summaryrefslogtreecommitdiff
path: root/test/confs
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-11-22 19:16:19 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-01-12 18:58:33 +0000
commit01a4a5c5cbaa40ca618d3e233991ce183b551477 (patch)
treebbef9f6e942157f611d0db4d70dbbeabca9e0337 /test/confs
parentad07e9add2a9959a2cc07c996452fcfc10ccab9f (diff)
Move certificate name checking to mainline, default enabled
This is an exim client checking a server certificate.
Diffstat (limited to 'test/confs')
-rw-r--r--test/confs/201256
-rw-r--r--test/confs/211256
-rw-r--r--test/confs/56014
-rw-r--r--test/confs/56084
-rw-r--r--test/confs/56514
-rw-r--r--test/confs/56584
-rw-r--r--test/confs/57501
-rw-r--r--test/confs/57601
-rw-r--r--test/confs/58401
9 files changed, 79 insertions, 52 deletions
diff --git a/test/confs/2012 b/test/confs/2012
index 97dc25e75..6bc5487ff 100644
--- a/test/confs/2012
+++ b/test/confs/2012
@@ -104,6 +104,7 @@ send_to_server_failcert:
tls_privatekey = CERT2
tls_verify_certificates = CA2
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok
send_to_server_retry:
@@ -117,6 +118,7 @@ send_to_server_retry:
tls_verify_certificates = \
${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
+ tls_verify_cert_hostnames =
# this will fail to verify the cert but continue unverified though crypted
send_to_server_crypt:
@@ -130,6 +132,7 @@ send_to_server_crypt:
tls_verify_certificates = CA2
tls_try_verify_hosts = *
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted
send_to_server_req_fail:
@@ -142,31 +145,32 @@ send_to_server_req_fail:
tls_verify_certificates = CA2
tls_verify_hosts = *
-
-# # this will fail to verify the cert name and fallback to unencrypted
-# send_to_server_req_failname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = server1.example.net : server1.example.org
-# tls_verify_hosts = *
-#
-# # this will pass the cert verify including name check
-# send_to_server_req_passname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = noway.example.com : server1.example.com
-# tls_verify_hosts = *
+ tls_verify_cert_hostnames =
+
+ # this will fail to verify the cert name and fallback to unencrypted
+ send_to_server_req_failname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = server1.example.net : server1.example.org
+ tls_verify_hosts = *
+
+ # this will pass the cert verify including name check
+ send_to_server_req_passname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = noway.example.com : server1.example.com
+ tls_verify_hosts = *
# End
diff --git a/test/confs/2112 b/test/confs/2112
index 4751e6015..2c81e0cf3 100644
--- a/test/confs/2112
+++ b/test/confs/2112
@@ -104,6 +104,7 @@ send_to_server_failcert:
tls_privatekey = CERT2
tls_verify_certificates = CA2
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok
send_to_server_retry:
@@ -117,6 +118,7 @@ send_to_server_retry:
tls_verify_certificates = \
${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
+ tls_verify_cert_hostnames =
# this will fail to verify the cert but continue unverified though crypted
send_to_server_crypt:
@@ -130,6 +132,7 @@ send_to_server_crypt:
tls_verify_certificates = CA2
tls_try_verify_hosts = *
+ tls_verify_cert_hostnames =
# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted
send_to_server_req_fail:
@@ -142,31 +145,32 @@ send_to_server_req_fail:
tls_verify_certificates = CA2
tls_verify_hosts = *
-
-# # this will fail to verify the cert name and fallback to unencrypted
-# send_to_server_req_failname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = server1.example.net : server1.example.org
-# tls_verify_hosts = *
-#
-# # this will pass the cert verify including name check
-# send_to_server_req_passname:
-# driver = smtp
-# allow_localhost
-# hosts = HOSTIPV4
-# port = PORT_D
-# tls_certificate = CERT2
-# tls_privatekey = CERT2
-#
-# tls_verify_certificates = CA1
-# tls_verify_cert_hostnames = noway.example.com : server1.example.com
-# tls_verify_hosts = *
