diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 15:14:54 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 16:54:54 +0000 |
| commit | 520ef00f56cea3d35688bf4e13599a6e37ba275f (patch) | |
| tree | d82a14604c5b1216213dcffcfe40ad43a715404b /test | |
| parent | 4f7a93c27e3d43b44c42d3fc503f03b9b42ca622 (diff) | |
| download | exim4-520ef00f56cea3d35688bf4e13599a6e37ba275f.tar.gz | |
TLS: Fix handling for server cert/key file SNI re-expansion forced-fail
Diffstat (limited to 'test')
| -rw-r--r-- | test/confs/2031 | 62 | ||||
| -rw-r--r-- | test/confs/2131 | 60 | ||||
| -rw-r--r-- | test/log/2031 | 38 | ||||
| -rw-r--r-- | test/log/2131 | 44 | ||||
| -rw-r--r-- | test/paniclog/2131 | 8 | ||||
| -rw-r--r-- | test/scripts/2000-GnuTLS/2031 | 51 | ||||
| -rw-r--r-- | test/scripts/2100-OpenSSL/2131 | 50 | ||||
| -rw-r--r-- | test/stderr/2131 | 8 |
8 files changed, 237 insertions, 84 deletions
diff --git a/test/confs/2031 b/test/confs/2031 index af27b2ffd..62577a61a 100644 --- a/test/confs/2031 +++ b/test/confs/2031 @@ -1,4 +1,4 @@ -# Exim test configuration 2030 +# Exim test configuration 2031 # SNI SERVER = @@ -17,21 +17,33 @@ remote_max_parallel = 1 tls_advertise_hosts = * -# Set certificate only if server - -tls_certificate = ${if eq {SERVER}{server} \ - {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ +tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \ {cert1} \ - }\ - }fail} - -tls_privatekey = ${if eq {SERVER}{server} \ - {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ + {${if eq {$tls_in_sni}{badcert} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{nonexistcertfile} \ + {nonexistent_file} \ + fail \ + } } \ + } } \ + } } \ + } + +tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \ {cert1} \ - }\ - }fail} + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{badkey} \ + {cert2} \ + {${if eq {$tls_in_sni}{noneistkeyfile} \ + {nonexist_file} \ + fail \ + } } \ + } } \ + } } \ + } # ------ ACL ------ @@ -49,7 +61,7 @@ begin routers client: driver = accept condition = ${if !eq {SERVER}{server}} - transport = send_to_server${if eq{$local_part}{abcd}{2}{1}} + transport = send_to_server server: driver = redirect @@ -60,22 +72,14 @@ server: begin transports -send_to_server1: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - hosts_try_fastopen = : - tls_sni = fred - -send_to_server2: - driver = smtp +send_to_server: + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D + hosts = HOSTIPV4 + port = PORT_D hosts_try_fastopen = : - tls_sni = bill - + hosts_require_tls = * + tls_sni = ${local_part} # ----- Retry ----- diff --git a/test/confs/2131 b/test/confs/2131 index e4d4ae551..a9924ab5b 100644 --- a/test/confs/2131 +++ b/test/confs/2131 @@ -17,13 +17,34 @@ remote_max_parallel = 1 tls_advertise_hosts = * -tls_certificate = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ - {cert1} } +tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \ + {cert1} \ + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ + {${if eq {$tls_in_sni}{badcert} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{nonexistcertfile} \ + {nonexistent_file} \ + fail \ + } } \ + } } \ + } } \ + } + +tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \ + {cert1} \ + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{badkey} \ + {cert2} \ + {${if eq {$tls_in_sni}{noneistkeyfile} \ + {nonexist_file} \ + fail \ + } } \ + } } \ + } } \ + } -tls_privatekey = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ - {cert1} } # ------ ACL ------ @@ -40,7 +61,7 @@ begin routers client: driver = accept condition = ${if !eq {SERVER}{server}} - transport = send_to_server${if eq{$local_part}{abcd}{2}{1}} + transport = send_to_server_${if inlist {$local_part}{normal} {1}{2}} server: driver = redirect @@ -51,29 +72,28 @@ server: begin transports -send_to_server1: - driver = smtp +send_to_server_1: + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D + hosts = HOSTIPV4 + port = PORT_D hosts_try_fastopen = : - tls_sni = fred - hosts_require_tls = * + hosts_require_tls = * + tls_sni = ${local_part} tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : -send_to_server2: - driver = smtp +send_to_server_2: + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D + hosts = HOSTIPV4 + port = PORT_D hosts_try_fastopen = : - tls_sni = bill - hosts_require_tls = * + hosts_require_tls = * + tls_sni = ${local_part} tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_cert_hostnames = : - # ----- Retry ----- diff --git a/test/log/2031 b/test/log/2031 index 2173cd8fd..387ff4110 100644 --- a/test/log/2031 +++ b/test/log/2031 @@ -1,17 +1,35 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for normal@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => normal@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for abcd@test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for alternate@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => alternate@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for badkey@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 == badkey@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noneistkeyfile@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 == noneistkeyfile@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for expansionfailkey@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 == expansionfailkey@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for badcert@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 == badcert@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for nonexistcertfile@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 == nonexistcertfile@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for expansionfailedcert@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 == expansionfailedcert@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (gnutls_handshake): rxd alert: Internal error ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server +1999-03-02 09:44:33 SNI <normal> +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=normal S=sss id=E10HmaX-0005vi-00@myhost.test.ex for normal@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <normal@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 SNI <bill> -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=bill S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <abcd@test.ex> R=server +1999-03-02 09:44:33 SNI <alternate> +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=alternate S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for