TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug...

[exim.git] / test / scripts / 2100-OpenSSL / 2112

diff --git a/test/scripts/2100-OpenSSL/2112 b/test/scripts/2100-OpenSSL/2112
index c500751d554637ee3e4e6576b54ee5be9b94d9f2..e2cc9e0730e4f993f409f83d43abd00f6b130d2e 100644 (file)
--- a/test/scripts/2100-OpenSSL/2112
+++ b/test/scripts/2100-OpenSSL/2112
@@ -1,24 +1,52 @@
 # TLS client: verify certificate from server - fails
 exim -DSERVER=server -bd -oX PORT_D
 ****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement'
+****
 exim userx@test.ex
 Testing
 ****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok'
+****
 exim usery@test.ex
-Testing
+****
+#
+#
+exim -z 'this will fail to verify the cert but continue unverified though crypted'
 ****
 exim userz@test.ex
-Testing
+****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted'
 ****
 exim userq@test.ex
-Testing
+****
+#
+#
+exim -z 'this will fail to verify the cert name and fallback to unencrypted'
 ****
 exim userr@test.ex
-Testing
 ****
-exim users@test.ex
-Testing
+#
+#
+exim -z 'this will pass the cert verify including name check'
+****
+exim user_s@test.ex
+****
+#
+#
+exim usert@test.ex
+****
+#
+exim useru@test.ex
 ****
+#
+#
 exim -qf
 ****
 killdaemon