X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/d4dc049f9a9e80ac3a470fd644418668eefedecb..436c0d208b49421d3d126f7c284bc3130b50ff14:/test/confs/2112?ds=inline diff --git a/test/confs/2112 b/test/confs/2112 index aab264820..4ec0b4fcd 100644 --- a/test/confs/2112 +++ b/test/confs/2112 @@ -79,10 +79,22 @@ client_r: client_s: driver = accept - local_parts = users + local_parts = user_s retry_use_local_part transport = send_to_server_req_passname +client_t: + driver = accept + local_parts = usert + retry_use_local_part + transport = send_to_server_req_failchain + +client_u: + driver = accept + local_parts = useru + retry_use_local_part + transport = send_to_server_req_passchain + # ----- Transports ----- @@ -93,8 +105,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -107,8 +120,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -122,8 +136,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -137,6 +152,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -146,28 +162,58 @@ send_to_server_req_fail: # this will fail to verify the cert name and fallback to unencrypted send_to_server_req_failname: - driver = smtp + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 + hosts = serverbadname.example.com + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = server1.example.net : server1.example.org - tls_verify_hosts = * + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * # this will pass the cert verify including name check send_to_server_req_passname: - driver = smtp + driver = smtp + allow_localhost + hosts = server1.example.com + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * + + # this will fail the cert verify name check, because CNAME rules + send_to_server_req_failchain: + driver = smtp allow_localhost - hosts = HOSTIPV4 - port = PORT_D - tls_certificate = CERT2 - tls_privatekey = CERT2 + hosts = serverchain1.example.com + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 - tls_verify_certificates = CA1 - tls_verify_cert_hostnames = noway.example.com : server1.example.com - tls_verify_hosts = * + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * + + # this will pass the cert verify name check, because CNAME rules + send_to_server_req_passchain: + driver = smtp + allow_localhost + hosts = alternatename.server1.example.com + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = HOSTIPV4 + tls_verify_hosts = * # End