git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DANE: do not check dns_again_means_nonexist for TLSA results of TRY_AGAIN
[exim.git]
/
test
/
confs
/
2133
diff --git
a/test/confs/2133
b/test/confs/2133
index 064a97acff9db006b1cb87e4dbbc9b23ec8b96ed..8fa51d0e911815d2ec400ac2ac22221fa1963683 100644
(file)
--- a/
test/confs/2133
+++ b/
test/confs/2133
@@
-1,15
+1,11
@@
-# Exim test configuration
2133
+# Exim test configuration
1162
# TLS client: verify certificate from server - name-fails
SERVER=
# TLS client: verify certificate from server - name-fails
SERVER=
-exim_path = EXIM_PATH
-host_lookup_order = bydns
+.include DIR/aux-var/tls_conf_prefix
+
primary_hostname = myhost.test.ex
primary_hostname = myhost.test.ex
-spool_directory = DIR/spool
-log_file_path = DIR/spool/log/SERVER%slog
-gecos_pattern = ""
-gecos_name = CALLER_NAME
FX = DIR/aux-fixed
S1 = FX/exim-ca/example.com/server1.example.com
FX = DIR/aux-fixed
S1 = FX/exim-ca/example.com/server1.example.com
@@
-85,7
+81,7
@@
client_r:
client_s:
driver = accept
client_s:
driver = accept
- local_parts = users
+ local_parts = user
_
s
retry_use_local_part
transport = send_to_server_req_passname
retry_use_local_part
transport = send_to_server_req_passname
@@
-95,7
+91,6
@@
client_t:
retry_use_local_part
transport = send_to_server_req_failcarryon
retry_use_local_part
transport = send_to_server_req_failcarryon
-
# ----- Transports -----
begin transports
# ----- Transports -----
begin transports
@@
-105,8
+100,9
@@
send_to_server_failcert:
driver = smtp
allow_localhost
hosts = HOSTIPV4
driver = smtp
allow_localhost
hosts = HOSTIPV4
- hosts_require_tls = HOSTIPV4
port = PORT_D
port = PORT_D
+ hosts_try_fastopen = :
+ hosts_require_tls = HOSTIPV4
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-117,8
+113,9
@@
send_to_server_retry:
driver = smtp
allow_localhost
hosts = HOSTIPV4 : 127.0.0.1
driver = smtp
allow_localhost
hosts = HOSTIPV4 : 127.0.0.1
- hosts_require_tls = HOSTIPV4
port = PORT_D
port = PORT_D
+ hosts_try_fastopen = :
+ hosts_require_tls = HOSTIPV4
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-130,8
+127,9
@@
send_to_server_crypt:
driver = smtp
allow_localhost
hosts = HOSTIPV4
driver = smtp
allow_localhost
hosts = HOSTIPV4
- hosts_require_tls = HOSTIPV4
port = PORT_D
port = PORT_D
+ hosts_try_fastopen = :
+ hosts_require_tls = HOSTIPV4
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-145,6
+143,7
@@
send_to_server_req_fail:
allow_localhost
hosts = HOSTNAME
port = PORT_D
allow_localhost
hosts = HOSTNAME
port = PORT_D
+ hosts_try_fastopen = :
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-158,6
+157,7
@@
send_to_server_req_failname:
allow_localhost
hosts = HOSTNAME
port = PORT_D
allow_localhost
hosts = HOSTNAME
port = PORT_D
+ hosts_try_fastopen = :
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-172,6
+172,7
@@
send_to_server_req_passname:
allow_localhost
hosts = server1.example.com
port = PORT_D
allow_localhost
hosts = server1.example.com
port = PORT_D
+ hosts_try_fastopen = :
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2
@@
-179,11
+180,14
@@
send_to_server_req_passname:
tls_verify_cert_hostnames = *
tls_verify_hosts = *
tls_verify_cert_hostnames = *
tls_verify_hosts = *
+# this will fail to verify the cert name but carry on (try-verify mode)
+# fail because the cert is "server1.example.com" and the test system is something else
send_to_server_req_failcarryon:
driver = smtp
allow_localhost
hosts = HOSTNAME
port = PORT_D
send_to_server_req_failcarryon:
driver = smtp
allow_localhost
hosts = HOSTNAME
port = PORT_D
+ hosts_try_fastopen = :
tls_certificate = CERT2
tls_privatekey = CERT2
tls_certificate = CERT2
tls_privatekey = CERT2