Commit | Line | Data |
---|---|---|
dc9c8f8b | 1 | ### No certificate, certificate required |
54c5ebb1 PH |
2 | Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected |
3 | ??? 220 | |
4 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
5 | >>> ehlo rhu.barb | |
6 | ??? 250- | |
7 | <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] | |
8 | ??? 250- | |
9 | <<< 250-SIZE 52428800 | |
10 | ??? 250- | |
5b456975 JH |
11 | <<< 250-8BITMIME |
12 | ??? 250- | |
54c5ebb1 PH |
13 | <<< 250-PIPELINING |
14 | ??? 250- | |
15 | <<< 250-STARTTLS | |
16 | ??? 250 | |
17 | <<< 250 HELP | |
18 | >>> starttls | |
19 | ??? 220 | |
20 | <<< 220 TLS go ahead | |
21 | Attempting to start TLS | |
12373afb | 22 | pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:[...]:SSL alert number 40 |
54c5ebb1 | 23 | Failed to start TLS |
ce80533b | 24 | >>> noop |
90788405 JH |
25 | ????554 Security failure |
26 | >>> noop | |
ce80533b JH |
27 | ??? 554 Security failure |
28 | <<< 554 Security failure | |
29 | >>> quit | |
30 | ????554 Security failure | |
90788405 | 31 | ????221 |
ce80533b JH |
32 | ???* |
33 | Expected EOF read | |
54c5ebb1 | 34 | End of script |
dc9c8f8b | 35 | ### No certificate, certificate optional at TLS time, required by ACL |
54c5ebb1 PH |
36 | Connecting to 127.0.0.1 port 1225 ... connected |
37 | ??? 220 | |
38 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
39 | >>> ehlo rhu.barb | |
40 | ??? 250- | |
41 | <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] | |
42 | ??? 250- | |
43 | <<< 250-SIZE 52428800 | |
44 | ??? 250- | |
5b456975 JH |
45 | <<< 250-8BITMIME |
46 | ??? 250- | |
54c5ebb1 PH |
47 | <<< 250-PIPELINING |
48 | ??? 250- | |
49 | <<< 250-STARTTLS | |
50 | ??? 250 | |
51 | <<< 250 HELP | |
52 | >>> starttls | |
53 | ??? 220 | |
54 | <<< 220 TLS go ahead | |
55 | Attempting to start TLS | |
ce25e298 | 56 | SSL connection using ke-RSA-AES256-SHA |
54c5ebb1 PH |
57 | Succeeded in starting TLS |
58 | >>> helo rhu.barb | |
59 | ??? 250 | |
60 | <<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1] | |
61 | >>> mail from:<userx@test.ex> | |
62 | ??? 250 | |
63 | <<< 250 OK | |
64 | >>> rcpt to:<userx@test.ex> | |
65 | ??? 550 | |
66 | <<< 550 certificate not verified: peerdn= | |
67 | >>> quit | |
68 | ??? 221 | |
69 | <<< 221 myhost.test.ex closing connection | |
70 | End of script | |
dc9c8f8b | 71 | ### Good certificate, certificate required |
54c5ebb1 | 72 | Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected |
dc9c8f8b JH |
73 | Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem |
74 | Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
54c5ebb1 PH |
75 | ??? 220 |
76 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
77 | >>> ehlo rhu.barb | |
78 | ??? 250- | |
79 | <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] | |
80 | ??? 250- | |
81 | <<< 250-SIZE 52428800 | |
82 | ??? 250- | |
5b456975 JH |
83 | <<< 250-8BITMIME |
84 | ??? 250- | |
54c5ebb1 PH |
85 | <<< 250-PIPELINING |
86 | ??? 250- | |
87 | <<< 250-STARTTLS | |
88 | ??? 250 | |
89 | <<< 250 HELP | |
90 | >>> starttls | |
91 | ??? 220 | |
92 | <<< 220 TLS go ahead | |
93 | Attempting to start TLS | |
ce25e298 | 94 | SSL connection using ke-RSA-AES256-SHA |
54c5ebb1 PH |
95 | Succeeded in starting TLS |
96 | >>> mail from:<userx@test.ex> | |
97 | ??? 250 | |
98 | <<< 250 OK | |
99 | >>> rcpt to:<userx@test.ex> | |
100 | ??? 250 | |
101 | <<< 250 Accepted | |
102 | >>> quit | |
103 | ??? 221 | |
104 | <<< 221 myhost.test.ex closing connection | |
105 | End of script | |
dc9c8f8b | 106 | ### Good certificate, certificate optional at TLS time, checked by ACL |
54c5ebb1 | 107 | Connecting to 127.0.0.1 port 1225 ... connected |
dc9c8f8b JH |
108 | Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem |
109 | Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
54c5ebb1 PH |
110 | ??? 220 |
111 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
