Commit | Line | Data |
---|---|---|
e326959e JH |
1 | # OCSP stapling, server, multiple chain-element OCSP |
2 | # | |
3 | # | |
4 | # | |
5 | mkdir -p DIR/tmp/ocsp | |
6 | sudo chown -R EXIMUSER:EXIMGROUP tmp | |
7 | sudo chmod -R a+rwx DIR/tmp/ocsp | |
8 | perl | |
9 | chdir 'aux-fixed/exim-ca/example.com'; | |
e326959e JH |
10 | system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem'; |
11 | **** | |
12 | # | |
13 | # | |
14 | exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth' | |
15 | **** | |
16 | # | |
86ede124 | 17 | sudo exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2 |
e326959e JH |
18 | **** |
19 | # | |
20 | exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex | |
21 | Subject: test | |
22 | ||
23 | . | |
24 | **** | |
25 | killdaemon | |
26 | # | |
27 | # | |
28 | exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth' | |
29 | **** | |
30 | # | |
86ede124 | 31 | # Prefix with sudo to get SSLKEYLOGFILE to work. Only works on the server. |
e326959e JH |
32 | exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 |
33 | **** | |
34 | exim -odf -DOPT=rsa rsa.auth@test.ex | |
35 | Subject: test | |
36 | ||
37 | . | |
38 | **** | |
39 | killdaemon | |
40 | # | |
41 | # | |
42 | # | |
43 | exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it' | |
44 | **** | |
45 | # | |
46 | EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad | |
47 | **** | |
48 | exim -odf -DOPT=rsa rsa.auth@test.ex | |
49 | Subject: test | |
50 | ||
51 | . | |
52 | **** | |
53 | killdaemon | |
54 | # | |
55 | # | |
56 | # | |
57 | # | |
58 | sudo rm -fr tmp/ | |
59 | no_msglog_check |