From: Jeremy Harris Date: Mon, 13 Mar 2017 11:12:58 +0000 (+0000) Subject: Sync 4.next from master X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/d5c0d8c9374623620844d539d4810da63e9abca1?hp=0929ce9ca518b6987b63cf8659338ca434e07d9b Sync 4.next from master --- diff --git a/doc/doc-docbook/HowItWorks.txt b/doc/doc-docbook/HowItWorks.txt index c5e328a09..9fd197cac 100644 --- a/doc/doc-docbook/HowItWorks.txt +++ b/doc/doc-docbook/HowItWorks.txt @@ -150,7 +150,7 @@ at the time of writing): . w3m 0.5.2 - This is a text-oriented web brower. It is used to produce the ASCII form of + This is a text-oriented web browser. It is used to produce the ASCII form of the Exim documentation (spec.txt) from a specially-created HTML format. It seems to do a better job than lynx. diff --git a/doc/doc-docbook/Makefile b/doc/doc-docbook/Makefile index f456f80c9..d835db9ed 100644 --- a/doc/doc-docbook/Makefile +++ b/doc/doc-docbook/Makefile @@ -23,7 +23,7 @@ exim.8: spec.xml x2man ######################################################################## -# .PHONY doesn't work here, because it forces a rebuild of all dependend +# .PHONY doesn't work here, because it forces a rebuild of all dependent # targets, always. It sets the internal timestamp of its target to # now(). # But it may happen that local_params does not change diff --git a/doc/doc-docbook/Tidytxt b/doc/doc-docbook/Tidytxt index cfa692272..296cdad6a 100755 --- a/doc/doc-docbook/Tidytxt +++ b/doc/doc-docbook/Tidytxt @@ -7,7 +7,7 @@ use Getopt::Long; # For now we can't rely on a perl >= 5.14 on # the build sites, thus we throw away all unicode -# awarness and do the matching byte by byte +# awareness and do the matching byte by byte binmode STDIN; binmode STDOUT; diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 02ffec9d1..be93cf670 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -45,14 +45,14 @@ . Update the Copyright year (only) when changing content. . ///////////////////////////////////////////////////////////////////////////// -.set previousversion "4.88" +.set previousversion "4.89" .include ./local_params .set ACL "access control lists (ACLs)" .set I "    " .macro copyyear -2016 +2017 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -371,11 +371,13 @@ contributors. .section "Exim documentation" "SECID1" . Keep this example change bar when updating the documentation! +.new .cindex "documentation" This edition of the Exim specification applies to version &version() of Exim. Substantive changes from the &previousversion; edition are marked in some renditions of the document; this paragraph is so marked if the rendition is capable of showing a change indicator. +.wen This document is very much a reference manual; it is not a tutorial. The reader is expected to have some familiarity with the SMTP mail transfer protocol and @@ -434,6 +436,7 @@ directory are: .row &_filter.txt_& "specification of the filter language" .row &_Exim3.upgrade_& "upgrade notes from release 2 to release 3" .row &_Exim4.upgrade_& "upgrade notes from release 3 to release 4" +.row &_openssl.txt_& "installing a current OpenSSL release" .endtable The main specification and the specification of the filtering language are also @@ -3825,11 +3828,17 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option. It signifies that the remote host supports the ESMTP &_DSN_& extension. -.vitem &%-MCG%& +.vitem &%-MCG%&&~<&'queue&~name'&> .oindex "&%-MCG%&" This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option. It signifies that an -alternate queue is used, named by the following option. +alternate queue is used, named by the following argument. + +.vitem &%-MCK%& +.oindex "&%-MCK%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option. It signifies that an +remote host supports the ESMTP &_CHUNKING_& extension. .vitem &%-MCP%& .oindex "&%-MCP%&" @@ -3859,6 +3868,15 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option, and passes on the fact that the host to which Exim is connected supports TLS encryption. +.new +.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&> +.oindex "&%-MCt%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option, and passes on the fact that the +connection is being proxied by a parent process for handling TLS encryption. +The pair of arguments give the local address and port being proxied. +.wen + .vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~... .oindex "&%-Mc%&" .cindex "hints database" "not overridden by &%-Mc%&" @@ -4474,12 +4492,12 @@ The name should not contain a &'/'& character. For a periodic queue run (see below) append to the name a slash and a time value. -If other commandline options speicify an action, a &'-qG'& option +If other commandline options specify an action, a &'-qG'& option will specify a queue to operate on. For example: .code exim -bp -qGquarantine -mailq -qGquarantime +mailq -qGquarantine exim -qGoffpeak -Rf @special.domain.example .endd @@ -4918,7 +4936,9 @@ using this syntax: .endd on a line by itself. Double quotes round the file name are optional. If you use the first form, a configuration error occurs if the file does not exist; the -second form does nothing for non-existent files. In all cases, an absolute file +second form does nothing for non-existent files. +The first form allows a relative name. It is resolved relative to +the directory of the including file. For the second form an absolute file name is required. Includes may be nested to any depth, but remember that Exim reads its @@ -4937,11 +4957,6 @@ Include processing happens after macro processing (see below). Its effect is to process the lines of the included file as if they occurred inline where the inclusion appears. -Relative names are allowed with &`.include`&, and are resolved -relative to the directory of the including file. For security reasons -this is not allowed with &`.include_if_exists`&. To avoid confusion, it -is strongly recommended to use absolute names only. - .section "Macros in the configuration file" "SECTmacrodefs" @@ -6731,8 +6746,8 @@ PostgreSQL database. See section &<>&. .next .cindex "Redis lookup type" .cindex lookup Redis -&(redis)&: The format of the query is an SQL statement that is passed to a -Redis database. See section &<>&. +&(redis)&: The format of the query is either a simple get or simple set, +passed to a Redis database. See section &<>&. .next .cindex "sqlite lookup type" @@ -7110,7 +7125,7 @@ Retries for the dnsdb lookup can be controlled by a retry modifier. The form if &"retry_VAL"& where VAL is an integer. The default count is set by the main configuration option &%dns_retry%&. -.cindex cacheing "of dns lookup" +.cindex caching "of dns lookup" .cindex TTL "of dns lookup" .cindex DNS TTL Dnsdb lookup results are cached within a single process (and its children). @@ -7805,6 +7820,17 @@ are rejected after a timeout period, during which the SQLite library waits for the lock to be released. In Exim, the default timeout is set to 5 seconds, but it can be changed by means of the &%sqlite_lock_timeout%& option. + +.section "More about Redis" "SECTredis" +.cindex "lookup" "Redis" +.cindex "redis lookup type" +Redis is a non-SQL database. Commands are simple get and set. +Examples: +.code +${lookup redis{set keyname ${quote_redis:objvalue plus}}} +${lookup redis{get keyname}} +.endd + .ecindex IIDfidalo1 .ecindex IIDfidalo2 @@ -9105,7 +9131,7 @@ If the ACL returns defer the result is a forced-fail. Otherwise the expansion f .vitem "&*${certextract{*&<&'field'&>&*}{*&<&'certificate'&>&*}&&& {*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&" -.cindex "expansion" "extracting cerificate fields" +.cindex "expansion" "extracting certificate fields" .cindex "&%certextract%&" "certificate fields" .cindex "certificate" "extracting fields" The <&'certificate'&> must be a variable of type certificate. @@ -9423,17 +9449,13 @@ filter. Header lines that are added to a particular copy of a message by a router or transport are not accessible. For incoming SMTP messages, no header lines are visible in -.new ACLs that are obeyed before the data phase completes, -.wen because the header structure is not set up until the message is received. They are visible in DKIM, PRDR and DATA ACLs. Header lines that are added in a RCPT ACL (for example) are saved until the message's incoming header lines are available, at which point they are added. -.new When any of the above ACLs ar -.wen running, however, header lines added by earlier ACLs are visible. Upper case and lower case letters are synonymous in header names. If the @@ -9761,7 +9783,7 @@ locks out the use of this expansion item in filter files. .vitem "&*${readsocket{*&<&'name'&>&*}{*&<&'request'&>&*}&&& - {*&<&'timeout'&>&*}{*&<&'eol&~string'&>&*}{*&<&'fail&~string'&>&*}}*&" + {*&<&'options'&>&*}{*&<&'eol&~string'&>&*}{*&<&'fail&~string'&>&*}}*&" .cindex "expansion" "inserting from a socket" .cindex "socket, use of in expansion" .cindex "&%readsocket%& expansion item" @@ -9791,6 +9813,15 @@ extend what can be done. Firstly, you can vary the timeout. For example: .code ${readsocket{/socket/name}{request string}{3s}} .endd +The third argument is a list of options, of which the first element is the timeout +and must be present if the argument is given. +Further elements are options of form &'name=value'&. +One option type is currently recognised, defining whether (the default) +or not a shutdown is done on the connection after sending the request. +Example, to not do so (preferred, eg. by some webservers): +.code +${readsocket{/socket/name}{request string}{3s:shutdown=no}} +.endd A fourth argument allows you to change any newlines that are in the data that is read, in the same way as for &%readfile%& (see above). This example turns them into spaces: @@ -12210,7 +12241,7 @@ normally the gid of the Exim user. .cindex "uid (user id)" "of originating user" .cindex "sender" "uid" .vindex "&$caller_uid$&" -.vindex "&$originaltor_uid$&" +.vindex "&$originator_uid$&" The value of &$caller_uid$& that was set when the message was received. For messages received via the command line, this is the uid of the sending user. For messages received by SMTP over TCP/IP, this is normally the uid of the Exim @@ -12257,7 +12288,7 @@ qualified host name. See also &$smtp_active_hostname$&. &$proxy_local_port$& &&& &$proxy_session$& These variables are only available when built with Proxy Protocol -or Socks5 support +or SOCKS5 support. For details see chapter &<>&. .vitem &$prdr_requested$& @@ -12607,6 +12638,11 @@ validating resolver (e.g. unbound, or bind with suitable configuration). If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. +This requires that your system resolver library support EDNS0 (and that +DNSSEC flags exist in the system headers). If the resolver silently drops +all EDNS0 options, then this will have no effect. OpenBSD's asr resolver +is known to currently ignore EDNS0, documented in CAVEATS of asr_run(3). + .vitem &$sender_host_name$& .vindex "&$sender_host_name$&" @@ -12828,7 +12864,7 @@ If TLS has not been negotiated, the value will be 0. .vitem &$tls_in_ourcert$& .vindex "&$tls_in_ourcert$&" -.cindex certificate veriables +.cindex certificate variables This variable refers to the certificate presented to the peer of an inbound connection when the message was received. It is only useful as the argument of a @@ -13098,7 +13134,7 @@ initial startup, even if &%perl_at_start%& is set. .oindex "&%perl_taintmode%&" .cindex "Perl" "taintmode" To provide more security executing Perl code via the embedded Perl -interpeter, the &%perl_taintmode%& option can be set. This enables the +interpreter, the &%perl_taintmode%& option can be set. This enables the taint mode of the Perl interpreter. You are encouraged to set this option to a true value. To avoid breaking existing installations, it defaults to false. @@ -13528,6 +13564,7 @@ listed in more than one group. .section "Miscellaneous" "SECID96" .table2 .row &%bi_command%& "to run for &%-bi%& command line option" +.row &%debug_store%& "do extra internal checks" .row &%disable_ipv6%& "do no IPv6 processing" .row &%keep_malformed%& "for broken files &-- should not happen" .row &%localhost_number%& "for unique message ids in clusters" @@ -14018,6 +14055,7 @@ acknowledgment is sent. See chapter &<>& for further details. .option acl_smtp_dkim main string&!! unset .cindex DKIM "ACL for" This option defines the ACL that is run for each DKIM signature +(by default, or as specified in the dkim_verify_signers option) of a received message. See chapter &<>& for further details. @@ -14405,7 +14443,7 @@ it obviously cannot send an error message of any kind. There is a slight performance penalty for these checks. Versions of Exim preceding 4.88 had these disabled by default; -high-rate intallations confident they will never run out of resources +high-rate installations confident they will never run out of resources may wish to deliberately disable them. .option chunking_advertise_hosts main "host list&!!" * @@ -14415,6 +14453,13 @@ The CHUNKING extension (RFC3030) will be advertised in the EHLO message to these hosts. Hosts may use the BDAT command as an alternate to DATA. +.option debug_store main boolean &`false`& +.cindex debugging "memory corruption" +.cindex memory debugging +This option, when true, enables extra checking in Exim's internal memory +management. For use when a memory corruption issue is being investigated, +it should normally be left as default. + .option daemon_smtp_ports main string &`smtp`& .cindex "port" "for daemon" .cindex "TCP/IP" "setting listening ports" @@ -14664,6 +14709,7 @@ record in the authoritative section is used instead. .option dns_use_edns0 main integer -1 .cindex "DNS" "resolver options" .cindex "DNS" "EDNS0" +.cindex "DNS" "OpenBSD If this option is set to a non-negative number then Exim will initialise the DNS resolver library to either use or not use EDNS0 extensions, overriding the system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0 @@ -14671,6 +14717,10 @@ on. If the resolver library does not support EDNS0 then this option has no effect. +OpenBSD's asr resolver routines are known to ignore the EDNS0 option; this +means that DNSSEC will not work with Exim on that platform either, unless Exim +is linked against an alternative DNS client library. + .option drop_cr main boolean false This is an obsolete option that is now a no-op. It used to affect the way Exim @@ -15294,6 +15344,7 @@ connecting on a regular LDAP port. This is the LDAP equivalent of SMTP's of SSL-on-connect. In the event of failure to negotiate TLS, the action taken is controlled by &%ldap_require_cert%&. +This option is ignored for &`ldapi`& connections. .option ldap_version main integer unset @@ -16710,7 +16761,7 @@ example, instead of &"Administrative prohibition"&, it might give: .option smtputf8_advertise_hosts main "host list&!!" * .cindex "SMTPUTF8" "advertising" When Exim is built with support for internationalised mail names, -the availability therof is advertised in +the availability thereof is advertised in response to EHLO only to those client hosts that match this option. See chapter &<>& for details of Exim's support for internationalisation. @@ -16867,6 +16918,7 @@ generates any deliveries to files or pipes, or any new mail messages, the appropriate &%system_filter_..._transport%& option(s) must be set, to define which transports are to be used. Details of this facility are given in chapter &<>&. +A forced expansion failure results in no filter operation. .option system_filter_directory_transport main string&!! unset @@ -17109,7 +17161,8 @@ acceptable bound from 1024 to 2048. .option tls_eccurve main string&!! &`auto`& .cindex TLS "EC cryptography" -This option selects a EC curve for use by Exim. +This option selects a EC curve for use by Exim when used with OpenSSL. +It has no effect when Exim is used with GnuTLS. After expansion it must contain a valid EC curve parameter, such as &`prime256v1`&, &`secp384r1`&, or &`P-512`&. Consult your OpenSSL manual @@ -21003,7 +21056,7 @@ The control does not apply to shadow transports. .cindex "hints database" "transport concurrency control" Exim implements this control by means of a hints database in which a record is -incremented whenever a transport process is beaing created. The record +incremented whenever a transport process is being created. The record is decremented and possibly removed when the process terminates. Obviously there is scope for records to get left lying around if there is a system or program crash. To @@ -23260,10 +23313,8 @@ message_suffix = &`\n`& to &`\r\n`& in &%message_suffix%&. -.option path pipe string&!! "bin:/usr/bin" -.new +.option path pipe string&!! "/bin:/usr/bin" This option is expanded and -.wen specifies the string that is set up in the PATH environment variable of the subprocess. If the &%command%& option does not yield an absolute path name, the command is @@ -23893,6 +23944,25 @@ been started will not be passed to a new delivery process for sending another message on the same connection. See section &<>& for an explanation of when this might be needed. +.new +.option hosts_noproxy_tls smtp "host list&!!" * +.cindex "TLS" "passing connection" +.cindex "multiple SMTP deliveries" +.cindex "TLS" "multiple message deliveries" +For any host that matches this list, a TLS session which has +been started will not be passed to a new delivery process for sending another +message on the same session. + +The traditional implementation closes down TLS and re-starts it in the new +process, on the same open TCP connection, for each successive message +sent. If permitted by this option a pipe to to the new process is set up +instead, and the original process maintains the TLS connection and proxies +the SMTP connection from and to the new process and any subsequents. +The new process has no access to TLS information, so cannot include it