From 4b4a0e99e3329ce10b2bf1bbaae91836a4a20e3d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 10 Nov 2015 19:01:58 +0000 Subject: Testsuite: reorder for dependencies; rename TPDA to events --- test/confs/5720 | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 test/confs/5720 (limited to 'test/confs/5720') diff --git a/test/confs/5720 b/test/confs/5720 new file mode 100644 index 000000000..e2ef60bdd --- /dev/null +++ b/test/confs/5720 @@ -0,0 +1,119 @@ +# Exim test configuration 5720 (dup of 5710) +# $tls_out_peercert - OpenSSL + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +timezone = UTC + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key + +tls_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem + +event_action = ${acl {server_cert_log}} + +# + +begin acl + +server_cert_log: + accept condition = ${if eq {tls:cert}{$event_name}} + logwrite = [$sender_host_address] \ + depth=$event_data \ + ${certextract{subject}{$tls_in_peercert}} + accept + +ev_tls: + accept logwrite = $event_name depth=$event_data \ + <${certextract {subject} {$tls_out_peercert}}> +# message = nooooo + +ev_msg: + warn logwrite = $acl_arg1 $local_part + warn logwrite = ${if !def:tls_out_ourcert \ + {NO CLIENT CERT presented} \ + {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} + accept condition = ${if !def:tls_out_peercert} + logwrite = No Peer cert + accept logwrite = Peer cert: + logwrite = ver <${certextract {version} {$tls_out_peercert}}> + logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}> + logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> + logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> + logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> + logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> + logwrite = SG <${certextract {signature} {$tls_out_peercert}}> + logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}} + logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} + logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} + +logger: + accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} + acl = ev_msg $event_name $acl_arg2 + accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} + message = ${acl {ev_tls}} + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + + tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem + tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key + + tls_verify_certificates = DIR/aux-fixed/exim-ca/\ + ${if eq {$local_part}{good}\ +{example.com/server1.example.com/ca_chain.pem}\ +{example.net/server1.example.net/ca_chain.pem}} + tls_verify_cert_hostnames = + tls_try_verify_hosts = + + event_action = ${acl {logger} {$event_name} {$domain} } + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End -- cgit v1.2.3