From: bluhm Date: Fri, 23 Oct 2015 22:50:09 +0000 (+0000) Subject: Test syslogd with empty or non existing server certificates and X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1eeea90b59eeccbb02854ae0bd1757c4d3d8e420;p=openbsd Test syslogd with empty or non existing server certificates and keys. --- diff --git a/regress/usr.sbin/syslogd/args-tls-cert-empty.pl b/regress/usr.sbin/syslogd/args-tls-cert-empty.pl new file mode 100644 index 00000000000..c9b1aece0d2 --- /dev/null +++ b/regress/usr.sbin/syslogd/args-tls-cert-empty.pl @@ -0,0 +1,53 @@ +# Syslogd gets an empty TLS server certificate. +# The client cannot connect to 127.0.0.1 TLS socket. +# Check that syslog log contains an error message. + +use strict; +use warnings; +use Socket; + +my $cert = "/etc/ssl/127.0.0.1:6514.crt"; +my @sudo = $ENV{SUDO} ? $ENV{SUDO} : (); +my @cmd = (@sudo, "cp", "--", "empty", $cert); +system(@cmd) and die "Command '@cmd' failed: $?"; +END { + my @cmd = (@sudo, "rm", "-f", "--", $cert); + system(@cmd) and warn "Command '@cmd' failed: $?"; +} + +our %args = ( + client => { + func => sub { + my $self = shift; + IO::Socket::INET6->new( + Domain => AF_INET, + Proto => "tcp", + PeerAddr => "127.0.0.1", + PeerPort => 6514, + ) and die "tcp socket connect to 127.0.0.1:6514 succeeded"; + }, + nocheck => 1, + }, + syslogd => { + options => ["-S", "127.0.0.1:6514"], + ktrace => { + qr{NAMI "/etc/ssl/private/127.0.0.1:6514.key"} => 1, + qr{NAMI "/etc/ssl/private/127.0.0.1.key"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1:6514.crt"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1.crt"} => 0, + }, + loggrep => { + qr{Keyfile /etc/ssl/private/127.0.0.1.key} => 1, + qr{Certfile $cert} => 1, + qr{syslogd: tls_configure server} => 2, + }, + }, + server => { + noserver => 1, + }, + file => { nocheck => 1 }, + pipe => { nocheck => 1 }, + tty => { nocheck => 1 }, +); + +1; diff --git a/regress/usr.sbin/syslogd/args-tls-cert-noexist.pl b/regress/usr.sbin/syslogd/args-tls-cert-noexist.pl new file mode 100644 index 00000000000..cc5f2e3d350 --- /dev/null +++ b/regress/usr.sbin/syslogd/args-tls-cert-noexist.pl @@ -0,0 +1,54 @@ +# Syslogd gets no TLS server certificate. +# The client cannot connect to 127.0.0.1 TLS socket. +# Check that syslog log contains an error message. + +use strict; +use warnings; +use Socket; + +my $cert = "/etc/ssl/127.0.0.1.crt"; +my @sudo = $ENV{SUDO} ? $ENV{SUDO} : (); +my @cmd = (@sudo, "rm", "-f", "--", $cert); +system(@cmd) and die "Command '@cmd' failed: $?"; +END { + my @cmd = (@sudo, "cp", "--", "127.0.0.1.crt", $cert); + system(@cmd) and warn "Command '@cmd' failed: $?"; +} + +our %args = ( + client => { + func => sub { + my $self = shift; + IO::Socket::INET6->new( + Domain => AF_INET, + Proto => "tcp", + PeerAddr => "127.0.0.1", + PeerPort => 6514, + ) and die "tcp socket connect to 127.0.0.1:6514 succeeded"; + }, + nocheck => 1, + }, + syslogd => { + options => ["-S", "127.0.0.1:6514"], + ktrace => { + qr{NAMI "/etc/ssl/private/127.0.0.1:6514.key"} => 1, + qr{NAMI "/etc/ssl/private/127.0.0.1.key"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1:6514.crt"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1.crt"} => 1, + }, + loggrep => { + qr{Keyfile /etc/ssl/private/127.0.0.1.key} => 1, + qr{Certfile } => 0, + qr{syslogd: open certfile: No such file or directory} => 