161ffb8b2Sbluhm# The client writes a message to Sys::Syslog native method.
261ffb8b2Sbluhm# The syslogd writes it into a file and through a pipe.
361ffb8b2Sbluhm# The syslogd passes it via TLS to localhost loghost.
461ffb8b2Sbluhm# The cafile is a fake ca with correct DN but wrong key.
561ffb8b2Sbluhm# Find the message in client, file, pipe, syslogd log.
661ffb8b2Sbluhm# Check that syslogd has verify failure and server has no message.
761ffb8b2Sbluhm
861ffb8b2Sbluhmuse strict;
961ffb8b2Sbluhmuse warnings;
1061ffb8b2Sbluhmuse Socket;
1161ffb8b2Sbluhm
1261ffb8b2Sbluhmour %args = (
1361ffb8b2Sbluhm    syslogd => {
1461ffb8b2Sbluhm	loghost => '@tls://localhost:$connectport',
1561ffb8b2Sbluhm	loggrep => {
1661ffb8b2Sbluhm	    qr/CAfile fake-ca.crt/ => 1,
1761ffb8b2Sbluhm	    qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
18070cd568Sbluhm	    qr/syslogd: loghost .* connection error: /.
19*e53c8955Sbluhm		qr/certificate verification failed: /.
20*e53c8955Sbluhm		qr/certificate signature failure/ => 2,
21bb7ea376Sbluhm	    get_testgrep() => 1,
2261ffb8b2Sbluhm	},
2361ffb8b2Sbluhm	cacrt => "fake-ca.crt",
2461ffb8b2Sbluhm    },
2561ffb8b2Sbluhm    server => {
2661ffb8b2Sbluhm	listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
2761ffb8b2Sbluhm	up => "IO::Socket::SSL socket accept failed",
2861ffb8b2Sbluhm	down => "Server",
2961ffb8b2Sbluhm	exit => 255,
3061ffb8b2Sbluhm	loggrep => {
3161ffb8b2Sbluhm	    qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
3261ffb8b2Sbluhm	    qr/SSL accept attempt failed because of handshake problems/ => 1,
33bb7ea376Sbluhm	    get_testgrep() => 0,
3461ffb8b2Sbluhm	},
3561ffb8b2Sbluhm    },
3661ffb8b2Sbluhm);
3761ffb8b2Sbluhm
3861ffb8b2Sbluhm1;
39