git://git.exim.org
/
users
/
heiko
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fixup! WIP: allow_insecure_tainted_data
[users/heiko/exim.git]
/
test
/
confs
/
5890
diff --git
a/test/confs/5890
b/test/confs/5890
index a836802afe526fadfa9c4df8d38a52b75c9dea8b..0c812fd89769535ec7ff1235b09997404f73299b 100644
(file)
--- a/
test/confs/5890
+++ b/
test/confs/5890
@@
-19,7
+19,10
@@
tls_advertise_hosts = *
# Set certificate only if server
# Set certificate only if server
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+CDIR=DIR/aux-fixed/exim-ca/example.com
+
+tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
+tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key
tls_require_ciphers = OPTION
tls_resumption_hosts = 127.0.0.1
tls_require_ciphers = OPTION
tls_resumption_hosts = 127.0.0.1
@@
-36,7
+39,6
@@
check_helo:
logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
logwrite = peer cert verified\t${tls_in_certificate_verified}
logwrite = peer dn\t${tls_in_peerdn}
logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
logwrite = peer cert verified\t${tls_in_certificate_verified}
logwrite = peer dn\t${tls_in_peerdn}
- logwrite = ocsp\t${tls_in_ocsp}
logwrite = cipher\t${tls_in_cipher}
logwrite = bits\t${tls_in_bits}
accept
logwrite = cipher\t${tls_in_cipher}
logwrite = bits\t${tls_in_bits}
accept
@@
-53,7
+55,6
@@
log_resumption:
logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
logwrite = peer cert verified\t${tls_out_certificate_verified}
logwrite = peer dn\t${tls_out_peerdn}
logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
logwrite = peer cert verified\t${tls_out_certificate_verified}
logwrite = peer dn\t${tls_out_peerdn}
- logwrite = ocsp\t${tls_out_ocsp}
logwrite = cipher\t${tls_out_cipher}
logwrite = bits\t${tls_out_bits}
logwrite = cipher\t${tls_out_cipher}
logwrite = bits\t${tls_out_bits}
@@
-86,7
+87,7
@@
send_to_server1:
.else
tls_resumption_hosts = :
.endif
.else
tls_resumption_hosts = :
.endif
- tls_verify_certificates =
DIR/aux-fixed/cert1
+ tls_verify_certificates =
CDIR/CA/CA.pem
tls_verify_cert_hostnames = ${if match {$local_part}{^noverify} {*}{:}}
tls_try_verify_hosts = *
event_action = ${acl {log_resumption}}
tls_verify_cert_hostnames = ${if match {$local_part}{^noverify} {*}{:}}
tls_try_verify_hosts = *
event_action = ${acl {log_resumption}}
@@
-96,9
+97,10
@@
send_to_server2:
allow_localhost
hosts = HOSTIPV4
port = PORT_D
allow_localhost
hosts = HOSTIPV4
port = PORT_D
- tls_verify_certificates = DIR/aux-fixed/cert1
- tls_verify_cert_hostnames = :
- event_action = ${acl {log_resumption}}
+ hosts_try_fastopen = :
+ tls_verify_certificates = CDIR/CA/CA.pem
+ tls_verify_cert_hostnames = :
+ event_action = ${acl {log_resumption}}
# ----- Retry -----
# ----- Retry -----