X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/d502442ac32f8964f6cf86469869cecb035d12c0..e4a04f2a8de013abe125d9d04219343b0a32662e:/test/confs/2012 diff --git a/test/confs/2012 b/test/confs/2012 index 97dc25e75..f59b91a0c 100644 --- a/test/confs/2012 +++ b/test/confs/2012 @@ -3,14 +3,9 @@ SERVER= -exim_path = EXIM_PATH -host_lookup_order = bydns +.include DIR/aux-var/tls_conf_prefix + primary_hostname = myhost.test.ex -rfc1413_query_timeout = 0s -spool_directory = DIR/spool -log_file_path = DIR/spool/log/SERVER%slog -gecos_pattern = "" -gecos_name = CALLER_NAME FX = DIR/aux-fixed S1 = FX/exim-ca/example.com/server1.example.com @@ -98,38 +93,46 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA2 + tls_try_verify_hosts = + tls_verify_cert_hostnames = # this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = \ ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}} + tls_try_verify_hosts = + tls_verify_cert_hostnames = # this will fail to verify the cert but continue unverified though crypted send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA2 tls_try_verify_hosts = * + tls_verify_cert_hostnames = # this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted send_to_server_req_fail: @@ -137,36 +140,40 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 tls_verify_certificates = CA2 tls_verify_hosts = * - -# # this will fail to verify the cert name and fallback to unencrypted -# send_to_server_req_failname: -# driver = smtp -# allow_localhost -# hosts = HOSTIPV4 -# port = PORT_D -# tls_certificate = CERT2 -# tls_privatekey = CERT2 -# -# tls_verify_certificates = CA1 -# tls_verify_cert_hostnames = server1.example.net : server1.example.org -# tls_verify_hosts = * -# -# # this will pass the cert verify including name check -# send_to_server_req_passname: -# driver = smtp -# allow_localhost -# hosts = HOSTIPV4 -# port = PORT_D -# tls_certificate = CERT2 -# tls_privatekey = CERT2 -# -# tls_verify_certificates = CA1 -# tls_verify_cert_hostnames = noway.example.com : server1.example.com -# tls_verify_hosts = * + tls_verify_cert_hostnames = + + # this will fail to verify the cert name and fallback to unencrypted + send_to_server_req_failname: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = server1.example.net : server1.example.org + tls_verify_hosts = * + + # this will pass the cert verify including name check + send_to_server_req_passname: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + hosts_try_fastopen = : + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = noway.example.com : server1.example.com + tls_verify_hosts = * # End