test/scripts/2100-OpenSSL/2114

   1 # TLS server: mandatory, optional, and revoked certificates
   2 exim -DSERVER=server -bd -oX PORT_D
   3 ****
   4 ### No certificate, certificate required
   5 client-ssl -t2 HOSTIPV4 PORT_D
   6 ??? 220
   7 ehlo rhu.barb
   8 ??? 250-
   9 ??? 250-
  10 ??? 250-
  11 ??? 250-
  12 ??? 250-
  13 ??? 250-
  14 ??? 250
  15 starttls
  16 ??? 220
  17 noop
  18 ????554 Security failure
  19 noop
  20 ??? 554 Security failure
  21 quit
  22 ????554 Security failure
  23 ????221
  24 ???*
  25 ****
  26 ### No certificate, certificate optional at TLS time, required by ACL
  27 client-ssl 127.0.0.1 PORT_D
  28 ??? 220
  29 ehlo rhu.barb
  30 ??? 250-
  31 ??? 250-
  32 ??? 250-
  33 ??? 250-
  34 ??? 250-
  35 ??? 250-
  36 ??? 250
  37 starttls
  38 ??? 220
  39 helo rhu.barb
  40 ??? 250
  41 mail from:<userx@test.ex>
  42 ??? 250
  43 rcpt to:<userx@test.ex>
  44 ??? 550
  45 quit
  46 ??? 221
  47 ****
  48 ### Good certificate, certificate required
  49 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  50 ??? 220
  51 ehlo rhu.barb
  52 ??? 250-
  53 ??? 250-
  54 ??? 250-
  55 ??? 250-
  56 ??? 250-
  57 ??? 250-
  58 ??? 250
  59 starttls
  60 ??? 220
  61 helo test
  62 ??? 250
  63 mail from:<userx@test.ex>
  64 ??? 250
  65 rcpt to:<userx@test.ex>
  66 ??? 250
  67 quit
  68 ??? 221
  69 ****
  70 ### Good certificate, certificate optional at TLS time, checked by ACL
  71 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  72 ??? 220
  73 ehlo rhu.barb
  74 ??? 250-
  75 ??? 250-
  76 ??? 250-
  77 ??? 250-
  78 ??? 250-
  79 ??? 250-
  80 ??? 250
  81 starttls
  82 ??? 220
  83 helo test
  84 ??? 250
  85 mail from:<userx@test.ex>
  86 ??? 250
  87 rcpt to:<userx@test.ex>
  88 ??? 250
  89 quit
  90 ??? 221
  91 ****
  92 ### Bad certificate, certificate required
  93 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
  94 ??? 220
  95 ehlo rhu.barb
  96 ??? 250-
  97 ??? 250-
  98 ??? 250-
  99 ??? 250-
 100 ??? 250-
 101 ??? 250-
 102 ??? 250
 103 starttls
 104 ??? 220
 105 noop
 106 ????554 Security failure
 107 noop
 108 ??? 554 Security failure
 109 ****
 110 ### Bad certificate, certificate optional at TLS time, reject at ACL time
 111 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 112 ??? 220
 113 ehlo rhu.barb
 114 ??? 250-
 115 ??? 250-
 116 ??? 250-
 117 ??? 250-
 118 ??? 250-
 119 ??? 250-
 120 ??? 250
 121 starttls
 122 ??? 220
 123 helo test
 124 ??? 250
 125 mail from:<userx@test.ex>
 126 ??? 250
 127 rcpt to:<userx@test.ex>
 128 ??? 550
 129 quit
 130 ??? 221
 131 ****
 132 killdaemon
 133 #
 134 #
 135 #
 136 #
 137 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
 138 ****
 139 ### Otherwise good but revoked certificate, certificate required
 140 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 141 ??? 220
 142 ehlo rhu.barb
 143 ??? 250-
 144 ??? 250-
 145 ??? 250-
 146 ??? 250-
 147 ??? 250-
 148 ??? 250-
 149 ??? 250
 150 starttls
 151 ??? 220
 152 noop
 153 ????554 Security failure
 154 noop
 155 ??? 554 Security failure
 156 ****
 157 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
 158 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 159 ??? 220
 160 ehlo rhu.barb
 161 ??? 250-
 162 ??? 250-
 163 ??? 250-
 164 ??? 250-
 165 ??? 250-
 166 ??? 250-
 167 ??? 250
 168 starttls
 169 ??? 220
 170 helo test
 171 ??? 250
 172 mail from:<userx@test.ex>
 173 ??? 250
 174 rcpt to:<userx@test.ex>
 175 ??? 550
 176 quit
 177 ??? 221
 178 ****
 179 ### Good certificate, certificate required - but nonmatching CRL also present
 180 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 181 ??? 220
 182 ehlo rhu.barb
 183 ??? 250-
 184 ??? 250-
 185 ??? 250-
 186 ??? 250-
 187 ??? 250-
 188 ??? 250-
 189 ??? 250
 190 starttls
 191 ??? 220
 192 helo test
 193 ??? 250
 194 mail from:<userx@test.ex>
 195 ??? 250
 196 rcpt to:<userx@test.ex>
 197 ??? 250
 198 quit
 199 ??? 221
 200 ****
 201 killdaemon