summaryrefslogtreecommitdiff
path: root/test/stdout
diff options
context:
space:
mode:
Diffstat (limited to 'test/stdout')
-rw-r--r--test/stdout/201488
-rw-r--r--test/stdout/211486
-rw-r--r--test/stdout/58002
-rw-r--r--test/stdout/582045
-rw-r--r--test/stdout/584032
5 files changed, 205 insertions, 48 deletions
diff --git a/test/stdout/2014 b/test/stdout/2014
index c7aab62f1..cb24d0561 100644
--- a/test/stdout/2014
+++ b/test/stdout/2014
@@ -1,3 +1,4 @@
+### No certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
@@ -21,6 +22,7 @@ Attempting to start TLS
A TLS fatal alert has been received.
Failed to start TLS
End of script
+### No certificate, certificate optional at TLS time, required by ACL
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
@@ -55,9 +57,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Good certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu3.barb
@@ -88,9 +91,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Good certificate, certificate optional at TLS time, checked by ACL
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu4.barb
@@ -121,9 +125,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Bad certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu5.barb
@@ -143,11 +148,13 @@ Key file = aux-fixed/cert1
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-Succeeded in starting TLS
+A TLS fatal alert has been received.
+Failed to start TLS
End of script
+### Bad certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu6.barb
@@ -172,17 +179,16 @@ Succeeded in starting TLS
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
-??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Suite,CN=Phil Pennock
+<<< 550 certificate not verified: peerdn=
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Otherwise good but revoked certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu7.barb
@@ -204,9 +210,10 @@ Key file = aux-fixed/cert2
Attempting to start TLS
Succeeded in starting TLS
End of script
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu8.barb
@@ -231,11 +238,54 @@ Succeeded in starting TLS
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
-??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Suite,CN=Phil Pennock
+<<< 550 certificate not verified: peerdn=CN=revoked1.example.com
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Good certificate, certificate required - but nonmatching CRL also present
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+
+******** SERVER ********
+### No certificate, certificate required
+### No certificate, certificate optional at TLS time, required by ACL
+### Good certificate, certificate required
+### Good certificate, certificate optional at TLS time, checked by ACL
+### Bad certificate, certificate required
+### Bad certificate, certificate optional at TLS time, reject at ACL time
+### Otherwise good but revoked certificate, certificate required
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
+### Good certificate, certificate required - but nonmatching CRL also present
diff --git a/test/stdout/2114 b/test/stdout/2114
index 061134789..c3fa9ce98 100644
--- a/test/stdout/2114
+++ b/test/stdout/2114
@@ -1,3 +1,4 @@
+### No certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
@@ -21,6 +22,7 @@ Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:[...]:SSL alert number 40
Failed to start TLS
End of script
+### No certificate, certificate optional at TLS time, required by ACL
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
@@ -56,9 +58,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Good certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -90,9 +93,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Good certificate, certificate optional at TLS time, checked by ACL
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -124,9 +128,10 @@ Succeeded in starting TLS
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Bad certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -149,9 +154,10 @@ Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:[...]:SSL alert number 48
Failed to start TLS
End of script
+### Bad certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -177,17 +183,16 @@ Succeeded in starting TLS
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
-??? 550-
-<<< 550-certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test
??? 550
-<<< 550 Suite/CN=Phil Pennock
+<<< 550 certificate not verified: peerdn=/CN=server1.example.net
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Otherwise good but revoked certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -210,9 +215,10 @@ Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked:[...]:SSL alert number 44
Failed to start TLS
End of script
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = aux-fixed/cert1
-Key file = aux-fixed/cert1
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
@@ -238,11 +244,55 @@ Succeeded in starting TLS
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
-??? 550-
-<<< 550-certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test
??? 550
-<<< 550 Suite/CN=Phil Pennock
+<<< 550 certificate not verified: peerdn=/CN=revoked1.example.com
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+### Good certificate, certificate required - but nonmatching CRL also present
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+
+******** SERVER ********
+### No certificate, certificate required
+### No certificate, certificate optional at TLS time, required by ACL
+### Good certificate, certificate required
+### Good certificate, certificate optional at TLS time, checked by ACL
