Testsuite: case for TLS client tls-on-connect
[users/heiko/exim.git] / test / stderr / 5410
index 5774680e0b6e9cd1a4d27b23e37f89a8ec8b4e2a..03876629ee05187ffee535d76df4ec65c52a3cb7 100644 (file)
@@ -1,4 +1,5 @@
 Exim version x.yz ....
 Exim version x.yz ....
+adding SSLKEYLOGFILE=TESTSUITE/spool/sslkeys
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
@@ -38,6 +39,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -48,8 +50,9 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 domain.com in "*"? yes (matched "*")
-Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
@@ -67,6 +70,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -86,6 +90,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{userz}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
   ╭considering: $address_data}{userz}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
+             ╰──(tainted)
   ╭considering: userz}{*}{:}}
   ├──expanding: userz
   ╰─────result: userz
   ╭considering: userz}{*}{:}}
   ├──expanding: userz
   ╰─────result: userz
@@ -105,7 +110,7 @@ cmd buf flush ddd bytes
 cmd buf flush ddd bytes
   SMTP<< 220 TLS go ahead
 127.0.0.1 in tls_verify_hosts? no (option unset)
 cmd buf flush ddd bytes
   SMTP<< 220 TLS go ahead
 127.0.0.1 in tls_verify_hosts? no (option unset)
-127.0.0.1 in tls_try_verify_hosts? no (end of list)
+127.0.0.1 in tls_try_verify_hosts? yes (matched "*")
   SMTP>> EHLO myhost.test.ex
 cmd buf flush ddd bytes
   SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
   SMTP>> EHLO myhost.test.ex
 cmd buf flush ddd bytes
   SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
@@ -126,7 +131,7 @@ sync_responses expect rcpt
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 55)
+processing "accept" (TESTSUITE/test-config 57)
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
@@ -136,7 +141,7 @@ end of inline ACL: ACCEPT
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -145,7 +150,7 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -156,7 +161,7 @@ end of inline ACL: ACCEPT
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -164,13 +169,13 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
@@ -182,7 +187,7 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -191,30 +196,30 @@ end of inline ACL: ACCEPT
        
    ╰─────result: (helo=myhost.test.ex)
        
        
    ╰─────result: (helo=myhost.test.ex)
        
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
  ├──condition: def:received_protocol
  ├─────result: true
-  ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+  ╭considering: with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
- ├──condition: def:tls_in_cipher_std
+ ├──condition: def:tls_in_ver
  ├─────result: false
  ├─────result: false
-  ╭───scanning:  tls $tls_in_cipher_std
+  ╭───scanning:  ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding:  tls $tls_in_cipher_std
-       
-  ├─────result:  tls 
-       
+  ├──expanding:  ($tls_in_ver)
+  ├─────result:  ()
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
@@ -233,9 +238,10 @@ end of inline ACL: ACCEPT
        for $received_for
   ╰─────result: 
        for userx@domain.com
        for $received_for
   ╰─────result: 
        for userx@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -245,6 +251,7 @@ end of inline ACL: ACCEPT
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmaX-0005vi-00
        for userx@domain.com
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmaX-0005vi-00
        for userx@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
@@ -264,8 +271,9 @@ LOG: MAIN
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
->>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
+>>>>>>>>>>>>>>>> Exim pid=pppp (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
 Exim version x.yz ....
 Exim version x.yz ....
+adding SSLKEYLOGFILE=TESTSUITE/spool/sslkeys
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
@@ -305,6 +313,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -315,8 +324,9 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 domain.com in "*"? yes (matched "*")
-Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
@@ -334,6 +344,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -362,7 +373,7 @@ sync_responses expect rcpt
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 55)
+processing "accept" (TESTSUITE/test-config 57)
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
@@ -372,7 +383,7 @@ end of inline ACL: ACCEPT
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -381,7 +392,7 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -392,7 +403,7 @@ end of inline ACL: ACCEPT
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -400,13 +411,13 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
@@ -418,7 +429,7 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -427,30 +438,30 @@ end of inline ACL: ACCEPT
        
    ╰─────result: (helo=myhost.test.ex)
        
        
    ╰─────result: (helo=myhost.test.ex)
        
