1# The client writes a message to Sys::Syslog native method. 2# The syslogd writes it into a file and through a pipe. 3# The syslogd passes it via TLS to localhost loghost. 4# The cafile is the system default which has no matching cert. 5# Find the message in client, file, pipe, syslogd log. 6# Check that syslogd has verify failure and server has no message. 7 8use strict; 9use warnings; 10use Errno ':POSIX'; 11use Socket; 12 13my @errors = (EPIPE); 14my $errors = "(". join("|", map { $! = $_ } @errors). ")"; 15 16our %args = ( 17 syslogd => { 18 loghost => '@tls://localhost:$connectport', 19 ktrace => { 20 qr{NAMI "/etc/ssl/cert.pem"} => 1, 21 }, 22 loggrep => { 23 qr{CAfile /etc/ssl/cert.pem} => 1, 24 qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4', 25 qr/syslogd\[\d+\]: loghost .* connection error: /. 26 qr/certificate verification failed: /. 27 qr/self signed certificate in certificate chain/ => 1, 28 get_testgrep() => 1, 29 }, 30 cacrt => "default", 31 }, 32 server => { 33 listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" }, 34 up => "IO::Socket::SSL socket accept failed", 35 down => "Server", 36 exit => 255, 37 loggrep => { 38 qr/listen sock: (127.0.0.1|::1) \d+/ => 1, 39 qr/IO::Socket::SSL socket accept failed: /. 40 qr/.*,SSL accept attempt failed error:.*/. 41 qr/(ACCEPT_SR_FINISHED:tlsv1 alert unknown ca|$errors)/ => 1, 42 get_testgrep() => 0, 43 }, 44 }, 45); 46 471; 48