diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/confs/5652 | 82 | ||||
| -rw-r--r-- | test/log/5652 | 16 | ||||
| -rw-r--r-- | test/scripts/5650-OCSP-GnuTLS/5652 | 37 |
3 files changed, 135 insertions, 0 deletions
diff --git a/test/confs/5652 b/test/confs/5652 new file mode 100644 index 000000000..7dce363c2 --- /dev/null +++ b/test/confs/5652 @@ -0,0 +1,82 @@ +# Exim test configuration 5652 +# OCSP stapling, server, multiple certs + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = server1.example.com + +# ----- Main settings ----- + +acl_smtp_mail = check_mail +acl_smtp_rcpt = check_recipient + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +CADIR = DIR/aux-fixed/exim-ca +DRSA = CADIR/example.com +DECDSA = CADIR/example_ec.com + +tls_certificate = DRSA/server1.example.com/server1.example.com.pem \ + : DECDSA/server1.example_ec.com/server1.example_ec.com.pem +tls_privatekey = DRSA/server1.example.com/server1.example.com.unlocked.key \ + : DECDSA/server1.example_ec.com/server1.example_ec.com.unlocked.key +tls_ocsp_file = DRSA/server1.example.com/server1.example.com.ocsp.good.resp \ + : DECDSA/server1.example_ec.com/server1.example_ec.com.ocsp.good.resp + + + +# ------ ACL ------ + +begin acl + +check_mail: + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +check_recipient: + accept + + +# ----- Routers ----- + +begin routers + +client: + driver = manualroute + condition = ${if !eq {SERVER}{server}} + route_list = * 127.0.0.1 + self = send + transport = remote_delivery + errors_to = "" + +srvr: + driver = accept + retry_use_local_part + transport = local_delivery + + +# ----- Transports ----- + +begin transports + +remote_delivery: + driver = smtp + port = PORT_D + hosts_require_tls = * + tls_require_ciphers = OPT + hosts_require_ocsp = * + tls_verify_certificates = CERT + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# End diff --git a/test/log/5652 b/test/log/5652 new file mode 100644 index 000000000..94946ea61 --- /dev/null +++ b/test/log/5652 @@ -0,0 +1,16 @@ +1999-03-02 09:44:33 1: Server sends good staple on request, to client requiring RSA auth +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => rsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 2: Server sends good staple on request, to client preferring ECDSA auth +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => ecdsa.auth@test.ex R=client T=remote_delivery H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke_ECDSA_AES_256_CBC_SHAnnn:256 CV=no DN="CN=server1.example_ec.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_mail: ocsp in status: 2 (vfynotdone) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (server1.example.com) [127.0.0.1] P=esmtps X=TLS1.x:ke_ECDSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com diff --git a/test/scripts/5650-OCSP-GnuTLS/5652 b/test/scripts/5650-OCSP-GnuTLS/5652 new file mode 100644 index 000000000..4a33ea862 --- /dev/null +++ b/test/scripts/5650-OCSP-GnuTLS/5652 @@ -0,0 +1,37 @@ +# OCSP stapling, server, multiple certs +# +# +# +exim -z '1: Server sends good staple on request, to client requiring RSA auth' +**** +# +exim -bd -oX PORT_D -DSERVER=server +**** +exim -odf \ + -DOPT=NONE:+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 \ + -DCERT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ + rsa.auth@test.ex +Subject: test + +. +**** +killdaemon +# +# +# +# +exim -z '2: Server sends good staple on request, to client preferring ECDSA auth' +**** +# +exim -bd -oX PORT_D -DSERVER=server +**** +exim -odf \ + -DOPT=NONE:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 \ + -DCERT=DIR/aux-fixed/exim-ca/example_ec.com/server1.example_ec.com/ca_chain.pem \ + ecdsa.auth@test.ex +Subject: test + +. +**** +killdaemon +no_msglog_check |