summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2019-05-06 16:19:15 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2019-05-07 22:45:51 +0100
commitf4e62a871680af98f14beb5f21dbe3b85c5c35ff (patch)
tree45a11d0f4ca8c72acf8373c37f1c52f4a9d722f6
parentdea4b5684c694c41105215bdb25f8e91b7c35c5d (diff)
OpenSSL: fix tls_try_verify_hosts under resumption
Diffstat
-rw-r--r--doc/doc-txt/experimental-spec.txt5
-rw-r--r--src/src/dbstuff.h1
-rw-r--r--src/src/tls-openssl.c8
-rw-r--r--test/confs/589030
-rw-r--r--test/confs/589126
-rw-r--r--test/log/5890228
-rw-r--r--test/log/5891173
-rw-r--r--test/scripts/5890-Resume-GnuTLS/58909
-rw-r--r--test/scripts/5891-Resume-OpenSSL/58917
9 files changed, 296 insertions, 191 deletions
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 0f749c6cf..301152f1a 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1003,12 +1003,9 @@ Observability:
Issues:
In a resumed session:
- $tls_{in,out}_certificate_verified will be set, and verify = certificate
- will be true, when verify failed but tls_try_verify_hosts allowed the
- connection (under OpenSSL)
$tls_{in,out}_cipher will have values different to the original (under GnuTLS)
$tls_{in,out}_ocsp will be "not requested" or "no response", and
- hosts_require_ocsp will fail
+ hosts_require_ocsp will fail
--------------------------------------------------------------
diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h
index 6b1ae0ebb..227de39e5 100644
--- a/src/src/dbstuff.h
+++ b/src/src/dbstuff.h
@@ -807,6 +807,7 @@ typedef struct {
typedef struct {
time_t time_stamp;
/*************/
+ uschar verify_override;
uschar session[1];
} dbdata_tls_session;
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 3092dce2e..39e7fc8f4 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -586,6 +586,7 @@ if (!X509_NAME_oneline(X509_get_subject_name(cert), CS dn, sizeof(dn)))
}
dn[sizeof(dn)-1] = '\0';
+tlsp->verify_override = FALSE;
if (preverify_ok == 0)
{
uschar * extra = verify_mode ? string_sprintf(" (during %c-verify for [%s])",
@@ -2174,7 +2175,8 @@ if (tlsp->peercert)
when it actually failed but we're in try-verify mode, due to us wanting the
knowlege that it failed so needing to have the callback and forcing a
permissive return. If we don't force it, the TLS startup is failed.
- Hence the verify_override bodge - though still a problem for resumption. */
+ The extra bit of information is set in verify_override in the cb, stashed
+ for resumption next to the TLS session, and used here. */
if (!tlsp->verify_override)
tlsp->certificate_verified = SSL_get_verify_result(ssl) == X509_V_OK;
@@ -2756,6 +2758,7 @@ if (tlsp->host_resumable)
{
DEBUG(D_tls) debug_printf("good session\n");
tlsp->resumption |= RESUME_CLIENT_SUGGESTED;
+ tlsp->verify_override = dt->verify_override;
}
}
else
@@ -2791,7 +2794,8 @@ if (SSL_SESSION_is_resumable(ss)) /* 1.1.1 */
DEBUG(D_tls) debug_printf("session is resumable\n");
tlsp->resumption |= RESUME_SERVER_TICKET; /* server gave us a ticket */
- len = i2d_SSL_SESSION(ss, &s); /* s gets bumped to end */
+ dt->verify_override = tlsp->verify_override;
+ (void) i2d_SSL_SESSION(ss, &s); /* s gets bumped to end */
if ((dbm_file = dbfn_open(US"tls", O_RDWR, &dbblock, FALSE, FALSE)))
{
diff --git a/test/confs/5890 b/test/confs/5890
index ca205f621..a836802af 100644
--- a/test/confs/5890
+++ b/test/confs/5890
@@ -13,7 +13,7 @@ domainlist local_domains = test.ex : *.test.ex
acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption
+log_selector = +received_recipients +tls_resumption +tls_peerdn
tls_advertise_hosts = *
@@ -31,7 +31,7 @@ begin acl
check_helo:
accept condition = ${if def:tls_in_cipher}
- logwrite = tls_in_resumption ${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+ logwrite = tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
logwrite = our cert subject\t${certextract {subject}{$tls_in_ourcert}}
logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
logwrite = peer cert verified\t${tls_in_certificate_verified}
@@ -63,10 +63,9 @@ log_resumption:
begin routers
client:
- driver = accept
- condition = ${if eq {SERVER}{server}{no}{yes}}
- retry_use_local_part
- transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
+ transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
server:
driver = redirect
@@ -77,19 +76,20 @@ server:
begin transports
send_to_server1:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = 127.0.0.1
- port = PORT_D
- helo_data = helo.data.changed
+ hosts = 127.0.0.1
+ port = PORT_D
+ helo_data = helo.data.changed
.ifdef VALUE
- tls_resumption_hosts = *
+ tls_resumption_hosts = *
.else
- tls_resumption_hosts = :
+ tls_resumption_hosts = :
.endif
- tls_verify_certificates = DIR/aux-fixed/cert1
- tls_verify_cert_hostnames = :
- event_action = ${acl {log_resumption}}
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = ${if match {$local_part}{^noverify} {*}{:}}
+ tls_try_verify_hosts = *
+ event_action = ${acl {log_resumption}}
send_to_server2:
driver = smtp
diff --git a/test/confs/5891 b/test/confs/5891
index 599a6e3f0..165921d26 100644
--- a/test/confs/5891
+++ b/test/confs/5891
@@ -63,10 +63,9 @@ log_resumption:
begin routers
client:
- driver = accept
- condition = ${if eq {SERVER}{server}{no}{yes}}
- retry_use_local_part
- transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
+ transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
server:
driver = redirect
@@ -77,19 +76,20 @@ server:
begin transports
send_to_server1:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = 127.0.0.1
- port = PORT_D
- helo_data = helo.data.changed
+ hosts = 127.0.0.1
+ port = PORT_D
+ helo_data = helo.data.changed
.ifdef VALUE
- tls_resumption_hosts = *
+ tls_resumption_hosts = *
.else
- tls_resumption_hosts = :
+ tls_resumption_hosts = :
.endif
- tls_verify_certificates = DIR/aux-fixed/cert1