in +logging. +.wen + + .option hosts_override smtp boolean false If this option is set and the &%hosts%& option is also set, any hosts that are @@ -23967,12 +24037,12 @@ unauthenticated. See also &%hosts_require_auth%&, and chapter .cindex "RFC 3030" "CHUNKING" This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. -BDAT will not be used in conjuction with a transport filter. +BDAT will not be used in conjunction with a transport filter. .option hosts_try_fastopen smtp "host list!!" unset -.option "fast open, TCP" "enabling, in client" -.option "TCP Fast Open" "enabling, in client" -.option "RFC 7413" "TCP Fast Open" +.cindex "fast open, TCP" "enabling, in client" +.cindex "TCP Fast Open" "enabling, in client" +.cindex "RFC 7413" "TCP Fast Open" This option provides a list of servers to which, provided the facility is supported by this system, Exim will attempt to perform a TCP Fast Open. @@ -25861,6 +25931,17 @@ turned into a permanent error if you wish. In the second case, Exim tries to deliver the message unauthenticated. .endlist +Note that the hostlist test for whether to do authentication can be +confused if name-IP lookups change between the time the peer is decided +on and the transport running. For example, with a manualroute +router given a host name, and DNS "round-robin" use by that name: if +the local resolver cache times out between the router and the transport +running, the transport may get an IP for the name for its authentication +check which does not match the connection peer IP. +No authentication will then be done, despite the names being identical. + +For such cases use a separate transport which always authenticates. + .cindex "AUTH" "on MAIL command" When Exim has authenticated itself to a remote server, it adds the AUTH parameter to the MAIL commands it sends, if it has an authenticated sender for @@ -27132,10 +27213,12 @@ tls_require_ciphers = ${if =={$received_port}{25}\ .cindex "TLS" "configuring an Exim server" When Exim has been built with TLS support, it advertises the availability of the STARTTLS command to client hosts that match &%tls_advertise_hosts%&, -but not to any others. The default value of this option is unset, which means -that STARTTLS is not advertised at all. This default is chosen because you -need to set some other options in order to make TLS available, and also it is -sensible for systems that want to use TLS only as a client. +but not to any others. The default value of this option is *, which means +that STARTTLS is alway advertised. Set it to blank to never advertise; +this is reasonble for systems that want to use TLS only as a client. + +If STARTTLS is to be used you +need to set some other options in order to make TLS available. If a client issues a STARTTLS command and there is some configuration problem in the server, the command is rejected with a 454 error. If the client @@ -27532,7 +27615,7 @@ Great care should be taken to deal with matters of case, various injection attacks in the string (&`../`& or SQL), and ensuring that a valid filename can always be referenced; it is important to remember that &$tls_in_sni$& is arbitrary unverified data provided prior to authentication. -Further, the initial cerificate is loaded before SNI is arrived, so +Further, the initial certificate is loaded before SNI is arrived, so an expansion for &%tls_certificate%& must have a default which is used when &$tls_in_sni$& is empty. @@ -28076,6 +28159,9 @@ run. A &"discard"& return from the DATA or the non-SMTP ACL discards all the remaining recipients. The &"discard"& return is not permitted for the &%acl_smtp_predata%& ACL. +If the ACL for VRFY returns &"accept"&, a recipient verify (without callout) +is done on the address and the result determines the SMTP response. + .cindex "&[local_scan()]& function" "when all recipients discarded" The &[local_scan()]& function is always run, even if there are no remaining @@ -28895,7 +28981,9 @@ message body. Cutthrough delivery is not supported via transport-filters or when DKIM signing of outgoing messages is done, because it sends data to the ultimate destination before the entire message has been received from the source. -It is not supported for messages received with the SMTP PRDR option in use. +It is not supported for messages received with the SMTP PRDR +or CHUNKING +options in use. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. @@ -28909,7 +28997,7 @@ This behaviour can be adjusted by appending the option &*defer=*&<&'value'&> to the control; the default value is &"spool"& and the alternate value &"pass"& copies an SMTP defer response from the target back to the initiator and does not queue the message. -Note that this is independent of any receipient verify conditions in the ACL. +Note that this is independent of any recipient verify conditions in the ACL. Delivery in this mode avoids the generation of a bounce mail to a (possibly faked) @@ -29746,6 +29834,13 @@ to avoid doing it more than once per message. .cindex "&%verify%& ACL condition" This is a variation of the previous option, in which a modified address is verified as a sender. + +Note that '/' is legal in local-parts; if the address may have such +(eg. is generated from the received message) +they must be protected from the options parsing by doubling: +.code +verify = sender=${sg{${address:$h_sender:}}{/}{//}} +.endd .endlist @@ -29805,7 +29900,7 @@ deny dnslists = blackholes.mail-abuse.org warn message = X-Warn: sending host is on dialups list dnslists = dialups.mail-abuse.org .endd -.cindex cacheing "of dns lookup" +.cindex caching "of dns lookup" .cindex DNS TTL DNS list lookups are cached by Exim for the duration of the SMTP session (but limited by the DNS return TTL value), @@ -29918,7 +30013,7 @@ multiple DNS records. The inner dnsdb lookup produces a list of MX hosts and the outer dnsdb lookup finds the IP addresses for these hosts. The result of expanding the condition might be something like this: .code -dnslists = sbl.spahmaus.org/<|192.168.2.3|192.168.5.6|... +dnslists = sbl.spamhaus.org/<|192.168.2.3|192.168.5.6|... .endd Thus, this example checks whether or not the IP addresses of the sender domain's mail servers are on the Spamhaus black list. @@ -31444,6 +31539,18 @@ av_scanner = f-protd:localhost 10200-10204 .endd If you omit the argument, the default values show above are used. +.new +.vitem &%f-prot6d%& +.cindex "virus scanners" "f-prot6d" +The f-prot6d scanner is accessed using the FPSCAND protocol over TCP. +One argument is taken, being a space-separated hostname and port number. +For example: +.code +av_scanner = f-prot6d:localhost 10200 +.endd +If you omit the argument, the default values show above are used. +.wen + .vitem &%fsecure%& .cindex "virus scanners" "F-Secure" The F-Secure daemon scanner (&url(http://www.f-secure.com)) takes one @@ -35660,6 +35767,12 @@ SMTP RCPT commands in one transaction) the second and subsequent addresses are flagged with &`->`& instead of &`=>`&. When two or more messages are delivered down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages. +.new +When two or more messages are delivered down a single TLS connection, the +TLS-related information logged for the first message delivered +(which may not be the earliest line in the log) +will not be present in the log lines for the second and subsequent messages. +.wen .cindex "delivery" "cutthrough; logging" .cindex "cutthrough" "logging" @@ -36011,7 +36124,7 @@ The latter can be disabled by turning off the &%outgoing_interface%& option. &%proxy%&: The internal (closest to the system running Exim) IP address of the proxy, tagged by PRX=, on the &"<="& line for a message accepted on a proxied connection -or the &"=>"& line for a message delivered on a proxied connection.. +or the &"=>"& line for a message delivered on a proxied connection. See &<>& for more information. .next .cindex "log" "incoming remote port" @@ -36042,7 +36155,7 @@ off the &%outgoing_interface%& option. .next .cindex "log" "outgoing remote port" .cindex "port" "logging outgoint remote" -.cindex "TCP/IP" "logging ougtoing remote port" +.cindex "TCP/IP" "logging outgoing remote port" &%outgoing_port%&: The remote port number is added to delivery log lines (those containing => tags) following the IP address. The local port is also added if &%incoming_interface%& and @@ -37871,9 +37984,8 @@ lock will be lost at the instant of rename. .next .vindex "&$body_linecount$&" If you change the number of lines in the file, the value of -&$body_linecount$&, which is stored in the -H file, will be incorrect. At -present, this value is not used by Exim, but there is no guarantee that this -will always be the case. +&$body_linecount$&, which is stored in the -H file, will be incorrect and can +cause incomplete transmission of messages or undeliverable messages. .next If the message is in MIME format, you must take care not to break it. .next @@ -38486,9 +38598,9 @@ To include this support, include &"SUPPORT_PROXY=yes"& in Local/Makefile. It was built on specifications from: -http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +(&url(http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)). That URL was revised in May 2014 to version 2 spec: -http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=afb768340c9d7e50d8e +(&url(http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=afb768340c9d7e50d8e)). The purpose of this facility is so that an application load balancer, such as HAProxy, can sit in front of several Exim servers @@ -38502,6 +38614,13 @@ recorded in an ACL (example is below). Use of a proxy is enabled by setting the &%hosts_proxy%& main configuration option to a hostlist; connections from these hosts will use Proxy Protocol. +Exim supports both version 1 and version 2 of the Proxy Protocol and +automatically determines which version is in use. + +The Proxy Protocol header is the first data received on a TCP connection +and is inserted before any TLS-on-connect handshake from the client; Exim +negotiates TLS between Exim-as-server and the remote client, not between +Exim and the proxy server. The following expansion variables are usable (&"internal"& and &"external"& here refer to the interfaces @@ -38509,9 +38628,9 @@ of the proxy): .display &'proxy_external_address '& IP of host being proxied or IP of remote interface of proxy &'proxy_external_port '& Port of host being proxied or Port on remote interface of proxy -&'proxy_local_address '& IP of proxy server inbound or IP of local interface of proxy -&'proxy_local_port '& Port of proxy server inbound or Port on local interface of proxy -&'proxy_session '& boolean: SMTP connection via proxy +&'proxy_local_address '& IP of proxy server inbound or IP of local interface of proxy +&'proxy_local_port '& Port of proxy server inbound or Port on local interface of proxy +&'proxy_session '& boolean: SMTP connection via proxy .endd If &$proxy_session$& is set but &$proxy_external_address$& is empty there was a protocol error. @@ -38622,6 +38741,10 @@ Exim has support for Internationalised mail names. To include this it must be built with SUPPORT_I18N and the libidn library. Standards supported are RFCs 2060, 5890, 6530 and 6533. +If Exim is built with SUPPORT_I18N_2008 (in addition to SUPPORT_I18N, not +instead of it) then IDNA2008 is supported; this adds an extra library +requirement, upon libidn2. + .section "MTA operations" SECTi18nMTA .cindex SMTPUTF8 "ESMTP option" The main configuration option &%smtputf8_advertise_hosts%& specifies @@ -38794,7 +38917,7 @@ can be used to affect that action (more on this below). An additional variable, &$event_data$&, is filled with information varying with the event type: .display -&`msg:delivery `& smtp confirmation mssage +&`msg:delivery `& smtp confirmation message &`msg:rcpt:host:defer `& error string &`msg:rcpt:defer `& error string &`msg:host:defer `& error string diff --git a/doc/doc-misc/Ext-maildir++ b/doc/doc-misc/Ext-maildir++ index b2fc58045..1ee8e981e 100644 --- a/doc/doc-misc/Ext-maildir++ +++ b/doc/doc-misc/Ext-maildir++ @@ -41,7 +41,7 @@ HOWTO.maildirquota Furthermore, this quota mechanism is not 100% effective. It is possible to have a situation where someone may go over quota. This - quota implementation uses a deliverate trade-off. It is necessary to + quota implementation uses a deliberate trade-off. It is necessary to use some form of locking in order to have a complete bulletproof quota enforcement, but maildirs mail stores were explicitly designed to avoid any kind of locking. This quota approach does not use locking, @@ -330,7 +330,7 @@ Calculating the quota for a Maildir++ quota recalculation ended up removing maildirsize due to a race condition, so the caller may or may not get a file descriptor together with the Maildir++ size. - 4. If the numbers we got indicated that the Maidlir++ is over quota, + 4. If the numbers we got indicated that the Maildir++ is over quota, some additional logic is in order: if we did not recalculate maildirsize, if the numbers in maildirsize indicated that we are over quota, then if maildirsize was more than one line long, or if diff --git a/doc/doc-misc/Ext-mbx-locking b/doc/doc-misc/Ext-mbx-locking index f1b0523f6..9ef684026 100644 --- a/doc/doc-misc/Ext-mbx-locking +++ b/doc/doc-misc/Ext-mbx-locking @@ -43,7 +43,7 @@ writeable memory between such processes. A means of communicating this is by use of a file with a mutually agreed upon name. A binary semaphore can be passed by means of the -existance or non-existance of that file, provided that there is an +existence or non-existence of that file, provided that there is an atomic means to create a file if and only if that file does not exist. In C terms: @@ -81,7 +81,7 @@ locks held by that process when it terminates. exclusive (provided there are no other shared users of the lock) and to downgrade an exclusive lock to shared. It is important that at no time is the lock ever removed; a process upgrading to exclusive must -not relenquish its shared lock. +not relinquish its shared lock. Most commonly, the resources being locked are files. Shared locks are particularly important with files; multiple simultaneous diff --git a/doc/doc-misc/RFC.conform b/doc/doc-misc/RFC.conform index 91683cf9e..1ddd5b33d 100644 --- a/doc/doc-misc/RFC.conform +++ b/doc/doc-misc/RFC.conform @@ -98,7 +98,7 @@ enclosed in <> characters, so a header such as From: @a,@b:c@d -is syntactally invalid. Exim does not enforce this restriction. +is syntactically invalid. Exim does not enforce this restriction. 1.6 Local parts [3.4.1] @@ -243,7 +243,7 @@ MTA for the same message. [Multihomed host addresses should not be randomized.] Exim does randomize a list of several addresses for a single host, because -caching in resolvers will defeat the round-robinning that many namerservers +caching in resolvers will defeat the round-robinning that many nameservers use. (Note: this is not the same as randomizing equal-valued MX records. That is required by the RFC.) diff --git a/doc/doc-misc/TexiNotes b/doc/doc-misc/TexiNotes index 542f8ed93..0c056e4d9 100644 --- a/doc/doc-misc/TexiNotes +++ b/doc/doc-misc/TexiNotes @@ -12,7 +12,7 @@ by @@ @{ and @} if required. @copyright{} for copyright -@minus{} is a slighly longer minus sign +@minus{} is a slightly longer minus sign Input file ends with .texinfo usually. diff --git a/doc/doc-misc/WishList b/doc/doc-misc/WishList index e266116ea..28ae7332f 100644 --- a/doc/doc-misc/WishList +++ b/doc/doc-misc/WishList @@ -171,8 +171,8 @@ So the admin can pass back a reason. mark david mcCreary "I use the syntax_errors_to feature to email a copy of the error message. -It would be helpful to have the X-Failed-Receipients header in there, -identifying which addreses(s) are the problem, so that I don't have to +It would be helpful to have the X-Failed-Recipients header in there, +identifying which address(es) are the problem, so that I don't have to parse the body of the email message to figure out which addresses." ------------------------------------------------------------------------------ @@ -620,7 +620,7 @@ Joachim Wieland Is this really worth it? A per-transport value is also suggested - that would mean remembering the value with each failed address and taking a minimum or -a maximimum (which?). +a maximum (which?). ------------------------------------------------------------------------------ (24) 21-Feb-02 ? A way of testing TLS using -bh @@ -815,7 +815,7 @@ logs the IP of the sending host in the => line?" Also requested was amount of data transmitted for a non-delivery attempt. ------------------------------------------------------------------------------ -(69) 03-Jul-02 T Log selector to log whoson checs +(69) 03-Jul-02 T Log selector to log whoson checks Matt Bernstein "I'd quite like a log_selector option which could spot you'd done a whoson @@ -989,7 +989,7 @@ a list defer. Peter A. Savitch OpenLDAP 2.1 is going to be more popular (2.1.9 is available with many -bug fixes). TLS-enabled LDAP is an interesting and usefull thing. +bug fixes). TLS-enabled LDAP is an interesting and useful thing. I can try to implement some things and send the patches, like with ldapi. @@ -1302,7 +1302,7 @@ option, for use with multiple Exim daemons. See also 333. ------------------------------------------------------------------------------ -(214) 05-Nov-03 S Put the wild part of local part prefix/suffx in variables +(214) 05-Nov-03 S Put the wild part of local part prefix/suffix in variables Unfortunately, this isn't quite as trivial as it seems. ------------------------------------------------------------------------------ @@ -1608,7 +1608,7 @@ how useful this would actually be in practice. (292) 13-Aug-04 M Overall timeout for message reception -A client could in priciple keep an SMTP connection open for a very long time by +A client could in principle keep an SMTP connection open for a very