Commit | Line | Data |
---|---|---|
59371ea7 PH |
1 | # TLS server: mandatory, optional, and revoked certificates |
2 | exim -DSERVER=server -bd -oX PORT_D | |
3 | **** | |
dc9c8f8b | 4 | ### No certificate, certificate required |
fd3cf789 | 5 | client-ssl -t2 HOSTIPV4 PORT_D |
59371ea7 PH |
6 | ??? 220 |
7 | ehlo rhu.barb | |
8 | ??? 250- | |
9 | ??? 250- | |
10 | ??? 250- | |
11 | ??? 250- | |
5b456975 | 12 | ??? 250- |
59371ea7 PH |
13 | ??? 250 |
14 | starttls | |
15 | ??? 220 | |
ce80533b | 16 | noop |
fd3cf789 JH |
17 | ????554 Security failure |
18 | noop | |
ce80533b JH |
19 | ??? 554 Security failure |
20 | quit | |
21 | ????554 Security failure | |
fd3cf789 | 22 | ????221 |
ce80533b | 23 | ???* |
59371ea7 | 24 | **** |
dc9c8f8b | 25 | ### No certificate, certificate optional at TLS time, required by ACL |
59371ea7 PH |
26 | client-ssl 127.0.0.1 PORT_D |
27 | ??? 220 | |
28 | ehlo rhu.barb | |
29 | ??? 250- | |
30 | ??? 250- | |
31 | ??? 250- | |
32 | ??? 250- | |
5b456975 | 33 | ??? 250- |
59371ea7 PH |
34 | ??? 250 |
35 | starttls | |
36 | ??? 220 | |
37 | helo rhu.barb | |
38 | ??? 250 | |
39 | mail from:<userx@test.ex> | |
40 | ??? 250 | |
41 | rcpt to:<userx@test.ex> | |
42 | ??? 550 | |
43 | quit | |
44 | ??? 221 | |
45 | **** | |
dc9c8f8b JH |
46 | ### Good certificate, certificate required |
47 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
48 | ??? 220 |
49 | ehlo rhu.barb | |
50 | ??? 250- | |
51 | ??? 250- | |
52 | ??? 250- | |
53 | ??? 250- | |
5b456975 | 54 | ??? 250- |
59371ea7 PH |
55 | ??? 250 |
56 | starttls | |
57 | ??? 220 | |
58 | mail from:<userx@test.ex> | |
59 | ??? 250 | |
60 | rcpt to:<userx@test.ex> | |
61 | ??? 250 | |
62 | quit | |
63 | ??? 221 | |
64 | **** | |
dc9c8f8b JH |
65 | ### Good certificate, certificate optional at TLS time, checked by ACL |
66 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
67 | ??? 220 |
68 | ehlo rhu.barb | |
69 | ??? 250- | |
70 | ??? 250- | |
71 | ??? 250- | |
72 | ??? 250- | |
5b456975 | 73 | ??? 250- |
59371ea7 PH |
74 | ??? 250 |
75 | starttls | |
76 | ??? 220 | |
77 | mail from:<userx@test.ex> | |
78 | ??? 250 | |
79 | rcpt to:<userx@test.ex> | |
80 | ??? 250 | |
81 | quit | |
82 | ??? 221 | |
83 | **** | |
dc9c8f8b JH |
84 | ### Bad certificate, certificate required |
85 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
86 | ??? 220 |
87 | ehlo rhu.barb | |
88 | ??? 250- | |
89 | ??? 250- | |
90 | ??? 250- | |
91 | ??? 250- | |
5b456975 | 92 | ??? 250- |
59371ea7 PH |
93 | ??? 250 |
94 | starttls | |
95 | ??? 220 | |
ce80533b | 96 | noop |
fd3cf789 JH |
97 | ????554 Security failure |
98 | noop | |
ce80533b | 99 | ??? 554 Security failure |
59371ea7 | 100 | **** |
dc9c8f8b JH |
101 | ### Bad certificate, certificate optional at TLS time, reject at ACL time |
102 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
103 | ??? 220 |
104 | ehlo rhu.barb | |
105 | ??? 250- | |
106 | ??? 250- | |
107 | ??? 250- | |
108 | ??? 250- | |
5b456975 | 109 | ??? 250- |
59371ea7 PH |
110 | ??? 250 |
111 | starttls | |
112 | ??? 220 | |
113 | mail from:<userx@test.ex> | |
114 | ??? 250 | |
115 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
116 | ??? 550 |
117 | quit | |
118 | ??? 221 | |
119 | **** | |
120 | killdaemon | |
dc9c8f8b JH |
121 | # |
122 | # | |
123 | # | |
124 | # | |
125 | exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D | |
59371ea7 | 126 | **** |
dc9c8f8b JH |
127 | ### Otherwise good but revoked certificate, certificate required |
128 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
129 | ??? 220 |
130 | ehlo rhu.barb | |
131 | ??? 250- | |
132 | ??? 250- | |
133 | ??? 250- | |
134 | ??? 250- | |
5b456975 | 135 | ??? 250- |
59371ea7 PH |
136 | ??? 250 |
137 | starttls | |
138 | ??? 220 | |
ce80533b | 139 | noop |
fd3cf789 JH |
140 | ????554 Security failure |
141 | noop | |
ce80533b | 142 | ??? 554 Security failure |
59371ea7 | 143 | **** |
dc9c8f8b JH |
144 | ### Revoked certificate, certificate optional at TLS time, reject at ACL time |
145 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
146 | ??? 220 |
147 | ehlo rhu.barb | |
148 | ??? 250- | |
149 | ??? 250- | |
150 | ??? 250- | |
151 | ??? 250- | |
5b456975 | 152 | ??? 250- |
59371ea7 PH |
153 | ??? 250 |
154 | starttls | |
155 | ??? 220 | |
156 | mail from:<userx@test.ex> | |
157 | ??? 250 | |
158 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
159 | ??? 550 |
160 | quit | |
161 | ??? 221 | |
162 | **** | |
dc9c8f8b JH |
163 | ### Good certificate, certificate required - but nonmatching CRL also present |
164 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
165 | ??? 220 | |
166 | ehlo rhu.barb | |
167 | ??? 250- | |
168 | ??? 250- | |
169 | ??? 250- | |
170 | ??? 250- | |
171 | ??? 250- | |
172 | ??? 250 | |
173 | starttls | |
174 | ??? 220 | |
175 | mail from:<userx@test.ex> | |
176 | ??? 250 | |
177 | rcpt to:<userx@test.ex> | |
178 | ??? 250 | |
179 | quit | |
180 | ??? 221 | |
181 | **** | |
59371ea7 | 182 | killdaemon |