161ffb8b2Sbluhm# The client writes a message to Sys::Syslog native method. 261ffb8b2Sbluhm# The syslogd writes it into a file and through a pipe. 361ffb8b2Sbluhm# The syslogd passes it via TLS to localhost loghost. 461ffb8b2Sbluhm# The cafile is a fake ca with correct DN but wrong key. 561ffb8b2Sbluhm# Find the message in client, file, pipe, syslogd log. 661ffb8b2Sbluhm# Check that syslogd has verify failure and server has no message. 761ffb8b2Sbluhm 861ffb8b2Sbluhmuse strict; 961ffb8b2Sbluhmuse warnings; 10d8bc0d06Sbluhmuse Errno ':POSIX'; 1161ffb8b2Sbluhmuse Socket; 1261ffb8b2Sbluhm 13d8bc0d06Sbluhmmy @errors = (EPIPE); 14d8bc0d06Sbluhmmy $errors = "(". join("|", map { $! = $_ } @errors). ")"; 15d8bc0d06Sbluhm 1661ffb8b2Sbluhmour %args = ( 1761ffb8b2Sbluhm syslogd => { 1861ffb8b2Sbluhm loghost => '@tls://localhost:$connectport', 1961ffb8b2Sbluhm loggrep => { 2061ffb8b2Sbluhm qr/CAfile fake-ca.crt/ => 1, 2161ffb8b2Sbluhm qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4', 228579df47Sbluhm qr/syslogd\[\d+\]: loghost .* connection error: /. 23e53c8955Sbluhm qr/certificate verification failed: /. 24*d74a1282Sbluhm "(".qr/self signed certificate in certificate chain/."|". 25*d74a1282Sbluhm qr/certificate signature failure/.")" => 1, 26bb7ea376Sbluhm get_testgrep() => 1, 2761ffb8b2Sbluhm }, 2861ffb8b2Sbluhm cacrt => "fake-ca.crt", 2961ffb8b2Sbluhm }, 3061ffb8b2Sbluhm server => { 3161ffb8b2Sbluhm listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" }, 3261ffb8b2Sbluhm up => "IO::Socket::SSL socket accept failed", 3361ffb8b2Sbluhm down => "Server", 3461ffb8b2Sbluhm exit => 255, 3561ffb8b2Sbluhm loggrep => { 3661ffb8b2Sbluhm qr/listen sock: (127.0.0.1|::1) \d+/ => 1, 37d8bc0d06Sbluhm qr/IO::Socket::SSL socket accept failed: /. 38d19f4176Sbluhm qr/.*,SSL accept attempt failed error:.*/. 39d19f4176Sbluhm qr/(tlsv1 alert decrypt error|$errors)/ => 1, 40bb7ea376Sbluhm get_testgrep() => 0, 4161ffb8b2Sbluhm }, 4261ffb8b2Sbluhm }, 4361ffb8b2Sbluhm); 4461ffb8b2Sbluhm 4561ffb8b2Sbluhm1; 46