long time by trickling in data very slowly. Also, after message_size_limit is exceeded, Exim continues to swallow the data (though it does not write it to disk) until the end is reached. Again, the connection could be held open for a very long time. @@ -2051,8 +2051,8 @@ This is what was suggested: This should be very simple to implement and will allow to make some experiments and implement custom extensions, i.e. one to known if remote client will redirect on 551 or not. Also the acl -for unknown smpt command could be used for other purposes, like -to dectect and react to some kiddies that send things like +for unknown smtp command could be used for other purposes, like +to detect and react to some kiddies that send things like http://... on the smtp port. ------------------------------------------------------------------------------ --- HWM 355 ------------------------------------------------------------------ diff --git a/doc/doc-scripts/f2h b/doc/doc-scripts/f2h index 6e53480bb..221a80194 100755 --- a/doc/doc-scripts/f2h +++ b/doc/doc-scripts/f2h @@ -83,7 +83,7 @@ return $s; # We want to read the file paragraph by paragraph; Perl only does this if the # separating lines are truly blank. Having been caught by lines containing -# whitespace before, do a detrailing pass first. +# whitespace before, do a de-trailing pass first. open(IN, "$ARGV[0]") || die "can't open $ARGV[0] (preliminary)\n"; open(OUT, ">$ARGV[0]-$$") || die "can't open $ARGV[0]-$$\n"; @@ -298,7 +298,7 @@ while ($_ = ) next; } - # If a paragraph begins ==> it is a display which must remain verbatin + # If a paragraph begins ==> it is a display which must remain verbatim # and not be reformatted. The flag gets turned into spaces. if ($_ =~ /^==>/) diff --git a/doc/doc-scripts/f2txt b/doc/doc-scripts/f2txt index 4f24f7b3f..7fb7292a5 100755 --- a/doc/doc-scripts/f2txt +++ b/doc/doc-scripts/f2txt @@ -55,7 +55,7 @@ return $s; # We want to read the file paragraph by paragraph; Perl only does this if the # separating lines are truly blank. Having been caught by lines containing -# whitespace before, do a detrailing pass first. +# whitespace before, do a de-trailing pass first. open(IN, "$ARGV[0]") || die "can't open $ARGV[0] (preliminary)\n"; open(OUT, ">$ARGV[0]-$$") || die "can't open $ARGV[0]-$$\n"; @@ -82,7 +82,7 @@ while ($_ = ) next if /^\#\#/; - # If a paragraph begins ==> it is a display which must remain verbatin + # If a paragraph begins ==> it is a display which must remain verbatim # and not be reformatted. The flag gets turned into spaces. if ($_ =~ /^==>/) diff --git a/doc/doc-scripts/fc2k b/doc/doc-scripts/fc2k index 0b977fc87..a1a3537ad 100755 --- a/doc/doc-scripts/fc2k +++ b/doc/doc-scripts/fc2k @@ -213,7 +213,7 @@ while () # We want to chop excessively long entries on either side. We can't set # a fixed length because of the HTML control data. Call a function to # add the given length to allow for HTML stuff. This is crude, but it - # does roughtly the right thing. + # does roughly the right thing. my($leftlen) = &setlen(70, $pretext); my($rightlen) = &setlen(70, $posttext); diff --git a/doc/doc-scripts/g2t b/doc/doc-scripts/g2t index 2f2ac449b..c840ac64f 100755 --- a/doc/doc-scripts/g2t +++ b/doc/doc-scripts/g2t @@ -725,7 +725,7 @@ while (<>) # "-". If we triple it in the menu it gets displayed OK, but building # software complains about non-existent cross references etc. - # I have gone for the horrid kludge of turning it into "-" + # I have gone for the horrid kludge of turning it into "-" # in the menus and nodes. # Exim 4 has added --help, which has the same problem. diff --git a/doc/doc-src/ABOUT b/doc/doc-src/ABOUT index e94c804a6..607f38520 100644 --- a/doc/doc-src/ABOUT +++ b/doc/doc-src/ABOUT @@ -4,7 +4,7 @@ Exim repository: doc/doc-src This directory contains documentation files that are processed in some way in order to make the documentation files that form part of Exim distributions. A non-standard document processor (SGCAL) was used up to and including release -4.50 of Exim to process the sources for the manual and filter docuement. +4.50 of Exim to process the sources for the manual and filter document. Subsequent documentation releases operate using DocBook input, so these files are now historical relics. The FAQ source is still (June 2005) current, but may be superseded in due course. diff --git a/doc/doc-src/FAQ.src b/doc/doc-src/FAQ.src index 9280e0314..1d43cbcd2 100644 --- a/doc/doc-src/FAQ.src +++ b/doc/doc-src/FAQ.src @@ -912,7 +912,7 @@ A0047: \-bz-\ is a Sendmail option requesting it to create a `configuration free ==> /usr/lib/sendmail -bz - in some start-up script (e.g. \(/etc/init.d/mail)\) immedately before + in some start-up script (e.g. \(/etc/init.d/mail)\) immediately before ==> /usr/lib/sendmail -bd -q15m @@ -2117,7 +2117,7 @@ A0301: They mean exactly what they say. Exim expected to route an address to a with MX records pointing to \"localhost"\ (or other names with A records that specify 127.0.0.1), which causes this behaviour. You can use the \ignore_target_hosts\ option to get Exim to ignore these records. The - default contiguration does this. For more discussion, see Q0319. For + default configuration does this. For more discussion, see Q0319. For other cases: (1) If the domain is meant to be handled as a local domain, there @@ -3452,7 +3452,7 @@ A0510: \^elspy^\ is a layer of glue code that enables you to write Python code to scan email messages at SMTP time. \^elspy^\ also includes a small Python library with common mail-scanning tools, including an interface to SpamAssassin and a simple but effective virus detector. You can - optain \^elspy^\ from \?http://elspy.sourceforge.net/?\. + obtain \^elspy^\ from \?http://elspy.sourceforge.net/?\. Q0511: Whenever my system filter uses a \mail\ command to send a message, I get @@ -3543,7 +3543,7 @@ A0601: Whenever Exim does a local delivery, it runs a process under a specific ==> majordomo: |/local/mail/majordomo ... then Exim has to be told what uid/gid to use for the delivery. This can - be done either on the routerr that handles the address, or on the + be done either on the router that handles the address, or on the transport that actually does the delivery. If a pipe is going to run a setuid program, then it doesn't matter what uid Exim starts it out with, and so the most straightforward thing is to put @@ -3617,7 +3617,7 @@ A0603: Q0601 contains background information on this. If you are using, say, an Q0604: I want to use MMDF-style mailboxes. How can I get Exim to append the - ctrl-A characters that separate indvidual emails? + ctrl-A characters that separate individual emails? A0604: Set the \message_suffix\ option in the \%appendfile%\ transport. In fact, for MMDF mailboxes you need a prefix as well as a suffix to get it @@ -3660,7 +3660,7 @@ Q0606: I'm using tmail to do local deliveries, but when I turned on the \use_crlf\ option on the \%pipe%\ transport (tmail prefers \"@\r@\n"\ terminations) message bodies started to vanish. -A0606: You need to unset the \mesage_prefix\ option, or change it so that its +A0606: You need to unset the \message_prefix\ option, or change it so that its default \"@\n"\ terminator becomes \"@\r@\n"\. For example, the transport could be: @@ -5038,7 +5038,7 @@ A0806: The value of \$domain$\ is the actual domain that appears in the address. but it is important to some people - especially if by some unfortunate accident the lowercased word is something indecent. - You can trivally force lower casing by means of the \"${lc:"\ operator. + You can trivially force lower casing by means of the \"${lc:"\ operator. Instead of \"$domain"\ write \"${lc:$domain}"\. @@ -5099,7 +5099,7 @@ A0905: You can only do this in a round about way, using filter commands like ==> headers add "New-Subject: SPAM: $h_subject:" headers remove subject - neaders add "Subject: $h_new-subject:" + headers add "Subject: $h_new-subject:" headers remove new-subject This trick works only in system filters, where the commands are obeyed diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 5427392b9..5b5dcbd7f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,19 +1,152 @@ Change log file for Exim from version 4.21 -------------------------------------------- +------------------------------------------ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. + +Exim version 4.90 +----------------- + +JH/01 Rework error string handling in TLS interface so that the caller in + more cases is responsible for logging. This permits library-sourced + string to be attached to addresses during delivery, and collapses + pairs of long lines into single ones. + +PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly + during configuration. Wildcards are allowed and expanded. + +JH/02 Rework error string handling in DKIM to pass more info back to callers. + This permits better logging. + +JH/03 Rework the transport continued-connection mechanism: when TLS is active, + do not close it down and have the child transport start it up again on + the passed-on TCP connection. Instead, proxy the child (and any + subsequent ones) for TLS via a unix-domain socket channel. Logging is + affected: the continued delivery log lines do not have any DNSSEC, TLS + cipher, Certificate or OCSP information. + +JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of + identical IP addresses on different listening ports. Will also affect + "exiwhat" output. + +PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers; + add noisy ifdef guards to special-case this sillyness. + Patch from Bernd Kuhls. + + Exim version 4.89 -------------------- +----------------- + JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules - than -2003 did; needs libidn2 in addition to linidn. + than -2003 did; needs libidn2 in addition to libidn. JH/02 The path option on a pipe transport is now expanded before use. +PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections. + Patch provided by "Björn", documentation fix added too. + +JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was + missing a wire-to-host endian conversion. + +JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following + close after a BDAT command line could be taken as a following command, + giving a synch failure. Fix by only checking for synch immediately + before acknowledging the chunk. + +PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of + no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR + macro. Patches provided by Josh Soref. + +JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined. + Previously we did not; the RFC seems ambiguous and VRFY is not listed + by IANA as a service extension. However, John Klensin suggests that we + should. + +JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into + the dkim code may be unix-mode line endings rather than smtp wire-format + CRLF, so prepend a CR to any bare LF. + +JH/07 Rationalise the coding for callout smtp conversations and transport ones. + As a side-benfit, callouts can now use PIPELINING hence fewer round-trips. + +JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after + the first were themselves being wrongly included in the feed into dkim + processing; with most chunk sizes in use this resulted in an incorrect + body hash calculated value. + +JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received + DKIM signature block, for verification. Although advised against by + standards it is specifically not ruled illegal. + +JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces. + +JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is + missing a body hash (the bh= tag). + +JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup. + It seems that HAProxy sends the Proxy Protocol information in clear and + only then does a TLS startup, so do the same. + +JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client + TCP connections (such as for Spamd) unless the daemon successfully set + Fast Open mode on its listening sockets. This fixes breakage seen on + too-old kernels or those not configured for Fast Open, at the cost of + requiring both directions being enabled for TFO, and TFO never being used + by non-daemon-related Exim processes. + +JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line + endings, at least on the first header line. Try to canonify any that get + past that check, despite the cost. + +JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are + now limited to an arbitrary five deep, while parsing addresses with the + strip_excess_angle_brackets option enabled. + +PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and + instead leave the unprompted TLS handshake in socket buffer for the + TLS library to consume. + +PP/04 Bug 2018: Also handle Proxy Protocol v2 safely. + +PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl + +JH/16 Drop variables when they go out of scope. Memory management drops a whole + region in one operation, for speed, and this leaves assigned pointers + dangling. Add checks run only under the testsuite which checks all + variables at a store-reset and panics on a dangling pointer; add code + explicitly nulling out all the variables discovered. Fixes one known + bug: a transport crash, where a dangling pointer for $sending_ip_address + originally assigned in a verify callout, is re-used. + +PP/06 Drop '.' from @INC in various Perl scripts. + +PP/07 Switch FreeBSD iconv to always use the base-system libc functions. + +PP/08 Reduce a number of compilation warnings under clang; building with + CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses + should be warning-free. + +JH/17 Fix inbound CHUNKING when DKIM disabled at runtime. + +HS/01 Fix portability problems introduced by PP/08 for platforms where + realloc(NULL) is not equivalent to malloc() [SunOS et al]. + +HS/02 Bug 1974: Fix missing line terminator on the last received BDAT + chunk. This allows us to accept broken chunked messages. We need a more + general solution here. + +PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover + already-broken messages in the queue. + +JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value. + +JH/19 Fix reference counting bug in routing-generated-address tracking. + Exim version 4.88 ----------------- + JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination supports it and a size is available (ie. the sending peer gave us one). @@ -76,7 +209,7 @@ JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same as one having no matching records. Previously we deferred the message that needed the lookup. -JH/17 Fakereject: previously logged as a norml message arrival "<="; now +JH/17 Fakereject: previously logged as a normal message arrival "<="; now distinguished as "(=". JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work @@ -87,7 +220,7 @@ JH/19 Bug 1850: support Radius libraries that return REJECT_RC. JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops after the data-go-ahead and data-ack. Patch from Jason Betts. -JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results, +JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results, even for a "none" policy. Patch from Tony Meyer. JH/22 Fix continued use of a connection for further deliveries. If a port was @@ -152,11 +285,12 @@ HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2 fallback to "prime256v1". JH/34 SECURITY: Use proper copy of DATA command in error message. - Could leak key material. Remotely explaoitable. CVE-2016-9963. + Could leak key material. Remotely exploitable. CVE-2016-9963. Exim version 4.87 ----------------- + JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 and 3.4.4 - once the server is enabled to respond to an OCSP request it does even when not requested, resulting in a stapling non-aware @@ -199,7 +333,7 @@ JH/05 Downgrade message for a TLS-certificate-based authentication fail from HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. -JH/06 Bug 1395: time-limit cacheing of DNS lookups, to the TTL value. This may +JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may matter for fast-change records such as DNSBLs. JH/07 Bug 1678: Always record an interface option value, if set, as part of a @@ -233,7 +367,7 @@ JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts. JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now defaults to "*" (all hosts). The variable is now available when not built - with TLS, default unset, mainly to enable keeping the testuite sane. + with TLS, default unset, mainly to enable keeping the testsuite sane. If a server certificate is not supplied (via tls_certificate) an error is logged, and clients will find TLS connections fail on startup. Presumably they will retry in-clear. @@ -247,7 +381,7 @@ JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both in transport context, after the attempt, and per-recipient. The latter type is per host attempted. The event data is the error message, and the errno information encodes the lookup type (A vs. MX) used for the (first) host, - and the trailing two digits of the smtp 4xx reponse. + and the trailing two digits of the smtp 4xx response. GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt to write to mainlog (or rejectlog, paniclog) in the window between file @@ -262,7 +396,7 @@ JH/21 Bug 1720: Add support for priority groups and weighted-random proxy "pri" and "weight". Note that the previous implicit priority given by the list order is no longer honoured. -JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalisation +JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization for DKIM processing. JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build @@ -353,9 +487,9 @@ JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing extraction. Accept either. - Exim version 4.86 ----------------- + JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now