- tls_verify_cert_hostnames = :
- event_action = ${acl {log_resumption}}
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = ${if match {$local_part}{^noverify} {*}{:}}
+ tls_try_verify_hosts = *
+ event_action = ${acl {log_resumption}}
send_to_server2:
driver = smtp
diff --git a/test/log/5890 b/test/log/5890
index a7e9bade8..b8a4d444d 100644
--- a/test/log/5890
+++ b/test/log/5890
@@ -7,7 +7,7 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmaX-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaX-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed
@@ -26,9 +26,9 @@
1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmaZ-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed
@@ -39,7 +39,7 @@
1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbC-0005vi-00 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbC-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00"
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed
@@ -50,7 +50,7 @@
1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbE-0005vi-00 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbE-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00"
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
@@ -61,7 +61,7 @@
1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbG-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbG-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbH-0005vi-00"
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
1999-03-02 09:44:33 10HmbI-0005vi-00 tls_out_resumption no client request
@@ -72,88 +72,110 @@
1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbI-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbI-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbJ-0005vi-00"
1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
1999-03-02 09:44:33 10HmbK-0005vi-00 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbK-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified 0
1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbK-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbK-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbL-0005vi-00"
1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
-1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
+1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 0
1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
-1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbP-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbP-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbQ-0005vi-00"
-1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbR-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbR-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbS-0005vi-00"
-1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
-1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbO-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbO-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbO-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbP-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
+1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified 1
1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbT-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbT-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbT-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
-1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption no client request
+1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed, also new ticket
1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified 1
1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbV-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbV-0005vi-00 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbV-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbW-0005vi-00"
+1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbW-0005vi-00"
1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
+1999-03-02 09:44:33 10HmbX-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 10HmbX-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbX-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbX-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbY-0005vi-00"
+1999-03-02 09:44:33 10HmbX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmbZ-0005vi-00 tls_out_resumption no client request
+1999-03-02 09:44:33 10HmbZ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbZ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmcA-0005vi-00"
+1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -164,7 +186,7 @@
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for getticket@test.ex
1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <getticket@test.ex> R=server
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -176,7 +198,7 @@
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <xyz@test.ex> R=server
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <resume@test.ex> R=server
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -187,7 +209,7 @@
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex
1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <abcd@test.ex> R=server
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -198,7 +220,7 @@
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@myhost.test.ex for renewal@test.ex
1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: <renewal@test.ex> R=server
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -209,7 +231,7 @@
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@myhost.test.ex for postrenewal@test.ex
1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -220,7 +242,7 @@
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@myhost.test.ex for timeout@test.ex
1999-03-02 09:44:33 10HmbH-0005vi-00 => :blackhole: <timeout@test.ex> R=server
