# TLS server: creds caching, OCSP # # mkdir -p DIR/tmp/certs cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof # #exim -d-all+tls+receive+timestamp -DSERVER=server -DOPT=ocsp -bd -oX PORT_D exim -DSERVER=server -DOPT=ocsp -bd -oX PORT_D **** client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D ??? 220 EHLO rhu.barb ????250 STARTTLS ??? 220 EHLO rhu.barb ????250 MAIL FROM:<> RCPT TO:test@example.com ??? 250 ??? 250 QUIT ??? 221 **** sleep 1 # Now overwrite the cert # XXX using server2.com fails here, on the ocsp verify. Why? cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof # The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message sleep 7 client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D ??? 220 EHLO rhu.barb ????250 STARTTLS ??? 220 EHLO rhu.barb ????250 MAIL FROM:<> RCPT TO:test@example.com ??? 250 ??? 250 QUIT ??? 221 **** # killdaemon # sudo rm -fr DIR/tmp no_msglog_check