expanded. @@ -444,13 +578,13 @@ JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames. HS/02 Bug 1575: exigrep falls back to autodetection of compressed files if ZCAT_COMMAND is not executable. -JH/26 Bug 1539: Add timout/retry options on dnsdb lookups. +JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups. JH/27 Bug 286: Support SOA lookup in dnsdb lookups. JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. Normally benign, it bites when the pair was led to by a CNAME; - modern usage is to not canoicalize the domain to a CNAME target + modern usage is to not canonicalize the domain to a CNAME target (and we were inconsistent anyway for A-only vs AAAA+A). JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. @@ -478,6 +612,7 @@ HS/03 Add perl_taintmode main config option Exim version 4.85 ----------------- + TL/01 When running the test suite, the README says that variables such as no_msglog_check are global and can be placed anywhere in a specific test's script, however it was observed that placement needed to be near @@ -515,7 +650,7 @@ JH/05 Fix results-pipe from transport process. Several recipients, combined with certificate use, exposed issues where response data items split over buffer boundaries were not parsed properly. This eventually resulted in duplicates being sent. This issue only became common enough - to notice due to the introduction of conection certificate information, + to notice due to the introduction of connection certificate information, the item size being so much larger. Found and fixed by Wolfgang Breyha. JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed @@ -525,7 +660,7 @@ JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed JH/07 Add support for directories of certificates when compiled with a GnuTLS version 3.3.6 or later. -JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef +JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef is EXPERIMENTAL_EVENT, the main-configuration and transport options both become "event_action", the variables become $event_name, $event_data and $event_defer_errno. There is a new variable $verify_mode, usable in @@ -563,7 +698,7 @@ TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature. -JH/16 Fix string representation of time values on 64bit time_t anchitectures. +JH/16 Fix string representation of time values on 64bit time_t architectures. Bug 1561. JH/17 Fix a null-indirection in certextract expansions when a nondefault @@ -577,7 +712,7 @@ TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static return. JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers. - This was a regression intruduced in 4.83 by another bugfix. + This was a regression introduced in 4.83 by another bugfix. JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled. @@ -908,7 +1043,7 @@ JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). advertises the facility. If the client requests PRDR a new acl_data_smtp_prdr ACL is called once for each recipient, after the body content is received and before the acl_smtp_data ACL. - The client is controlled by bolth of: a hosts_try_prdr option + The client is controlled by both of: a hosts_try_prdr option on the smtp transport, and the server advertisement. Default client logging of deliveries and rejections involving PRDR are flagged with the string "PRDR". @@ -936,7 +1071,7 @@ PP/20 Added force_command boolean option to pipe transport. JH/15 AUTH support on callouts (and hence cutthrough-deliveries). Bugzilla 321, 823. -TF/04 Added udpsend ACL modifer and hexquote expansion operator +TF/04 Added udpsend ACL modifier and hexquote expansion operator PP/21 Fix eximon continuous updating with timestamped log-files. Broken in a format-string cleanup in 4.80, missed when I repaired the @@ -1080,7 +1215,7 @@ PP/15 LDAP: Check for errors of TLS initialisation, to give correct diagnostics. Report and patch from Dmitry Banschikov. -PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". +PP/16 Removed "dont_insert_empty_fragments" from "openssl_options". Removed SSL_clear() after SSL_new() which led to protocol negotiation failures. We appear to now support TLS1.1+ with Exim. @@ -1210,7 +1345,7 @@ TF/04 Improved ratelimit ACL condition. has clearer semantics. The /leaky, /strict, and /readonly update modes are mutually exclusive. The update mode is no longer included in the database key; it just determines when the database is updated. (This - means that when you upgrde Exim will forget old rate measurements.) + means that when you upgrade Exim will forget old rate measurements.) Exim now checks that the per_* options are used with an update mode that makes sense for the current ACL. For example, when Exim is processing a @@ -1345,7 +1480,7 @@ PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to Exim version 4.75 ----------------- -NM/01 Workround for PCRE version dependency in version reporting +NM/01 Workaround for PCRE version dependency in version reporting Bugzilla 1073 TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. @@ -1415,7 +1550,7 @@ NM/05 Fix to spam.c to accommodate older gcc versions which dislike variable declaration deep within a block. Bug and patch from Dennis Davis. -PP/15 lookups-Makefile IRIX compatibilty coercion. +PP/15 lookups-Makefile IRIX compatibility coercion. PP/16 Make DISABLE_DKIM build knob functional. @@ -1840,7 +1975,7 @@ PH/02 When an IPv6 address is converted to a string for single-key lookup colons if the lookup type is iplsearch. This is not incompatible, because previously such lookups could never work. - The situation is now rather anomolous, since one *can* have colons in + The situation is now rather anomalous, since one *can* have colons in ordinary lsearch keys. However, making the change in all cases is incompatible and would probably break a number of configurations. @@ -2010,7 +2145,7 @@ PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender PH/20 Added hosts_avoid_pipelining to the smtp transport. PH/21 Long custom messages for fakedefer and fakereject are now split up - into multiline reponses in the same way that messages for "deny" and + into multiline responses in the same way that messages for "deny" and other ACL rejections are. PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep, @@ -2417,7 +2552,7 @@ PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue runs only) independently of the message's sender address. This meant that, if the 4xx error was in fact related to the sender, a different message to the same recipient with a different sender could confuse - things. In particualar, this can happen when sending to a greylisting + things. In particular, this can happen when sending to a greylisting server, but other circumstances could also provoke similar problems. I have changed the default so that the retry time for these errors is now based a combination of the sender and recipient addresses. This change @@ -2486,7 +2621,7 @@ SC/08 Eximstats V1.50 JJ/03 exipick.20061117.2, made header handling as similar to exim as possible (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed - whitesspace changes from 4.64-PH/27 + whitespace changes from 4.64-PH/27 JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to match 4.64-PH/13 @@ -2808,7 +2943,7 @@ PH/14 When a uid/gid is specified for the queryprogram router, it cannot be (a) Failures to set uid/gid, the current directory, or a process leader in a subprocess such as that created by queryprogram now generate - suitable debugging ouput when -d is set. + suitable debugging output when -d is set. (b) The queryprogram router detects when it is not running as root, outputs suitable debugging information if -d is set, and then runs @@ -3168,7 +3303,7 @@ PH/09 Applied a patch from the Sieve maintainer which: and most important: o fixes a bug in processing the envelope test (when testing - multiple envelope elements, the last element determinted the + multiple envelope elements, the last element determined the result) PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to @@ -3177,7 +3312,7 @@ PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to Auto-submitted: auto-generated in the messages that it generates (bounce messages and others, such as - warnings). In the case of bounce messages for non-SMTP mesages, there was + warnings). In the case of bounce messages for non-SMTP messages, there was also a typo: it was using "Auto_submitted" (underscore instead of hyphen). Since every message generated by Exim is necessarily in response to another message, thes have all been changed to: @@ -3542,7 +3677,7 @@ TK/03 Merged latest SRS patch from Miles Wilton. PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts with the definition in sysexits.h (which is #included earlier). Fortunately, Exim does not actually use EX_OK. The code used to try to - preserve the sysexits.h value, by assumimg that macro definitions were + preserve the sysexits.h value, by assuming that macro definitions were scanned for macro replacements. I have been disabused of this notion, so now the code just undefines EX_OK before #including unistd.h. @@ -3562,7 +3697,7 @@ PH/07 Added "fullpostmaster" verify option, which does a check to SC/01 Eximstats: added -xls and the ability to specify output files (patch written by Frank Heydlauf). -SC/02 Eximstats: use FileHandles for outputing results. +SC/02 Eximstats: use FileHandles for outputting results. SC/03 Eximstats: allow any combination of xls, txt, and html output. @@ -5587,7 +5722,7 @@ Exim version 4.31 58. When a "warn" ACL statement has a log_message modifier, the message is remembered, and not repeated. This is to avoid a lot of repetition when a message has many recipients that cause the same warning to be written. - Howewer, Exim was preserving the list of already written lines for an + However, Exim was preserving the list of already written lines for an entire SMTP session, which doesn't seem right. The memory is now reset if a new message is started. @@ -5677,7 +5812,7 @@ Exim version 4.31 the list was checked. (An example that provoked this was putting <; in the middle of a list instead of at the start.) If this happened during a DATA ACL check, a -D file could be left lying around. This kind of configuration - error no longer causes Exim to die; instead it causes a defer errror. The + error no longer causes Exim to die; instead it causes a defer error. The incident is still logged to the main and panic logs. 74. Buglet left over from Exim 3 conversion. The message "too many messages @@ -5741,7 +5876,7 @@ Exim version 4.30 systems (e.g. Solaris), it also passes back the IP address string as the "host name". However, on others (e.g. Linux), it passes back an empty string. Exim wasn't checking for this, and was changing the host name to an - empty string, assuming it had been canonicized. + empty string, assuming it had been canonicalized. 5. Although rare, it is permitted to have more than one PTR record for a given IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave @@ -5793,7 +5928,7 @@ Exim version 4.30 13. The install script calls Exim with "-C /dev/null" in order to find the version number. If ALT_CONFIG_PREFIX was set, this caused an error message - to be output. Howeve, since Exim outputs its version number before the + to be output. However, since Exim outputs its version number before the error, it didn't break the script. It just looked ugly. I fixed this by always allowing "-C /dev/null" if the caller is root. @@ -5874,7 +6009,7 @@ Exim version 4.30 34. Testing for a connection timeout using "timeout_connect" in the retry rules did not work. The code looks as if it has *never* worked, though it appears - to have been documented since at least releast 1.62. I have made it work. + to have been documented since at least release 1.62. I have made it work. 35. The "timeout_DNS" error in retry rules, also documented since at least 1.62, also never worked. As it isn't clear exactly what this means, and @@ -6319,7 +6454,7 @@ Exim version 4.21 16. Check for letters, digits, hyphens, and dots in the names of dnslist domains, and warn by logging if others are found. -17. At least on BSD, alignment is not guarenteed for the array of ifreq's +17. At least on BSD, alignment is not guaranteed for the array of ifreq's returned from GIFCONF when Exim is trying to find the list of interfaces on a host. The code in os.c has been modified to copy each ifreq to an aligned structure in all cases. @@ -6353,7 +6488,7 @@ Exim version 4.21 24. Ignore Sendmail's -Ooption=value command line item. 25. When execve() failed while trying to run a command in a pipe transport, - Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this + Exim was returning EX_UNAVAILABLE (69) from the subprocess. However, this could be confused with a return value of 69 from the command itself. This has been changed to 127, the value the shell returns if it is asked to run a non-existent command. The wording for the related log line suggests a @@ -6466,7 +6601,7 @@ Exim version 4.21 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking when I implemented it. It didn't allow for the fact that some option values - may legitimatetly be negative (e.g. size_addition), and it didn't even do + may legitimately be negative (e.g. size_addition), and it didn't even do the right test for positive values. 48. Domain names in DNS records are case-independent. Exim always looks them up diff --git a/doc/doc-txt/ChangeLog.0 b/doc/doc-txt/ChangeLog.0 index b83e43c61..9c3972268 100644 --- a/doc/doc-txt/ChangeLog.0 +++ b/doc/doc-txt/ChangeLog.0 @@ -33,7 +33,7 @@ Exim version 4.20 "standard" one afterwards. (d) The setting of the SIGTERM handler while reading SMTP commands was done - somwhat untidily. I have re-arranged the code. + somewhat untidily. I have re-arranged the code. 4. If the building process was interrupted during the MakeLinks script, a subsequent run of 'make' gave misleading errors. I've made it a bit more @@ -268,7 +268,7 @@ Exim version 4.20 use in the forthcoming Sieve addition to Exim. 56. The behaviour of -t in the presence of Resent- headers has been changed, - for compability with Sendmail and other MTAs. Previously, Exim gave an + for compatibility with Sendmail and other MTAs. Previously, Exim gave an error, because it is not clear from RFC 2822 how this might be handled. It turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA that uses -t with Resent- ensures that there is only one set of Resent- @@ -464,7 +464,7 @@ Exim version 4.14 was also null (empty passwords are permitted), there was an infinite loop. An empty user name is not now passed to PAM; authentication is forcibly failed instead. Also, if the end of the list of strings is reached, an - empty string is passed back just once; a subequent call for data provokes + empty string is passed back just once; a subsequent call for data provokes an error response. 39. If a reverse DNS lookup yields an empty string, treat it as if the lookup @@ -587,7 +587,7 @@ Exim version 4.14 69. The "more" and "unseen" generic router options can now be expanded strings. -70. The "once_repeat" option in the autoreply tranport is now an expanded +70. The "once_repeat" option in the autoreply transport is now an expanded string. 71. If maildir_format is set on an appendfile transport that is referenced from @@ -596,7 +596,7 @@ Exim version 4.14 72. Fixed three bugs in ${readsocket: (i) If the operation failed, and a failure string was given, "}}" was - erroroneously added to it. + erroneously added to it. (ii) If the operation succeeded, but a failure string was present, "}" was added to the expanded data. (iii) The alarm for the timeout was set with signal() instead of with @@ -701,7 +701,7 @@ Exim version 4.12 4. Change 4.11/30 below overlooked the case when an address gets a 4xx response from a server. Because this isn't a host problem, the host does not get delayed, and it gets tried every time the address is OK'd for - routing, with the same reponse. However, if hosts_max_try is set, because + routing, with the same response. However, if hosts_max_try is set, because not all the hosts were tried, the address does not time out. I've changed things so that if there is a 4xx response to a RCPT command, the host in question does not count towards hosts_max_try if the message is older than @@ -1245,10 +1245,10 @@ Exim version 4.11 observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a DNS lookup gives TRY_AGAIN. See also change 125 below. -90. Minor rewording of ACL error for attemted header check after RCPT. +90. Minor rewording of ACL error for attempted header check after RCPT. 91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed - NDBM compatibilify interface); similarly in dbmdb lookups when ownership + NDBM compatible interface); similarly in dbmdb lookups when ownership was being tested. 92. If a Reply-To: header contained newlines and was used to generate @@ -2017,7 +2017,7 @@ Exim version 4.03 SMTP connection, a pipe file descriptor was accidentally left open. This meant that if there was a long chain of such processes, the number of open file descriptors increased by one for each process, and if there were - sufficent, the limit of open descriptors could be reached, causing various + sufficient, the limit of open descriptors could be reached, causing various problems. 8. When an address was being checked with -bt and the routing involved an diff --git a/doc/doc-txt/Exim3.upgrade b/doc/doc-txt/Exim3.upgrade index 5c5024a31..4ab94c4e9 100644 --- a/doc/doc-txt/Exim3.upgrade +++ b/doc/doc-txt/Exim3.upgrade @@ -115,7 +115,7 @@ always been set up specifically, as described in the manual. 