diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 15:14:54 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 16:54:54 +0000 |
| commit | 520ef00f56cea3d35688bf4e13599a6e37ba275f (patch) | |
| tree | d82a14604c5b1216213dcffcfe40ad43a715404b /test/scripts | |
| parent | 4f7a93c27e3d43b44c42d3fc503f03b9b42ca622 (diff) | |
| download | exim4-520ef00f56cea3d35688bf4e13599a6e37ba275f.tar.gz | |
TLS: Fix handling for server cert/key file SNI re-expansion forced-fail
Diffstat (limited to 'test/scripts')
| -rw-r--r-- | test/scripts/2000-GnuTLS/2031 | 51 | ||||
| -rw-r--r-- | test/scripts/2100-OpenSSL/2131 | 50 |
2 files changed, 86 insertions, 15 deletions
diff --git a/test/scripts/2000-GnuTLS/2031 b/test/scripts/2000-GnuTLS/2031 index d302738fd..fdf17f705 100644 --- a/test/scripts/2000-GnuTLS/2031 +++ b/test/scripts/2000-GnuTLS/2031 @@ -1,19 +1,56 @@ # TLS server: SNI used to select certificate +# +# The interesting output is the DN of server logged by the client gnutls exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 1 # # -# Extended: server uses SNI to choose certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -sleep 1 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# server picks a non-existing filenam for cert +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon +no_msglog_check diff --git a/test/scripts/2100-OpenSSL/2131 b/test/scripts/2100-OpenSSL/2131 index c1029bb8f..9a0885308 100644 --- a/test/scripts/2100-OpenSSL/2131 +++ b/test/scripts/2100-OpenSSL/2131 @@ -1,20 +1,54 @@ # TLS server: SNI used to select certificate # +# The interesting output is the DN of server logged by the client exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 2 # # -# Extended: server uses SNI to change certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -millisleep 500 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server gets an expansion-fail for the certfile +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon -sleep 2 +no_msglog_check |