diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-16 19:11:45 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-16 19:11:45 +0100 |
| commit | a7fec7a71987d40dc09601ae33902d0a761887b9 (patch) | |
| tree | 50670d515f852f9893c723c355ec80199c3bc20d /test/confs/2032 | |
| parent | fe245072af3fdc4440da6cff246ac203a2759b09 (diff) | |
Handle certificate dir under GnuTLS, if recent enough
Add testcases for certificate directories
The GnuTLS implementation has been tested on Fedora 21 (alpha),
using GnuTLS 3.3.9. The testsuite case is here but with the
script commented-out. When enabled, the log/mail/stdout/stderr
files will be created fresh.
Diffstat (limited to 'test/confs/2032')
| -rw-r--r-- | test/confs/2032 | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/test/confs/2032 b/test/confs/2032 new file mode 100644 index 000000000..5a6099378 --- /dev/null +++ b/test/confs/2032 @@ -0,0 +1,73 @@ +# Exim test configuration 2032 (close copy of 2002) + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = check_recipient + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = 127.0.0.1 : HOSTIPV4 + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key + +tls_verify_hosts = HOSTIPV4 +tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/certdir + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept hosts = : + deny hosts = HOSTIPV4 + !encrypted = AES256-SHA : \ + AES256-GCM-SHA384 : \ + IDEA-CBC-MD5 : \ + DES-CBC3-SHA : \ + DHE_RSA_AES_256_CBC_SHA1 : \ + DHE_RSA_3DES_EDE_CBC_SHA : \ + RSA_AES_256_CBC_SHA1 + warn logwrite = ${if def:tls_in_ourcert \ + {Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \ + {We did not present a cert}} + accept condition = ${if !def:tls_in_peercert} + logwrite = Peer did not present a cert + accept logwrite = SN <${certextract {subject} {$tls_in_peercert}}> + + +# ----- Routers ----- + +begin routers + +abc: + driver = accept + retry_use_local_part + transport = local_delivery + headers_add = tls-certificate-verified: $tls_certificate_verified + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# End |