TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present....
[exim.git] / test / confs / 3820
1 # Exim test configuration 3820
2
3 SERVER=
4
5 .ifdef TRUSTED
6 .include DIR/aux-var/tls_conf_prefix
7 .else
8 .include DIR/aux-var/std_conf_prefix
9 .endif
10
11 primary_hostname = myhost.test.ex
12 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
13
14 # ----- Main settings -----
15
16 acl_smtp_rcpt = accept
17 queue_only
18
19
20 begin routers
21
22 client_r:
23   driver =      accept
24   condition =   ${if !eq {SERVER}{server}}
25   transport =   smtp
26   errors_to =
27
28 begin transports
29
30 smtp:
31   driver =              smtp
32   hosts =               127.0.0.1
33   allow_localhost
34   port =                PORT_D
35 .ifdef TRUSTED
36   hosts_require_tls =   *
37   tls_verify_certificates = DIR/aux-fixed/cert1
38   tls_verify_cert_hostnames = :
39 .else
40   hosts_avoid_tls =     *
41 .endif
42   hosts_require_auth =  *
43
44 # ----- Authentication -----
45
46 begin authenticators
47
48 .ifndef TRUSTED
49 sasl1:
50   driver =              gsasl
51   public_name =         ANONYMOUS
52   server_set_id =       $auth1
53   server_condition =    true
54
55 sasl2:
56   driver =              gsasl
57   public_name =         PLAIN
58   server_set_id =       $auth1
59   server_condition =    ${if eq {$auth3}{pencil}}
60
61   client_condition =    ${if eq {plain}{$local_part}}
62   client_username =     ph10
63   client_password =     pencil
64 .endif
65
66 sasl3:
67   driver =              gsasl
68 .ifdef TRUSTED
69   public_name =         SCRAM-SHA-1-PLUS
70   server_advertise_condition =  ${if def:tls_in_cipher}
71   server_channelbinding =       true
72 .else
73   public_name =         SCRAM-SHA-1
74 .endif
75
76   server_scram_salt =   ${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}}
77 .ifdef _HAVE_AUTH_GSASL_SCRAM_S_KEY
78   server_key =          D+CSWLOshSulAsxiupA+qs2/fTE=
79   server_skey =         6dlGYMOdZcOPutkcNY8U2g7vK9Y=
80 .endif
81   server_password =     ${if eq {$auth1}{ph10} {pencil}{unset_password}}
82   server_condition =    true
83   server_set_id =       $auth1
84
85   client_condition =    ${if eq {scram_sha_1}{$local_part}}
86   client_username =     ph10
87   client_password =     pencil
88 .ifdef _HAVE_AUTH_GSASL_SCRAM_S_KEY
89   client_spassword =    1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d
90 .endif
91 .ifdef TRUSTED
92   client_channelbinding = true
93 .endif
94
95 .ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
96 sasl4:
97   driver =              gsasl
98 .ifdef TRUSTED
99   public_name =         SCRAM-SHA-256-PLUS
100   server_advertise_condition =  ${if def:tls_in_cipher}
101   server_channelbinding =       true
102 .else
103   public_name =         SCRAM-SHA-256
104 .endif
105
106   server_scram_salt =   QSXCR+Q6sek8bf92
107   server_password =     pencil
108   server_condition =    true
109   server_set_id =       $auth1
110
111   client_condition =    ${if eq {scram_sha_256}{$local_part}}
112   client_username =     ph10
113   client_password =     pencil
114 .ifdef TRUSTED
115   client_channelbinding = true
116 .endif
117 .endif
118
119
120 # End