From 4b4a0e99e3329ce10b2bf1bbaae91836a4a20e3d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 10 Nov 2015 19:01:58 +0000 Subject: Testsuite: reorder for dependencies; rename TPDA to events --- test/confs/5608 | 157 ------------------------ test/confs/5658 | 162 ------------------------- test/confs/5710 | 119 ++++++++++++++++++ test/confs/5720 | 119 ++++++++++++++++++ test/confs/5730 | 162 +++++++++++++++++++++++++ test/confs/5740 | 157 ++++++++++++++++++++++++ test/confs/5750 | 119 ------------------ test/confs/5760 | 119 ------------------ test/log/5608 | 60 --------- test/log/5658 | 57 --------- test/log/5710 | 52 ++++++++ test/log/5720 | 57 +++++++++ test/log/5730 | 57 +++++++++ test/log/5740 | 60 +++++++++ test/log/5750 | 52 -------- test/log/5760 | 57 --------- test/scripts/5608-OCSP-OpenSSL-TPDA/5608 | 84 ------------- test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES | 4 - test/scripts/5658-OCSP-GnuTLS-TPDA/5658 | 84 ------------- test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES | 4 - test/scripts/5700-events/5700 | 94 ++++++++++++++ test/scripts/5700-events/REQUIRES | 1 + test/scripts/5700-tpt-post-dlv-action/5700 | 94 -------------- test/scripts/5700-tpt-post-dlv-action/REQUIRES | 1 - test/scripts/5710-GnuTLS-events/5710 | 13 ++ test/scripts/5710-GnuTLS-events/REQUIRES | 2 + test/scripts/5720-OpenSSL-events/5720 | 13 ++ test/scripts/5720-OpenSSL-events/REQUIRES | 2 + test/scripts/5730-OCSP-GnuTLS-events/5730 | 84 +++++++++++++ test/scripts/5730-OCSP-GnuTLS-events/REQUIRES | 4 + test/scripts/5740-OCSP-OpenSSL-events/5740 | 84 +++++++++++++ test/scripts/5740-OCSP-OpenSSL-events/REQUIRES | 4 + test/scripts/5750-GnuTLS-TPDA/5750 | 13 -- test/scripts/5750-GnuTLS-TPDA/REQUIRES | 2 - test/scripts/5760-OpenSSL-TPDA/5760 | 13 -- test/scripts/5760-OpenSSL-TPDA/REQUIRES | 2 - test/scripts/5860-DANE-OpenSSL-TPDA/5860 | 30 ----- test/scripts/5860-DANE-OpenSSL-TPDA/REQUIRES | 4 - test/scripts/5860-DANE-OpenSSL-events/5860 | 30 +++++ test/scripts/5860-DANE-OpenSSL-events/REQUIRES | 4 + 40 files changed, 1118 insertions(+), 1118 deletions(-) delete mode 100644 test/confs/5608 delete mode 100644 test/confs/5658 create mode 100644 test/confs/5710 create mode 100644 test/confs/5720 create mode 100644 test/confs/5730 create mode 100644 test/confs/5740 delete mode 100644 test/confs/5750 delete mode 100644 test/confs/5760 delete mode 100644 test/log/5608 delete mode 100644 test/log/5658 create mode 100644 test/log/5710 create mode 100644 test/log/5720 create mode 100644 test/log/5730 create mode 100644 test/log/5740 delete mode 100644 test/log/5750 delete mode 100644 test/log/5760 delete mode 100644 test/scripts/5608-OCSP-OpenSSL-TPDA/5608 delete mode 100644 test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES delete mode 100644 test/scripts/5658-OCSP-GnuTLS-TPDA/5658 delete mode 100644 test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES create mode 100644 test/scripts/5700-events/5700 create mode 100644 test/scripts/5700-events/REQUIRES delete mode 100644 test/scripts/5700-tpt-post-dlv-action/5700 delete mode 100644 test/scripts/5700-tpt-post-dlv-action/REQUIRES create mode 100644 test/scripts/5710-GnuTLS-events/5710 create mode 100644 test/scripts/5710-GnuTLS-events/REQUIRES create mode 100644 test/scripts/5720-OpenSSL-events/5720 create mode 100644 test/scripts/5720-OpenSSL-events/REQUIRES create mode 100644 test/scripts/5730-OCSP-GnuTLS-events/5730 create mode 100644 test/scripts/5730-OCSP-GnuTLS-events/REQUIRES create mode 100644 test/scripts/5740-OCSP-OpenSSL-events/5740 create mode 100644 test/scripts/5740-OCSP-OpenSSL-events/REQUIRES delete mode 100644 test/scripts/5750-GnuTLS-TPDA/5750 delete mode 100644 test/scripts/5750-GnuTLS-TPDA/REQUIRES delete mode 100644 test/scripts/5760-OpenSSL-TPDA/5760 delete mode 100644 test/scripts/5760-OpenSSL-TPDA/REQUIRES delete mode 100644 test/scripts/5860-DANE-OpenSSL-TPDA/5860 delete mode 100644 test/scripts/5860-DANE-OpenSSL-TPDA/REQUIRES create mode 100644 test/scripts/5860-DANE-OpenSSL-events/5860 create mode 100644 test/scripts/5860-DANE-OpenSSL-events/REQUIRES (limited to 'test') diff --git a/test/confs/5608 b/test/confs/5608 deleted file mode 100644 index 311cc1299..000000000 --- a/test/confs/5608 +++ /dev/null @@ -1,157 +0,0 @@ -# Exim test configuration 5608 -# OCSP stapling, client, events - -SERVER = - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = server1.example.com -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME - - -# ----- Main settings ----- - -domainlist local_domains = test.ex : *.test.ex - -acl_smtp_rcpt = check_recipient -acl_smtp_data = check_data - -log_selector = +tls_peerdn -remote_max_parallel = 1 - -tls_advertise_hosts = * - -# Set certificate only if server - -tls_certificate = ${if eq {SERVER}{server}\ -{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ -fail\ -} - -#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\ - -tls_privatekey = ${if eq {SERVER}{server}\ -{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ -fail} - -tls_ocsp_file = OCSP - - -# ------ ACL ------ - -begin acl - -check_recipient: - accept domains = +local_domains - deny message = relay not permitted - -check_data: - warn condition = ${if def:h_X-TLS-out:} - logwrite = client claims: $h_X-TLS-out: - accept - -logger: - accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}} - warn logwrite = client ocsp status: $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - accept - -# ----- Routers ----- - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - retry_use_local_part - transport = send_to_server${if eq{$local_part}{nostaple}{1} \ - {${if eq{$local_part}{norequire} {2} \ - {${if eq{$local_part}{smtps} {4}{3}}} \ - }}} - -server: - driver = redirect - data = :blackhole: - #retry_use_local_part - #transport = local_delivery - - -# ----- Transports ----- - -begin transports - -local_delivery: - driver = appendfile - file = DIR/test-mail/$local_part - headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn - user = CALLER - -# nostaple: deliberately do not request cert-status -send_to_server1: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - hosts_require_tls = * - hosts_request_ocsp = : - headers_add = X-TLS-out: ocsp status $tls_out_ocsp - event_action = ${acl {logger}} - -# norequire: request stapling but do not verify -send_to_server2: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - hosts_require_tls = * -# note no ocsp mention here - headers_add = X-TLS-out: ocsp status $tls_out_ocsp - event_action = ${acl {logger}} - -# (any other name): request and verify -send_to_server3: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - helo_data = helo.data.changed - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - hosts_require_tls = * - hosts_require_ocsp = * - headers_add = X-TLS-out: ocsp status $tls_out_ocsp - event_action = ${acl {logger}} - -# (any other name): request and verify, ssl-on-connect -send_to_server4: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - helo_data = helo.data.changed - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - protocol = smtps - hosts_require_tls = * - hosts_require_ocsp = * - headers_add = X-TLS-out: ocsp status $tls_out_ocsp - event_action = ${acl {logger}} - - -# ----- Retry ----- - - -begin retry - -* * F,5d,1s - - -# End diff --git a/test/confs/5658 b/test/confs/5658 deleted file mode 100644 index 10938e1f9..000000000 --- a/test/confs/5658 +++ /dev/null @@ -1,162 +0,0 @@ -# Exim test configuration 5658 -# OCSP stapling, client, events - -SERVER = - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = server1.example.com -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME - - -# ----- Main settings ----- - -domainlist local_domains = test.ex : *.test.ex - -acl_smtp_rcpt = check_recipient -acl_smtp_data = check_data - -log_selector = +tls_peerdn -remote_max_parallel = 1 - -tls_advertise_hosts = * - -# Set certificate only if server -tls_certificate = ${if eq {SERVER}{server}\ -{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ -fail\ -} -tls_privatekey = ${if eq {SERVER}{server}\ -{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ -fail} - -# from cmdline define -tls_ocsp_file = OCSP - - -# ------ ACL ------ - -begin acl - -check_recipient: - accept domains = +local_domains - deny message = relay not permitted - -check_data: - warn condition = ${if def:h_X-TLS-out:} - logwrite = client claims: $h_X-TLS-out: - accept - -logger: - accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}} - warn logwrite = client ocsp status: $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - accept - - -# ----- Routers ----- - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - retry_use_local_part - transport = send_to_server${if eq{$local_part}{nostaple}{1} \ - {${if eq{$local_part}{norequire} {2} \ - {${if eq{$local_part}{smtps} {4}{3}}} \ - }}} - -server: - driver = redirect - data = :blackhole: - #retry_use_local_part - #transport = local_delivery - - -# ----- Transports ----- - -begin transports - -local_delivery: - driver = appendfile - file = DIR/test-mail/$local_part - headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn - user = CALLER - -send_to_server1: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - hosts_require_tls = * - hosts_request_ocsp = : - headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - event_action = ${acl {logger}} - -send_to_server2: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - hosts_require_tls = * -# note no ocsp mention here - headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - event_action = ${acl {logger}} - -send_to_server3: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - helo_data = helo.data.changed - #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_try_verify_hosts = - tls_verify_cert_hostnames = - hosts_require_tls = * - hosts_require_ocsp = * - headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - event_action = ${acl {logger}} - -send_to_server4: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - helo_data = helo.data.changed - #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem - tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem - tls_verify_cert_hostnames = - protocol = smtps - hosts_require_tls = * - hosts_require_ocsp = * - headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ - (${listextract {${eval:$tls_out_ocsp+1}} \ - {notreq:notresp:vfynotdone:failed:verified}}) - event_action = ${acl {logger}} - - -# ----- Retry ----- - - -begin retry - -* * F,5d,1s - - -# End diff --git a/test/confs/5710 b/test/confs/5710 new file mode 100644 index 000000000..354d3935b --- /dev/null +++ b/test/confs/5710 @@ -0,0 +1,119 @@ +# Exim test configuration 5710 (dup of 5720) +# $tls_out_peercert - GnuTLS + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +timezone = UTC + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key + +tls_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem + +event_action = ${acl {server_cert_log}} + +# + +begin acl + +server_cert_log: + accept condition = ${if eq {tls:cert}{$event_name}} + logwrite = [$sender_host_address] \ + depth=$event_data \ + ${certextract{subject}{$tls_in_peercert}} + accept + +ev_tls: + accept logwrite = $event_name depth=$event_data \ + <${certextract {subject} {$tls_out_peercert}}> +# message = noooo + +ev_msg: + warn logwrite = $acl_arg1 $local_part + warn logwrite = ${if !def:tls_out_ourcert \ + {NO CLIENT CERT presented} \ + {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} + accept condition = ${if !def:tls_out_peercert} + logwrite = No Peer cert + accept logwrite = Peer cert: + logwrite = ver <${certextract {version} {$tls_out_peercert}}> + logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> + logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> + logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> + logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> + logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> + logwrite = SG <${certextract {signature} {$tls_out_peercert}}> + logwrite = ${certextract {subj_altname} {$tls_out_peercert}{SAN <$value>}{(no SAN)}} +# logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} + logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} + +logger: + accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} + acl = ev_msg $event_name $acl_arg2 + accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} + message = ${acl {ev_tls}} + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + + tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem + tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key + + tls_verify_certificates = DIR/aux-fixed/exim-ca/\ + ${if eq {$local_part}{good}\ +{example.com/server1.example.com/ca_chain.pem}\ +{example.net/server1.example.net/ca_chain.pem}} + tls_try_verify_hosts = + tls_verify_cert_hostnames = + + event_action = ${acl {logger} {$event_name} {$domain} } + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/5720 b/test/confs/5720 new file mode 100644 index 000000000..e2ef60bdd --- /dev/null +++ b/test/confs/5720 @@ -0,0 +1,119 @@ +# Exim test configuration 5720 (dup of 5710) +# $tls_out_peercert - OpenSSL + +SERVER= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +timezone = UTC + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key + +tls_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem + +event_action = ${acl {server_cert_log}} + +# + +begin acl + +server_cert_log: + accept condition = ${if eq {tls:cert}{$event_name}} + logwrite = [$sender_host_address] \ + depth=$event_data \ + ${certextract{subject}{$tls_in_peercert}} + accept + +ev_tls: + accept logwrite = $event_name depth=$event_data \ + <${certextract {subject} {$tls_out_peercert}}> +# message = nooooo + +ev_msg: + warn logwrite = $acl_arg1 $local_part + warn logwrite = ${if !def:tls_out_ourcert \ + {NO CLIENT CERT presented} \ + {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} + accept condition = ${if !def:tls_out_peercert} + logwrite = No Peer cert + accept logwrite = Peer cert: + logwrite = ver <${certextract {version} {$tls_out_peercert}}> + logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}> + logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> + logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> + logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> + logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> + logwrite = SG <${certextract {signature} {$tls_out_peercert}}> + logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}} + logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} + logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} + +logger: + accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} + acl = ev_msg $event_name $acl_arg2 + accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} + message = ${acl {ev_tls}} + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server + + +# ----- Transports ----- + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + + tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem + tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key + + tls_verify_certificates = DIR/aux-fixed/exim-ca/\ + ${if eq {$local_part}{good}\ +{example.com/server1.example.com/ca_chain.pem}\ +{example.net/server1.example.net/ca_chain.pem}} + tls_verify_cert_hostnames = + tls_try_verify_hosts = + + event_action = ${acl {logger} {$event_name} {$domain} } + +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + + +# End diff --git a/test/confs/5730 b/test/confs/5730 new file mode 100644 index 000000000..7ed8ad4b7 --- /dev/null +++ b/test/confs/5730 @@ -0,0 +1,162 @@ +# Exim test configuration 5730 +# OCSP stapling, client, events + +SERVER = + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data = check_data + +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +# from cmdline define +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + +check_data: + warn condition = ${if def:h_X-TLS-out:} + logwrite = client claims: $h_X-TLS-out: + accept + +logger: + accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}} + warn logwrite = client ocsp status: $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + accept + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{norequire} {2} \ + {${if eq{$local_part}{smtps} {4}{3}}} \ + }}} + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_request_ocsp = : + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + event_action = ${acl {logger}} + +send_to_server2: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * +# note no ocsp mention here + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + event_action = ${acl {logger}} + +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_try_verify_hosts = + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + event_action = ${acl {logger}} + +send_to_server4: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: OCSP status $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + event_action = ${acl {logger}} + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/confs/5740 b/test/confs/5740 new file mode 100644 index 000000000..e20a8b601 --- /dev/null +++ b/test/confs/5740 @@ -0,0 +1,157 @@ +# Exim test configuration 5740 +# OCSP stapling, client, events + +SERVER = + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data = check_data + +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} + +#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\ + +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + +check_data: + warn condition = ${if def:h_X-TLS-out:} + logwrite = client claims: $h_X-TLS-out: + accept + +logger: + accept condition = ${if !eq {msg} {${listextract{1}{$event_name}}}} + warn logwrite = client ocsp status: $tls_out_ocsp \ + (${listextract {${eval:$tls_out_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) + accept + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{norequire} {2} \ + {${if eq{$local_part}{smtps} {4}{3}}} \ + }}} + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# nostaple: deliberately do not request cert-status +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_request_ocsp = : + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + event_action = ${acl {logger}} + +# norequire: request stapling but do not verify +send_to_server2: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * +# note no ocsp mention here + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + event_action = ${acl {logger}} + +# (any other name): request and verify +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + event_action = ${acl {logger}} + +# (any other name): request and verify, ssl-on-connect +send_to_server4: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + tls_verify_cert_hostnames = + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + headers_add = X-TLS-out: ocsp status $tls_out_ocsp + event_action = ${acl {logger}} + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/confs/5750 b/test/confs/5750 deleted file mode 100644 index 13ee1498f..000000000 --- a/test/confs/5750 +++ /dev/null @@ -1,119 +0,0 @@ -# Exim test configuration 5750 (dup of 5760) -# $tls_out_peercert - GnuTLS - -SERVER= - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = myhost.test.ex -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME -timezone = UTC - -# ----- Main settings ----- - -acl_smtp_rcpt = accept - -log_selector = +tls_peerdn - -queue_only -queue_run_in_order - -tls_advertise_hosts = * - -tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem -tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key - -tls_verify_hosts = * -tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem - -event_action = ${acl {server_cert_log}} - -# - -begin acl - -server_cert_log: - accept condition = ${if eq {tls:cert}{$event_name}} - logwrite = [$sender_host_address] \ - depth=$event_data \ - ${certextract{subject}{$tls_in_peercert}} - accept - -ev_tls: - accept logwrite = $event_name depth=$event_data \ - <${certextract {subject} {$tls_out_peercert}}> -# message = noooo - -ev_msg: - warn logwrite = $acl_arg1 $local_part - warn logwrite = ${if !def:tls_out_ourcert \ - {NO CLIENT CERT presented} \ - {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} - accept condition = ${if !def:tls_out_peercert} - logwrite = No Peer cert - accept logwrite = Peer cert: - logwrite = ver <${certextract {version} {$tls_out_peercert}}> - logwrite = SN <${certextract {subject} {$tls_out_peercert}}> - logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> - logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> - logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> - logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> - logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> - logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> - logwrite = SG <${certextract {signature} {$tls_out_peercert}}> - logwrite = ${certextract {subj_altname} {$tls_out_peercert}{SAN <$value>}{(no SAN)}} -# logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} - logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} - -logger: - accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} - acl = ev_msg $event_name $acl_arg2 - accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} - message = ${acl {ev_tls}} - accept - -# ----- Routers ----- - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - retry_use_local_part - transport = send_to_server - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - - tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem - tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key - - tls_verify_certificates = DIR/aux-fixed/exim-ca/\ - ${if eq {$local_part}{good}\ -{example.com/server1.example.com/ca_chain.pem}\ -{example.net/server1.example.net/ca_chain.pem}} - tls_try_verify_hosts = - tls_verify_cert_hostnames = - - event_action = ${acl {logger} {$event_name} {$domain} } - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/confs/5760 b/test/confs/5760 deleted file mode 100644 index 303420f3d..000000000 --- a/test/confs/5760 +++ /dev/null @@ -1,119 +0,0 @@ -# Exim test configuration 5760 (dup of 5750) -# $tls_out_peercert - OpenSSL - -SERVER= - -exim_path = EXIM_PATH -host_lookup_order = bydns -primary_hostname = myhost.test.ex -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME -timezone = UTC - -# ----- Main settings ----- - -acl_smtp_rcpt = accept - -log_selector = +tls_peerdn - -queue_only -queue_run_in_order - -tls_advertise_hosts = * - -tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem -tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key - -tls_verify_hosts = * -tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem - -event_action = ${acl {server_cert_log}} - -# - -begin acl - -server_cert_log: - accept condition = ${if eq {tls:cert}{$event_name}} - logwrite = [$sender_host_address] \ - depth=$event_data \ - ${certextract{subject}{$tls_in_peercert}} - accept - -ev_tls: - accept logwrite = $event_name depth=$event_data \ - <${certextract {subject} {$tls_out_peercert}}> -# message = nooooo - -ev_msg: - warn logwrite = $acl_arg1 $local_part - warn logwrite = ${if !def:tls_out_ourcert \ - {NO CLIENT CERT presented} \ - {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} - accept condition = ${if !def:tls_out_peercert} - logwrite = No Peer cert - accept logwrite = Peer cert: - logwrite = ver <${certextract {version} {$tls_out_peercert}}> - logwrite = SN <${certextract {subject} {$tls_out_peercert}}> - logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> - logwrite = SNO <${certextract {subject,O} {$tls_out_peercert}}> - logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> - logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> - logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> - logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> - logwrite = SG <${certextract {signature} {$tls_out_peercert}}> - logwrite = ${certextract {subj_altname,>;}{$tls_out_peercert}{SAN <$value>}{(no SAN)}} - logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} - logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} - -logger: - accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} - acl = ev_msg $event_name $acl_arg2 - accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} - message = ${acl {ev_tls}} - accept - -# ----- Routers ----- - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - retry_use_local_part - transport = send_to_server - - -# ----- Transports ----- - -begin transports - -send_to_server: - driver = smtp - allow_localhost - hosts = 127.0.0.1 - port = PORT_D - - tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem - tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key - - tls_verify_certificates = DIR/aux-fixed/exim-ca/\ - ${if eq {$local_part}{good}\ -{example.com/server1.example.com/ca_chain.pem}\ -{example.net/server1.example.net/ca_chain.pem}} - tls_verify_cert_hostnames = - tls_try_verify_hosts = - - event_action = ${acl {logger} {$event_name} {$domain} } - -# ----- Retry ----- - - -begin retry - -* * F,5d,10s - - -# End diff --git a/test/log/5608 b/test/log/5608 deleted file mode 100644 index 5aee9f128..000000000 --- a/test/log/5608 +++ /dev/null @@ -1,60 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 4 (verified) -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" -1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) -1999-03-02 09:44:33 10HmbD-0005vi-00 Completed -1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session -1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbG-0005vi-00 Server certificate revoked; reason: superseded -1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session -1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbH-0005vi-00 Server OSCP dates invalid -1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: ocsp status 4 -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 0 -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: ocsp status 4 -1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbE-0005vi-00 Completed -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/5658 b/test/log/5658 deleted file mode 100644 index 0b0735448..000000000 --- a/test/log/5658 +++ /dev/null @@ -1,57 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" -1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) -1999-03-02 09:44:33 10HmbD-0005vi-00 Completed -1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) -1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session -1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked -1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session -1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp) -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 1 (notresp) -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 0 (notreq) -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: OCSP status 4 (verified) -1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbD-0005vi-00@server1.example.com -1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmbE-0005vi-00 Completed -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. -1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/log/5710 b/test/log/5710 new