Gitweb:
http://git.exim.org/exim.git/commitdiff/6bf5d8f2ca7524fd63f803032cada89e54544cf3
Commit: 6bf5d8f2ca7524fd63f803032cada89e54544cf3
Parent: 1365611d62f130d0a096b322656b5b790628d2c7
Author: Phil Pennock <pdp@???>
AuthorDate: Thu May 17 08:16:11 2012 -0400
Committer: Phil Pennock <pdp@???>
CommitDate: Thu May 17 08:16:11 2012 -0400
Handle TLSv1.2 in test suite.
Normalise TLSv1.2 to TLSv1.
Normalise AES256-GCM-SHA384 to AES256-SHA.
Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs.
Have test suite print final test id during abort, make it easier to track down.
---
test/confs/2002 | 1 +
test/confs/2019 | 1 +
test/confs/2102 | 1 +
test/confs/2119 | 1 +
test/runtest | 19 +++++++++++++++++++
5 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/test/confs/2002 b/test/confs/2002
index 22dc68e..e8358da 100644
--- a/test/confs/2002
+++ b/test/confs/2002
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA : \
+ AES256-GCM-SHA384 : \
IDEA-CBC-MD5 : \
DES-CBC3-SHA : \
DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2019 b/test/confs/2019
index 993c8e0..8e63c05 100644
--- a/test/confs/2019
+++ b/test/confs/2019
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA:\
+ AES256-GCM-SHA384:\
IDEA-CBC-MD5:\
DES-CBC3-SHA:\
DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/confs/2102 b/test/confs/2102
index 3caab6f..8318072 100644
--- a/test/confs/2102
+++ b/test/confs/2102
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA : \
+ AES256-GCM-SHA384 : \
IDEA-CBC-MD5 : \
DES-CBC3-SHA : \
DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2119 b/test/confs/2119
index b64ebf7..c5182a1 100644
--- a/test/confs/2119
+++ b/test/confs/2119
@@ -35,6 +35,7 @@ check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
!encrypted = AES256-SHA:\
+ AES256-GCM-SHA384:\
IDEA-CBC-MD5:\
DES-CBC3-SHA:\
DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/runtest b/test/runtest
index 5f77e62..51658b8 100755
--- a/test/runtest
+++ b/test/runtest
@@ -181,6 +181,8 @@ system("sudo /bin/rm -rf ./spool test-* ./dnszones/*")
if ($rc == 0 && !$save_output);
system("sudo /bin/rm -rf ./eximdir/*");
+
+print "\nYou were in test $test at the end there.\n\n" if defined $test;
exit $rc if ($rc >= 0);
die "** runtest error: $_[1]\n";
}
@@ -468,6 +470,23 @@ RESET_AFTER_EXTRA_LINE_READ:
\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Exim statistics from <time> to <time>/x;
+ # ======== TLS certificate algorithms ========
+ # Test machines might have various different TLS library versions supporting
+ # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
+ # treat the standard algorithms the same.
+ # So far, have seen:
+ # TLSv1:AES256-SHA:256
+ # TLSv1.2:AES256-GCM-SHA384:256
+ # We also need to handle the ciphersuite without the TLS part present, for
+ # client-ssl's output. We also see some older forced ciphersuites, but
+ # negotiating TLS 1.2 instead of 1.0.
+ # Mail headers (...), log-lines X=..., client-ssl output ...
+ # (and \b doesn't match between ' ' and '(' )
+
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg;
+ s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
+
+
# ======== Caller's login, uid, gid, home, gecos ========
s/\Q$parm_caller_home\E/CALLER_HOME/g; # NOTE: these must be done
