X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/98eb95929140ee1e2b2b367b12abb45762d155e9..9c43aff91481faddf4ca3763657d3ae2a63acb65:/test/confs/3820?ds=sidebyside

diff --git a/test/confs/3820 b/test/confs/3820
index a0206f3a0..c80d4d414 100644
--- a/test/confs/3820
+++ b/test/confs/3820
@@ -2,32 +2,73 @@
 
 SERVER=
 
+.ifdef TRUSTED
+.include DIR/aux-var/tls_conf_prefix
+.else
 .include DIR/aux-var/std_conf_prefix
+.endif
 
 primary_hostname = myhost.test.ex
+tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 
 # ----- Main settings -----
 
+acl_smtp_rcpt = accept
+queue_only
+
+
+begin routers
+
+client_r:
+  driver =	accept
+  condition =	${if !eq {SERVER}{server}}
+  transport =	smtp
+
+begin transports
+
+smtp:
+  driver =		smtp
+  hosts =		127.0.0.1
+  allow_localhost
+  port =		PORT_D
+.ifdef TRUSTED
+  hosts_require_tls =	*
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
+.endif
+  hosts_require_auth =	*
 
 # ----- Authentication -----
 
 begin authenticators
 
+.ifndef TRUSTED
 sasl1:
-  driver = gsasl
-  public_name = ANONYMOUS
+  driver =		gsasl
+  public_name =		ANONYMOUS
   server_set_id =	$auth1
   server_condition =	true
 
 sasl2:
-  driver = gsasl
-  public_name = PLAIN
+  driver =		gsasl
+  public_name =		PLAIN
   server_set_id =	$auth1
-  server_condition =	false
+  server_condition =	${if eq {$auth3}{pencil}}
+
+  client_condition =	${if eq {plain}{$local_part}}
+  client_username =	ph10
+  client_password =	pencil
+.endif
 
 sasl3:
-  driver = gsasl
-  public_name = SCRAM-SHA-1
+  driver =		gsasl
+.ifdef TRUSTED
+  public_name =		SCRAM-SHA-1-PLUS
+  server_advertise_condition =	${if def:tls_in_cipher}
+  server_channelbinding =	true
+.else
+  public_name =		SCRAM-SHA-1
+.endif
 
   # will need to give library salt, stored-key, server-key, itercount
   #
@@ -35,13 +76,42 @@ sasl3:
   # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT.  It _might_ take
   # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
 
-  server_scram_iter =	4096
   # unclear if the salt is given in binary or base64 to the library
+  server_scram_salt =	${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}}
+  server_password =	${if eq {$auth1}{ph10} {pencil}{unset_password}}
+  server_condition =	true
+  server_set_id =	$auth1
+
+  client_condition =	${if eq {scram_sha_1}{$local_part}}
+  client_username =	ph10
+  client_password =	pencil
+.ifdef TRUSTED
+  client_channelbinding = true
+.endif
+
+.ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
+sasl4:
+  driver =		gsasl
+.ifdef TRUSTED
+  public_name =		SCRAM-SHA-256-PLUS
+  server_advertise_condition =	${if def:tls_in_cipher}
+  server_channelbinding =	true
+.else
+  public_name =		SCRAM-SHA-256
+.endif
+
   server_scram_salt =	QSXCR+Q6sek8bf92
   server_password =	pencil
-
   server_condition =	true
   server_set_id =	$auth1
 
+  client_condition =	${if eq {scram_sha_256}{$local_part}}
+  client_username =	ph10
+  client_password =	pencil
+.ifdef TRUSTED
+  client_channelbinding = true
+.endif
+.endif
+
 
 # End