[exim-cvs] Add (2 0 1) test

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Exim Git Commits Mailing List
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] Add (2 0 1) test
Gitweb: http://git.exim.org/exim.git/commitdiff/82525c6fc2b2c12202b93250c2774bf50baae300
Commit:     82525c6fc2b2c12202b93250c2774bf50baae300
Parent:     53a7196b578115484068f8c13326741824002c32
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Aug 10 19:06:47 2014 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Aug 10 19:06:47 2014 +0100


    Add (2 0 1) test
---
 .../example.com/server1.example.com/fullchain.pem  |   58 ++++++++++++++++++++
 test/aux-fixed/exim-ca/genall                      |   10 ++++
 test/confs/5850                                    |   17 +++++-
 test/dnszones-src/db.test.ex                       |    5 ++
 test/log/5850                                      |   11 ++++
 test/scripts/5850-DANE-OpenSSL/5850                |   17 +++++-
 6 files changed, 113 insertions(+), 5 deletions(-)


diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem
new file mode 100644
index 0000000..27ee5ef
--- /dev/null
+++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem
@@ -0,0 +1,58 @@
+Bag Attributes
+    friendlyName: server1.example.com
+    localKeyID: 39 11 FB 30 22 36 42 DA FC D7 A2 8A 0C 60 83 2F 66 A7 B8 4E 
+subject=/CN=server1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAjmgAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNVoXDTM4MDEwMTEyMzQwNVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyAGT263/ZlxGjPEi2BQj
+DMa/86TF+zVzMfozEZNOLiX6Sov54fW5I0nXCm0CjACOelLa2Eos/vqffxu0w5hM
+A8slRHrt0Gak7dJjwgKK/5NAQDrA+WnyJx/62u25299oCKk+egulCC0D3XczA89N
+cLuz8iKvYnWT+rdnbFdAPdcCAwEAAaOCAQcwggEDMA4GA1UdDwEB/wQEAwIE8DAg
+BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
+I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
+BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AvZXhhbXBsZS5jb20vMGUGA1Ud
+EQReMFyCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu
+YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv
+bTANBgkqhkiG9w0BAQUFAAOBgQBWOqQ8y+u4J8KQCHQTiNxIxrUs5Sa+W5HUZ+c8
+SRLXRzDfmNtY7RiofUvbl0j1XH9wuTdjM/EkYnKSYPVu2ra8c8jC3NaVmr0WFqLv
+CvHXQWj2rZha0P/ZG1GfWc4vPYTQ7ugr65syGg4CPswwiUQJKnWBRqe27X1B61pj
++pxY7w==
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA1WhcNMzgw
+MTAxMTIzNDA1WjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwXsp
+P4RsZUoDfQfm5O5bi5unhwl+BTrKIaOtl5TBxMau+qEdKa02DD7Bx6PCzLKhWiZ3
+/MrO7V/cXIBun97dF5Zr5kk+HJk+y3es+xoPd3doknvGQEC/0cSGLcEC7aQ/bEqi
+fw2CgEY5ffkEAnDrdvGGeqBfJJGft/tqmlZbeQIDAQABo1owWDAOBgNVHQ8BAf8E
+BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
+Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQEFBQADgYEA
+Lq4cCtWMjqLHqf6lJUOBMsm+tgFcYDdxwkTquSZyUrbP1jrODkg5lQWNCdvB76B2
+tZQfMJ3F/kct2EAfsKbHqN3f+DARqPAR2qtOqzl3Ou5+TJjExKgojjzIAPFQzswH
+7v4aglpReaPBaVSNOZ7bMn/E8yRy3o466bhzdEIDcII=
+-----END CERTIFICATE-----
+Bag Attributes
+    friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA0WhcNMzgw
+MTAxMTIzNDA0WjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL0wro64rve876glpdRh
+tD6qFY6iH2kCarFFq3WaKmfCvOjYmn4CJr7pL7J5DuvCFh7A0H8lD/on5NK3yqkX
+Yi6EUlaYWxeRo2/PuZYUGbCpejST41sibw9V2dT4MHLidjDShE0W9SfgiMmxfF02
+H5hLYswAGCL1kezsVeEJeH31AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAIn9+8uyQtaq8sBEohTl
+qyJQQeZk5xxaILYP/rCIxc+z5fgOh+usB9adaiD23RPuuD/P2c3UqHJQWqIUTu46
+eOKn9K7X7ndIH3WnaC/u4nysL+SIAug72/k1BAVGNQvyNQMhth6CfZTgY0tgcS0Z
+RSHyhbTD0HeiJDI281BoOJjm
+-----END CERTIFICATE-----
diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall
index d1901fe..0e3feb2 100755
--- a/test/aux-fixed/exim-ca/genall
+++ b/test/aux-fixed/exim-ca/genall
@@ -17,6 +17,16 @@ do
     clica -D example.$tld -p password -s 201 -S server2.example.$tld
     clica -D example.$tld -p password -s 202 -S revoked2.example.$tld
     clica -D example.$tld -p password -s 203 -S expired2.example.$tld -m 1
+
+
+    # openssl seems to generate a file (ca_chain.pam) in an order it
+    # cannot then use (the key applies to the first cert in the file?).
+    # Generate a shuffled one.
+    cd example.$tld/server1.example.$tld
+    openssl pkcs12 -in server1.example.com.p12 -passin file:pwdfile -cacerts -out cacerts.pem -nokeys
+    cat server1.example.com.pem cacerts.pem > fullchain.pem
+    rm cacerts.pem
+    cd ../..
 done


