From e5b60be7f6f924ea9730f4829c2eb8d955cb14bf Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 2 Nov 2016 21:25:49 +0000 Subject: Testsuite: replicate testcases for LE OCSP --- test/confs/5610 | 73 ++++++++++++++ test/confs/5611 | 152 +++++++++++++++++++++++++++++ test/log/5610 | 11 +++ test/log/5611 | 46 +++++++++ test/scripts/5600-OCSP-OpenSSL/5610 | 115 ++++++++++++++++++++++ test/scripts/5600-OCSP-OpenSSL/5611 | 77 +++++++++++++++ test/stderr/5610 | 78 +++++++++++++++ test/stdout/5610 | 188 ++++++++++++++++++++++++++++++++++++ 8 files changed, 740 insertions(+) create mode 100644 test/confs/5610 create mode 100644 test/confs/5611 create mode 100644 test/log/5610 create mode 100644 test/log/5611 create mode 100644 test/scripts/5600-OCSP-OpenSSL/5610 create mode 100644 test/scripts/5600-OCSP-OpenSSL/5611 create mode 100644 test/stderr/5610 create mode 100644 test/stdout/5610 diff --git a/test/confs/5610 b/test/confs/5610 new file mode 100644 index 000000000..b65a2797e --- /dev/null +++ b/test/confs/5610 @@ -0,0 +1,73 @@ +# Exim test configuration 5600 +# OCSP stapling, server + +CRL= + +.include DIR/aux-var/tls_conf_prefix + +primary_hostname = server1.example.com + +# ----- Main settings ----- + +acl_smtp_connect = check_connect +acl_smtp_mail = check_mail +acl_smtp_rcpt = check_recipient + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key + +tls_verify_hosts = HOSTIPV4 +tls_try_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/cert2 +tls_crl = CRL +tls_ocsp_file = RETURN + + +# ------ ACL ------ + +begin acl + +check_connect: + accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +check_mail: + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +check_recipient: + deny message = certificate not verified: peerdn=$tls_peerdn + ! verify = certificate + accept + + +# ----- Routers ----- + +begin routers + +abc: + driver = accept + retry_use_local_part + transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# End diff --git a/test/confs/5611 b/test/confs/5611 new file mode 100644 index 000000000..3309870a3 --- /dev/null +++ b/test/confs/5611 @@ -0,0 +1,152 @@ +# Exim test configuration 5601 +# OCSP stapling, client + +SERVER = + +exim_path = EXIM_PATH +keep_environment = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$ +host_lookup_order = bydns +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +chunking_advertise_hosts = +primary_hostname = server1.example.com + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data = check_data + +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} + +#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\ + +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +tls_ocsp_file = RETURN + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + +check_data: + warn condition = ${if def:h_X-TLS-out:} + logwrite = client claims: $h_X-TLS-out: + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{norequire} {2} \ + {${if eq{$local_part}{smtps} {4}{3}}} \ + }}} + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_request_ocsp = : + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +send_to_server2: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * +# note no ocsp mention here + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + +send_to_server4: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/log/5610 b/test/log/5610 new file mode 100644 index 000000000..b2e785562 --- /dev/null +++ b/test/log/5610 @@ -0,0 +1,11 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 acl_mail: ocsp in status: 4 (verified) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 acl_conn: ocsp in status: 0 (notreq) diff --git a/test/log/5611 b/test/log/5611 new file mode 100644 index 000000000..f2a03375b --- /dev/null +++ b/test/log/5611 @@ -0,0 +1,46 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content +1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbE-0005vi-00 Server certificate revoked; reason: superseded +1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 Server OSCP dates invalid +1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 (notresp) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: ocsp status 0 (notreq) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 4 (verified) +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/scripts/5600-OCSP-OpenSSL/5610 b/test/scripts/5600-OCSP-OpenSSL/5610 new file mode 100644 index 000000000..c8668ea38 --- /dev/null +++ b/test/scripts/5600-OCSP-OpenSSL/5610 @@ -0,0 +1,115 @@ +# OCSP stapling, server, LE variation +# +# +# +# '1: Server sends good staple on request' +# +exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +client-ssl \ + -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +mail from: +??? 250 +rcpt to: +??? 250 +quit +??? 221 +**** +killdaemon +# +# +# +# '2: Server does not staple an outdated response' +# +exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +# XXX test sequence might not be quite right; this is for a server refusal +# and we're expecting a client refusal. +client-ssl -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +**** +killdaemon +# +# +# +# +# +# '3: Server does not staple a response for a revoked cert' +# +exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +client-ssl \ + -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +**** +killdaemon +# +# +# +# +# +# '4: Connection functions when server is prepared to staple but client does not request it' +# +exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +# +client-ssl \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +ehlo rhu.barb.tls +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +quit +**** +killdaemon +# +# +# +# +# diff --git a/test/scripts/5600-OCSP-OpenSSL/5611 b/test/scripts/5600-OCSP-OpenSSL/5611 new file mode 100644 index 000000000..248c44219 --- /dev/null +++ b/test/scripts/5600-OCSP-OpenSSL/5611 @@ -0,0 +1,77 @@ +# OCSP stapling, client, LE variation +# +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +**** +exim norequire@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client works when we don't request OCSP stapling +exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim nostaple@test.ex +test message. +**** +millisleep 500 +# +# +# +# +# Client accepts good stapled info +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +sudo rm spool/db/retry +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +millisleep 200 +sudo rm spool/db/retry +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +no_msglog_check diff --git a/test/stderr/5610 b/test/stderr/5610 new file mode 100644 index 000000000..9282f1ea0 --- /dev/null +++ b/test/stderr/5610 @@ -0,0 +1,78 @@ + +******** SERVER ******** +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user +daemon_smtp_port overridden by -oX: + <: 1225 +listening on all interfaces (IPv6) port 1225 +listening on all interfaces (IPv4) port 1225 +pid written to TESTSUITE/spool/exim-daemon.pid +LOG: MAIN + exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID +Listening... +Connection request from ip4.ip4.ip4.ip4 port 51808 +1 SMTP accept process running +Listening... +11402 Process 11402 is handling incoming connection from [ip4.ip4.ip4.ip4] +LOG: MAIN + acl_conn: ocsp in status: 0 (notreq) +Process 11402 is ready for new message +setting SSL CTX options: 0x1100000 +Diffie-Hellman initialized from default with 2048-bit prime +ECDH: curve 'prime256v1' +ECDH: enabled 'prime256v1' curve +tls_certificate file TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey file TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +tls_ocsp_file TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +Initialized TLS +Added 1 certificate authorities. +Calling SSL_accept +SSL info: before/accept initialization +SSL info: before/accept initialization +Received TLS status request (OCSP stapling); have response +SSL info: SSLv3 read client hello A +SSL info: SSLv3 write server hello A +SSL info: SSLv3 write certificate A +SSL info: unknown state +SSL info: SSLv3 write key exchange A +SSL info: SSLv3 write certificate request A +SSL info: SSLv3 flush data +SSL authenticated verify ok: depth=0 SN=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock +SSL info: SSLv3 read client certificate A +SSL info: SSLv3 read client key exchange A +SSL info: SSLv3 read certificate verify A +SSL info: SSLv3 read finished A +SSL info: SSLv3 write session ticket A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL_accept was successful +Cipher: TLSv1:AES256-SHA:256 +Shared ciphers: AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES256-SHA:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES256-SHA:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:DHE-DSS-AES256-SHA:AES256-SHA:AES256-SHA:DHE-DSS-AES256-SHA256:AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA +TLS active +Calling SSL_read(0x970690, 0x981230, 4096) +LOG: MAIN + acl_mail: ocsp in status: 4 (verified) +tls_do_write(0x83cc40, 8) +SSL_write(SSL, 0x83cc40, 8) +outbytes=8 error=0 +Calling SSL_read(0x970690, 0x981230, 4096) +tls_do_write(0x83cc40, 14) +SSL_write(SSL, 0x83cc40, 14) +outbytes=14 error=0 +Calling SSL_read(0x970690, 0x981230, 4096) +tls_do_write(0x83cc40, 44) +SSL_write(SSL, 0x83cc40, 44) +outbytes=44 error=0 +tls_close(): shutting down SSL +SSL info: SSL negotiation finished successfully +LOG: smtp_connection MAIN + SMTP connection from [ip4.ip4.ip4.ip4] closed by QUIT +11398 child 11402 ended: status=0x0 +11398 normal exit, 0 +11398 0 SMTP accept processes now running +11398 Listening... diff --git a/test/stdout/5610 b/test/stdout/5610 new file mode 100644 index 000000000..d2d28dce6 --- /dev/null +++ b/test/stdout/5610 @@ -0,0 +1,188 @@ +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +Response verify OK +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> quit +??? 221 +<<< 221 server1.example.com closing connection +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +no response received +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +no response received +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +>>> ehlo rhu.barb.tls +??? 250- +<<< 250-server1.example.com Hello rhu.barb.tls [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250 +<<< 250 HELP +>>> quit +End of script -- cgit v1.2.3