git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DANE: fix TA-mode verify under GnuTLS. Bug 2311
[exim.git]
/
test
/
confs
/
5651
diff --git
a/test/confs/5651
b/test/confs/5651
index 4a1989f4379ecad2720ff5edec953103f899cb94..5803c3ce9e3706de2dd2e4466b9cf6f6eab7132e 100644
(file)
--- a/
test/confs/5651
+++ b/
test/confs/5651
@@
-3,15
+3,9
@@
SERVER =
SERVER =
-exim_path = EXIM_PATH
-host_lookup_order = bydns
-primary_hostname = server1.example.com
-rfc1413_query_timeout = 0s
-spool_directory = DIR/spool
-log_file_path = DIR/spool/log/SERVER%slog
-gecos_pattern = ""
-gecos_name = CALLER_NAME
+.include DIR/aux-var/tls_conf_prefix
+primary_hostname = server1.example.com
# ----- Main settings -----
# ----- Main settings -----
@@
-35,7
+29,7
@@
tls_privatekey = ${if eq {SERVER}{server}\
fail}
# from cmdline define
fail}
# from cmdline define
-tls_ocsp_file = O
CSP
+tls_ocsp_file = O
PT
# ------ ACL ------
# ------ ACL ------
@@
-88,9
+82,12
@@
send_to_server1:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_request_ocsp = :
hosts_require_tls = *
hosts_request_ocsp = :
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server2:
driver = smtp
send_to_server2:
driver = smtp
@@
-98,9
+95,12
@@
send_to_server2:
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
hosts = HOSTIPV4
port = PORT_D
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
hosts_require_tls = *
# note no ocsp mention here
hosts_require_tls = *
# note no ocsp mention here
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server3:
driver = smtp
send_to_server3:
driver = smtp
@@
-110,9
+110,13
@@
send_to_server3:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_try_verify_hosts =
+ tls_verify_cert_hostnames =
hosts_require_tls = *
hosts_require_ocsp = *
hosts_require_tls = *
hosts_require_ocsp = *
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
send_to_server4:
driver = smtp
send_to_server4:
driver = smtp
@@
-122,10
+126,13
@@
send_to_server4:
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
helo_data = helo.data.changed
#tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ tls_verify_cert_hostnames =
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
protocol = smtps
hosts_require_tls = *
hosts_require_ocsp = *
- headers_add = X-TLS-out: OCSP status $tls_out_ocsp
+ headers_add = X-TLS-out: OCSP status $tls_out_ocsp \
+ (${listextract {${eval:$tls_out_ocsp+1}} \
+ {notreq:notresp:vfynotdone:failed:verified}})
# ----- Retry -----
# ----- Retry -----