[exim.git] / test / scripts / 2100-OpenSSL / 2114

# TLS server: mandatory, optional, and revoked certificates
exim -DSERVER=server -bd -oX PORT_D
****
### No certificate, certificate required
client-ssl -t2 HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
noop
????554 Security failure
noop
??? 554 Security failure
quit
????554 Security failure
????221
???*
****
### No certificate, certificate optional at TLS time, required by ACL
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
helo rhu.barb
??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 550
quit
??? 221
****
### Good certificate, certificate required
client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
quit
??? 221
****
### Good certificate, certificate optional at TLS time, checked by ACL
client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
quit
??? 221
****
### Bad certificate, certificate required
client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
noop
????554 Security failure
noop
??? 554 Security failure
****
### Bad certificate, certificate optional at TLS time, reject at ACL time
client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 550
quit
??? 221
****
killdaemon
#
#
#
#
exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
****
### Otherwise good but revoked certificate, certificate required
client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
noop
????554 Security failure
noop
??? 554 Security failure
****
### Revoked certificate, certificate optional at TLS time, reject at ACL time
client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 550
quit
??? 221
****
### Good certificate, certificate required - but nonmatching CRL also present
client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
quit
??? 221
****
killdaemon
Commit	Line	Data
59371ea7 PH	1	# TLS server: mandatory, optional, and revoked certificates
	2	exim -DSERVER=server -bd -oX PORT_D
	3	****
dc9c8f8b	4	### No certificate, certificate required
fd3cf789	5	client-ssl -t2 HOSTIPV4 PORT_D
59371ea7 PH	6	??? 220
	7	ehlo rhu.barb
	8	??? 250-
	9	??? 250-
	10	??? 250-
	11	??? 250-
5b456975	12	??? 250-
59371ea7 PH	13	??? 250
	14	starttls
	15	??? 220
ce80533b	16	noop
fd3cf789 JH	17	????554 Security failure
fd3cf789 JH	18	noop
ce80533b JH	19	??? 554 Security failure
	20	quit
	21	????554 Security failure
fd3cf789	22	????221
ce80533b	23	???*
59371ea7	24	****
dc9c8f8b	25	### No certificate, certificate optional at TLS time, required by ACL
59371ea7 PH	26	client-ssl 127.0.0.1 PORT_D
	27	??? 220
	28	ehlo rhu.barb
	29	??? 250-
	30	??? 250-
	31	??? 250-
	32	??? 250-
5b456975	33	??? 250-
59371ea7 PH	34	??? 250
	35	starttls
	36	??? 220
	37	helo rhu.barb
	38	??? 250
	39	mail from:<userx@test.ex>
	40	??? 250
	41	rcpt to:<userx@test.ex>
	42	??? 550
	43	quit
	44	??? 221
	45	****
dc9c8f8b JH	46	### Good certificate, certificate required
dc9c8f8b JH	47	client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
59371ea7 PH	48	??? 220
	49	ehlo rhu.barb
	50	??? 250-
	51	??? 250-
	52	??? 250-
	53	??? 250-
5b456975	54	??? 250-
59371ea7 PH	55	??? 250
	56	starttls
	57	??? 220
	58	mail from:<userx@test.ex>
	59	??? 250
	60	rcpt to:<userx@test.ex>
	61	??? 250
	62	quit
	63	??? 221
	64	****
dc9c8f8b JH	65	### Good certificate, certificate optional at TLS time, checked by ACL
dc9c8f8b JH	66	client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
59371ea7 PH	67	??? 220
	68	ehlo rhu.barb
	69	??? 250-
	70	??? 250-
	71	??? 250-
	72	??? 250-
5b456975	73	??? 250-
59371ea7 PH	74	??? 250
	75	starttls
	76	??? 220
	77	mail from:<userx@test.ex>
	78	??? 250
	79	rcpt to:<userx@test.ex>
	80	??? 250
	81	quit
	82	??? 221
	83	****
dc9c8f8b JH	84	### Bad certificate, certificate required
dc9c8f8b JH	85	client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
59371ea7 PH	86	??? 220
	87	ehlo rhu.barb
	88	??? 250-
	89	??? 250-
	90	??? 250-
	91	??? 250-
5b456975	92	??? 250-
59371ea7 PH	93	??? 250
	94	starttls
	95	??? 220
ce80533b	96	noop
fd3cf789 JH	97	????554 Security failure
fd3cf789 JH	98	noop
ce80533b	99	??? 554 Security failure
59371ea7	100	****
dc9c8f8b JH	101	### Bad certificate, certificate optional at TLS time, reject at ACL time
dc9c8f8b JH	102	client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
59371ea7 PH	103	??? 220
	104	ehlo rhu.barb
	105	??? 250-
	106	??? 250-
	107	??? 250-
	108	??? 250-
5b456975	109	??? 250-
59371ea7 PH	110	??? 250
	111	starttls
	112	??? 220
	113	mail from:<userx@test.ex>
	114	??? 250
	115	rcpt to:<userx@test.ex>
59371ea7 PH	116	??? 550
	117	quit
	118	??? 221
	119	****
	120	killdaemon
dc9c8f8b JH	121	#
	122	#
	123	#
	124	#
	125	exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
59371ea7	126	****
dc9c8f8b JH	127	### Otherwise good but revoked certificate, certificate required
dc9c8f8b JH	128	client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
59371ea7 PH	129	??? 220
	130	ehlo rhu.barb
	131	??? 250-
	132	??? 250-
	133	??? 250-
	134	??? 250-
5b456975	135	??? 250-
59371ea7 PH	136	??? 250
	137	starttls
	138	??? 220
ce80533b	139	noop
fd3cf789 JH	140	????554 Security failure
fd3cf789 JH	141	noop
ce80533b	142	??? 554 Security failure
59371ea7	143	****
dc9c8f8b JH	144	### Revoked certificate, certificate optional at TLS time, reject at ACL time
dc9c8f8b JH	145	client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
59371ea7 PH	146	??? 220
	147	ehlo rhu.barb
	148	??? 250-
	149	??? 250-
	150	??? 250-
	151	??? 250-
5b456975	152	??? 250-
59371ea7 PH	153	??? 250
	154	starttls
	155	??? 220
	156	mail from:<userx@test.ex>
	157	??? 250
	158	rcpt to:<userx@test.ex>
59371ea7 PH	159	??? 550
	160	quit
	161	??? 221
	162	****
dc9c8f8b JH	163	### Good certificate, certificate required - but nonmatching CRL also present
	164	client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
	165	??? 220
	166	ehlo rhu.barb
	167	??? 250-
	168	??? 250-
	169	??? 250-
	170	??? 250-
	171	??? 250-
	172	??? 250
	173	starttls
	174	??? 220
	175	mail from:<userx@test.ex>
	176	??? 250
	177	rcpt to:<userx@test.ex>
	178	??? 250
	179	quit
	180	??? 221
	181	****
59371ea7	182	killdaemon