Tests that syslogd uses the expected TLS version.

4 files changed, 128 insertions, 0 deletions

diff --git a/regress/usr.sbin/syslogd/args-tls-v10-noverify.pl b/regress/usr.sbin/syslogd/args-tls-v10-noverify.pl
new file mode 100644
index 00000000000..efc6625f525
--- /dev/null
+++ b/regress/usr.sbin/syslogd/args-tls-v10-noverify.pl
@@ -0,0 +1,32 @@
+# The client writes a message to Sys::Syslog native method.
+# The syslogd writes it into a file and through a pipe.
+# The syslogd passes it via TLS to localhost loghost without verification.
+# The server receives the message on its TLS version 1.0 socket.
+# Find the message in client, file, pipe, syslogd, server log.
+# Check that server log contains ssl version 1.
+
+use strict;
+use warnings;
+use Socket;
+
+our %args = (
+    syslogd => {
+	loghost => '@tls://localhost:$connectport',
+	loggrep => {
+	    qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
+	    get_testlog() => 1,
+	    qr/syslogd: loghost .* connection error: connect failed:/ => 0,
+	},
+    },
+    server => {
+	listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
+	loggrep => {
+	    qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
+	    get_testlog() => 1,
+	    qr/ssl version: TLSv1$/ => 1,
+	},
+	sslversion => "TLSv1",
+    },
+);
+
+1;
diff --git a/regress/usr.sbin/syslogd/args-tls-v10-verify.pl b/regress/usr.sbin/syslogd/args-tls-v10-verify.pl
new file mode 100644
index 00000000000..a43d8a87adf
--- /dev/null
+++ b/regress/usr.sbin/syslogd/args-tls-v10-verify.pl
@@ -0,0 +1,33 @@
+# The client writes a message to Sys::Syslog native method.
+# The syslogd writes it into a file and through a pipe.
+# The syslogd passes it via TLS to localhost loghost.
+# The server receives the message on its TLS version 1.0 socket.
+# Find the message in client, file, pipe, syslogd, server log.
+# Check that server log contains ssl version 1.
+
+use strict;
+use warnings;
+use Socket;
+
+our %args = (
+    syslogd => {
+	loghost => '@tls://localhost:$connectport',
+	loggrep => {
+	    qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
+	    get_testlog() => 1,
+	    qr/syslogd: loghost .* connection error: connect failed:/ => 0,
+	},
+	cacrt => "ca.crt",
+    },
+    server => {
+	listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
+	loggrep => {
+	    qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
+	    get_testlog() => 1,
+	    qr/ssl version: TLSv1$/ => 1,
+	},
+	sslversion => "TLSv1",
+    },
+);
+
+1;
diff --git a/regress/usr.sbin/syslogd/args-tls-v12-default.pl b/regress/usr.sbin/syslogd/args-tls-v12-default.pl
new file mode 100644
index 00000000000..0a596f7c836
--- /dev/null
+++ b/regress/usr.sbin/syslogd/args-tls-v12-default.pl
@@ -0,0 +1,31 @@
+# The client writes a message to Sys::Syslog native method.
+# The syslogd writes it into a file and through a pipe.
+# The syslogd passes it via TLS to localhost loghost.
+# The server receives the message on its TLS default socket.
+# Find the message in client, file, pipe, syslogd, server log.
+# Check that server log contains ssl version TLS 1.2.
+
+use strict;
+use warnings;
+use Socket;
+
+our %args = (
+    syslogd => {
+	loghost => '@tls://localhost:$connectport',
+	loggrep => {
+	    qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
+	    get_testlog() => 1,
+	    qr/syslogd: loghost .* connection error: connect failed:/ => 0,
+	},
+    },
+    server => {
+	listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
+	loggrep => {
+	    qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
+	    get_testlog() => 1,
+	    qr/ssl version: TLSv1_2$/ => 1,
+	},
+    },
+);
+
+1;
diff --git a/regress/usr.sbin/syslogd/args-tls-v12-ssl23.pl b/regress/usr.sbin/syslogd/args-tls-v12-ssl23.pl
new file mode 100644
index 00000000000..134d621c3af
--- /dev/null
+++ b/regress/usr.sbin/syslogd/args-tls-v12-ssl23.pl
@@ -0,0 +1,32 @@
+# The client writes a message to Sys::Syslog native method.
+# The syslogd writes it into a file and through a pipe.
+# The syslogd passes it via TLS to localhost loghost.
+# The server receives the message on its TLS SSLv23 socket.
+# Find the message in client, file, pipe, syslogd, server log.
+# Check that server log contains ssl version TLS 1.2.
+
+use strict;
+use warnings;
+use Socket;
+
+our %args = (
+    syslogd => {
+	loghost => '@tls://localhost:$connectport',
+	loggrep => {
+	    qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
+	    get_testlog() => 1,
+	    qr/syslogd: loghost .* connection error: connect failed:/ => 0,
+	},
+    },
+    server => {
+	listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
+	loggrep => {
+	    qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
+	    get_testlog() => 1,
+	    qr/ssl version: TLSv1_2$/ => 1,
+	},
+	sslversion => "SSLv23",
+    },
+);
+
+1;