Merge branch 'dane_require_tls_ciphers'
[users/jgh/exim.git] / test / scripts / 2100-OpenSSL / 2114
1 # TLS server: mandatory, optional, and revoked certificates
2 exim -DSERVER=server -bd -oX PORT_D
3 ****
4 ### No certificate, certificate required
5 client-ssl HOSTIPV4 PORT_D
6 ??? 220
7 ehlo rhu.barb
8 ??? 250-
9 ??? 250-
10 ??? 250-
11 ??? 250-
12 ??? 250-
13 ??? 250
14 starttls
15 ??? 220
16 ****
17 ### No certificate, certificate optional at TLS time, required by ACL
18 client-ssl 127.0.0.1 PORT_D
19 ??? 220
20 ehlo rhu.barb
21 ??? 250-
22 ??? 250-
23 ??? 250-
24 ??? 250-
25 ??? 250-
26 ??? 250
27 starttls
28 ??? 220
29 helo rhu.barb
30 ??? 250
31 mail from:<userx@test.ex>
32 ??? 250
33 rcpt to:<userx@test.ex>
34 ??? 550
35 quit
36 ??? 221
37 ****
38 ### Good certificate, certificate required
39 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
40 ??? 220
41 ehlo rhu.barb
42 ??? 250-
43 ??? 250-
44 ??? 250-
45 ??? 250-
46 ??? 250-
47 ??? 250
48 starttls
49 ??? 220
50 mail from:<userx@test.ex>
51 ??? 250
52 rcpt to:<userx@test.ex>
53 ??? 250
54 quit
55 ??? 221
56 ****
57 ### Good certificate, certificate optional at TLS time, checked by ACL
58 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
59 ??? 220
60 ehlo rhu.barb
61 ??? 250-
62 ??? 250-
63 ??? 250-
64 ??? 250-
65 ??? 250-
66 ??? 250
67 starttls
68 ??? 220
69 mail from:<userx@test.ex>
70 ??? 250
71 rcpt to:<userx@test.ex>
72 ??? 250
73 quit
74 ??? 221
75 ****
76 ### Bad certificate, certificate required
77 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
78 ??? 220
79 ehlo rhu.barb
80 ??? 250-
81 ??? 250-
82 ??? 250-
83 ??? 250-
84 ??? 250-
85 ??? 250
86 starttls
87 ??? 220
88 ****
89 ### Bad certificate, certificate optional at TLS time, reject at ACL time
90 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
91 ??? 220
92 ehlo rhu.barb
93 ??? 250-
94 ??? 250-
95 ??? 250-
96 ??? 250-
97 ??? 250-
98 ??? 250
99 starttls
100 ??? 220
101 mail from:<userx@test.ex>
102 ??? 250
103 rcpt to:<userx@test.ex>
104 ??? 550
105 quit
106 ??? 221
107 ****
108 killdaemon
109 #
110 #
111 #
112 #
113 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
114 ****
115 ### Otherwise good but revoked certificate, certificate required
116 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
117 ??? 220
118 ehlo rhu.barb
119 ??? 250-
120 ??? 250-
121 ??? 250-
122 ??? 250-
123 ??? 250-
124 ??? 250
125 starttls
126 ??? 220
127 ****
128 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
129 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
130 ??? 220
131 ehlo rhu.barb
132 ??? 250-
133 ??? 250-
134 ??? 250-
135 ??? 250-
136 ??? 250-
137 ??? 250
138 starttls
139 ??? 220
140 mail from:<userx@test.ex>
141 ??? 250
142 rcpt to:<userx@test.ex>
143 ??? 550
144 quit
145 ??? 221
146 ****
147 ### Good certificate, certificate required - but nonmatching CRL also present
148 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
149 ??? 220
150 ehlo rhu.barb
151 ??? 250-
152 ??? 250-
153 ??? 250-
154 ??? 250-
155 ??? 250-
156 ??? 250
157 starttls
158 ??? 220
159 mail from:<userx@test.ex>
160 ??? 250
161 rcpt to:<userx@test.ex>
162 ??? 250
163 quit
164 ??? 221
165 ****
166 killdaemon