diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-09-17 16:28:58 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-09-17 16:28:58 +0100 |
| commit | 570cb1bdbc6ea378b2dcaf6ebabb45a5610ed1ef (patch) | |
| tree | 8d5da6ce3df0945e66b48e9a624984a54800c4d7 /test/confs | |
| parent | ebda598a4af7ead204e1f611ec066bb678a275d5 (diff) | |
DANE: fix TA-mode verify under GnuTLS. Bug 2311
Diffstat (limited to 'test/confs')
| -rw-r--r-- | test/confs/5820 | 2 | ||||
| -rw-r--r-- | test/confs/5822 | 67 | ||||
| -rw-r--r-- | test/confs/5840 | 2 | ||||
| -rw-r--r-- | test/confs/5842 | 64 |
4 files changed, 2 insertions, 133 deletions
diff --git a/test/confs/5820 b/test/confs/5820 index 72402881a..bcb1a8f34 100644 --- a/test/confs/5820 +++ b/test/confs/5820 @@ -70,7 +70,7 @@ send_to_server: hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = CDIR2/ca_chain.pem + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} diff --git a/test/confs/5822 b/test/confs/5822 deleted file mode 100644 index 80a8ef43b..000000000 --- a/test/confs/5822 +++ /dev/null @@ -1,67 +0,0 @@ -# Exim test configuration 5822 -# DANE/GnuTLS - -SERVER= - -.include DIR/aux-var/tls_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept logwrite = "rcpt ACL" - -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified - -queue_run_in_order - -tls_advertise_hosts = * -# needed to force generation -tls_dhparam = historic - -tls_certificate = ${if eq {SERVER}{server} {DIR/aux-fixed/cert1} fail} - -# ----- Routers ----- - -begin routers - -client: - driver = dnslookup - condition = ${if eq {SERVER}{}} - dnssec_request_domains = * - self = send - transport = send_to_server - errors_to = "" - -server: - driver = redirect - condition = ${if !eq {SERVER}{}} - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - port = PORT_D - - hosts_try_dane = * - hosts_require_dane = HOSTIPV4 - tls_verify_cert_hostnames = : - tls_try_verify_hosts = thishost.test.ex -# tls_verify_certificates = CDIR2/ca_chain.pem - - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/confs/5840 b/test/confs/5840 index 754945d6e..407846a8a 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -75,7 +75,7 @@ send_to_server: hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = CDIR2/ca_chain.pem + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} diff --git a/test/confs/5842 b/test/confs/5842 deleted file mode 100644 index be45e847c..000000000 --- a/test/confs/5842 +++ /dev/null @@ -1,64 +0,0 @@ -# Exim test configuration 5822 -# DANE/OpenSSL - -SERVER= - -.include DIR/aux-var/tls_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept logwrite = "rcpt ACL" - -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified - -queue_run_in_order - -tls_advertise_hosts = * - -tls_certificate = ${if eq {SERVER}{server} {DIR/aux-fixed/cert1} fail} - -# ----- Routers ----- - -begin routers - -client: - driver = dnslookup - condition = ${if eq {SERVER}{}} - dnssec_request_domains = * - self = send - transport = send_to_server - errors_to = "" - -server: - driver = redirect - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - port = PORT_D - - hosts_try_dane = * - hosts_require_dane = HOSTIPV4 - tls_verify_cert_hostnames = : - tls_try_verify_hosts = thishost.test.ex -# tls_verify_certificates = CDIR2/ca_chain.pem - - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End |