| 1 | # OCSP stapling, server, multiple chain-element OCSP |
| 2 | # |
| 3 | # |
| 4 | # |
| 5 | mkdir -p DIR/tmp/ocsp |
| 6 | sudo chown -R EXIMUSER:EXIMGROUP tmp |
| 7 | sudo chmod -R a+rwx DIR/tmp/ocsp |
| 8 | perl |
| 9 | chdir 'aux-fixed/exim-ca/example.com'; |
| 10 | system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem'; |
| 11 | **** |
| 12 | # |
| 13 | # |
| 14 | exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth' |
| 15 | **** |
| 16 | # |
| 17 | sudo exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2 |
| 18 | **** |
| 19 | # |
| 20 | exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex |
| 21 | Subject: test |
| 22 | |
| 23 | . |
| 24 | **** |
| 25 | killdaemon |
| 26 | # |
| 27 | # |
| 28 | exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth' |
| 29 | **** |
| 30 | # |
| 31 | # Prefix with sudo to get SSLKEYLOGFILE to work. Only works on the server. |
| 32 | exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 |
| 33 | **** |
| 34 | exim -odf -DOPT=rsa rsa.auth@test.ex |
| 35 | Subject: test |
| 36 | |
| 37 | . |
| 38 | **** |
| 39 | killdaemon |
| 40 | # |
| 41 | # |
| 42 | # |
| 43 | exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it' |
| 44 | **** |
| 45 | # |
| 46 | EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad |
| 47 | **** |
| 48 | exim -odf -DOPT=rsa rsa.auth@test.ex |
| 49 | Subject: test |
| 50 | |
| 51 | . |
| 52 | **** |
| 53 | killdaemon |
| 54 | # |
| 55 | # |
| 56 | # |
| 57 | # |
| 58 | sudo rm -fr tmp/ |
| 59 | no_msglog_check |