check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
- !encrypted = AES256-SHA:\
- AES256-GCM-SHA384:\
- AES128-GCM-SHA256:\
- IDEA-CBC-MD5:\
- DES-CBC3-SHA:\
- DHE-RSA-AES256-SHA:\
- DHE-RSA-AES256-GCM-SHA384:\
- DHE_RSA_AES_256_CBC_SHA1:\
- DHE_RSA_3DES_EDE_CBC_SHA:\
- ECDHE-RSA-AES256-GCM-SHA384:\
- ECDHE-RSA-AES128-GCM-SHA256:\
- ECDHE-RSA-CHACHA20-POLY1305
+ !encrypted = *
accept
check_recipient:
accept hosts = :
deny hosts = HOSTIPV4
- !encrypted = AES256-SHA : \
- AES256-GCM-SHA384 : \
- AES128-GCM-SHA256 : \
- IDEA-CBC-MD5 : \
- DES-CBC3-SHA : \
- DHE-RSA-AES256-SHA : \
- DHE-RSA-AES256-GCM-SHA384 : \
- DHE_RSA_AES_256_CBC_SHA1 : \
- DHE_RSA_3DES_EDE_CBC_SHA : \
- ECDHE-RSA-AES256-GCM-SHA384 : \
- ECDHE-RSA-AES128-GCM-SHA256 : \
- ECDHE-RSA-CHACHA20-POLY1305
+ !encrypted = *
warn logwrite = ${if def:tls_in_ourcert \
{Our cert SN: <${certextract{subject}{$tls_in_ourcert}}>} \
{We did not present a cert}}
$etc = shift;
}
+ if (open(my $f, '-|', 'openssl version')) {
+ <$f> =~ /1.1.1/ && return "openssl_1_1_1";
+ }
+
if (open(my $f, '<', "$etc/os-release")) {
local $_ = join '', <$f>;
my ($id) = /^ID="?(.*?)"?\s*$/m;
sub flavours {
my %h = map { /\.(\S+)$/, 1 }
- grep { !/\.orig$/ } glob('stdout/*.*'), glob('stderr/*.*');
+ grep { !/\.orig$/ } glob('stdout/*.*'), glob('stderr/*.*'), glob('log/*.*');
return sort keys %h;
}
=item B<flavours>()
-Return a list of available flavours. It does so by scanning F<stdout/> and
+Return a list of available flavours. It does so by scanning F<log/>, F<stdout/> and
F<stderr/> for I<flavour> files (extensions after the numerical prefix.
=back
--- /dev/null
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
+1999-03-02 09:44:33 Peer did not present a cert
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
+1999-03-02 09:44:33 Peer did not present a cert
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
+1999-03-02 09:44:33 Peer cert:
+1999-03-02 09:44:33 ver 2
+1999-03-02 09:44:33 SR <c9>
+1999-03-02 09:44:33 SN <CN=server2.example.com>
+1999-03-02 09:44:33 IN <CN=clica Signing Cert rsa,O=example.com>
+1999-03-02 09:44:33 IN/O <example.com>
+1999-03-02 09:44:33 NB/r <Nov 1 12:34:04 2012 GMT>
+1999-03-02 09:44:33 NB <Nov 1 12:34:04 2012 +0000>
+1999-03-02 09:44:33 NB/i <1351773244>
+1999-03-02 09:44:33 NA/i <2143283644>
+1999-03-02 09:44:33 NA <Dec 1 12:34:04 2037 +0000>
+1999-03-02 09:44:33 SA <sha256WithRSAEncryption>
+1999-03-02 09:44:33 SG < 80:00:39:4c:bb:2c:16:e6:be:ee:54:b7:f6:9f:89:fe:71:62:\n 79:2f:90:57:95:07:54:67:2f:e9:12:96:41:1b:c5:9b:dd:de:\n 68:2d:e5:d7:a7:35:c7:ea:b1:d9:95:12:40:49:0c:07:3d:0c:\n 74:df:57:d1:b6:04:5f:83:5c:15:fe:9a:7f:b7:35:7d:ec:f8:\n b7:4d:ac:76:ea:8c:44:8a:86:e0:42:38:78:ff:68:8a:09:83:\n 44:10:67:b4:fd:a4:5c:a4:ea:91:41:e7:8e:a7:79:37:f6:e2:\n f8:de:9d:0f:96:85:18:22:2c:5c:06:af:01:85:94:62:c1:69:\n 8d:2e\n>
+1999-03-02 09:44:33 SAN <DNS=*.test.ex\nDNS=server2.example.com>
+1999-03-02 09:44:33 OCU <http://oscp.example.com/>
+1999-03-02 09:44:33 (no CRU)
+1999-03-02 09:44:33 md5 fingerprint 313E07141F2FF0CBC0A76EB57CA49D58
+1999-03-02 09:44:33 sha1 fingerprint 778B892247D2ABD365BA1530A50141AF052E271E
+1999-03-02 09:44:33 sha256 fingerprint 05F3012D41AE8A8173BE3AE71F7F9B3535391CACF77003B723F14B21064F6648
+1999-03-02 09:44:33 der_b64 MIICszCCAhygAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTIzNDA0WhcNMzcxMjAxMTIzNDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCf6MdoozlJCZPwdIHXdFHddXJfZ5xn2e6XoMmSjqOrOJYIIFKdgtlrMhtTVU1VLlK6V7H8142r78YQ4RKcj9QhTuQJxrrVtVuRt38Zy4RW0/+ujMcXoV8nV7Yt1c1z/tIJ4afSapAnAAm5wVdIbUhUeM/K5Wozm1gV5OCtNZPa4QIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADgYEAgAA5TLssFua+7lS39p+J/nFieS+QV5UHVGcv6RKWQRvFm93eaC3l16c1x+qx2ZUSQEkMBz0MdN9X0bYEX4NcFf6af7c1fez4t02sduqMRIqG4EI4eP9oigmDRBBntP2kXKTqkUHnjqd5N/bi+N6dD5aFGCIsXAavAYWUYsFpjS4=
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server2.example.com" S=sss
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com>
+1999-03-02 09:44:33 Peer did not present a cert
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-ECDSA-AES256-SHA:xxx CV=no S=sss
s/SSL3_READ_BYTES/ssl3_read_bytes/i;
s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
+ s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/;
