTLS_DIG_SHA256); +} + /* vi: aw ai sw=2 */ diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index a36ec2ee2..9903f08f3 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -357,6 +357,12 @@ tls_cert_fprt_sha1(void * cert) return fingerprint((X509 *)cert, EVP_sha1()); } +uschar * +tls_cert_fprt_sha256(void * cert) +{ +return fingerprint((X509 *)cert, EVP_sha256()); +} + /* vi: aw ai sw=2 */ diff --git a/test/confs/2002 b/test/confs/2002 index dfb4feef5..178265d65 100644 --- a/test/confs/2002 +++ b/test/confs/2002 @@ -58,8 +58,9 @@ check_recipient: logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}} # logwrite = ${certextract {ocsp_uri} {$tls_in_peercert} {OCU <$value>}{(no OCU)}} logwrite = ${certextract {crl_uri} {$tls_in_peercert} {CRU <$value>}{(no CRU)}} - logwrite = md5 fingerprint ${md5:$tls_in_peercert} + logwrite = md5 fingerprint ${md5:$tls_in_peercert} logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} + logwrite = sha256 fingerprint ${sha256:$tls_in_peercert} # ----- Routers ----- diff --git a/test/confs/2102 b/test/confs/2102 index 6f29298b1..3d5e51ae6 100644 --- a/test/confs/2102 +++ b/test/confs/2102 @@ -59,8 +59,9 @@ check_recipient: logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}} logwrite = ${certextract {ocsp_uri} {$tls_in_peercert} {OCU <$value>}{(no OCU)}} logwrite = ${certextract {crl_uri} {$tls_in_peercert} {CRU <$value>}{(no CRU)}} - logwrite = md5 fingerprint ${md5:$tls_in_peercert} - logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} + logwrite = md5 fingerprint ${md5:$tls_in_peercert} + logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} + logwrite = sha256 fingerprint ${sha256:$tls_in_peercert} # ----- Routers ----- diff --git a/test/log/2002 b/test/log/2002 index 96762c1a3..6a5d0c899 100644 --- a/test/log/2002 +++ b/test/log/2002 @@ -18,8 +18,9 @@ 1999-03-02 09:44:33 SG <6c 37 41 26 4d 5d f4 b5 31 10 67 ca fb 64 b6 22 98 62 f7 1e 95 7b 6c e6 74 47 21 f4 5e 89 36 3e b9 9c 8a c5 52 bb c4 af 12 93 26 3b d7 3d e0 56 71 1e 1d 21 20 02 ed f0 4e d5 5e 45 42 fd 3c 38 41 54 83 86 0b 3b bf c5 47 39 ff 15 ea 93 dc fd c7 3d 18 58 59 ca dd 2a d8 b9 f9 2f b9 76 93 f4 ae e3 91 56 80 2f 8c 04 2f ad 57 ef d2 51 19 f4 b4 ef 32 9c ac 3a 7c 0d b8 39 db b1 e3 30 73 1a> 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 CRU -1999-03-02 09:44:33 md5 fingerprint C5FA6C8B1BE926DBC4E436AF08F92B55 +1999-03-02 09:44:33 md5 fingerprint C5FA6C8B1BE926DBC4E436AF08F92B55 1999-03-02 09:44:33 sha1 fingerprint 40B2135E6B67AE36A397696DA328423685E74CE3 +1999-03-02 09:44:33 sha256 fingerprint 6064D93E235FBA6FC66788F2AAC087752D856ECC7901FFCB8B53B21A09D232D2 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="CN=server2.example.com" S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER R=abc T=local_delivery diff --git a/test/log/2102 b/test/log/2102 index 77ef15052..57240408d 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -20,8 +20,9 @@ 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 OCU 1999-03-02 09:44:33 CRU -1999-03-02 09:44:33 md5 fingerprint C5FA6C8B1BE926DBC4E436AF08F92B55 -1999-03-02 09:44:33 sha1 fingerprint 40B2135E6B67AE36A397696DA328423685E74CE3 +1999-03-02 09:44:33 md5 fingerprint C5FA6C8B1BE926DBC4E436AF08F92B55 +1999-03-02 09:44:33 sha1 fingerprint 40B2135E6B67AE36A397696DA328423685E74CE3 +1999-03-02 09:44:33 sha256 fingerprint 6064D93E235FBA6FC66788F2AAC087752D856ECC7901FFCB8B53B21A09D232D2 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 DN="/CN=server2.example.com" S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER R=abc T=local_delivery -- cgit v1.2.3