A couple more cert1/2 strings updated, plus some disambiguating rhubarb.
}
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", cert_count);
-if (state->tls_crl && *state->tls_crl)
+if (state->tls_crl && *state->tls_crl &&
+ state->exp_tls_crl && *state->exp_tls_crl)
{
- if (state->exp_tls_crl && *state->exp_tls_crl)
+ DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
+ cert_count = gnutls_certificate_set_x509_crl_file(state->x509_cred,
+ CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+ if (cert_count < 0)
{
- DEBUG(D_tls) debug_printf("loading CRL file = %s\n", state->exp_tls_crl);
- rc = gnutls_certificate_set_x509_crl_file(state->x509_cred,
- CS state->exp_tls_crl, GNUTLS_X509_FMT_PEM);
+ rc = cert_count;
exim_gnutls_err_check(US"gnutls_certificate_set_x509_crl_file");
}
+ DEBUG(D_tls) debug_printf("Processed %d CRLs.\n", cert_count);
}
return OK;
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from (rhu1.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received.
+1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
-1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
-1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,L=Cambridge,O=University of Cambridge,OU=Computing Service,CN=Philip Hazel
+1999-03-02 09:44:33 H=(rhu2tls.barb) [127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
+1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
# No certificate, certificate required
client-gnutls HOSTIPV4 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu1.barb
??? 250-
??? 250-
??? 250-
# No certificate, certificate optional at TLS time, required by ACL
client-gnutls 127.0.0.1 PORT_D
??? 220
-ehlo rhu.barb
+ehlo rhu2.barb
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
-helo rhu.barb
+helo rhu2tls.barb
??? 250
mail from:<userx@test.ex>
??? 250
# Good certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu3.barb
??? 250-
??? 250-
??? 250-
# Good certificate, certificate optional at TLS time, checked by ACL
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu4.barb
??? 250-
??? 250-
??? 250-
# Bad certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu5.barb
??? 250-
??? 250-
??? 250-
# Bad certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu6.barb
??? 250-
??? 250-
??? 250-
# Good but revoked certificate, certificate required
client-gnutls HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
-ehlo rhu.barb
+ehlo rhu7.barb
??? 250-
??? 250-
??? 250-
# Revoked certificate, certificate optional at TLS time, reject at ACL time
client-gnutls 127.0.0.1 PORT_D aux-fixed/cert1 aux-fixed/cert1
??? 220
-ehlo rhu.barb
+ehlo rhu8.barb
??? 250-
??? 250-
??? 250-
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu1.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu2.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
->>> helo rhu.barb
+>>> helo rhu2tls.barb
??? 250
-<<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu3.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu4.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu5.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu6.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
Key file = aux-fixed/cert2
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu7.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
+<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
Key file = aux-fixed/cert1
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
->>> ehlo rhu.barb
+>>> ehlo rhu8.barb
??? 250-
-<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550-
-<<< 550-certificate not verified: peerdn=C=UK,L=Cambridge,O=University of
+<<< 550-certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test
??? 550
-<<< 550 Cambridge,OU=Computing Service,CN=Philip Hazel
+<<< 550 Suite,CN=Phil Pennock
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection