diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-20 21:14:06 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-20 22:03:23 +0000 |
commit | 28646fa9c74b94722eadd7bc2d9c285245aded80 (patch) | |
tree | 213e769b061562eb002237306a5da80b70c56d0c /test/scripts | |
parent | 944e8b37e80589aef9de20ea5fedd98bc0900307 (diff) |
DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing
Diffstat (limited to 'test/scripts')
-rw-r--r-- | test/scripts/5820-DANE-GnuTLS/5820 | 15 | ||||
-rw-r--r-- | test/scripts/5840-DANE-OpenSSL/5840 | 15 |
2 files changed, 30 insertions, 0 deletions
diff --git a/test/scripts/5820-DANE-GnuTLS/5820 b/test/scripts/5820-DANE-GnuTLS/5820 index 84684da53..f5ac4a7fe 100644 --- a/test/scripts/5820-DANE-GnuTLS/5820 +++ b/test/scripts/5820-DANE-GnuTLS/5820 @@ -103,4 +103,19 @@ Testing **** # killdaemon + + +### A server with a name not matching the cert. TA-mode; should fail +exim -DSERVER=server -DDETAILS=cert.net -bd -oX PORT_D +**** +exim -odf CALLER@danebroken7.example.com +Testing +**** +# +### A server with a name not matching the cert. EE-mode; should deliver and claim DANE mode +exim -odf CALLER@danebroken8.example.com +Testing +**** +# +killdaemon no_msglog_check diff --git a/test/scripts/5840-DANE-OpenSSL/5840 b/test/scripts/5840-DANE-OpenSSL/5840 index 7d86621cc..b1ea2f307 100644 --- a/test/scripts/5840-DANE-OpenSSL/5840 +++ b/test/scripts/5840-DANE-OpenSSL/5840 @@ -111,4 +111,19 @@ Testing **** # killdaemon + + +### A server with a name not matching the cert. TA-mode; should fail +exim -DSERVER=server -DDETAILS=cert.net -bd -oX PORT_D +**** +exim -odf CALLER@danebroken7.example.com +Testing +**** +# +### A server with a name not matching the cert. EE-mode; should deliver and claim DANE mode +exim -odf CALLER@danebroken8.example.com +Testing +**** +# +killdaemon no_msglog_check |