Testsuite: additional crypto cypher useable
[exim.git] / test / confs / 5600
1 # Exim test configuration 5600
2 # OCSP stapling, server
3
4 CRL=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = server1.example.com
9 spool_directory = DIR/spool
10 log_file_path = DIR/spool/log/%slog
11 gecos_pattern = ""
12 gecos_name = CALLER_NAME
13
14 # ----- Main settings -----
15
16 acl_smtp_connect = check_connect
17 acl_smtp_mail = check_mail
18 acl_smtp_rcpt = check_recipient
19
20 log_selector = +tls_peerdn
21
22 queue_only
23 queue_run_in_order
24
25 tls_advertise_hosts = *
26
27 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
28 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
29
30 tls_verify_hosts = HOSTIPV4
31 tls_try_verify_hosts = *
32 tls_verify_certificates = DIR/aux-fixed/cert2
33 tls_crl = CRL
34 tls_ocsp_file = OCSP
35
36
37 # ------ ACL ------
38
39 begin acl
40
41 check_connect:
42   accept   logwrite = acl_conn: ocsp in status: $tls_in_ocsp \
43     (${listextract {${eval:$tls_in_ocsp+1}} \
44                 {notreq:notresp:vfynotdone:failed:verified}})
45
46 check_mail:
47   accept   logwrite = acl_mail: ocsp in status: $tls_in_ocsp \
48     (${listextract {${eval:$tls_in_ocsp+1}} \
49                 {notreq:notresp:vfynotdone:failed:verified}})
50
51 check_recipient:
52   deny     message = certificate not verified: peerdn=$tls_peerdn
53          ! verify = certificate
54   accept
55
56
57 # ----- Routers -----
58
59 begin routers
60
61 abc:
62   driver = accept
63   retry_use_local_part
64   transport = local_delivery
65
66
67 # ----- Transports -----
68
69 begin transports
70
71 local_delivery:
72   driver = appendfile
73   file = DIR/test-mail/$local_part
74   headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
75   user = CALLER
76
77 # End