WIP, testing changes to be merged back

jetmore · Dec 1, 2023 · f8b8e16 · f8b8e16
1 parent 34ceb84
commit f8b8e16
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 2 deletions.
diff --git a/Changes b/Changes
@@ -1024,3 +1024,4 @@
 * 20231126 In prep for handling peer chains properly, change the printing
            of local cert labeling from local/chain to local[i], but
            only if there is more than one local cert.
+* 20231130 Show debug for entire peer cert chain, not just for the end cert
diff --git a/testing/regressions/_exec-transactions/00229.test b/testing/regressions/_exec-transactions/00229.test
@@ -0,0 +1,18 @@
+auto: REMOVE_FILE,CREATE_FILE,MUNGE,COMPARE_FILE %TESTID%.stdout %TESTID%.stderr %TESTID%.exits
+
+
+
+test action: CMD_CAPTURE %SWAKS% --to [email protected] --from [email protected] --helo hserver \
+  --tls \
+  --pipe '%TEST_SERVER% --silent --domain pipe \
+  --cert %CERTDIR%/signed-intermediate-full-chain.pem \
+  --key  %CERTDIR%/signed-intermediate.example.com.key \
+  part-0000-connect-standard.txt \
+  part-0101-ehlo-all.txt \
+  part-0203-starttls-basic-verify.txt \
+  part-0105-ehlo-post-tls-info.txt \
+  part-1000-mail-basic.txt \
+  part-1100-rcpt-basic-accept.txt \
+  part-2500-data-accept-basic.txt \
+  part-3000-shutdown-accept.txt \
+  '
diff --git a/testing/regressions/_exec-transactions/out-ref/00229.exits b/testing/regressions/_exec-transactions/out-ref/00229.exits
@@ -0,0 +1 @@
+CMD_CAPTURE       0   %SWAKS_COMMAND% --to [email protected] --from [email protected] --helo hserver --tls --pipe %TEST_SERVER% --silent --domain pipe   --cert %CERTDIR%/signed-intermediate-full-chain.pem   --key  %CERTDIR%/signed-intermediate.example.com.key   part-0000-connect-standard.txt   part-0101-ehlo-all.txt   part-0203-starttls-basic-verify.txt   part-0105-ehlo-post-tls-info.txt   part-1000-mail-basic.txt   part-1100-rcpt-basic-accept.txt   part-2500-data-accept-basic.txt   part-3000-shutdown-accept.txt   
diff --git a/testing/regressions/_exec-transactions/out-ref/00229.stderr b/testing/regressions/_exec-transactions/out-ref/00229.stderr
diff --git a/testing/regressions/_exec-transactions/out-ref/00229.stdout b/testing/regressions/_exec-transactions/out-ref/00229.stdout
@@ -0,0 +1,73 @@
+=== Trying pipe to %TEST_SERVER% --silent --domain pipe   --cert %CERTDIR%/signed-intermediate-full-chain.pem   --key  %CERTDIR%/signed-intermediate.example.com.key   part-0000-connect-standard.txt   part-0101-ehlo-all.txt   part-0203-starttls-basic-verify.txt   part-0105-ehlo-post-tls-info.txt   part-1000-mail-basic.txt   part-1100-rcpt-basic-accept.txt   part-2500-data-accept-basic.txt   part-3000-shutdown-accept.txt   ...
+=== Connected to %TEST_SERVER% --silent --domain pipe   --cert %CERTDIR%/signed-intermediate-full-chain.pem   --key  %CERTDIR%/signed-intermediate.example.com.key   part-0000-connect-standard.txt   part-0101-ehlo-all.txt   part-0203-starttls-basic-verify.txt   part-0105-ehlo-post-tls-info.txt   part-1000-mail-basic.txt   part-1100-rcpt-basic-accept.txt   part-2500-data-accept-basic.txt   part-3000-shutdown-accept.txt   .
+<-  220 SERVER ESMTP ready
+ -> EHLO hserver
+<-  250-SERVER Hello Server [1.1.1.1]
+<-  250-STARTTLS
+<-  250-PIPELINING
+<-  250-XCLIENT ADDR NAME PORT PROTO DESTADDR DESTPORT HELO LOGIN REVERSE_NAME
+<-  250-PRDR
+<-  250-AUTH CRAM-MD5
+<-  250-AUTH CRAM-SHA1
+<-  250-AUTH PLAIN
+<-  250-AUTH LOGIN
+<-  250-AUTH NTLM
+<-  250-AUTH DIGEST-MD5
+<-  250-AUTH=login
+<-  250 HELP
+ -> STARTTLS
+<-  220 TLS go ahead
+=== TLS started with cipher VERSION:CIPHER:BITS
