X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/37ff4e03734cf28bf78c6df892489f99e50d8356..0c8892dc00bf2223dffe18be12f07d8c4549b913:/test/confs/5450 diff --git a/test/confs/5450 b/test/confs/5450 index e737cf36d..1afa5201c 100644 --- a/test/confs/5450 +++ b/test/confs/5450 @@ -1,9 +1,10 @@ # Exim test configuration 5450 -# TLS client: verify certificate from server - fails +# TLS client: verify certificate from server - name-fails SERVER= exim_path = EXIM_PATH +keep_environment = host_lookup_order = bydns primary_hostname = myhost.test.ex rfc1413_query_timeout = 0s @@ -88,6 +89,12 @@ client_s: retry_use_local_part transport = send_to_server_req_passname +client_t: + driver = accept + local_parts = usert + retry_use_local_part + transport = send_to_server_req_failcarryon + # ----- Transports ----- @@ -131,11 +138,12 @@ send_to_server_crypt: tls_verify_certificates = CA2 tls_try_verify_hosts = * -# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted +# this will fail to verify the cert at HOSTNAME and fallback to unencrypted +# Fail due to lack of correct CA send_to_server_req_fail: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 @@ -144,29 +152,43 @@ send_to_server_req_fail: tls_verify_hosts = * # this will fail to verify the cert name and fallback to unencrypted +# fail because the cert is "server1.example.com" and the test system is something else send_to_server_req_failname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = server1.example.net : server1.example.org + tls_verify_cert_hostnames = * tls_verify_hosts = * # this will pass the cert verify including name check +# our stunt DNS has an A record for server1.example.com -> HOSTIPV4 send_to_server_req_passname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = server1.example.com port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = noway.example.com : server1.example.com + tls_verify_cert_hostnames = * tls_verify_hosts = * +send_to_server_req_failcarryon: + driver = smtp + allow_localhost + hosts = HOSTNAME + port = PORT_D + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = * + tls_try_verify_hosts = * + # End