| | 1 | # OCSP stapling, server, multiple chain-element OCSP |
| | 2 | # |
| | 3 | # |
| | 4 | # |
| | 5 | mkdir -p DIR/tmp/ocsp |
| | 6 | sudo chown -R EXIMUSER:EXIMGROUP tmp |
| | 7 | sudo chmod -R a+rwx DIR/tmp/ocsp |
| | 8 | perl |
| | 9 | chdir 'aux-fixed/exim-ca/example.com'; |
| | 10 | system 'cat server1.example.com/server1.example.com.ocsp.signernocert.good.resp.pem CA/Signer.ocsp.signernocert.revoked.resp.pem > DIR/tmp/ocsp/double_r.ocsp.pem'; |
| | 11 | **** |
| | 12 | # |
| | 13 | # |
| | 14 | exim -z '1: TLS1.2 Server sends good leaf-staple on request, to client requiring RSA auth' |
| | 15 | **** |
| | 16 | # |
| | 17 | sudo exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.2 |
| | 18 | **** |
| | 19 | # |
| | 20 | exim -odf -DOPT=rsa -DLIMIT=TLS1.2 rsa.auth@test.ex |
| | 21 | Subject: test |
| | 22 | |
| | 23 | . |
| | 24 | **** |
| | 25 | killdaemon |
| | 26 | # |
| | 27 | # |
| | 28 | exim -z '2: TLS1.3 Server sends good 3-element staple on request, to client requiring RSA auth' |
| | 29 | **** |
| | 30 | # |
| | 31 | # Prefix with sudo to get SSLKEYLOGFILE to work. Only works on the server. |
| | 32 | exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 |
| | 33 | **** |
| | 34 | exim -odf -DOPT=rsa rsa.auth@test.ex |
| | 35 | Subject: test |
| | 36 | |
| | 37 | . |
| | 38 | **** |
| | 39 | killdaemon |
| | 40 | # |
| | 41 | # |
| | 42 | # |
| | 43 | exim -z '3: TLS1.3 Server sends bad nonleaf staple, client detects it' |
| | 44 | **** |
| | 45 | # |
| | 46 | EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DLIMIT=TLS1.3 -DCONTROL=bad |
| | 47 | **** |
| | 48 | exim -odf -DOPT=rsa rsa.auth@test.ex |
| | 49 | Subject: test |
| | 50 | |
| | 51 | . |
| | 52 | **** |
| | 53 | killdaemon |
| | 54 | # |
| | 55 | # |
| | 56 | # |
| | 57 | # |
| | 58 | sudo rm -fr tmp/ |
| | 59 | no_msglog_check |
projects / exim.git / blame_incremental