git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
tidying
[exim.git]
/
test
/
scripts
/
5650-OCSP-GnuTLS
/
5650
diff --git
a/test/scripts/5650-OCSP-GnuTLS/5650
b/test/scripts/5650-OCSP-GnuTLS/5650
index 343d6af2f1cbd200fd0a2f18a2170e7784ca0ae4..e2259c7edec7d3693d6893544fe1756c9f5c6fe1 100644
(file)
--- a/
test/scripts/5650-OCSP-GnuTLS/5650
+++ b/
test/scripts/5650-OCSP-GnuTLS/5650
@@
-6,7
+6,7
@@
exim -z '1: Server sends good staple on request'
****
#
exim -bd -oX PORT_D -DSERVER=server \
****
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@
-18,9
+18,12
@@
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
+??? 250-
??? 250
starttls
??? 220
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
@@
-34,12
+37,11
@@
killdaemon
#
exim -z '2: Server does not staple an outdated response'
****
#
exim -z '2: Server does not staple an outdated response'
****
+# This test fails on older GnuTLS versions, which do not check the resp on the server
#
exim -bd -oX PORT_D -DSERVER=server \
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
****
****
-# XXX test sequence might not be quite right; this is for a server refusal
-# and we're expecting a client refusal.
client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
@@
-48,9
+50,10
@@
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
+??? 250-
??? 250
starttls
??? 250
starttls
-???
220
+???
454
****
killdaemon
#
****
killdaemon
#
@@
-60,9
+63,10
@@
killdaemon
#
exim -z '3: Server does not staple a response for a revoked cert'
****
#
exim -z '3: Server does not staple a response for a revoked cert'
****
+# This test fails on older GnuTLS versions, which do not check the resp on the server
#
exim -bd -oX PORT_D -DSERVER=server \
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@
-74,9
+78,10
@@
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
+??? 250-
??? 250
starttls
??? 250
starttls
-???
220
+???
454
****
killdaemon
#
****
killdaemon
#
@@
-88,12
+93,9
@@
exim -z '4: Connection functions when server is prepared to staple but client do
****
#
exim -bd -oX PORT_D -DSERVER=server \
****
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
#
****
#
-# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
-# stapling
-#
client-gnutls \
HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
client-gnutls \
HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
@@
-103,6
+105,7
@@
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
+??? 250-
??? 250
starttls
??? 220
??? 250
starttls
??? 220
@@
-111,6
+114,7
@@
ehlo rhu.barb.tls
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
+??? 250-
??? 250
quit
****
??? 250
quit
****