summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/confs/11024
-rw-r--r--test/log/11022
-rw-r--r--test/scripts/1100-Basic-TLS/110219
-rw-r--r--test/src/client.c4
-rw-r--r--test/stdout/11024
5 files changed, 20 insertions, 13 deletions
diff --git a/test/confs/1102 b/test/confs/1102
index 2bab6e804..23afc36ee 100644
--- a/test/confs/1102
+++ b/test/confs/1102
@@ -9,7 +9,9 @@ primary_hostname = myhost.test.ex
tls_advertise_hosts = *
tls_certificate = DIR/tmp/certs/servercert
-tls_privatekey = DIR/tmp/certs/serverkey
+tls_privatekey = DIR/tmp/certs/serverkey
+tls_ocsp_file = DIR/tmp/certs/ocsp_proof
+
#tls_verify_certificates = DIR/aux-fixed/cert2
tls_verify_certificates = system,cache
diff --git a/test/log/1102 b/test/log/1102
index 9bbca1052..89933f709 100644
--- a/test/log/1102
+++ b/test/log/1102
@@ -1,5 +1,5 @@
******** SERVER ********
2017-07-30 18:51:05.712 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
-2017-07-30 18:51:05.712 server cert: CN=Phil Pennock
2017-07-30 18:51:05.712 server cert: CN=server1.example.com
+2017-07-30 18:51:05.712 server cert: CN=server1.example.net
diff --git a/test/scripts/1100-Basic-TLS/1102 b/test/scripts/1100-Basic-TLS/1102
index 862d26a6e..285b3be09 100644
--- a/test/scripts/1100-Basic-TLS/1102
+++ b/test/scripts/1100-Basic-TLS/1102
@@ -2,13 +2,14 @@
#
#
mkdir -p DIR/tmp/certs
-cp DIR/aux-fixed/cert1 DIR/tmp/certs/servercert
-cp DIR/aux-fixed/cert1 DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof
#
#exim -d-all+tls+receive+timestamp -DSERVER=server -bd -oX PORT_D
exim -DSERVER=server -bd -oX PORT_D
****
-client-anytls 127.0.0.1 PORT_D
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D
??? 220
EHLO rhu.barb
????250
@@ -24,12 +25,14 @@ QUIT
??? 221
****
sleep 1
-# Now overwrite the cert. key?
-cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert
-cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey
-# The watch mech waits 5 sec after the last trigger, so give that time to expire the send another message
+# Now overwrite the cert
+# XXX using server2.com fails here, on the ocsp verify. Why?
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof
+# The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message
sleep 7
-client-anytls 127.0.0.1 PORT_D
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D
??? 220
EHLO rhu.barb
????250
diff --git a/test/src/client.c b/test/src/client.c
index 9beaf25bb..29712bb5e 100644
--- a/test/src/client.c
+++ b/test/src/client.c
@@ -802,6 +802,8 @@ nextinput:
}
fflush(stdout);
}
+ else
+ printf("Succeeded in starting TLS (with OCSP)\n");
#endif
}
#endif
@@ -1341,7 +1343,7 @@ if (tls_on_connect)
printf("Failed to verify certificate status\n");
#endif
else
- printf("Succeeded in starting TLS\n");
+ printf("Succeeded in starting TLS%s\n", ocsp_stapling ? " (with OCSP)":"");
}
#endif
diff --git a/test/stdout/1102 b/test/stdout/1102
index 0e9c0b366..908c37d34 100644
--- a/test/stdout/1102
+++ b/test/stdout/1102
@@ -7,7 +7,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> EHLO rhu.barb
????250
>>> MAIL FROM:<>
@@ -29,7 +29,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-Succeeded in starting TLS
+Succeeded in starting TLS (with OCSP)
>>> EHLO rhu.barb
????250
>>> MAIL FROM:<>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 09:14:05 +0000