[exim.git] / test / scripts / 2000-GnuTLS / 2002

# TLS server: general ops and certificate extractions
gnutls
exim -DSERVER=server -bd -oX PORT_D
****
# Have the client prefer RSA (but support ECDSA as well).  That should get us RSA on both older and newer GnuTLS.
client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<"name with spaces"@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
****
client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message from a verified host.
.
??? 250
quit
??? 221
****
#
#
# A client that only talks RSA.
#
# We have to specify the key-exchange as well as the authentication, otherwise,
# the GnuTLS server side being foolish - it picks an ECDSA cipher-suite and then can't use it :(
# Possibly fixed in 3.6.x ? 
client-gnutls -p NONE:+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
It should be sent under the RSA server cert and with an RSA cipher.
.
??? 250
quit
??? 221
****
#
#
# Make ECDSA authentication preferred (Older GnuTLS prefers RSA, it seems, Newer, ECDSA).
client-gnutls -p NONE:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
It should be sent under the EC server cert and with an ECDSA cipher.
.
??? 250
quit
??? 221
****
killdaemon
exim -qf
****
exim -bh 10.0.0.1
starttls
quit
****
Commit	Line	Data
9d1c15ef	1	# TLS server: general ops and certificate extractions
59371ea7 PH	2	gnutls
	3	exim -DSERVER=server -bd -oX PORT_D
	4	****
cdf0cd2e JH	5	# Have the client prefer RSA (but support ECDSA as well). That should get us RSA on both older and newer GnuTLS.
cdf0cd2e JH	6	client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
59371ea7 PH	7	??? 220
	8	ehlo rhu.barb
	9	??? 250-
	10	??? 250-
	11	??? 250-
	12	??? 250-
5b456975	13	??? 250-
59371ea7 PH	14	??? 250
	15	starttls
	16	??? 220
	17	mail from:<CALLER@test.ex>
	18	??? 250
	19	rcpt to:<CALLER@test.ex>
	20	??? 250
	21	DATA
	22	??? 3
	23	This is a test encrypted message.
	24	.
	25	??? 250
	26	quit
	27	??? 221
	28	****
cdf0cd2e	29	client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
fd98a5c6 JH	30	??? 220
	31	ehlo rhu.barb
	32	??? 250-
	33	??? 250-
	34	??? 250-
	35	??? 250-
	36	??? 250-
	37	??? 250
	38	starttls
	39	??? 220
	40	mail from:<"name with spaces"@test.ex>
	41	??? 250
	42	rcpt to:<CALLER@test.ex>
	43	??? 250
	44	DATA
	45	??? 3
	46	This is a test encrypted message.
	47	.
	48	??? 250
	49	quit
	50	??? 221
	51	****
cdf0cd2e	52	client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D
59371ea7 PH	53	??? 220
	54	ehlo rhu.barb
	55	??? 250-
	56	??? 250-
	57	??? 250-
	58	??? 250-
5b456975	59	??? 250-
59371ea7 PH	60	??? 250
	61	starttls
	62	??? 220
	63	****
cdf0cd2e	64	client-gnutls -p NONE:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
59371ea7 PH	65	??? 220
	66	ehlo rhu.barb
	67	??? 250-
	68	??? 250-
	69	??? 250-
	70	??? 250-
5b456975	71	??? 250-
59371ea7 PH	72	??? 250
	73	starttls
	74	??? 220
	75	mail from:<CALLER@test.ex>
	76	??? 250
	77	rcpt to:<CALLER@test.ex>
	78	??? 250
	79	DATA
	80	??? 3
	81	This is a test encrypted message from a verified host.
	82	.
	83	??? 250
	84	quit
	85	??? 221
	86	****
ba86e143 JH	87	#
	88	#
	89	# A client that only talks RSA.
	90	#
	91	# We have to specify the key-exchange as well as the authentication, otherwise,
	92	# the GnuTLS server side being foolish - it picks an ECDSA cipher-suite and then can't use it :(
	93	# Possibly fixed in 3.6.x ?
	94	client-gnutls -p NONE:+SIGN-RSA-SHA256:+VERS-TLS-ALL:+ECDHE-RSA:+DHE-RSA:+RSA:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
	95	??? 220
	96	ehlo rhu.barb
	97	??? 250-
	98	??? 250-
	99	??? 250-
	100	??? 250-
	101	??? 250-
	102	??? 250
	103	starttls
	104	??? 220
	105	mail from:<CALLER@test.ex>
	106	??? 250
	107	rcpt to:<CALLER@test.ex>
	108	??? 250
	109	DATA
	110	??? 3
	111	This is a test encrypted message.
	112	It should be sent under the RSA server cert and with an RSA cipher.
	113	.
	114	??? 250
	115	quit
	116	??? 221
	117	****
	118	#
	119	#
cdf0cd2e	120	# Make ECDSA authentication preferred (Older GnuTLS prefers RSA, it seems, Newer, ECDSA).
ba86e143 JH	121	client-gnutls -p NONE:+SIGN-ECDSA-SHA512:+VERS-TLS-ALL:+KX-ALL:+CIPHER-ALL:+MAC-ALL:+COMP-NULL:+CURVE-ALL:+CTYPE-X509 127.0.0.1 PORT_D
	122	??? 220
	123	ehlo rhu.barb
	124	??? 250-
	125	??? 250-
	126	??? 250-
	127	??? 250-
	128	??? 250-
	129	??? 250
	130	starttls
	131	??? 220
	132	mail from:<CALLER@test.ex>
	133	??? 250
	134	rcpt to:<CALLER@test.ex>
	135	??? 250
	136	DATA
	137	??? 3
	138	This is a test encrypted message.
	139	It should be sent under the EC server cert and with an ECDSA cipher.
	140	.
	141	??? 250
	142	quit
	143	??? 221
	144	****
59371ea7 PH	145	killdaemon
	146	exim -qf
	147	****
	148	exim -bh 10.0.0.1
	149	starttls
	150	quit
	151	****