Commit | Line | Data |
---|---|---|
9d1c15ef | 1 | # TLS server: general ops and certificate extractions |
176cf342 | 2 | # |
5dcadbf4 JH |
3 | # NOTE: OpenSSL libraries return faulty my-cert information prior to OpenSSL 1.1.1 |
4 | # when more than one cert is loaded, which the conf for this testcase does. | |
176cf342 | 5 | # As a result the expansion done and logged is misleading. |
5dcadbf4 | 6 | # While the golden log output is set to the misleading result, the testcase |
90e30e31 JH |
7 | # would unfortunately fail on the fixed OpenSSL versions. This has been bodged |
8 | # by the addition of log/2102.openssl_1_1_1 and some detection coding in | |
9 | # runtest to force a "flavour". This is fragile and bound to break in the future. | |
176cf342 JH |
10 | # |
11 | # Make RSA authentication the only acceptable | |
6678a497 | 12 | exim -DSERVER=server -DORDER=RSA -bd -oX PORT_D |
59371ea7 PH |
13 | **** |
14 | client-ssl 127.0.0.1 PORT_D | |
15 | ??? 220 | |
16 | ehlo rhu.barb | |
17 | ??? 250- | |
18 | ??? 250- | |
19 | ??? 250- | |
20 | ??? 250- | |
5b456975 | 21 | ??? 250- |
59371ea7 PH |
22 | ??? 250 |
23 | starttls | |
24 | ??? 220 | |
25 | mail from:<CALLER@test.ex> | |
26 | ??? 250 | |
27 | rcpt to:<CALLER@test.ex> | |
28 | ??? 250 | |
29 | DATA | |
30 | ??? 3 | |
31 | This is a test encrypted message. | |
32 | . | |
33 | ??? 250 | |
34 | quit | |
35 | ??? 221 | |
36 | **** | |
fd98a5c6 JH |
37 | client-ssl 127.0.0.1 PORT_D |
38 | ??? 220 | |
39 | ehlo rhu.barb | |
40 | ??? 250- | |
41 | ??? 250- | |
42 | ??? 250- | |
43 | ??? 250- | |
44 | ??? 250- | |
45 | ??? 250 | |
46 | starttls | |
47 | ??? 220 | |
48 | mail from:<"name with spaces"@test.ex> | |
49 | ??? 250 | |
50 | rcpt to:<CALLER@test.ex> | |
51 | ??? 250 | |
52 | DATA | |
53 | ??? 3 | |
54 | This is a test encrypted message. | |
55 | . | |
56 | ??? 250 | |
57 | quit | |
58 | ??? 221 | |
59 | **** | |
131c0f8a | 60 | # nonloop addr conn rejected lacking cert |
59371ea7 PH |
61 | client-ssl HOSTIPV4 PORT_D |
62 | ??? 220 | |
63 | ehlo rhu.barb | |
64 | ??? 250- | |
65 | ??? 250- | |
66 | ??? 250- | |
67 | ??? 250- | |
5b456975 | 68 | ??? 250- |
59371ea7 PH |
69 | ??? 250 |
70 | starttls | |
131c0f8a JH |
71 | ??? 220 TLS go ahead |
72 | +++ 1 | |
73 | help | |
74 | ??? 554 | |
59371ea7 | 75 | **** |
9d1c15ef | 76 | client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key |
59371ea7 PH |
77 | ??? 220 |
78 | ehlo rhu.barb | |
79 | ??? 250- | |
80 | ??? 250- | |
81 | ??? 250- | |
82 | ??? 250- | |
5b456975 | 83 | ??? 250- |
59371ea7 PH |
84 | ??? 250 |
85 | starttls | |
86 | ??? 220 | |
87 | mail from:<CALLER@test.ex> | |
88 | ??? 250 | |
89 | rcpt to:<CALLER@test.ex> | |
90 | ??? 250 | |
91 | DATA | |
92 | ??? 3 | |
93 | This is a test encrypted message from a verified host. | |
94 | . | |
95 | ??? 250 | |
96 | quit | |
97 | ??? 221 | |
98 | **** | |
99 | killdaemon | |
ba86e143 JH |
100 | # |
101 | # make ECDSA authentication preferred | |
102 | # DEFAULT:+RSA should work but does not seem to | |
5dcadbf4 JH |
103 | # also, will fail under TLS1.3 because there is no choice of auth |
104 | # - so we disable that in the conf | |
ba86e143 JH |
105 | exim -DSERVER=server -DORDER=ECDSA:RSA:!COMPLEMENTOFDEFAULT -bd -oX PORT_D |
106 | **** | |
107 | client-ssl 127.0.0.1 PORT_D | |
108 | ??? 220 | |
109 | ehlo rhu.barb | |
110 | ??? 250- | |
111 | ??? 250- | |
112 | ??? 250- | |
113 | ??? 250- | |
114 | ??? 250- | |
115 | ??? 250 | |
116 | starttls | |
117 | ??? 220 | |
118 | mail from:<CALLER@test.ex> | |
119 | ??? 250 | |
120 | rcpt to:<CALLER@test.ex> | |
121 | ??? 250 | |
122 | DATA | |
123 | ??? 3 | |
124 | This is a test encrypted message. | |
125 | It should be sent under the EC server cert and with an ECDSA cipher. | |
126 | . | |
127 | ??? 250 | |
128 | quit | |
129 | ??? 221 | |
130 | **** | |
131 | killdaemon | |
59371ea7 PH |
132 | exim -qf |
133 | **** | |
134 | exim -bh 10.0.0.1 | |
135 | starttls | |
136 | quit | |
137 | **** |