summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--test/log/56006
-rw-r--r--test/scripts/5600-OCSP-OpenSSL/560045
-rw-r--r--test/scripts/5650-OCSP-GnuTLS/56503
-rw-r--r--test/src/client.c6
-rw-r--r--test/stdout/560053
5 files changed, 104 insertions, 9 deletions
diff --git a/test/log/5600 b/test/log/5600
index a680612a7..65ce55118 100644
--- a/test/log/5600
+++ b/test/log/5600
@@ -1,7 +1,13 @@
+1999-03-02 09:44:33 1: Server sends good staple on request
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified)
+1999-03-02 09:44:33 2: Server does not staple an outdated response
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
+1999-03-02 09:44:33 3: Server does not staple a response for a revoked cert
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
+1999-03-02 09:44:33 4: Connection functions when server is prepared to staple but client does not request it
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq)
diff --git a/test/scripts/5600-OCSP-OpenSSL/5600 b/test/scripts/5600-OCSP-OpenSSL/5600
index c7a700fde..2e63d0e0a 100644
--- a/test/scripts/5600-OCSP-OpenSSL/5600
+++ b/test/scripts/5600-OCSP-OpenSSL/5600
@@ -2,7 +2,9 @@
#
#
#
-# 1: Server sends good staple on request
+exim -z '1: Server sends good staple on request'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
@@ -30,7 +32,9 @@ killdaemon
#
#
#
-# 2: Server does not staple an outdated response
+exim -z '2: Server does not staple an outdated response'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
****
@@ -54,7 +58,9 @@ killdaemon
#
#
#
-# 3: Server does not staple a response for a revoked cert
+exim -z '3: Server does not staple a response for a revoked cert'
+****
+#
exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
****
@@ -78,3 +84,36 @@ killdaemon
#
#
#
+exim -z '4: Connection functions when server is prepared to staple but client does not request it'
+****
+#
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+****
+#
+client-ssl \
+ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+ehlo rhu.barb.tls
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+quit
+****
+killdaemon
+#
+#
+#
+#
+#
diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index 343d6af2f..749d87048 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -91,9 +91,6 @@ exim -bd -oX PORT_D -DSERVER=server \
-DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
#
-# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
-# stapling
-#
client-gnutls \
HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
diff --git a/test/src/client.c b/test/src/client.c
index dd7df5bd6..ee00912bc 100644
--- a/test/src/client.c
+++ b/test/src/client.c
@@ -84,9 +84,9 @@ latter needs a whole pile of tables. */
# if GNUTLS_VERSION_NUMBER >= 0x030103
# define HAVE_OCSP
# include <gnutls/ocsp.h>
-# ifndef GNUTLS_NO_EXTENSIONS
-# define GNUTLS_NO_EXTENSIONS 0
-# endif
+# endif
+# ifndef GNUTLS_NO_EXTENSIONS
+# define GNUTLS_NO_EXTENSIONS 0
# endif
# define DH_BITS 768
diff --git a/test/stdout/5600 b/test/stdout/5600
index ce8638213..d2d28dce6 100644
--- a/test/stdout/5600
+++ b/test/stdout/5600
@@ -133,3 +133,56 @@ SSL info: SSL negotiation finished successfully
SSL connection using AES256-SHA
Succeeded in starting TLS
End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv3 read server hello A
+SSL info: SSLv3 read server certificate A
+SSL info: SSLv3 read server certificate request A
+SSL info: SSLv3 read server done A
+SSL info: SSLv3 write client certificate A
+SSL info: SSLv3 write client key exchange A
+SSL info: SSLv3 write certificate verify A
+SSL info: SSLv3 write change cipher spec A
+SSL info: SSLv3 write finished A
+SSL info: SSLv3 flush data
+SSL info: SSLv3 read server session ticket A
+SSL info: SSLv3 read finished A
+SSL info: SSL negotiation finished successfully
+SSL info: SSL negotiation finished successfully
+SSL connection using AES256-SHA
+Succeeded in starting TLS
+>>> ehlo rhu.barb.tls
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb.tls [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250
+<<< 250 HELP
+>>> quit
+End of script