From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 18 Jul 2021 14:51:16 +0000 (+0100)
Subject: ALPN: feature macro
X-Git-Tag: exim-4.95-RC1~10
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/d083e3f2af9baf1910a69c1cc4a06a26be99d40c

ALPN: feature macro
---

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2687f6048..fef3dfce6 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -29953,7 +29953,8 @@ depends on the behavious of the peer
 (not all peers can send a feature-specific TLS Alert).
 
 This feature is available when Exim is built with
-OpenSSL 1.1.0 or later or GnuTLS 3.2.0 or later.
+OpenSSL 1.1.0 or later or GnuTLS 3.2.0 or later;
+the macro _HAVE_TLS_ALPN will be defined when this is so.
 .wen
 
 
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index f63a8375b..b9f8d2a51 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -154,6 +154,9 @@ builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
 #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
 builtin_macro_create(US"_HAVE_TLS_CA_CACHE");
 # endif
+# ifdef EXIM_HAVE_ALPN
+builtin_macro_create(US"_HAVE_TLS_ALPN");
+# endif
 }
 #else
 
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index d9ec82dc2..5bf6a6002 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -307,6 +307,9 @@ builtin_macro_create(US"_TLS_BAD_MULTICERT_IN_OURCERT");
 builtin_macro_create(US"_HAVE_TLS_OCSP");
 builtin_macro_create(US"_HAVE_TLS_OCSP_LIST");
 # endif
+# ifdef EXIM_HAVE_ALPN
+builtin_macro_create(US"_HAVE_TLS_ALPN");
+# endif
 }
 #else
 
diff --git a/test/confs/1115 b/test/confs/1115
deleted file mode 100644
index c1d571821..000000000
--- a/test/confs/1115
+++ /dev/null
@@ -1,73 +0,0 @@
-# Exim test configuration 1115
-# ALPN
-
-SERVER =
-CONTROL =
-
-.include DIR/aux-var/tls_conf_prefix
-
-primary_hostname = myhost.test.ex
-
-# ----- Main settings -----
-
-domainlist local_domains = test.ex : *.test.ex
-
-acl_smtp_rcpt = accept
-
-tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
-
-.ifdef STRICT
-tls_alpn = STRICT
-.endif
-.ifdef REQUIRE
-hosts_require_alpn = *
-.endif
-
-
-# ------ ACL ------
-
-begin acl
-
-# ----- Routers -----
-
-begin routers
-
-client:
-  driver = accept
-  condition = ${if eq {SERVER}{server} {no}{yes}}
-  transport = send_to_server
-
-server:
-  driver = redirect
-  data = :blackhole:
-
-
-# ----- Transports -----
-
-begin transports
-
-send_to_server:
-  driver =	smtp
-  allow_localhost
-  hosts =	HOSTIPV4
-  port =	PORT_D
-  tls_verify_certificates = DIR/aux-fixed/cert1
-  tls_verify_cert_hostnames = :
-
-  hosts_require_tls = *
-  hosts_try_fastopen =	:
-  tls_alpn =	CONTROL
-.ifdef REQUIRE
-  hosts_require_alpn = *
-.endif
-
-# ----- Retry -----
-
-
-begin retry
-
-* * F,5d,10s
-
-
-# End
diff --git a/test/confs/1190 b/test/confs/1190
new file mode 100644
index 000000000..c65bf5b0c
--- /dev/null
+++ b/test/confs/1190
@@ -0,0 +1,73 @@
+# Exim test configuration 1190
+# ALPN
+
+SERVER =
+CONTROL =
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = accept
+
+tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef STRICT
+tls_alpn = STRICT
+.endif
+.ifdef REQUIRE
+hosts_require_alpn = *
+.endif
+
+
+# ------ ACL ------
+
+begin acl
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver = accept
+  condition = ${if eq {SERVER}{server} {no}{yes}}
+  transport = send_to_server
+
+server:
+  driver = redirect
+  data = :blackhole:
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server:
+  driver =	smtp
+  allow_localhost
+  hosts =	HOSTIPV4
+  port =	PORT_D
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
+
+  hosts_require_tls = *
+  hosts_try_fastopen =	:
+  tls_alpn =	CONTROL
+.ifdef REQUIRE
+  hosts_require_alpn = *
+.endif
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,10s
+
+
+# End
diff --git a/test/confs/2038 b/test/confs/2038
deleted file mode 120000
index 03a524df8..000000000
--- a/test/confs/2038
+++ /dev/null
@@ -1 +0,0 @@
-1115
\ No newline at end of file
diff --git a/test/confs/2090 b/test/confs/2090
new file mode 120000
index 000000000..e55dbc5cd
--- /dev/null
+++ b/test/confs/2090
@@ -0,0 +1 @@
+1190
\ No newline at end of file
diff --git a/test/confs/2138 b/test/confs/2138
deleted file mode 120000
index 03a524df8..000000000
--- a/test/confs/2138
+++ /dev/null
@@ -1 +0,0 @@
-1115
\ No newline at end of file
diff --git a/test/confs/2190 b/test/confs/2190
new file mode 120000
index 000000000..e55dbc5cd
--- /dev/null
+++ b/test/confs/2190
@@ -0,0 +1 @@
+1190
\ No newline at end of file
diff --git a/test/log/1115 b/test/log/1115
deleted file mode 100644
index af3f1df34..000000000
--- a/test/log/1115
+++ /dev/null
@@ -1,45 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 == b@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbA-0005vi-00 == c@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbA-0005vi-00 removed by CALLER
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
-1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 => e@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
-1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 => f@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
-1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbH-0005vi-00 => g@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00"
-1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <d@test.ex> R=server
-1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <e@test.ex> R=server
-1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbG-0005vi-00 => :blackhole: <f@test.ex> R=server
-1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: <g@test.ex> R=server
-1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
diff --git a/test/log/1190 b/test/log/1190
new file mode 100644
index 000000000..af3f1df34
--- /dev/null
+++ b/test/log/1190
@@ -0,0 +1,45 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == b@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 == c@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmbA-0005vi-00 removed by CALLER
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbD-0005vi-00 => e@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbF-0005vi-00 => f@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbH-0005vi-00 => g@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00"
+1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <d@test.ex> R=server
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <e@test.ex> R=server
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbG-0005vi-00 => :blackhole: <f@test.ex> R=server
+1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: <g@test.ex> R=server
+1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
diff --git a/test/log/2038 b/test/log/2038
deleted file mode 100644
index a93f4d3ed..000000000
--- a/test/log/2038
+++ /dev/null
@@ -1,26 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => client_require@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 == client_require_fail@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (handshake): ALPN required but not negotiated
-1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbA-0005vi-00 => server_require_good@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbC-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (recv): A TLS fatal alert has been received: No supported application protocol could be negotiated
-1999-03-02 09:44:33 10HmbC-0005vi-00 == server_require_bad@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: error on first read
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <client_require@test.ex> R=server
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: No supported application protocol could be negotiated
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <server_require_good@test.ex> R=server
-1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (handshake): ALPN required but not negotiated
diff --git a/test/log/2090 b/test/log/2090
new file mode 100644
index 000000000..a93f4d3ed
--- /dev/null
+++ b/test/log/2090
@@ -0,0 +1,26 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => client_require@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == client_require_fail@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (handshake): ALPN required but not negotiated
+1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 => server_require_good@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (recv): A TLS fatal alert has been received: No supported application protocol could be negotiated
+1999-03-02 09:44:33 10HmbC-0005vi-00 == server_require_bad@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: error on first read
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <client_require@test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: No supported application protocol could be negotiated
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <server_require_good@test.ex> R=server
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (handshake): ALPN required but not negotiated
diff --git a/test/log/2138 b/test/log/2138
deleted file mode 100644
index bbc80a45a..000000000
--- a/test/log/2138
+++ /dev/null
@@ -1,25 +0,0 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => client_require@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 == client_require_fail@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (handshake): ALPN required but not negotiated
-1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbA-0005vi-00 => server_require_good@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbC-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: Remote host closed connection in response to EHLO myhost.test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 == server_require_bad@test.ex R=client T=send_to_server defer (-18) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: Remote host closed connection in response to EHLO myhost.test.ex
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <client_require@test.ex> R=server
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <server_require_good@test.ex> R=server
-1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (handshake): ALPN required but not negotiated
diff --git a/test/log/2190 b/test/log/2190
new file mode 100644
index 000000000..bbc80a45a
--- /dev/null
+++ b/test/log/2190
@@ -0,0 +1,25 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => client_require@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == client_require_fail@test.ex R=client T=send_to_server defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (handshake): ALPN required but not negotiated
+1999-03-02 09:44:33 10HmaZ-0005vi-00 removed by CALLER
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 => server_require_good@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: Remote host closed connection in response to EHLO myhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 == server_require_bad@test.ex R=client T=send_to_server defer (-18) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: Remote host closed connection in response to EHLO myhost.test.ex
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <client_require@test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <server_require_good@test.ex> R=server
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (handshake): ALPN required but not negotiated
diff --git a/test/scripts/1100-Basic-TLS/1115 b/test/scripts/1100-Basic-TLS/1115
deleted file mode 100644
index d74caca52..000000000
--- a/test/scripts/1100-Basic-TLS/1115
+++ /dev/null
@@ -1,50 +0,0 @@
-# TLS: ALPN
-gnutls
-exim -DSERVER=server -bd -oX PORT_D
-****
-#
-# Basic: is good ALPN set on tpt acceptable to server
-exim -DCONTROL=smtp -odf a@test.ex
-Test message.
-****
-#
-# Bad ALPN rejected
-exim -DCONTROL=http -odf b@test.ex
-****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
-#
-# Multiple ALPN rejected
-exim -DCONTROL=smtp:smtp -odf c@test.ex
-****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
-#
-# Empty client option is ok
-exim -DCONTROL="" -odf d@test.ex
-****
-# Content-free client option is ok
-exim -DCONTROL=" " -odf e@test.ex
-****
-killdaemon
-#
-# Server can be told to ignore (bad) ALPN from client
-exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
-****
-exim -DCONTROL=http -odf f@test.ex
-****
-killdaemon
-#
-# Server can be told custom names list
-exim -DSERVER=server -DSTRICT='${if eq {$sender_host_address}{HOSTIPV4} {smtp:weird} {smtp}}' -bd -oX PORT_D
-****
-exim -DCONTROL=weird -odf g@test.ex
-****
-killdaemon
-#
-#
-no_msglog_check
-no_stdout_check
-millisleep 500
diff --git a/test/scripts/1190-TLS-ALPN/1190 b/test/scripts/1190-TLS-ALPN/1190
new file mode 100644
index 000000000..d74caca52
--- /dev/null
+++ b/test/scripts/1190-TLS-ALPN/1190
@@ -0,0 +1,50 @@
+# TLS: ALPN
+gnutls
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# Basic: is good ALPN set on tpt acceptable to server
+exim -DCONTROL=smtp -odf a@test.ex
+Test message.
+****
+#
+# Bad ALPN rejected
+exim -DCONTROL=http -odf b@test.ex
+****
+exim -Mrm $msg1
+****
+sudo rm -f DIR/spool/db/retry
+#
+# Multiple ALPN rejected
+exim -DCONTROL=smtp:smtp -odf c@test.ex
+****
+exim -Mrm $msg1
+****
+sudo rm -f DIR/spool/db/retry
+#
+# Empty client option is ok
+exim -DCONTROL="" -odf d@test.ex
+****
+# Content-free client option is ok
+exim -DCONTROL=" " -odf e@test.ex
+****
+killdaemon
+#
+# Server can be told to ignore (bad) ALPN from client
+exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
+****
+exim -DCONTROL=http -odf f@test.ex
+****
+killdaemon
+#
+# Server can be told custom names list
+exim -DSERVER=server -DSTRICT='${if eq {$sender_host_address}{HOSTIPV4} {smtp:weird} {smtp}}' -bd -oX PORT_D
+****
+exim -DCONTROL=weird -odf g@test.ex
+****
+killdaemon
+#
+#
+no_msglog_check
+no_stdout_check
+millisleep 500
diff --git a/test/scripts/1190-TLS-ALPN/REQUIRES b/test/scripts/1190-TLS-ALPN/REQUIRES
new file mode 100644
index 000000000..44d5cc0cb
--- /dev/null
+++ b/test/scripts/1190-TLS-ALPN/REQUIRES
@@ -0,0 +1 @@
+feature _HAVE_TLS_ALPN
diff --git a/test/scripts/2000-GnuTLS/2038 b/test/scripts/2000-GnuTLS/2038
deleted file mode 100644
index 227af8475..000000000
--- a/test/scripts/2000-GnuTLS/2038
+++ /dev/null
@@ -1,36 +0,0 @@
-# TLS: ALPN: mandatory
-# Separated from the OpenSSL equivalent as we deliberately send a Fatal Alert, and that gets logged by the receiver
-# OpenSSL does not provides the facility.
-gnutls
-exim -DSERVER=server -bd -oX PORT_D
-****
-# Client requires ALPN (success)
-exim -DCONTROL=smtp -DREQUIRE=y -odf client_require@test.ex
-****
-killdaemon
-#
-# Server can be told to ignore (bad) ALPN from client
-exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
-****
-# Client requires ALPN (fail)
-exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
-****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
-killdaemon
-#
-#
-# Server can be told ALPN mandatory
-exim -DSERVER=server -DREQUIRE=y -bd -oX PORT_D
-****
-# Client supplies ALPN, good
-exim -DCONTROL=smtp -odf server_require_good@test.ex
-****
-# Client does not supply ALPN, fails
-exim -odf server_require_bad@test.ex
-****
-killdaemon
-#
-no_msglog_check
-no_stdout_check
diff --git a/test/scripts/2090-GnuTLS-ALPN/2090 b/test/scripts/2090-GnuTLS-ALPN/2090
new file mode 100644
index 000000000..227af8475
--- /dev/null
+++ b/test/scripts/2090-GnuTLS-ALPN/2090
@@ -0,0 +1,36 @@
+# TLS: ALPN: mandatory
+# Separated from the OpenSSL equivalent as we deliberately send a Fatal Alert, and that gets logged by the receiver
+# OpenSSL does not provides the facility.
