git://git.exim.org
/
users
/
heiko
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Testsuite: case for TLS client tls-on-connect
[users/heiko/exim.git]
/
test
/
confs
/
5821
diff --git
a/test/confs/5821
b/test/confs/5821
index db2dc19d2f7c780eee808cc621792077782cc625..28999d5c7b7eb27a0d343ec49024f80abd0394d1 100644
(file)
--- a/
test/confs/5821
+++ b/
test/confs/5821
@@
-1,5
+1,5
@@
# Exim test configuration 5821
# Exim test configuration 5821
-# DANE/
OpenSSL
- ciphers option
+# DANE/
GnuTLS
- ciphers option
SERVER=
OPT=
SERVER=
OPT=
@@
-10,7
+10,7
@@
primary_hostname = myhost.test.ex
# ----- Main settings -----
# ----- Main settings -----
-acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+acl_smtp_rcpt = accept logwrite = "rcpt ACL
: tls_in_bits $tls_in_bits
"
log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
log_selector = +received_recipients +tls_peerdn +tls_certificate_verified
@@
-19,11
+19,11
@@
tls_advertise_hosts = *
# Set certificate only if server
CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
# Set certificate only if server
CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
-tls_certificate =
${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
-tls_privatekey =
${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+tls_certificate =
CDIR2/fullchain.pem
+tls_privatekey =
CDIR2/server1.example.com.unlocked.key
# Permit two specific ciphers
# Permit two specific ciphers
-tls_require_ciphers = NO
NE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL
+tls_require_ciphers = NO
RMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM
# ----- Routers -----
begin routers
# ----- Routers -----
begin routers
@@
-31,6
+31,7
@@
begin routers
client:
driver = dnslookup
condition = ${if eq {SERVER}{}}
client:
driver = dnslookup
condition = ${if eq {SERVER}{}}
+ ignore_target_hosts = <; 0::0/0
dnssec_request_domains = *
self = send
transport = send_to_server
dnssec_request_domains = *
self = send
transport = send_to_server
@@
-47,11
+48,12
@@
send_to_server:
driver = smtp
allow_localhost
port = PORT_D
driver = smtp
allow_localhost
port = PORT_D
+ hosts_try_fastopen = :
hosts_try_dane = *
tls_verify_certificates = CDIR2/ca_chain.pem
# Some commonly-available cipher, we hope
hosts_try_dane = *
tls_verify_certificates = CDIR2/ca_chain.pem
# Some commonly-available cipher, we hope
- tls_require_ciphers = NO
NE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL
+ tls_require_ciphers = NO
RMAL:-CIPHER-ALL:+AES-128-CBC
dane_require_tls_ciphers = OPT
# ----- Retry -----
dane_require_tls_ciphers = OPT
# ----- Retry -----