X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/14a806d6c13afdfb2f44dce64e50bffa6cb6869c..645a31d16195bb6b73f0a0d0c04b2251e5b28421:/test/confs/3820 diff --git a/test/confs/3820 b/test/confs/3820 index 023ed751d..7322c4b7e 100644 --- a/test/confs/3820 +++ b/test/confs/3820 @@ -23,20 +23,23 @@ client_r: driver = accept condition = ${if !eq {SERVER}{server}} transport = smtp + errors_to = begin transports smtp: - driver = smtp - hosts = 127.0.0.1 + driver = smtp + hosts = 127.0.0.1 allow_localhost - port = PORT_D + port = PORT_D .ifdef TRUSTED - hosts_require_tls = * + hosts_require_tls = * tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : +.else + hosts_avoid_tls = * .endif - hosts_require_auth = * + hosts_require_auth = * # ----- Authentication ----- @@ -44,14 +47,14 @@ begin authenticators .ifndef TRUSTED sasl1: - driver = gsasl - public_name = ANONYMOUS + driver = gsasl + public_name = ANONYMOUS server_set_id = $auth1 server_condition = true sasl2: - driver = gsasl - public_name = PLAIN + driver = gsasl + public_name = PLAIN server_set_id = $auth1 server_condition = ${if eq {$auth3}{pencil}} @@ -61,33 +64,57 @@ sasl2: .endif sasl3: - driver = gsasl + driver = gsasl .ifdef TRUSTED - public_name = SCRAM-SHA-1-PLUS + public_name = SCRAM-SHA-1-PLUS server_advertise_condition = ${if def:tls_in_cipher} server_channelbinding = true .else - public_name = SCRAM-SHA-1 + public_name = SCRAM-SHA-1 +.endif + + server_scram_salt = ${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}} +.ifdef _HAVE_AUTH_GSASL_SCRAM_S_KEY + server_key = D+CSWLOshSulAsxiupA+qs2/fTE= + server_skey = 6dlGYMOdZcOPutkcNY8U2g7vK9Y= +.endif + server_password = ${if eq {$auth1}{ph10} {pencil}{unset_password}} + server_condition = true + server_set_id = $auth1 + + client_condition = ${if eq {scram_sha_1}{$local_part}} + client_username = ph10 + client_password = pencil +.ifdef _HAVE_AUTH_GSASL_SCRAM_S_KEY + client_spassword = 1d96ee3a529b5a5f9e47c01f229a2cb8a6e15f7d +.endif +.ifdef TRUSTED + client_channelbinding = true .endif - # will need to give library salt, stored-key, server-key, itercount - # - # sigh - # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT. It _might_ take - # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode. +.ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256 +sasl4: + driver = gsasl +.ifdef TRUSTED + public_name = SCRAM-SHA-256-PLUS + server_advertise_condition = ${if def:tls_in_cipher} + server_channelbinding = true +.else + public_name = SCRAM-SHA-256 +.endif - # unclear if the salt is given in binary or base64 to the library server_scram_salt = QSXCR+Q6sek8bf92 server_password = pencil server_condition = true server_set_id = $auth1 - client_condition = ${if eq {scram_sha_1}{$local_part}} + client_condition = ${if eq {scram_sha_256}{$local_part}} client_username = ph10 client_password = pencil .ifdef TRUSTED client_channelbinding = true .endif +.endif # End