DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode

[exim.git] / test / stderr / 5820

diff --git a/test/stderr/5820 b/test/stderr/5820
index 8cd66384e10128fc0a2782ea042509cd74a022bc..43492b5f7b9e1417e51080252b542567f0985375 100644 (file)
--- a/test/stderr/5820
+++ b/test/stderr/5820
@@ -79,6 +79,8 @@ LOG: unexpected disconnection while reading SMTP command from [127.0.0.1] D=qqs
 ### A server insecurely serving a good TLSA record, dane required (delivery should fail)
 ### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
 ### A server insecurely serving a good A record, dane required (delivery should fail)
+### A server with a name not matching the cert.  TA-mode; should fail
+### A server with a name not matching the cert.  EE-mode; should deliver and claim DANE mode
 
 ******** SERVER ********
 ### TLSA (3 1 1)
@@ -98,3 +100,5 @@ LOG: unexpected disconnection while reading SMTP command from [127.0.0.1] D=qqs
 ### A server insecurely serving a good TLSA record, dane required (delivery should fail)
 ### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE)
 ### A server insecurely serving a good A record, dane required (delivery should fail)
+### A server with a name not matching the cert.  TA-mode; should fail
+### A server with a name not matching the cert.  EE-mode; should deliver and claim DANE mode