From 8ac90765750f87c573300b9e953af3d8090cab8b Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 27 Jul 2018 17:56:39 +0100
Subject: Support REQUIRETLS

---
 test/scripts/4500-DKIM/4521           |   6 +-
 test/scripts/5650-OCSP-GnuTLS/5650    |   8 +--
 test/scripts/5910-REQUIRETLS/5910     |  64 +++++++++++++++++
 test/scripts/5910-REQUIRETLS/5911     | 125 ++++++++++++++++++++++++++++++++++
 test/scripts/5910-REQUIRETLS/5912     |  37 ++++++++++
 test/scripts/5910-REQUIRETLS/REQUIRES |   2 +
 6 files changed, 235 insertions(+), 7 deletions(-)
 create mode 100644 test/scripts/5910-REQUIRETLS/5910
 create mode 100644 test/scripts/5910-REQUIRETLS/5911
 create mode 100644 test/scripts/5910-REQUIRETLS/5912
 create mode 100644 test/scripts/5910-REQUIRETLS/REQUIRES

(limited to 'test/scripts')

diff --git a/test/scripts/4500-DKIM/4521 b/test/scripts/4500-DKIM/4521
index 7b341521f..3a78b020d 100644
--- a/test/scripts/4500-DKIM/4521
+++ b/test/scripts/4500-DKIM/4521
@@ -1,10 +1,10 @@
-# DKIM signing, with CHUNKING, stdin
+# DKIM signing, with CHUNKING
 #
 exim -bd -DSERVER=server -oX PORT_S
 ****
 #
 # single header signed, short message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
+exim -DSRV=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
 From: nobody@example.com
 From: second@example.com
 
@@ -12,7 +12,7 @@ content
 ****
 #
 # single header signed, long message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
+exim -DSRV=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
 From: nobody@example.com
 From: second@example.com
 
diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index f67111424..78c0afd61 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -6,7 +6,7 @@ exim -z '1: Server sends good staple on request'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
 ****
 client-gnutls \
  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@ -36,7 +36,7 @@ exim -z '2: Server does not staple an outdated response'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
 ****
 # XXX test sequence might not be quite right; this is for a server refusal
 # and we're expecting a client refusal.
@@ -62,7 +62,7 @@ exim -z '3: Server does not staple a response for a revoked cert'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
 ****
 client-gnutls \
  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@ -88,7 +88,7 @@ exim -z '4: Connection functions when server is prepared to staple but client do
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
 ****
 #
 client-gnutls \
diff --git a/test/scripts/5910-REQUIRETLS/5910 b/test/scripts/5910-REQUIRETLS/5910
new file mode 100644
index 000000000..d1bbb61cb
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5910
@@ -0,0 +1,64 @@
+# REQUIRETLS basics
+#
+munge tls_anycipher
+#
+# Server advertises feature, onward transmission, observability
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+client-ssl 127.0.0.1 PORT_D
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+STARTTLS
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-REQUIRETLS
+??? 250 HELP
+MAIL FROM:<a@test.ex> REQUIRETLS
+??? 250
+RCPT TO:<dump@test.ex>
+??? 250
+DATA
+??? 354
+Subject: foo
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+#
+exim -q
+****
+exim -q
+****
+#
+#
+# upgrade in-MTA
+exim -DOPT=y -bs
+MAIL FROM:<a@test.ex>
+RCPT TO:<b@test.ex>
+DATA
+Subject: foo
+
+content 
+.
+QUIT
+****
+#
+exim -q
+****
+#
+killdaemon
+no_msglog_check
diff --git a/test/scripts/5910-REQUIRETLS/5911 b/test/scripts/5910-REQUIRETLS/5911
new file mode 100644
index 000000000..c744d8ab5
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5911
@@ -0,0 +1,125 @@
+# REQUIRETLS bounce cases
+#
+munge tls_anycipher
+#
+# Server does not offer STARTTLS
+server PORT_D
+220 Hi there
+EHLO
+250 wotcher
+QUIT
+*eof
+****
+exim -DOPT=requiretls -odf -bs
+MAIL FROM:<a@test.ex>
+RCPT TO:<a@test.ex>
+DATA
+
+.
+QUIT
+****
+# ... the resulting bounce must be delivered with REQUIRETLS
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server does not offer REQUIRETLS
+# Client message upgraded in-MTA for "require"
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -DOPT=requiretls -odf -bs
+MAIL FROM:<b@test.ex>
+RCPT TO:<b@test.ex>
+DATA
+
+.
+QUIT
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server does not offer REQUIRETLS
+# Client message received with REQUIRETLS
+exim -DSERVER=server -bd -oX PORT_S
+****
+client-ssl 127.0.0.1 PORT_S
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+STARTTLS
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-REQUIRETLS
+??? 250 HELP
+MAIL FROM:<b@test.ex> REQUIRETLS
+??? 250
+RCPT TO:<d@test.ex>
+??? 250
+DATA
+??? 354
+Subject: foo
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server refuses MAIL
+exim -DSERVER=server -bd -oX PORT_D
+****
+sudo exim -DOPT=requiretls -odf -f a@serverrefusethis.ex c@test.ex
+
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+# Server does not advertise REQUIRETLS, client tries to use it anyway
+exim -DSERVER=server -bd -oX PORT_D
+****
+client-ssl 127.0.0.1 PORT_D
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+MAIL FROM:<d@test.ex> REQUIRETLS
+??? 555
+QUIT
+??? 221
+???*eof
+****
+killdaemon
+no_msglog_check
diff --git a/test/scripts/5910-REQUIRETLS/5912 b/test/scripts/5910-REQUIRETLS/5912
new file mode 100644
index 000000000..87fe85e5b
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5912
@@ -0,0 +1,37 @@
+# REQUIRETLS smtp-time fails
+# Test these by having the MTA do a receipient-verify callout
+#
+# Server does not offer STARTTLS
+server PORT_D
+220 Hi there
+EHLO
+250 wotcher
+QUIT
+*eof
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<a@test.ex>
+QUIT
+****
+#
+# Sever does not offer REQUIRETLS
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<b@test.ex>
+QUIT
+****
+killdaemon
+#
+# Accepted callout
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<c@test.ex>
+QUIT
+****
+killdaemon
+#
diff --git a/test/scripts/5910-REQUIRETLS/REQUIRES b/test/scripts/5910-REQUIRETLS/REQUIRES
new file mode 100644
index 000000000..963233532
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/REQUIRES
@@ -0,0 +1,2 @@
+support Experimental_REQUIRETLS
+running IPv4
-- 
cgit v1.2.3