Move ESMPT LIMITS extension from experimental to mainline
[exim.git] / test / scripts / 2100-OpenSSL / 2114
1 # TLS server: mandatory, optional, and revoked certificates
2 exim -DSERVER=server -bd -oX PORT_D
3 ****
4 ### No certificate, certificate required
5 client-ssl -t2 HOSTIPV4 PORT_D
6 ??? 220
7 ehlo rhu.barb
8 ??? 250-
9 ??? 250-
10 ??? 250-
11 ??? 250-
12 ??? 250-
13 ??? 250-
14 ??? 250
15 starttls
16 ??? 220
17 noop
18 ????554 Security failure
19 noop
20 ??? 554 Security failure
21 quit
22 ????554 Security failure
23 ????221
24 ???*
25 ****
26 ### No certificate, certificate optional at TLS time, required by ACL
27 client-ssl 127.0.0.1 PORT_D
28 ??? 220
29 ehlo rhu.barb
30 ??? 250-
31 ??? 250-
32 ??? 250-
33 ??? 250-
34 ??? 250-
35 ??? 250-
36 ??? 250
37 starttls
38 ??? 220
39 helo rhu.barb
40 ??? 250
41 mail from:<userx@test.ex>
42 ??? 250
43 rcpt to:<userx@test.ex>
44 ??? 550
45 quit
46 ??? 221
47 ****
48 ### Good certificate, certificate required
49 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
50 ??? 220
51 ehlo rhu.barb
52 ??? 250-
53 ??? 250-
54 ??? 250-
55 ??? 250-
56 ??? 250-
57 ??? 250-
58 ??? 250
59 starttls
60 ??? 220
61 helo test
62 ??? 250
63 mail from:<userx@test.ex>
64 ??? 250
65 rcpt to:<userx@test.ex>
66 ??? 250
67 quit
68 ??? 221
69 ****
70 ### Good certificate, certificate optional at TLS time, checked by ACL
71 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
72 ??? 220
73 ehlo rhu.barb
74 ??? 250-
75 ??? 250-
76 ??? 250-
77 ??? 250-
78 ??? 250-
79 ??? 250-
80 ??? 250
81 starttls
82 ??? 220
83 helo test
84 ??? 250
85 mail from:<userx@test.ex>
86 ??? 250
87 rcpt to:<userx@test.ex>
88 ??? 250
89 quit
90 ??? 221
91 ****
92 ### Bad certificate, certificate required
93 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
94 ??? 220
95 ehlo rhu.barb
96 ??? 250-
97 ??? 250-
98 ??? 250-
99 ??? 250-
100 ??? 250-
101 ??? 250-
102 ??? 250
103 starttls
104 ??? 220
105 noop
106 ????554 Security failure
107 noop
108 ??? 554 Security failure
109 ****
110 ### Bad certificate, certificate optional at TLS time, reject at ACL time
111 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
112 ??? 220
113 ehlo rhu.barb
114 ??? 250-
115 ??? 250-
116 ??? 250-
117 ??? 250-
118 ??? 250-
119 ??? 250-
120 ??? 250
121 starttls
122 ??? 220
123 helo test
124 ??? 250
125 mail from:<userx@test.ex>
126 ??? 250
127 rcpt to:<userx@test.ex>
128 ??? 550
129 quit
130 ??? 221
131 ****
132 killdaemon
133 #
134 #
135 #
136 #
137 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
138 ****
139 ### Otherwise good but revoked certificate, certificate required
140 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
141 ??? 220
142 ehlo rhu.barb
143 ??? 250-
144 ??? 250-
145 ??? 250-
146 ??? 250-
147 ??? 250-
148 ??? 250-
149 ??? 250
150 starttls
151 ??? 220
152 noop
153 ????554 Security failure
154 noop
155 ??? 554 Security failure
156 ****
157 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
158 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
159 ??? 220
160 ehlo rhu.barb
161 ??? 250-
162 ??? 250-
163 ??? 250-
164 ??? 250-
165 ??? 250-
166 ??? 250-
167 ??? 250
168 starttls
169 ??? 220
170 helo test
171 ??? 250
172 mail from:<userx@test.ex>
173 ??? 250
174 rcpt to:<userx@test.ex>
175 ??? 550
176 quit
177 ??? 221
178 ****
179 ### Good certificate, certificate required - but nonmatching CRL also present
180 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
181 ??? 220
182 ehlo rhu.barb
183 ??? 250-
184 ??? 250-
185 ??? 250-
186 ??? 250-
187 ??? 250-
188 ??? 250-
189 ??? 250
190 starttls
191 ??? 220
192 helo test
193 ??? 250
194 mail from:<userx@test.ex>
195 ??? 250
196 rcpt to:<userx@test.ex>
197 ??? 250
198 quit
199 ??? 221
200 ****
201 killdaemon