+=== TLS client certificate requested and not sent
+=== TLS no client certificate set
+=== TLS peer[0]   DN="/C=US/ST=Indiana/O=Swaks Development (signed-intermediate.example.com, with-SAN)/CN=signed-intermediate.example.com/[email protected]"
+===               notBefore=2023-11-07T22:49:58Z
+===               notAfter=2033-09-15T22:49:58Z
+===               subjectAltName=[ DNS:signed-intermediate.example.com ]
+===               commonName=signed-intermediate.example.com
+=== TLS peer[1]   DN="/C=US/ST=Indiana/O=Swaks Development (signed-intermediate.example.com, with-SAN)/CN=signed-intermediate.example.com/[email protected]"
+===               notBefore=2023-11-07T22:49:58Z
+===               notAfter=2033-09-15T22:49:58Z
+===               subjectAltName=[ DNS:signed-intermediate.example.com ]
+===               commonName=signed-intermediate.example.com
+=== TLS peer[2]   DN="/C=US/ST=Indiana/O=Swaks Development (signed-intermediate.example.com, with-SAN)/CN=signed-intermediate.example.com/[email protected]"
+===               notBefore=2023-11-07T22:49:58Z
+===               notAfter=2033-09-15T22:49:58Z
+===               subjectAltName=[ DNS:signed-intermediate.example.com ]
+===               commonName=signed-intermediate.example.com
+=== TLS peer certificate failed CA verification, failed host verification (no host string available to verify)
+ ~> EHLO hserver
+<~  250-SERVER Hello Server [1.1.1.1]
+<~  250-TLS peer DN=No client certificate present
+<~  250-PIPELINING
+<~  250-XCLIENT ADDR NAME PORT PROTO DESTADDR DESTPORT HELO LOGIN REVERSE_NAME
+<~  250-PRDR
+<~  250-AUTH CRAM-MD5
+<~  250-AUTH CRAM-SHA1
+<~  250-AUTH PLAIN
+<~  250-AUTH LOGIN
+<~  250-AUTH NTLM
+<~  250-AUTH DIGEST-MD5
+<~  250-AUTH=login
+<~  250 HELP
+ ~> MAIL FROM:<[email protected]>
+<~  250 Accepted
+ ~> RCPT TO:<[email protected]>
+<~  250 Accepted
+ ~> DATA
+<~  354 Enter message, ending with "." on a line by itself
+ ~> Date: Wed, 03 Nov 1999 11:24:29 -0500
+ ~> To: [email protected]
+ ~> From: [email protected]
+ ~> Subject: test Wed, 03 Nov 1999 11:24:29 -0500
+ ~> Message-Id: <19991103112429.047942@localhost>
+ ~> X-Mailer: swaks v99999999.9 jetmore.org/john/code/swaks/
+ ~> 
+ ~> This is a test mailing
+ ~> 
+ ~> 
+ ~> .
+<~  250 OK id=fakeemail
+ ~> QUIT
+<~  221 SERVER closing connection
+=== Connection closed with child process.
diff --git a/testing/regressions/_exec-transactions/test.txt b/testing/regressions/_exec-transactions/test.txt
@@ -47,6 +47,7 @@
    26 TLS client certificate info line -- client certs ARE present, server does NOT request them
    27 --tls-cert contains a chain
    28 --tls-cert + --tls-chain
+   29 TLS peer presents chain
    40 TLS verification info line: --fail ca (unsigned cert),           --fail host (pipe - no target host)
    41 TLS verification info line: --fail ca (signed but unknown cert), --fail host (pipe - no target host)
    42 TLS verification info line: ++pass ca (signed and known cert),   --fail host (pipe - no target host)

diff --git a/testing/regressions/bin/runenv b/testing/regressions/bin/runenv
@@ -7,8 +7,8 @@ export SWAKS_TEST_SERVER=../server/smtp-server.pl
 
 # Either or both of these can be really convenient when you have a ton of small changes to accept.
 # Setting SWAKS_TEST_PAGER to cat means you don't have to quit out of a pager when viewing the diff
-#export SWAKS_TEST_PAGER=cat
+export SWAKS_TEST_PAGER=cat
 # Setting SWAKS_TEST_AUTOCAT to 1 means that everytime a test fails, the diff is auto-catted for review
-#export SWAKS_TEST_AUTOCAT=1
+export SWAKS_TEST_AUTOCAT=1
 
 exec $*