+ tls_verify_cert_hostnames =
+
+ # this will fail to verify the cert name and fallback to unencrypted
+ send_to_server_req_failname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = server1.example.net : server1.example.org
+ tls_verify_hosts = *
+
+ # this will pass the cert verify including name check
+ send_to_server_req_passname:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_certificate = CERT2
+ tls_privatekey = CERT2
+
+ tls_verify_certificates = CA1
+ tls_verify_cert_hostnames = noway.example.com : server1.example.com
+ tls_verify_hosts = *
# End
diff --git a/test/confs/5601 b/test/confs/5601
index 3e97fcbea..1a7320300 100644
--- a/test/confs/5601
+++ b/test/confs/5601
@@ -90,6 +90,7 @@ send_to_server1:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
@@ -102,6 +103,7 @@ send_to_server2:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
@@ -115,6 +117,7 @@ send_to_server3:
port = PORT_D
helo_data = helo.data.changed
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
@@ -128,6 +131,7 @@ send_to_server4:
port = PORT_D
helo_data = helo.data.changed
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
diff --git a/test/confs/5608 b/test/confs/5608
index da0f6707f..6061a1343 100644
--- a/test/confs/5608
+++ b/test/confs/5608
@@ -98,6 +98,7 @@ send_to_server1:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
headers_add = X-TLS-out: ocsp status $tls_out_ocsp
@@ -110,6 +111,7 @@ send_to_server2:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
headers_add = X-TLS-out: ocsp status $tls_out_ocsp
@@ -123,6 +125,7 @@ send_to_server3:
port = PORT_D
helo_data = helo.data.changed
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
headers_add = X-TLS-out: ocsp status $tls_out_ocsp
@@ -136,6 +139,7 @@ send_to_server4:
port = PORT_D
helo_data = helo.data.changed
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
diff --git a/test/confs/5651 b/test/confs/5651
index 6b70d33b2..19f16d03d 100644
--- a/test/confs/5651
+++ b/test/confs/5651
@@ -88,6 +88,7 @@ send_to_server1:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -100,6 +101,7 @@ send_to_server2:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -114,6 +116,7 @@ send_to_server3:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -128,6 +131,7 @@ send_to_server4:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
diff --git a/test/confs/5658 b/test/confs/5658
index 7ab2de68f..de486e083 100644
--- a/test/confs/5658
+++ b/test/confs/5658
@@ -95,6 +95,7 @@ send_to_server1:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -108,6 +109,7 @@ send_to_server2:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -123,6 +125,7 @@ send_to_server3:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
@@ -138,6 +141,7 @@ send_to_server4:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
diff --git a/test/confs/5750 b/test/confs/5750
index 364f73a90..d1e2e7ce0 100644
--- a/test/confs/5750
+++ b/test/confs/5750
@@ -104,6 +104,7 @@ send_to_server:
${if eq {$local_part}{good}\
{example.com/server1.example.com/ca_chain.pem}\
{example.net/server1.example.net/ca_chain.pem}}
+ tls_verify_cert_hostnames =
event_action = ${acl {logger} {$event_name} {$domain} }
diff --git a/test/confs/5760 b/test/confs/5760
index 60f386ba4..80dde3e15 100644
--- a/test/confs/5760
+++ b/test/confs/5760
@@ -104,6 +104,7 @@ send_to_server:
${if eq {$local_part}{good}\
{example.com/server1.example.com/ca_chain.pem}\
{example.net/server1.example.net/ca_chain.pem}}
+ tls_verify_cert_hostnames =
event_action = ${acl {logger} {$event_name} {$domain} }
diff --git a/test/confs/5840 b/test/confs/5840
index 2c72b64c3..5c0f6a51d 100644
--- a/test/confs/5840
+++ b/test/confs/5840
@@ -68,6 +68,7 @@ send_to_server:
hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
{= {0}{$tls_out_tlsa_usage}} } \
{*}{}}
+ tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
tls_try_verify_hosts = thishost.test.ex
tls_verify_certificates = CDIR2/ca_chain.pem