file mode 100644 index 000000000..5001dbc10 --- /dev/null +++ b/test/log/5710 @@ -0,0 +1,52 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 +1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid +1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad +1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented +1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: +1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3> +1999-03-02 09:44:33 10HmaX-0005vi-00 SN +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; +1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN +1999-03-02 09:44:33 10HmaX-0005vi-00 IN +1999-03-02 09:44:33 10HmaX-0005vi-00 NB +1999-03-02 09:44:33 10HmaX-0005vi-00 NA +1999-03-02 09:44:33 10HmaX-0005vi-00 SA +1999-03-02 09:44:33 10HmaX-0005vi-00 SG <56 3a a4 3c cb eb b8 27 c2 90 08 74 13 88 dc 48 c6 b5 2c e5 26 be 5b 91 d4 67 e7 3c 49 12 d7 47 30 df 98 db 58 ed 18 a8 7d 4b db 97 48 f5 5c 7f 70 b9 37 63 33 f1 24 62 72 92 60 f5 6e da b6 bc 73 c8 c2 dc d6 95 9a bd 16 16 a2 ef 0a f1 d7 41 68 f6 ad 98 5a d0 ff d9 1b 51 9f 59 ce 2f 3d 84 d0 ee e8 2b eb 9b 32 1a 0e 02 3e cc 30 89 44 09 2a 75 81 46 a7 b6 ed 7d 41 eb 5a 63 fa 9c 58 ef> +1999-03-02 09:44:33 10HmaX-0005vi-00 SAN +1999-03-02 09:44:33 10HmaX-0005vi-00 CRU +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad +1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented +1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 +1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good +1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: +1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3> +1999-03-02 09:44:33 10HmaY-0005vi-00 SN +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; +1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN +1999-03-02 09:44:33 10HmaY-0005vi-00 IN +1999-03-02 09:44:33 10HmaY-0005vi-00 NB +1999-03-02 09:44:33 10HmaY-0005vi-00 NA +1999-03-02 09:44:33 10HmaY-0005vi-00 SA +1999-03-02 09:44:33 10HmaY-0005vi-00 SG <56 3a a4 3c cb eb b8 27 c2 90 08 74 13 88 dc 48 c6 b5 2c e5 26 be 5b 91 d4 67 e7 3c 49 12 d7 47 30 df 98 db 58 ed 18 a8 7d 4b db 97 48 f5 5c 7f 70 b9 37 63 33 f1 24 62 72 92 60 f5 6e da b6 bc 73 c8 c2 dc d6 95 9a bd 16 16 a2 ef 0a f1 d7 41 68 f6 ad 98 5a d0 ff d9 1b 51 9f 59 ce 2f 3d 84 d0 ee e8 2b eb 9b 32 1a 0e 02 3e cc 30 89 44 09 2a 75 81 46 a7 b6 ed 7d 41 eb 5a 63 fa 9c 58 ef> +1999-03-02 09:44:33 10HmaY-0005vi-00 SAN +1999-03-02 09:44:33 10HmaY-0005vi-00 CRU +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/log/5720 b/test/log/5720 new file mode 100644 index 000000000..36172936a --- /dev/null +++ b/test/log/5720 @@ -0,0 +1,57 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 Start queue run: pid=pppp -qf +1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA +1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad +1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented +1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: +1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2> +1999-03-02 09:44:33 10HmaX-0005vi-00 SN +1999-03-02 09:44:33 10HmaX-0005vi-00 SN; +1999-03-02 09:44:33 10HmaX-0005vi-00 SNO +1999-03-02 09:44:33 10HmaX-0005vi-00 IN +1999-03-02 09:44:33 10HmaX-0005vi-00 NB +1999-03-02 09:44:33 10HmaX-0005vi-00 NA +1999-03-02 09:44:33 10HmaX-0005vi-00 SA +1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 89:fd:fb:cb:b2:42:d6:aa:f2:c0:44:a2:14:e5:ab:22:50:41:\n e6:64:e7:1c:5a:20:b6:0f:fe:b0:88:c5:cf:b3:e5:f8:0e:87:\n eb:ac:07:d6:9d:6a:20:f6:dd:13:ee:b8:3f:cf:d9:cd:d4:a8:\n 72:50:5a:a2:14:4e:ee:3a:78:e2:a7:f4:ae:d7:ee:77:48:1f:\n 75:a7:68:2f:ee:e2:7c:ac:2f:e4:88:02:e8:3b:db:f9:35:04:\n 05:46:35:0b:f2:35:03:21:b6:1e:82:7d:94:e0:63:4b:60:71:\n 2d:19:45:21:f2:85:b4:c3:d0:77:a2:24:32:36:f3:50:68:38:\n 98:e6\n> +1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN) +1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU) +1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad +1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented +1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=2 +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=1 +1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 +1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good +1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: +1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2> +1999-03-02 09:44:33 10HmaY-0005vi-00 SN +1999-03-02 09:44:33 10HmaY-0005vi-00 SN; +1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <> +1999-03-02 09:44:33 10HmaY-0005vi-00 IN +1999-03-02 09:44:33 10HmaY-0005vi-00 NB +1999-03-02 09:44:33 10HmaY-0005vi-00 NA +1999-03-02 09:44:33 10HmaY-0005vi-00 SA +1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 56:3a:a4:3c:cb:eb:b8:27:c2:90:08:74:13:88:dc:48:c6:b5:\n 2c:e5:26:be:5b:91:d4:67:e7:3c:49:12:d7:47:30:df:98:db:\n 58:ed:18:a8:7d:4b:db:97:48:f5:5c:7f:70:b9:37:63:33:f1:\n 24:62:72:92:60:f5:6e:da:b6:bc:73:c8:c2:dc:d6:95:9a:bd:\n 16:16:a2:ef:0a:f1:d7:41:68:f6:ad:98:5a:d0:ff:d9:1b:51:\n 9f:59:ce:2f:3d:84:d0:ee:e8:2b:eb:9b:32:1a:0e:02:3e:cc:\n 30:89:44:09:2a:75:81:46:a7:b6:ed:7d:41:eb:5a:63:fa:9c:\n 58:ef\n> +1999-03-02 09:44:33 10HmaY-0005vi-00 SAN +1999-03-02 09:44:33 10HmaY-0005vi-00 OCU +1999-03-02 09:44:33 10HmaY-0005vi-00 CRU +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qf + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 [127.0.0.1] depth=2 CN=clica CA,O=example.com +1999-03-02 09:44:33 [127.0.0.1] depth=1 CN=clica Signing Cert,O=example.com +1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/log/5730 b/test/log/5730 new file mode 100644 index 000000000..0b0735448 --- /dev/null +++ b/test/log/5730 @@ -0,0 +1,57 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) +1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked +1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: OCSP status 1 (notresp) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: OCSP status 1 (notresp) +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: OCSP status 0 (notreq) +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: OCSP status 4 (verified) +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmbD-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (recv): The TLS connection was non-properly terminated. +1999-03-02 09:44:33 TLS error on connection from [127.0.0.1] (send): The specified session has been invalidated for some reason. diff --git a/test/log/5740 b/test/log/5740 new file mode 100644 index 000000000..5aee9f128 --- /dev/null +++ b/test/log/5740 @@ -0,0 +1,60 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => norequire@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 client ocsp status: 0 (notreq) +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => good@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content +1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 