X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=test%2Fruntest;h=a38f112afe85a440313b1921735d32c51a2a0208;hp=da02aa4bbfa7c6fcf03fba610da2bab96a814f46;hb=d16931c81f3e500fa6eafe5ec1c5d8e7db63e65a;hpb=55997e6c4457d48140d2c7b3919bf98a46374ac7

diff --git a/test/runtest b/test/runtest
index da02aa4bb..a38f112af 100755
--- a/test/runtest
+++ b/test/runtest
@@ -490,6 +490,11 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx;
   s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}(\s[+-]\d\d\d\d)?\s/2017-07-30 18:51:05.712 /gx;
   s/^Logwrite\s"\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Logwrite "1999-03-02 09:44:33/gx;
+  # Date/time in syslog test
+  s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s/2017-07-30 18:51:05 /gx;
+  s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s/2017-07-30 18:51:05.712 /gx;
+  s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s[+-]\d\d\d\d\s/2017-07-30 18:51:05 +9999 /gx;
+  s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}\s[+-]\d\d\d\d\s/2017-07-30 18:51:05.712 +9999 /gx;
 
   s/((D|[RQD]T)=)\d+s/$1qqs/g;
   s/((D|[RQD]T)=)\d\.\d{3}s/$1q.qqqs/g;
@@ -539,6 +544,7 @@ RESET_AFTER_EXTRA_LINE_READ:
   #   TLSv1.1:AES256-SHA:256
   #   TLSv1.2:AES256-GCM-SHA384:256
   #   TLSv1.2:DHE-RSA-AES256-SHA:256
+  #   TLSv1.3:TLS_AES_256_GCM_SHA384:256
   #   TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
   # We also need to handle the ciphersuite without the TLS part present, for
   # client-ssl's output.  We also see some older forced ciphersuites, but
@@ -548,10 +554,14 @@ RESET_AFTER_EXTRA_LINE_READ:
   #
   # Retain the authentication algorith field as we want to test that.
 
-  s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
+  s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[123]:/$1TLSv1:/xg;
   s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
   s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
 
+  # OpenSSL TLSv1.3 - unsure what to do about the authentication-variant testcases now,
+  # as it seems the protocol no longer supports a user choice.
+  s/TLS_AES(_256)_GCM_SHA384:256/TLS-AES256-SHA:xxx/g;
+
   # LibreSSL
   # TLSv1:AES256-GCM-SHA384:256
   # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
@@ -675,8 +685,12 @@ RESET_AFTER_EXTRA_LINE_READ:
   s"test-mail/temp\.\d+\."test-mail/temp.pppp.";
 
   # Optional pid in log lines
-  s/^(\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d)(\s[+-]\d\d\d\d|)(\s\[\d+\])/
-    "$1$2 [" . new_value($3, "%s", \$next_pid) . "]"/gxe;
+  s/^(\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d)(\.\d{3}|)(\s[+-]\d{4}|)(\s\[\d+\])/
+    "$1$2$3 [" . new_value($4, "%s", \$next_pid) . "]"/gxe;
+
+  # Optional pid in syslog test lines
+  s/^(SYSLOG:\s\'([-0-9]{10}\s[:.0-9]{8,12}\s([-+]\d{4}\s)?|))(\[\d+\] )/
+    "$1\[" . new_value($4, "%s", \$next_pid) . "]"/gxe;
 
   # Detect a daemon stderr line with a pid and save the pid for subsequent
   # removal from following lines.
@@ -1087,6 +1101,9 @@ RESET_AFTER_EXTRA_LINE_READ:
     # Experimental_International
     next if / in smtputf8_advertise_hosts\? no \(option unset\)/;
 
+    # Experimental_REQUIRETLS
+    next if / in tls_advertise_requiretls?\? no \(end of list\)/;
+
     # Environment cleaning
     next if /\w+ in keep_environment\? (yes|no)/;
 
@@ -1201,6 +1218,27 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/;
     s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/;
     s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./;
+
+    # DKIM timestamps
+    if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / )
+      {
+      my ($prefix, $t_diff) = ($1, $3 - $2);
+      s/DKIM: d=.* t=[0-9]* x=[0-9]* /${prefix} t=T x=T+${t_diff} /;
+      }
+    }
+
+  # ======== mail ========
+
+  elsif ($is_mail)
+    {
+    # DKIM timestamps, and signatures depending thereon
+    if ( /^(\s+)t=([0-9]*); x=([0-9]*); b=[A-Za-z0-9+\/]+$/ )
+      {
+      my ($indent, $t_diff) = ($1, $3 - $2);
+      s/.*/${indent}t=T; x=T+${t_diff}; b=bbbb;/;
+      <IN>;
+      <IN>;
+      }
     }
 
   # ======== All files other than stderr ========
@@ -1549,7 +1587,15 @@ $munges =
     { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' },
 
     'tls_anycipher' =>
-    { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' },
+    { 'mainlog'   => 's! X=TLS\S+ ! X=TLS_proto_and_cipher !;
+		      s! DN="C=! DN="/C=!;
+		      s! DN="[^,"]*\K,!/!;
+		      s! DN="[^,"]*\K,!/!;
+		      s! DN="[^,"]*\K,!/!;
+		     ',
+      'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /',
+      'mail'      => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/',
+    },
 
     'debug_pid' =>
     { 'stderr' => 's/(^\s{0,4}|(?<=Process )|(?<=child ))\d{1,5}/ppppp/g' },
@@ -1560,12 +1606,14 @@ $munges =
 
     'optional_config' =>
     { 'stdout' => '/^(
-                  dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity)
+                  dkim_(canon|domain|private_key|selector|sign_headers|strict|hash|identity|timestamps)
                   |gnutls_require_(kx|mac|protocols)
                   |hosts_(requ(est|ire)|try)_(dane|ocsp)
+		  |dane_require_tls_ciphers
                   |hosts_(avoid|nopass|noproxy|require|verify_avoid)_tls
                   |socks_proxy
                   |tls_[^ ]*
+		  |utf8_downconvert
                   )($|[ ]=)/x'
     },