112 | >>> ehlo rhu.barb | |
113 | ??? 250- | |
114 | <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] | |
115 | ??? 250- | |
116 | <<< 250-SIZE 52428800 | |
117 | ??? 250- | |
5b456975 JH |
118 | <<< 250-8BITMIME |
119 | ??? 250- | |
54c5ebb1 PH |
120 | <<< 250-PIPELINING |
121 | ??? 250- | |
122 | <<< 250-STARTTLS | |
123 | ??? 250 | |
124 | <<< 250 HELP | |
125 | >>> starttls | |
126 | ??? 220 | |
127 | <<< 220 TLS go ahead | |
128 | Attempting to start TLS | |
ce25e298 | 129 | SSL connection using ke-RSA-AES256-SHA |
54c5ebb1 PH |
130 | Succeeded in starting TLS |
131 | >>> mail from:<userx@test.ex> | |
132 | ??? 250 | |
133 | <<< 250 OK | |
134 | >>> rcpt to:<userx@test.ex> | |
135 | ??? 250 | |
136 | <<< 250 Accepted | |
137 | >>> quit | |
138 | ??? 221 | |
139 | <<< 221 myhost.test.ex closing connection | |
140 | End of script | |
dc9c8f8b | 141 | ### Bad certificate, certificate required |
54c5ebb1 | 142 | Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected |
dc9c8f8b JH |
143 | Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem |
144 | Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
54c5ebb1 PH |
145 | ??? 220 |
146 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
147 | >>> ehlo rhu.barb | |
148 | ??? 250- | |
149 | <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] | |
150 | ??? 250- | |
151 | <<< 250-SIZE 52428800 | |
152 | ??? 250- | |
5b456975 JH |
153 | <<< 250-8BITMIME |
154 | ??? 250- | |
54c5ebb1 PH |
155 | <<< 250-PIPELINING |
156 | ??? 250- | |
157 | <<< 250-STARTTLS | |
158 | ??? 250 | |
159 | <<< 250 HELP | |
160 | >>> starttls | |
161 | ??? 220 | |
162 | <<< 220 TLS go ahead | |
163 | Attempting to start TLS | |
12373afb | 164 | pppp:error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:[...]:SSL alert number 48 |
54c5ebb1 | 165 | Failed to start TLS |
ce80533b | 166 | >>> noop |
90788405 JH |
167 | ????554 Security failure |
168 | >>> noop | |
ce80533b JH |
169 | ??? 554 Security failure |
170 | <<< 554 Security failure | |
54c5ebb1 | 171 | End of script |
dc9c8f8b | 172 | ### Bad certificate, certificate optional at TLS time, reject at ACL time |
54c5ebb1 | 173 | Connecting to 127.0.0.1 port 1225 ... connected |
dc9c8f8b JH |
174 | Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem |
175 | Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key | |
54c5ebb1 PH |
176 | ??? 220 |
177 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
178 | >>> ehlo rhu.barb | |
179 | ??? 250- | |
180 | <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] | |
181 | ??? 250- | |
182 | <<< 250-SIZE 52428800 | |
183 | ??? 250- | |
5b456975 JH |
184 | <<< 250-8BITMIME |
185 | ??? 250- | |
54c5ebb1 PH |
186 | <<< 250-PIPELINING |
187 | ??? 250- | |
188 | <<< 250-STARTTLS | |
189 | ??? 250 | |
190 | <<< 250 HELP | |
191 | >>> starttls | |
192 | ??? 220 | |
193 | <<< 220 TLS go ahead | |
194 | Attempting to start TLS | |
ce25e298 | 195 | SSL connection using ke-RSA-AES256-SHA |
54c5ebb1 PH |
196 | Succeeded in starting TLS |
197 | >>> mail from:<userx@test.ex> | |
198 | ??? 250 | |
199 | <<< 250 OK | |
200 | >>> rcpt to:<userx@test.ex> | |
54c5ebb1 | 201 | ??? 550 |
dc9c8f8b | 202 | <<< 550 certificate not verified: peerdn=/CN=server1.example.net |
54c5ebb1 PH |
203 | >>> quit |
204 | ??? 221 | |
205 | <<< 221 myhost.test.ex closing connection | |
206 | End of script | |
dc9c8f8b | 207 | ### Otherwise good but revoked certificate, certificate required |
54c5ebb1 | 208 | Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected |
dc9c8f8b JH |
209 | Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem |
210 | Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
54c5ebb1 PH |
211 | ??? 220 |
212 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
213 | >>> ehlo rhu.barb | |
214 | ??? 250- | |
215 | <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] | |
216 | ??? 250- | |