1 (notresp) +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbG-0005vi-00 Server certificate revoked; reason: superseded +1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbH-0005vi-00 Server OSCP dates invalid +1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 client claims: ocsp status 1 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 client claims: ocsp status 4 +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 client claims: ocsp status 0 +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbB-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 client claims: ocsp status 4 +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmbD-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/5750 b/test/log/5750 deleted file mode 100644 index 5001dbc10..000000000 --- a/test/log/5750 +++ /dev/null @@ -1,52 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad -1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented -1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: -1999-03-02 09:44:33 10HmaX-0005vi-00 ver <3> -1999-03-02 09:44:33 10HmaX-0005vi-00 SN -1999-03-02 09:44:33 10HmaX-0005vi-00 SN; -1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN -1999-03-02 09:44:33 10HmaX-0005vi-00 IN -1999-03-02 09:44:33 10HmaX-0005vi-00 NB -1999-03-02 09:44:33 10HmaX-0005vi-00 NA -1999-03-02 09:44:33 10HmaX-0005vi-00 SA -1999-03-02 09:44:33 10HmaX-0005vi-00 SG <56 3a a4 3c cb eb b8 27 c2 90 08 74 13 88 dc 48 c6 b5 2c e5 26 be 5b 91 d4 67 e7 3c 49 12 d7 47 30 df 98 db 58 ed 18 a8 7d 4b db 97 48 f5 5c 7f 70 b9 37 63 33 f1 24 62 72 92 60 f5 6e da b6 bc 73 c8 c2 dc d6 95 9a bd 16 16 a2 ef 0a f1 d7 41 68 f6 ad 98 5a d0 ff d9 1b 51 9f 59 ce 2f 3d 84 d0 ee e8 2b eb 9b 32 1a 0e 02 3e cc 30 89 44 09 2a 75 81 46 a7 b6 ed 7d 41 eb 5a 63 fa 9c 58 ef> -1999-03-02 09:44:33 10HmaX-0005vi-00 SAN -1999-03-02 09:44:33 10HmaX-0005vi-00 CRU -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad -1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented -1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 -1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good -1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com -1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: -1999-03-02 09:44:33 10HmaY-0005vi-00 ver <3> -1999-03-02 09:44:33 10HmaY-0005vi-00 SN -1999-03-02 09:44:33 10HmaY-0005vi-00 SN; -1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN -1999-03-02 09:44:33 10HmaY-0005vi-00 IN -1999-03-02 09:44:33 10HmaY-0005vi-00 NB -1999-03-02 09:44:33 10HmaY-0005vi-00 NA -1999-03-02 09:44:33 10HmaY-0005vi-00 SA -1999-03-02 09:44:33 10HmaY-0005vi-00 SG <56 3a a4 3c cb eb b8 27 c2 90 08 74 13 88 dc 48 c6 b5 2c e5 26 be 5b 91 d4 67 e7 3c 49 12 d7 47 30 df 98 db 58 ed 18 a8 7d 4b db 97 48 f5 5c 7f 70 b9 37 63 33 f1 24 62 72 92 60 f5 6e da b6 bc 73 c8 c2 dc d6 95 9a bd 16 16 a2 ef 0a f1 d7 41 68 f6 ad 98 5a d0 ff d9 1b 51 9f 59 ce 2f 3d 84 d0 ee e8 2b eb 9b 32 1a 0e 02 3e cc 30 89 44 09 2a 75 81 46 a7 b6 ed 7d 41 eb 5a 63 fa 9c 58 ef> -1999-03-02 09:44:33 10HmaY-0005vi-00 SAN -1999-03-02 09:44:33 10HmaY-0005vi-00 CRU -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received.: Certificate is bad -1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (send): The specified session has been invalidated for some reason. -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/log/5760 b/test/log/5760 deleted file mode 100644 index 36172936a..000000000 --- a/test/log/5760 +++ /dev/null @@ -1,57 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad -1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented -1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: -1999-03-02 09:44:33 10HmaX-0005vi-00 ver <2> -1999-03-02 09:44:33 10HmaX-0005vi-00 SN -1999-03-02 09:44:33 10HmaX-0005vi-00 SN; -1999-03-02 09:44:33 10HmaX-0005vi-00 SNO -1999-03-02 09:44:33 10HmaX-0005vi-00 IN -1999-03-02 09:44:33 10HmaX-0005vi-00 NB -1999-03-02 09:44:33 10HmaX-0005vi-00 NA -1999-03-02 09:44:33 10HmaX-0005vi-00 SA -1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 89:fd:fb:cb:b2:42:d6:aa:f2:c0:44:a2:14:e5:ab:22:50:41:\n e6:64:e7:1c:5a:20:b6:0f:fe:b0:88:c5:cf:b3:e5:f8:0e:87:\n eb:ac:07:d6:9d:6a:20:f6:dd:13:ee:b8:3f:cf:d9:cd:d4:a8:\n 72:50:5a:a2:14:4e:ee:3a:78:e2:a7:f4:ae:d7:ee:77:48:1f:\n 75:a7:68:2f:ee:e2:7c:ac:2f:e4:88:02:e8:3b:db:f9:35:04:\n 05:46:35:0b:f2:35:03:21:b6:1e:82:7d:94:e0:63:4b:60:71:\n 2d:19:45:21:f2:85:b4:c3:d0:77:a2:24:32:36:f3:50:68:38:\n 98:e6\n> -1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN) -1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU) -1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad -1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented -1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=2 -1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=1 -1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 -1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good -1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com -1999-03-02 09:44:33 10HmaY-0005vi-00 Peer cert: -1999-03-02 09:44:33 10HmaY-0005vi-00 ver <2> -1999-03-02 09:44:33 10HmaY-0005vi-00 SN -1999-03-02 09:44:33 10HmaY-0005vi-00 SN; -1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <> -1999-03-02 09:44:33 10HmaY-0005vi-00 IN -1999-03-02 09:44:33 10HmaY-0005vi-00 NB -1999-03-02 09:44:33 10HmaY-0005vi-00 NA -1999-03-02 09:44:33 10HmaY-0005vi-00 SA -1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 56:3a:a4:3c:cb:eb:b8:27:c2:90:08:74:13:88:dc:48:c6:b5:\n 2c:e5:26:be:5b:91:d4:67:e7:3c:49:12:d7:47:30:df:98:db:\n 58:ed:18:a8:7d:4b:db:97:48:f5:5c:7f:70:b9:37:63:33:f1:\n 24:62:72:92:60:f5:6e:da:b6:bc:73:c8:c2:dc:d6:95:9a:bd:\n 16:16:a2:ef:0a:f1:d7:41:68:f6:ad:98:5a:d0:ff:d9:1b:51:\n 9f:59:ce:2f:3d:84:d0:ee:e8:2b:eb:9b:32:1a:0e:02:3e:cc:\n 30:89:44:09:2a:75:81:46:a7:b6:ed:7d:41:eb:5a:63:fa:9c:\n 58:ef\n> -1999-03-02 09:44:33 10HmaY-0005vi-00 SAN -1999-03-02 09:44:33 10HmaY-0005vi-00 OCU -1999-03-02 09:44:33 10HmaY-0005vi-00 CRU -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp -qf - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 [127.0.0.1] depth=2 CN=clica CA,O=example.com -1999-03-02 09:44:33 [127.0.0.1] depth=1 CN=clica Signing Cert,O=example.com -1999-03-02 09:44:33 [127.0.0.1] depth=0 CN=server2.example.com -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server2.example.com" S=sss id=E10HmaY-0005vi-00@myhost.test.ex diff --git a/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 b/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 deleted file mode 100644 index 8010507dc..000000000 --- a/test/scripts/5608-OCSP-OpenSSL-TPDA/5608 +++ /dev/null @@ -1,84 +0,0 @@ -# OCSP stapling, client, tpda -# duplicate of 5601 -# -# -# Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null -**** -exim