1# The syslogd listens on localhost TLS socket with false client verification. 2# The client connects with a wrong client certificate. 3# The syslogd writes error into a file and through a pipe. 4# The syslogd passes error via UDP to the loghost. 5# The server receives the error message on its UDP socket. 6# Find the error message in client, file, syslogd, server log. 7# Check that the syslogd rejects client. 8 9use strict; 10use warnings; 11use Errno ':POSIX'; 12use Socket; 13 14my @errors = (EPIPE, ECONNRESET); 15my $errors = "(". join("|", map { $! = $_ } @errors). ")"; 16 17my $connecterror = qr/Client IO::Socket::SSL socket connect failed: /. 18 qr/.*,SSL connect attempt failed error:.*$errors/; 19my $shutdownerror = qr/Client error after shutdown: /. 20 qr/.*:tlsv1 alert decrypt error/; 21my $sslshutdown = qr/Client SSL shutdown: /; 22 23our %args = ( 24 client => { 25 connect => { domain => AF_UNSPEC, proto => "tls", addr => "localhost", 26 port => 6514 }, 27 sslcert => "client.crt", 28 sslkey => "client.key", 29 up => qr/IO::Socket::SSL socket connect failed/, 30 down => qr/SSL connect attempt failed|$shutdownerror|$sslshutdown/, 31 exit => 255, 32 loggrep => { 33 qr/$connecterror|$shutdownerror|$sslshutdown/ => 1, 34 }, 35 }, 36 syslogd => { 37 options => ["-S", "localhost", "-K", "fake-ca.crt"], 38 ktrace => { 39 qr{NAMI "fake-ca.crt"} => 1, 40 }, 41 loggrep => { 42 qr{Server CAfile fake-ca.crt} => 1, 43 qr{tls logger .* accepted} => 1, 44 qr/syslogd\[\d+\]: tls logger .* connection error: /. 45 qr/handshake failed: error:.*:rsa routines:/. 46 qr/CRYPTO_internal:/ => 1, 47 }, 48 }, 49 server => { 50 func => sub { 51 my $self = shift; 52 read_message($self, qr/tls logger .* connection error/); 53 }, 54 loggrep => {}, 55 }, 56 file => { 57 loggrep => { 58 qr/syslogd\[\d+\]: tls logger .* connection error: /. 59 qr/handshake failed/ => 1, 60 }, 61 }, 62 pipe => { nocheck => 1, }, 63 tty => { nocheck => 1, }, 64); 65 661; 67