Fix tcp starttls test for smtp (#167)

* Fix tcp starttls test for smtp * Update tcp.go * Update tcp_test.go * Update test/tcp.go Co-authored-by: Rob Best <[email protected]> * Update tcp_test.go --------- Co-authored-by: Rob Best <[email protected]>
ribbybibby · Mar 22, 2024 · 3424423 · 3424423
1 parent 07786ae
commit 3424423
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 1 deletion.
diff --git a/prober/tcp.go b/prober/tcp.go
@@ -71,7 +71,7 @@ var (
  send: "EHLO prober",
  },
  queryResponse{
- expect: "^250-STARTTLS",
+ expect: "^250(-| )STARTTLS",
  },
  queryResponse{
  send: "STARTTLS",

diff --git a/prober/tcp_test.go b/prober/tcp_test.go
@@ -246,6 +246,46 @@ func TestProbeTCPStartTLSSMTP(t *testing.T) {
  checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
+// TestProbeTCPStartTLSSMTPWithDashInResponse tests STARTTLS against a mock SMTP server
+// which provides STARTTLS as option with dash which is okay when it used as the last option
+func TestProbeTCPStartTLSSMTPWithDashInResponse(t *testing.T) {
+ server, certPEM, _, caFile, teardown, err := test.SetupTCPServer()
+ if err != nil {
+ t.Fatalf(err.Error())
+ }
+ defer teardown()
+
+ server.StartSMTPWithDashInResponse()
+ defer server.Close()
+
+ module := config.Module{
+ TCP: config.TCPProbe{
+ StartTLS: "smtp",
+ },
+ TLSConfig: config.TLSConfig{
+ CAFile: caFile,
+ InsecureSkipVerify: false,
+ },
+ }
+
+ registry := prometheus.NewRegistry()
+
+ ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+ defer cancel()
+
+ if err := ProbeTCP(ctx, newTestLogger(), server.Listener.Addr().String(), module, registry); err != nil {
+ t.Fatalf("error: %s", err)
+ }
+
+ cert, err := newCertificate(certPEM)
+ if err != nil {
+ t.Fatal(err)
+ }
+ checkCertificateMetrics(cert, registry, t)
+ checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
+}
+
 // TestProbeTCPStartTLSFTP tests STARTTLS against a mock FTP server
 func TestProbeTCPStartTLSFTP(t *testing.T) {
  server, certPEM, _, caFile, teardown, err := test.SetupTCPServer()

diff --git a/test/tcp.go b/test/tcp.go
@@ -105,6 +105,45 @@ func (t *TCPServer) StartSMTP() {
  }()
 }
 
+// StartSMTPWithDashInResponse starts a listener that negotiates a TLS connection with an smtp
+// client using STARTTLS. The server provides the STARTTLS response in the form '250 STARTTLS' 
+// (with a space, rather than a dash)
+func (t *TCPServer) StartSMTPWithDashInResponse() {
+ go func() {
+ conn, err := t.Listener.Accept()
+ if err != nil {
+ panic(fmt.Sprintf("Error accepting on socket: %s", err))
+ }
+ defer conn.Close()
+
+ if err := conn.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
+ panic("Error setting deadline")
+ }
+
+ fmt.Fprintf(conn, "220 ESMTP StartTLS pseudo-server\n")
+ if _, e := fmt.Fscanf(conn, "EHLO prober\n"); e != nil {
+ panic("Error in dialog. No EHLO received.")
+ }
+ fmt.Fprintf(conn, "250-pseudo-server.example.net\n")
+ fmt.Fprintf(conn, "250-DSN\n")
+ fmt.Fprintf(conn, "250 STARTTLS\n")
+
+ if _, e := fmt.Fscanf(conn, "STARTTLS\n"); e != nil {
+ panic("Error in dialog. No (TLS) STARTTLS received.")
+ }
+ fmt.Fprintf(conn, "220 2.0.0 Ready to start TLS\n")
+
+ // Upgrade to TLS.
+ tlsConn := tls.Server(conn, t.TLS)
+ if err := tlsConn.Handshake(); err != nil {
+ level.Error(t.logger).Log("msg", err)
+ }
+ defer tlsConn.Close()
+
+ t.stopCh <- struct{}{}
+ }()
+}
+
 // StartFTP starts a listener that negotiates a TLS connection with an ftp
 // client using AUTH TLS
 func (t *TCPServer) StartFTP() {