# gnutls version variances
next if /^Error in the pull function./;
exim -DSERVER=server -bd -oX PORT_D
****
### No certificate, certificate required
-client-ssl HOSTIPV4 PORT_D
+client-ssl -t2 HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
starttls
??? 220
noop
+????554 Security failure
+noop
??? 554 Security failure
quit
????554 Security failure
-??? 221
+????221
???*
****
### No certificate, certificate optional at TLS time, required by ACL
starttls
??? 220
noop
+????554 Security failure
+noop
??? 554 Security failure
****
### Bad certificate, certificate optional at TLS time, reject at ACL time
starttls
??? 220
noop
+????554 Security failure
+noop
??? 554 Security failure
****
### Revoked certificate, certificate optional at TLS time, reject at ACL time
# TLS server: empty/non-existent certificate file
exim -DSERVER=server -bd -oX PORT_D
****
-client-ssl HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+client-ssl -t2 HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
??? 250-
??? 250
starttls
??? 220
+noop
+????554 Security failure
+noop
+??? 554 Security failure
****
killdaemon
exim -DSERVER=server -DCERT=/non/exist -bd -oX PORT_D
# TLS server: server ca cert from directory
exim -DSERVER=server -bd -oX PORT_D
****
+#
+### Should accept message
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
quit
??? 221
****
+### Should accept message (with a difficult env-from)
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
quit
??? 221
****
-client-ssl HOSTIPV4 PORT_D
+### client cert verify required; none given
+client-ssl -t2 HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250
starttls
??? 220
-+++ 1
-help
+noop
+????554
+noop
??? 554
****
+### client cert verify required; good one supplied
client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
ehlo rhu.barb
case SSL_ERROR_ZERO_RETURN:
break;
case SSL_ERROR_SYSCALL:
- printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); break;
+ printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
rc = -1;
+ break;
case SSL_ERROR_SSL:
- printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); break;
+ printf("%s\nTLS terminated\n", ERR_error_string(ERR_get_error(), NULL));
SSL_shutdown(srv->ssl);
SSL_free(srv->ssl);
srv->tls_active = FALSE;
+ { /* OpenSSL leaves it in restartsys mode */
+ struct sigaction act = {.sa_handler = sigalrm_handler_flag, .sa_flags = 0};
+ sigalrm_seen = 1;
+ sigaction(SIGALRM, &act, NULL);
+ }
+ *inptr = 0;
goto nextinput;
default:
printf("SSL error code %d\n", error);
}
-
#endif
#ifdef HAVE_GNUTLS
rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
if (rc < 0)
{
+ if (errno == EINTR && sigalrm_seen && resp_optional)
+ continue; /* next scriptline */
printf("Read error %s\n", strerror(errno));
exit(81);
}
+### Should accept message
+### Should accept message (with a difficult env-from)
+### client cert verify required; none given
+### client cert verify required; good one supplied
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? no (option unset)
>>> host in host_reject_connection? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
******** SERVER ********
+### Should accept message
+### Should accept message (with a difficult env-from)
+### client cert verify required; none given
+### client cert verify required; good one supplied
--- /dev/null
+### No certificate, certificate required
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> noop
+????554 Security failure
+error:dddddddd:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required
+TLS terminated
+>>> noop
+??? 554 Security failure
+<<< 554 Security failure
+>>> quit
+????554 Security failure
+????221
+???*
+Expected EOF read
+End of script
+### No certificate, certificate optional at TLS time, required by ACL
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> helo rhu.barb
+??? 250
+<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 550
+<<< 550 certificate not verified: peerdn=
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Good certificate, certificate required
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Good certificate, certificate optional at TLS time, checked by ACL
+Connecting to 127.0.0.1 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Bad certificate, certificate required
