Now that syslogd(8) supports SSL shutdown when the TLS connection

terminates, do SSL shutdown in the test client.  This will detect
SSL handshake errors also with TLS 1.3 if the CA of the client
certificate is invalid.
test races reported by anton@; debugged with Carsten Arzig

diff --git a/regress/usr.sbin/syslogd/Proc.pm b/regress/usr.sbin/syslogd/Proc.pm
index 0769c8a..930bb5f 100644 (file)
--- a/regress/usr.sbin/syslogd/Proc.pm
+++ b/regress/usr.sbin/syslogd/Proc.pm
@@ -1,4 +1,4 @@
-#      $OpenBSD: Proc.pm,v 1.9 2020/07/24 22:12:00 bluhm Exp $
+#      $OpenBSD: Proc.pm,v 1.10 2022/03/25 14:15:10 bluhm Exp $
 
 # Copyright (c) 2010-2020 Alexander Bluhm <bluhm@openbsd.org>
 # Copyright (c) 2014 Florian Riehm <mail@friehm.de>
@@ -25,6 +25,7 @@ use Errno;
 use IO::File;
 use POSIX;
 use Time::HiRes qw(time alarm sleep);
+use IO::Socket::SSL;
 
 my %CHILDREN;
 
@@ -131,7 +132,13 @@ sub run {
        do {
                $self->child();
                print STDERR $self->{up}, "\n";
+               $self->{ts} = $self->{cs}
+                   if $self->{connectproto} && $self->{connectproto} eq "tls";
                $self->{func}->($self);
+               $self->{ts}->close(SSL_fast_shutdown => 0)
+                   or die ref($self), " SSL shutdown: $!,$SSL_ERROR"
+                   if $self->{ts};
+               delete $self->{ts};
        } while ($self->{redo});
        print STDERR "Shutdown", "\n";
 

diff --git a/regress/usr.sbin/syslogd/args-client-tls-close.pl b/regress/usr.sbin/syslogd/args-client-tls-close.pl
index 45ab65a..ac3f605 100644 (file)
--- a/regress/usr.sbin/syslogd/args-client-tls-close.pl
+++ b/regress/usr.sbin/syslogd/args-client-tls-close.pl
@@ -14,6 +14,7 @@ our %args = (
            port => 6514 },
        func => sub {
            my $self = shift;
+           delete $self->{ts};
            shutdown(\*STDOUT, 1)
                or die ref($self), " shutdown write failed: $!";
            ${$self->{syslogd}}->loggrep("tls logger .* connection close", 5)

diff --git a/regress/usr.sbin/syslogd/args-client-tls-error.pl b/regress/usr.sbin/syslogd/args-client-tls-error.pl
index 7925ae6..516c401 100644 (file)
--- a/regress/usr.sbin/syslogd/args-client-tls-error.pl
+++ b/regress/usr.sbin/syslogd/args-client-tls-error.pl
@@ -18,6 +18,7 @@ our %args = (
            port => 6514 },
        func => sub {
            my $self = shift;
+           delete $self->{ts};
            setsockopt(STDOUT, SOL_SOCKET, SO_LINGER, pack('ii', 1, 0))
                or die ref($self), " set socket linger failed: $!";
        },
@@ -35,7 +36,8 @@ our %args = (
     server => {
        func => sub {
            my $self = shift;
-           ${$self->{syslogd}}->loggrep("tls logger .* connection error", 5)
+           ${$self->{syslogd}}->loggrep(
+               qr/tls logger .* connection (?:close|error)/, 5)
                or die ref($self), " no connection error in syslogd.log";
        },
        loggrep => {},

diff --git a/regress/usr.sbin/syslogd/args-client-tls-fake.pl b/regress/usr.sbin/syslogd/args-client-tls-fake.pl
index b3ba24f..1d02a4a 100644 (file)
--- a/regress/usr.sbin/syslogd/args-client-tls-fake.pl
+++ b/regress/usr.sbin/syslogd/args-client-tls-fake.pl
@@ -18,6 +18,7 @@ my $connecterror = qr/Client IO::Socket::SSL socket connect failed: /.
     qr/.*,SSL connect attempt failed error:.*$errors/;
 my $shutdownerror = qr/Client error after shutdown: /.
     qr/.*:tlsv1 alert decrypt error/;
+my $sslshutdown = qr/Client SSL shutdown: /;
 
 our %args = (
     client => {
@@ -26,10 +27,10 @@ our %args = (
        sslcert => "client.crt",
        sslkey => "client.key",
        up => qr/IO::Socket::SSL socket connect failed/,
-       down => qr/SSL connect attempt failed|error after shutdown/,
+       down => qr/SSL connect attempt failed|$shutdownerror|$sslshutdown/,
        exit => 255,
        loggrep => {
-           qr/$connecterror|$shutdownerror/ => 1,
+           qr/$connecterror|$shutdownerror|$sslshutdown/ => 1,
        },
     },
     syslogd => {

diff --git a/regress/usr.sbin/syslogd/args-hostname.pl b/regress/usr.sbin/syslogd/args-hostname.pl
index 25a6638..5c08308 100644 (file)
--- a/regress/usr.sbin/syslogd/args-hostname.pl
+++ b/regress/usr.sbin/syslogd/args-hostname.pl
@@ -50,7 +50,7 @@ our %args = (
                port => 514,
            }},
        ],
-       func => sub { redo_connect( shift, sub {
+       func => sub { redo_connect(shift, sub {
            my $self = shift;
            write_message($self, "client connect proto: ".
                $self->{connectproto}) if $self->{connectproto};

diff --git a/regress/usr.sbin/syslogd/funcs.pl b/regress/usr.sbin/syslogd/funcs.pl
index 25b060b..171dc55 100644 (file)
--- a/regress/usr.sbin/syslogd/funcs.pl
+++ b/regress/usr.sbin/syslogd/funcs.pl
@@ -1,4 +1,4 @@
-#      $OpenBSD: funcs.pl,v 1.39 2021/12/22 15:14:13 bluhm Exp $
+#      $OpenBSD: funcs.pl,v 1.40 2022/03/25 14:15:10 bluhm Exp $
 
 # Copyright (c) 2010-2021 Alexander Bluhm <bluhm@openbsd.org>
 #
@@ -212,6 +212,7 @@ sub redo_connect {
                sleep .1;
                close(delete $self->{cs})
                    or die ref($self), " close failed: $!";
+               delete $self->{ts};
        }
        if (my $redo = shift @{$self->{redo}}) {
                if (my $connect = $redo->{connect}) {