Testsuite: handle change in GnuTLS cert preference
[exim.git] / test / scripts / 2000-GnuTLS / 2002
CommitLineData
9d1c15ef 1# TLS server: general ops and certificate extractions
59371ea7
PH
2gnutls
3exim -DSERVER=server -bd -oX PORT_D
4****
cdf0cd2e
JH
5# Have the client prefer RSA (but support ECDSA as well). That should get us RSA on both older and newer GnuTLS.
6client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
59371ea7
PH
7??? 220
8ehlo rhu.barb
9??? 250-
10??? 250-
11??? 250-
12??? 250-
5b456975 13??? 250-
59371ea7
PH
14??? 250
15starttls
16??? 220
17mail from:<CALLER@test.ex>
18??? 250
19rcpt to:<CALLER@test.ex>
20??? 250
21DATA
22??? 3
23This is a test encrypted message.
24.
25??? 250
26quit
27??? 221
28****
cdf0cd2e 29client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
fd98a5c6
JH
30??? 220
31ehlo rhu.barb
32??? 250-
33??? 250-
34??? 250-
35??? 250-
36??? 250-
37??? 250
38starttls
39??? 220
40mail from:<"name with spaces"@test.ex>
41??? 250
42rcpt to:<CALLER@test.ex>
43??? 250
44DATA
45??? 3
46This is a test encrypted message.
47.
48??? 250
49quit
50??? 221
51****
cdf0cd2e 52client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D
59371ea7
PH
53??? 220
54ehlo rhu.barb
55??? 250-
56??? 250-
57??? 250-
58??? 250-
5b456975 59??? 250-
59371ea7
PH
60??? 250
61starttls
62??? 220
63****
cdf0cd2e 64client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
59371ea7
PH
65??? 220
66ehlo rhu.barb
67??? 250-
68??? 250-
69??? 250-
70??? 250-
5b456975 71??? 250-
59371ea7
PH
72??? 250
73starttls
74??? 220
75mail from:<CALLER@test.ex>
76??? 250
77rcpt to:<CALLER@test.ex>
78??? 250
79DATA
80??? 3
81This is a test encrypted message from a verified host.
82.
83??? 250
84quit
85??? 221
86****
ba86e143
JH
87#
88#
89# A client that only talks RSA.
90#
91# We have to specify the key-exchange as well as the authentication, otherwise,
92# the GnuTLS server side being foolish - it picks an ECDSA cipher-suite and then can't use it :(
93# Possibly fixed in 3.6.x ?
94client-gnutls -p NONE:+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
95??? 220
96ehlo rhu.barb
97??? 250-
98??? 250-
99??? 250-
100??? 250-
101??? 250-
102??? 250
103starttls
104??? 220
105mail from:<CALLER@test.ex>
106??? 250
107rcpt to:<CALLER@test.ex>
108??? 250
109DATA
110??? 3
111This is a test encrypted message.
112It should be sent under the RSA server cert and with an RSA cipher.
113.
114??? 250
115quit
116??? 221
117****
118#
119#
cdf0cd2e 120# Make ECDSA authentication preferred (Older GnuTLS prefers RSA, it seems, Newer, ECDSA).
ba86e143
JH
121client-gnutls -p NONE:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
122??? 220
123ehlo rhu.barb
124??? 250-
125??? 250-
126??? 250-
127??? 250-
128??? 250-
129??? 250
130starttls
131??? 220
132mail from:<CALLER@test.ex>
133??? 250
134rcpt to:<CALLER@test.ex>
135??? 250
136DATA
137??? 3
138This is a test encrypted message.
139It should be sent under the EC server cert and with an ECDSA cipher.
140.
141??? 250
142quit
143??? 221
144****
59371ea7
PH
145killdaemon
146exim -qf
147****
148exim -bh 10.0.0.1
149starttls
150quit
151****