+gnutls
+exim -DSERVER=server -bd -oX PORT_D
+****
+# Client requires ALPN (success)
+exim -DCONTROL=smtp -DREQUIRE=y -odf client_require@test.ex
+****
+killdaemon
+#
+# Server can be told to ignore (bad) ALPN from client
+exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
+****
+# Client requires ALPN (fail)
+exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
+****
+exim -Mrm $msg1
+****
+sudo rm -f DIR/spool/db/retry
+killdaemon
+#
+#
+# Server can be told ALPN mandatory
+exim -DSERVER=server -DREQUIRE=y -bd -oX PORT_D
+****
+# Client supplies ALPN, good
+exim -DCONTROL=smtp -odf server_require_good@test.ex
+****
+# Client does not supply ALPN, fails
+exim -odf server_require_bad@test.ex
+****
+killdaemon
+#
+no_msglog_check
+no_stdout_check
diff --git a/test/scripts/2090-GnuTLS-ALPN/REQUIRES b/test/scripts/2090-GnuTLS-ALPN/REQUIRES
new file mode 100644
index 000000000..878f1a3c0
--- /dev/null
+++ b/test/scripts/2090-GnuTLS-ALPN/REQUIRES
@@ -0,0 +1,3 @@
+support GnuTLS
+running IPv4
+feature _HAVE_TLS_ALPN
diff --git a/test/scripts/2100-OpenSSL/2138 b/test/scripts/2100-OpenSSL/2138
deleted file mode 100644
index 7dadb3051..000000000
--- a/test/scripts/2100-OpenSSL/2138
+++ /dev/null
@@ -1,35 +0,0 @@
-# TLS: ALPN: mandatory
-#
-# Plain server
-exim -DSERVER=server -bd -oX PORT_D
-****
-# Client requires ALPN (success)
-exim -DCONTROL=smtp -DREQUIRE=y -odf client_require@test.ex
-****
-killdaemon
-#
-# Server can be told to ignore (bad) ALPN from client
-exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
-****
-# Client requires ALPN (fail)
-exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
-****
-exim -Mrm $msg1
-****
-sudo rm -f DIR/spool/db/retry
-killdaemon
-#
-#
-# Server can be told ALPN mandatory
-exim -DSERVER=server -DREQUIRE=y -bd -oX PORT_D
-****
-# Client supplies ALPN, good
-exim -DCONTROL=smtp -odf server_require_good@test.ex
-****
-# Client does not supply ALPN, fails
-exim -odf server_require_bad@test.ex
-****
-killdaemon
-#
-no_msglog_check
-no_stdout_check
diff --git a/test/scripts/2190-OpenSSL-ALPN/2190 b/test/scripts/2190-OpenSSL-ALPN/2190
new file mode 100644
index 000000000..7dadb3051
--- /dev/null
+++ b/test/scripts/2190-OpenSSL-ALPN/2190
@@ -0,0 +1,35 @@
+# TLS: ALPN: mandatory
+#
+# Plain server
+exim -DSERVER=server -bd -oX PORT_D
+****
+# Client requires ALPN (success)
+exim -DCONTROL=smtp -DREQUIRE=y -odf client_require@test.ex
+****
+killdaemon
+#
+# Server can be told to ignore (bad) ALPN from client
+exim -DSERVER=server -DSTRICT="" -bd -oX PORT_D
+****
+# Client requires ALPN (fail)
+exim -DCONTROL=http -DREQUIRE=y -odf client_require_fail@test.ex
+****
+exim -Mrm $msg1
+****
+sudo rm -f DIR/spool/db/retry
+killdaemon
+#
+#
+# Server can be told ALPN mandatory
+exim -DSERVER=server -DREQUIRE=y -bd -oX PORT_D
+****
+# Client supplies ALPN, good
+exim -DCONTROL=smtp -odf server_require_good@test.ex
+****
+# Client does not supply ALPN, fails
+exim -odf server_require_bad@test.ex
+****
+killdaemon
+#
+no_msglog_check
+no_stdout_check
diff --git a/test/scripts/2190-OpenSSL-ALPN/REQUIRES b/test/scripts/2190-OpenSSL-ALPN/REQUIRES
new file mode 100644
index 000000000..d97fd9744
--- /dev/null
+++ b/test/scripts/2190-OpenSSL-ALPN/REQUIRES
@@ -0,0 +1,3 @@
+support OpenSSL
+running IPv4
+feature _HAVE_TLS_ALPN