Testsuite: check variables under resumption
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 5 May 2019 17:54:45 +0000 (18:54 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Sun, 5 May 2019 18:15:51 +0000 (19:15 +0100)
doc/doc-txt/experimental-spec.txt
test/confs/5890
test/confs/5891
test/log/5890
test/log/5891

index f5f72f5..211841f 100644 (file)
@@ -1000,12 +1000,10 @@ Observability:
 
 Issues:
  In a resumed session:
-  $tls_{in,out}_{certificate_verified,{peer,our}cert} will be unset
-  verify = certificate will be false
-  $tls_{in,out}_cipher will have values different to the original
-  $tls_{in,out}_bits (is unspecified)
-  $tls_{in,out}_ocsp will be "not requested"
-  $tls_{in,out}_peerdn will be unset
+  $tls_{in,out}_certificate_verified will be unset (undler OpenSSL)
+  verify = certificate will be false (undler OpenSSL)
+  $tls_{in,out}_cipher will have values different to the original (under GnuTLS)
+  $tls_{in,out}_ocsp will be "not requested" or "no response"
 
 
 --------------------------------------------------------------
index 6daf596..ca205f6 100644 (file)
@@ -32,6 +32,13 @@ begin acl
 check_helo:
   accept  condition =  ${if def:tls_in_cipher}
          logwrite =    tls_in_resumption ${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+         logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+         logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+         logwrite =    peer cert verified\t${tls_in_certificate_verified}
+         logwrite =    peer dn\t${tls_in_peerdn}
+         logwrite =    ocsp\t${tls_in_ocsp}
+         logwrite =    cipher\t${tls_in_cipher}
+         logwrite =    bits\t${tls_in_bits}
   accept
 
 check_recipient:
@@ -42,6 +49,13 @@ log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
+         logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+         logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+         logwrite =    peer cert verified\t${tls_out_certificate_verified}
+         logwrite =    peer dn\t${tls_out_peerdn}
+         logwrite =    ocsp\t${tls_out_ocsp}
+         logwrite =    cipher\t${tls_out_cipher}
+         logwrite =    bits\t${tls_out_bits}
 
 
 # ----- Routers -----
@@ -73,6 +87,8 @@ send_to_server1:
 .else
   tls_resumption_hosts = :
 .endif
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
   event_action =       ${acl {log_resumption}}
 
 send_to_server2:
@@ -80,6 +96,8 @@ send_to_server2:
   allow_localhost
   hosts = HOSTIPV4
   port = PORT_D
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
   event_action =       ${acl {log_resumption}}
 
 
index 78d22f7..599a6e3 100644 (file)
@@ -13,7 +13,7 @@ domainlist local_domains = test.ex : *.test.ex
 
 acl_smtp_helo = check_helo
 acl_smtp_rcpt = check_recipient
-log_selector = +received_recipients +tls_resumption
+log_selector = +received_recipients +tls_resumption +tls_peerdn
 
 openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
 tls_advertise_hosts = *
@@ -31,7 +31,14 @@ begin acl
 
 check_helo:
   accept  condition =  ${if def:tls_in_cipher}
-         logwrite =    tls_in_resumption ${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+         logwrite =    tls_in_resumption\t${listextract {$tls_in_resumption} {_RESUME_DECODE}}
+         logwrite =    our cert subject\t${certextract {subject}{$tls_in_ourcert}}
+         logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
+         logwrite =    peer cert verified\t${tls_in_certificate_verified}
+         logwrite =    peer dn\t${tls_in_peerdn}
+         logwrite =    ocsp\t${tls_in_ocsp}
+         logwrite =    cipher\t${tls_in_cipher}
+         logwrite =    bits\t${tls_in_bits}
   accept
 
 check_recipient:
@@ -42,6 +49,13 @@ log_resumption:
   accept condition =   ${if def:tls_out_cipher}
         condition =    ${if eq {$event_name}{tcp:close}}
         logwrite =     tls_out_resumption ${listextract {$tls_out_resumption} {_RESUME_DECODE}}
+         logwrite =    our cert subject\t${certextract {subject}{$tls_out_ourcert}}
+         logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
+         logwrite =    peer cert verified\t${tls_out_certificate_verified}
+         logwrite =    peer dn\t${tls_out_peerdn}
+         logwrite =    ocsp\t${tls_out_ocsp}
+         logwrite =    cipher\t${tls_out_cipher}
+         logwrite =    bits\t${tls_out_bits}
 
