diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-06 21:22:18 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-06 21:22:18 +0000 |
commit | a320fabd09f43c02c869c90a5a5a70a49dd77f89 (patch) | |
tree | 341ccb129d815e0c2daa6c0b8531fc0d4756eb7d /test/confs/5440 | |
parent | 09c17790eec23907b93df1ec7cee746b28dfc836 (diff) |
EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host
connected-to, not be list of acceptable names. The name checked is the
host name.
Diffstat (limited to 'test/confs/5440')
-rw-r--r-- | test/confs/5440 | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/test/confs/5440 b/test/confs/5440 index 03d9916fb..01ba52532 100644 --- a/test/confs/5440 +++ b/test/confs/5440 @@ -1,5 +1,5 @@ # Exim test configuration 5440 -# TLS client: verify certificate from server - fails +# TLS client: verify certificate from server - name-fails SERVER= @@ -131,11 +131,12 @@ send_to_server_crypt: tls_verify_certificates = CA2 tls_try_verify_hosts = * -# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted +# this will fail to verify the cert at HOSTNAME and fallback to unencrypted +# Fail due to lack of correct CA send_to_server_req_fail: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 @@ -144,29 +145,31 @@ send_to_server_req_fail: tls_verify_hosts = * # this will fail to verify the cert name and fallback to unencrypted +# fail because the cert is "server1.example.com" and the test system is something else send_to_server_req_failname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = server1.example.net : server1.example.org + tls_verify_cert_hostnames = * tls_verify_hosts = * # this will pass the cert verify including name check +# our stunt DNS has an A record for server1.example.com -> HOSTIPV4 send_to_server_req_passname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = server1.example.com port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = noway.example.com : server1.example.com + tls_verify_cert_hostnames = * tls_verify_hosts = * # End |