TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug...

[exim.git] / test / scripts / 2100-OpenSSL / 2112

diff --git a/test/scripts/2100-OpenSSL/2112 b/test/scripts/2100-OpenSSL/2112
index 4793929bcd45066309f70db47f2b037ef48dc66b..e2cc9e0730e4f993f409f83d43abd00f6b130d2e 100644 (file)
--- a/test/scripts/2100-OpenSSL/2112
+++ b/test/scripts/2100-OpenSSL/2112
@@ -1,9 +1,52 @@
 # TLS client: verify certificate from server - fails
 exim -DSERVER=server -bd -oX PORT_D
 ****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement'
+****
 exim userx@test.ex
 Testing
 ****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok'
+****
+exim usery@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert but continue unverified though crypted'
+****
+exim userz@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted'
+****
+exim userq@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert name and fallback to unencrypted'
+****
+exim userr@test.ex
+****
+#
+#
+exim -z 'this will pass the cert verify including name check'
+****
+exim user_s@test.ex
+****
+#
+#
+exim usert@test.ex
+****
+#
+exim useru@test.ex
+****
+#
+#
 exim -qf
 ****
 killdaemon