From a320fabd09f43c02c869c90a5a5a70a49dd77f89 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 6 Nov 2014 21:22:18 +0000
Subject: EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match
 host connected-to, not be list of acceptable names.  The name checked is the
 host name.

---
 test/scripts/5450-certnames-OpenSSL/5450 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'test/scripts/5450-certnames-OpenSSL')

diff --git a/test/scripts/5450-certnames-OpenSSL/5450 b/test/scripts/5450-certnames-OpenSSL/5450
index c94d1a5b2..5359096b1 100644
--- a/test/scripts/5450-certnames-OpenSSL/5450
+++ b/test/scripts/5450-certnames-OpenSSL/5450
@@ -1,12 +1,15 @@
-# TLS client: verify certificate from server - fails
+# TLS client: verify certificate from server - name-fails
 exim -DSERVER=server -bd -oX PORT_D
 ****
+# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted
 exim userq@test.ex
 Testing
 ****
+# this will fail to verify the cert name and fallback to unencrypted
 exim userr@test.ex
 Testing
 ****
+# this will pass the cert verify including name check
 exim users@test.ex
 Testing
 ****
-- 
cgit v1.2.3