diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2015-11-02 00:48:18 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2015-11-02 00:48:18 +0000 |
| commit | 70a17327fda77acd996a27a71943a27c120d365e (patch) | |
| tree | e0d03a9b5ec81871e70ada408cbe441ae8e85395 /regress/usr.sbin | |
| parent | f905742d9fcb2742c16df48fbdfed8b1d7ff4406 (diff) | |
Test that rsyslogd can send over TLS to OpenBSD syslogd.
Diffstat (limited to 'regress/usr.sbin')
| -rw-r--r-- | regress/usr.sbin/syslogd/Client.pm | 8 | ||||
| -rw-r--r-- | regress/usr.sbin/syslogd/RSyslogd.pm | 22 | ||||
| -rw-r--r-- | regress/usr.sbin/syslogd/args-rsyslog-client-tcp.pl | 4 | ||||
| -rw-r--r-- | regress/usr.sbin/syslogd/args-rsyslog-client-tls.pl | 36 |
4 files changed, 65 insertions, 5 deletions
diff --git a/regress/usr.sbin/syslogd/Client.pm b/regress/usr.sbin/syslogd/Client.pm index e7656827ee3..d53f32a8d4d 100644 --- a/regress/usr.sbin/syslogd/Client.pm +++ b/regress/usr.sbin/syslogd/Client.pm @@ -1,4 +1,4 @@ -# $OpenBSD: Client.pm,v 1.5 2015/10/09 17:07:06 bluhm Exp $ +# $OpenBSD: Client.pm,v 1.6 2015/11/02 00:48:17 bluhm Exp $ # Copyright (c) 2010-2014 Alexander Bluhm <bluhm@openbsd.org> # @@ -78,6 +78,12 @@ sub child { $cs->get_sslversion(),"\n"; print STDERR "ssl cipher: ", $cs->get_cipher(),"\n"; + print STDERR "ssl issuer: ", + $cs->peer_certificate('issuer'),"\n"; + print STDERR "ssl subject: ", + $cs->peer_certificate('subject'),"\n"; + print STDERR "ssl cn: ", + $cs->peer_certificate('cn'),"\n"; } } diff --git a/regress/usr.sbin/syslogd/RSyslogd.pm b/regress/usr.sbin/syslogd/RSyslogd.pm index c85dcea9d95..ab9b178a3c4 100644 --- a/regress/usr.sbin/syslogd/RSyslogd.pm +++ b/regress/usr.sbin/syslogd/RSyslogd.pm @@ -1,4 +1,4 @@ -# $OpenBSD: RSyslogd.pm,v 1.3 2015/07/07 18:03:11 bluhm Exp $ +# $OpenBSD: RSyslogd.pm,v 1.4 2015/11/02 00:48:17 bluhm Exp $ # Copyright (c) 2010-2014 Alexander Bluhm <bluhm@openbsd.org> # @@ -86,12 +86,26 @@ sub new { print $fh "\$InputTCPServerRun $listenport\n"; } if ($connectdomain && $connectproto eq "udp") { - print $fh "*.* \@$connectaddr:$connectport\n"; + print $fh "*.*\t\@$connectaddr:$connectport\n"; } if ($connectdomain && $connectproto eq "tcp") { - print $fh "*.* \@\@$connectaddr:$connectport\n"; + print $fh "*.*\t\@\@$connectaddr:$connectport\n"; } - print $fh "*.* $self->{outfile}\n"; + if ($connectdomain && $connectproto eq "tls") { + print $fh "\$DefaultNetstreamDriver gtls\n"; + my %cert = ( + CA => "127.0.0.1.crt", + ); + while(my ($k, $v) = each %cert) { + _make_abspath(\$v); + print $fh "\$DefaultNetstreamDriver${k}File $v\n"; + } + print $fh "\$ActionSendStreamDriverAuthMode x509/name\n"; + print $fh "\$ActionSendStreamDriverPermittedPeer 127.0.0.1\n"; + print $fh "\$ActionSendStreamDriverMode 1\n"; + print $fh "*.*\t\@\@$connectaddr:$connectport\n"; + } + print $fh "*.*\t$self->{outfile}\n"; print $fh $self->{conf} if $self->{conf}; close $fh; diff --git a/regress/usr.sbin/syslogd/args-rsyslog-client-tcp.pl b/regress/usr.sbin/syslogd/args-rsyslog-client-tcp.pl index a209bf0ef18..fc840d7dcd9 100644 --- a/regress/usr.sbin/syslogd/args-rsyslog-client-tcp.pl +++ b/regress/usr.sbin/syslogd/args-rsyslog-client-tcp.pl @@ -22,6 +22,10 @@ our %args = ( }, syslogd => { options => ["-T", "127.0.0.1:514"], + loggrep => { + get_testgrep() => 1, + qr/syslogd: tcp logger .* accepted/ => 1, + }, }, ); diff --git a/regress/usr.sbin/syslogd/args-rsyslog-client-tls.pl b/regress/usr.sbin/syslogd/args-rsyslog-client-tls.pl new file mode 100644 index 00000000000..e75763b97b4 --- /dev/null +++ b/regress/usr.sbin/syslogd/args-rsyslog-client-tls.pl @@ -0,0 +1,36 @@ +# Test TLS with rsyslogd as sender. +# The client writes a message to rsyslogd UDP socket. +# The rsyslogd forwards the message to syslogd TLS listen socket. +# The syslogd writes it into a file and through a pipe. +# The syslogd passes it via UDP to the rsyslogd. +# The rsyslogd receives the message on its UDP socket. +# Find the message in rsyslogd, file, pipe, syslogd, server log. +# Check that the message is in rsyslogd, syslogd, server log. + +use strict; +use warnings; +use Socket; + +our %args = ( + client => { + connect => { domain => AF_INET, proto => "udp", addr => "127.0.0.1" }, + }, + rsyslogd => { + listen => { domain => AF_INET, proto => "udp", addr => "127.0.0.1" }, + connect => { domain => AF_INET, proto => "tls", addr => "127.0.0.1", + port => 6514 }, + loggrep => { + get_testgrep() => 1, + qr/GnuTLS handshake succeeded/ => 1, + }, + }, + syslogd => { + options => ["-S", "127.0.0.1"], + loggrep => { + get_testgrep() => 1, + qr/syslogd: tls logger .* accepted/ => 1, + }, + }, +); + +1; |