test/confs/2112

   1 # Exim test configuration 2112
   2 # TLS client: verify certificate from server - fails
   3
   4 SERVER=
   5
   6 exim_path = EXIM_PATH
   7 host_lookup_order = bydns
   8 primary_hostname = myhost.test.ex
   9 rfc1413_query_timeout = 0s
  10 spool_directory = DIR/spool
  11 log_file_path = DIR/spool/log/SERVER%slog
  12 gecos_pattern = ""
  13 gecos_name = CALLER_NAME
  14
  15 # ----- Main settings -----
  16
  17 acl_smtp_rcpt = accept
  18
  19 log_selector =  +tls_peerdn+tls_certificate_verified
  20
  21 queue_only
  22 queue_run_in_order
  23
  24 tls_advertise_hosts = *
  25
  26 # Set certificate only if server
  27
  28 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
  29 tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
  30
  31 tls_verify_hosts = *
  32 tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
  33
  34
  35 # ----- Routers -----
  36
  37 begin routers
  38
  39 server_dump:
  40   driver = redirect
  41   condition = ${if eq {SERVER}{server}{yes}{no}}
  42   data = :blackhole:
  43
  44 client_x:
  45   driver = accept
  46   local_parts = userx
  47   retry_use_local_part
  48   transport = send_to_server_failcert
  49   errors_to = ""
  50
  51 client_y:
  52   driver = accept
  53   local_parts = usery
  54   retry_use_local_part
  55   transport = send_to_server_retry
  56
  57 client_z:
  58   driver = accept
  59   local_parts = userz
  60   retry_use_local_part
  61   transport = send_to_server_crypt
  62
  63 client_q:
  64   driver = accept
  65   local_parts = userq
  66   retry_use_local_part
  67   transport = send_to_server_req_fail
  68
  69
  70 # ----- Transports -----
  71
  72 begin transports
  73
  74 # this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement
  75 send_to_server_failcert:
  76   driver = smtp
  77   allow_localhost
  78   hosts = HOSTIPV4
  79   hosts_require_tls = HOSTIPV4
  80   port = PORT_D
  81   tls_certificate = DIR/aux-fixed/cert2
  82   tls_verify_certificates = DIR/aux-fixed/cert2
  83
  84 # this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok
  85 send_to_server_retry:
  86   driver = smtp
  87   allow_localhost
  88   hosts = HOSTIPV4 : 127.0.0.1
  89   hosts_require_tls = HOSTIPV4
  90   port = PORT_D
  91   tls_certificate = DIR/aux-fixed/cert2
  92   tls_verify_certificates = \
  93     ${if eq{$host_address}{127.0.0.1}{DIR/aux-fixed/cert1}{DIR/aux-fixed/cert2}}
  94
  95 # this will fail to verify the cert but continue unverified though cypted
  96 send_to_server_crypt:
  97   driver = smtp
  98   allow_localhost
  99   hosts = HOSTIPV4
 100   hosts_require_tls = HOSTIPV4
 101   port = PORT_D
 102   tls_certificate = DIR/aux-fixed/cert2
 103   tls_verify_certificates = DIR/aux-fixed/cert2
 104   tls_try_verify_hosts = *
 105
 106 # this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted
 107 send_to_server_req_fail:
 108   driver = smtp
 109   allow_localhost
 110   hosts = HOSTIPV4
 111   port = PORT_D
 112   tls_certificate = DIR/aux-fixed/cert2
 113   tls_verify_certificates = DIR/aux-fixed/cert2
 114   tls_verify_hosts = *
 115
 116 # End