refactor
[exim.git] / test / confs / 4060
index 30d65a146fa358d2a76dff11430271f350c92717..fa643ae4c5f825da07043ef531cc2355c27fa530 100644 (file)
@@ -6,6 +6,7 @@ OPT=
 CONNECTCOND=
 
 keep_environment = PATH
 CONNECTCOND=
 
 keep_environment = PATH
+add_environment = SSLKEYLOGFILE=DIR/spool/sslkeys
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
@@ -21,7 +22,15 @@ gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
 
 # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
 
 # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
@@ -30,7 +39,7 @@ tls_require_ciphers = NORMAL:-KX-ALL:+RSA
 tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
 tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
-pipelining_connect_advertise_hosts = *
+pipelining_connect_advertise_hosts = CONTROL
 log_selector = +received_recipients +millisec +pipelining
 queue_only
 
 log_selector = +received_recipients +millisec +pipelining
 queue_only