[exim-cvs] Handle TLSv1.2 in test suite.

Página Inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Assunto: [exim-cvs] Handle TLSv1.2 in test suite.
Gitweb: http://git.exim.org/exim.git/commitdiff/6bf5d8f2ca7524fd63f803032cada89e54544cf3
Commit:     6bf5d8f2ca7524fd63f803032cada89e54544cf3
Parent:     1365611d62f130d0a096b322656b5b790628d2c7
Author:     Phil Pennock <pdp@???>
AuthorDate: Thu May 17 08:16:11 2012 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Thu May 17 08:16:11 2012 -0400


    Handle TLSv1.2 in test suite.


    Normalise TLSv1.2 to TLSv1.
    Normalise AES256-GCM-SHA384 to AES256-SHA.
    Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs.


    Have test suite print final test id during abort, make it easier to track down.
---
 test/confs/2002 |    1 +
 test/confs/2019 |    1 +
 test/confs/2102 |    1 +
 test/confs/2119 |    1 +
 test/runtest    |   19 +++++++++++++++++++
 5 files changed, 23 insertions(+), 0 deletions(-)


diff --git a/test/confs/2002 b/test/confs/2002
index 22dc68e..e8358da 100644
--- a/test/confs/2002
+++ b/test/confs/2002
@@ -35,6 +35,7 @@ check_recipient:
   accept  hosts = :
   deny    hosts = HOSTIPV4
          !encrypted = AES256-SHA : \
+                      AES256-GCM-SHA384 : \
                       IDEA-CBC-MD5 : \
                       DES-CBC3-SHA : \
                       DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2019 b/test/confs/2019
index 993c8e0..8e63c05 100644
--- a/test/confs/2019
+++ b/test/confs/2019
@@ -35,6 +35,7 @@ check_recipient:
   accept  hosts = :
   deny    hosts = HOSTIPV4
          !encrypted = AES256-SHA:\
+                      AES256-GCM-SHA384:\
                       IDEA-CBC-MD5:\
                       DES-CBC3-SHA:\
                       DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/confs/2102 b/test/confs/2102
index 3caab6f..8318072 100644
--- a/test/confs/2102
+++ b/test/confs/2102
@@ -35,6 +35,7 @@ check_recipient:
   accept  hosts = :
   deny    hosts = HOSTIPV4
          !encrypted = AES256-SHA : \
+                      AES256-GCM-SHA384 : \
                       IDEA-CBC-MD5 : \
                       DES-CBC3-SHA : \
                       DHE_RSA_AES_256_CBC_SHA1 : \
diff --git a/test/confs/2119 b/test/confs/2119
index b64ebf7..c5182a1 100644
--- a/test/confs/2119
+++ b/test/confs/2119
@@ -35,6 +35,7 @@ check_recipient:
   accept  hosts = :
   deny    hosts = HOSTIPV4
          !encrypted = AES256-SHA:\
+                      AES256-GCM-SHA384:\
                       IDEA-CBC-MD5:\
                       DES-CBC3-SHA:\
                       DHE_RSA_AES_256_CBC_SHA1:\
diff --git a/test/runtest b/test/runtest
index 5f77e62..51658b8 100755
--- a/test/runtest
+++ b/test/runtest
@@ -181,6 +181,8 @@ system("sudo /bin/rm -rf ./spool test-* ./dnszones/*")
   if ($rc == 0 && !$save_output);


 system("sudo /bin/rm -rf ./eximdir/*");
+
+print "\nYou were in test $test at the end there.\n\n" if defined $test;
 exit $rc if ($rc >= 0);
 die "** runtest error: $_[1]\n";
 }
@@ -468,6 +470,23 @@ RESET_AFTER_EXTRA_LINE_READ:
     \d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Exim statistics from <time> to <time>/x;



+ # ======== TLS certificate algorithms ========
+ # Test machines might have various different TLS library versions supporting
+ # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
+ # treat the standard algorithms the same.
+ # So far, have seen:
+ # TLSv1:AES256-SHA:256
+ # TLSv1.2:AES256-GCM-SHA384:256
+ # We also need to handle the ciphersuite without the TLS part present, for
+ # client-ssl's output. We also see some older forced ciphersuites, but
+ # negotiating TLS 1.2 instead of 1.0.
+ # Mail headers (...), log-lines X=..., client-ssl output ...
+ # (and \b doesn't match between ' ' and '(' )
+
+ s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.2:/$1TLSv1:/xg;
+ s/\bAES256-GCM-SHA384\b/AES256-SHA/g;
+
+
# ======== Caller's login, uid, gid, home, gecos ========

s/\Q$parm_caller_home\E/CALLER_HOME/g; # NOTE: these must be done