### No certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:[...]:SSL alert number 40
Failed to start TLS
End of script
### No certificate, certificate optional at TLS time, required by ACL
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> helo rhu.barb
??? 250
<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate optional at TLS time, checked by ACL
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Bad certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:[...]:SSL alert number 48
Failed to start TLS
End of script
### Bad certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=/CN=server1.example.net
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Otherwise good but revoked certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked:[...]:SSL alert number 44
Failed to start TLS
End of script
### Revoked certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=/CN=revoked1.example.com
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate required - but nonmatching CRL also present
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
SSL connection using ke-RSA-AES256-SHA
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script

******** SERVER ********
### No certificate, certificate required
### No certificate, certificate optional at TLS time, required by ACL
### Good certificate, certificate required
### Good certificate, certificate optional at TLS time, checked by ACL
### Bad certificate, certificate required
### Bad certificate, certificate optional at TLS time, reject at ACL time
### Otherwise good but revoked certificate, certificate required
### Revoked certificate, certificate optional at TLS time, reject at ACL time
### Good certificate, certificate required - but nonmatching CRL also present