+### Bad certificate, certificate required
+### Bad certificate, certificate optional at TLS time, reject at ACL time
+### Otherwise good but revoked certificate, certificate required
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
+### Good certificate, certificate required - but nonmatching CRL also present
diff --git a/test/stdout/5800 b/test/stdout/5800
index b9c64fea0..a2c4ae476 100644
--- a/test/stdout/5800
+++ b/test/stdout/5800
@@ -1,4 +1,4 @@
>
-> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
+> dnslookup tlsa: 3 1 2 69e8a5ddf24df2c51dc503959d26e621be4ce3853f71890512de3ae3390c5749ef3368dd4d274669b0653da8c3663f12ca092cd98e5e242e4de57ee6aa01cde1
>
>
diff --git a/test/stdout/5820 b/test/stdout/5820
new file mode 100644
index 000000000..49dac098a
--- /dev/null
+++ b/test/stdout/5820
@@ -0,0 +1,45 @@
+### TLSA (3 1 1)
+### TLSA (3 1 2)
+### Recipient callout
+
+**** SMTP testing session as if from host 127.0.0.1
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+421 myhost.test.ex lost input connection
+### TLSA (2 0 1)
+### A server with a nonverifying cert and no TLSA
+### A server with a verifying cert and no TLSA
+### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
+### A server lacking a TLSA, dane required (should fail)
+### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
+### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
+### A server securely saying "no TLSA records here", dane required (delivery should fail)
+### A server securely saying "no TLSA records here", dane requested only (should deliver)
+### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
+### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good TLSA record, dane required (delivery should fail)
+### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good A record, dane required (delivery should fail)
+
+******** SERVER ********
+### TLSA (3 1 1)
+### TLSA (3 1 2)
+### Recipient callout
+### TLSA (2 0 1)
+### A server with a nonverifying cert and no TLSA
+### A server with a verifying cert and no TLSA
+### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
+### A server lacking a TLSA, dane required (should fail)
+### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
+### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
+### A server securely saying "no TLSA records here", dane required (delivery should fail)
+### A server securely saying "no TLSA records here", dane requested only (should deliver)
+### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
+### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good TLSA record, dane required (delivery should fail)
+### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good A record, dane required (delivery should fail)
diff --git a/test/stdout/5840 b/test/stdout/5840
index 32425d2e2..36a3bd158 100644
--- a/test/stdout/5840
+++ b/test/stdout/5840
@@ -11,25 +11,37 @@
250 Accepted
421 myhost.test.ex lost input connection
### TLSA (2 0 1)
+### TLSA (2 1 1)
### A server with a nonverifying cert and no TLSA
### A server with a verifying cert and no TLSA
-### A server with two MXs for which both TLSA lookups return defer
+### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
### A server lacking a TLSA, dane required (should fail)
-### A server lacking a TLSA, dane requested only (should fail, as the NXDOMAIN is not DNSSEC)
-### A server where the A is dnssec and the TLSA _fails_
-### A server securely saying "no TLSA records here", dane required (should fail)
-### A server securely saying "no TLSA records here", dane requested only (should transmit)
+### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
+### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
+### A server securely saying "no TLSA records here", dane required (delivery should fail)
+### A server securely saying "no TLSA records here", dane requested only (should deliver)
+### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
+### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good TLSA record, dane required (delivery should fail)
+### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good A record, dane required (delivery should fail)
******** SERVER ********
### TLSA (3 1 1)
### TLSA (3 1 2)
### Recipient callout
### TLSA (2 0 1)
+### TLSA (2 1 1)
### A server with a nonverifying cert and no TLSA
### A server with a verifying cert and no TLSA
-### A server with two MXs for which both TLSA lookups return defer
+### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
### A server lacking a TLSA, dane required (should fail)
-### A server lacking a TLSA, dane requested only (should fail, as the NXDOMAIN is not DNSSEC)
-### A server where the A is dnssec and the TLSA _fails_
-### A server securely saying "no TLSA records here", dane required (should fail)
-### A server securely saying "no TLSA records here", dane requested only (should transmit)
+### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
+### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
+### A server securely saying "no TLSA records here", dane required (delivery should fail)
+### A server securely saying "no TLSA records here", dane requested only (should deliver)
+### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
+### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good TLSA record, dane required (delivery should fail)
+### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
+### A server insecurely serving a good A record, dane required (delivery should fail)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 12:17:12 +0000