1 # OCSP stapling under DANE, client
4 # ============================================
5 # Group 1: TLSA (2 1 1) (DANE-TA SPKI SHA2-256)
7 # Client works when we request but don't require OCSP stapling and none comes
8 exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta -DRETURN=""
10 exim -odf norequire@mxdane256tak.test.ex
17 # Client works when we don't request OCSP stapling
18 exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \
19 -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
21 exim -odf norequest@mxdane256tak.test.ex
27 # Client accepts good stapled info
28 exim -odf goodstaple@mxdane256tak.test.ex
34 # Client fails on lack of required stapled info
35 exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta -DRETURN=""
37 exim -odf nostaple_required@mxdane256tak.test.ex
40 sudo rm -f spool/db/retry* spool/input/*
44 # Client fails on revoked stapled info
45 EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \
46 -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
48 exim -odf revoked@mxdane256tak.test.ex
51 sudo rm -f spool/db/retry* spool/input/*
56 # Client fails on expired stapled info
57 EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \
58 -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
60 exim -odf expired@mxdane256tak.test.ex
63 sudo rm -f spool/db/retry* spool/input/*
66 # ============================================
67 # Group 2: TLSA (2 1 1) (DANE-TA SPKI SHA2-256) but with LE-mode OCSP
69 exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \
70 -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp
73 # Client accepts good stapled info
74 exim -odf goodstaple_le@mxdane256tak.test.ex
git://git.exim.org / exim.git / blob