[exim.git] / test / scripts / 2100-OpenSSL / 2102

# TLS server: general ops and certificate extractions
#
# NOTE: OpenSSL libraries return faulty my-cert information prior to OpenSSL 1.1.1
# when more than one cert is loaded, which the conf for this testcase does.
# As a result the expansion done and logged is misleading.
# While the golden log output is set to the misleading result, the testcase
# will unfortunately fail on the fixed OpenSSL versions.
#
# Make RSA authentication the only acceptable
exim -DSERVER=server -DORDER=RSA -bd -oX PORT_D
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<"name with spaces"@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
# nonloop addr conn rejected lacking cert
client-ssl HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220 TLS go ahead
+++ 1
help
??? 554
****
client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message from a verified host.
.
??? 250
quit
??? 221
****
killdaemon
#
# make ECDSA authentication preferred
# DEFAULT:+RSA should work but does not seem to
# also, will fail under TLS1.3 because there is no choice of auth
# - so we disable that in the conf
exim -DSERVER=server -DORDER=ECDSA:RSA:!COMPLEMENTOFDEFAULT -bd -oX PORT_D
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<CALLER@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
It should be sent under the EC server cert and with an ECDSA cipher.
.
??? 250
quit
??? 221
****
killdaemon
exim -qf
****
exim -bh 10.0.0.1
starttls
quit
****
Commit	Line	Data
9d1c15ef	1	# TLS server: general ops and certificate extractions
176cf342	2	#
5dcadbf4 JH	3	# NOTE: OpenSSL libraries return faulty my-cert information prior to OpenSSL 1.1.1
5dcadbf4 JH	4	# when more than one cert is loaded, which the conf for this testcase does.
176cf342	5	# As a result the expansion done and logged is misleading.
5dcadbf4 JH	6	# While the golden log output is set to the misleading result, the testcase
5dcadbf4 JH	7	# will unfortunately fail on the fixed OpenSSL versions.
176cf342 JH	8	#
176cf342 JH	9	# Make RSA authentication the only acceptable
6678a497	10	exim -DSERVER=server -DORDER=RSA -bd -oX PORT_D
59371ea7 PH	11	****
	12	client-ssl 127.0.0.1 PORT_D
	13	??? 220
	14	ehlo rhu.barb
	15	??? 250-
	16	??? 250-
	17	??? 250-
	18	??? 250-
5b456975	19	??? 250-
59371ea7 PH	20	??? 250
	21	starttls
	22	??? 220
	23	mail from:<CALLER@test.ex>
	24	??? 250
	25	rcpt to:<CALLER@test.ex>
	26	??? 250
	27	DATA
	28	??? 3
	29	This is a test encrypted message.
	30	.
	31	??? 250
	32	quit
	33	??? 221
	34	****
fd98a5c6 JH	35	client-ssl 127.0.0.1 PORT_D
	36	??? 220
	37	ehlo rhu.barb
	38	??? 250-
	39	??? 250-
	40	??? 250-
	41	??? 250-
	42	??? 250-
	43	??? 250
	44	starttls
	45	??? 220
	46	mail from:<"name with spaces"@test.ex>
	47	??? 250
	48	rcpt to:<CALLER@test.ex>
	49	??? 250
	50	DATA
	51	??? 3
	52	This is a test encrypted message.
	53	.
	54	??? 250
	55	quit
	56	??? 221
	57	****
131c0f8a	58	# nonloop addr conn rejected lacking cert
59371ea7 PH	59	client-ssl HOSTIPV4 PORT_D
	60	??? 220
	61	ehlo rhu.barb
	62	??? 250-
	63	??? 250-
	64	??? 250-
	65	??? 250-
5b456975	66	??? 250-
59371ea7 PH	67	??? 250
59371ea7 PH	68	starttls
131c0f8a JH	69	??? 220 TLS go ahead
	70	+++ 1
	71	help
	72	??? 554
59371ea7	73	****
9d1c15ef	74	client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
59371ea7 PH	75	??? 220
	76	ehlo rhu.barb
	77	??? 250-
	78	??? 250-
	79	??? 250-
	80	??? 250-
5b456975	81	??? 250-
59371ea7 PH	82	??? 250
	83	starttls
	84	??? 220
	85	mail from:<CALLER@test.ex>
	86	??? 250
	87	rcpt to:<CALLER@test.ex>
	88	??? 250
	89	DATA
	90	??? 3
	91	This is a test encrypted message from a verified host.
	92	.
	93	??? 250
	94	quit
	95	??? 221
	96	****
	97	killdaemon
ba86e143 JH	98	#
	99	# make ECDSA authentication preferred
	100	# DEFAULT:+RSA should work but does not seem to
5dcadbf4 JH	101	# also, will fail under TLS1.3 because there is no choice of auth
5dcadbf4 JH	102	# - so we disable that in the conf
ba86e143 JH	103	exim -DSERVER=server -DORDER=ECDSA:RSA:!COMPLEMENTOFDEFAULT -bd -oX PORT_D
	104	****
	105	client-ssl 127.0.0.1 PORT_D
	106	??? 220
	107	ehlo rhu.barb
	108	??? 250-
	109	??? 250-
	110	??? 250-
	111	??? 250-
	112	??? 250-
	113	??? 250
	114	starttls
	115	??? 220
	116	mail from:<CALLER@test.ex>
	117	??? 250
	118	rcpt to:<CALLER@test.ex>
	119	??? 250
	120	DATA
	121	??? 3
	122	This is a test encrypted message.
	123	It should be sent under the EC server cert and with an ECDSA cipher.
	124	.
	125	??? 250
	126	quit
	127	??? 221
	128	****
	129	killdaemon
59371ea7 PH	130	exim -qf
	131	****
	132	exim -bh 10.0.0.1
	133	starttls
	134	quit
	135	****