diff options
author | Wolfgang Breyha <wbreyha@gmx.net> | 2014-03-15 14:16:05 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-03-15 14:18:16 +0000 |
commit | e8793bad207763b266bedcb9d859e238b6a3a04e (patch) | |
tree | 4bbe25c461740cf54a672db822214bc546df9b81 /test/confs | |
parent | 6a43fca1821be6919fe0660f8ee5ef4b07b6ae37 (diff) | |
parent | 02bf26279e41fa715e74ea45d2a5903635ad5ee1 (diff) |
Add tls_verify_hosts and tls_try_verify_hosts to smtp transport. Bug 1371
Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris
Diffstat (limited to 'test/confs')
-rw-r--r-- | test/confs/2112 | 65 |
1 files changed, 61 insertions, 4 deletions
diff --git a/test/confs/2112 b/test/confs/2112 index 78733513e..242d2d67c 100644 --- a/test/confs/2112 +++ b/test/confs/2112 @@ -1,4 +1,5 @@ # Exim test configuration 2112 +# TLS client: verify certificate from server - fails SERVER= @@ -35,18 +36,53 @@ tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail} begin routers -client: +server_dump: + driver = redirect + condition = ${if eq {SERVER}{server}{yes}{no}} + data = :blackhole: + +client_x: + driver = accept + local_parts = userx + retry_use_local_part + transport = send_to_server_failcert + errors_to = "" + +client_y: + driver = accept + local_parts = usery + retry_use_local_part + transport = send_to_server_retry + +client_z: driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} + local_parts = userz retry_use_local_part - transport = send_to_server + transport = send_to_server_crypt + +client_q: + driver = accept + local_parts = userq + retry_use_local_part + transport = send_to_server_req_fail # ----- Transports ----- begin transports -send_to_server: +# this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement +send_to_server_failcert: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + hosts_require_tls = HOSTIPV4 + port = PORT_D + tls_certificate = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert2 + +# this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok +send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 @@ -56,4 +92,25 @@ send_to_server: tls_verify_certificates = \ ${if eq{$host_address}{127.0.0.1}{DIR/aux-fixed/cert1}{DIR/aux-fixed/cert2}} +# this will fail to verify the cert but continue unverified though cypted +send_to_server_crypt: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + hosts_require_tls = HOSTIPV4 + port = PORT_D + tls_certificate = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert2 + tls_try_verify_hosts = * + +# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted +send_to_server_req_fail: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_certificate = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert2 + tls_verify_hosts = * + # End |