From cf2600498039d312e564e9b58cb28691b3fd36e1 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 30 Mar 2018 15:50:35 +0100
Subject: Testcases for dane_require_tls_ciphers

---
 test/confs/5821 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 test/confs/5821

(limited to 'test/confs/5821')

diff --git a/test/confs/5821 b/test/confs/5821
new file mode 100644
index 000000000..db2dc19d2
--- /dev/null
+++ b/test/confs/5821
@@ -0,0 +1,61 @@
+# Exim test configuration 5821
+# DANE/OpenSSL - ciphers option
+
+SERVER=
+OPT=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+
+log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
+tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+
+# Permit two specific ciphers
+tls_require_ciphers = NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL
+
+# ----- Routers -----
+begin routers
+
+client:
+  driver =		dnslookup
+  condition =		${if eq {SERVER}{}}
+  dnssec_request_domains = *
+  self =		send
+  transport =		send_to_server
+  errors_to =		""
+
+server:
+  driver =		redirect
+  data =		:blackhole:
+
+# ----- Transports -----
+begin transports
+
+send_to_server:
+  driver =			smtp
+  allow_localhost
+  port =			PORT_D
+  hosts_try_dane =		*
+  tls_verify_certificates =	CDIR2/ca_chain.pem
+
+  # Some commonly-available cipher, we hope
+  tls_require_ciphers =		NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL
+  dane_require_tls_ciphers =	OPT
+
+# ----- Retry -----
+begin retry
+* * F,5d,10s
+
+# End
-- 
cgit v1.2.3