X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8332bd723731cee805a58ed9f2c29f2472d63836..798a7ffec9e43ff4f0164d75d4cc2fb82208a7bf:/test/stdout/2114 diff --git a/test/stdout/2114 b/test/stdout/2114 index 63c5fc408..c3fa9ce98 100644 --- a/test/stdout/2114 +++ b/test/stdout/2114 @@ -1,3 +1,4 @@ +### No certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -7,6 +8,8 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -16,23 +19,10 @@ Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read server session ticket A -pppp:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:dddd:SSL alert number 40 +pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:[...]:SSL alert number 40 Failed to start TLS End of script +### No certificate, certificate optional at TLS time, required by ACL Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -42,6 +32,8 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -51,23 +43,7 @@ Connecting to 127.0.0.1 port 1225 ... connected ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read finished A -SSL info: SSL negotiation finished successfully -SSL info: SSL negotiation finished successfully -SSL connection using AES256-SHA +SSL connection using ke-RSA-AES256-SHA Succeeded in starting TLS >>> helo rhu.barb ??? 250 @@ -82,9 +58,10 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -93,6 +70,8 @@ Key file = aux-fixed/cert2 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -102,24 +81,7 @@ Key file = aux-fixed/cert2 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read finished A -SSL info: SSL negotiation finished successfully -SSL info: SSL negotiation finished successfully -SSL connection using AES256-SHA +SSL connection using ke-RSA-AES256-SHA Succeeded in starting TLS >>> mail from: ??? 250 @@ -131,9 +93,10 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Good certificate, certificate optional at TLS time, checked by ACL Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -142,6 +105,8 @@ Key file = aux-fixed/cert2 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -151,24 +116,7 @@ Key file = aux-fixed/cert2 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read finished A -SSL info: SSL negotiation finished successfully -SSL info: SSL negotiation finished successfully -SSL connection using AES256-SHA +SSL connection using ke-RSA-AES256-SHA Succeeded in starting TLS >>> mail from: ??? 250 @@ -180,9 +128,10 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Bad certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -191,6 +140,8 @@ Key file = aux-fixed/cert1 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -200,27 +151,13 @@ Key file = aux-fixed/cert1 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read server session ticket A -pppp:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:dddd:SSL alert number 48 +pppp:error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:[...]:SSL alert number 48 Failed to start TLS End of script +### Bad certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -229,6 +166,8 @@ Key file = aux-fixed/cert1 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -238,40 +177,22 @@ Key file = aux-fixed/cert1 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read finished A -SSL info: SSL negotiation finished successfully -SSL info: SSL negotiation finished successfully -SSL connection using AES256-SHA +SSL connection using ke-RSA-AES256-SHA Succeeded in starting TLS >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=/C=UK/L=Cambridge/O=University of ??? 550 -<<< 550 Cambridge/OU=Computing Service/CN=Philip Hazel +<<< 550 certificate not verified: peerdn=/CN=server1.example.net >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script +### Otherwise good but revoked certificate, certificate required Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected -Certificate file = aux-fixed/cert2 -Key file = aux-fixed/cert2 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -280,6 +201,8 @@ Key file = aux-fixed/cert2 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -289,27 +212,13 @@ Key file = aux-fixed/cert2 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read server session ticket A -pppp:error:14094414:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate revoked:s3_pkt.c:dddd:SSL alert number 44 +pppp:error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked:[...]:SSL alert number 44 Failed to start TLS End of script +### Revoked certificate, certificate optional at TLS time, reject at ACL time Connecting to 127.0.0.1 port 1225 ... connected -Certificate file = aux-fixed/cert1 -Key file = aux-fixed/cert1 +Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 >>> ehlo rhu.barb @@ -318,6 +227,8 @@ Key file = aux-fixed/cert1 ??? 250- <<< 250-SIZE 52428800 ??? 250- +<<< 250-8BITMIME +??? 250- <<< 250-PIPELINING ??? 250- <<< 250-STARTTLS @@ -327,34 +238,61 @@ Key file = aux-fixed/cert1 ??? 220 <<< 220 TLS go ahead Attempting to start TLS -SSL info: before/connect initialization -SSL info: before/connect initialization -SSL info: SSLv2/v3 write client hello A -SSL info: SSLv3 read server hello A -SSL info: SSLv3 read server certificate A -SSL info: SSLv3 read server certificate request A -SSL info: SSLv3 read server done A -SSL info: SSLv3 write client certificate A -SSL info: SSLv3 write client key exchange A -SSL info: SSLv3 write certificate verify A -SSL info: SSLv3 write change cipher spec A -SSL info: SSLv3 write finished A -SSL info: SSLv3 flush data -SSL info: SSLv3 read server session ticket A -SSL info: SSLv3 read finished A -SSL info: SSL negotiation finished successfully -SSL info: SSL negotiation finished successfully -SSL connection using AES256-SHA +SSL connection using ke-RSA-AES256-SHA Succeeded in starting TLS >>> mail from: ??? 250 <<< 250 OK >>> rcpt to: -??? 550- -<<< 550-certificate not verified: peerdn=/C=UK/L=Cambridge/O=University of ??? 550 -<<< 550 Cambridge/OU=Computing Service/CN=Philip Hazel +<<< 550 certificate not verified: peerdn=/CN=revoked1.example.com +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +### Good certificate, certificate required - but nonmatching CRL also present +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL connection using ke-RSA-AES256-SHA +Succeeded in starting TLS +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted >>> quit ??? 221 <<< 221 myhost.test.ex closing connection End of script + +******** SERVER ******** +### No certificate, certificate required +### No certificate, certificate optional at TLS time, required by ACL +### Good certificate, certificate required +### Good certificate, certificate optional at TLS time, checked by ACL +### Bad certificate, certificate required +### Bad certificate, certificate optional at TLS time, reject at ACL time +### Otherwise good but revoked certificate, certificate required +### Revoked certificate, certificate optional at TLS time, reject at ACL time +### Good certificate, certificate required - but nonmatching CRL also present