-# Exim test configuration 1102
+# Exim test configuration 1102 & 5680
.include DIR/aux-var/tls_conf_prefix
tls_certificate = DIR/tmp/certs/servercert
tls_privatekey = DIR/tmp/certs/serverkey
+.ifdef OPT
tls_ocsp_file = DIR/tmp/certs/ocsp_proof
+.endif
#tls_verify_certificates = DIR/aux-fixed/cert2
tls_verify_certificates = system,cache
--- /dev/null
+1102
\ No newline at end of file
--- /dev/null
+
+******** SERVER ********
+2017-07-30 18:51:05.712 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
+2017-07-30 18:51:05.712 server cert: CN=server1.example.com
+2017-07-30 18:51:05.712 server cert: CN=server1.example.net
# TLS server: creds caching
#
-#
mkdir -p DIR/tmp/certs
cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert
cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey
-cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof
#
#exim -d-all+tls+receive+timestamp -DSERVER=server -bd -oX PORT_D
exim -DSERVER=server -bd -oX PORT_D
****
-client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D
+client-anytls 127.0.0.1 PORT_D
??? 220
EHLO rhu.barb
????250
****
sleep 1
# Now overwrite the cert
-# XXX using server2.com fails here, on the ocsp verify. Why?
cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert
cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey
-cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof
# The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message
sleep 7
-client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D
+client-anytls 127.0.0.1 PORT_D
??? 220
EHLO rhu.barb
????250
--- /dev/null
+# TLS server: creds caching, OCSP
+#
+#
+mkdir -p DIR/tmp/certs
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp DIR/tmp/certs/ocsp_proof
+#
+#exim -d-all+tls+receive+timestamp -DSERVER=server -DOPT=ocsp -bd -oX PORT_D
+exim -DSERVER=server -DOPT=ocsp -bd -oX PORT_D
+****
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem 127.0.0.1 PORT_D
+??? 220
+EHLO rhu.barb
+????250
+STARTTLS
+??? 220
+EHLO rhu.barb
+????250
+MAIL FROM:<>
+RCPT TO:test@example.com
+??? 250
+??? 250
+QUIT
+??? 221
+****
+sleep 1
+# Now overwrite the cert
+# XXX using server2.com fails here, on the ocsp verify. Why?
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem DIR/tmp/certs/servercert
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key DIR/tmp/certs/serverkey
+cp DIR/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp DIR/tmp/certs/ocsp_proof
+# The watch mech waits 5 sec after the last trigger, so give that time to expire then send another message
+sleep 7
+client-anytls -ocsp DIR/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem 127.0.0.1 PORT_D
+??? 220
+EHLO rhu.barb
+????250
+STARTTLS
+??? 220
+EHLO rhu.barb
+????250
+MAIL FROM:<>
+RCPT TO:test@example.com
+??? 250
+??? 250
+QUIT
+??? 221
+****
+#
+killdaemon
+#
+sudo rm -fr DIR/tmp
+no_msglog_check
--- /dev/null
+feature _HAVE_TLS
+support OCSP
+running IPv4
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-OCSP status response: good signature
-Succeeded in starting TLS (with OCSP)
+Succeeded in starting TLS
>>> EHLO rhu.barb
????250
>>> MAIL FROM:<>
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-OCSP status response: good signature
-Succeeded in starting TLS (with OCSP)
+Succeeded in starting TLS
>>> EHLO rhu.barb
????250
>>> MAIL FROM:<>
--- /dev/null
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO rhu.barb
+????250
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+OCSP status response: good signature
+Succeeded in starting TLS (with OCSP)
+>>> EHLO rhu.barb
+????250
+>>> MAIL FROM:<>
+>>> RCPT TO:test@example.com
+??? 250
+<<< 250 OK
+??? 250
+<<< 250 Accepted
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO rhu.barb
+????250
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+OCSP status response: good signature
+Succeeded in starting TLS (with OCSP)
+>>> EHLO rhu.barb
+????250
+>>> MAIL FROM:<>
+>>> RCPT TO:test@example.com
+??? 250
+<<< 250 OK
+??? 250
+<<< 250 Accepted
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script