1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -231,8 +253,7 @@
1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@myhost.test.ex for notreq@test.ex
1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <notreq@test.ex> R=server
1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -240,22 +261,22 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for getticket@test.ex
-1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for noverify_getticket@test.ex
+1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <noverify_getticket@test.ex> R=server
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
1999-03-02 09:44:33 peer dn
1999-03-02 09:44:33 ocsp 0
-1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 cipher TLS1.x:ke--AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
-1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <xyz@test.ex> R=server
-1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for noverify_resume@test.ex
+1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <noverify_resume@test.ex> R=server
1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -263,10 +284,10 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for abcd@test.ex
-1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <abcd@test.ex> R=server
-1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbP-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -274,10 +295,22 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbP-0005vi-00@myhost.test.ex for renewal@test.ex
-1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <renewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <xyz@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 ocsp 0
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for abcd@test.ex
+1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <abcd@test.ex> R=server
+1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -285,10 +318,21 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for renewal@test.ex
+1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <renewal@test.ex> R=server
+1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 ocsp 0
+1999-03-02 09:44:33 cipher TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
+1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -296,10 +340,10 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for timeout@test.ex
-1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <timeout@test.ex> R=server
-1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbX-0005vi-00@myhost.test.ex for timeout@test.ex
+1999-03-02 09:44:33 10HmbY-0005vi-00 => :blackhole: <timeout@test.ex> R=server
+1999-03-02 09:44:33 10HmbY-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 peer cert subject
1999-03-02 09:44:33 peer cert verified 0
@@ -307,6 +351,6 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for notreq@test.ex
-1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <notreq@test.ex> R=server
-1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for notreq@test.ex
+1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: <notreq@test.ex> R=server
+1999-03-02 09:44:33 10HmcA-0005vi-00 Completed
diff --git a/test/log/5891 b/test/log/5891
index 56c00dd37..986525dda 100644
--- a/test/log/5891
+++ b/test/log/5891
@@ -74,61 +74,62 @@
1999-03-02 09:44:33 10HmbI-0005vi-00 bits 256
1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbJ-0005vi-00"
1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_getticket@test.ex
+1999-03-02 09:44:33 10HmbK-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
1999-03-02 09:44:33 10HmbK-0005vi-00 tls_out_resumption client requested new ticket, server provided
1999-03-02 09:44:33 10HmbK-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified 0
1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbK-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbK-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbL-0005vi-00"
1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for noverify_resume@test.ex
1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 0
1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbM-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbM-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
-1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbP-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbP-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00"
-1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified 1
-1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp 1
-1999-03-02 09:44:33 10HmbR-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
-1999-03-02 09:44:33 10HmbR-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
-1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
+1999-03-02 09:44:33 10HmbO-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbO-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbO-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbO-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbP-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
@@ -137,10 +138,10 @@
1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbT-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbT-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
-1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed
1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified 1
@@ -148,8 +149,30 @@
1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp 1
1999-03-02 09:44:33 10HmbV-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 10HmbV-0005vi-00 bits 256
-1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbW-0005vi-00"
+1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbW-0005vi-00"
1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
