git://git.exim.org
/
users
/
heiko
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
More taint discussion in docs
[users/heiko/exim.git]
/
test
/
scripts
/
5650-OCSP-GnuTLS
/
5650
diff --git
a/test/scripts/5650-OCSP-GnuTLS/5650
b/test/scripts/5650-OCSP-GnuTLS/5650
index 9ebafb3e264a5b44af6777b166416a69f9137c49..bbea625b19168a74a1ccd70d18db49560fa22034 100644
(file)
--- a/
test/scripts/5650-OCSP-GnuTLS/5650
+++ b/
test/scripts/5650-OCSP-GnuTLS/5650
@@
-6,7
+6,7
@@
exim -z '1: Server sends good staple on request'
****
#
exim -bd -oX PORT_D -DSERVER=server \
****
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@
-34,12
+34,11
@@
killdaemon
#
exim -z '2: Server does not staple an outdated response'
****
#
exim -z '2: Server does not staple an outdated response'
****
+# This test fails on older GnuTLS versions, which do not check the resp on the server
#
exim -bd -oX PORT_D -DSERVER=server \
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
****
****
-# XXX test sequence might not be quite right; this is for a server refusal
-# and we're expecting a client refusal.
client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
client-gnutls -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
@@
-50,7
+49,7
@@
ehlo rhu.barb
??? 250-
??? 250
starttls
??? 250-
??? 250
starttls
-???
220
+???
454
****
killdaemon
#
****
killdaemon
#
@@
-60,9
+59,10
@@
killdaemon
#
exim -z '3: Server does not staple a response for a revoked cert'
****
#
exim -z '3: Server does not staple a response for a revoked cert'
****
+# This test fails on older GnuTLS versions, which do not check the resp on the server
#
exim -bd -oX PORT_D -DSERVER=server \
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
****
client-gnutls \
-ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@
-76,7
+76,7
@@
ehlo rhu.barb
??? 250-
??? 250
starttls
??? 250-
??? 250
starttls
-???
220
+???
454
****
killdaemon
#
****
killdaemon
#
@@
-88,14
+88,10
@@
exim -z '4: Connection functions when server is prepared to staple but client do
****
#
exim -bd -oX PORT_D -DSERVER=server \
****
#
exim -bd -oX PORT_D -DSERVER=server \
- -DO
CSP
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DO
PTION
=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
****
#
****
#
-# Temporarily (I hope) use OpenSSL-based client, as GnuTLS is buggy and always requests (and understands)
-# stapling
-#
-#client-gnutls \
-client-ssl \
+client-gnutls \
HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb
HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
??? 220
ehlo rhu.barb