# and loop again
diff --git a/test/confs/5850 b/test/confs/5850
index b2c7cb7..c381ef6 100644
--- a/test/confs/5850
+++ b/test/confs/5850
@@ -24,9 +24,20 @@ queue_run_in_order
tls_advertise_hosts = *

# Set certificate only if server
+CDIR1 = DIR/aux-fixed
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com

-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-#tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = ${if eq {SERVER}{server} \
+    {${if eq {DETAILS}{ta} \
+        {CDIR2/fullchain.pem}\
+        {CDIR1/cert1}}}\
+    fail}
+
+tls_privatekey = ${if eq {SERVER}{server} \
+    {${if eq {DETAILS}{ta} \
+        {CDIR2/server1.example.com.unlocked.key}\
+        {CDIR1/cert1}}}\
+    fail}



# ----- Routers -----
@@ -35,7 +46,7 @@ begin routers

 client:
   driver = dnslookup
-  condition = ${if eq {SERVER}{server}{no}{yes}}
+  condition = ${if eq {SERVER}{}}
   dnssec_request_domains = *
   self = send
   transport = send_to_server
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index 5cc61fd..4ec367c 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -394,4 +394,9 @@ DNSSEC _1225._tcp.dane512ee TLSA  3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb5904
 DNSSEC dane256ee   A       HOSTIPV4
 DNSSEC _1225._tcp.dane256ee TLSA  3 1 1 2bb55f418bb03411a5007cecbfcd3ec1c94404312c0d53a44bb2166b32654db3


+; full MX, sha256, TA-mode
+DNSSEC mxdane256ta MX  1  dane256ta.
+DNSSEC dane256ta   A       HOSTIPV4
+DNSSEC _1225._tcp.dane256ta TLSA  2 0 1 b2c6f27f2d16390b4f71cacc69742bf610d750534fab240516c0f2deb4042ad4
+
 ; End
diff --git a/test/log/5850 b/test/log/5850
index 4981373..62dc13f 100644
--- a/test/log/5850
+++ b/test/log/5850
@@ -6,6 +6,11 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for CALLER@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@??? R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=dane DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf


******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
@@ -17,3 +22,9 @@
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@???> R=server
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@??? for CALLER@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@???> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
diff --git a/test/scripts/5850-DANE-OpenSSL/5850 b/test/scripts/5850-DANE-OpenSSL/5850
index a021dee..814b4b0 100644
--- a/test/scripts/5850-DANE-OpenSSL/5850
+++ b/test/scripts/5850-DANE-OpenSSL/5850
@@ -1,6 +1,6 @@
# DANE client: general
#
-exim -DSERVER=server -bd -oX PORT_D
+exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
****
# TLSA (3 1 1)
exim CALLER@???
@@ -13,5 +13,18 @@ Testing
exim -qf
****
killdaemon
-exim -DSERVER=server -DNOTDAEMON -qf
+exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf
+****
+#
+#
+exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D
+****
+# TLSA (2 0 1)
+exim CALLER@???
+Testing
+****
+exim -qf
+****
+killdaemon
+exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf
****