Testsuite: better non-TFO-system debug handling
[users/heiko/exim.git] / test / confs / 5880
1 # Exim test configuration 5880
2 # DANE
3
4 SERVER=
5
6 .include DIR/aux-var/tls_conf_prefix
7
8 primary_hostname = myhost.test.ex
9
10 # ----- Main settings -----
11
12 acl_smtp_rcpt = accept
13
14 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
15
16 queue_only
17 queue_run_in_order
18
19 tls_advertise_hosts = *
20
21 # Set certificate only if server
22 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
23
24 tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem} fail}
25 tls_privatekey = ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key} fail}
26
27
28 begin acl
29
30 logger:
31   accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}}
32          logwrite = $event_name depth = $event_data \
33                         <${certextract {subject} {$tls_out_peercert}}>
34 #  message = noooo
35
36   accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}}
37          logwrite = $event_name dane=$tls_out_dane
38   accept
39
40 # ----- Routers -----
41
42 begin routers
43
44 client:
45   driver = dnslookup
46   condition = ${if eq {SERVER}{}}
47   dnssec_request_domains = *
48   self = send
49   transport = send_to_server
50
51 server:
52   driver = redirect
53   data = :blackhole:
54
55
56 # ----- Transports -----
57
58 begin transports
59
60 send_to_server:
61   driver = smtp
62   allow_localhost
63   port = PORT_D
64
65 #  hosts_try_dane = *
66   hosts_require_dane = *
67
68   # required for TA-mode testing
69   tls_verify_certificates = CDIR2/ca_chain.pem
70 .ifdef _HAVE_OCSP
71   hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \
72                                  {= {0}{$tls_out_tlsa_usage}} } \
73                         {*}{}}
74 .endif
75
76   event_action =   ${acl {logger}}
77
78 # End