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
  ├──condition: def:received_protocol
  ├─────result: true
-  ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+  ╭considering: with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
- ├──condition: def:tls_in_cipher_std
+ ├──condition: def:tls_in_ver
  ├─────result: false
  ├─────result: false
-  ╭───scanning:  tls $tls_in_cipher_std
+  ╭───scanning:  ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding:  tls $tls_in_cipher_std
-       
-  ├─────result:  tls 
-       
+  ├──expanding:  ($tls_in_ver)
+  ├─────result:  ()
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
@@ -469,9 +480,10 @@ end of inline ACL: ACCEPT
        for $received_for
   ╰─────result: 
        for usery@domain.com
        for $received_for
   ╰─────result: 
        for usery@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -481,6 +493,7 @@ end of inline ACL: ACCEPT
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmaZ-0005vi-00
        for usery@domain.com
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmaZ-0005vi-00
        for usery@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
@@ -500,8 +513,9 @@ LOG: MAIN
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
->>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
+>>>>>>>>>>>>>>>> Exim pid=pppp (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
 Exim version x.yz ....
 Exim version x.yz ....
+adding SSLKEYLOGFILE=TESTSUITE/spool/sslkeys
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
 configuration file is TESTSUITE/test-config
 admin user
  in hosts_connection_nolog? no (option unset)
@@ -541,6 +555,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -551,8 +566,9 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 domain.com in "*"? yes (matched "*")
-Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
  ╭considering: $primary_hostname
  ├──expanding: $primary_hostname
  ╰─────result: myhost.test.ex
@@ -570,6 +586,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -598,7 +615,7 @@ sync_responses expect rcpt
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
   SMTP<< 250 Accepted
 holding verify callout open for cutthrough delivery
 ----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 55)
+processing "accept" (TESTSUITE/test-config 57)
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
 accept: condition test succeeded in inline ACL
 end of inline ACL: ACCEPT
   SMTP>> DATA
@@ -608,7 +625,7 @@ end of inline ACL: ACCEPT
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000
  ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -617,7 +634,7 @@ end of inline ACL: ACCEPT
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├─────result: false
   ╭───scanning: from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -628,7 +645,7 @@ end of inline ACL: ACCEPT
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        
   ╰───skipping: result is not used
   ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -636,13 +653,13 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   ├──condition: def:sender_ident
   ├─────result: true
    ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
    ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+   ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
    ╎ }}(Exim $version_number)
    ╎ ${if def:sender_address {(envelope-from <$sender_address>)
    ╎ }}id $message_exim_id${if def:received_for {
@@ -654,7 +671,7 @@ end of inline ACL: ACCEPT
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
   ├──condition: def:sender_helo_name
   ├─────result: true
    ╭considering: (helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -663,30 +680,30 @@ end of inline ACL: ACCEPT
        
    ╰─────result: (helo=myhost.test.ex)
        
        
    ╰─────result: (helo=myhost.test.ex)
        
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
        }}
   ╰─────result: from CALLER (helo=myhost.test.ex)
        
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
  ├──condition: def:received_protocol
  ├─────result: true
-  ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+  ╭considering: with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
   ├──expanding: with $received_protocol 
   ╰─────result: with local-esmtp 
- ├──condition: def:tls_in_cipher_std
+ ├──condition: def:tls_in_ver
  ├─────result: false
  ├─────result: false
-  ╭───scanning:  tls $tls_in_cipher_std
+  ╭───scanning:  ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        for $received_for}}
-  ├──expanding:  tls $tls_in_cipher_std
-       
-  ├─────result:  tls 
-       
+  ├──expanding:  ($tls_in_ver)
+  ├─────result:  ()
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
   ╰───skipping: result is not used
  ├──condition: def:sender_address
  ├─────result: true
@@ -705,9 +722,10 @@ end of inline ACL: ACCEPT
        for $received_for
   ╰─────result: 
        for usery@domain.com
        for $received_for
   ╰─────result: 
        for usery@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
        }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
-       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+       }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver        { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
        }}(Exim $version_number)
        ${if def:sender_address {(envelope-from <$sender_address>)
        }}id $message_exim_id${if def:received_for {
@@ -717,6 +735,7 @@ end of inline ACL: ACCEPT
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmbB-0005vi-00
        for usery@domain.com
        (envelope-from <CALLER@myhost.test.ex>)
        id 10HmbB-0005vi-00
        for usery@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
@@ -736,6 +755,6 @@ LOG: MAIN
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
   Completed
 LOG: smtp_connection MAIN
   SMTP connection from CALLER closed by QUIT
->>>>>>>>>>>>>>>> Exim pid=pppp (msg setup toplevel) terminating with rc=0 >>>>>>>>>>>>>>>>
+>>>>>>>>>>>>>>>> Exim pid=pppp (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
 
 ******** SERVER ********
 
 ******** SERVER ********