+1999-03-02 09:44:33 10HmbX-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbX-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbX-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbX-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbY-0005vi-00"
+1999-03-02 09:44:33 10HmbX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
+1999-03-02 09:44:33 10HmbZ-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbZ-0005vi-00 our cert subject
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified 1
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp 1
+1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbZ-0005vi-00 bits 256
+1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmcA-0005vi-00"
+1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
@@ -231,7 +254,6 @@
1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@myhost.test.ex for notreq@test.ex
1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <notreq@test.ex> R=server
1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -240,8 +262,8 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for getticket@test.ex
-1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for noverify_getticket@test.ex
+1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <noverify_getticket@test.ex> R=server
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
@@ -251,10 +273,33 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
-1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <xyz@test.ex> R=server
-1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for noverify_resume@test.ex
+1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <noverify_resume@test.ex> R=server
1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 ocsp 0
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@myhost.test.ex for getticket@test.ex
+1999-03-02 09:44:33 10HmbP-0005vi-00 => :blackhole: <getticket@test.ex> R=server
+1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
+1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn
+1999-03-02 09:44:33 ocsp 0
+1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits 256
+1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <xyz@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <resume@test.ex> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption not requested or offered
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -263,9 +308,9 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for abcd@test.ex
-1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <abcd@test.ex> R=server
-1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@myhost.test.ex for abcd@test.ex
+1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <abcd@test.ex> R=server
+1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -274,9 +319,9 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbP-0005vi-00@myhost.test.ex for renewal@test.ex
-1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <renewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for renewal@test.ex
+1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <renewal@test.ex> R=server
+1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption session resumed
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -285,9 +330,9 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for postrenewal@test.ex
-1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
-1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for postrenewal@test.ex
+1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
+1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -296,9 +341,9 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for timeout@test.ex
-1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <timeout@test.ex> R=server
-1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbX-0005vi-00@myhost.test.ex for timeout@test.ex
+1999-03-02 09:44:33 10HmbY-0005vi-00 => :blackhole: <timeout@test.ex> R=server
+1999-03-02 09:44:33 10HmbY-0005vi-00 Completed
1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
1999-03-02 09:44:33 our cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
1999-03-02 09:44:33 peer cert subject
@@ -307,6 +352,6 @@
1999-03-02 09:44:33 ocsp 0
1999-03-02 09:44:33 cipher TLS1.x:ke-RSA-AES256-SHAnnn:xxx
1999-03-02 09:44:33 bits 256
-1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for notreq@test.ex
-1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <notreq@test.ex> R=server
-1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for notreq@test.ex
+1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: <notreq@test.ex> R=server
+1999-03-02 09:44:33 10HmcA-0005vi-00 Completed
diff --git a/test/scripts/5890-Resume-GnuTLS/5890 b/test/scripts/5890-Resume-GnuTLS/5890
index 9db5403b9..d54973cef 100644
--- a/test/scripts/5890-Resume-GnuTLS/5890
+++ b/test/scripts/5890-Resume-GnuTLS/5890
@@ -29,9 +29,16 @@ Test message.
exim -odf notreq@test.ex
Test message, not requesting resumption.
****
+sudo rm -f DIR/spool/db/tls
+exim -odf -DVALUE=resume noverify_getticket@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
+exim -odf -DVALUE=resume noverify_resume@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
killdaemon
sleep 1
-sudo rm DIR/spool/db/tls
+sudo rm -f DIR/spool/db/tls
#
#
### TLS1.3
diff --git a/test/scripts/5891-Resume-OpenSSL/5891 b/test/scripts/5891-Resume-OpenSSL/5891
index 58631f55e..6c04424ce 100644
--- a/test/scripts/5891-Resume-OpenSSL/5891
+++ b/test/scripts/5891-Resume-OpenSSL/5891
@@ -24,6 +24,13 @@ Test message.
exim -odf notreq@test.ex
Test message, not requesting resumption.
****
+sudo rm -f DIR/spool/db/tls
+exim -odf -DVALUE=resume noverify_getticket@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
+exim -odf -DVALUE=resume noverify_resume@test.ex
+Dest on this means the server cert will not verify (but try_verify will permit it)
+****
killdaemon
sleep 1
sudo rm -f DIR/spool/db/tls
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 17:39:56 +0000