test/scripts/2100-OpenSSL/2114

   1 # TLS server: mandatory, optional, and revoked certificates
   2 exim -DSERVER=server -bd -oX PORT_D
   3 ****
   4 ### No certificate, certificate required
   5 client-ssl -t2 HOSTIPV4 PORT_D
   6 ??? 220
   7 ehlo rhu.barb
   8 ??? 250-
   9 ??? 250-
  10 ??? 250-
  11 ??? 250-
  12 ??? 250-
  13 ??? 250
  14 starttls
  15 ??? 220
  16 noop
  17 ????554 Security failure
  18 noop
  19 ??? 554 Security failure
  20 quit
  21 ????554 Security failure
  22 ????221
  23 ???*
  24 ****
  25 ### No certificate, certificate optional at TLS time, required by ACL
  26 client-ssl 127.0.0.1 PORT_D
  27 ??? 220
  28 ehlo rhu.barb
  29 ??? 250-
  30 ??? 250-
  31 ??? 250-
  32 ??? 250-
  33 ??? 250-
  34 ??? 250
  35 starttls
  36 ??? 220
  37 helo rhu.barb
  38 ??? 250
  39 mail from:<userx@test.ex>
  40 ??? 250
  41 rcpt to:<userx@test.ex>
  42 ??? 550
  43 quit
  44 ??? 221
  45 ****
  46 ### Good certificate, certificate required
  47 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  48 ??? 220
  49 ehlo rhu.barb
  50 ??? 250-
  51 ??? 250-
  52 ??? 250-
  53 ??? 250-
  54 ??? 250-
  55 ??? 250
  56 starttls
  57 ??? 220
  58 helo test
  59 ??? 250
  60 mail from:<userx@test.ex>
  61 ??? 250
  62 rcpt to:<userx@test.ex>
  63 ??? 250
  64 quit
  65 ??? 221
  66 ****
  67 ### Good certificate, certificate optional at TLS time, checked by ACL
  68 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
  69 ??? 220
  70 ehlo rhu.barb
  71 ??? 250-
  72 ??? 250-
  73 ??? 250-
  74 ??? 250-
  75 ??? 250-
  76 ??? 250
  77 starttls
  78 ??? 220
  79 helo test
  80 ??? 250
  81 mail from:<userx@test.ex>
  82 ??? 250
  83 rcpt to:<userx@test.ex>
  84 ??? 250
  85 quit
  86 ??? 221
  87 ****
  88 ### Bad certificate, certificate required
  89 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
  90 ??? 220
  91 ehlo rhu.barb
  92 ??? 250-
  93 ??? 250-
  94 ??? 250-
  95 ??? 250-
  96 ??? 250-
  97 ??? 250
  98 starttls
  99 ??? 220
 100 noop
 101 ????554 Security failure
 102 noop
 103 ??? 554 Security failure
 104 ****
 105 ### Bad certificate, certificate optional at TLS time, reject at ACL time
 106 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 107 ??? 220
 108 ehlo rhu.barb
 109 ??? 250-
 110 ??? 250-
 111 ??? 250-
 112 ??? 250-
 113 ??? 250-
 114 ??? 250
 115 starttls
 116 ??? 220
 117 helo test
 118 ??? 250
 119 mail from:<userx@test.ex>
 120 ??? 250
 121 rcpt to:<userx@test.ex>
 122 ??? 550
 123 quit
 124 ??? 221
 125 ****
 126 killdaemon
 127 #
 128 #
 129 #
 130 #
 131 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
 132 ****
 133 ### Otherwise good but revoked certificate, certificate required
 134 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 135 ??? 220
 136 ehlo rhu.barb
 137 ??? 250-
 138 ??? 250-
 139 ??? 250-
 140 ??? 250-
 141 ??? 250-
 142 ??? 250
 143 starttls
 144 ??? 220
 145 noop
 146 ????554 Security failure
 147 noop
 148 ??? 554 Security failure
 149 ****
 150 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
 151 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 152 ??? 220
 153 ehlo rhu.barb
 154 ??? 250-
 155 ??? 250-
 156 ??? 250-
 157 ??? 250-
 158 ??? 250-
 159 ??? 250
 160 starttls
 161 ??? 220
 162 helo test
 163 ??? 250
 164 mail from:<userx@test.ex>
 165 ??? 250
 166 rcpt to:<userx@test.ex>
 167 ??? 550
 168 quit
 169 ??? 221
 170 ****
 171 ### Good certificate, certificate required - but nonmatching CRL also present
 172 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 173 ??? 220
 174 ehlo rhu.barb
 175 ??? 250-
 176 ??? 250-
 177 ??? 250-
 178 ??? 250-
 179 ??? 250-
 180 ??? 250
 181 starttls
 182 ??? 220
 183 helo test
 184 ??? 250
 185 mail from:<userx@test.ex>
 186 ??? 250
 187 rcpt to:<userx@test.ex>
 188 ??? 250
 189 quit
 190 ??? 221
 191 ****
 192 killdaemon