diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-16 19:11:45 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-16 19:11:45 +0100 |
| commit | a7fec7a71987d40dc09601ae33902d0a761887b9 (patch) | |
| tree | 50670d515f852f9893c723c355ec80199c3bc20d /test/confs/2132 | |
| parent | fe245072af3fdc4440da6cff246ac203a2759b09 (diff) | |
Handle certificate dir under GnuTLS, if recent enough
Add testcases for certificate directories
The GnuTLS implementation has been tested on Fedora 21 (alpha),
using GnuTLS 3.3.9. The testsuite case is here but with the
script commented-out. When enabled, the log/mail/stdout/stderr
files will be created fresh.
Diffstat (limited to 'test/confs/2132')
| -rw-r--r-- | test/confs/2132 | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/test/confs/2132 b/test/confs/2132 new file mode 100644 index 000000000..069249322 --- /dev/null +++ b/test/confs/2132 @@ -0,0 +1,74 @@ +# Exim test configuration 2132 (close copy of 2102) + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = check_recipient + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = 127.0.0.1 : HOSTIPV4 + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key + +tls_verify_hosts = HOSTIPV4 +tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/certdir + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept hosts = : + deny hosts = HOSTIPV4 + !encrypted = AES256-SHA : \ + AES256-GCM-SHA384 : \ + IDEA-CBC-MD5 : \ + DES-CBC3-SHA : \ + DHE-RSA-AES256-SHA : \ + DHE-RSA-AES256-GCM-SHA384 : \ + DHE_RSA_AES_256_CBC_SHA1 : \ + DHE_RSA_3DES_EDE_CBC_SHA + warn logwrite = ${if def:tls_in_ourcert \ + {Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \ + {We did not present a cert}} + accept condition = ${if !def:tls_in_peercert} + logwrite = Peer did not present a cert + accept logwrite = SN <${certextract {subject} {$tls_in_peercert}}> + + +# ----- Routers ----- + +begin routers + +abc: + driver = accept + retry_use_local_part + transport = local_delivery + headers_add = tls-certificate-verified: $tls_certificate_verified + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# End |