Fix TLS SNI, and add regression test cases

[exim.git] / test / confs / 2131

diff --git a/test/confs/2131 b/test/confs/2131
new file mode 100644 (file)
index 0000000..c52ceed
--- /dev/null
+++ b/test/confs/2131
@@ -0,0 +1,94 @@
+# Exim test configuration 2130
+# SNI
+
+SERVER =
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/SERVER%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = acl_log_sni
+log_selector = +tls_peerdn +tls_sni
+remote_max_parallel = 1
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+
+tls_certificate = ${if eq {SERVER}{server} \
+       {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+           {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
+           {cert1} \
+                       }\
+       }fail}
+
+tls_privatekey = ${if eq {SERVER}{server} \
+       {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+           {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
+           {cert1} \
+                       }\
+       }fail}
+
+
+# ------ ACL ------
+
+begin acl
+
+acl_log_sni:
+  accept
+        logwrite = SNI <$tls_in_sni>
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver = accept
+  condition = ${if !eq {SERVER}{server}}
+  transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
+
+server:
+  driver = redirect
+  data = :blackhole:
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server1:
+  driver = smtp
+  allow_localhost
+  hosts = HOSTIPV4
+  port = PORT_D
+  tls_sni = fred
+  hosts_require_tls = *
+
+send_to_server2:
+  driver = smtp
+  allow_localhost
+  hosts = HOSTIPV4
+  port = PORT_D
+  tls_sni = bill
+  hosts_require_tls = *
+
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,10s
+
+
+# End