diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 15:14:54 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-12-11 16:54:54 +0000 |
| commit | 520ef00f56cea3d35688bf4e13599a6e37ba275f (patch) | |
| tree | d82a14604c5b1216213dcffcfe40ad43a715404b /test/confs/2031 | |
| parent | 4f7a93c27e3d43b44c42d3fc503f03b9b42ca622 (diff) | |
TLS: Fix handling for server cert/key file SNI re-expansion forced-fail
Diffstat (limited to 'test/confs/2031')
| -rw-r--r-- | test/confs/2031 | 62 |
1 files changed, 33 insertions, 29 deletions
diff --git a/test/confs/2031 b/test/confs/2031 index af27b2ffd..62577a61a 100644 --- a/test/confs/2031 +++ b/test/confs/2031 @@ -1,4 +1,4 @@ -# Exim test configuration 2030 +# Exim test configuration 2031 # SNI SERVER = @@ -17,21 +17,33 @@ remote_max_parallel = 1 tls_advertise_hosts = * -# Set certificate only if server - -tls_certificate = ${if eq {SERVER}{server} \ - {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ +tls_certificate = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badkey : noneistkeyfile : expansionfailkey} \ {cert1} \ - }\ - }fail} - -tls_privatekey = ${if eq {SERVER}{server} \ - {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \ - {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.pem} \ + {${if eq {$tls_in_sni}{badcert} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{nonexistcertfile} \ + {nonexistent_file} \ + fail \ + } } \ + } } \ + } } \ + } + +tls_privatekey = DIR/aux-fixed/${if inlist {$tls_in_sni}{ : normal : badcert : nonexistcertfile : expansionfailedcert} \ {cert1} \ - }\ - }fail} + {${if eq {$tls_in_sni}{alternate} \ + {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \ + {${if eq {$tls_in_sni}{badkey} \ + {cert2} \ + {${if eq {$tls_in_sni}{noneistkeyfile} \ + {nonexist_file} \ + fail \ + } } \ + } } \ + } } \ + } # ------ ACL ------ @@ -49,7 +61,7 @@ begin routers client: driver = accept condition = ${if !eq {SERVER}{server}} - transport = send_to_server${if eq{$local_part}{abcd}{2}{1}} + transport = send_to_server server: driver = redirect @@ -60,22 +72,14 @@ server: begin transports -send_to_server1: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - hosts_try_fastopen = : - tls_sni = fred - -send_to_server2: - driver = smtp +send_to_server: + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D + hosts = HOSTIPV4 + port = PORT_D hosts_try_fastopen = : - tls_sni = bill - + hosts_require_tls = * + tls_sni = ${local_part} # ----- Retry ----- |