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> noop
+????554 Security failure
+error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
+TLS terminated
+>>> noop
+??? 554 Security failure
+<<< 554 Security failure
+End of script
+### Bad certificate, certificate optional at TLS time, reject at ACL time
+Connecting to 127.0.0.1 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
+Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 550
+<<< 550 certificate not verified: peerdn=/CN=server1.example.net
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Otherwise good but revoked certificate, certificate required
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> noop
+????554 Security failure
+error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked
+TLS terminated
+>>> noop
+??? 554 Security failure
+<<< 554 Security failure
+End of script
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
+Connecting to 127.0.0.1 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 550
+<<< 550 certificate not verified: peerdn=/CN=revoked1.example.com
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Good certificate, certificate required - but nonmatching CRL also present
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
+Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+
+******** SERVER ********
+### No certificate, certificate required
+### No certificate, certificate optional at TLS time, required by ACL
+### Good certificate, certificate required
+### Good certificate, certificate optional at TLS time, checked by ACL
+### Bad certificate, certificate required
+### Bad certificate, certificate optional at TLS time, reject at ACL time
+### Otherwise good but revoked certificate, certificate required
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
+### Good certificate, certificate required - but nonmatching CRL also present
--- /dev/null
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> noop
+????554 Security failure
+error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
+TLS terminated
+>>> noop
+??? 554 Security failure
+<<< 554 Security failure
+End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 454
+<<< 454 TLS currently unavailable
+Abandoning TLS start attempt
+End of script
--- /dev/null
+### Should accept message
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<CALLER@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<CALLER@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 3
+<<< 354 Enter message, ending with "." on a line by itself
+>>> This is a test encrypted message.
+>>> .
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### Should accept message (with a difficult env-from)
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<"name with spaces"@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<CALLER@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 3
+<<< 354 Enter message, ending with "." on a line by itself
+>>> This is a test encrypted message.
+>>> .
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+### client cert verify required; none given
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> noop
+????554
+error:dddddddd:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required
+TLS terminated
+>>> noop
+??? 554
+<<< 554 Security failure
+End of script
+### client cert verify required; good one supplied
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+Key file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<CALLER@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<CALLER@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 3
+<<< 354 Enter message, ending with "." on a line by itself
+>>> This is a test encrypted message from a verified host.
+>>> .
+??? 250
+<<< 250 OK id=10HmaZ-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+
+**** SMTP testing session as if from host 10.0.0.1
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+503 STARTTLS command used when not advertised\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+### Should accept message
+### Should accept message (with a difficult env-from)
+### client cert verify required; none given
+### client cert verify required; good one supplied
projects / exim.git / commitdiff