GnuTLS: Fix client detection of server reject of client cert under TLS1.3
[exim.git] / test / confs / 4064
1 # test config 4064
2 # Early-pipe, AUTH, GnuTLS
3
4 keep_environment = PATH
5 exim_path = EXIM_PATH
6 host_lookup_order = bydns
7 spool_directory = DIR/spool
8
9 .ifdef SERVER
10 log_file_path = DIR/spool/log/SERVER%slog
11 .else
12 log_file_path = DIR/spool/log/%slog
13 .endif
14
15 gecos_pattern = ""
16 gecos_name = CALLER_NAME
17 dns_cname_loops = 9
18 chunking_advertise_hosts = OPT
19 tls_advertise_hosts = *
20 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
21
22 # Avoid ECDHE key-exchange so that we can wireshark-decode
23 .ifdef _HAVE_GNUTLS
24 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
25 .endif
26
27 pipelining_connect_advertise_hosts = *
28 auth_advertise_hosts = *
29
30 log_selector = +received_recipients +pipelining
31 queue_only
32
33 acl_smtp_rcpt = accept
34
35 #
36 begin routers
37
38 server:
39   driver =      redirect
40   condition =   ${if eq {SERVER}{server}}
41   data =        :blackhole:
42
43 client:
44   driver =      manualroute
45   route_data =  127.0.0.1::PORT_D
46   self =        send
47   transport =   smtp
48
49 #
50 begin transports
51
52 smtp:
53   driver =              smtp
54   hosts_pipe_connect =  *
55   tls_verify_hosts =
56   tls_try_verify_hosts =
57   hosts_require_auth =  *
58
59 #
60 begin authenticators
61
62 plain:
63   driver = plaintext
64   public_name = PLAIN
65
66   server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
67   server_condition = "\
68     ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
69   server_set_id = $auth2
70
71   client_send = ^userx^secret
72