2, + qr{syslogd: tls_configure server} => 2, + }, + }, + server => { + noserver => 1, + }, + file => { nocheck => 1 }, + pipe => { nocheck => 1 }, + tty => { nocheck => 1 }, +); + +1; diff --git a/regress/usr.sbin/syslogd/args-tls-key-empty.pl b/regress/usr.sbin/syslogd/args-tls-key-empty.pl new file mode 100644 index 00000000000..be01b48199b --- /dev/null +++ b/regress/usr.sbin/syslogd/args-tls-key-empty.pl @@ -0,0 +1,53 @@ +# Syslogd gets an empty TLS server key. +# The client cannot connect to 127.0.0.1 TLS socket. +# Check that syslog log contains an error message. + +use strict; +use warnings; +use Socket; + +my $key = "/etc/ssl/private/127.0.0.1:6514.key"; +my @sudo = $ENV{SUDO} ? $ENV{SUDO} : (); +my @cmd = (@sudo, "cp", "--", "empty", $key); +system(@cmd) and die "Command '@cmd' failed: $?"; +END { + my @cmd = (@sudo, "rm", "-f", "--", $key); + system(@cmd) and warn "Command '@cmd' failed: $?"; +} + +our %args = ( + client => { + func => sub { + my $self = shift; + IO::Socket::INET6->new( + Domain => AF_INET, + Proto => "tcp", + PeerAddr => "127.0.0.1", + PeerPort => 6514, + ) and die "tcp socket connect to 127.0.0.1:6514 succeeded"; + }, + nocheck => 1, + }, + syslogd => { + options => ["-S", "127.0.0.1:6514"], + ktrace => { + qr{NAMI "/etc/ssl/private/127.0.0.1:6514.key"} => 1, + qr{NAMI "/etc/ssl/private/127.0.0.1.key"} => 0, + qr{NAMI "/etc/ssl/127.0.0.1:6514.crt"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1.crt"} => 1, + }, + loggrep => { + qr{Keyfile $key} => 1, + qr{Certfile /etc/ssl/127.0.0.1.crt} => 1, + qr{syslogd: tls_configure server} => 2, + }, + }, + server => { + noserver => 1, + }, + file => { nocheck => 1 }, + pipe => { nocheck => 1 }, + tty => { nocheck => 1 }, +); + +1; diff --git a/regress/usr.sbin/syslogd/args-tls-key-noexist.pl b/regress/usr.sbin/syslogd/args-tls-key-noexist.pl new file mode 100644 index 00000000000..d94bccc0bb1 --- /dev/null +++ b/regress/usr.sbin/syslogd/args-tls-key-noexist.pl @@ -0,0 +1,54 @@ +# Syslogd gets no TLS server key. +# The client cannot connect to 127.0.0.1 TLS socket. +# Check that syslog log contains an error message. + +use strict; +use warnings; +use Socket; + +my $key = "/etc/ssl/private/127.0.0.1.key"; +my @sudo = $ENV{SUDO} ? $ENV{SUDO} : (); +my @cmd = (@sudo, "rm", "-f", "--", $key); +system(@cmd) and die "Command '@cmd' failed: $?"; +END { + my @cmd = (@sudo, "cp", "--", "127.0.0.1.key", $key); + system(@cmd) and warn "Command '@cmd' failed: $?"; +} + +our %args = ( + client => { + func => sub { + my $self = shift; + IO::Socket::INET6->new( + Domain => AF_INET, + Proto => "tcp", + PeerAddr => "127.0.0.1", + PeerPort => 6514, + ) and die "tcp socket connect to 127.0.0.1:6514 succeeded"; + }, + nocheck => 1, + }, + syslogd => { + options => ["-S", "127.0.0.1:6514"], + ktrace => { + qr{NAMI "/etc/ssl/private/127.0.0.1:6514.key"} => 1, + qr{NAMI "/etc/ssl/private/127.0.0.1.key"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1:6514.crt"} => 1, + qr{NAMI "/etc/ssl/127.0.0.1.crt"} => 1, + }, + loggrep => { + qr{Keyfile } => 0, + qr{Certfile /etc/ssl/127.0.0.1.crt} => 1, + qr{syslogd: open keyfile: No such file or directory} => 2, + qr{syslogd: tls_configure server} => 2, + }, + }, + server => { + noserver => 1, + }, + file => { nocheck => 1 }, + pipe => { nocheck => 1 }, + tty => { nocheck => 1 }, +); + +1;