Commit | Line | Data |
---|---|---|
2b4a568d JH |
1 | # OCSP stapling, server |
2 | # | |
3 | # | |
4 | # | |
98716abe JH |
5 | exim -z '1: Server sends good staple on request' |
6 | **** | |
7 | # | |
2b4a568d JH |
8 | exim -bd -oX PORT_D -DSERVER=server \ |
9 | -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp | |
10 | **** | |
11 | client-gnutls \ | |
12 | -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ | |
13 | HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 | |
14 | ??? 220 | |
15 | ehlo rhu.barb | |
16 | ??? 250- | |
17 | ??? 250- | |
18 | ??? 250- | |
19 | ??? 250- | |
20 | ??? 250- | |
21 | ??? 250 | |
22 | starttls | |
23 | ??? 220 | |
24 | mail from:<userx@test.ex> | |
25 | ??? 250 | |
26 | rcpt to:<userx@test.ex> | |
27 | ??? 250 | |
28 | quit | |
29 | ??? 221 | |
30 | **** | |
31 | killdaemon | |
32 | # | |
33 | # | |
34 | # | |
98716abe JH |
35 | exim -z '2: Server does not staple an outdated response' |
36 | **** | |
37 | # | |
2b4a568d JH |
38 | exim -bd -oX PORT_D -DSERVER=server \ |
39 | -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp | |
40 | **** | |
41 | # XXX test sequence might not be quite right; this is for a server refusal | |
42 | # and we're expecting a client refusal. | |
43 | client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 | |
44 | ??? 220 | |
45 | ehlo rhu.barb | |
46 | ??? 250- | |
47 | ??? 250- | |
48 | ??? 250- | |
49 | ??? 250- | |
50 | ??? 250- | |
51 | ??? 250 | |
52 | starttls | |
53 | ??? 220 | |
54 | **** | |
55 | killdaemon | |
56 | # | |
57 | # | |
58 | # | |
59 | # | |
60 | # | |
98716abe JH |
61 | exim -z '3: Server does not staple a response for a revoked cert' |
62 | **** | |
63 | # | |
2b4a568d JH |
64 | exim -bd -oX PORT_D -DSERVER=server \ |
65 | -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp | |
66 | **** | |
67 | client-gnutls \ | |
68 | -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ | |
69 | HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 | |
70 | ??? 220 | |
71 | ehlo rhu.barb | |
72 | ??? 250- | |
73 | ??? 250- | |
74 | ??? 250- | |
75 | ??? 250- | |
76 | ??? 250- | |
77 | ??? 250 | |
78 | starttls | |
79 | ??? 220 | |
80 | **** | |
81 | killdaemon | |
82 | # | |
83 | # | |
84 | # | |
85 | # | |
86 | # | |
98716abe JH |
87 | exim -z '4: Connection functions when server is prepared to staple but client does not request it' |
88 | **** | |
89 | # | |
90 | exim -bd -oX PORT_D -DSERVER=server \ | |
91 | -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp | |
92 | **** | |
93 | # | |
94 | # Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands) | |
95 | # stapling | |
96 | # | |
97 | #client-gnutls \ | |
98 | client-ssl \ | |
99 | HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 | |
100 | ??? 220 | |
101 | ehlo rhu.barb | |
102 | ??? 250- | |
103 | ??? 250- | |
104 | ??? 250- | |
105 | ??? 250- | |
106 | ??? 250- | |
107 | ??? 250 | |
108 | starttls | |
109 | ??? 220 | |
110 | ehlo rhu.barb.tls | |
111 | ??? 250- | |
112 | ??? 250- | |
113 | ??? 250- | |
114 | ??? 250- | |
115 | ??? 250 | |
116 | quit | |
117 | **** | |
118 | killdaemon | |
119 | # | |
120 | # | |
121 | # | |
122 | # | |
123 | # |