X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b2ba9267abe2c6d16330497041ab8c289e41bd03..600dc06981df5a906125f8442c36056a117412d4:/test/scripts/2000-GnuTLS/2014

diff --git a/test/scripts/2000-GnuTLS/2014 b/test/scripts/2000-GnuTLS/2014
index 5bd5858db..5fdb361ce 100644
--- a/test/scripts/2000-GnuTLS/2014
+++ b/test/scripts/2000-GnuTLS/2014
@@ -12,6 +12,7 @@ ehlo rhu1.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
@@ -27,6 +28,7 @@ ehlo rhu2.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
@@ -48,9 +50,12 @@ ehlo rhu3.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -67,9 +72,12 @@ ehlo rhu4.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -88,6 +96,7 @@ ehlo rhu5.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
@@ -104,9 +113,12 @@ ehlo rhu6.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -122,8 +134,15 @@ killdaemon
 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.v2.pem -DSERVER=server -bd -oX PORT_D
 ****
 ### Otherwise good but revoked certificate, certificate required
+# The trace for this test appears in the mainlog
+# - but the stdout from the client is a problem: the server sends a TLS ALERT. If the client sees that early enough
+# then it says that + "Failed to start TLS".  But if it's later, it says "Succeeded in starting TLS"
+# and only another command from the client elicits anything from the server (eg "554 Security failure").
+# How can we test this?
+# An option on client to be quiet about tls problems.
+#
 # GnuTLS seems to not mind the lack of CRLs for the nonleaf certs in the chain, unlike under OpenSSL
-client-gnutls HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
+client-gnutls -tls-quiet HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
 ??? 220
 ehlo rhu7.barb
 ??? 250-
@@ -131,11 +150,14 @@ ehlo rhu7.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
-starttls
+STARTTLS
 ??? 220
-mail from:<userx@test.ex>
-??? 554
+NOP
+??? 554 Security failure
+QUIT
+220
 ****
 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
 client-gnutls 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
@@ -146,9 +168,12 @@ ehlo rhu8.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>
@@ -165,9 +190,12 @@ ehlo rhu9.barb
 ??? 250-
 ??? 250-
 ??? 250-
+??? 250-
 ??? 250
 starttls
 ??? 220
+helo test
+??? 250
 mail from:<userx@test.ex>
 ??? 250
 rcpt to:<userx@test.ex>