Fix CVE-2016-1531
[exim.git] / test / confs / 5601
index 7eb19f7544128825d15605fa797be955ad7d1ae2..264de0e724dedd4ef02584ab8eee4d04feeec642 100644 (file)
@@ -4,6 +4,7 @@
 SERVER =
 
 exim_path = EXIM_PATH
+keep_environment  = ^EXIM_TESTHARNESS_DISABLE_[O]CSPVALIDITYCHECK$
 host_lookup_order = bydns
 primary_hostname = server1.example.com
 rfc1413_query_timeout = 0s
@@ -92,7 +93,9 @@ send_to_server1:
   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
   hosts_require_tls = *
   hosts_request_ocsp = :
-  headers_add = X-TLS-out: ocsp status $tls_out_ocsp
+  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
+    (${listextract {${eval:$tls_out_ocsp+1}} \
+               {notreq:notresp:vfynotdone:failed:verified}})
 
 send_to_server2:
   driver = smtp
@@ -102,7 +105,9 @@ send_to_server2:
   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
   hosts_require_tls = *
 # note no ocsp mention here
-  headers_add = X-TLS-out: ocsp status $tls_out_ocsp
+  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
+    (${listextract {${eval:$tls_out_ocsp+1}} \
+               {notreq:notresp:vfynotdone:failed:verified}})
 
 send_to_server3:
   driver = smtp
@@ -113,7 +118,9 @@ send_to_server3:
   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
   hosts_require_tls =  *
   hosts_require_ocsp = *
-  headers_add = X-TLS-out: ocsp status $tls_out_ocsp
+  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
+    (${listextract {${eval:$tls_out_ocsp+1}} \
+               {notreq:notresp:vfynotdone:failed:verified}})
 
 send_to_server4:
   driver = smtp
@@ -125,7 +132,9 @@ send_to_server4:
   protocol =           smtps
   hosts_require_tls =  *
   hosts_require_ocsp = *
-  headers_add = X-TLS-out: ocsp status $tls_out_ocsp
+  headers_add = X-TLS-out: ocsp status $tls_out_ocsp \
+    (${listextract {${eval:$tls_out_ocsp+1}} \
+               {notreq:notresp:vfynotdone:failed:verified}})
 
 
 # ----- Retry -----