tidying
[exim.git] / test / scripts / 2100-OpenSSL / 2114
index 9ba0bf925d746cf9275b4a1284b7c79ac644ada3..b5245fd37d453c60b760653502397979a1c46113 100644 (file)
@@ -1,8 +1,8 @@
 # TLS server: mandatory, optional, and revoked certificates
 exim -DSERVER=server -bd -oX PORT_D
 ****
-# No certificate, certificate required
-client-ssl HOSTIPV4 PORT_D
+### No certificate, certificate required
+client-ssl -t2 HOSTIPV4 PORT_D
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -13,8 +13,16 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+noop
+????554 Security failure
+noop
+??? 554 Security failure
+quit
+????554 Security failure
+????221
+???*
 ****
-# No certificate, certificate optional at TLS time, required by ACL
+### No certificate, certificate optional at TLS time, required by ACL
 client-ssl 127.0.0.1 PORT_D
 ??? 220
 ehlo rhu.barb
@@ -35,8 +43,8 @@ rcpt to:<userx@test.ex>
 quit
 ??? 221
 ****
-# Good certificate, certificate required
-client-ssl HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+### Good certificate, certificate required
+client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -47,6 +55,8 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -54,8 +64,8 @@ rcpt to:<userx@test.ex>
 quit
 ??? 221
 ****
-# Good certificate, certificate optional at TLS time, checked by ACL
-client-ssl 127.0.0.1 PORT_D aux-fixed/cert2 aux-fixed/cert2
+### Good certificate, certificate optional at TLS time, checked by ACL
+client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -66,6 +76,8 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -73,8 +85,8 @@ rcpt to:<userx@test.ex>
 quit
 ??? 221
 ****
-# Bad certificate, certificate required
-client-ssl HOSTIPV4 PORT_D aux-fixed/cert1 aux-fixed/cert1
+### Bad certificate, certificate required
+client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -85,9 +97,13 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+noop
+????554 Security failure
+noop
+??? 554 Security failure
 ****
-# Bad certificate, certificate optional at TLS time, reject at ACL time
-client-ssl 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
+### Bad certificate, certificate optional at TLS time, reject at ACL time
+client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -98,19 +114,24 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
-??? 550-
 ??? 550
 quit
 ??? 221
 ****
 killdaemon
-exim -DCRL=DIR/aux-fixed/crl.pem -DSERVER=server -bd -oX PORT_D
+#
+#
+#
+#
+exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
 ****
-# Good but revoked certificate, certificate required
-client-ssl HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+### Otherwise good but revoked certificate, certificate required
+client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -121,9 +142,13 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+noop
+????554 Security failure
+noop
+??? 554 Security failure
 ****
-# Revoked certificate, certificate optional at TLS time, reject at ACL time
-client-ssl 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
+### Revoked certificate, certificate optional at TLS time, reject at ACL time
+client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 ??? 220
 ehlo rhu.barb
 ??? 250-
@@ -134,12 +159,34 @@ ehlo rhu.barb
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
-??? 550-
 ??? 550
 quit
 ??? 221
 ****
+### Good certificate, certificate required - but nonmatching CRL also present
+client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+helo test
+??? 250
+mail from:<userx@test.ex>
+??? 250
+rcpt to:<userx@test.ex>
+??? 250
+quit
+??? 221
+****
 killdaemon