[exim-cvs] Testsuite: regularize client_anytls OCSP trace ou…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Asunto: [exim-cvs] Testsuite: regularize client_anytls OCSP trace output
Gitweb: https://git.exim.org/exim.git/commitdiff/f57cb3b57b285e560cadc6a4183162830ab5aafd
Commit:     f57cb3b57b285e560cadc6a4183162830ab5aafd
Parent:     62b97c2ecf148ee86053d82e5509e4c3a5a20054
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Nov 22 20:49:05 2022 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Tue Nov 22 22:00:22 2022 +0000


    Testsuite: regularize client_anytls OCSP trace output
---
 test/src/client.c | 37 ++++++++++++++++++++++++-------------
 test/stdout/1102  |  2 ++
 test/stdout/5600  |  6 +++---
 test/stdout/5610  |  6 +++---
 4 files changed, 32 insertions(+), 19 deletions(-)


diff --git a/test/src/client.c b/test/src/client.c
index 4e2449817..250f7af8b 100644
--- a/test/src/client.c
+++ b/test/src/client.c
@@ -86,7 +86,7 @@ latter needs a whole pile of tables. */
 # include <gnutls/gnutls.h>
 # include <gnutls/x509.h>
 # if GNUTLS_VERSION_NUMBER >= 0x030103
-#  define HAVE_OCSP
+#  define HAVE_GNUTLS_OCSP
 #  include <gnutls/ocsp.h>
 # endif
 # ifndef GNUTLS_NO_EXTENSIONS
@@ -711,7 +711,7 @@ nextinput:
     if (*inptr != 0)
       goto nextinput;


-    #ifdef HAVE_TLS
+#ifdef HAVE_TLS
     if (srv->sent_starttls)
       {
       if (lineptr[0] == '2')
@@ -721,11 +721,11 @@ nextinput:
         printf("Attempting to start TLS\n");
         fflush(stdout);


-        #ifdef HAVE_OPENSSL
+# ifdef HAVE_OPENSSL
         srv->tls_active = tls_start(srv->sock, &srv->ssl, srv->ctx);
-        #endif
+# endif


-        #ifdef HAVE_GNUTLS
+# ifdef HAVE_GNUTLS
       {
       int rc;
       fd_set rfd;
@@ -760,14 +760,20 @@ nextinput:
         DEBUG { printf("gnutls_record_recv: %d\n", rc); fflush(stdout); }
         }
       }
-        #endif
+# endif    /*HAVE_GNUTLS*/


         if (!srv->tls_active)
           {
           printf("Failed to start TLS\n");
           fflush(stdout);
           }
-    #ifdef HAVE_GNUTLS
+
+# ifdef HAVE_OPENSSL
+    else if (ocsp_stapling)
+      printf("Succeeded in starting TLS (with OCSP)\n");
+# endif
+
+# ifdef HAVE_GNUTLS
     else if (ocsp_stapling)
       {
       if ((rc= gnutls_certificate_verify_peers2(tls_session, &verify)) < 0)
@@ -780,7 +786,7 @@ nextinput:
         printf("Bad certificate\n");
         fflush(stdout);
         }
-      #ifdef HAVE_OCSP
+#  ifdef HAVE_GNUTLS_OCSP
       else if (gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
         {
         printf("Failed to verify certificate status\n");
@@ -803,14 +809,19 @@ nextinput:
         fflush(stdout);
         }
         else
+          {
+          printf("OCSP status response: good signature\n");
           printf("Succeeded in starting TLS (with OCSP)\n");
-      #endif
+          }
+# endif    /*HAVE_GNUTLS_OCSP*/
       }
-    #endif
+# endif    /*HAVE_GNUTLS*/
+
         else
           printf("Succeeded in starting TLS\n");
         }
-      else printf("Abandoning TLS start attempt\n");
+      else
+        printf("Abandoning TLS start attempt\n");
       }
     srv->sent_starttls = 0;
     #endif
@@ -1291,7 +1302,7 @@ if (certfile != NULL) printf("Certificate file = %s\n", certfile);
 if (keyfile != NULL) printf("Key file = %s\n", keyfile);
 tls_init(US certfile, US keyfile);
 tls_session = tls_session_init();
-#ifdef HAVE_OCSP
+#ifdef HAVE_GNUTLS_OCSP
 if (ocsp_stapling)
   gnutls_ocsp_status_request_enable_client(tls_session, NULL, 0, NULL);
 #endif
@@ -1337,7 +1348,7 @@ if (tls_on_connect)


   if (!srv.tls_active)
     printf("Failed to start TLS\n");
-#if defined(HAVE_GNUTLS) && defined(HAVE_OCSP)
+#if defined(HAVE_GNUTLS) && defined(HAVE_GNUTLS_OCSP)
   else if (  ocsp_stapling
       && gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
     printf("Failed to verify certificate status\n");
diff --git a/test/stdout/1102 b/test/stdout/1102
index 908c37d34..3803fb2a9 100644
--- a/test/stdout/1102
+++ b/test/stdout/1102
@@ -7,6 +7,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
 ??? 220
 <<< 220 TLS go ahead
 Attempting to start TLS
+OCSP status response: good signature
 Succeeded in starting TLS (with OCSP)

>>> EHLO rhu.barb

????250
@@ -29,6 +30,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
+OCSP status response: good signature
Succeeded in starting TLS (with OCSP)
>>> EHLO rhu.barb

????250
diff --git a/test/stdout/5600 b/test/stdout/5600
index 165c0ff78..5493ef79a 100644
--- a/test/stdout/5600
+++ b/test/stdout/5600
@@ -21,7 +21,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
OCSP status response: good signature
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> helo test

??? 250
<<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4]
@@ -58,7 +58,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
@@ -83,7 +83,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
diff --git a/test/stdout/5610 b/test/stdout/5610
index c1b442906..7dbadc46e 100644
--- a/test/stdout/5610
+++ b/test/stdout/5610
@@ -21,7 +21,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
OCSP status response: good signature
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> helo test

??? 250
<<< 250 server1.example.com Hello test [ip4.ip4.ip4.ip4]
@@ -58,7 +58,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2
@@ -83,7 +83,7 @@ Key file = aux-fixed/cert2
<<< 220 TLS go ahead
Attempting to start TLS
no OCSP response received
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/cert2