5. The way in which Exim scans its queue when split_spool_directory is set has changed, but this shouldn't make any noticeable difference. See doc/NewStuff -for defails. +for details. Upgrading from release 3.03 diff --git a/doc/doc-txt/Exim4.upgrade b/doc/doc-txt/Exim4.upgrade index a97d41f8c..528d94d9c 100644 --- a/doc/doc-txt/Exim4.upgrade +++ b/doc/doc-txt/Exim4.upgrade @@ -802,7 +802,7 @@ The smtp transport . The authenticate_hosts option has been renamed as hosts_try_auth. A new option called hosts_require_auth has been added; if authentication fails for one of these hosts, Exim does _not_ try to send unauthenticated. It defers - instead. The deferal error is detectable in the retry rules, so this can be + instead. The deferral error is detectable in the retry rules, so this can be turned into a hard failure if required. @@ -1206,7 +1206,7 @@ and the bounce. The logging options that have been abolished are: log_all_parents, log_arguments, log_incoming_port, log_interface, log_ip_options, -log_level, log_queue_run_level, log_received_sender, log_received_rceipients, +log_level, log_queue_run_level, log_received_sender, log_received_recipients, log_rewrites, log_sender_on_delivery, log_smtp_confirmation, log_smtp_connections, log_smtp_syntax_errors, log_subject, tls_log_cipher, tls_log_peerdn. @@ -1323,7 +1323,7 @@ String Expansion . There's a new expansion feature for running commands: - ${run{comand args}{yes}{no}} + ${run{command args}{yes}{no}} Like all the other conditional items, the {yes} and {no} strings are optional. Omitting both is equivalent to {$value}. The standard output of the diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 9281b3666..872371fcb 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -3,12 +3,36 @@ New Features in Exim This file contains descriptions of new features that have been added to Exim. Before a formal release, there may be quite a lot of detail so that people can -test from the snapshots or the CVS before the documentation is updated. Once +test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.90 +------------ + + 1. PKG_CONFIG_PATH can now be set in Local/Makefile; + wildcards will be expanded, values are collapsed. + + 2. The ${readsocket } expansion now takes an option to not shutdown the + connection after sending the query string. The default remains to do so. + + 3. An smtp transport option "hosts_noproxy_tls" to control whether multiple + deliveries on a single TCP connection can maintain a TLS connection + open. By default disabled for all hosts, doing so saves the cost of + making new TLS sessions, at the cost of having to proxy the data via + another process. Logging is also affected. + + 4. A malware connection type for the FPSCAND protocol. + + Version 4.89 ------------ + 1. Allow relative config file names for ".include" + + 2. A main-section config option "debug_store" to control the checks on + variable locations during store-reset. Normally false but can be enabled + when a memory corrution issue is suspected on a production system. + Version 4.88 ------------ @@ -211,7 +235,7 @@ Version 4.83 12. OCSP stapling is now supported by default. 13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output - Delivery Status Notification messages in MIME format, and negociate + Delivery Status Notification messages in MIME format, and negotiate DSN features per RFC 3461. @@ -266,20 +290,20 @@ Version 4.82 ignored. 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" - ACL modifier; works for single-recipient mails which are recieved on and + ACL modifier; works for single-recipient mails which are received on and deliverable via SMTP. Using the connection made for a recipient verify, if requested before the verify, or a new one made for the purpose while the inbound connection is still active. The bulk of the mail item is copied direct from the inbound socket to the outbound (as well as the spool file). When the source notifies the end of data, the data acceptance by the destination - is negociated before the acceptance is sent to the source. If the destination + is negotiated before the acceptance is sent to the source. If the destination does not accept the mail item, for example due to content-scanning, the item is not accepted from the source and therefore there is no need to generate a bounce mail. This is of benefit when providing a secondary-MX service. The downside is that delays are under the control of the ultimate destination system not your own. - The Recieved-by: header on items delivered by cutthrough is generated + The Received-by: header on items delivered by cutthrough is generated early in reception rather than at the end; this will affect any timestamp included. The log line showing delivery is recorded before that showing reception; it uses a new ">>" tag instead of "=>". @@ -364,7 +388,7 @@ Version 4.82 provided to the authentication method which failed. It is available for use in subsequent ACL processing (typically quit or notquit ACLs). -23. New ACL modifer "udpsend" can construct a UDP packet to send to a given +23. New ACL modifier "udpsend" can construct a UDP packet to send to a given UDP host and port. 24. New ${hexquote:..string..} expansion operator converts non-printable diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index dc16b6dee..b6439e6ed 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -54,7 +54,7 @@ acl_not_smtp_mime string* unset main acl_smtp_auth string* unset main 4.00 acl_smtp_connect string* unset main 4.11 acl_smtp_data string* unset main 4.00 -acl_smtp_data_prdr string* unset main 4.82 with expreimental_prdr +acl_smtp_data_prdr string* unset main 4.82 with experimental_prdr acl_smtp_dkim string* unset main 4.70 unless disable_dkim acl_smtp_etrn string* unset main 4.00 acl_smtp_expn string* unset main 4.00 @@ -152,6 +152,7 @@ data_timeout time 5m smtp debug_print string* unset authenticators 4.00 unset routers 4.00 unset transports 2.00 +debug_store boolean false main 4.90 delay_after_cutoff boolean true smtp delay_warning time list 24h main delay_warning_condition string* + main 1.73 @@ -292,6 +293,7 @@ hosts_connection_nolog host list unset main hosts_max_try integer 5 smtp 3.20 hosts_max_try_hardlimit integer 50 smtp 4.50 hosts_nopass_tls host list unset smtp 4.00 +hosts_noproxy_tls host list "*" smtp 4.90 hosts_override boolean false smtp 2.11 hosts_randomize boolean false manualroute 4.00 false smtp 3.14 @@ -870,7 +872,7 @@ EXIM_MONITOR optional set to eximon.bin to compile EXIM_PERL optional EXIM_USER mandatory user to use for Exim EXIWHAT_EGREP_ARG system** to find Exim processes from ps -EXIWHAT_KILL_SIGNAL system** -SIGUSER1 or numerical equivalent +EXIWHAT_KILL_SIGNAL system** -SIGUSR1 or numerical equivalent EXIWHAT_MULTIKILL_CMD system** EXIWHAT_MULTIKILL_ARG system** EXIWHAT_PS_ARG system** to list all processes diff --git a/doc/doc-txt/README.SIEVE b/doc/doc-txt/README.SIEVE index 9b22745ea..d36998fe7 100644 --- a/doc/doc-txt/README.SIEVE +++ b/doc/doc-txt/README.SIEVE @@ -274,7 +274,7 @@ The draft does not specify how strings using MIME entities are used to compose messages. As a result, different implementations generate different mails. The Exim Sieve implementation splits the reason into header and body. It adds the header to the mail header and uses the body -as mail body. Be aware, that other imlementations compose a multipart +as mail body. Be aware, that other implementations compose a multipart structure with the reason as only part. Both conform to the specification (or lack thereof). diff --git a/doc/doc-txt/dbm.discuss.txt b/doc/doc-txt/dbm.discuss.txt index e82987b5f..4de57735e 100644 --- a/doc/doc-txt/dbm.discuss.txt +++ b/doc/doc-txt/dbm.discuss.txt @@ -157,7 +157,7 @@ This dbm library can be called by Exim in one of two ways: via the ndbm compatibility interface, or via its own native interface. There are two advantages to doing the latter: (1) you don't run the risk of Exim's seeing the "wrong" version of the ndbm.h header, as described above, and (2) the -performace is better. It is therefore recommended that you set USE_DB=yes in an +performance is better. It is therefore recommended that you set USE_DB=yes in an appropriate Local/Makefile-xxx file. (If you are compiling for just one OS, it can go in Local/Makefile itself.) diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 5213d8be4..0b1afb247 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -6,7 +6,7 @@ about experimental features, all of which are unstable and liable to incompatible change. -Brightmail AntiSpam (BMI) suppport +Brightmail AntiSpam (BMI) support -------------------------------------------------------------- Brightmail AntiSpam is a commercial package. Please see @@ -42,7 +42,7 @@ These four steps are explained in more details below. 1) Adding support for BMI at compile time To compile with BMI support, you need to link Exim against - the Brighmail client SDK, consisting of a library + the Brightmail client SDK, consisting of a library (libbmiclient_single.so) and a header file (bmi_api.h). You'll also need to explicitly set a flag in the Makefile to include BMI support in the Exim binary. Both can be achieved @@ -451,7 +451,7 @@ would relax host matching rules to a broader network range. A lookup expansion is also available. It takes an email address as the key and an IP address as the database: - $lookup (username@domain} spf {ip.ip.ip.ip}} + ${lookup {username@domain} spf {ip.ip.ip.ip}} The lookup will return the same result strings as they can appear in $spf_result (pass,fail,softfail,neutral,none,err_perm,err_temp). @@ -464,11 +464,13 @@ SRS (Sender Rewriting Scheme) Support Exiscan currently includes SRS support via Miles Wilton's libsrs_alt library. The current version of the supported -library is 0.5. +library is 0.5, there are reports of 1.0 working. In order to use SRS, you must get a copy of libsrs_alt from -http://srs.mirtol.com/ +https://opsec.eu/src/srs/ + +(not the original source, which has disappeared.) Unpack the tarball, then refer to MTAs/README.EXIM to proceed. You need to set @@ -478,6 +480,7 @@ EXPERIMENTAL_SRS=yes in your Local/Makefile. + DCC Support -------------------------------------------------------------- Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/ @@ -550,7 +553,7 @@ Then set something like mout-xforward.gmx.net 82.165.159.12 mout.gmx.net 212.227.15.16 -Use a reasonable IP. eg. one the sending cluster acutally uses. +Use a reasonable IP. eg. one the sending cluster actually uses. DMARC Support -------------------------------------------------------------- @@ -894,7 +897,7 @@ DANE will only be usable if the target host has DNSSEC-secured MX, A and TLSA records. A TLSA lookup will be done if either of the above options match -and the host-lookup succeded using dnssec. +and the host-lookup succeeded using dnssec. If a TLSA lookup is done and succeeds, a DANE-verified TLS connection will be required for the host. If it does not, the host will not be used; there is no fallback to non-DANE or non-TLS. @@ -960,7 +963,7 @@ The reporting MTA detailed diagnostic. Example: X-Exim-Diagnostic: X-str; SMTP error from remote mail server after RCPT TO:: 550 hard error Rationale: - This string somtimes give extra information over the + This string sometimes give extra information over the existing (already available) Diagnostic-Code field. @@ -970,7 +973,7 @@ Note that non-RFC-documented field names and data types are used. LMDB Lookup support ------------------- LMDB is an ultra-fast, ultra-compact, crash-proof key-value embedded data store. -It is modeled loosely on the BerkeleyDB API. You shoul read about the feature +It is modeled loosely on the BerkeleyDB API. You should read about the feature set as well as operation modes at https://symas.com/products/lightning-memory-mapped-database/ LMDB single key lookup support is provided by linking to the LMDB C library. diff --git a/doc/doc-txt/openssl.txt b/doc/doc-txt/openssl.txt new file mode 100644 index 000000000..5d3da04b0 --- /dev/null +++ b/doc/doc-txt/openssl.txt @@ -0,0 +1,117 @@ +OpenSSL +======= + +The OpenSSL Project documents their supported releases at +. The Exim +Maintainers are unwilling to try to support Exim built with a +version of a critical security library which is unmaintained. + +Thus as versions of OpenSSL become unsupported by OpenSSL, they become +unsupported by Exim. Exim might build with older releases of OpenSSL, +but that's risky behaviour. + +If your operating system vendor continues to ship an older version of +OpenSSL and is diligently backporting security fixes, and they support +Exim, then they will be backporting fixes to their packages of Exim too. +If you wish to stick purely to packages of OpenSSL, then stick to +packages of Exim too. + +If someone maintains "backports", that is worth exploring too. + +Note that a number of OSes use Exim with GnuTLS, not OpenSSL. + +Otherwise, assuming that your operating system has old OpenSSL, and you +wish to use current Exim with OpenSSL, then you need to build and +install your own, without interfering with the system libraries. +Fortunately, this is easy. + +So this only applies if you build Exim yourself. + + +Build +----- + +Extract the current source of OpenSSL. Change into that directory. + +This assumes that `/opt/openssl` is not in use. If it is, pick +something else. `/opt/exim/openssl` perhaps. + + ./config --prefix=/opt/openssl --openssldir=/etc/ssl \ + -L/opt/openssl/lib -Wl,-R/opt/openssl/lib \ + enable-ssl-trace + make + make install + +You now have an installed OpenSSL under /opt/openssl which will not be +used by any system programs. + +When you copy `src/EDITME` to `Local/Makefile` to make your build edits, +choose the pkg-config approach in that file, but also tell Exim to add +the relevant directory into the rpath stamped into the binary: + + SUPPORT_TLS=yes + USE_OPENSSL_PC=openssl + EXTRALIBS_EXIM=-ldl -Wl,-rpath,/opt/openssl/lib + +The -ldl is needed by OpenSSL 1.1+ on Linux and is not needed on most +other platforms. + +Then tell pkg-config how to find the configuration files for your new +OpenSSL install, and build Exim: + + export PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig + make + sudo make install + +(From Exim 4.89, you can put that `PKG_CONFIG_PATH` directly into + your `Local/Makefile` file.) + + +Confirming +---------- + +Run: + + exim -d-all+expand --version + +and look for the `Library version: OpenSSL:` lines. + +To look at the libraries _probably_ found by the linker, use: + + ldd $(which exim) # most platforms + otool -L $(which exim) # MacOS + +although that does not correctly handle restrictions imposed upon +executables which are setuid. + +If the `chrpath` package is installed, then: + + chrpath -l $(which exim) + +will show the DT_RPATH stamped into the binary. + +Your `binutils` package should come with `readelf`, so an alternative +is to run: + + readelf -d $(which exim) | grep RPATH + + +Very Advanced +------------- + +You can not use $ORIGIN for portably packing OpenSSL in with Exim with +normal Exim builds, because Exim is installed setuid which causes the +runtime linker to ignore $ORIGIN in DT_RPATH. + +_If_ following the steps for a non-setuid Exim, _then_ you can use: + + EXTRALIBS_EXIM=-ldl '-Wl,-rpath,$$ORIGIN/../lib' + +The doubled `$$` is needed for the make(1) layer and the quotes needed +for the shell invoked by make(1) for calling the linker. + +Note that this is sufficiently far outside normal that the build-system +doesn't support it by default; you'll want to drop a symlink to the lib +directory into the Exim release top-level directory, so that lib exists +as a sibling to the build-$platform directory. + diff --git a/release-process/scripts/mk_exim_release b/release-process/scripts/mk_exim_release index b07f088c8..6e4767bd2 100755 --- a/release-process/scripts/mk_exim_release +++ b/release-process/scripts/mk_exim_release @@ -24,12 +24,13 @@ sub get_and_check_version { # make sure this looks like a real release version # which should (currently) be 4.xx[.y] or 4.xx[.y]_RCx - unless ( $release =~ /^(?(?4\.\d\d)(?:\.(?\d+))?(?:_RC\d+)?)$/ ) { + unless ( $release =~ /^(?(?4\.\d\d)(?:\.(?\d+))?(?_RC\d+)?)$/ ) { croak "The given version number does not look right - $release"; } $context->{release} = $+{release}; $context->{major} = $+{major}; $context->{minor} = $+{minor}; + $context->{candidatev} = $+{rc}; ($context->{trelease} = $+{release}) =~ s/_RC\d+//; } @@ -134,11 +135,18 @@ sub make_version_script { # Thus we've to provide the version.sh, based on the info we have # about the release. If reversion finds this, it doesn't try to find # it's own way to get a valid version number from the git. + # + # 4.89 series: the logic here did not handle _RC thus breaking RC + # status in versions. nb: candidatev in context should be same as $variant + # in local context. + my $stamp = $context->{minor} ? '_'.$context->{minor} : ''; + $stamp .= $context->{candidatev} if $context->{candidatev}; + # open(my $v, '>', 'version.sh') or die "Can't open '>version.sh' $!\n"; print {$v} <<__; # initial version automatically generated from $0 EXIM_RELEASE_VERSION=$context->{major} -EXIM_VARIANT_VERSION=@{[$context->{minor}?'_'.$context->{minor}:'']} +EXIM_VARIANT_VERSION=$stamp EXIM_COMPILE_NUMBER=0 __ close($v); @@ -235,6 +243,7 @@ sub move_text_docs_into_pkg { # move generated documents from docbook stuff foreach my $file (qw/exim.8 spec.txt filter.txt/) { + die "Empty file \"$file\"\n" if -z File::Spec->catfile( $old_docdir, $file ); move( File::Spec->catfile( $old_docdir, $file ), File::Spec->catfile( $new_docdir, $file ) ); } @@ -360,21 +369,36 @@ sub create_tar_files { } } + # We ideally do not want local system user information in release tarballs; + # those are artifacts of use of tar for backups and have no place in + # software release packaging; if someone extracts as root, then they should + # get sane file ownerships. + my $ownership = ""; + if (`tar --help 2>&1` =~ /^\s*--owner=/m) { + $ownership .= " --owner=$context->{tar_perms}{user} --group=$context->{tar_perms}{group}"; + # on this GNU tar, --numeric-owner works during creation too + $ownership .= " --numeric-owner"; + } + + # See also environment variables set in main, tuning compression levels + my @COMPRESSIONS = ( + # compressors-dict-key, file-extension, flags-as-string + [ "gzip", "gz", "--gzip" ], + [ "bzip2", "bz2", "--bzip2" ], + [ "lzip", "lz", "--lzip" ], + [ "xz", "xz", "--xz" ], + ); + foreach my $dir ( glob( File::Spec->catdir( $pkgdirs, ( 'exim*-' . $context->{release} ) ) ) ) { my $dirname = ( File::Spec->splitdir($dir) )[-1]; - if ($context->{compressors}{gzip}) { - print "Creating: ${pkgs}/${dirname}.tar.gz\n" if ($verbose || $debug); - system("$tar cf ${pkgs}/${dirname}.tar.gz --gzip -C ${pkgdirs} ${dirname}") - } - if ($context->{compressors}{bzip2}) { - print "Creating: ${pkgs}/${dirname}.tar.bz2\n" if ($verbose || $debug); - system("$tar cf ${pkgs}/${dirname}.tar.bz2 --bzip2 -C ${pkgdirs} ${dirname}") - } - if ($context->{compressors}{lzip}) { - print "Creating: ${pkgs}/${dirname}.tar.lz\n" if ($verbose || $debug); - system("$tar cf ${pkgs}/${dirname}.tar.lz --lzip -C ${pkgdirs} ${dirname}") + foreach my $comp (@COMPRESSIONS) { + my ($compkey, $extension, $flags) = @{$comp}; + next unless $context->{compressors}{$compkey}; + print "Creating: ${pkgs}/${dirname}.tar.${extension}\n" if ($verbose || $debug); + system("$tar cf ${pkgs}/${dirname}.tar.${extension} ${flags} ${ownership} -C ${pkgdirs} ${dirname}"); } } + } # ------------------------------------------------------------------ @@ -389,10 +413,15 @@ MAIN: { tmp_dir => File::Temp->newdir(), webgen_base => "$FindBin::Bin/../../../exim-website", tar_cmd => 'tar', + tar_perms => { + user => '0', + group => '0', + }, make_cmd => 'make', compressors => { gzip => 1, bzip2 => 1, + xz => 1, lzip => 0, }, build_docs => 1, @@ -401,6 +430,13 @@ MAIN: { my $delete; my $cleanup = 1; ##$ENV{'PATH'} = '/opt/local/bin:' . $ENV{'PATH'}; + # We are creating files for mass distribution, so work harder to make smaller files. + $ENV{'GZIP'} = '-9'; + $ENV{'BZIP2'} = '-9'; + # xz documents minimum file sizes for levels higher than -6 to be useful and each + # requires more RAM on the decompressing system. Exim tarball currently 24MiB so + # using -8. + $ENV{'XZ_DEFAULTS'} = '-8'; GetOptions( 'directory=s' => \$context->{directory}, @@ -418,6 +454,7 @@ MAIN: { 'web!' => \$context->{web}, ) and @ARGV == 1 or pod2usage; + umask(022); get_and_check_version( shift, $context ); fix_paths_tar($context); $context->{tag} = build_tag($context); diff --git a/release-process/scripts/quickrelease b/release-process/scripts/quickrelease index dd16fa0f5..898442dad 100755 --- a/release-process/scripts/quickrelease +++ b/release-process/scripts/quickrelease @@ -3,28 +3,22 @@ # A really dumb script for making a quick tarball of Exim set -e +trap 'test -n "$TMP_DIR" && rm -r "$TMP_DIR"' EXIT -OWD=$(pwd -P) +OLD_DIR=$(pwd) +GIT_DIR=$(git rev-parse --show-toplevel) +TMP_DIR=$(mktemp -d -t exim-quickrelease.XXXXXX) -GWD=$(git rev-parse --git-dir) - -TWD=$(mktemp -d -t exim) || exit 1 -echo $TWD -cd $TWD - -git clone $GWD +cd $TMP_DIR +git clone $GIT_DIR cd exim/src/src ../scripts/reversion -. version.sh +. ./version.sh EXIM=exim-${EXIM_RELEASE_VERSION}${EXIM_VARIANT_VERSION} cd ../.. -mv src $EXIM -tar cfz $EXIM.tar.gz $EXIM -mv $EXIM src - -cd $OWD -mv $TWD/exim/$EXIM.tar.gz . -rm -rf $EXIM +mv -v src $EXIM +tar czf $EXIM.tar.gz $EXIM +mv $EXIM.tar.gz $OLD_DIR echo $EXIM.tar.gz diff --git a/release-process/scripts/sign_exim_packages b/release-process/scripts/sign_exim_packages index a1d6282bb..a504ea826 100755 --- a/release-process/scripts/sign_exim_packages +++ b/release-process/scripts/sign_exim_packages @@ -1,15 +1,77 @@ -#!/bin/sh +#!/bin/sh -eu + +# gpg signs all *.tar.* files under the release directory. +# Invoke from that dir, or let the script try to figure it out for you. + +# Key used is from env var EXIM_KEY; if git config finds user.signingkey, then +# that is the default. You can set this per-repo with: +# git config --local user.signingkey SOME_IDENTIFIER # -# gpg signs all *.tar.* files under a given directory -# key used set from env var EXIM_KEY, script defaults that to Nigel's. +# If not set in git config then you _MUST_ set the env var. + # woe betide the poor sod who does not use a gpg agent, so has # to enter their password for every file... + +prog="$(basename "$0")" +warn() { printf >&2 "%s: %s\n" "$prog" "$*" ; } + +: "${GPG_COMMAND:=gpg}" +umask 022 + +# We've always expected an explicit key for signing, instead of just using the +# gnupg config. It make sense to honor the git config value. It makes sense +# to honor env. But git doesn't allow specifying multiple subkeys, it only +# passes one -u option. +# UID specs explicitly allow whitespace in several formats. +# We have one scalar value, we're sh, we're not going to try using an array. # +# So if you want to sign with multiple subkeys, then set it up with multiple +# local-user directives in ~/.gnupg/gpg.conf & set EXIM_KEY=default in environ. + +if repo_signing_key="$(git config user.signingkey)"; then + : "${EXIM_KEY:=$repo_signing_key}" +else + if [ ".${EXIM_KEY:-}" = "." ]; then + warn "no EXIM_KEY found, trusting local gpg config" + fi +fi + +case "${EXIM_KEY:-default}" in +default|DEFAULT) + gpg_sign() { ${GPG_COMMAND} --detach-sig --armor "${1:?}" ; } + ;; +*) + gpg_sign() { ${GPG_COMMAND} --local-user "${EXIM_KEY}" --detach-sig --armor "${1:?}" ; } + ;; +esac + +cd_to() { echo "Working in: $1"; cd "$1"; } -dir=${1:?start directory} +okay=false +if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then + okay=true # we are in right dir +elif [ -d release-process ]; then + b="$(find . -maxdepth 1 -name 'exim-packaging-*' | sort | tail -n 1)" + if [ ".$b" != "." ]; then + cd_to "$b/pkgs" + okay=true + fi +fi +if ! $okay; then + if [ -d "${1:?need a directory to look in}" ]; then + cd_to "$1" + shift + else + printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking" + exit 1 + fi +fi -: ${EXIM_KEY:=nigel@exim.org} +# Assumes no whitespace (strictly, $IFS) in filenames, which we're okay with +set $(find . -name '*.asc' -prune -o -type f -print | cut -c 3- | sort) -find "$dir" \ - -type f -name '*.tar.*' \ - -exec gpg --local-user ${EXIM_KEY} --detach-sig --armor {} \; +for FILE +do + echo "Signing: $FILE" + gpg_sign "$FILE" +done diff --git a/release-process/scripts/stats_for_email b/release-process/scripts/stats_for_email new file mode 100755 index 000000000..0eb0c2981 --- /dev/null +++ b/release-process/scripts/stats_for_email @@ -0,0 +1,28 @@ +#!/bin/sh -eu + +okay=false +if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then + okay=true # we are in right dir +elif [ -d release-process ]; then + b="$(find . -maxdepth 1 -name 'exim-packaging-*' | sort | tail -n 1)" + if [ ".$b" != "." ]; then + cd "$b/pkgs" + okay=true + fi +fi +if ! $okay; then + if [ -d "${1:?need a directory to look in}" ]; then + cd "$1" + shift + else + printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking" + exit 1 + fi +fi + +set $(find "${1:-.}" -name '*.asc' -prune -o -type f -print | cut -c 3- | sort) + +# stat(1) formats are non-portable BSD vs GNU +perl -le 'print "SIZE($_)= @{[-s $_]}" foreach @ARGV' "$@" +echo +openssl dgst -sha256 "$@" diff --git a/src/Makefile b/src/Makefile index ccaca1c13..2a100bbdd 100644 --- a/src/Makefile +++ b/src/Makefile @@ -35,7 +35,7 @@ all: Local/Makefile configure @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) -# This pair for the convinience of of the Debian maintainers +# This pair for the convenience of of the Debian maintainers exim: Local/Makefile configure @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) exim utils: Local/Makefile configure diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index b9eaabaa6..f6b42f353 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -1,7 +1,7 @@ # This file is the basis of the main makefile for Exim and friends. The # makefile at the top level arranges to build the main makefile by calling # scripts/Configure-Makefile from within the build directory. This -# concatentates the configuration settings from Local/Makefile and other, +# concatenates the configuration settings from Local/Makefile and other, # optional, Local/* files at the front of this file, to create Makefile in the # build directory. # @@ -474,7 +474,7 @@ eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ # Compile step for most of the exim modules. HDRS is a list of headers -# which cause everthing to be rebuilt. PHDRS is the same, for the use +# which cause everything to be rebuilt. PHDRS is the same, for the use # of routers, transports, and authenticators. I can't find a way of doing this # in one. This list is overkill, but it doesn't really take much time to # rebuild Exim on a modern computer. @@ -645,7 +645,7 @@ tls.o: $(HDRS) tls.c \ tod.o: $(HDRS) tod.c transport.o: $(HDRS) transport.c tree.o: $(HDRS) tree.c -verify.o: $(HDRS) verify.c +verify.o: $(HDRS) transports/smtp.h verify.c dkim.o: $(HDRS) pdkim/pdkim.h dkim.c # Dependencies for WITH_CONTENT_SCAN modules @@ -779,10 +779,11 @@ sa-os.o: $(HDRS) os.c test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \ string.o tod.o version.o utf8.o $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c + $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \ dummies.o sa-globals.o sa-os.o store.o string.o \ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS) - rm -f dbfn.o + rm -f dbfn.o store.o test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \ store.o string.o tod.o tree.o diff --git a/src/OS/Makefile-CYGWIN b/src/OS/Makefile-CYGWIN index cda5d26cc..006e9feff 100644 --- a/src/OS/Makefile-CYGWIN +++ b/src/OS/Makefile-CYGWIN @@ -26,7 +26,7 @@ LIBS_EXIM +=../Local/exim_res.o ################################################## -# The following is normaly set in local/Makefile. +# The following is normally set in local/Makefile. # Makefile.cygwin provides defaults with which the # precompiled version is built ################################################## diff --git a/src/OS/Makefile-Default b/src/OS/Makefile-Default index a0d9afa95..b3990fe84 100644 --- a/src/OS/Makefile-Default +++ b/src/OS/Makefile-Default @@ -286,7 +286,7 @@ LOCAL_SCAN_SOURCE=src/local_scan.c ############################################################################# # The following definitions are relevant only when compiling the Exim monitor -# program, which requires an X11 display. See the varible EXIM_MONITOR in +# program, which requires an X11 display. See the variable EXIM_MONITOR in # src/EDITME for how to suppress this compilation. # X11 contains the location of the X11 libraries and include files. diff --git a/src/OS/Makefile-FreeBSD b/src/OS/Makefile-FreeBSD index ebb116bf2..7c6c06487 100644 --- a/src/OS/Makefile-FreeBSD +++ b/src/OS/Makefile-FreeBSD @@ -6,12 +6,16 @@ CHOWN_COMMAND=/usr/sbin/chown STRIP_COMMAND=/usr/bin/strip CHMOD_COMMAND=/bin/chmod +# FreeBSD Ports no longer insert compatibility symlinks into /usr/bin for +# scripting languages which traditionally have had them. +PERL_COMMAND=/usr/local/bin/perl + HAVE_SA_LEN=YES # crypt() is in a separate library LIBS=-lcrypt -lm -lutil -# Dynamicly loaded modules need to be built with -fPIC +# Dynamically loaded modules need to be built with -fPIC CFLAGS_DYNAMIC=-shared -rdynamic -fPIC # FreeBSD always ships with Berkeley DB diff --git a/src/OS/os.c-cygwin b/src/OS/os.c-cygwin index d7645fdbe..c9464aae2 100644 --- a/src/OS/os.c-cygwin +++ b/src/OS/os.c-cygwin @@ -190,7 +190,7 @@ void cygwin_premain2(int argc, char ** argv, struct per_process * ptr) and to avoid exec that cause loss of privilege If not privileged and unable to chown, we set the exim uid to our uid. - If unprivileged and /var/spool/exim is writable and not runing as listening daemon, + If unprivileged and /var/spool/exim is writable and not running as listening daemon, we fake all subsequent setuid. */ /* Get the system and admins uid from their sids */ diff --git a/src/OS/os.h-FreeBSD b/src/OS/os.h-FreeBSD index ba4889fec..bf43e0a3c 100644 --- a/src/OS/os.h-FreeBSD +++ b/src/OS/os.h-FreeBSD @@ -10,7 +10,28 @@ typedef struct flock flock_t; -/* default is non-const */ -#define ICONV_ARG2_TYPE const char ** +/* iconv arg2 type: libiconv in Ports uses "const char* * inbuf" and was + * traditionally the only approach available. The iconv functionality + * in libc is "char ** restrict src". + * + * + * says that libc has iconv since 2013, in 10-CURRENT. FreeBSD man-pages + * shows it included in 10.0-RELEASE. Writing this in 2017, 10.3 is the + * oldest supported release, so we should assume non-libiconv by default. + * (Actually, people still using old releases past EOL; we shouldn't support + * them but I don't want to deal with howls of complaints because we dare + * to not support the unsupported, so guard this on FreeBSD 10+) + * + * Thus we no longer override iconv. + * + * However, if libiconv is installed, and anything adds /usr/local/include + * to include-path (likely) then we'll get that. So define a variable + * which makes the libiconv try to not interfere with OS iconv. + */ +#if __FreeBSD__ >= 10 +# define LIBICONV_PLUG +#endif +/* for more specific version constraints, include and look at + * __FreeBSD_version */ /* End */ diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux index 510865c66..cc1cef99b 100644 --- a/src/OS/os.h-Linux +++ b/src/OS/os.h-Linux @@ -69,6 +69,8 @@ then change the 0 to 1 in the next block. */ # define EXIM_HAVE_OPENAT #endif +#include /* for TCP_FASTOPEN */ +#include /* for MSG_FASTOPEN */ #if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) # define MSG_FASTOPEN 0x20000000 #endif diff --git a/src/OS/os.h-SunOS5 b/src/OS/os.h-SunOS5 index 807212b85..dfbd8f1af 100644 --- a/src/OS/os.h-SunOS5 +++ b/src/OS/os.h-SunOS5 @@ -43,4 +43,9 @@ a buffer */ #define OS_GETCWD +#ifndef MIN +# define MIN(a,b) (((a)<(b))?(a):(b)) +# define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + /* End */ diff --git a/src/README.DSN b/src/README.DSN index 68d16415c..d700dd042 100644 --- a/src/README.DSN +++ b/src/README.DSN @@ -113,7 +113,7 @@ ChangeLog *) dsn_process switch removed *) every router "processes" DSN by default - *) there is no possibilty to "gag" DSN anymore since this violates RFC + *) there is no possibility to "gag" DSN anymore since this violates RFC *) dsn_lasthop switch added for routers *) if dsn_lasthop is set by a router it is handled as relaying to a non DSN aware relay. success mails are sent if Exim successfully diff --git a/src/README.UPDATING b/src/README.UPDATING index 8cb59e91e..05b3d9d97 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,6 +26,28 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.89 +----------------- + + * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final + newline; attempts to deliver such messages onwards to non-chunking hosts + would probably hang, as Exim does not insert the newline before a ".". + In 4.89, the newline is added upon receipt. For already-received messages + in your queue, try util/chunking_fixqueue_finalnewlines.pl + to walk the queue, fixing any affected messages. Note that because a + delivery attempt will be hanging, attempts to lock the messages for fixing + them will stall; stopping all queue-runners temporarily is recommended. + + * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest + supported by the OpenSSL project. If you can build Exim with an older + release series, congratulations. If you can't, then upgrade. + The file doc/openssl.txt contains instructions for installing a current + OpenSSL outside the system library paths and building Exim to use it. + + * FreeBSD: we now always use the system iconv in libc, as all versions of + FreeBSD supported by the FreeBSD project provide this functionality. + + Exim version 4.88 ----------------- @@ -541,7 +563,7 @@ Version 4.23 3. Version 4.23 saves the contents of the ACL variables with the message, so that they can be used later. If one of these variables contains a newline, there will be a newline character in the spool that will not be interpreted - correctely by a previous version of Exim. (Exim ignores keyed spool file + correctly by a previous version of Exim. (Exim ignores keyed spool file items that it doesn't understand - precisely for this kind of problem - but it expects them all to be on one line.) diff --git a/src/exim_monitor/em_StripChart.c b/src/exim_monitor/em_StripChart.c index 2409c40c2..3b94c2231 100644 --- a/src/exim_monitor/em_StripChart.c +++ b/src/exim_monitor/em_StripChart.c @@ -210,7 +210,7 @@ static void Destroy (gw) } /* - * NOTE: This function really needs to recieve graphics exposure + * NOTE: This function really needs to receive graphics exposure * events, but since this is not easily supported until R4 I am * going to hold off until then. */ diff --git a/src/exim_monitor/em_TextPop.c b/src/exim_monitor/em_TextPop.c index 03f97da52..7e8a2eba1 100644 --- a/src/exim_monitor/em_TextPop.c +++ b/src/exim_monitor/em_TextPop.c @@ -47,7 +47,7 @@ SOFTWARE. * used by all more than one of these dialogs. * * The following functions are the only non-static ones defined - * in this module. They are located at the begining of the + * in this module. They are located at the beginning of the * section that contains this dialog box that uses them. * * void _XawTextInsertFileAction(w, event, params, num_params); @@ -127,7 +127,7 @@ static char search_text_trans[] = * * Note: * - * If the search was sucessful and the argument popdown is passed to + * If the search was successful and the argument popdown is passed to * this action routine then the widget will automatically popdown the * search widget. */ @@ -171,7 +171,7 @@ Cardinal * num_params; PopdownSearch(w, (XtPointer) tw->text.search, NULL); } -/* Function Name: PopdownSeach +/* Function Name: PopdownSearch * Description: Pops down the search widget