X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/4466248715466b6f251454283642b74de65e9d9a..36f7a17f69fe27a4c04a4ff98f80f780007db175:/test/confs/5600 diff --git a/test/confs/5600 b/test/confs/5600 index cd5f3c8e7..b65a2797e 100644 --- a/test/confs/5600 +++ b/test/confs/5600 @@ -3,14 +3,9 @@ CRL= -exim_path = EXIM_PATH -host_lookup_order = bydns +.include DIR/aux-var/tls_conf_prefix + primary_hostname = server1.example.com -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/%slog -gecos_pattern = "" -gecos_name = CALLER_NAME # ----- Main settings ----- @@ -32,7 +27,7 @@ tls_verify_hosts = HOSTIPV4 tls_try_verify_hosts = * tls_verify_certificates = DIR/aux-fixed/cert2 tls_crl = CRL -tls_ocsp_file = OCSP +tls_ocsp_file = RETURN # ------ ACL ------ @@ -40,10 +35,14 @@ tls_ocsp_file = OCSP begin acl check_connect: - accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp + accept logwrite = acl_conn: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_mail: - accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp + accept logwrite = acl_mail: ocsp in status: $tls_in_ocsp \ + (${listextract {${eval:$tls_in_ocsp+1}} \ + {notreq:notresp:vfynotdone:failed:verified}}) check_recipient: deny message = certificate not verified: peerdn=$tls_peerdn