alternate@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <alternate@test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The requested data were not available. diff --git a/test/log/2131 b/test/log/2131 index 4bd677d97..96c4fe980 100644 --- a/test/log/2131 +++ b/test/log/2131 @@ -1,17 +1,41 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for normal@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => normal@test.ex R=client T=send_to_server_1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for abcd@test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for alternate@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => alternate@test.ex R=client T=send_to_server_2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for badkey@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 == badkey@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noneistkeyfile@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 == noneistkeyfile@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for expansionfailkey@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 == expansionfailkey@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for badcert@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 == badcert@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for nonexistcertfile@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 == nonexistcertfile@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for expansionfailedcert@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 == expansionfailedcert@test.ex R=client T=send_to_server_2 defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>> ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server +1999-03-02 09:44:33 SNI <normal> +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=normal S=sss id=E10HmaX-0005vi-00@myhost.test.ex for normal@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <normal@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 SNI <bill> -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=bill S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <abcd@test.ex> R=server +1999-03-02 09:44:33 SNI <alternate> +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=alternate S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for alternate@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <alternate@test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/cert2): error:05800074:x509 certificate routines::key values mismatch +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/nonexist_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 expansion of tls_privatekey failed +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key): error:0480006C:PEM routines::no start line +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/nonexistent_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> +1999-03-02 09:44:33 expansion of tls_certificate failed +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>> diff --git a/test/paniclog/2131 b/test/paniclog/2131 new file mode 100644 index 000000000..22ed5322c --- /dev/null +++ b/test/paniclog/2131 @@ -0,0 +1,8 @@ + +******** SERVER ******** +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/cert2): error:05800074:x509 certificate routines::key values mismatch +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/nonexist_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 expansion of tls_privatekey failed +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key): error:0480006C:PEM routines::no start line +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/nonexistent_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 expansion of tls_certificate failed diff --git a/test/scripts/2000-GnuTLS/2031 b/test/scripts/2000-GnuTLS/2031 index d302738fd..fdf17f705 100644 --- a/test/scripts/2000-GnuTLS/2031 +++ b/test/scripts/2000-GnuTLS/2031 @@ -1,19 +1,56 @@ # TLS server: SNI used to select certificate +# +# The interesting output is the DN of server logged by the client gnutls exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 1 # # -# Extended: server uses SNI to choose certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -sleep 1 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# server picks a non-existing filenam for cert +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon +no_msglog_check diff --git a/test/scripts/2100-OpenSSL/2131 b/test/scripts/2100-OpenSSL/2131 index c1029bb8f..9a0885308 100644 --- a/test/scripts/2100-OpenSSL/2131 +++ b/test/scripts/2100-OpenSSL/2131 @@ -1,20 +1,54 @@ # TLS server: SNI used to select certificate # +# The interesting output is the DN of server logged by the client exim -DSERVER=server -bd -oX PORT_D **** -# Extended: certificate choice is unchanged by received SNI -exim CALLER@test.ex +# certificate choice is unchanged by a received SNI +exim -odf normal@test.ex Test message. **** -sleep 2 # # -# Extended: server uses SNI to change certificate -exim abcd@test.ex -Test message. +# server uses SNI to choose certificate +exim -odf alternate@test.ex +**** +# +# server picks a key file with bad content +exim -odf badkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for key +exim -odf noneistkeyfile@test.ex **** -millisleep 500 +sudo rm DIR/spool/db/retry +# +# +# server gets an expansion-fail for the keyfile +exim -odf expansionfailkey@test.ex +**** +sudo rm DIR/spool/db/retry +# +# +# +# +# server picks a cert file with bad content +exim -odf badcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server picks a non-existing filenam for cert +exim -odf nonexistcertfile@test.ex +**** +sudo rm DIR/spool/db/retry +# +# server gets an expansion-fail for the certfile +exim -odf expansionfailedcert@test.ex +**** +sudo rm DIR/spool/db/retry +# +# # # killdaemon -sleep 2 +no_msglog_check diff --git a/test/stderr/2131 b/test/stderr/2131 new file mode 100644 index 000000000..22ed5322c --- /dev/null +++ b/test/stderr/2131 @@ -0,0 +1,8 @@ + +******** SERVER ******** +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/cert2): error:05800074:x509 certificate routines::key values mismatch +1999-03-02 09:44:33 (SSL_CTX_use_PrivateKey_file file=TESTSUITE/aux-fixed/nonexist_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 expansion of tls_privatekey failed +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key): error:0480006C:PEM routines::no start line +1999-03-02 09:44:33 (SSL_CTX_use_certificate_chain_file file=TESTSUITE/aux-fixed/nonexistent_file): error:80000002:system library::No such file or directory +1999-03-02 09:44:33 expansion of tls_certificate failed |