### No certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu1.barb ??? 250- <<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS A TLS fatal alert has been received. Failed to start TLS >>> nop ????554 End of script ### No certificate, certificate optional at TLS time, required by ACL Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu2.barb ??? 250- <<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo rhu2tls.barb ??? 250 <<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 550 <<< 550 certificate not verified: peerdn= >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ### Good certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu3.barb ??? 250- <<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo test ??? 250 <<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 250 <<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ### Good certificate, certificate optional at TLS time, checked by ACL Connecting to 127.0.0.1 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu4.barb ??? 250- <<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo test ??? 250 <<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 250 <<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ### Bad certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu5.barb ??? 250- <<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS A TLS fatal alert has been received. Failed to start TLS >>> nop ????554 End of script ### Bad certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu6.barb ??? 250- <<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo test ??? 250 <<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 550 <<< 550 certificate not verified: peerdn= >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ### Otherwise good but revoked certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu7.barb ??? 250- <<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS A TLS fatal alert has been received. Failed to start TLS >>> helo test ??? 554 <<< 554 Security failure End of script ### Revoked certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu8.barb ??? 250- <<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo test ??? 250 <<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 550 <<< 550 certificate not verified: peerdn=CN=revoked1.example.com >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ### Good certificate, certificate required - but nonmatching CRL also present Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu9.barb ??? 250- <<< 250-myhost.test.ex Hello rhu9.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP >>> starttls ??? 220 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS >>> helo test ??? 250 <<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: ??? 250 <<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script ******** SERVER ******** ### No certificate, certificate required ### No certificate, certificate optional at TLS time, required by ACL ### Good certificate, certificate required ### Good certificate, certificate optional at TLS time, checked by ACL ### Bad certificate, certificate required ### Bad certificate, certificate optional at TLS time, reject at ACL time ### Otherwise good but revoked certificate, certificate required ### Revoked certificate, certificate optional at TLS time, reject at ACL time ### Good certificate, certificate required - but nonmatching CRL also present