Lookups: avoid leaking user/passwd from server spec to log. Bug 3066

[exim.git] / test / confs / 4060

diff --git a/test/confs/4060 b/test/confs/4060
index dcc0ec2e726f44ebab8d157d2c452017f8459656..fa643ae4c5f825da07043ef531cc2355c27fa530 100644 (file)
--- a/test/confs/4060
+++ b/test/confs/4060
@@ -6,6 +6,7 @@ OPT=
 CONNECTCOND=
 
 keep_environment = PATH
+add_environment = SSLKEYLOGFILE=DIR/spool/sslkeys
 exim_path = EXIM_PATH
 host_lookup_order = bydns
 spool_directory = DIR/spool
@@ -21,14 +22,24 @@ gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts = OPT
 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
 
 # Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
 .ifdef _HAVE_GNUTLS
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
+.else
+tls_require_ciphers = DEFAULT:!kECDHE
 .endif
 
-pipelining_connect_advertise_hosts = *
+pipelining_connect_advertise_hosts = CONTROL
 log_selector = +received_recipients +millisec +pipelining
 queue_only