# TLS: ALPN
gnutls
exim -DSERVER=server -bd -oX PORT_D
****
#
# Basic: is good ALPN set on tpt acceptable to server
exim -DCONTROL=smtp -odf a@test.ex
Test message.
****
#
# Bad ALPN rejected
exim -DCONTROL=http -odf b@test.ex
****
sudo rm -f DIR/spool/db/retry* DIR/spool/input/*-D DIR/spool/input/*-H
#
# Multiple ALPN rejected
exim -DCONTROL=smtp:smtp -odf c@test.ex
****
sudo rm -f DIR/spool/db/retry* DIR/spool/input/*-D DIR/spool/input/*-H
#
# Empty client option is ok
exim -DCONTROL="" -odf d@test.ex
****
# Content-free client option is ok
exim -DCONTROL=" " -odf e@test.ex
****
#
# Really dumb (IOT?) client, offering no TLS extensions at all in the Client Hello
#
# We're feeding the TLS protocol packet in manually rather then having
# the TLS-enabled client do it, we (currently) can only drop the TCP conn after
# the TLS conn completes (or fails).
# Expect the server to log "TCP connection closed by peer" for the success case;
# something else logged counts as bad.
#
client 127.0.0.1 PORT_D
??? 220
EHLO IOTtester
??? 250-
??? 250-SIZE
??? 250-LIMITS
??? 250-8BITMIME
??? 250-PIPELINING
??? 250-STARTTLS
??? 250 HELP
STARTTLS
??? 220
>>> \x16\x03\x00\x00\x43\x01\x00\x00\x3f\x03\x02\xff\xff\xff\xff\x92\x3e\x99\x88\xd0\x2b\x8f\xc2\x76\xbd\xcf\x02\xcc\xb6\xfc\x39\x00\xd0\x52\x82\x8c\x65\x0c\xcd\x8c\x02\x00\x40\x00\x00\x18\x00\x33\x00\x39\x00\x45\x00\x88\x00\x16\x00\x35\x00\x84\x00\x2f\x00\x41\x00\x0a\x00\x05\x00\x04\x01\x00
****
millisleep 500
#
#
killdaemon
millisleep 500
#
# Server can be told to ignore (bad) ALPN from client
exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
****
exim -DCONTROL=http -odf f@test.ex
****
killdaemon
#
# Server can be told custom names list
exim -DSERVER=server -DSTRICT='${if eq {$sender_host_address}{HOSTIPV4} {smtp:weird} {smtp}}' -bd -oX PORT_D
****
exim -DCONTROL=weird -odf g@test.ex
****
killdaemon
#
#
no_msglog_check
no_stdout_check
millisleep 500