Testsuite: avoid cipher vs. cert validity problem
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 20 Sep 2020 22:40:40 +0000 (23:40 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Sun, 20 Sep 2020 22:40:40 +0000 (23:40 +0100)
test/confs/5821
test/log/5821
test/scripts/5820-DANE-GnuTLS/5821

index 84d29bdfe7f1a40b04df19dcb091430b41dbc120..28999d5c7b7eb27a0d343ec49024f80abd0394d1 100644 (file)
@@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex
 
 # ----- Main settings -----
 
 
 # ----- Main settings -----
 
-acl_smtp_rcpt = accept logwrite = "rcpt ACL"
+acl_smtp_rcpt = accept logwrite = "rcpt ACL: tls_in_bits $tls_in_bits"
 
 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
 
 
 log_selector =  +received_recipients +tls_peerdn +tls_certificate_verified
 
@@ -19,11 +19,11 @@ tls_advertise_hosts = *
 # Set certificate only if server
 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
 
 # Set certificate only if server
 CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
 
-tls_certificate = ${if eq {SERVER}{server} {CDIR2/fullchain.pem}fail}
-tls_privatekey =  ${if eq {SERVER}{server} {CDIR2/server1.example.com.unlocked.key}fail}
+tls_certificate = CDIR2/fullchain.pem
+tls_privatekey =  CDIR2/server1.example.com.unlocked.key
 
 # Permit two specific ciphers
 
 # Permit two specific ciphers
-tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM
+tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+AES-256-GCM
 
 # ----- Routers -----
 begin routers
 
 # ----- Routers -----
 begin routers
index c1da057cf1d8bbf89d8bfb993f005f8b54559141..f2266e77e6ef75259b5c13c354f0b77fc3c7adad 100644 (file)
@@ -8,24 +8,24 @@
 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@localhost.test.ex R=client T=send_to_server H=localhost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for CALLER@dane256ee.test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:RSA__CAMELLIA_256_GCM:256 CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => CALLER@dane256ee.test.ex R=client T=send_to_server H=dane256ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
 
 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128"
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128"
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 "rcpt ACL"
+1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 128"
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for CALLER@localhost.test.ex
 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <CALLER@localhost.test.ex> R=server
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
-1999-03-02 09:44:33 "rcpt ACL"
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:RSA__CAMELLIA_256_GCM:256 CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
+1999-03-02 09:44:33 "rcpt ACL: tls_in_bits 256"
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for CALLER@dane256ee.test.ex
 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <CALLER@dane256ee.test.ex> R=server
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
index 7f83a401bb118933246b389adbbc40b67a07d77a..94f23ce19fb801f41c77666980f89c6b76f33ade 100644 (file)
@@ -16,12 +16,12 @@ Testing
 #
 ### Dane cipher specified, dane unused
 # Since dane unused, should get the same cipher as the baseline
 #
 ### Dane cipher specified, dane unused
 # Since dane unused, should get the same cipher as the baseline
-exim -odf -DOPT=NORMAL:-CIPHER-ALL:+CAMELLIA-256-GCM CALLER@localhost.test.ex
+exim -odf -DOPT=NORMAL:-CIPHER-ALL:+AES-256-GCM CALLER@localhost.test.ex
 Testing
 ****
 ### Dane cipher specified, dane used
 # Should get the cipher specified here
 Testing
 ****
 ### Dane cipher specified, dane used
 # Should get the cipher specified here
-exim -odf -DOPT=NORMAL:-CIPHER-ALL:+CAMELLIA-256-GCM CALLER@dane256ee.test.ex
+exim -odf -DOPT=NORMAL:-CIPHER-ALL:+AES-256-GCM CALLER@dane256ee.test.ex
 Testing
 ****
 #
 Testing
 ****
 #