Testsuite: fix debug stream munging for non-autocreate DBM variants, and for no TFO...
[users/jgh/exim.git] / test / scripts / 2100-OpenSSL / 2114
1 # TLS server: mandatory, optional, and revoked certificates
2 exim -DSERVER=server -bd -oX PORT_D
3 ****
4 ### No certificate, certificate required
5 client-ssl HOSTIPV4 PORT_D
6 ??? 220
7 ehlo rhu.barb
8 ??? 250-
9 ??? 250-
10 ??? 250-
11 ??? 250-
12 ??? 250-
13 ??? 250
14 starttls
15 ??? 220
16 noop
17 ??? 554 Security failure
18 quit
19 ????554 Security failure
20 ??? 221
21 ???*
22 ****
23 ### No certificate, certificate optional at TLS time, required by ACL
24 client-ssl 127.0.0.1 PORT_D
25 ??? 220
26 ehlo rhu.barb
27 ??? 250-
28 ??? 250-
29 ??? 250-
30 ??? 250-
31 ??? 250-
32 ??? 250
33 starttls
34 ??? 220
35 helo rhu.barb
36 ??? 250
37 mail from:<userx@test.ex>
38 ??? 250
39 rcpt to:<userx@test.ex>
40 ??? 550
41 quit
42 ??? 221
43 ****
44 ### Good certificate, certificate required
45 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
46 ??? 220
47 ehlo rhu.barb
48 ??? 250-
49 ??? 250-
50 ??? 250-
51 ??? 250-
52 ??? 250-
53 ??? 250
54 starttls
55 ??? 220
56 mail from:<userx@test.ex>
57 ??? 250
58 rcpt to:<userx@test.ex>
59 ??? 250
60 quit
61 ??? 221
62 ****
63 ### Good certificate, certificate optional at TLS time, checked by ACL
64 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
65 ??? 220
66 ehlo rhu.barb
67 ??? 250-
68 ??? 250-
69 ??? 250-
70 ??? 250-
71 ??? 250-
72 ??? 250
73 starttls
74 ??? 220
75 mail from:<userx@test.ex>
76 ??? 250
77 rcpt to:<userx@test.ex>
78 ??? 250
79 quit
80 ??? 221
81 ****
82 ### Bad certificate, certificate required
83 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
84 ??? 220
85 ehlo rhu.barb
86 ??? 250-
87 ??? 250-
88 ??? 250-
89 ??? 250-
90 ??? 250-
91 ??? 250
92 starttls
93 ??? 220
94 noop
95 ??? 554 Security failure
96 ****
97 ### Bad certificate, certificate optional at TLS time, reject at ACL time
98 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
99 ??? 220
100 ehlo rhu.barb
101 ??? 250-
102 ??? 250-
103 ??? 250-
104 ??? 250-
105 ??? 250-
106 ??? 250
107 starttls
108 ??? 220
109 mail from:<userx@test.ex>
110 ??? 250
111 rcpt to:<userx@test.ex>
112 ??? 550
113 quit
114 ??? 221
115 ****
116 killdaemon
117 #
118 #
119 #
120 #
121 exim -DCRL=DIR/aux-fixed/exim-ca/example.com/CA/crl.chain.pem -DSERVER=server -bd -oX PORT_D
122 ****
123 ### Otherwise good but revoked certificate, certificate required
124 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
125 ??? 220
126 ehlo rhu.barb
127 ??? 250-
128 ??? 250-
129 ??? 250-
130 ??? 250-
131 ??? 250-
132 ??? 250
133 starttls
134 ??? 220
135 noop
136 ??? 554 Security failure
137 ****
138 ### Revoked certificate, certificate optional at TLS time, reject at ACL time
139 client-ssl 127.0.0.1 PORT_D aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
140 ??? 220
141 ehlo rhu.barb
142 ??? 250-
143 ??? 250-
144 ??? 250-
145 ??? 250-
146 ??? 250-
147 ??? 250
148 starttls
149 ??? 220
150 mail from:<userx@test.ex>
151 ??? 250
152 rcpt to:<userx@test.ex>
153 ??? 550
154 quit
155 ??? 221
156 ****
157 ### Good certificate, certificate required - but nonmatching CRL also present
158 client-ssl HOSTIPV4 PORT_D aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
159 ??? 220
160 ehlo rhu.barb
161 ??? 250-
162 ??? 250-
163 ??? 250-
164 ??? 250-
165 ??? 250-
166 ??? 250
167 starttls
168 ??? 220
169 mail from:<userx@test.ex>
170 ??? 250
171 rcpt to:<userx@test.ex>
172 ??? 250
173 quit
174 ??? 221
175 ****
176 killdaemon