1 ### No certificate, certificate required
2 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
4 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
7 <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
21 Attempting to start TLS
22 SSL connection using ke-RSA-AES256-SHA
23 Succeeded in starting TLS
25 ????554 Security failure
26 error:dddddddd:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required
29 ??? 554 Security failure
30 <<< 554 Security failure
32 ????554 Security failure
37 ### No certificate, certificate optional at TLS time, required by ACL
38 Connecting to 127.0.0.1 port 1225 ... connected
40 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
43 <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
57 Attempting to start TLS
58 SSL connection using ke-RSA-AES256-SHA
59 Succeeded in starting TLS
62 <<< 250 myhost.test.ex Hello rhu.barb [127.0.0.1]
63 >>> mail from:<userx@test.ex>
66 >>> rcpt to:<userx@test.ex>
68 <<< 550 certificate not verified: peerdn=
71 <<< 221 myhost.test.ex closing connection
73 ### Good certificate, certificate required
74 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
75 Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
76 Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
78 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
81 <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
95 Attempting to start TLS
96 SSL connection using ke-RSA-AES256-SHA
97 Succeeded in starting TLS
98 >>> mail from:<userx@test.ex>
101 >>> rcpt to:<userx@test.ex>
106 <<< 221 myhost.test.ex closing connection
108 ### Good certificate, certificate optional at TLS time, checked by ACL
109 Connecting to 127.0.0.1 port 1225 ... connected
110 Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
111 Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
113 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
116 <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
118 <<< 250-SIZE 52428800
130 Attempting to start TLS
131 SSL connection using ke-RSA-AES256-SHA
132 Succeeded in starting TLS
133 >>> mail from:<userx@test.ex>
136 >>> rcpt to:<userx@test.ex>
141 <<< 221 myhost.test.ex closing connection
143 ### Bad certificate, certificate required
144 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
145 Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
146 Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
148 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
151 <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
153 <<< 250-SIZE 52428800
165 Attempting to start TLS
166 SSL connection using ke-RSA-AES256-SHA
167 Succeeded in starting TLS
169 ????554 Security failure
170 error:dddddddd:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
173 ??? 554 Security failure
174 <<< 554 Security failure
176 ### Bad certificate, certificate optional at TLS time, reject at ACL time
177 Connecting to 127.0.0.1 port 1225 ... connected
178 Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
179 Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
181 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
184 <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
186 <<< 250-SIZE 52428800
198 Attempting to start TLS
199 SSL connection using ke-RSA-AES256-SHA
200 Succeeded in starting TLS
201 >>> mail from:<userx@test.ex>
204 >>> rcpt to:<userx@test.ex>
206 <<< 550 certificate not verified: peerdn=/CN=server1.example.net
209 <<< 221 myhost.test.ex closing connection
211 ### Otherwise good but revoked certificate, certificate required
212 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
213 Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
214 Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
216 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
219 <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
221 <<< 250-SIZE 52428800
233 Attempting to start TLS
234 SSL connection using ke-RSA-AES256-SHA
235 Succeeded in starting TLS
237 ????554 Security failure
238 error:dddddddd:SSL routines:ssl3_read_bytes:sslv3 alert certificate revoked
241 ??? 554 Security failure
242 <<< 554 Security failure
244 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
245 Connecting to 127.0.0.1 port 1225 ... connected
246 Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
247 Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
249 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
252 <<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
254 <<< 250-SIZE 52428800
266 Attempting to start TLS
267 SSL connection using ke-RSA-AES256-SHA
268 Succeeded in starting TLS
269 >>> mail from:<userx@test.ex>
272 >>> rcpt to:<userx@test.ex>
274 <<< 550 certificate not verified: peerdn=/CN=revoked1.example.com
277 <<< 221 myhost.test.ex closing connection
279 ### Good certificate, certificate required - but nonmatching CRL also present
280 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
281 Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
282 Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
284 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
287 <<< 250-myhost.test.ex Hello rhu.barb [ip4.ip4.ip4.ip4]
289 <<< 250-SIZE 52428800
301 Attempting to start TLS
302 SSL connection using ke-RSA-AES256-SHA
303 Succeeded in starting TLS
304 >>> mail from:<userx@test.ex>
307 >>> rcpt to:<userx@test.ex>
312 <<< 221 myhost.test.ex closing connection
315 ******** SERVER ********
316 ### No certificate, certificate required
317 ### No certificate, certificate optional at TLS time, required by ACL
318 ### Good certificate, certificate required
319 ### Good certificate, certificate optional at TLS time, checked by ACL
320 ### Bad certificate, certificate required
321 ### Bad certificate, certificate optional at TLS time, reject at ACL time
322 ### Otherwise good but revoked certificate, certificate required
323 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
324 ### Good certificate, certificate required - but nonmatching CRL also present