diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-01-20 12:11:15 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-01-20 12:11:15 +0000 |
| commit | 7f3555b3d8e1fccfe8f5d450bdde367018a5e764 (patch) | |
| tree | d38a0a397ef24c93059fbee483f824f2b8b18ae9 /test/confs/5450 | |
| parent | 8497e842ec8a55daad7ce936aedf01227fa0f4d1 (diff) | |
Testsuite: Experimental_Certnames absorbed into mainline
Diffstat (limited to 'test/confs/5450')
| -rw-r--r-- | test/confs/5450 | 192 |
1 files changed, 0 insertions, 192 deletions
diff --git a/test/confs/5450 b/test/confs/5450 deleted file mode 100644 index 145bdc84e..000000000 --- a/test/confs/5450 +++ /dev/null @@ -1,192 +0,0 @@ -# Exim test configuration 5450 -# TLS client: verify certificate from server - name-fails - -SERVER= - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = myhost.test.ex -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME - -FX = DIR/aux-fixed -S1 = FX/exim-ca/example.com/server1.example.com - -CA1 = S1/ca_chain.pem -CERT1 = S1/server1.example.com.pem -KEY1 = S1/server1.example.com.unlocked.key -CA2 = FX/cert2 -CERT2 = FX/cert2 -KEY2 = FX/cert2 - -# ----- Main settings ----- - -acl_smtp_rcpt = accept - -log_selector = +tls_peerdn+tls_certificate_verified - -queue_only -queue_run_in_order - -tls_advertise_hosts = * - -# Set certificate only if server - -tls_certificate = ${if eq {SERVER}{server}{CERT1}fail} -tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail} - -tls_verify_hosts = * -tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail} - - -# ----- Routers ----- - -begin routers - -server_dump: - driver = redirect - condition = ${if eq {SERVER}{server}{yes}{no}} - data = :blackhole: - -client_x: - driver = accept - local_parts = userx - retry_use_local_part - transport = send_to_server_failcert - errors_to = "" - -client_y: - driver = accept - local_parts = usery - retry_use_local_part - transport = send_to_server_retry - -client_z: - driver = accept - local_parts = userz - retry_use_local_part - transport = send_to_server_crypt - -client_q: - driver = accept - local_parts = userq - retry_use_local_part - transport = send_to_server_req_fail - -client_r: - driver = accept - local_parts = userr - retry_use_local_part - transport = send_to_server_req_failname - -client_s: - driver = accept - local_parts = users - retry_use_local_part - transport = send_to_server_req_passname - -client_t: - driver = accept - local_parts = usert - retry_use_local_part - transport = send_to_server_req_failcarryon - - -# ----- Transports ----- - -begin transports - -# this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement -send_to_server_failcert: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA2 - -# this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok -send_to_server_retry: - driver = smtp - allow_localhost - hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = \ - ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}} - -# this will fail to verify the cert but continue unverified though crypted -send_to_server_crypt: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA2 - tls_try_verify_hosts = * - -# this will fail to verify the cert at HOSTNAME and fallback to unencrypted -# Fail due to lack of correct CA -send_to_server_req_fail: - driver = smtp - allow_localhost - hosts = HOSTNAME - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA2 - tls_verify_hosts = * - -# this will fail to verify the cert name and fallback to unencrypted -# fail because the cert is "server1.example.com" and the test system is something else -send_to_server_req_failname: - driver = smtp - allow_localhost - hosts = HOSTNAME - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = * - tls_verify_hosts = * - -# this will pass the cert verify including name check -# our stunt DNS has an A record for server1.example.com -> HOSTIPV4 -send_to_server_req_passname: - driver = smtp - allow_localhost - hosts = server1.example.com - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = * - tls_verify_hosts = * - -send_to_server_req_failcarryon: - driver = smtp - allow_localhost - hosts = HOSTNAME - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 - - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = * - tls_try_verify_hosts = * - -# End |