OpenSSL: Fix client-side tls_verify_cert_hostnames behaviour
[users/heiko/exim.git] / test / confs / 2131
index 3d83099d10ced09cc4a9d15f6a7e37236f171da9..e4d4ae55118960fc8421d78b3aa69da92a50f303 100644 (file)
@@ -3,14 +3,9 @@
 
 SERVER =
 
-exim_path = EXIM_PATH
-host_lookup_order = bydns
-primary_hostname = myhost.test.ex
-spool_directory = DIR/spool
-log_file_path = DIR/spool/log/SERVER%slog
-gecos_pattern = ""
-gecos_name = CALLER_NAME
+.include DIR/aux-var/tls_conf_prefix
 
+primary_hostname = myhost.test.ex
 
 # ----- Main settings -----
 
@@ -22,22 +17,13 @@ remote_max_parallel = 1
 
 tls_advertise_hosts = *
 
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server} \
-       {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+tls_certificate = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
            {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
-           {cert1} \
-                       }\
-       }fail}
+           {cert1} }
 
-tls_privatekey = ${if eq {SERVER}{server} \
-       {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+tls_privatekey = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
            {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
-           {cert1} \
-                       }\
-       }fail}
-
+           {cert1} }
 
 # ------ ACL ------
 
@@ -70,18 +56,22 @@ send_to_server1:
   allow_localhost
   hosts = HOSTIPV4
   port = PORT_D
+  hosts_try_fastopen = :
   tls_sni = fred
   hosts_require_tls = *
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
 
 send_to_server2:
   driver = smtp
   allow_localhost
   hosts = HOSTIPV4
   port = PORT_D
+  hosts_try_fastopen = :
   tls_sni = bill
   hosts_require_tls = *
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
+  tls_verify_cert_hostnames = :
 
 
 # ----- Retry -----