test/scripts/2000-GnuTLS/2014

   1 # TLS server: mandatory, optional, and revoked certificates
   2 gnutls
   3 munge gnutls_unexpected
   4 exim -DSERVER=server -bd -oX PORT_D
   5 ****
   6 ### No certificate, certificate required
   7 client-gnutls HOSTIPV4 PORT_D
   8 ??? 220
   9 ehlo rhu1.barb
  10 ??? 250-
  11 ??? 250-
  12 ??? 250-
  13 ??? 250-
  14 ??? 250-
  15 ??? 250
  16 starttls
  17 ??? 220
  18 nop
  19 ????554
  20 ****
  21 ### No certificate, certificate optional at TLS time, required by ACL
  22 client-gnutls 127.0.0.1 PORT_D
  23 ??? 220
  24 ehlo rhu2.barb
  25 ??? 250-
  26 ??? 250-
  27 ??? 250-
  28 ??? 250-
  29 ??? 250-
  30 ??? 250
  31 starttls
  32 ??? 220
  33 helo rhu2tls.barb
  34 ??? 250
  35 mail from:<userx@test.ex>
  36 ??? 250
  37 rcpt to:<userx@test.ex>
  38 ??? 550
  39 quit
  40 ??? 221
  41 ****
  42 ### Good certificate, certificate required
  43 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  44 ??? 220
  45 ehlo rhu3.barb
  46 ??? 250-
  47 ??? 250-
  48 ??? 250-
  49 ??? 250-
  50 ??? 250-
  51 ??? 250
  52 starttls
  53 ??? 220
  54 mail from:<userx@test.ex>
  55 ??? 250
  56 rcpt to:<userx@test.ex>
  57 ??? 250
  58 quit
  59 ??? 221
  60 ****
  61 ### Good certificate, certificate optional at TLS time, checked by ACL
  62 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  63 ??? 220
  64 ehlo rhu4.barb
  65 ??? 250-
  66 ??? 250-
  67 ??? 250-
  68 ??? 250-
  69 ??? 250-
  70 ??? 250
  71 starttls
  72 ??? 220
  73 mail from:<userx@test.ex>
  74 ??? 250
  75 rcpt to:<userx@test.ex>
  76 ??? 250
  77 quit
  78 ??? 221
  79 ****
  80 ### Bad certificate, certificate required
  81 # Actually this test does not have the client presenting a cert at all, as it filters what it has
  82 # by the options offered by the server first.  So it's not a good testcase.
  83 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
  84 ??? 220
  85 ehlo rhu5.barb
  86 ??? 250-
  87 ??? 250-
  88 ??? 250-
  89 ??? 250-
  90 ??? 250-
  91 ??? 250
  92 starttls
  93 ??? 220
  94 nop
  95 ????554
  96 ****
  97 ### Bad certificate, certificate optional at TLS time, reject at ACL time
  98 # (situation as above)
  99 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 100 ??? 220
 101 ehlo rhu6.barb
 102 ??? 250-
 103 ??? 250-
 104 ??? 250-
 105 ??? 250-
 106 ??? 250-
 107 ??? 250
 108 starttls
 109 ??? 220
 110 mail from:<userx@test.ex>
 111 ??? 250
 112 rcpt to:<userx@test.ex>
 113 ??? 550
 114 quit
 115 ??? 221
 116 ****
 117 killdaemon
 118 #
 119 #
 120 #
 121 #
 122 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.v2.pem -DSERVER=server -bd -oX PORT_D
 123 ****
 124 ### Otherwise good but revoked certificate, certificate required
 125 # GnuTLS seems to not mind the lack of CRLs for the nonleaf certs in the chain, unlike under OpenSSL
 126 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 127 ??? 220
 128 ehlo rhu7.barb
 129 ??? 250-
 130 ??? 250-
 131 ??? 250-
 132 ??? 250-
 133 ??? 250-
 134 ??? 250
 135 starttls
 136 ??? 220
 137 mail from:<userx@test.ex>
 138 ??? 554
 139 ****
 140 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
 141 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 142 ??? 220
 143 ehlo rhu8.barb
 144 ??? 250-
 145 ??? 250-
 146 ??? 250-
 147 ??? 250-
 148 ??? 250-
 149 ??? 250
 150 starttls
 151 ??? 220
 152 mail from:<userx@test.ex>
 153 ??? 250
 154 rcpt to:<userx@test.ex>
 155 ??? 550
 156 quit
 157 ??? 221
 158 ****
 159 ### Good certificate, certificate required - but nonmatching CRL also present
 160 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 161 ??? 220
 162 ehlo rhu9.barb
 163 ??? 250-
 164 ??? 250-
 165 ??? 250-
 166 ??? 250-
 167 ??? 250-
 168 ??? 250
 169 starttls
 170 ??? 220
 171 mail from:<userx@test.ex>
 172 ??? 250
 173 rcpt to:<userx@test.ex>
 174 ??? 250
 175 quit
 176 ??? 221
 177 ****
 178 killdaemon