diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-22 17:19:37 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-22 20:42:38 +0000 |
| commit | 94c1328507098238ae5ec784150c1ae58f3b3118 (patch) | |
| tree | 33f9a1ecdf808459581ec9f5254cc5e5fd33ccb1 /test/stderr | |
| parent | 2b01e5359b79cfa9b31296700eb7fc5ae69162c5 (diff) | |
DANE/GnuTLS: split verification of mixed sets of TLSA records by usage
This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.
Diffstat (limited to 'test/stderr')
| -rw-r--r-- | test/stderr/5820 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/test/stderr/5820 b/test/stderr/5820 index 43492b5f7..34fcb0fd4 100644 --- a/test/stderr/5820 +++ b/test/stderr/5820 @@ -79,6 +79,7 @@ LOG: unexpected disconnection while reading SMTP command from [127.0.0.1] D=qqs ### A server insecurely serving a good TLSA record, dane required (delivery should fail) ### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE) ### A server insecurely serving a good A record, dane required (delivery should fail) +### A server with a mixed-usage set of TLSAs - the EE-mode one failing verify (should deliver, DANE-mode) ### A server with a name not matching the cert. TA-mode; should fail ### A server with a name not matching the cert. EE-mode; should deliver and claim DANE mode @@ -100,5 +101,6 @@ LOG: unexpected disconnection while reading SMTP command from [127.0.0.1] D=qqs ### A server insecurely serving a good TLSA record, dane required (delivery should fail) ### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE) ### A server insecurely serving a good A record, dane required (delivery should fail) +### A server with a mixed-usage set of TLSAs - the EE-mode one failing verify (should deliver, DANE-mode) ### A server with a name not matching the cert. TA-mode; should fail ### A server with a name not matching the cert. EE-mode; should deliver and claim DANE mode |