DANE/GnuTLS: split verification of mixed sets of TLSA records by usage

This is because we cannot do the required CA-anchor and names checks for TA-mode and not for EE-mode, without knowing which usage TLSA was used.
author: Jeremy Harris <jgh146exb@wizmail.org> 2017-12-22 17:19:37 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2017-12-22 20:42:38 +0000
commit: 94c1328507098238ae5ec784150c1ae58f3b3118 (patch)
tree: 33f9a1ecdf808459581ec9f5254cc5e5fd33ccb1 /test/scripts/5820-DANE-GnuTLS/5820
parent: 2b01e5359b79cfa9b31296700eb7fc5ae69162c5 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/test/scripts/5820-DANE-GnuTLS/5820 b/test/scripts/5820-DANE-GnuTLS/5820
index f5ac4a7fe..652661cc1 100644
--- a/test/scripts/5820-DANE-GnuTLS/5820
+++ b/test/scripts/5820-DANE-GnuTLS/5820
@@ -102,9 +102,16 @@ exim -odf CALLER@danebroken6.test.ex
 Testing
 ****
 #
+### A server with a mixed-usage set of TLSAs - the EE-mode one failing verify (should deliver, DANE-mode)
+# that way round to excersize more code in the implementation
+exim -odf CALLER@danemixed.test.ex
+Testing
+****
+#
 killdaemon
-
-
+#
+#
+#
 ### A server with a name not matching the cert.  TA-mode; should fail
 exim -DSERVER=server -DDETAILS=cert.net -bd -oX PORT_D
 ****
author	Jeremy Harris <jgh146exb@wizmail.org>	2017-12-22 17:19:37 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2017-12-22 20:42:38 +0000
commit	94c1328507098238ae5ec784150c1ae58f3b3118 (patch)
tree	33f9a1ecdf808459581ec9f5254cc5e5fd33ccb1 /test/scripts/5820-DANE-GnuTLS/5820
parent	2b01e5359b79cfa9b31296700eb7fc5ae69162c5 (diff)