Commit | Line | Data |
---|---|---|
59371ea7 PH |
1 | # TLS server: mandatory, optional, and revoked certificates |
2 | exim -DSERVER=server -bd -oX PORT_D | |
3 | **** | |
dc9c8f8b | 4 | ### No certificate, certificate required |
59371ea7 PH |
5 | client-ssl HOSTIPV4 PORT_D |
6 | ??? 220 | |
7 | ehlo rhu.barb | |
8 | ??? 250- | |
9 | ??? 250- | |
10 | ??? 250- | |
11 | ??? 250- | |
5b456975 | 12 | ??? 250- |
59371ea7 PH |
13 | ??? 250 |
14 | starttls | |
15 | ??? 220 | |
16 | **** | |
dc9c8f8b | 17 | ### No certificate, certificate optional at TLS time, required by ACL |
59371ea7 PH |
18 | client-ssl 127.0.0.1 PORT_D |
19 | ??? 220 | |
20 | ehlo rhu.barb | |
21 | ??? 250- | |
22 | ??? 250- | |
23 | ??? 250- | |
24 | ??? 250- | |
5b456975 | 25 | ??? 250- |
59371ea7 PH |
26 | ??? 250 |
27 | starttls | |
28 | ??? 220 | |
29 | helo rhu.barb | |
30 | ??? 250 | |
31 | mail from:<userx@test.ex> | |
32 | ??? 250 | |
33 | rcpt to:<userx@test.ex> | |
34 | ??? 550 | |
35 | quit | |
36 | ??? 221 | |
37 | **** | |
dc9c8f8b JH |
38 | ### Good certificate, certificate required |
39 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
40 | ??? 220 |
41 | ehlo rhu.barb | |
42 | ??? 250- | |
43 | ??? 250- | |
44 | ??? 250- | |
45 | ??? 250- | |
5b456975 | 46 | ??? 250- |
59371ea7 PH |
47 | ??? 250 |
48 | starttls | |
49 | ??? 220 | |
50 | mail from:<userx@test.ex> | |
51 | ??? 250 | |
52 | rcpt to:<userx@test.ex> | |
53 | ??? 250 | |
54 | quit | |
55 | ??? 221 | |
56 | **** | |
dc9c8f8b JH |
57 | ### Good certificate, certificate optional at TLS time, checked by ACL |
58 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
59 | ??? 220 |
60 | ehlo rhu.barb | |
61 | ??? 250- | |
62 | ??? 250- | |
63 | ??? 250- | |
64 | ??? 250- | |
5b456975 | 65 | ??? 250- |
59371ea7 PH |
66 | ??? 250 |
67 | starttls | |
68 | ??? 220 | |
69 | mail from:<userx@test.ex> | |
70 | ??? 250 | |
71 | rcpt to:<userx@test.ex> | |
72 | ??? 250 | |
73 | quit | |
74 | ??? 221 | |
75 | **** | |
dc9c8f8b JH |
76 | ### Bad certificate, certificate required |
77 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
78 | ??? 220 |
79 | ehlo rhu.barb | |
80 | ??? 250- | |
81 | ??? 250- | |
82 | ??? 250- | |
83 | ??? 250- | |
5b456975 | 84 | ??? 250- |
59371ea7 PH |
85 | ??? 250 |
86 | starttls | |
87 | ??? 220 | |
88 | **** | |
dc9c8f8b JH |
89 | ### Bad certificate, certificate optional at TLS time, reject at ACL time |
90 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
91 | ??? 220 |
92 | ehlo rhu.barb | |
93 | ??? 250- | |
94 | ??? 250- | |
95 | ??? 250- | |
96 | ??? 250- | |
5b456975 | 97 | ??? 250- |
59371ea7 PH |
98 | ??? 250 |
99 | starttls | |
100 | ??? 220 | |
101 | mail from:<userx@test.ex> | |
102 | ??? 250 | |
103 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
104 | ??? 550 |
105 | quit | |
106 | ??? 221 | |
107 | **** | |
108 | killdaemon | |
dc9c8f8b JH |
109 | # |
110 | # | |
111 | # | |
112 | # | |
113 | exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D | |
59371ea7 | 114 | **** |
dc9c8f8b JH |
115 | ### Otherwise good but revoked certificate, certificate required |
116 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
117 | ??? 220 |
118 | ehlo rhu.barb | |
119 | ??? 250- | |
120 | ??? 250- | |
121 | ??? 250- | |
122 | ??? 250- | |
5b456975 | 123 | ??? 250- |
59371ea7 PH |
124 | ??? 250 |
125 | starttls | |
126 | ??? 220 | |
127 | **** | |
dc9c8f8b JH |
128 | ### Revoked certificate, certificate optional at TLS time, reject at ACL time |
129 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
130 | ??? 220 |
131 | ehlo rhu.barb | |
132 | ??? 250- | |
133 | ??? 250- | |
134 | ??? 250- | |
135 | ??? 250- | |
5b456975 | 136 | ??? 250- |
59371ea7 PH |
137 | ??? 250 |
138 | starttls | |
139 | ??? 220 | |
140 | mail from:<userx@test.ex> | |
141 | ??? 250 | |
142 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
143 | ??? 550 |
144 | quit | |
145 | ??? 221 | |
146 | **** | |
dc9c8f8b JH |
147 | ### Good certificate, certificate required - but nonmatching CRL also present |
148 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
149 | ??? 220 | |
150 | ehlo rhu.barb | |
151 | ??? 250- | |
152 | ??? 250- | |
153 | ??? 250- | |
154 | ??? 250- | |
155 | ??? 250- | |
156 | ??? 250 | |
157 | starttls | |
158 | ??? 220 | |
159 | mail from:<userx@test.ex> | |
160 | ??? 250 | |
161 | rcpt to:<userx@test.ex> | |
162 | ??? 250 | |
163 | quit | |
164 | ??? 221 | |
165 | **** | |
59371ea7 | 166 | killdaemon |