3 files changed, 26 insertions, 5 deletions

diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index 78c0afd61..99aaa0b7a 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -38,8 +38,6 @@ exim -z '2: Server does not staple an outdated response'
 exim -bd -oX PORT_D -DSERVER=server \
  -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
 ****
-# XXX test sequence might not be quite right; this is for a server refusal
-# and we're expecting a client refusal.
 client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
 ??? 220
 ehlo rhu.barb
@@ -50,7 +48,7 @@ ehlo rhu.barb
 ??? 250-
 ??? 250
 starttls
-??? 220
+??? 454
 ****
 killdaemon
 #
@@ -76,7 +74,7 @@ ehlo rhu.barb
 ??? 250-
 ??? 250
 starttls
-??? 220
+??? 454
 ****
 killdaemon
 #
diff --git a/test/scripts/5650-OCSP-GnuTLS/5652 b/test/scripts/5650-OCSP-GnuTLS/5652
index 4a33ea862..9130f65e6 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5652
+++ b/test/scripts/5650-OCSP-GnuTLS/5652
@@ -1,4 +1,4 @@
-# OCSP stapling, server, multiple certs
+# OCSP stapling, server, multiple leaf certs
 #
 #
 #
diff --git a/test/scripts/5650-OCSP-GnuTLS/5653 b/test/scripts/5650-OCSP-GnuTLS/5653
new file mode 100644
index 000000000..55cea8b31
--- /dev/null
+++ b/test/scripts/5650-OCSP-GnuTLS/5653
@@ -0,0 +1,23 @@
+# OCSP stapling, server, multiple chain-element OCSP
+#
+#
+#
+exim -z '1: Server sends good staple on request, to client requiring RSA auth'
+****
+#
+exim -d+all -bd -oX PORT_D -DSERVER=server
+****
+exim -odf \
+  -DOPT=NONE:+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 \
+  -DCERT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
+  rsa.auth@test.ex
+Subject: test
+
+.
+****
+killdaemon
+#
+#
+#
+#
+no_msglog_check