X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5b4569757c6dc749c250f065705f65c938bffb2e..b5a5e017b07491403c7ae3a4305ecf22b0826aa5:/test/stdout/2014 diff --git a/test/stdout/2014 b/test/stdout/2014 index 0c14ca635..94b9bdee8 100644 --- a/test/stdout/2014 +++ b/test/stdout/2014 @@ -1,12 +1,15 @@ +### No certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu1.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -18,17 +21,23 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS +gnutls_record_recv: A TLS fatal alert has been received. Failed to start TLS +>>> nop +????554 End of script +### No certificate, certificate optional at TLS time, required by ACL Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu2.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -41,9 +50,9 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS ->>> helo rhu.barb +>>> helo rhu2tls.barb ??? 250 -<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK @@ -54,17 +63,20 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu3.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -77,6 +89,9 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] >>> mail from: ??? 250 <<< 250 OK @@ -87,17 +102,20 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate optional at TLS time, checked by ACL Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu4.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -110,6 +128,9 @@ Key file = aux-fixed/cert2 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK @@ -120,17 +141,20 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Bad certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu5.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -142,19 +166,25 @@ Key file = aux-fixed/cert1 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -Succeeded in starting TLS +gnutls_record_recv: A TLS fatal alert has been received. +Failed to start TLS +>>> nop +????554 End of script +### Bad certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu6.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -167,29 +197,33 @@ Key file = aux-fixed/cert1 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 certificate not verified: peerdn= >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Otherwise good but revoked certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu7.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -197,23 +231,30 @@ Key file = aux-fixed/cert2 <<< 250-STARTTLS ??? 250 <<< 250 HELP ->>> starttls +>>> STARTTLS ??? 220 <<< 220 TLS go ahead Attempting to start TLS -Succeeded in starting TLS +>>> NOP +??? 554 Security failure +<<< 554 Security failure +>>> QUIT +>>> 220 End of script +### Revoked certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 ->>> ehlo rhu.barb +>>> ehlo rhu8.barb ??? 250- -<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1] ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- <<< 250-8BITMIME ??? 250- <<< 250-PIPELINING @@ -226,15 +267,66 @@ Key file = aux-fixed/cert1 <<< 220 TLS go ahead Attempting to start TLS Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [127.0.0.1] >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of ??? 550 -<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel +<<< 550 certificate not verified: peerdn=CN=revoked1.example.com +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate required - but nonmatching CRL also present +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu9.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu9.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +Succeeded in starting TLS +>>> helo test +??? 250 +<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4] +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script + +******** SERVER ******** +### No certificate, certificate required +### No certificate, certificate optional at TLS time, required by ACL +### Good certificate, certificate required +### Good certificate, certificate optional at TLS time, checked by ACL +### Bad certificate, certificate required +### Bad certificate, certificate optional at TLS time, reject at ACL time +### Otherwise good but revoked certificate, certificate required +### Revoked certificate, certificate optional at TLS time, reject at ACL time +### Good certificate, certificate required - but nonmatching CRL also present