X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1d717e1c110562fd6bf28478c79f180cafeba776..7fa5764c203f2f4a900898a79ed02d674075313f:/test/confs/2012?ds=sidebyside diff --git a/test/confs/2012 b/test/confs/2012 index f59b91a0c..8de185b64 100644 --- a/test/confs/2012 +++ b/test/confs/2012 @@ -33,9 +33,6 @@ tls_advertise_hosts = * tls_certificate = ${if eq {SERVER}{server}{CERT1}fail} tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail} -tls_verify_hosts = * -tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail} - # ----- Routers ----- @@ -83,6 +80,18 @@ client_s: retry_use_local_part transport = send_to_server_req_passname +client_t: + driver = accept + local_parts = usert + retry_use_local_part + transport = send_to_server_req_failchain + +client_u: + driver = accept + local_parts = useru + retry_use_local_part + transport = send_to_server_req_passchain + # ----- Transports ----- @@ -96,8 +105,6 @@ send_to_server_failcert: port = PORT_D hosts_try_fastopen = : hosts_require_tls = HOSTIPV4 - tls_certificate = CERT2 - tls_privatekey = CERT2 tls_verify_certificates = CA2 tls_try_verify_hosts = @@ -111,8 +118,6 @@ send_to_server_retry: port = PORT_D hosts_try_fastopen = : hosts_require_tls = HOSTIPV4 - tls_certificate = CERT2 - tls_privatekey = CERT2 tls_verify_certificates = \ ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}} @@ -127,8 +132,6 @@ send_to_server_crypt: port = PORT_D hosts_try_fastopen = : hosts_require_tls = HOSTIPV4 - tls_certificate = CERT2 - tls_privatekey = CERT2 tls_verify_certificates = CA2 tls_try_verify_hosts = * @@ -141,8 +144,6 @@ send_to_server_req_fail: hosts = HOSTIPV4 port = PORT_D hosts_try_fastopen = : - tls_certificate = CERT2 - tls_privatekey = CERT2 tls_verify_certificates = CA2 tls_verify_hosts = * @@ -150,30 +151,50 @@ send_to_server_req_fail: # this will fail to verify the cert name and fallback to unencrypted send_to_server_req_failname: - driver = smtp + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D - hosts_try_fastopen = : - tls_certificate = CERT2 - tls_privatekey = CERT2 + hosts = serverbadname.example.com + port = PORT_D + hosts_try_fastopen = : - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = server1.example.net : server1.example.org - tls_verify_hosts = * + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * # this will pass the cert verify including name check send_to_server_req_passname: - driver = smtp + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D - hosts_try_fastopen = : - tls_certificate = CERT2 - tls_privatekey = CERT2 + hosts = server1.example.com + port = PORT_D + hosts_try_fastopen = : + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * + + # this will fail the cert verify name check, because CNAME rules + send_to_server_req_failchain: + driver = smtp + allow_localhost + hosts = serverchain1.example.com + port = PORT_D + hosts_try_fastopen = : + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * + + # this will pass the cert verify name check, because CNAME rules + send_to_server_req_passchain: + driver = smtp + allow_localhost + hosts = alternatename.server1.example.com + port = PORT_D + hosts_try_fastopen = : - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = noway.example.com : server1.example.com - tls_verify_hosts = * + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * # End