X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/74954688e4f61475b2451b2cb22045ab8e7f0150..31f5ec432e49826b039e3b527e9c65d4dfa18b60:/test/confs/5450 diff --git a/test/confs/5450 b/test/confs/5450 index e737cf36d..145bdc84e 100644 --- a/test/confs/5450 +++ b/test/confs/5450 @@ -1,12 +1,11 @@ # Exim test configuration 5450 -# TLS client: verify certificate from server - fails +# TLS client: verify certificate from server - name-fails SERVER= exim_path = EXIM_PATH host_lookup_order = bydns primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s spool_directory = DIR/spool log_file_path = DIR/spool/log/SERVER%slog gecos_pattern = "" @@ -88,6 +87,12 @@ client_s: retry_use_local_part transport = send_to_server_req_passname +client_t: + driver = accept + local_parts = usert + retry_use_local_part + transport = send_to_server_req_failcarryon + # ----- Transports ----- @@ -131,11 +136,12 @@ send_to_server_crypt: tls_verify_certificates = CA2 tls_try_verify_hosts = * -# this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted +# this will fail to verify the cert at HOSTNAME and fallback to unencrypted +# Fail due to lack of correct CA send_to_server_req_fail: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 @@ -144,29 +150,43 @@ send_to_server_req_fail: tls_verify_hosts = * # this will fail to verify the cert name and fallback to unencrypted +# fail because the cert is "server1.example.com" and the test system is something else send_to_server_req_failname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = HOSTNAME port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = server1.example.net : server1.example.org + tls_verify_cert_hostnames = * tls_verify_hosts = * # this will pass the cert verify including name check +# our stunt DNS has an A record for server1.example.com -> HOSTIPV4 send_to_server_req_passname: driver = smtp allow_localhost - hosts = HOSTIPV4 + hosts = server1.example.com port = PORT_D tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA1 - tls_verify_cert_hostnames = noway.example.com : server1.example.com + tls_verify_cert_hostnames = * tls_verify_hosts = * +send_to_server_req_failcarryon: + driver = smtp + allow_localhost + hosts = HOSTNAME + port = PORT_D + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = * + tls_try_verify_hosts = * + # End