X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/01a4a5c5cbaa40ca618d3e233991ce183b551477..9c487ba56fed466d931374cda2cba1e483a0b847:/test/confs/5840?ds=sidebyside diff --git a/test/confs/5840 b/test/confs/5840 index 5c0f6a51d..407846a8a 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -1,20 +1,19 @@ # Exim test configuration 5840 -# DANE +# DANE/OpenSSL SERVER= -exim_path = EXIM_PATH -host_lookup_order = bydns +.include DIR/aux-var/tls_conf_prefix + primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME # ----- Main settings ----- -acl_smtp_rcpt = accept +.ifndef OPT +acl_smtp_rcpt = accept logwrite = "rcpt ACL" +.else +acl_smtp_rcpt = accept verify = recipient/callout +.endif log_selector = +received_recipients +tls_peerdn +tls_certificate_verified @@ -23,20 +22,28 @@ queue_run_in_order tls_advertise_hosts = * # Set certificate only if server -CDIR1 = DIR/aux-fixed +CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com +.ifdef CERT +tls_certificate = CERT +.else tls_certificate = ${if eq {SERVER}{server} \ - {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/fullchain.pem}\ - {CDIR1/cert1}}}\ + {CDIR1/fullchain.pem}}}\ fail} +.endif +.ifdef ALLOW +tls_privatekey = ALLOW +.else tls_privatekey = ${if eq {SERVER}{server} \ - {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/server1.example.com.unlocked.key}\ - {CDIR1/cert1}}}\ + {CDIR1/server1.example.net.unlocked.key}}}\ fail} +.endif # ----- Routers ----- @@ -48,6 +55,7 @@ client: dnssec_request_domains = * self = send transport = send_to_server + errors_to = "" server: driver = redirect @@ -64,13 +72,10 @@ send_to_server: port = PORT_D hosts_try_dane = * - hosts_require_dane = !thishost.test.ex - hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ - {= {0}{$tls_out_tlsa_usage}} } \ - {*}{}} + hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = CDIR2/ca_chain.pem + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}}