Certificate-related routines only present when TLS is supported
[users/heiko/exim.git] / test / confs / 5750
1 # Exim test configuration 5750 (dup of 5760)
2 # $tls_out_peercert - GnuTLS
3
4 SERVER=
5
6 exim_path = EXIM_PATH
7 host_lookup_order = bydns
8 primary_hostname = myhost.test.ex
9 rfc1413_query_timeout = 0s
10 spool_directory = DIR/spool
11 log_file_path = DIR/spool/log/SERVER%slog
12 gecos_pattern = ""
13 gecos_name = CALLER_NAME
14
15 # ----- Main settings -----
16
17 acl_smtp_rcpt = accept
18
19 log_selector =  +tls_peerdn
20
21 queue_only
22 queue_run_in_order
23
24 tls_advertise_hosts = *
25
26 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
27 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
28
29 tls_verify_hosts = *
30 tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem
31
32 #
33
34 begin acl
35 logger:
36   warn   logwrite =  $acl_arg1 $tpda_delivery_local_part
37   warn   logwrite =  ${if !def:tls_out_ourcert \
38                 {NO CLENT CERT presented} \
39                 {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}}
40   accept condition = ${if !def:tls_out_peercert}
41          logwrite =  No Peer cert
42   accept logwrite = Peer cert:
43          logwrite =  ver <${certextract {version}       {$tls_out_peercert}}>
44          logwrite =  SN  <${certextract {subject}       {$tls_out_peercert}}>
45          logwrite =  IN  <${certextract {issuer}        {$tls_out_peercert}}>
46          logwrite =  NB  <${certextract {notbefore}     {$tls_out_peercert}}>
47          logwrite =  NA  <${certextract {notafter}      {$tls_out_peercert}}>
48          logwrite =  SA  <${certextract {sig_algorithm} {$tls_out_peercert}}>
49          logwrite =  SG  <${certextract {signature}     {$tls_out_peercert}}>
50          logwrite =       ${certextract {subj_altname}  {$tls_out_peercert}{SAN <$value>}{(no SAN)}}
51 #        logwrite =       ${certextract {ocsp_uri}      {$tls_out_peercert} {OCU <$value>}{(no OCU)}}
52          logwrite =       ${certextract {crl_uri}       {$tls_out_peercert} {CRU <$value>}{(no CRU)}}
53
54
55 # ----- Routers -----
56
57 begin routers
58
59 client:
60   driver = accept
61   condition = ${if eq {SERVER}{server}{no}{yes}}
62   retry_use_local_part
63   transport = send_to_server
64
65
66 # ----- Transports -----
67
68 begin transports
69
70 send_to_server:
71   driver = smtp
72   allow_localhost
73   hosts = 127.0.0.1
74   port = PORT_D
75
76   tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem
77   tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
78
79   tls_verify_certificates = DIR/aux-fixed/exim-ca/\
80        ${if eq {$local_part}{good}\
81 {example.com/server1.example.com/ca_chain.pem}\
82 {example.net/server1.example.net/ca_chain.pem}}
83
84   tpda_delivery_action =   ${acl {logger} {delivery} {$domain} }
85   tpda_host_defer_action = ${acl {logger} {deferral} {$domain} }
86
87 # ----- Retry -----
88
89
90 begin retry
91
92 * * F,5d,10s
93
94
95 # End