X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/54c5ebb14ead7439af300e9d7d9d7d2ba29ff32e..a7ea53c5ccf6c81c4716f17428646d0f55f1bed3:/test/stdout/2014?ds=inline diff --git a/test/stdout/2014 b/test/stdout/2014 index 40f342961..94b9bdee8 100644 --- a/test/stdout/2014 +++ b/test/stdout/2014 @@ -1,12 +1,17 @@ +### No certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu1.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -16,17 +21,25 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS +gnutls_record_recv: A TLS fatal alert has been received. Failed to start TLS +>>> nop +????554 End of script +### No certificate, certificate optional at TLS time, required by ACL Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu2.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -37,9 +50,9 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS ->>> helo rhu.barb +>>> helo rhu2tls.barb ??? 250 -<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK @@ -50,17 +63,22 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu3.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -71,6 +89,9 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] >>> mail from: ??? 250 <<< 250 OK @@ -81,17 +102,22 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate optional at TLS time, checked by ACL Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu4.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -102,6 +128,9 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK @@ -112,17 +141,22 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Bad certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu5.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -132,19 +166,27 @@ Key file = aux-fixed/cert1 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -Succeeded in starting TLS +gnutls_record_recv: A TLS fatal alert has been received. +Failed to start TLS +>>> nop +????554 End of script +### Bad certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu6.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -155,51 +197,66 @@ Key file = aux-fixed/cert1 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 certificate not verified: peerdn= >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Otherwise good but revoked certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu7.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS ??? 250 <<< 250 HELP ->>> starttls +>>> STARTTLS ??? 220 <<< 220 TLS go ahead Attempting to start TLS -Succeeded in starting TLS +>>> NOP +??? 554 Security failure +<<< 554 Security failure +>>> QUIT +>>> 220 End of script +### Revoked certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu8.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -210,15 +267,66 @@ Key file = aux-fixed/cert1 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 certificate not verified: peerdn=CN=revoked1.example.com +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate required - but nonmatching CRL also present +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu9.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu9.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script + +******** SERVER ******** +### No certificate, certificate required +### No certificate, certificate optional at TLS time, required by ACL +### Good certificate, certificate required +### Good certificate, certificate optional at TLS time, checked by ACL +### Bad certificate, certificate required +### Bad certificate, certificate optional at TLS time, reject at ACL time +### Otherwise good but revoked certificate, certificate required +### Revoked certificate, certificate optional at TLS time, reject at ACL time +### Good certificate, certificate required - but nonmatching CRL also present