Testsuite: add more DANE testcases
[exim.git] / test / confs / 5840
1 # Exim test configuration 5840
2 # DANE
3
4 SERVER=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 rfc1413_query_timeout = 0s
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15 # ----- Main settings -----
16
17 acl_smtp_rcpt = accept
18
19 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
20
21 queue_run_in_order
22
23 tls_advertise_hosts = *
24
25 # Set certificate only if server
26 CDIR1 = DIR/aux-fixed
27 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
28
29 tls_certificate = ${if eq {SERVER}{server} \
30         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
31                 {CDIR2/fullchain.pem}\
32                 {CDIR1/cert1}}}\
33         fail}
34
35 tls_privatekey = ${if eq {SERVER}{server} \
36         {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \
37                 {CDIR2/server1.example.com.unlocked.key}\
38                 {CDIR1/cert1}}}\
39         fail}
40
41 # ----- Routers -----
42
43 begin routers
44
45 client:
46   driver = dnslookup
47   condition = ${if eq {SERVER}{}}
48   dnssec_request_domains = *
49   self = send
50   transport = send_to_server
51
52 server:
53   driver = redirect
54   data = :blackhole:
55
56
57 # ----- Transports -----
58
59 begin transports
60
61 send_to_server:
62   driver = smtp
63   allow_localhost
64   port = PORT_D
65
66   hosts_try_dane =     *
67   hosts_require_dane = !thishost.test.ex
68   hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
69                                  {= {0}{$tls_out_tlsa_usage}} } \
70                         {*}{}}
71   tls_try_verify_hosts = thishost.test.ex
72   tls_verify_certificates = CDIR2/ca_chain.pem
73
74
75
76 # ----- Retry -----
77
78
79 begin retry
80
81 * * F,5d,10s
82
83
84 # End