From 570cb1bdbc6ea378b2dcaf6ebabb45a5610ed1ef Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 17 Sep 2018 16:28:58 +0100 Subject: DANE: fix TA-mode verify under GnuTLS. Bug 2311 --- test/confs/5820 | 2 +- test/confs/5822 | 67 --------------------------------------------------------- test/confs/5840 | 2 +- test/confs/5842 | 64 ------------------------------------------------------ 4 files changed, 2 insertions(+), 133 deletions(-) delete mode 100644 test/confs/5822 delete mode 100644 test/confs/5842 (limited to 'test/confs') diff --git a/test/confs/5820 b/test/confs/5820 index 72402881a..bcb1a8f34 100644 --- a/test/confs/5820 +++ b/test/confs/5820 @@ -70,7 +70,7 @@ send_to_server: hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = CDIR2/ca_chain.pem + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} diff --git a/test/confs/5822 b/test/confs/5822 deleted file mode 100644 index 80a8ef43b..000000000 --- a/test/confs/5822 +++ /dev/null @@ -1,67 +0,0 @@ -# Exim test configuration 5822 -# DANE/GnuTLS - -SERVER= - -.include DIR/aux-var/tls_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept logwrite = "rcpt ACL" - -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified - -queue_run_in_order - -tls_advertise_hosts = * -# needed to force generation -tls_dhparam = historic - -tls_certificate = ${if eq {SERVER}{server} {DIR/aux-fixed/cert1} fail} - -# ----- Routers ----- - -begin routers - -client: - driver = dnslookup - condition = ${if eq {SERVER}{}} - dnssec_request_domains = * - self = send - transport = send_to_server - errors_to = "" - -server: - driver = redirect - condition = ${if !eq {SERVER}{}} - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - port = PORT_D - - hosts_try_dane = * - hosts_require_dane = HOSTIPV4 - tls_verify_cert_hostnames = : - tls_try_verify_hosts = thishost.test.ex -# tls_verify_certificates = CDIR2/ca_chain.pem - - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/confs/5840 b/test/confs/5840 index 754945d6e..407846a8a 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -75,7 +75,7 @@ send_to_server: hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = CDIR2/ca_chain.pem + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} diff --git a/test/confs/5842 b/test/confs/5842 deleted file mode 100644 index be45e847c..000000000 --- a/test/confs/5842 +++ /dev/null @@ -1,64 +0,0 @@ -# Exim test configuration 5822 -# DANE/OpenSSL - -SERVER= - -.include DIR/aux-var/tls_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept logwrite = "rcpt ACL" - -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified - -queue_run_in_order - -tls_advertise_hosts = * - -tls_certificate = ${if eq {SERVER}{server} {DIR/aux-fixed/cert1} fail} - -# ----- Routers ----- - -begin routers - -client: - driver = dnslookup - condition = ${if eq {SERVER}{}} - dnssec_request_domains = * - self = send - transport = send_to_server - errors_to = "" - -server: - driver = redirect - data = :blackhole: - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - port = PORT_D - - hosts_try_dane = * - hosts_require_dane = HOSTIPV4 - tls_verify_cert_hostnames = : - tls_try_verify_hosts = thishost.test.ex -# tls_verify_certificates = CDIR2/ca_chain.pem - - - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End -- cgit v1.2.3