Testsuite: output changes resulting
[exim.git] / test / scripts / 2100-OpenSSL / 2102
CommitLineData
9d1c15ef 1# TLS server: general ops and certificate extractions
176cf342 2#
5dcadbf4
JH
3# NOTE: OpenSSL libraries return faulty my-cert information prior to OpenSSL 1.1.1
4# when more than one cert is loaded, which the conf for this testcase does.
176cf342 5# As a result the expansion done and logged is misleading.
5dcadbf4 6# While the golden log output is set to the misleading result, the testcase
90e30e31
JH
7# would unfortunately fail on the fixed OpenSSL versions. This has been bodged
8# by the addition of log/2102.openssl_1_1_1 and some detection coding in
9# runtest to force a "flavour". This is fragile and bound to break in the future.
176cf342
JH
10#
11# Make RSA authentication the only acceptable
6678a497 12exim -DSERVER=server -DORDER=RSA -bd -oX PORT_D
59371ea7
PH
13****
14client-ssl 127.0.0.1 PORT_D
15??? 220
16ehlo rhu.barb
17??? 250-
18??? 250-
19??? 250-
20??? 250-
5b456975 21??? 250-
59371ea7
PH
22??? 250
23starttls
24??? 220
25mail from:<CALLER@test.ex>
26??? 250
27rcpt to:<CALLER@test.ex>
28??? 250
29DATA
30??? 3
31This is a test encrypted message.
32.
33??? 250
34quit
35??? 221
36****
fd98a5c6
JH
37client-ssl 127.0.0.1 PORT_D
38??? 220
39ehlo rhu.barb
40??? 250-
41??? 250-
42??? 250-
43??? 250-
44??? 250-
45??? 250
46starttls
47??? 220
48mail from:<"name with spaces"@test.ex>
49??? 250
50rcpt to:<CALLER@test.ex>
51??? 250
52DATA
53??? 3
54This is a test encrypted message.
55.
56??? 250
57quit
58??? 221
59****
131c0f8a 60# nonloop addr conn rejected lacking cert
59371ea7
PH
61client-ssl HOSTIPV4 PORT_D
62??? 220
63ehlo rhu.barb
64??? 250-
65??? 250-
66??? 250-
67??? 250-
5b456975 68??? 250-
59371ea7
PH
69??? 250
70starttls
131c0f8a
JH
71??? 220 TLS go ahead
72+++ 1
73help
74??? 554
59371ea7 75****
9d1c15ef 76client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
59371ea7
PH
77??? 220
78ehlo rhu.barb
79??? 250-
80??? 250-
81??? 250-
82??? 250-
5b456975 83??? 250-
59371ea7
PH
84??? 250
85starttls
86??? 220
87mail from:<CALLER@test.ex>
88??? 250
89rcpt to:<CALLER@test.ex>
90??? 250
91DATA
92??? 3
93This is a test encrypted message from a verified host.
94.
95??? 250
96quit
97??? 221
98****
99killdaemon
ba86e143
JH
100#
101# make ECDSA authentication preferred
102# DEFAULT:+RSA should work but does not seem to
5dcadbf4
JH
103# also, will fail under TLS1.3 because there is no choice of auth
104# - so we disable that in the conf
ba86e143
JH
105exim -DSERVER=server -DORDER=ECDSA:RSA:!COMPLEMENTOFDEFAULT -bd -oX PORT_D
106****
107client-ssl 127.0.0.1 PORT_D
108??? 220
109ehlo rhu.barb
110??? 250-
111??? 250-
112??? 250-
113??? 250-
114??? 250-
115??? 250
116starttls
117??? 220
118mail from:<CALLER@test.ex>
119??? 250
120rcpt to:<CALLER@test.ex>
121??? 250
122DATA
123??? 3
124This is a test encrypted message.
125It should be sent under the EC server cert and with an ECDSA cipher.
126.
127??? 250
128quit
129??? 221
130****
131killdaemon
59371ea7
PH
132exim -qf
133****
134exim -bh 10.0.0.1
135starttls
136quit
137****