[exim.git] / test / scripts / 5860-DANE-OpenSSL-events / 5861

# DANE client: dane-fail events
#
### A server with a nonverifying cert and no TLSA
# Check we get a non-CV but TLS connection, with try_dane but no require_dane
# There should not be a dane-fail event
exim -DSERVER=server -DDETAILS=no -bd -oX PORT_D
****
exim -odf CALLER@thishost.test.ex
Testing
****
killdaemon
#
### A server with a verifying cert and no TLSA
# Check we get a CV and TLS connection, with try_dane but no require_dane
# There should not be a dane-fail event
exim -DSERVER=server -DDETAILS=ca -bd -oX PORT_D
****
exim -odf CALLER@thishost.test.ex
Testing
****
exim -DOPT=no_certname -qf
****
killdaemon
#
#
exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
****
### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
# One dane-fail event, as one of the MXs was dane-required
exim -odf CALLER@mxdanelazy.test.ex
Testing
****
### A server lacking a TLSA, dane required (should fail; should get an event)
exim -odf CALLER@dane.no.1.test.ex
Testing
****
### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
# No event
exim -odf CALLER@dane.no.2.test.ex
Testing
****
### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
# gets an event, as the TLSA fail was non-dnssec
exim -odf CALLER@danebroken1.test.ex
Testing
****
### A server securely saying "no TLSA records here", dane required (delivery should fail)
# An event; dane-required
exim -odf CALLER@dane.no.3.test.ex
Testing
****
### A server securely saying "no TLSA records here", dane requested only (should deliver)
# No event (dane is not supported by this target, so not a failure)
exim -odf CALLER@dane.no.4.test.ex
Testing
****
#
### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
# An event (validation-failure)
exim -odf CALLER@danebroken2.test.ex
Testing
****
### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
# No event (we didn't get a usable TLSA, so dane is not supported by...)
exim -odf CALLER@danebroken3.test.ex
Testing
****
### A server insecurely serving a good TLSA record, dane required (delivery should fail)
# An event (dane-required)
exim -odf CALLER@danebroken4.test.ex
Testing
****
### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
# No event (not dane-worthy)
exim -odf CALLER@danebroken5.test.ex
Testing
****
### A server insecurely serving a good A record, dane required (delivery should fail)
# An event (dane-required)
exim -odf CALLER@danebroken6.test.ex
Testing
****
#
killdaemon
#
#
#
### A server with a name not matching the cert.  TA-mode; should fail
# An event (validation-failure)
exim -DSERVER=server -DDETAILS=cert.net -bd -oX PORT_D
****
exim -odf CALLER@danebroken7.example.com
Testing
****
#
### A server with a name not matching the cert.  EE-mode; should deliver and claim DANE mode
# No event (no failure)
exim -odf CALLER@danebroken8.example.com
Testing
****
#
killdaemon
no_msglog_check
no_stderr_check
Commit	Line	Data
c4b57fdd JH	1	# DANE client: dane-fail events
	2	#
	3	### A server with a nonverifying cert and no TLSA
	4	# Check we get a non-CV but TLS connection, with try_dane but no require_dane
	5	# There should not be a dane-fail event
	6	exim -DSERVER=server -DDETAILS=no -bd -oX PORT_D
	7	****
	8	exim -odf CALLER@thishost.test.ex
	9	Testing
	10	****
	11	killdaemon
	12	#
	13	### A server with a verifying cert and no TLSA
	14	# Check we get a CV and TLS connection, with try_dane but no require_dane
	15	# There should not be a dane-fail event
	16	exim -DSERVER=server -DDETAILS=ca -bd -oX PORT_D
	17	****
	18	exim -odf CALLER@thishost.test.ex
	19	Testing
	20	****
	21	exim -DOPT=no_certname -qf
	22	****
	23	killdaemon
	24	#
	25	#
	26	exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
	27	****
	28	### A server with two MXs for which both TLSA lookups return defer (delivery should defer)
	29	# One dane-fail event, as one of the MXs was dane-required
	30	exim -odf CALLER@mxdanelazy.test.ex
	31	Testing
	32	****
	33	### A server lacking a TLSA, dane required (should fail; should get an event)
	34	exim -odf CALLER@dane.no.1.test.ex
	35	Testing
	36	****
	37	### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC)
	38	# No event
	39	exim -odf CALLER@dane.no.2.test.ex
	40	Testing
	41	****
	42	### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer)
	43	# gets an event, as the TLSA fail was non-dnssec
	44	exim -odf CALLER@danebroken1.test.ex
	45	Testing
	46	****
	47	### A server securely saying "no TLSA records here", dane required (delivery should fail)
	48	# An event; dane-required
	49	exim -odf CALLER@dane.no.3.test.ex
	50	Testing
	51	****
	52	### A server securely saying "no TLSA records here", dane requested only (should deliver)
	53	# No event (dane is not supported by this target, so not a failure)
	54	exim -odf CALLER@dane.no.4.test.ex
	55	Testing
	56	****
	57	#
	58	### A server securely serving a wrong TLSA record, dane requested only (delivery should fail)
	59	# An event (validation-failure)
	60	exim -odf CALLER@danebroken2.test.ex
	61	Testing
	62	****
	63	### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE)
	64	# No event (we didn't get a usable TLSA, so dane is not supported by...)
65	exim -odf CALLER@danebroken3.test.ex
66	Testing
67	****
68	### A server insecurely serving a good TLSA record, dane required (delivery should fail)
69	# An event (dane-required)
70	exim -odf CALLER@danebroken4.test.ex
71	Testing
72	****
73	### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
74	# No event (not dane-worthy)
75	exim -odf CALLER@danebroken5.test.ex
76	Testing
77	****
78	### A server insecurely serving a good A record, dane required (delivery should fail)
79	# An event (dane-required)
80	exim -odf CALLER@danebroken6.test.ex
81	Testing
82	****
83	#
84	killdaemon
85	#
86	#
87	#
88	### A server with a name not matching the cert. TA-mode; should fail
89	# An event (validation-failure)
90	exim -DSERVER=server -DDETAILS=cert.net -bd -oX PORT_D
91	****
92	exim -odf CALLER@danebroken7.example.com
93	Testing
94	****
95	#
96	### A server with a name not matching the cert. EE-mode; should deliver and claim DANE mode
97	# No event (no failure)
98	exim -odf CALLER@danebroken8.example.com
99	Testing
100	****
101	#
102	killdaemon
103	no_msglog_check
104	no_stderr_check