Testsuite: avoid cipher vs. cert validity problem
[users/heiko/exim.git] / test / confs / 2131
1 # Exim test configuration 2131
2 # SNI
3
4 SERVER =
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = myhost.test.ex
9
10 # ----- Main settings -----
11
12 domainlist local_domains = test.ex : *.test.ex
13
14 acl_smtp_rcpt = acl_log_sni
15 log_selector = +tls_peerdn +tls_sni +received_recipients
16 remote_max_parallel = 1
17
18 tls_advertise_hosts = *
19
20 # Set certificate only if server
21
22 tls_certificate = ${if eq {SERVER}{server} \
23         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
24             {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
25             {cert1} \
26                         }\
27         }fail}
28
29 tls_privatekey = ${if eq {SERVER}{server} \
30         {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
31             {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
32             {cert1} \
33                         }\
34         }fail}
35
36
37 # ------ ACL ------
38
39 begin acl
40
41 acl_log_sni:
42   accept
43          logwrite = SNI <$tls_in_sni>
44
45 # ----- Routers -----
46
47 begin routers
48
49 client:
50   driver = accept
51   condition = ${if !eq {SERVER}{server}}
52   transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
53
54 server:
55   driver = redirect
56   data = :blackhole:
57
58
59 # ----- Transports -----
60
61 begin transports
62
63 send_to_server1:
64   driver = smtp
65   allow_localhost
66   hosts = HOSTIPV4
67   port = PORT_D
68   hosts_try_fastopen =  :
69   tls_sni = fred
70   hosts_require_tls = *
71   tls_try_verify_hosts = :
72
73 send_to_server2:
74   driver = smtp
75   allow_localhost
76   hosts = HOSTIPV4
77   port = PORT_D
78   hosts_try_fastopen =  :
79   tls_sni = bill
80   hosts_require_tls = *
81   tls_try_verify_hosts = :
82
83
84 # ----- Retry -----
85
86
87 begin retry
88
89 * * F,5d,10s
90
91
92 # End