X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=test%2Fconfs%2F5750;h=13ee1498f566f6e5961b73c618ffda7d9bba648e;hb=055e2cb463e4e4adf2d9292a50ac274938f9a5ac;hp=8cfef31531dcd6a52caf6b1726c10ac364e80e29;hpb=774ef2d7d0f7fffbfd114271b8567e36485898dc;p=exim.git diff --git a/test/confs/5750 b/test/confs/5750 index 8cfef3153..13ee1498f 100644 --- a/test/confs/5750 +++ b/test/confs/5750 @@ -6,11 +6,11 @@ SERVER= exim_path = EXIM_PATH host_lookup_order = bydns primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s spool_directory = DIR/spool log_file_path = DIR/spool/log/SERVER%slog gecos_pattern = "" gecos_name = CALLER_NAME +timezone = UTC # ----- Main settings ----- @@ -29,10 +29,19 @@ tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.e tls_verify_hosts = * tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem +event_action = ${acl {server_cert_log}} + # begin acl +server_cert_log: + accept condition = ${if eq {tls:cert}{$event_name}} + logwrite = [$sender_host_address] \ + depth=$event_data \ + ${certextract{subject}{$tls_in_peercert}} + accept + ev_tls: accept logwrite = $event_name depth=$event_data \ <${certextract {subject} {$tls_out_peercert}}> @@ -48,6 +57,8 @@ ev_msg: accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> @@ -92,6 +103,8 @@ send_to_server: ${if eq {$local_part}{good}\ {example.com/server1.example.com/ca_chain.pem}\ {example.net/server1.example.net/ca_chain.pem}} + tls_try_verify_hosts = + tls_verify_cert_hostnames = event_action = ${acl {logger} {$event_name} {$domain} }