and resets it. * Arguments: w - *** NOT USED ***. * closure - a pointer to the search structure. @@ -223,7 +223,7 @@ XtPointer call_data; * The parameter list contains one or two entries that may be the following. * * First Entry: The first entry is the direction to search by default. - * This arguement must be specified and may have a value of + * This argument must be specified and may have a value of * "left" or "right". * * Second Entry: This entry is optional and contains the value of the default @@ -448,8 +448,8 @@ char * ptr; /* Function Name: DoSearch * Description: Performs a search. - * Arguments: search - the serach structure. - * Returns: TRUE if sucessful. + * Arguments: search - the search structure. + * Returns: TRUE if successful. */ /* ARGSUSED */ @@ -628,7 +628,7 @@ XEvent *event; * * NOTE: * - * The function argument is passed the following arguements. + * The function argument is passed the following arguments. * * form - the from widget that is the dialog. * ptr - the initial string for the dialog's text widget. diff --git a/src/exim_monitor/em_strip.c b/src/exim_monitor/em_strip.c index f0ad3abbb..2a5f0b84e 100644 --- a/src/exim_monitor/em_strip.c +++ b/src/exim_monitor/em_strip.c @@ -21,7 +21,7 @@ static int size_first_time = 1; /* and another */ static int stripchart_count = 0; /* count stripcharts created */ static int *stripchart_delay; /* vector of delay counts */ static Widget *stripchart_label; /* vector of label widgets */ -static int *stripchart_last_total; /* vector of prevous values */ +static int *stripchart_last_total; /* vector of previous values */ static int *stripchart_max; /* vector of maxima */ static int *stripchart_middelay; /* vector of */ static int *stripchart_midmax; /* vector of */ diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 3e486a6bb..b6f2e2e09 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -78,6 +78,8 @@ fi mf=Makefile mft=$mf-t mftt=$mf-tt +mftepcp=$mf-tepcp +mftepcp2=$mf-tepcp2 look_mf=lookups/Makefile look_mf_pre=${look_mf}.predynamic @@ -86,7 +88,7 @@ look_mf_post=${look_mf}.postdynamic # Ensure the temporary does not exist and start the new one by setting # the OSTYPE and ARCHTYPE variables. -rm -f $mft $mftt $look_mf-t +rm -f $mft $mftt $mftepcp $mftepcp2 $look_mf-t (echo "OSTYPE=$ostype"; echo "ARCHTYPE=$archtype"; echo "") > $mft || exit 1 # Now concatenate the files to the temporary file. Copy the files using sed to @@ -116,9 +118,33 @@ done \ | sed 's/^TMPDIR=/EXIM_&/' \ >> $mft || exit 1 +# handle PKG_CONFIG_PATH because we need it in our env, and we want to handle +# wildcards; note that this logic means all setting _appends_ values, never +# replacing; if that's a problem, we can revisit. +sed -n "s/^[$st]*PKG_CONFIG_PATH[$st]*[+]*=[$st]*//p" $mft | \ + sed "s/[$st]*\$//" >> $mftepcp +if test -s ./$mftepcp +then + # expand any wildcards and strip spaces, to make it a real PATH-like variable + ( IFS=":${IFS-$st}"; for P in `cat ./$mftepcp`; do echo "$P"; done ) | xargs | sed "s/[$st]/:/g" >./$mftepcp2 + sed "s/^/PKG_CONFIG_PATH='/" < ./$mftepcp2 | sed "s/\$/'/" > ./$mftepcp + . ./$mftepcp + export PKG_CONFIG_PATH + egrep -v "^[$st]*PKG_CONFIG_PATH[$st]*=" ./$mft > ./$mftt + rm -f ./$mft + ( + echo "# Collapsed PKG_CONFIG_PATH in build-prep:" + sed "s/'//g" ./$mftepcp + echo "# End of collapsed PKG_CONFIG_PATH" + echo "" + cat ./$mftt + ) > ./$mft + rm -f ./$mftt +fi +rm -f ./$mftepcp ./$mftepcp2 + # handle pkg-config # beware portability of extended regexps with sed. - egrep "^[$st]*(AUTH|LOOKUP)_[A-Z0-9_]*[$st]*=[$st]*" $mft | \ sed "s/[$st]*=/='/" | \ sed "s/\$/'/" > $mftt @@ -165,8 +191,8 @@ then echo "CFLAGS += $tls_include" echo "LDFLAGS += $tls_libs" else - echo "CFLAGS += $(libgcrypt-config --cflags)" - echo "LDFLAGS += $(libgcrypt-config --libs)" + echo "CFLAGS += `libgcrypt-config --cflags`" + echo "LDFLAGS += `libgcrypt-config --libs`" fi fi fi diff --git a/src/src/EDITME b/src/src/EDITME index 1bff9dab2..5ac5a55dc 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -192,6 +192,11 @@ SPOOL_DIRECTORY=/var/spool/exim # least one type of lookup. You should consider whether you want to build # the Exim monitor or not. +# If you need to override how pkg-config finds configuration files for +# installed software, then you can set that here; wildcards will be expanded. + +# PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig : /opt/*/lib/pkgconfig + #------------------------------------------------------------------------------ # These settings determine which individual router drivers are included in the @@ -597,7 +602,7 @@ FIXED_NEVER_USERS=root # That shim can set macros before .include'ing your main configuration file. # # As a strictly transient measure to ease migration to 4.73, the -# WHITELIST_D_MACROS value definies a colon-separated list of macro-names +# WHITELIST_D_MACROS value defines a colon-separated list of macro-names # which are permitted to be overridden from the command-line which will be # honoured by the Exim user. So these are macros that can persist to delivery # time. @@ -629,10 +634,14 @@ FIXED_NEVER_USERS=root # AUTH_GSASL_PC=libgsasl # AUTH_HEIMDAL_GSSAPI=yes # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi +# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 # AUTH_PLAINTEXT=yes # AUTH_SPA=yes # AUTH_TLS=yes +# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 +# requires multiple pkg-config files to work with Exim, so the second example +# above is needed. #------------------------------------------------------------------------------ # If you specified AUTH_CYRUS_SASL above, you should ensure that you have the @@ -685,6 +694,13 @@ HEADERS_CHARSET="ISO-8859-1" # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. +# +# nb: FreeBSD as of 4.89 defines LIBICONV_PLUG to pick up the system iconv +# more reliably. If you explicitly want the libiconv Port then as well +# as adding -liconv you'll want to unset LIBICONV_PLUG. If you actually need +# this, let us know, but for now the Exim Maintainers are assuming that this +# is uncommon and so you'll need to edit OS/os.h-FreeBSD yourself to remove +# the define. #------------------------------------------------------------------------------ @@ -1083,6 +1099,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # Note that this option adds to the size of the Exim binary, because the # dynamic loading library is not otherwise included. +# If libreadline is not in the normal library paths, then because Exim is +# setuid you'll need to ensure that the correct directory is stamped into +# the binary so that dlopen will find it. +# Eg, on macOS/Darwin with a third-party install of libreadline, perhaps: + +# EXTRALIBS_EXIM+=-Wl,-rpath,/usr/local/opt/readline/lib + #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. diff --git a/src/src/acl.c b/src/src/acl.c index 1ac2bee23..efab1d31e 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -573,7 +573,7 @@ static uschar *ratelimit_option_string[] = { /* Enable recursion between acl_check_internal() and acl_check_condition() */ -static int acl_check_wargs(int, address_item *, const uschar *, int, uschar **, +static int acl_check_wargs(int, address_item *, const uschar *, uschar **, uschar **); @@ -1167,7 +1167,7 @@ if (host_lookup_failed) /* Need to do a lookup */ HDEBUG(D_acl) - debug_printf("looking up host name to force name/address consistency check\n"); + debug_printf_indent("looking up host name to force name/address consistency check\n"); if ((rc = host_name_lookup()) != OK) { @@ -1201,7 +1201,7 @@ an odd configuration - why didn't the SRV record have a weight of 1 instead?) Arguments: dnsa the DNS answer block dnss a DNS scan block for us to use - reset option specifing what portion to scan, as described above + reset option specifying what portion to scan, as described above target the target hostname to use for matching RR names Returns: CSA_OK successfully authorized @@ -1241,7 +1241,7 @@ for (rr = dns_next_rr(dnsa, dnss, reset); { /* If the client IP address matches the target IP address, it's good! */ - DEBUG(D_acl) debug_printf("CSA target address is %s\n", da->address); + DEBUG(D_acl) debug_printf_indent("CSA target address is %s\n", da->address); if (strcmpic(sender_host_address, da->address) == 0) return CSA_OK; } @@ -1372,7 +1372,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); GETSHORT(port, p); DEBUG(D_acl) - debug_printf("CSA priority=%d weight=%d port=%d\n", priority, weight, port); + debug_printf_indent("CSA priority=%d weight=%d port=%d\n", priority, weight, port); /* Check the CSA version number */ @@ -1404,7 +1404,7 @@ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); (void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p, (DN_EXPAND_ARG4_TYPE)target, sizeof(target)); - DEBUG(D_acl) debug_printf("CSA target is %s\n", target); + DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target); break; } @@ -1633,7 +1633,7 @@ switch(vp->value) *log_msgptr = *user_msgptr = string_sprintf("client SMTP authorization %s", csa_reason_string[rc]); csa_status = csa_status_string[rc]; - DEBUG(D_acl) debug_printf("CSA result %s\n", csa_status); + DEBUG(D_acl) debug_printf_indent("CSA result %s\n", csa_status); return csa_return_code[rc]; case VERIFY_HDR_SYNTAX: @@ -1888,7 +1888,7 @@ else if (verify_sender_address) rc = sender_vaddr->special_action; *basic_errno = sender_vaddr->basic_errno; } - HDEBUG(D_acl) debug_printf("using cached sender verify result\n"); + HDEBUG(D_acl) debug_printf_indent("using cached sender verify result\n"); } /* Do a new verification, and cache the result. The cache is used to avoid @@ -1935,7 +1935,7 @@ else if (verify_sender_address) rc = verify_address(sender_vaddr, NULL, verify_options, callout, callout_overall, callout_connect, se_mailfrom, pm_mailfrom, &routed); - HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); + HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n"); if (rc != OK) *basic_errno = sender_vaddr->basic_errno; @@ -1943,10 +1943,10 @@ else if (verify_sender_address) DEBUG(D_acl) { if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0) - debug_printf("sender %s verified ok as %s\n", + debug_printf_indent("sender %s verified ok as %s\n", verify_sender_address, sender_vaddr->address); else - debug_printf("sender %s verified ok\n", + debug_printf_indent("sender %s verified ok\n", verify_sender_address); } } @@ -1988,7 +1988,7 @@ else addr2 = *addr; rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout, callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL); - HDEBUG(D_acl) debug_printf("----------- end verify ------------\n"); + HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n"); *basic_errno = addr2.basic_errno; *log_msgptr = addr2.message; @@ -2007,7 +2007,7 @@ else if (rc == DEFER && (defer_ok || (callout_defer_ok && *basic_errno == ERRNO_CALLOUTDEFER))) { - HDEBUG(D_acl) debug_printf("verify defer overridden by %s\n", + HDEBUG(D_acl) debug_printf_indent("verify defer overridden by %s\n", defer_ok? "defer_ok" : "callout_defer_ok"); rc = OK; } @@ -2240,7 +2240,7 @@ while ((ss = string_nextinlist(&arg, &sep, big_buffer, big_buffer_size)) else if (strcmpic(ss, US"per_byte") == 0) { /* If we have not yet received the message data and there was no SIZE - declaration on the MAIL comand, then it's safe to just use a value of + declaration on the MAIL command, then it's safe to just use a value of zero and let the recorded rate decay as if nothing happened. */ RATE_SET(mode, PER_MAIL); if (where > ACL_WHERE_NOTSMTP) badacl = TRUE; @@ -2306,7 +2306,7 @@ key = string_sprintf("%s/%s/%s%s", key); HDEBUG(D_acl) - debug_printf("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key); + debug_printf_indent("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key); /* See if we have already computed the rate by looking in the relevant tree. For per-connection rate limiting, store tree nodes and dbdata in the permanent @@ -2349,7 +2349,7 @@ if (t != NULL) store_pool = old_pool; sender_rate = string_sprintf("%.1f", dbd->rate); HDEBUG(D_acl) - debug_printf("ratelimit found pre-computed rate %s\n", sender_rate); + debug_printf_indent("ratelimit found pre-computed rate %s\n", sender_rate); return rc; } @@ -2361,7 +2361,7 @@ if (dbm == NULL) { store_pool = old_pool; sender_rate = NULL; - HDEBUG(D_acl) debug_printf("ratelimit database not available\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit database not available\n"); *log_msgptr = US"ratelimit database not available"; return DEFER; } @@ -2373,7 +2373,7 @@ gettimeofday(&tv, NULL); if (dbdb != NULL) { /* Locate the basic ratelimit block inside the DB data. */ - HDEBUG(D_acl) debug_printf("ratelimit found key in database\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit found key in database\n"); dbd = &dbdb->dbd; /* Forget the old Bloom filter if it is too old, so that we count each @@ -2383,7 +2383,7 @@ if (dbdb != NULL) if(unique != NULL && tv.tv_sec > dbdb->bloom_epoch + period) { - HDEBUG(D_acl) debug_printf("ratelimit discarding old Bloom filter\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit discarding old Bloom filter\n"); dbdb = NULL; } @@ -2391,7 +2391,7 @@ if (dbdb != NULL) if(unique != NULL && dbdb_size < sizeof(*dbdb)) { - HDEBUG(D_acl) debug_printf("ratelimit discarding undersize Bloom filter\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit discarding undersize Bloom filter\n"); dbdb = NULL; } } @@ -2404,14 +2404,14 @@ if (dbdb == NULL) if (unique == NULL) { /* No Bloom filter. This basic ratelimit block is initialized below. */ - HDEBUG(D_acl) debug_printf("ratelimit creating new rate data block\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit creating new rate data block\n"); dbdb_size = sizeof(*dbd); dbdb = store_get(dbdb_size); } else { int extra; - HDEBUG(D_acl) debug_printf("ratelimit creating new Bloom filter\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit creating new Bloom filter\n"); /* See the long comment below for an explanation of the magic number 2. The filter has a minimum size in case the rate limit is very small; @@ -2495,7 +2495,7 @@ if (unique != NULL && !readonly) /* Scan the bits corresponding to this event. A zero bit means we have not seen it before. Ensure all bits are set to record this event. */ - HDEBUG(D_acl) debug_printf("ratelimit checking uniqueness of %s\n", unique); + HDEBUG(D_acl) debug_printf_indent("ratelimit checking uniqueness of %s\n", unique); seen = TRUE; for (n = 0; n < 8; n++, hash += hinc) @@ -2513,11 +2513,11 @@ if (unique != NULL && !readonly) if (seen) { - HDEBUG(D_acl) debug_printf("ratelimit event found in Bloom filter\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit event found in Bloom filter\n"); count = 0.0; } else - HDEBUG(D_acl) debug_printf("ratelimit event added to Bloom filter\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit event added to Bloom filter\n"); } /* If there was no previous ratelimit data block for this key, initialize @@ -2526,7 +2526,7 @@ is what would be computed by the code below for an infinite interval. */ if (dbd == NULL) { - HDEBUG(D_acl) debug_printf("ratelimit initializing new key's rate data\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit initializing new key's rate data\n"); dbd = &dbdb->dbd; dbd->time_stamp = tv.tv_sec; dbd->time_usec = tv.tv_usec; @@ -2606,7 +2606,7 @@ else size of the event per the period size, ignoring the lack of events outside the current period and regardless of where the event falls in the period. So, if the interval was so long that the calculated rate is unhelpfully small, we - re-intialize the rate. In the absence of higher-rate bursts, the condition + re-initialize the rate. In the absence of higher-rate bursts, the condition below is true if the interval is greater than the period. */ if (dbd->rate < count) dbd->rate = count; @@ -2627,11 +2627,11 @@ neither leaky nor strict are set, so we do not do any updates. */ if ((rc == FAIL && leaky) || strict) { dbfn_write(dbm, key, dbdb, dbdb_size); - HDEBUG(D_acl) debug_printf("ratelimit db updated\n"); + HDEBUG(D_acl) debug_printf_indent("ratelimit db updated\n"); } else { - HDEBUG(D_acl) debug_printf("ratelimit db not updated: %s\n", + HDEBUG(D_acl) debug_printf_indent("ratelimit db not updated: %s\n", readonly? "readonly mode" : "over the limit, but leaky"); } @@ -2651,7 +2651,7 @@ store_pool = old_pool; sender_rate = string_sprintf("%.1f", dbd->rate); HDEBUG(D_acl) - debug_printf("ratelimit computed rate %s\n", sender_rate); + debug_printf_indent("ratelimit computed rate %s\n", sender_rate); return rc; } @@ -2729,7 +2729,7 @@ if (r == HOST_FIND_FAILED || r == HOST_FIND_AGAIN) } HDEBUG(D_acl) - debug_printf("udpsend [%s]:%d %s\n", h->address, portnum, arg); + debug_printf_indent("udpsend [%s]:%d %s\n", h->address, portnum, arg); r = s = ip_connectedsocket(SOCK_DGRAM, h->address, portnum, portnum, 1, NULL, &errstr); @@ -2751,7 +2751,7 @@ if (r < len) } HDEBUG(D_acl) - debug_printf("udpsend %d bytes\n", r); + debug_printf_indent("udpsend %d bytes\n", r); return OK; @@ -2813,14 +2813,14 @@ for (; cb != NULL; cb = cb->next) if (cb->type == ACLC_MESSAGE) { - HDEBUG(D_acl) debug_printf(" message: %s\n", cb->arg); + HDEBUG(D_acl) debug_printf_indent(" message: %s\n", cb->arg); user_message = cb->arg; continue; } if (cb->type == ACLC_LOG_MESSAGE) { - HDEBUG(D_acl) debug_printf("l_message: %s\n", cb->arg); + HDEBUG(D_acl) debug_printf_indent("l_message: %s\n", cb->arg); log_message = cb->arg; continue; } @@ -2838,25 +2838,22 @@ for (; cb != NULL; cb = cb->next) of them, but not for all, because expansion happens down in some lower level checking functions in some cases. */ - if (conditions[cb->type].expand_at_top) + if (!conditions[cb->type].expand_at_top) + arg = cb->arg; + else if (!