217 | <<< 250-SIZE 52428800 | |
218 | ??? 250- | |
5b456975 JH |
219 | <<< 250-8BITMIME |
220 | ??? 250- | |
54c5ebb1 PH |
221 | <<< 250-PIPELINING |
222 | ??? 250- | |
223 | <<< 250-STARTTLS | |
224 | ??? 250 | |
225 | <<< 250 HELP | |
226 | >>> starttls | |
227 | ??? 220 | |
228 | <<< 220 TLS go ahead | |
229 | Attempting to start TLS | |
12373afb | 230 | pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked:[...]:SSL alert number 44 |
54c5ebb1 | 231 | Failed to start TLS |
ce80533b | 232 | >>> noop |
90788405 JH |
233 | ????554 Security failure |
234 | >>> noop | |
ce80533b JH |
235 | ??? 554 Security failure |
236 | <<< 554 Security failure | |
54c5ebb1 | 237 | End of script |
dc9c8f8b | 238 | ### Revoked certificate, certificate optional at TLS time, reject at ACL time |
54c5ebb1 | 239 | Connecting to 127.0.0.1 port 1225 ... connected |
dc9c8f8b JH |
240 | Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem |
241 | Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key | |
54c5ebb1 PH |
242 | ??? 220 |
243 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
244 | >>> ehlo rhu.barb | |
245 | ??? 250- | |
246 | <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] | |
247 | ??? 250- | |
248 | <<< 250-SIZE 52428800 | |
249 | ??? 250- | |
5b456975 JH |
250 | <<< 250-8BITMIME |
251 | ??? 250- | |
54c5ebb1 PH |
252 | <<< 250-PIPELINING |
253 | ??? 250- | |
254 | <<< 250-STARTTLS | |
255 | ??? 250 | |
256 | <<< 250 HELP | |
257 | >>> starttls | |
258 | ??? 220 | |
259 | <<< 220 TLS go ahead | |
260 | Attempting to start TLS | |
ce25e298 | 261 | SSL connection using ke-RSA-AES256-SHA |
54c5ebb1 PH |
262 | Succeeded in starting TLS |
263 | >>> mail from:<userx@test.ex> | |
264 | ??? 250 | |
265 | <<< 250 OK | |
266 | >>> rcpt to:<userx@test.ex> | |
54c5ebb1 | 267 | ??? 550 |
dc9c8f8b | 268 | <<< 550 certificate not verified: peerdn=/CN=revoked1.example.com |
54c5ebb1 PH |
269 | >>> quit |
270 | ??? 221 | |
271 | <<< 221 myhost.test.ex closing connection | |
272 | End of script | |
dc9c8f8b JH |
273 | ### Good certificate, certificate required - but nonmatching CRL also present |
274 | Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected | |
275 | Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem | |
276 | Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key | |
277 | ??? 220 | |
278 | <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 | |
279 | >>> ehlo rhu.barb | |
280 | ??? 250- | |
281 | <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] | |
282 | ??? 250- | |
283 | <<< 250-SIZE 52428800 | |
284 | ??? 250- | |
285 | <<< 250-8BITMIME | |
286 | ??? 250- | |
287 | <<< 250-PIPELINING | |
288 | ??? 250- | |
289 | <<< 250-STARTTLS | |
290 | ??? 250 | |
291 | <<< 250 HELP | |
292 | >>> starttls | |
293 | ??? 220 | |
294 | <<< 220 TLS go ahead | |
295 | Attempting to start TLS | |
296 | SSL connection using ke-RSA-AES256-SHA | |
297 | Succeeded in starting TLS | |
298 | >>> mail from:<userx@test.ex> | |
299 | ??? 250 | |
300 | <<< 250 OK | |
301 | >>> rcpt to:<userx@test.ex> | |
302 | ??? 250 | |
303 | <<< 250 Accepted | |
304 | >>> quit | |
305 | ??? 221 | |
306 | <<< 221 myhost.test.ex closing connection | |
307 | End of script | |
308 | ||
309 | ******** SERVER ******** | |
310 | ### No certificate, certificate required | |
311 | ### No certificate, certificate optional at TLS time, required by ACL | |
312 | ### Good certificate, certificate required | |
313 | ### Good certificate, certificate optional at TLS time, checked by ACL | |
314 | ### Bad certificate, certificate required | |
315 | ### Bad certificate, certificate optional at TLS time, reject at ACL time | |
316 | ### Otherwise good but revoked certificate, certificate required | |
317 | ### Revoked certificate, certificate optional at TLS time, reject at ACL time | |
318 | ### Good certificate, certificate required - but nonmatching CRL also present |