Testsuite: replicate testcases for LE OCSP
[exim.git] / test / confs / 5611
CommitLineData
e5b60be7
JH
1# Exim test configuration 5601
2# OCSP stapling, client
3
4SERVER =
5
6exim_path = EXIM_PATH
7keep_environment = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
8host_lookup_order = bydns
9spool_directory = DIR/spool
10log_file_path = DIR/spool/log/SERVER%slog
11gecos_pattern = ""
12gecos_name = CALLER_NAME
13chunking_advertise_hosts =
14primary_hostname = server1.example.com
15
16
17# ----- Main settings -----
18
19domainlist local_domains = test.ex : *.test.ex
20
21acl_smtp_rcpt = check_recipient
22acl_smtp_data = check_data
23
24log_selector = +tls_peerdn
25remote_max_parallel = 1
26
27tls_advertise_hosts = *
28
29# Set certificate only if server
30
31tls_certificate = ${if eq {SERVER}{server}\
32{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
33fail\
34}
35
36#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
37
38tls_privatekey = ${if eq {SERVER}{server}\
39{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
40fail}
41
42tls_ocsp_file = RETURN
43
44
45# ------ ACL ------
46
47begin acl
48
49check_recipient:
50 accept domains = +local_domains
51 deny message = relay not permitted
52
53check_data:
54 warn condition = ${if def:h_X-TLS-out:}
55 logwrite = client claims: $h_X-TLS-out:
56 accept
57
58# ----- Routers -----
59
60begin routers
61
62client:
63 driver = accept
64 condition = ${if eq {SERVER}{server}{no}{yes}}
65 retry_use_local_part
66 transport = send_to_server${if eq{$local_part}{nostaple}{1} \
67 {${if eq{$local_part}{norequire} {2} \
68 {${if eq{$local_part}{smtps} {4}{3}}} \
69 }}}
70
71server:
72 driver = redirect
73 data = :blackhole:
74 #retry_use_local_part
75 #transport = local_delivery
76
77
78# ----- Transports -----
79
80begin transports
81
82local_delivery:
83 driver = appendfile
84 file = DIR/test-mail/$local_part
85 headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
86 user = CALLER
87
88send_to_server1:
89 driver = smtp
90 allow_localhost
91 hosts = HOSTIPV4
92 port = PORT_D
93 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
94 tls_verify_cert_hostnames =
95 hosts_require_tls = *
96 hosts_request_ocsp = :
97 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
98 (${listextract {${eval:$tls_out_ocsp+1}} \
99 {notreq:notresp:vfynotdone:failed:verified}})
100
101send_to_server2:
102 driver = smtp
103 allow_localhost
104 hosts = HOSTIPV4
105 port = PORT_D
106 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
107 tls_verify_cert_hostnames =
108 hosts_require_tls = *
109# note no ocsp mention here
110 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
111 (${listextract {${eval:$tls_out_ocsp+1}} \
112 {notreq:notresp:vfynotdone:failed:verified}})
113
114send_to_server3:
115 driver = smtp
116 allow_localhost
117 hosts = 127.0.0.1
118 port = PORT_D
119 helo_data = helo.data.changed
120 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
121 tls_verify_cert_hostnames =
122 hosts_require_tls = *
123 hosts_require_ocsp = *
124 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
125 (${listextract {${eval:$tls_out_ocsp+1}} \
126 {notreq:notresp:vfynotdone:failed:verified}})
127
128send_to_server4:
129 driver = smtp
130 allow_localhost
131 hosts = 127.0.0.1
132 port = PORT_D
133 helo_data = helo.data.changed
134 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
135 tls_verify_cert_hostnames =
136 protocol = smtps
137 hosts_require_tls = *
138 hosts_require_ocsp = *
139 headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
140 (${listextract {${eval:$tls_out_ocsp+1}} \
141 {notreq:notresp:vfynotdone:failed:verified}})
142
143
144# ----- Retry -----
145
146
147begin retry
148
149* * F,5d,1s
150
151
152# End