summaryrefslogtreecommitdiff
path: root/regress/usr.sbin/syslogd/args-tls-key-empty.pl
blob: 58ac6254ffab561df98c113672ce80201163c89c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# Syslogd gets an empty TLS server key.
# The client cannot connect to 127.0.0.1 TLS socket.
# Check that syslog log contains an error message.

use strict;
use warnings;
use Socket;

my $key = "/etc/ssl/private/127.0.0.1:6514.key";
my $cert = "/etc/ssl/127.0.0.1:6514.crt";
my @sudo = $ENV{SUDO} ? $ENV{SUDO} : ();
my @cmd = (@sudo, "cp", "--", "empty", $key);
system(@cmd) and die "Command '@cmd' failed: $?";
@cmd = (@sudo, "cp", "--", "127.0.0.1.crt", $cert);
system(@cmd) and die "Command '@cmd' failed: $?";
END {
    local $?;
    my @cmd = (@sudo, "rm", "-f", "--", $key, $cert);
    system(@cmd) and warn "Command '@cmd' failed: $?";
}

our %args = (
    client => {
	func => sub {
	    my $self = shift;
	    IO::Socket::IP->new(
		Domain              => AF_INET,
		Proto               => "tcp",
		PeerAddr            => "127.0.0.1",
		PeerPort            => 6514,
	    ) and die "tcp socket connect to 127.0.0.1:6514 succeeded";
	},
	nocheck => 1,
    },
    syslogd => {
	options => ["-S", "127.0.0.1:6514"],
	ktrace => {
	    qr{NAMI  "/etc/ssl/private/127.0.0.1:6514.key"} => 1,
	    qr{NAMI  "/etc/ssl/127.0.0.1:6514.crt"} => 1,
	    qr{NAMI  "/etc/ssl/private/127.0.0.1.key"} => 0,
	    qr{NAMI  "/etc/ssl/127.0.0.1.crt"} => 0,
	},
	loggrep => {
	    qr{Keyfile $key} => 1,
	    qr{Certfile $cert} => 1,
	    qr{tls_configure server: failed to read private key} => 1,
	},
    },
    server => {
	noserver => 1,
    },
    file => { nocheck => 1 },
    pipe => { nocheck => 1 },
    tty => { nocheck => 1 },
);

1;