Merge branch 'ocsp_staple_rollup'
[users/heiko/exim.git] / test / scripts / 5600-OCSP-OpenSSL / 5600
1 # TLS server: OCSP stapling
2 #
3 #
4 #
5 # 1: Server sends good staple on request
6 exim -bd -oX PORT_D -DSERVER=server \
7  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
8 ****
9 client-ssl \
10  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
11  HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
12 ??? 220
13 ehlo rhu.barb
14 ??? 250-
15 ??? 250-
16 ??? 250-
17 ??? 250-
18 ??? 250-
19 ??? 250
20 starttls
21 ??? 220
22 mail from:<userx@test.ex>
23 ??? 250
24 rcpt to:<userx@test.ex>
25 ??? 250
26 quit
27 ??? 221
28 ****
29 killdaemon
30 #
31 #
32 #
33 # 2: Server does not staple an outdated response
34 exim -bd -oX PORT_D -DSERVER=server \
35  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
36 ****
37 # XXX test sequence might not be quite right; this is for a server refusal
38 # and we're expecting a client refusal.
39 client-ssl -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
40 ??? 220
41 ehlo rhu.barb
42 ??? 250-
43 ??? 250-
44 ??? 250-
45 ??? 250-
46 ??? 250-
47 ??? 250
48 starttls
49 ??? 220
50 ****
51 killdaemon
52 #
53 #
54 #
55 #
56 #
57 # 3: Server does not staple a response for a revoked cert
58 exim -bd -oX PORT_D -DSERVER=server \
59  -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
60 ****
61 client-ssl \
62  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
63  HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
64 ??? 220
65 ehlo rhu.barb
66 ??? 250-
67 ??? 250-
68 ??? 250-
69 ??? 250-
70 ??? 250-
71 ??? 250
72 starttls
73 ??? 220
74 ****
75 killdaemon
76 #
77 #
78 #
79 #
80 #