Testsuite: synch log output
[exim.git] / test / scripts / 2000-GnuTLS / 2002
CommitLineData
9d1c15ef 1# TLS server: general ops and certificate extractions
59371ea7 2gnutls
cbe4bbb2
JH
3#
4# Very early (unsure when) GnuTLS prefers RSA auth by default. Later, but before 3.6.x, prefers
5# ECDSA but the client can be given a priority order to override that. We're running the server
6# with no priority string given (tls_require_ciphers) hence default, and with both types of
7# server cert loaded (RSA first, though we don't document that as relevant and in testing it
8# does not appear to matter).
9#
10# GnuTLS 3.6.5 appears to ignore the client priority ordering, always choosing ECDSA if both
11# are permitted, if TLS1.3 is permitted, so we limit to TLS1.2.
12#
59371ea7
PH
13exim -DSERVER=server -bd -oX PORT_D
14****
cbe4bbb2
JH
15# Have the client do RSA (but support ECDSA as well). That should get us RSA on both older and newer GnuTLS.
16client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
59371ea7
PH
17??? 220
18ehlo rhu.barb
19??? 250-
20??? 250-
21??? 250-
22??? 250-
5b456975 23??? 250-
59371ea7
PH
24??? 250
25starttls
26??? 220
27mail from:<CALLER@test.ex>
28??? 250
29rcpt to:<CALLER@test.ex>
30??? 250
31DATA
32??? 3
33This is a test encrypted message.
34.
35??? 250
36quit
37??? 221
38****
cbe4bbb2 39client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
fd98a5c6
JH
40??? 220
41ehlo rhu.barb
42??? 250-
43??? 250-
44??? 250-
45??? 250-
46??? 250-
47??? 250
48starttls
49??? 220
50mail from:<"name with spaces"@test.ex>
51??? 250
52rcpt to:<CALLER@test.ex>
53??? 250
54DATA
55??? 3
56This is a test encrypted message.
57.
58??? 250
59quit
60??? 221
61****
5f5708ef
JH
62#
63# Server asks for a client cert but client does not supply one
cbe4bbb2 64client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D
59371ea7
PH
65??? 220
66ehlo rhu.barb
67??? 250-
5f5708ef
JH
68??? 250-SIZE
69??? 250-8BITMIME
70??? 250-PIPELINING
71??? 250-STARTTLS
72??? 250 HELP
59371ea7 73starttls
5f5708ef
JH
74??? 220 TLS go ahead
75nop
76???*
59371ea7 77****
5f5708ef
JH
78# ensure sequence of log TLS error line
79killdaemon
80sleep 1
81exim -DSERVER=server -bd -oX PORT_D
82****
83#
84#
cbe4bbb2
JH
85# Server asks for a client cert, and one is given which is verifiable by the server
86client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
59371ea7
PH
87??? 220
88ehlo rhu.barb
89??? 250-
90??? 250-
91??? 250-
92??? 250-
5b456975 93??? 250-
59371ea7
PH
94??? 250
95starttls
96??? 220
97mail from:<CALLER@test.ex>
98??? 250
99rcpt to:<CALLER@test.ex>
100??? 250
101DATA
102??? 3
103This is a test encrypted message from a verified host.
104.
105??? 250
106quit
107??? 221
108****
ba86e143
JH
109#
110#
111# A client that only talks RSA.
112#
113# We have to specify the key-exchange as well as the authentication, otherwise,
114# the GnuTLS server side being foolish - it picks an ECDSA cipher-suite and then can't use it :(
115# Possibly fixed in 3.6.x ?
cbe4bbb2 116client-gnutls -p NONE:+SIGN-RSA-SHA256:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
ba86e143
JH
117??? 220
118ehlo rhu.barb
119??? 250-
120??? 250-
121??? 250-
122??? 250-
123??? 250-
124??? 250
125starttls
126??? 220
127mail from:<CALLER@test.ex>
128??? 250
129rcpt to:<CALLER@test.ex>
130??? 250
131DATA
132??? 3
133This is a test encrypted message.
134It should be sent under the RSA server cert and with an RSA cipher.
135.
136??? 250
137quit
138??? 221
139****
140#
141#
cdf0cd2e 142# Make ECDSA authentication preferred (Older GnuTLS prefers RSA, it seems, Newer, ECDSA).
cbe4bbb2 143client-gnutls -p NONE:+SIGN-ECDSA-SHA512:+VERS-TLS1.2:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
ba86e143
JH
144??? 220
145ehlo rhu.barb
146??? 250-
147??? 250-
148??? 250-
149??? 250-
150??? 250-
151??? 250
152starttls
153??? 220
154mail from:<CALLER@test.ex>
155??? 250
156rcpt to:<CALLER@test.ex>
157??? 250
158DATA
159??? 3
160This is a test encrypted message.
161It should be sent under the EC server cert and with an ECDSA cipher.
162.
163??? 250
164quit
165??? 221
166****
59371ea7 167killdaemon
5f5708ef
JH
168sleep 1
169# clear out the queue
59371ea7
PH
170exim -qf
171****
5f5708ef
JH
172sleep 1
173#
174# STARTTLS used when not advertised
59371ea7
PH
175exim -bh 10.0.0.1
176starttls
177quit
178****