X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/d4dc049f9a9e80ac3a470fd644418668eefedecb..1922a912d23fc06ee7fb0d22d9cf3e633a4713dc:/test/confs/5840 diff --git a/test/confs/5840 b/test/confs/5840 index ac3578dc9..754945d6e 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -1,5 +1,5 @@ # Exim test configuration 5840 -# DANE +# DANE/OpenSSL SERVER= @@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- .ifndef OPT -acl_smtp_rcpt = accept +acl_smtp_rcpt = accept logwrite = "rcpt ACL" .else acl_smtp_rcpt = accept verify = recipient/callout .endif @@ -22,20 +22,28 @@ queue_run_in_order tls_advertise_hosts = * # Set certificate only if server -CDIR1 = DIR/aux-fixed +CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com +.ifdef CERT +tls_certificate = CERT +.else tls_certificate = ${if eq {SERVER}{server} \ - {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/fullchain.pem}\ - {CDIR1/cert1}}}\ + {CDIR1/fullchain.pem}}}\ fail} +.endif +.ifdef ALLOW +tls_privatekey = ALLOW +.else tls_privatekey = ${if eq {SERVER}{server} \ - {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}}} \ + {${if or {{eq {DETAILS}{ta}} {eq {DETAILS}{ca}} {eq {DETAILS}{ee}}} \ {CDIR2/server1.example.com.unlocked.key}\ - {CDIR1/cert1}}}\ + {CDIR1/server1.example.net.unlocked.key}}}\ fail} +.endif # ----- Routers ----- @@ -64,7 +72,7 @@ send_to_server: port = PORT_D hosts_try_dane = * - hosts_require_dane = !thishost.test.ex + hosts_require_dane = HOSTIPV4 tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} tls_try_verify_hosts = thishost.test.ex tls_verify_certificates = CDIR2/ca_chain.pem