TLS: pre-generate and load server selfsigned cert, when one is to be used
[users/heiko/exim.git] / test / confs / 2001
1 # Exim test configuration 2001
2
3 OPTION=
4 SERVER=
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = myhost.test.ex
9
10 # ----- Main settings -----
11
12 acl_smtp_rcpt = accept
13
14 log_selector =  +tls_peerdn
15
16 queue_only
17 queue_run_in_order
18
19 tls_advertise_hosts = *
20
21 # Set certificate only if server
22
23 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
24 tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
25
26 tls_verify_hosts = *
27 tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
28
29
30 # so we can decode in wireshark
31 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
32
33 # ----- Routers -----
34
35 begin routers
36
37 client:
38   driver = accept
39   condition = ${if eq {SERVER}{server}{no}{yes}}
40   retry_use_local_part
41   transport = send_to_server
42
43
44 # ----- Transports -----
45
46 begin transports
47
48 send_to_server:
49   driver = smtp
50   allow_localhost
51   hosts = 127.0.0.1
52   hosts_try_fastopen =  :
53   OPTION
54   port = PORT_D
55   tls_certificate = DIR/aux-fixed/cert2
56   tls_privatekey = DIR/aux-fixed/cert2
57   tls_verify_certificates = DIR/aux-fixed/cert2
58   tls_try_verify_hosts =
59
60
61 # ----- Retry -----
62
63
64 begin retry
65
66 * * F,5d,10s
67
68
69 # End