summaryrefslogtreecommitdiff
path: root/test/confs/2112
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-11-22 19:16:19 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-01-12 18:58:33 +0000
commit01a4a5c5cbaa40ca618d3e233991ce183b551477 (patch)
treebbef9f6e942157f611d0db4d70dbbeabca9e0337 /test/confs/2112
parentad07e9add2a9959a2cc07c996452fcfc10ccab9f (diff)
Move certificate name checking to mainline, default enabled
This is an exim client checking a server certificate.
Diffstat (limited to 'test/confs/2112')
-rw-r--r--test/confs/211256
1 files changed, 30 insertions, 26 deletions
diff --git a/test/confs/2112 b/test/confs/2112
index 4751e6015..2c81e0cf3 100644
--- a/test/confs/2112
+++ b/test/confs/2112
@@ -104,6 +104,7 @@ send_to_server_failcert:
tls_privatekey = CERT2
tls_verify_certificates = CA2
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok
send_to_server_retry:
@@ -117,6 +118,7 @@ send_to_server_retry:
tls_verify_certificates = \
${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
+ tls_verify_cert_hostnames =
# this will fail to verify the cert but continue unverified though crypted
send_to_server_crypt:
@@ -130,6 +132,7 @@ send_to_server_crypt:
tls_verify_certificates = CA2
tls_try_verify_hosts = *
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted
send_to_server_req_fail:
@@ -142,31 +145,32 @@ send_to_server_req_fail:
tls_verify_certificates = CA2
tls_verify_hosts = *
-
-# # this will fail to verify the cert name and fallback to unencrypted
-# send_to_server_req_failname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = server1.example.net : server1.example.org
-# tls_verify_hosts = *
-#
-# # this will pass the cert verify including name check
-# send_to_server_req_passname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = noway.example.com : server1.example.com
-# tls_verify_hosts = *
+ tls_verify_cert_hostnames =
+
+ # this will fail to verify the cert name and fallback to unencrypted
+ send_to_server_req_failname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = server1.example.net : server1.example.org
+ tls_verify_hosts = *
+
+ # this will pass the cert verify including name check
+ send_to_server_req_passname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = noway.example.com : server1.example.com
+ tls_verify_hosts = *
# End