SECURITY: a second negative store guard
[exim.git] / test / confs / 5890
index a836802afe526fadfa9c4df8d38a52b75c9dea8b..0c812fd89769535ec7ff1235b09997404f73299b 100644 (file)
@@ -19,7 +19,10 @@ tls_advertise_hosts = *
 
 # Set certificate only if server
 
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+CDIR=DIR/aux-fixed/exim-ca/example.com
+
+tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
+tls_privatekey =  CDIR/server1.example.com/server1.example.com.unlocked.key
 
 tls_require_ciphers = OPTION
 tls_resumption_hosts = 127.0.0.1
@@ -36,7 +39,6 @@ check_helo:
          logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
          logwrite =    peer cert verified\t${tls_in_certificate_verified}
          logwrite =    peer dn\t${tls_in_peerdn}
-         logwrite =    ocsp\t${tls_in_ocsp}
          logwrite =    cipher\t${tls_in_cipher}
          logwrite =    bits\t${tls_in_bits}
   accept
@@ -53,7 +55,6 @@ log_resumption:
          logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
          logwrite =    peer cert verified\t${tls_out_certificate_verified}
          logwrite =    peer dn\t${tls_out_peerdn}
-         logwrite =    ocsp\t${tls_out_ocsp}
          logwrite =    cipher\t${tls_out_cipher}
          logwrite =    bits\t${tls_out_bits}
 
@@ -86,7 +87,7 @@ send_to_server1:
 .else
   tls_resumption_hosts =       :
 .endif
-  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_certificates =    CDIR/CA/CA.pem
   tls_verify_cert_hostnames =  ${if match {$local_part}{^noverify} {*}{:}}
   tls_try_verify_hosts =       *
   event_action =               ${acl {log_resumption}}
@@ -96,9 +97,10 @@ send_to_server2:
   allow_localhost
   hosts = HOSTIPV4
   port = PORT_D
-  tls_verify_certificates = DIR/aux-fixed/cert1
-  tls_verify_cert_hostnames = :
-  event_action =       ${acl {log_resumption}}
+  hosts_try_fastopen = :
+  tls_verify_certificates =    CDIR/CA/CA.pem
+  tls_verify_cert_hostnames =  :
+  event_action =               ${acl {log_resumption}}
 
 
 # ----- Retry -----