diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/confs/5880 | 78 | ||||
-rw-r--r-- | test/log/5880 | 42 | ||||
-rw-r--r-- | test/scripts/5860-DANE-OpenSSL-events/5860 | 2 | ||||
-rw-r--r-- | test/scripts/5880-DANE-GnuTLS-events/5880 | 30 | ||||
-rw-r--r-- | test/scripts/5880-DANE-GnuTLS-events/REQUIRES | 4 |
5 files changed, 155 insertions, 1 deletions
diff --git a/test/confs/5880 b/test/confs/5880 new file mode 100644 index 000000000..4becdd423 --- /dev/null +++ b/test/confs/5880 @@ -0,0 +1,78 @@ +# Exim test configuration 5880 +# DANE + +SERVER= + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +received_recipients +tls_peerdn +tls_certificate_verified + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +# Set certificate only if server +CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com + +tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail} +tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail} + + +begin acl + +logger: + accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} + logwrite = $event_name depth = $event_data \ + <${certextract {subject} {$tls_out_peercert}}> +# message = noooo + + accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} + logwrite = $event_name dane=$tls_out_dane + accept + +# ----- Routers ----- + +begin routers + +client: + driver = dnslookup + condition = ${if eq {SERVER}{}} + dnssec_request_domains = * + self = send + transport = send_to_server + +server: + driver = redirect + data = :blackhole: + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + port = PORT_D + +# hosts_try_dane = * + hosts_require_dane = * + + # required for TA-mode testing + tls_verify_certificates = CDIR2/ca_chain.pem +.ifdef _HAVE_OCSP + hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ + {= {0}{$tls_out_tlsa_usage}} } \ + {*}{}} +.endif + + event_action = ${acl {logger}} + +# End diff --git a/test/log/5880 b/test/log/5880 new file mode 100644 index 000000000..9d4b56dd5 --- /dev/null +++ b/test/log/5880 @@ -0,0 +1,42 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa> +1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa> +1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery dane=yes +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa> +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa> +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery dane=yes +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@mxdane256ta.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 2 <O=example.com,CN=clica CA rsa> +1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 1 <O=example.com,CN=clica Signing Cert rsa> +1999-03-02 09:44:33 10HmbB-0005vi-00 tls:cert depth = 0 <CN=server1.example.com> +1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@mxdane256ta.test.ex R=client T=send_to_server H=dane256ta.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 msg:delivery dane=yes +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke_RSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@mxdane256ta.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@mxdane256ta.test.ex> R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/scripts/5860-DANE-OpenSSL-events/5860 b/test/scripts/5860-DANE-OpenSSL-events/5860 index 730c40f49..baf48c895 100644 --- a/test/scripts/5860-DANE-OpenSSL-events/5860 +++ b/test/scripts/5860-DANE-OpenSSL-events/5860 @@ -1,4 +1,4 @@ -# DANE client: events +# DANE client, OpenSSL: events # exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D **** diff --git a/test/scripts/5880-DANE-GnuTLS-events/5880 b/test/scripts/5880-DANE-GnuTLS-events/5880 new file mode 100644 index 000000000..9efd00c96 --- /dev/null +++ b/test/scripts/5880-DANE-GnuTLS-events/5880 @@ -0,0 +1,30 @@ +# DANE client, GnuTLS: events +# +exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D +**** +# TLSA (3 1 1) +exim CALLER@dane256ee.test.ex +Testing +**** +# TLSA (3 1 2) +exim CALLER@mxdane512ee.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf +**** +# +# +exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D +**** +# TLSA (2 0 1) +exim CALLER@mxdane256ta.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf +**** diff --git a/test/scripts/5880-DANE-GnuTLS-events/REQUIRES b/test/scripts/5880-DANE-GnuTLS-events/REQUIRES new file mode 100644 index 000000000..39c50e405 --- /dev/null +++ b/test/scripts/5880-DANE-GnuTLS-events/REQUIRES @@ -0,0 +1,4 @@ +support DANE +support Event +support GnuTLS +running IPv4 |