Commit | Line | Data |
---|---|---|
59371ea7 PH |
1 | # TLS server: mandatory, optional, and revoked certificates |
2 | exim -DSERVER=server -bd -oX PORT_D | |
3 | **** | |
dc9c8f8b | 4 | ### No certificate, certificate required |
59371ea7 PH |
5 | client-ssl HOSTIPV4 PORT_D |
6 | ??? 220 | |
7 | ehlo rhu.barb | |
8 | ??? 250- | |
9 | ??? 250- | |
10 | ??? 250- | |
11 | ??? 250- | |
5b456975 | 12 | ??? 250- |
59371ea7 PH |
13 | ??? 250 |
14 | starttls | |
15 | ??? 220 | |
ce80533b JH |
16 | noop |
17 | ??? 554 Security failure | |
18 | quit | |
19 | ????554 Security failure | |
20 | ??? 221 | |
21 | ???* | |
59371ea7 | 22 | **** |
dc9c8f8b | 23 | ### No certificate, certificate optional at TLS time, required by ACL |
59371ea7 PH |
24 | client-ssl 127.0.0.1 PORT_D |
25 | ??? 220 | |
26 | ehlo rhu.barb | |
27 | ??? 250- | |
28 | ??? 250- | |
29 | ??? 250- | |
30 | ??? 250- | |
5b456975 | 31 | ??? 250- |
59371ea7 PH |
32 | ??? 250 |
33 | starttls | |
34 | ??? 220 | |
35 | helo rhu.barb | |
36 | ??? 250 | |
37 | mail from:<userx@test.ex> | |
38 | ??? 250 | |
39 | rcpt to:<userx@test.ex> | |
40 | ??? 550 | |
41 | quit | |
42 | ??? 221 | |
43 | **** | |
dc9c8f8b JH |
44 | ### Good certificate, certificate required |
45 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
46 | ??? 220 |
47 | ehlo rhu.barb | |
48 | ??? 250- | |
49 | ??? 250- | |
50 | ??? 250- | |
51 | ??? 250- | |
5b456975 | 52 | ??? 250- |
59371ea7 PH |
53 | ??? 250 |
54 | starttls | |
55 | ??? 220 | |
56 | mail from:<userx@test.ex> | |
57 | ??? 250 | |
58 | rcpt to:<userx@test.ex> | |
59 | ??? 250 | |
60 | quit | |
61 | ??? 221 | |
62 | **** | |
dc9c8f8b JH |
63 | ### Good certificate, certificate optional at TLS time, checked by ACL |
64 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
59371ea7 PH |
65 | ??? 220 |
66 | ehlo rhu.barb | |
67 | ??? 250- | |
68 | ??? 250- | |
69 | ??? 250- | |
70 | ??? 250- | |
5b456975 | 71 | ??? 250- |
59371ea7 PH |
72 | ??? 250 |
73 | starttls | |
74 | ??? 220 | |
75 | mail from:<userx@test.ex> | |
76 | ??? 250 | |
77 | rcpt to:<userx@test.ex> | |
78 | ??? 250 | |
79 | quit | |
80 | ??? 221 | |
81 | **** | |
dc9c8f8b JH |
82 | ### Bad certificate, certificate required |
83 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
84 | ??? 220 |
85 | ehlo rhu.barb | |
86 | ??? 250- | |
87 | ??? 250- | |
88 | ??? 250- | |
89 | ??? 250- | |
5b456975 | 90 | ??? 250- |
59371ea7 PH |
91 | ??? 250 |
92 | starttls | |
93 | ??? 220 | |
ce80533b JH |
94 | noop |
95 | ??? 554 Security failure | |
59371ea7 | 96 | **** |
dc9c8f8b JH |
97 | ### Bad certificate, certificate optional at TLS time, reject at ACL time |
98 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
59371ea7 PH |
99 | ??? 220 |
100 | ehlo rhu.barb | |
101 | ??? 250- | |
102 | ??? 250- | |
103 | ??? 250- | |
104 | ??? 250- | |
5b456975 | 105 | ??? 250- |
59371ea7 PH |
106 | ??? 250 |
107 | starttls | |
108 | ??? 220 | |
109 | mail from:<userx@test.ex> | |
110 | ??? 250 | |
111 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
112 | ??? 550 |
113 | quit | |
114 | ??? 221 | |
115 | **** | |
116 | killdaemon | |
dc9c8f8b JH |
117 | # |
118 | # | |
119 | # | |
120 | # | |
121 | exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D | |
59371ea7 | 122 | **** |
dc9c8f8b JH |
123 | ### Otherwise good but revoked certificate, certificate required |
124 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
125 | ??? 220 |
126 | ehlo rhu.barb | |
127 | ??? 250- | |
128 | ??? 250- | |
129 | ??? 250- | |
130 | ??? 250- | |
5b456975 | 131 | ??? 250- |
59371ea7 PH |
132 | ??? 250 |
133 | starttls | |
134 | ??? 220 | |
ce80533b JH |
135 | noop |
136 | ??? 554 Security failure | |
59371ea7 | 137 | **** |
dc9c8f8b JH |
138 | ### Revoked certificate, certificate optional at TLS time, reject at ACL time |
139 | client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
59371ea7 PH |
140 | ??? 220 |
141 | ehlo rhu.barb | |
142 | ??? 250- | |
143 | ??? 250- | |
144 | ??? 250- | |
145 | ??? 250- | |
5b456975 | 146 | ??? 250- |
59371ea7 PH |
147 | ??? 250 |
148 | starttls | |
149 | ??? 220 | |
150 | mail from:<userx@test.ex> | |
151 | ??? 250 | |
152 | rcpt to:<userx@test.ex> | |
59371ea7 PH |
153 | ??? 550 |
154 | quit | |
155 | ??? 221 | |
156 | **** | |
dc9c8f8b JH |
157 | ### Good certificate, certificate required - but nonmatching CRL also present |
158 | client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
159 | ??? 220 | |
160 | ehlo rhu.barb | |
161 | ??? 250- | |
162 | ??? 250- | |
163 | ??? 250- | |
164 | ??? 250- | |
165 | ??? 250- | |
166 | ??? 250 | |
167 | starttls | |
168 | ??? 220 | |
169 | mail from:<userx@test.ex> | |
170 | ??? 250 | |
171 | rcpt to:<userx@test.ex> | |
172 | ??? 250 | |
173 | quit | |
174 | ??? 221 | |
175 | **** | |
59371ea7 | 176 | killdaemon |