diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-06-04 20:28:25 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-06-04 21:54:52 +0100 |
| commit | b3ef41c94af9aefec7b6855cf2ce73ffeaba9d9a (patch) | |
| tree | b4a58a99cfca03ab585d109fdf8484bf3b7f87fc /test | |
| parent | 93893bd908c58f8d97b1847a5b1f933267de3058 (diff) | |
TLS authenticator
Diffstat (limited to 'test')
| -rw-r--r-- | test/confs/3700 | 86 | ||||
| -rw-r--r-- | test/log/3700 | 13 | ||||
| -rwxr-xr-x | test/runtest | 3 | ||||
| -rw-r--r-- | test/scripts/3700-TLS-auth/3700 | 13 | ||||
| -rw-r--r-- | test/scripts/3700-TLS-auth/REQUIRES | 2 |
5 files changed, 117 insertions, 0 deletions
diff --git a/test/confs/3700 b/test/confs/3700 new file mode 100644 index 000000000..1565b5f79 --- /dev/null +++ b/test/confs/3700 @@ -0,0 +1,86 @@ +# Exim test configuration 3700 + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +log_selector = +received_recipients +outgoing_port + +# ----- Main settings ----- + +acl_smtp_mail = check_authd +acl_smtp_rcpt = check_authd +queue_only +queue_run_in_order +trusted_users = CALLER + +tls_on_connect_ports = PORT_S +tls_advertise_hosts = * +tls_certificate = DIR/aux-fixed/cert1 + +tls_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/cert2 + + +# ----- ACL ----- + +begin acl + +check_authd: + deny message = authentication required + !authenticated = * + accept + + +# ----- Authentication ----- + +begin authenticators + +tls: + driver = tls + server_debug_print = +++TLS \$auth1="$auth1" + server_param1 = ${quote:${certextract {subject,CN,>:} \ + {$tls_in_peercert}}} + server_condition = ${if def:auth1} + server_set_id = $auth1 + + +# ----- Routers ----- + +begin routers + +r1: + driver = accept + transport = ${if eq {$local_part}{smtps} {t2}{t1}} + + +# ----- Transports ----- + +begin transports + +t1: + driver = smtp + hosts = 127.0.0.1 + port = PORT_D + allow_localhost + tls_certificate = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert1 + tls_verify_cert_hostnames = : + +t2: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + protocol = smtps + allow_localhost + tls_certificate = DIR/aux-fixed/cert2 + tls_verify_certificates = DIR/aux-fixed/cert1 + tls_verify_cert_hostnames = : + +# End diff --git a/test/log/3700 b/test/log/3700 new file mode 100644 index 000000000..0558c7f38 --- /dev/null +++ b/test/log/3700 @@ -0,0 +1,13 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for x@y +1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for smtps@y +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 and for SMTPS on port 1224 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y +1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y diff --git a/test/runtest b/test/runtest index c95e5a021..616ded37c 100755 --- a/test/runtest +++ b/test/runtest @@ -1375,6 +1375,9 @@ $munges = 'delay_1500' => { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' }, + 'tls_anycipher' => + { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' }, + }; diff --git a/test/scripts/3700-TLS-auth/3700 b/test/scripts/3700-TLS-auth/3700 new file mode 100644 index 000000000..e4b68607a --- /dev/null +++ b/test/scripts/3700-TLS-auth/3700 @@ -0,0 +1,13 @@ +# TLS authentication (server only) +munge tls_anycipher +# +exim -DSERVER=server -bd -oX PORT_D:PORT_S +**** +exim -f ok@test.ex x@y +**** +exim -f ok@test.ex smtps@y +**** +exim -q +**** +killdaemon +no_msglog_check diff --git a/test/scripts/3700-TLS-auth/REQUIRES b/test/scripts/3700-TLS-auth/REQUIRES new file mode 100644 index 000000000..1ce59ac37 --- /dev/null +++ b/test/scripts/3700-TLS-auth/REQUIRES @@ -0,0 +1,2 @@ +authenticator tls +running IPv4 |