GnuTLS: simplify cert hostname checking
[exim.git] / test / confs / 2001
CommitLineData
afda344b
PH
1# Exim test configuration 2001
2
3OPTION=
4SERVER=
5
d4dc049f
JH
6.include DIR/aux-var/tls_conf_prefix
7
afda344b 8primary_hostname = myhost.test.ex
afda344b
PH
9
10# ----- Main settings -----
11
12acl_smtp_rcpt = accept
13
14log_selector = +tls_peerdn
15
16queue_only
17queue_run_in_order
18
19tls_advertise_hosts = *
20
21# Set certificate only if server
22
23tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
24tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
25
26tls_verify_hosts = *
27tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
28
29
5fd28bb8
JH
30# so we can decode in wireshark
31tls_require_ciphers = NORMAL:-KX-ALL:+RSA
32
afda344b
PH
33# ----- Routers -----
34
35begin routers
36
37client:
38 driver = accept
39 condition = ${if eq {SERVER}{server}{no}{yes}}
40 retry_use_local_part
41 transport = send_to_server
42
43
44# ----- Transports -----
45
46begin transports
47
48send_to_server:
49 driver = smtp
50 allow_localhost
51 hosts = 127.0.0.1
52 OPTION
53 port = PORT_D
54 tls_certificate = DIR/aux-fixed/cert2
55 tls_privatekey = DIR/aux-fixed/cert2
56 tls_verify_certificates = DIR/aux-fixed/cert2
610ff438 57 tls_try_verify_hosts =
afda344b
PH
58
59
60# ----- Retry -----
61
62
63begin retry
64
65* * F,5d,10s
66
67
68# End