test/scripts/2100-OpenSSL/2114

   1 # TLS server: mandatory, optional, and revoked certificates
   2 exim -DSERVER=server -bd -oX PORT_D
   3 ****
   4 ### No certificate, certificate required
   5 client-ssl -t2 HOSTIPV4 PORT_D
   6 ??? 220
   7 ehlo rhu.barb
   8 ??? 250-
   9 ??? 250-
  10 ??? 250-
  11 ??? 250-
  12 ??? 250-
  13 ??? 250
  14 starttls
  15 ??? 220
  16 noop
  17 ????554 Security failure
  18 noop
  19 ??? 554 Security failure
  20 quit
  21 ????554 Security failure
  22 ????221
  23 ???*
  24 ****
  25 ### No certificate, certificate optional at TLS time, required by ACL
  26 client-ssl 127.0.0.1 PORT_D
  27 ??? 220
  28 ehlo rhu.barb
  29 ??? 250-
  30 ??? 250-
  31 ??? 250-
  32 ??? 250-
  33 ??? 250-
  34 ??? 250
  35 starttls
  36 ??? 220
  37 helo rhu.barb
  38 ??? 250
  39 mail from:<userx@test.ex>
  40 ??? 250
  41 rcpt to:<userx@test.ex>
  42 ??? 550
  43 quit
  44 ??? 221
  45 ****
  46 ### Good certificate, certificate required
  47 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  48 ??? 220
  49 ehlo rhu.barb
  50 ??? 250-
  51 ??? 250-
  52 ??? 250-
  53 ??? 250-
  54 ??? 250-
  55 ??? 250
  56 starttls
  57 ??? 220
  58 mail from:<userx@test.ex>
  59 ??? 250
  60 rcpt to:<userx@test.ex>
  61 ??? 250
  62 quit
  63 ??? 221
  64 ****
  65 ### Good certificate, certificate optional at TLS time, checked by ACL
  66 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  67 ??? 220
  68 ehlo rhu.barb
  69 ??? 250-
  70 ??? 250-
  71 ??? 250-
  72 ??? 250-
  73 ??? 250-
  74 ??? 250
  75 starttls
  76 ??? 220
  77 mail from:<userx@test.ex>
  78 ??? 250
  79 rcpt to:<userx@test.ex>
  80 ??? 250
  81 quit
  82 ??? 221
  83 ****
  84 ### Bad certificate, certificate required
  85 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
  86 ??? 220
  87 ehlo rhu.barb
  88 ??? 250-
  89 ??? 250-
  90 ??? 250-
  91 ??? 250-
  92 ??? 250-
  93 ??? 250
  94 starttls
  95 ??? 220
  96 noop
  97 ????554 Security failure
  98 noop
  99 ??? 554 Security failure
 100 ****
 101 ### Bad certificate, certificate optional at TLS time, reject at ACL time
 102 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 103 ??? 220
 104 ehlo rhu.barb
 105 ??? 250-
 106 ??? 250-
 107 ??? 250-
 108 ??? 250-
 109 ??? 250-
 110 ??? 250
 111 starttls
 112 ??? 220
 113 mail from:<userx@test.ex>
 114 ??? 250
 115 rcpt to:<userx@test.ex>
 116 ??? 550
 117 quit
 118 ??? 221
 119 ****
 120 killdaemon
 121 #
 122 #
 123 #
 124 #
 125 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
 126 ****
 127 ### Otherwise good but revoked certificate, certificate required
 128 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 129 ??? 220
 130 ehlo rhu.barb
 131 ??? 250-
 132 ??? 250-
 133 ??? 250-
 134 ??? 250-
 135 ??? 250-
 136 ??? 250
 137 starttls
 138 ??? 220
 139 noop
 140 ????554 Security failure
 141 noop
 142 ??? 554 Security failure
 143 ****
 144 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
 145 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 146 ??? 220
 147 ehlo rhu.barb
 148 ??? 250-
 149 ??? 250-
 150 ??? 250-
 151 ??? 250-
 152 ??? 250-
 153 ??? 250
 154 starttls
 155 ??? 220
 156 mail from:<userx@test.ex>
 157 ??? 250
 158 rcpt to:<userx@test.ex>
 159 ??? 550
 160 quit
 161 ??? 221
 162 ****
 163 ### Good certificate, certificate required - but nonmatching CRL also present
 164 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 165 ??? 220
 166 ehlo rhu.barb
 167 ??? 250-
 168 ??? 250-
 169 ??? 250-
 170 ??? 250-
 171 ??? 250-
 172 ??? 250
 173 starttls
 174 ??? 220
 175 mail from:<userx@test.ex>
 176 ??? 250
 177 rcpt to:<userx@test.ex>
 178 ??? 250
 179 quit
 180 ??? 221
 181 ****
 182 killdaemon