X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/9d1c15ef45fcc8809349378922de20ae9a774c75..b04be5e70485a99e9e6fad2313ffa9f99735767f:/test/confs/5750 diff --git a/test/confs/5750 b/test/confs/5750 index a4762bd19..13ee1498f 100644 --- a/test/confs/5750 +++ b/test/confs/5750 @@ -6,11 +6,11 @@ SERVER= exim_path = EXIM_PATH host_lookup_order = bydns primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s spool_directory = DIR/spool log_file_path = DIR/spool/log/SERVER%slog gecos_pattern = "" gecos_name = CALLER_NAME +timezone = UTC # ----- Main settings ----- @@ -29,28 +29,51 @@ tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.e tls_verify_hosts = * tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem +event_action = ${acl {server_cert_log}} + # begin acl -logger: - warn logwrite = $acl_arg1 $tpda_delivery_local_part + +server_cert_log: + accept condition = ${if eq {tls:cert}{$event_name}} + logwrite = [$sender_host_address] \ + depth=$event_data \ + ${certextract{subject}{$tls_in_peercert}} + accept + +ev_tls: + accept logwrite = $event_name depth=$event_data \ + <${certextract {subject} {$tls_out_peercert}}> +# message = noooo + +ev_msg: + warn logwrite = $acl_arg1 $local_part warn logwrite = ${if !def:tls_out_ourcert \ - {NO CLENT CERT presented} \ + {NO CLIENT CERT presented} \ {Our cert SN: ${certextract{subject}{$tls_out_ourcert}}}} accept condition = ${if !def:tls_out_peercert} logwrite = No Peer cert accept logwrite = Peer cert: logwrite = ver <${certextract {version} {$tls_out_peercert}}> logwrite = SN <${certextract {subject} {$tls_out_peercert}}> + logwrite = SN; <${certextract {subject,>;} {$tls_out_peercert}}> + logwrite = SNCN<${certextract {subject,CN} {$tls_out_peercert}}> logwrite = IN <${certextract {issuer} {$tls_out_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_out_peercert}}> logwrite = NA <${certextract {notafter} {$tls_out_peercert}}> - logwrite = SA <${certextract {signature_algorithm}{$tls_out_peercert}}> + logwrite = SA <${certextract {sig_algorithm} {$tls_out_peercert}}> logwrite = SG <${certextract {signature} {$tls_out_peercert}}> - logwrite = ${certextract {subject_altname}{$tls_out_peercert}{SAN <$value>}{(no SAN)}} - logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} + logwrite = ${certextract {subj_altname} {$tls_out_peercert}{SAN <$value>}{(no SAN)}} +# logwrite = ${certextract {ocsp_uri} {$tls_out_peercert} {OCU <$value>}{(no OCU)}} logwrite = ${certextract {crl_uri} {$tls_out_peercert} {CRU <$value>}{(no CRU)}} +logger: + accept condition = ${if eq {msg} {${listextract{1}{$event_name}}}} + acl = ev_msg $event_name $acl_arg2 + accept condition = ${if eq {tls} {${listextract{1}{$event_name}}}} + message = ${acl {ev_tls}} + accept # ----- Routers ----- @@ -80,9 +103,10 @@ send_to_server: ${if eq {$local_part}{good}\ {example.com/server1.example.com/ca_chain.pem}\ {example.net/server1.example.net/ca_chain.pem}} + tls_try_verify_hosts = + tls_verify_cert_hostnames = - tpda_delivery_action = ${acl {logger} {delivery} {$domain} } - tpda_host_defer_action = ${acl {logger} {deferral} {$domain} } + event_action = ${acl {logger} {$event_name} {$domain} } # ----- Retry -----