??? 250
starttls
??? 220
+nop
+????554
****
### No certificate, certificate optional at TLS time, required by ACL
client-gnutls 127.0.0.1 PORT_D
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
starttls
??? 220
+nop
+????554
****
### Bad certificate, certificate optional at TLS time, reject at ACL time
# (situation as above)
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
??? 250
starttls
??? 220
+helo test
+??? 554
****
### Revoked certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>
### Good certificate, certificate required - but nonmatching CRL also present
client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
-ehlo rhu.barb
+ehlo rhu9.barb
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
+helo test
+??? 250
mail from:<userx@test.ex>
??? 250
rcpt to:<userx@test.ex>