X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/37ff4e03734cf28bf78c6df892489f99e50d8356..436c0d208b49421d3d126f7c284bc3130b50ff14:/test/confs/5840?ds=inline diff --git a/test/confs/5840 b/test/confs/5840 index 68a47e998..5852ef2c0 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -1,44 +1,50 @@ # Exim test configuration 5840 -# DANE +# DANE/OpenSSL SERVER= +CONTROL= * + +.include DIR/aux-var/tls_conf_prefix -exim_path = EXIM_PATH -host_lookup_order = bydns primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME # ----- Main settings ----- -acl_smtp_rcpt = accept +.ifndef OPT +acl_smtp_rcpt = accept logwrite = "rcpt ACL" +.else +acl_smtp_rcpt = accept verify = recipient/callout +.endif log_selector = +received_recipients +tls_peerdn +tls_certificate_verified -queue_only queue_run_in_order tls_advertise_hosts = * # Set certificate only if server -CDIR1 = DIR/aux-fixed +CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com +.ifdef CERT +tls_certificate = CERT +.else tls_certificate = ${if eq {SERVER}{server} \ - {${if eq {DETAILS}{ta} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/fullchain.pem}\ - {CDIR1/cert1}}}\ + {CDIR1/fullchain.pem}}}\ fail} +.endif +.ifdef ALLOW +tls_privatekey = ALLOW +.else tls_privatekey = ${if eq {SERVER}{server} \ - {${if eq {DETAILS}{ta} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/server1.example.com.unlocked.key}\ - {CDIR1/cert1}}}\ + {CDIR1/server1.example.net.unlocked.key}}}\ fail} - +.endif # ----- Routers ----- @@ -50,6 +56,7 @@ client: dnssec_request_domains = * self = send transport = send_to_server + errors_to = "" server: driver = redirect @@ -64,12 +71,14 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : + + hosts_try_dane = CONTROL + hosts_require_dane = HOSTIPV4 + tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} + tls_try_verify_hosts = thishost.test.ex + tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} -# hosts_try_dane = * - hosts_require_dane = * - hosts_request_ocsp = ${if or { {= {4}{$tls_out_tlsa_usage}} \ - {= {0}{$tls_out_tlsa_usage}} } \ - {*}{}} # ----- Retry -----