Testsuite: Add testcase for OCSP-nonaware client, to supporting server. Bug 1664

The logfile here is for (I hope) the passing case, though the fixed GnuTLS library
is not yet available.  Also due to the bug, client-gnutls is not usable for the
test; client-openssl must be used - meaning that a GnuTLS-only system cannot run
the testcase:

  OCSP-GnuTLS/5650 OCSP stapling, server
  ** Command 15 ("client-ssl", starting at line 98)
  ** Return code 127 (expected 0)

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 61ed0e81c49e071139c06ddd4b24b1701580f073..e2ac17c8838df75d1e73f85356a2480231503d24 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -842,7 +842,7 @@ if (  !host /* server */
   gnutls_certificate_set_ocsp_status_request_function(state->x509_cred,
     server_ocsp_stapling_cb, state->exp_tls_ocsp_file);
 
-  DEBUG(D_tls) debug_printf("Set OCSP response file %s\n", &state->exp_tls_ocsp_file);
+  DEBUG(D_tls) debug_printf("OCSP response file = %s\n", state->exp_tls_ocsp_file);
   }
 #endif
 

diff --git a/test/log/5650 b/test/log/5650
index 6bb5502484bb6aa567f9c55c23014ed7dbb08319..b70aebb0ef2f42ccf8419a22674c78607170f50e 100644 (file)
--- a/test/log/5650
+++ b/test/log/5650
@@ -1,11 +1,17 @@
+1999-03-02 09:44:33 1: Server sends good staple on request
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
 1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone)
+1999-03-02 09:44:33 2: Server does not staple an outdated response
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated.
 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
 1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): The TLS connection was non-properly terminated.
 1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)

diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index 440053ecbdc53f93dd7306088b2ab8648bfbfcb9..9ebafb3e264a5b44af6777b166416a69f9137c49 100644 (file)
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -2,7 +2,9 @@
 #
 #
 #
-# 1: Server sends good staple on request
+exim -z '1: Server sends good staple on request'
+****
+#
 exim -bd -oX PORT_D -DSERVER=server \
  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
 ****
@@ -30,7 +32,9 @@ killdaemon
 #
 #
 #
-# 2: Server does not staple an outdated response
+exim -z '2: Server does not staple an outdated response'
+****
+#
 exim -bd -oX PORT_D -DSERVER=server \
  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
 ****
@@ -54,7 +58,9 @@ killdaemon
 #
 #
 #
-# 3: Server does not staple a response for a revoked cert
+exim -z '3: Server does not staple a response for a revoked cert'
+****
+#
 exim -bd -oX PORT_D -DSERVER=server \
  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
 ****
@@ -78,3 +84,40 @@ killdaemon
 #
 #
 #
+exim -z '4: Connection functions when server is prepared to staple but client does not request it'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+****
+#
+# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
+# stapling
+#
+#client-gnutls \
+client-ssl \
+ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+ehlo rhu.barb.tls
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+quit
+****
+killdaemon
+#
+#
+#
+#
+#

diff --git a/test/stdout/5650 b/test/stdout/5650
index e0bbf45071b41ca3d92873f537bb4f784f7ecc1a..7b5628c6aaccafb259c9daa109a9bc47bd73146f 100644 (file)
--- a/test/stdout/5650
+++ b/test/stdout/5650
@@ -78,3 +78,39 @@ Key file = aux-fixed/cert2
 Attempting to start TLS
 Bad certificate
 End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+Succeeded in starting TLS
+>>> ehlo rhu.barb.tls
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb.tls [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250
+<<< 250 HELP
+>>> quit
+End of script