Add dns_trust_aa

[exim.git] / test / confs / 5750

diff --git a/test/confs/5750 b/test/confs/5750
index daff91bb3560472b4668246220baeec55d43cca0..13ee1498f566f6e5961b73c618ffda7d9bba648e 100644 (file)
--- a/test/confs/5750
+++ b/test/confs/5750
@@ -6,11 +6,11 @@ SERVER=
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 primary_hostname = myhost.test.ex
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 primary_hostname = myhost.test.ex

-rfc1413_query_timeout = 0s

 spool_directory = DIR/spool
 log_file_path = DIR/spool/log/SERVER%slog
 gecos_pattern = ""
 gecos_name = CALLER_NAME
 spool_directory = DIR/spool
 log_file_path = DIR/spool/log/SERVER%slog
 gecos_pattern = ""
 gecos_name = CALLER_NAME

+timezone = UTC

 
 # ----- Main settings -----
 
 
 # ----- Main settings -----
 


@@ -29,28 +29,51 @@ tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.e
 tls_verify_hosts = *
 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
 
 tls_verify_hosts = *
 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
 

+event_action = ${acl {server_cert_log}}
+

 #
 
 begin acl
 #
 
 begin acl

-logger:
-  warn   logwrite =  $acl_arg1 $tpda_delivery_local_part
+
+server_cert_log:
+  accept condition = ${if eq {tls:cert}{$event_name}}
+        logwrite =  [$sender_host_address] \
+                       depth=$event_data \
+                       ${certextract{subject}{$tls_in_peercert}}
+  accept
+
+ev_tls:
+  accept logwrite =  $event_name depth=$event_data \
+                       <${certextract {subject} {$tls_out_peercert}}>
+#       message = noooo
+
+ev_msg:
+  warn   logwrite =  $acl_arg1 $local_part

   warn   logwrite =  ${if !def:tls_out_ourcert \
   warn   logwrite =  ${if !def:tls_out_ourcert \

-               {NO CLENT CERT presented} \
+               {NO CLIENT CERT presented} \

                {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
   accept condition = ${if !def:tls_out_peercert}
         logwrite =  No Peer cert
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
                {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
   accept condition = ${if !def:tls_out_peercert}
         logwrite =  No Peer cert
   accept logwrite = Peer cert:
         logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
         logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>

+        logwrite =  SN; <${certextract {subject,>;}    {$tls_out_peercert}}>
+        logwrite =  SNCN<${certextract {subject,CN}    {$tls_out_peercert}}>

          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>
          logwrite =  IN  <${certextract {issuer}       {$tls_out_peercert}}>
          logwrite =  NB  <${certextract {notbefore}    {$tls_out_peercert}}>
          logwrite =  NA  <${certextract {notafter}     {$tls_out_peercert}}>

-         logwrite =  SA  <${certextract {signature_algorithm}{$tls_out_peercert}}>
+         logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>

          logwrite =  SG  <${certextract {signature}    {$tls_out_peercert}}>
          logwrite =  SG  <${certextract {signature}    {$tls_out_peercert}}>

-        logwrite =       ${certextract {subject_altname}{$tls_out_peercert}{SAN <$value>}{(no SAN)}}
+        logwrite =       ${certextract {subj_altname}  {$tls_out_peercert}{SAN <$value>}{(no SAN)}}

 #       logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
         logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
 
 #       logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
         logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
 

+logger:
+  accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
+        acl = ev_msg $event_name $acl_arg2
+  accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
+        message =   ${acl {ev_tls}}
+  accept

 
 # ----- Routers -----
 
 
 # ----- Routers -----
 


@@ -80,9 +103,10 @@ send_to_server:
        ${if eq {$local_part}{good}\
 {example.com/server1.example.com/ca_chain.pem}\
 {example.net/server1.example.net/ca_chain.pem}}
        ${if eq {$local_part}{good}\
 {example.com/server1.example.com/ca_chain.pem}\
 {example.net/server1.example.net/ca_chain.pem}}

+  tls_try_verify_hosts =
+  tls_verify_cert_hostnames =

 
 

-  tpda_delivery_action =   ${acl {logger} {delivery} {$domain} }
-  tpda_host_defer_action = ${acl {logger} {deferral} {$domain} }
+  event_action =   ${acl {logger} {$event_name} {$domain} }

 
 # ----- Retry -----
 
 
 # ----- Retry -----