OpenSSL: revert needless free of certificate list. The library handlies it internally.
[users/jgh/exim.git] / test / confs / 3700
1 # Exim test configuration 3700
2
3 SERVER=
4
5 .include DIR/aux-var/tls_conf_prefix
6
7 primary_hostname = myhost.test.ex
8 log_selector = +received_recipients +outgoing_port
9
10 # ----- Main settings -----
11
12 acl_smtp_auth = log_call
13 acl_smtp_mail = check_authd
14 acl_smtp_rcpt = check_authd
15 queue_only
16 queue_run_in_order
17 trusted_users = CALLER
18
19 tls_on_connect_ports = PORT_S
20 tls_advertise_hosts = *
21 tls_certificate = DIR/aux-fixed/cert1
22
23 tls_verify_hosts = *
24 tls_verify_certificates = DIR/aux-fixed/cert2
25
26
27 # ----- ACL -----
28
29 begin acl
30
31 log_call:
32   accept   logwrite = Auth ACL called, after smtp cmd "$smtp_command"
33
34 check_authd:
35   deny     message = authentication required
36           !authenticated = *
37   accept
38
39
40 # ----- Authentication -----
41
42 begin authenticators
43
44 tls:
45   driver = tls
46   server_debug_print = +++TLS \$auth1="$auth1"
47   server_param1 =    ${quote:${certextract {subject,CN,>:} \
48                                   {$tls_in_peercert}}}
49   server_condition = ${if def:auth1}
50   server_set_id =    $auth1
51
52
53 # ----- Routers -----
54
55 begin routers
56
57 r1:
58   driver = accept
59   transport = ${if eq {$local_part}{smtps} {t2}{t1}}
60
61
62 # ----- Transports -----
63
64 begin transports
65
66 t1:
67   driver = smtp
68   hosts = 127.0.0.1
69   port = PORT_D
70   allow_localhost
71   tls_certificate =         DIR/aux-fixed/cert2
72   tls_verify_certificates = DIR/aux-fixed/cert1
73   tls_verify_cert_hostnames = :
74
75 t2:
76   driver = smtp
77   hosts = 127.0.0.1
78   port = PORT_S
79   protocol = smtps
80   allow_localhost
81   tls_certificate =         DIR/aux-fixed/cert2
82   tls_verify_certificates = DIR/aux-fixed/cert1
83   tls_verify_cert_hostnames = :
84
85 # End