Testsuite: munge for Cyrus SASL library version output changes
[exim.git] / test / scripts / 2000-GnuTLS / 2014
1 # TLS server: mandatory, optional, and revoked certificates
2 gnutls
3 munge gnutls_unexpected
4 exim -DSERVER=server -bd -oX PORT_D
5 ****
6 ### No certificate, certificate required
7 client-gnutls HOSTIPV4 PORT_D
8 ??? 220
9 ehlo rhu1.barb
10 ??? 250-
11 ??? 250-
12 ??? 250-
13 ??? 250-
14 ??? 250-
15 ??? 250
16 starttls
17 ??? 220
18 nop
19 ????554
20 ****
21 ### No certificate, certificate optional at TLS time, required by ACL
22 client-gnutls 127.0.0.1 PORT_D
23 ??? 220
24 ehlo rhu2.barb
25 ??? 250-
26 ??? 250-
27 ??? 250-
28 ??? 250-
29 ??? 250-
30 ??? 250
31 starttls
32 ??? 220
33 helo rhu2tls.barb
34 ??? 250
35 mail from:<userx@test.ex>
36 ??? 250
37 rcpt to:<userx@test.ex>
38 ??? 550
39 quit
40 ??? 221
41 ****
42 ### Good certificate, certificate required
43 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
44 ??? 220
45 ehlo rhu3.barb
46 ??? 250-
47 ??? 250-
48 ??? 250-
49 ??? 250-
50 ??? 250-
51 ??? 250
52 starttls
53 ??? 220
54 helo test
55 ??? 250
56 mail from:<userx@test.ex>
57 ??? 250
58 rcpt to:<userx@test.ex>
59 ??? 250
60 quit
61 ??? 221
62 ****
63 ### Good certificate, certificate optional at TLS time, checked by ACL
64 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
65 ??? 220
66 ehlo rhu4.barb
67 ??? 250-
68 ??? 250-
69 ??? 250-
70 ??? 250-
71 ??? 250-
72 ??? 250
73 starttls
74 ??? 220
75 helo test
76 ??? 250
77 mail from:<userx@test.ex>
78 ??? 250
79 rcpt to:<userx@test.ex>
80 ??? 250
81 quit
82 ??? 221
83 ****
84 ### Bad certificate, certificate required
85 # Actually this test does not have the client presenting a cert at all, as it filters what it has
86 # by the options offered by the server first.  So it's not a good testcase.
87 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
88 ??? 220
89 ehlo rhu5.barb
90 ??? 250-
91 ??? 250-
92 ??? 250-
93 ??? 250-
94 ??? 250-
95 ??? 250
96 starttls
97 ??? 220
98 nop
99 ????554
100 ****
101 ### Bad certificate, certificate optional at TLS time, reject at ACL time
102 # (situation as above)
103 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
104 ??? 220
105 ehlo rhu6.barb
106 ??? 250-
107 ??? 250-
108 ??? 250-
109 ??? 250-
110 ??? 250-
111 ??? 250
112 starttls
113 ??? 220
114 helo test
115 ??? 250
116 mail from:<userx@test.ex>
117 ??? 250
118 rcpt to:<userx@test.ex>
119 ??? 550
120 quit
121 ??? 221
122 ****
123 killdaemon
124 #
125 #
126 #
127 #
128 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.v2.pem -DSERVER=server -bd -oX PORT_D
129 ****
130 ### Otherwise good but revoked certificate, certificate required
131 # GnuTLS seems to not mind the lack of CRLs for the nonleaf certs in the chain, unlike under OpenSSL
132 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
133 ??? 220
134 ehlo rhu7.barb
135 ??? 250-
136 ??? 250-
137 ??? 250-
138 ??? 250-
139 ??? 250-
140 ??? 250
141 starttls
142 ??? 220
143 helo test
144 ??? 554
145 ****
146 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
147 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
148 ??? 220
149 ehlo rhu8.barb
150 ??? 250-
151 ??? 250-
152 ??? 250-
153 ??? 250-
154 ??? 250-
155 ??? 250
156 starttls
157 ??? 220
158 helo test
159 ??? 250
160 mail from:<userx@test.ex>
161 ??? 250
162 rcpt to:<userx@test.ex>
163 ??? 550
164 quit
165 ??? 221
166 ****
167 ### Good certificate, certificate required - but nonmatching CRL also present
168 client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
169 ??? 220
170 ehlo rhu9.barb
171 ??? 250-
172 ??? 250-
173 ??? 250-
174 ??? 250-
175 ??? 250-
176 ??? 250
177 starttls
178 ??? 220
179 helo test
180 ??? 250
181 mail from:<userx@test.ex>
182 ??? 250
183 rcpt to:<userx@test.ex>
184 ??? 250
185 quit
186 ??? 221
187 ****
188 killdaemon