X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/cfe93a9508babb25875c25b5eb3060a83ddf278e..854586e1495b0a0f4be2a561c419ec4671009dbd:/test/scripts/5840-DANE-OpenSSL/5840 diff --git a/test/scripts/5840-DANE-OpenSSL/5840 b/test/scripts/5840-DANE-OpenSSL/5840 index d1da54913..a86ec310c 100644 --- a/test/scripts/5840-DANE-OpenSSL/5840 +++ b/test/scripts/5840-DANE-OpenSSL/5840 @@ -25,10 +25,16 @@ killdaemon exim -DSERVER=server -DDETAILS=ta -bd -oX PORT_D **** ### TLSA (2 0 1) -exim -odq CALLER@mxdane256ta.test.ex +exim -odf CALLER@mxdane256ta.test.ex Testing **** -exim -qf +killdaemon +# +exim -DSERVER=server -DCERT=DIR/aux-fixed/exim-ca/example.com/server2.example.com/fullchain.pem -DALLOW=DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key -bd -oX PORT_D +**** +### TLSA (2 1 1) +exim -odf CALLER@mxdane256tak.test.ex +Testing **** killdaemon # @@ -47,7 +53,7 @@ killdaemon # Check we get a CV and TLS connection, with try_dane but no require_dane exim -DSERVER=server -DDETAILS=ca -bd -oX PORT_D **** -exim -odq CALLER@thishost.test.ex +exim -odf CALLER@thishost.test.ex Testing **** exim -DOPT=no_certname -qf @@ -61,14 +67,26 @@ exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D exim -odq CALLER@mxdanelazy.test.ex Testing **** -### A server lacking a TLSA, required +### A server lacking a TLSA, dane required (should fail) exim -odq CALLER@dane.no.1.test.ex Testing **** -### A server lacking a TLSA, requested only +### A server lacking a TLSA, dane requested only (should fail, as the NXDOMAIN is not DNSSEC) exim -odq CALLER@dane.no.2.test.ex Testing **** +### A server where the A is dnssec and the TLSA _fails_ +exim -odq CALLER@danebroken1.test.ex +Testing +**** +### A server securely saying "no TLSA records here", dane required (should fail) +exim -odq CALLER@dane.no.3.test.ex +Testing +**** +### A server securely saying "no TLSA records here", dane requested only (should transmit) +exim -odq CALLER@dane.no.4.test.ex +Testing +**** exim -qf **** killdaemon