 
 # ----- Routers -----
@@ -73,6 +87,8 @@ send_to_server1:
 .else
   tls_resumption_hosts = :
 .endif
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
   event_action =       ${acl {log_resumption}}
 
 send_to_server2:
@@ -80,6 +96,8 @@ send_to_server2:
   allow_localhost
   hosts = HOSTIPV4
   port = PORT_D
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
   event_action =       ${acl {log_resumption}}
 
 
index 9d098e5..a7e9bad 100644 (file)
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmaX-0005vi-00 tls_out_resumption client requested new ticket, server provided
-1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaX-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaZ-0005vi-00 bits      256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaZ-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbC-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbD-0005vi-00"
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbE-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
-1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbG-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbH-0005vi-00"
 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbI-0005vi-00 tls_out_resumption no client request
-1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbI-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbI-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbJ-0005vi-00"
 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
 1999-03-02 09:44:33 10HmbK-0005vi-00 tls_out_resumption client requested new ticket, server provided
-1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbK-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbL-0005vi-00"
 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 bits      256
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbO-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbQ-0005vi-00"
+1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbP-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbP-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbQ-0005vi-00"
 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbR-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbR-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes C="250 OK id=10HmbS-0005vi-00"
 1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
-1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbT-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbU-0005vi-00"
 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
 1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption no client request
-1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbW-0005vi-00"
+1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbV-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbW-0005vi-00"
 1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex
 1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <abcd@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke--AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-0005vi-00 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for abcd@test.ex
 1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <abcd@test.ex> R=server
 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbP-0005vi-00@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-PSK-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
index 8131404..1070bee 100644 (file)
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
 1999-03-02 09:44:33 10HmaX-0005vi-00 tls_out_resumption client requested new ticket, server provided
-1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaX-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="ip4.ip4.ip4.ip4"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaZ-0005vi-00 bits      256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaZ-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbC-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbD-0005vi-00"
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbE-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
-1999-03-02 09:44:33 10HmbG-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbG-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
-1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbG-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbH-0005vi-00"
 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
-1999-03-02 09:44:33 10HmbI-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbI-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbI-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbI-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbI-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbJ-0005vi-00"
 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for getticket@test.ex
-1999-03-02 09:44:33 10HmbK-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbK-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbK-0005vi-00 tls_out_resumption client requested new ticket, server provided
-1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbK-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbK-0005vi-00 => getticket@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbL-0005vi-00"
 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for resume@test.ex abcd@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbM-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbM-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="ip4.ip4.ip4.ip4"
+1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 bits      256
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbN-0005vi-00"
-1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbM-0005vi-00 => resume@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for renewal@test.ex
 1999-03-02 09:44:33 10HmbP-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbQ-0005vi-00"
+1999-03-02 09:44:33 10HmbP-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbP-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbP-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbP-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbP-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbP-0005vi-00 => renewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbQ-0005vi-00"
 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbR-0005vi-00 tls_out_resumption session resumed
-1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbR-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbR-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbR-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbR-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbR-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbR-0005vi-00 => postrenewal@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbS-0005vi-00"
 1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for timeout@test.ex
 1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
-1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified        0
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbT-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbT-0005vi-00 => timeout@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbU-0005vi-00"
 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for notreq@test.ex
-1999-03-02 09:44:33 10HmbV-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmbV-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption not requested or offered
-1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbW-0005vi-00"
+1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject  
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified        1
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn   /C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp      1
+1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbV-0005vi-00 bits      256
+1999-03-02 09:44:33 10HmbV-0005vi-00 => notreq@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbW-0005vi-00"
 1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 tls_in_resumption  not requested or offered
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex
 1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <abcd@test.ex> R=server
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client offered session, server only provided new ticket
+1999-03-02 09:44:33 tls_in_resumption  client offered session, server only provided new ticket
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbH-0005vi-00 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption no client request
+1999-03-02 09:44:33 tls_in_resumption  no client request
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@myhost.test.ex for getticket@test.ex
 1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <getticket@test.ex> R=server
 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for resume@test.ex xyz@test.ex
 1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <xyz@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <resume@test.ex> R=server
 1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption not requested or offered
+1999-03-02 09:44:33 tls_in_resumption  not requested or offered
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbM-0005vi-00@myhost.test.ex for abcd@test.ex
 1999-03-02 09:44:33 10HmbO-0005vi-00 => :blackhole: <abcd@test.ex> R=server
 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbP-0005vi-00@myhost.test.ex for renewal@test.ex
 1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <renewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed
+1999-03-02 09:44:33 tls_in_resumption  session resumed
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbR-0005vi-00@myhost.test.ex for postrenewal@test.ex
 1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <postrenewal@test.ex> R=server
 1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption  session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@myhost.test.ex for timeout@test.ex
 1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <timeout@test.ex> R=server
 1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption  client requested new ticket, server provided
+1999-03-02 09:44:33 our cert subject   CN=Phil Pennock,OU=Test Suite,O=The Exim Maintainers,C=UK
+1999-03-02 09:44:33 peer cert subject  
+1999-03-02 09:44:33 peer cert verified 0
+1999-03-02 09:44:33 peer dn    
+1999-03-02 09:44:33 ocsp       0
+1999-03-02 09:44:33 cipher     TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 bits       256
 1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbV-0005vi-00@myhost.test.ex for notreq@test.ex
 1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <notreq@test.ex> R=server
 1999-03-02 09:44:33 10HmbW-0005vi-00 Completed