OpenSSL: Fix client-side tls_verify_cert_hostnames behaviour
[users/heiko/exim.git] / test / confs / 2131
1 # Exim test configuration 2131
2 # SNI
3
4 SERVER =
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = myhost.test.ex
9
10 # ----- Main settings -----
11
12 domainlist local_domains = test.ex : *.test.ex
13
14 acl_smtp_rcpt = acl_log_sni
15 log_selector = +tls_peerdn +tls_sni +received_recipients
16 remote_max_parallel = 1
17
18 tls_advertise_hosts = *
19
20 tls_certificate = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
21             {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
22             {cert1} }
23
24 tls_privatekey = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
25             {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
26             {cert1} }
27
28 # ------ ACL ------
29
30 begin acl
31
32 acl_log_sni:
33   accept
34          logwrite = SNI <$tls_in_sni>
35
36 # ----- Routers -----
37
38 begin routers
39
40 client:
41   driver = accept
42   condition = ${if !eq {SERVER}{server}}
43   transport = send_to_server${if eq{$local_part}{abcd}{2}{1}}
44
45 server:
46   driver = redirect
47   data = :blackhole:
48
49
50 # ----- Transports -----
51
52 begin transports
53
54 send_to_server1:
55   driver = smtp
56   allow_localhost
57   hosts = HOSTIPV4
58   port = PORT_D
59   hosts_try_fastopen =  :
60   tls_sni = fred
61   hosts_require_tls = *
62   tls_verify_certificates = DIR/aux-fixed/cert1
63   tls_verify_cert_hostnames = :
64
65 send_to_server2:
66   driver = smtp
67   allow_localhost
68   hosts = HOSTIPV4
69   port = PORT_D
70   hosts_try_fastopen =  :
71   tls_sni = bill
72   hosts_require_tls = *
73   tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
74   tls_verify_cert_hostnames = :
75
76
77 # ----- Retry -----
78
79
80 begin retry
81
82 * * F,5d,10s
83
84
85 # End