norequire@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# -# Client works when we request but don't require OCSP stapling and some arrives -exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp -**** -exim norequire@test.ex -test message. -**** -millisleep 500 -# -# -# -# -# Client works when we don't request OCSP stapling -exim nostaple@test.ex -test message. -**** -millisleep 500 -# -# -# -# -# Client accepts good stapled info -exim good@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null -**** -exim failrequire@test.ex -test message. -**** -sleep 1 -killdaemon -no_msglog_check -# -# -# -# Client fails on revoked stapled info -EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp -**** -exim failrevoked@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# -# Client fails on expired stapled info -EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp -**** -exim failexpired@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# diff --git a/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES b/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES deleted file mode 100644 index d4c3b4939..000000000 --- a/test/scripts/5608-OCSP-OpenSSL-TPDA/REQUIRES +++ /dev/null @@ -1,4 +0,0 @@ -support OpenSSL -support OCSP -support Experimental_Event -running IPv4 diff --git a/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 b/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 deleted file mode 100644 index 759810613..000000000 --- a/test/scripts/5658-OCSP-GnuTLS-TPDA/5658 +++ /dev/null @@ -1,84 +0,0 @@ -# OCSP stapling, client, tpda -# duplicate of 5651 -# -# -# Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" -**** -exim norequire@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# -# Client works when we request but don't require OCSP stapling and some arrives -exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp -**** -exim norequire@test.ex -test message. -**** -millisleep 500 -# -# -# -# -# Client works when we don't request OCSP stapling -exim nostaple@test.ex -test message. -**** -millisleep 500 -# -# -# -# -# Client accepts good stapled info -exim good@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DOCSP="" -**** -exim failrequire@test.ex -test message. -**** -sleep 1 -killdaemon -no_msglog_check -# -# -# -# Client fails on revoked stapled info -EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp -**** -exim failrevoked@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# -# Client fails on expired stapled info -EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ - -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp -**** -exim failexpired@test.ex -test message. -**** -sleep 1 -killdaemon -# -# -# -# diff --git a/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES b/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES deleted file mode 100644 index c06f36969..000000000 --- a/test/scripts/5658-OCSP-GnuTLS-TPDA/REQUIRES +++ /dev/null @@ -1,4 +0,0 @@ -support GnuTLS -support OCSP -support Experimental_Event -running IPv4 diff --git a/test/scripts/5700-events/5700 b/test/scripts/5700-events/5700 new file mode 100644 index 000000000..f7cd8272c --- /dev/null +++ b/test/scripts/5700-events/5700 @@ -0,0 +1,94 @@ +# Arbitrary expansion after transport +# (EXPERIMENTAL_TPDA) +# +need_ipv4 +# +exim -odq userx@domain1 +A deliverable message +**** +server PORT_S +220 ESMTP +EHLO +250-OK +250 HELP +MAIL +250 OK +RCPT +250 OK +DATA +354 More... +. +250 OK +QUIT +220 OK +**** +exim -qqf +**** +# +# +# +# +exim -odq userx@domain2 +A deliverable message which will hit a coding error in the config +**** +server PORT_S +220 ESMTP +EHLO +250-OK +250 HELP +MAIL +250 OK +RCPT +250 OK +DATA +354 More... +. +250 OK +QUIT +220 OK +**** +exim -qqf +**** +# +# +# +server PORT_S +220 ESMTP +EHLO +*sleep 4 +**** +exim -odi userx@domain1 +A message which will hit a timeout at the destination server +. +**** +# +# +# +# +# +exim -odq userx@domain1 +A message which will get refused +**** +server PORT_S +220 ESMTP +EHLO +250-OK +250 HELP +MAIL +250 OK +RCPT +550 GO AWAY +QUIT +220 OK +**** +exim -qqf +**** +# +# +# +# +exim -odq userx@domain1 +A message we will cancel from the queue +**** +exim -odi -Mg $msg1 +**** diff --git a/test/scripts/5700-events/REQUIRES b/test/scripts/5700-events/REQUIRES new file mode 100644 index 000000000..33cd625a3 --- /dev/null +++ b/test/scripts/5700-events/REQUIRES @@ -0,0 +1 @@ +support Experimental_Event diff --git a/test/scripts/5700-tpt-post-dlv-action/5700 b/test/scripts/5700-tpt-post-dlv-action/5700 deleted file mode 100644 index f7cd8272c..000000000 --- a/test/scripts/5700-tpt-post-dlv-action/5700 +++ /dev/null @@ -1,94 +0,0 @@ -# Arbitrary expansion after transport -# (EXPERIMENTAL_TPDA) -# -need_ipv4 -# -exim -odq userx@domain1 -A deliverable message -**** -server PORT_S -220 ESMTP -EHLO -250-OK -250 HELP -MAIL -250 OK -RCPT -250 OK -DATA -354 More... -. -250 OK -QUIT -220 OK -**** -exim -qqf -**** -# -# -# -# -exim -odq userx@domain2 -A deliverable message which will hit a coding error in the config -**** -server PORT_S -220 ESMTP -EHLO -250-OK -250 HELP -MAIL -250 OK -RCPT -250 OK -DATA -354 More... -. -250 OK -QUIT -220 OK -**** -exim -qqf -**** -# -# -# -server PORT_S -220 ESMTP -EHLO -*sleep 4 -**** -exim -odi userx@domain1 -A message which will hit a timeout at the destination server -. -**** -# -# -# -# -# -exim -odq userx@domain1 -A message which will get refused -**** -server PORT_S -220 ESMTP -EHLO -250-OK -250 HELP -MAIL -250 OK -RCPT -550 GO AWAY -QUIT -220 OK -**** -exim -qqf -**** -# -# -# -# -exim -odq userx@domain1 -A message we will cancel from the queue -**** -exim -odi -Mg $msg1 -**** diff --git a/test/scripts/5700-tpt-post-dlv-action/REQUIRES b/test/scripts/5700-tpt-post-dlv-action/REQUIRES deleted file mode 100644 index 33cd625a3..000000000 --- a/test/scripts/5700-tpt-post-dlv-action/REQUIRES +++ /dev/null @@ -1 +0,0 @@ -support Experimental_Event diff --git a/test/scripts/5710-GnuTLS-events/5710 b/test/scripts/5710-GnuTLS-events/5710 new file mode 100644 index 000000000..903c79525 --- /dev/null +++ b/test/scripts/5710-GnuTLS-events/5710 @@ -0,0 +1,13 @@ +# TLS client: GnuTLS $tls_out_peercert +exim -DSERVER=server -bd -oX PORT_D +**** +exim bad@test.ex +Testing +**** +exim good@test.ex +Testing +**** +exim -qf +**** +killdaemon +no_msglog_check diff --git a/test/scripts/5710-GnuTLS-events/REQUIRES b/test/scripts/5710-GnuTLS-events/REQUIRES new file mode 100644 index 000000000..66a85d789 --- /dev/null +++ b/test/scripts/5710-GnuTLS-events/REQUIRES @@ -0,0 +1,2 @@ +support Experimental_Event +support GnuTLS diff --git a/test/scripts/5720-OpenSSL-events/5720 b/test/scripts/5720-OpenSSL-events/5720 new file mode 100644 index 000000000..8fa8bd04b --- /dev/null +++ b/test/scripts/5720-OpenSSL-events/5720 @@ -0,0 +1,13 @@ +# TLS client: OpenSSL certificates and extractions +exim -DSERVER=server -bd -oX PORT_D +**** +exim bad@test.ex +Testing +**** +exim good@test.ex +Testing +**** +exim -qf +**** +killdaemon +no_msglog_check diff --git a/test/scripts/5720-OpenSSL-events/REQUIRES b/test/scripts/5720-OpenSSL-events/REQUIRES new file mode 100644 index 000000000..d87b2875d --- /dev/null +++ b/test/scripts/5720-OpenSSL-events/REQUIRES @@ -0,0 +1,2 @@ +support Experimental_Event +support OpenSSL diff --git a/test/scripts/5730-OCSP-GnuTLS-events/5730 b/test/scripts/5730-OCSP-GnuTLS-events/5730 new file mode 100644 index 000000000..759810613 --- /dev/null +++ b/test/scripts/5730-OCSP-GnuTLS-events/5730 @@ -0,0 +1,84 @@ +# OCSP stapling, client, tpda +# duplicate of 5651 +# +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +**** +exim norequire@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client works when we request but don't require OCSP stapling and some arrives +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim norequire@test.ex +test message. +**** +millisleep 500 +# +# +# +# +# Client works when we don't request OCSP stapling +exim nostaple@test.ex +test message. +**** +millisleep 500 +# +# +# +# +# Client accepts good stapled info +exim good@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DOCSP="" +**** +exim failrequire@test.ex +test message. +**** +sleep 1 +killdaemon +no_msglog_check +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim failrevoked@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim failexpired@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# diff --git a/test/scripts/5730-OCSP-GnuTLS-events/REQUIRES b/test/scripts/5730-OCSP-GnuTLS-events/REQUIRES new file mode 100644 index 000000000..c06f36969 --- /dev/null +++ b/test/scripts/5730-OCSP-GnuTLS-events/REQUIRES @@ -0,0 +1,4 @@ +support GnuTLS +support OCSP +support Experimental_Event +running IPv4 diff --git a/test/scripts/5740-OCSP-OpenSSL-events/5740 b/test/scripts/5740-OCSP-OpenSSL-events/5740 new file mode 100644 index 000000000..8010507dc --- /dev/null +++ b/test/scripts/5740-OCSP-OpenSSL-events/5740 @@ -0,0 +1,84 @@ +# OCSP stapling, client, tpda +# duplicate of 5601 +# +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim norequire@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client works when we request but don't require OCSP stapling and some arrives +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim norequire@test.ex +test message. +**** +millisleep 500 +# +# +# +# +# Client works when we don't request OCSP stapling +exim nostaple@test.ex +test message. +**** +millisleep 500 +# +# +# +# +# Client accepts good stapled info +exim good@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim failrequire@test.ex +test message. +**** +sleep 1 +killdaemon +no_msglog_check +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim failrevoked@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim failexpired@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# diff --git a/test/scripts/5740-OCSP-OpenSSL-events/REQUIRES b/test/scripts/5740-OCSP-OpenSSL-events/REQUIRES new file mode 100644 index 000000000..d4c3b4939 --- /dev/null +++ b/test/scripts/5740-OCSP-OpenSSL-events/REQUIRES @@ -0,0 +1,4 @@ +support OpenSSL +support OCSP +support Experimental_Event +running IPv4 diff --git a/test/scripts/5750-GnuTLS-TPDA/5750 b/test/scripts/5750-GnuTLS-TPDA/5750 deleted file mode 100644 index 903c79525..000000000 --- a/test/scripts/5750-GnuTLS-TPDA/5750 +++ /dev/null @@ -1,13 +0,0 @@ -# TLS client: GnuTLS $tls_out_peercert -exim -DSERVER=server -bd -oX PORT_D -**** -exim bad@test.ex -Testing -**** -exim good@test.ex -Testing -**** -exim -qf -**** -killdaemon -no_msglog_check diff --git a/test/scripts/5750-GnuTLS-TPDA/REQUIRES b/test/scripts/5750-GnuTLS-TPDA/REQUIRES deleted file mode 100644 index 66a85d789..000000000 --- a/test/scripts/5750-GnuTLS-TPDA/REQUIRES +++ /dev/null @@ -1,2 +0,0 @@ -support Experimental_Event -support GnuTLS diff --git a/test/scripts/5760-OpenSSL-TPDA/5760 b/test/scripts/5760-OpenSSL-TPDA/5760 deleted file mode 100644 index 8fa8bd04b..000000000 --- a/test/scripts/5760-OpenSSL-TPDA/5760 +++ /dev/null @@ -1,13 +0,0 @@ -# TLS client: OpenSSL certificates and extractions -exim -DSERVER=server -bd -oX PORT_D -**** -exim bad@test.ex -Testing -**** -exim good@test.ex -Testing -**** -exim -qf -**** -killdaemon -no_msglog_check diff --git a/test/scripts/5760-OpenSSL-TPDA/REQUIRES b/test/scripts/5760-OpenSSL-TPDA/REQUIRES deleted file mode 100644 index d87b2875d..000000000 --- a/test/scripts/5760-OpenSSL-TPDA/REQUIRES +++ /dev/null @@ -1,2 +0,0 @@ -support Experimental_Event -support OpenSSL diff --git a/test/scripts/5860-DANE-OpenSSL-TPDA/5860 b/test/scripts/5860-DANE-OpenSSL-TPDA/5860 deleted file mode 100644 index 94bc4d2b8..000000000 --- a/test/scripts/5860-DANE-OpenSSL-TPDA/5860 +++ /dev/null @@ -1,30 +0,0 @@ -# DANE client: TPDA -# -exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D -**** -# TLSA (3 1 1) -exim CALLER@dane256ee.test.ex -Testing -**** -# TLSA (3 1 2) -exim CALLER@mxdane512ee.test.ex -Testing -**** -exim -qf -**** -killdaemon -exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf -**** -# -# -exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D -**** -# TLSA (2 0 1) -exim CALLER@mxdane256ta.test.ex -Testing -**** -exim -qf -**** -killdaemon -exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf -**** diff --git a/test/scripts/5860-DANE-OpenSSL-TPDA/REQUIRES b/test/scripts/5860-DANE-OpenSSL-TPDA/REQUIRES deleted file mode 100644 index 7d32fcd49..000000000 --- a/test/scripts/5860-DANE-OpenSSL-TPDA/REQUIRES +++ /dev/null @@ -1,4 +0,0 @@ -support Experimental_DANE -support Experimental_Event -support OpenSSL -running IPv4 diff --git a/test/scripts/5860-DANE-OpenSSL-events/5860 b/test/scripts/5860-DANE-OpenSSL-events/5860 new file mode 100644 index 000000000..94bc4d2b8 --- /dev/null +++ b/test/scripts/5860-DANE-OpenSSL-events/5860 @@ -0,0 +1,30 @@ +# DANE client: TPDA +# +exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D +**** +# TLSA (3 1 1) +exim CALLER@dane256ee.test.ex +Testing +**** +# TLSA (3 1 2) +exim CALLER@mxdane512ee.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ee -DNOTDAEMON -qf +**** +# +# +exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D +**** +# TLSA (2 0 1) +exim CALLER@mxdane256ta.test.ex +Testing +**** +exim -qf +**** +killdaemon +exim -DSERVER=server -DDETAILS=ta -DNOTDAEMON -qf +**** diff --git a/test/scripts/5860-DANE-OpenSSL-events/REQUIRES b/test/scripts/5860-DANE-OpenSSL-events/REQUIRES new file mode 100644 index 000000000..7d32fcd49 --- /dev/null +++ b/test/scripts/5860-DANE-OpenSSL-events/REQUIRES @@ -0,0 +1,4 @@ +support Experimental_DANE +support Experimental_Event +support OpenSSL +running IPv4 -- cgit v1.2.3