(arg = expand_string(cb->arg))) { - arg = expand_string(cb->arg); - if (arg == NULL) - { - if (expand_string_forcedfail) continue; - *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", - cb->arg, expand_string_message); - return search_find_defer? DEFER : ERROR; - } + if (expand_string_forcedfail) continue; + *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", + cb->arg, expand_string_message); + return search_find_defer ? DEFER : ERROR; } - else arg = cb->arg; /* Show condition, and expanded condition if it's different */ HDEBUG(D_acl) { int lhswidth = 0; - debug_printf("check %s%s %n", + debug_printf_indent("check %s%s %n", (!conditions[cb->type].is_modifier && cb->u.negated)? "!":"", conditions[cb->type].name, &lhswidth); @@ -2896,7 +2893,7 @@ for (; cb != NULL; cb = cb->next) "discard" verb. */ case ACLC_ACL: - rc = acl_check_wargs(where, addr, arg, level+1, user_msgptr, log_msgptr); + rc = acl_check_wargs(where, addr, arg, user_msgptr, log_msgptr); if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD) { *log_msgptr = string_sprintf("nested ACL returned \"discard\" for " @@ -3001,7 +2998,7 @@ for (; cb != NULL; cb = cb->next) if (af < 0) { HDEBUG(D_acl) - debug_printf("smtp input is probably not a socket [%s], not setting DSCP\n", + debug_printf_indent("smtp input is probably not a socket [%s], not setting DSCP\n", strerror(errno)); break; } @@ -3009,12 +3006,12 @@ for (; cb != NULL; cb = cb->next) { if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0) { - HDEBUG(D_acl) debug_printf("failed to set input DSCP[%s]: %s\n", + HDEBUG(D_acl) debug_printf_indent("failed to set input DSCP[%s]: %s\n", p+1, strerror(errno)); } else { - HDEBUG(D_acl) debug_printf("set input DSCP to \"%s\"\n", p+1); + HDEBUG(D_acl) debug_printf_indent("set input DSCP to \"%s\"\n", p+1); } } else @@ -3279,12 +3276,12 @@ for (; cb != NULL; cb = cb->next) #ifdef EXPERIMENTAL_DCC case ACLC_DCC: { - /* Seperate the regular expression and any optional parameters. */ + /* Separate the regular expression and any optional parameters. */ const uschar * list = arg; uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size); /* Run the dcc backend. */ rc = dcc_process(&ss); - /* Modify return code based upon the existance of options. */ + /* Modify return code based upon the existence of options. */ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) rc = FAIL; /* FAIL so that the message is passed to the next ACL */ @@ -3309,12 +3306,12 @@ for (; cb != NULL; cb = cb->next) } else { - HDEBUG(D_acl) debug_printf("delay modifier requests %d-second delay\n", + HDEBUG(D_acl) debug_printf_indent("delay modifier requests %d-second delay\n", delay); if (host_checking) { HDEBUG(D_acl) - debug_printf("delay skipped in -bh checking mode\n"); + debug_printf_indent("delay skipped in -bh checking mode\n"); } /* NOTE 1: Remember that we may be @@ -3342,7 +3339,7 @@ for (; cb != NULL; cb = cb->next) n = 1; } if (poll(&p, n, delay*1000) > 0) - HDEBUG(D_acl) debug_printf("delay cancelled by peer close\n"); + HDEBUG(D_acl) debug_printf_indent("delay cancelled by peer close\n"); } #else /* It appears to be impossible to detect that a TCP/IP connection has @@ -3585,12 +3582,12 @@ for (; cb != NULL; cb = cb->next) #ifdef WITH_CONTENT_SCAN case ACLC_SPAM: { - /* Seperate the regular expression and any optional parameters. */ + /* Separate the regular expression and any optional parameters. */ const uschar * list = arg; uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size); /* Run the spam backend. */ rc = spam(CUSS &ss); - /* Modify return code based upon the existance of options. */ + /* Modify return code based upon the existence of options. */ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) != NULL) { if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) @@ -3845,7 +3842,6 @@ Arguments: where where called from addr address item when called from RCPT; otherwise NULL s the input string; NULL is the same as an empty ACL => DENY - level the nesting level user_msgptr where to put a user error (for SMTP response) log_msgptr where to put a logging message (not for SMTP response) @@ -3858,7 +3854,7 @@ Returns: OK access is granted */ static int -acl_check_internal(int where, address_item *addr, uschar *s, int level, +acl_check_internal(int where, address_item *addr, uschar *s, uschar **user_msgptr, uschar **log_msgptr) { int fd = -1; @@ -3868,25 +3864,24 @@ uschar *ss; /* Catch configuration loops */ -if (level > 20) +if (acl_level > 20) { *log_msgptr = US"ACL nested too deep: possible loop"; return ERROR; } -if (s == NULL) +if (!s) { - HDEBUG(D_acl) debug_printf("ACL is NULL: implicit DENY\n"); + HDEBUG(D_acl) debug_printf_indent("ACL is NULL: implicit DENY\n"); return FAIL; } /* At top level, we expand the incoming string. At lower levels, it has already been expanded as part of condition processing. */ -if (level == 0) +if (acl_level == 0) { - ss = expand_string(s); - if (ss == NULL) + if (!(ss = expand_string(s))) { if (expand_string_forcedfail) return OK; *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", s, @@ -3917,11 +3912,11 @@ if (Ustrchr(ss, ' ') == NULL) acl = (acl_block *)(t->data.ptr); if (acl == NULL) { - HDEBUG(D_acl) debug_printf("ACL \"%s\" is empty: implicit DENY\n", ss); + HDEBUG(D_acl) debug_printf_indent("ACL \"%s\" is empty: implicit DENY\n", ss); return FAIL; } acl_name = string_sprintf("ACL \"%s\"", ss); - HDEBUG(D_acl) debug_printf("using ACL \"%s\"\n", ss); + HDEBUG(D_acl) debug_printf_indent("using ACL \"%s\"\n", ss); } else if (*ss == '/') @@ -3955,7 +3950,7 @@ if (Ustrchr(ss, ' ') == NULL) (void)close(fd); acl_name = string_sprintf("ACL \"%s\"", ss); - HDEBUG(D_acl) debug_printf("read ACL from file %s\n", ss); + HDEBUG(D_acl) debug_printf_indent("read ACL from file %s\n", ss); } } @@ -3986,19 +3981,19 @@ while (acl != NULL) int cond; int basic_errno = 0; BOOL endpass_seen = FALSE; - BOOL acl_quit_check = level == 0 + BOOL acl_quit_check = acl_level == 0 && (where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT); *log_msgptr = *user_msgptr = NULL; acl_temp_details = FALSE; - HDEBUG(D_acl) debug_printf("processing \"%s\"\n", verbs[acl->verb]); + HDEBUG(D_acl) debug_printf_indent("processing \"%s\"\n", verbs[acl->verb]); /* Clear out any search error message from a previous check before testing this condition. */ search_error_message = NULL; - cond = acl_check_condition(acl->verb, acl->condition, where, addr, level, + cond = acl_check_condition(acl->verb, acl->condition, where, addr, acl_level, &endpass_seen, user_msgptr, log_msgptr, &basic_errno); /* Handle special returns: DEFER causes a return except on a WARN verb; @@ -4007,7 +4002,7 @@ while (acl != NULL) switch (cond) { case DEFER: - HDEBUG(D_acl) debug_printf("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name); + HDEBUG(D_acl) debug_printf_indent("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name); if (basic_errno != ERRNO_CALLOUTDEFER) { if (search_error_message != NULL && *search_error_message != 0) @@ -4023,28 +4018,28 @@ while (acl != NULL) default: /* Paranoia */ case ERROR: - HDEBUG(D_acl) debug_printf("%s: condition test error in %s\n", verbs[acl->verb], acl_name); + HDEBUG(D_acl) debug_printf_indent("%s: condition test error in %s\n", verbs[acl->verb], acl_name); return ERROR; case OK: - HDEBUG(D_acl) debug_printf("%s: condition test succeeded in %s\n", + HDEBUG(D_acl) debug_printf_indent("%s: condition test succeeded in %s\n", verbs[acl->verb], acl_name); break; case FAIL: - HDEBUG(D_acl) debug_printf("%s: condition test failed in %s\n", verbs[acl->verb], acl_name); + HDEBUG(D_acl) debug_printf_indent("%s: condition test failed in %s\n", verbs[acl->verb], acl_name); break; /* DISCARD and DROP can happen only from a nested ACL condition, and DISCARD can happen only for an "accept" or "discard" verb. */ case DISCARD: - HDEBUG(D_acl) debug_printf("%s: condition test yielded \"discard\" in %s\n", + HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"discard\" in %s\n", verbs[acl->verb], acl_name); break; case FAIL_DROP: - HDEBUG(D_acl) debug_printf("%s: condition test yielded \"drop\" in %s\n", + HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"drop\" in %s\n", verbs[acl->verb], acl_name); break; } @@ -4058,12 +4053,12 @@ while (acl != NULL) case ACL_ACCEPT: if (cond == OK || cond == DISCARD) { - HDEBUG(D_acl) debug_printf("end of %s: ACCEPT\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: ACCEPT\n", acl_name); return cond; } if (endpass_seen) { - HDEBUG(D_acl) debug_printf("accept: endpass encountered - denying access\n"); + HDEBUG(D_acl) debug_printf_indent("accept: endpass encountered - denying access\n"); return cond; } break; @@ -4071,7 +4066,7 @@ while (acl != NULL) case ACL_DEFER: if (cond == OK) { - HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: DEFER\n", acl_name); if (acl_quit_check) goto badquit; acl_temp_details = TRUE; return DEFER; @@ -4081,7 +4076,7 @@ while (acl != NULL) case ACL_DENY: if (cond == OK) { - HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: DENY\n", acl_name); if (acl_quit_check) goto badquit; return FAIL; } @@ -4090,13 +4085,13 @@ while (acl != NULL) case ACL_DISCARD: if (cond == OK || cond == DISCARD) { - HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: DISCARD\n", acl_name); if (acl_quit_check) goto badquit; return DISCARD; } if (endpass_seen) { - HDEBUG(D_acl) debug_printf("discard: endpass encountered - denying access\n"); + HDEBUG(D_acl) debug_printf_indent("discard: endpass encountered - denying access\n"); return cond; } break; @@ -4104,7 +4099,7 @@ while (acl != NULL) case ACL_DROP: if (cond == OK) { - HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: DROP\n", acl_name); if (acl_quit_check) goto badquit; return FAIL_DROP; } @@ -4113,7 +4108,7 @@ while (acl != NULL) case ACL_REQUIRE: if (cond != OK) { - HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name); + HDEBUG(D_acl) debug_printf_indent("end of %s: not OK\n", acl_name); if (acl_quit_check) goto badquit; return cond; } @@ -4143,11 +4138,11 @@ while (acl != NULL) /* We have reached the end of the ACL. This is an implicit DENY. */ -HDEBUG(D_acl) debug_printf("end of %s: implicit DENY\n", acl_name); +HDEBUG(D_acl) debug_printf_indent("end of %s: implicit DENY\n", acl_name); return FAIL; badquit: - *log_msgptr = string_sprintf("QUIT or not-QUIT teplevel ACL may not fail " + *log_msgptr = string_sprintf("QUIT or not-QUIT toplevel ACL may not fail " "('%s' verb used incorrectly)", verbs[acl->verb]); return ERROR; } @@ -4159,7 +4154,7 @@ badquit: the name of an ACL followed optionally by up to 9 space-separated arguments. The name and args are separately expanded. Args go into $acl_arg globals. */ static int -acl_check_wargs(int where, address_item *addr, const uschar *s, int level, +acl_check_wargs(int where, address_item *addr, const uschar *s, uschar **user_msgptr, uschar **log_msgptr) { uschar * tmp; @@ -4197,7 +4192,9 @@ while (i < 9) acl_arg[i++] = NULL; } -ret = acl_check_internal(where, addr, name, level, user_msgptr, log_msgptr); +acl_level++; +ret = acl_check_internal(where, addr, name, user_msgptr, log_msgptr); +acl_level--; acl_narg = sav_narg; for (i = 0; i < 9; i++) acl_arg[i] = sav_arg[i]; @@ -4222,6 +4219,7 @@ acl_eval(int where, uschar *s, uschar **user_msgptr, uschar **log_msgptr) { address_item adb; address_item *addr = NULL; +int rc; *user_msgptr = *log_msgptr = NULL; sender_verified_failed = NULL; @@ -4239,7 +4237,10 @@ if (where == ACL_WHERE_RCPT) addr->lc_local_part = deliver_localpart; } -return acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); +acl_level++; +rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr); +acl_level--; +return rc; } @@ -4303,7 +4304,9 @@ if (where==ACL_WHERE_RCPT || where==ACL_WHERE_VRFY) } acl_where = where; -rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); +acl_level = 0; +rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr); +acl_level = 0; acl_where = ACL_WHERE_UNKNOWN; /* Cutthrough - if requested, @@ -4348,9 +4351,9 @@ switch (where) if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s; acl_temp_details = TRUE; } - else + else { - HDEBUG(D_acl) debug_printf("cutthrough defer; will spool\n"); + HDEBUG(D_acl) debug_printf_indent("cutthrough defer; will spool\n"); rc = OK; } break; @@ -4422,12 +4425,10 @@ Returns the pointer to variable's tree node */ tree_node * -acl_var_create(uschar *name) +acl_var_create(uschar * name) { -tree_node *node, **root; -root = (name[0] == 'c')? &acl_var_c : &acl_var_m; -node = tree_search(*root, name); -if (node == NULL) +tree_node * node, ** root = name[0] == 'c' ? &acl_var_c : &acl_var_m; +if (!(node = tree_search(*root, name))) { node = store_get(sizeof(tree_node) + Ustrlen(name)); Ustrcpy(node->name, name); diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c index 3be00082d..1ae38a9a6 100644 --- a/src/src/auths/cram_md5.c +++ b/src/src/auths/cram_md5.c @@ -38,7 +38,7 @@ address can appear in the tables drtables.c. */ int auth_cram_md5_options_count = sizeof(auth_cram_md5_options)/sizeof(optionlist); -/* Default private options block for the contidion authentication method. */ +/* Default private options block for the condition authentication method. */ auth_cram_md5_options_block auth_cram_md5_option_defaults = { NULL, /* server_secret */ @@ -73,7 +73,7 @@ if (ob->client_secret != NULL) /************************************************* -* Peform the CRAM-MD5 algorithm * +* Perform the CRAM-MD5 algorithm * *************************************************/ /* The CRAM-MD5 algorithm is described in RFC 2195. It computes @@ -261,7 +261,7 @@ int i; uschar digest[16]; /* If expansion of either the secret or the user name failed, return CANCELLED -or ERROR, as approriate. */ +or ERROR, as appropriate. */ if (!secret || !name) { diff --git a/src/src/auths/get_data.c b/src/src/auths/get_data.c index f839a010e..11bc581b9 100644 --- a/src/src/auths/get_data.c +++ b/src/src/auths/get_data.c @@ -31,7 +31,7 @@ auth_get_data(uschar **aptr, uschar *challenge, int challen) int c; int p = 0; smtp_printf("334 %s\r\n", b64encode(challenge, challen)); -while ((c = receive_getc()) != '\n' && c != EOF) +while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF) { if (p >= big_buffer_size - 1) return BAD64; big_buffer[p++] = c; diff --git a/src/src/auths/get_no64_data.c b/src/src/auths/get_no64_data.c index d3ffe081e..71e71394c 100644 --- a/src/src/auths/get_no64_data.c +++ b/src/src/auths/get_no64_data.c @@ -32,7 +32,7 @@ auth_get_no64_data(uschar **aptr, uschar *challenge) int c; int p = 0; smtp_printf("334 %s\r\n", challenge); -while ((c = receive_getc()) != '\n' && c != EOF) +while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF) { if (p >= big_buffer_size - 1) return BAD64; big_buffer[p++] = c; diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index 87be9b5e1..77db2e775 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -275,7 +275,7 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data) /* Some auth mechanisms can ensure that both sides are talking withing the same security context; for TLS, this means that even if a bad certificate has been accepted, they remain MitM-proof because both sides must be within - the same negotiated session; if someone is terminating one sesson and + the same negotiated session; if someone is terminating one session and proxying data on within a second, authentication will fail. We might not have this available, depending upon TLS implementation, diff --git a/src/src/auths/plaintext.c b/src/src/auths/plaintext.c index aec079e67..161aab6c0 100644 --- a/src/src/auths/plaintext.c +++ b/src/src/auths/plaintext.c @@ -221,7 +221,7 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL } /* The first string is attached to the AUTH command; others are sent - unembelished. */ + unembellished. */ if (first) { diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 0bf7b0428..4d435a411 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -61,7 +61,7 @@ address can appear in the tables drtables.c. */ int auth_spa_options_count = sizeof(auth_spa_options)/sizeof(optionlist); -/* Default private options block for the contidion authentication method. */ +/* Default private options block for the condition authentication method. */ auth_spa_options_block auth_spa_option_defaults = { NULL, /* spa_password */ diff --git a/src/src/child.c b/src/src/child.c index 7f5b90929..de12c44b5 100644 --- a/src/src/child.c +++ b/src/src/child.c @@ -222,7 +222,7 @@ pid = fork(); /* Child process: make the reading end of the pipe into the standard input and close the writing end. If debugging, pass debug_fd as stderr. Then re-exec -Exim with appropriat options. In the test harness, use -odi unless queue_only +Exim with appropriate options. In the test harness, use -odi unless queue_only is set, so that the bounce is fully delivered before returning. Failure is signalled with EX_EXECFAILED (specified by CEE_EXEC_EXIT), but this shouldn't occur. */ diff --git a/src/src/configure.default b/src/src/configure.default index 985f1d0d8..a294dc3e6 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -334,7 +334,7 @@ timeout_frozen_after = 7d # libraries that Exim uses (e.g. LDAP) depend on specific environment settings. # There are two lists: keep_environment for the variables we trust, and # add_environment for variables we want to set to a specific value. -# Note that TZ is handled separateley by the timezone runtime option +# Note that TZ is handled separately by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. # keep_environment = ^LDAP diff --git a/src/src/convert4r3.src b/src/src/convert4r3.src index 0ccaf6cee..632eb70d7 100755 --- a/src/src/convert4r3.src +++ b/src/src/convert4r3.src @@ -1,4 +1,4 @@ -#! PERL_COMMAND -w +#! PERL_COMMAND # This is a Perl script that reads an Exim run-time configuration file and # checks for settings that were valid prior to release 3.00 but which were @@ -7,6 +7,8 @@ # It is assumed that the input is a valid Exim configuration file. +use warnings; +BEGIN { pop @INC if $INC[-1] eq '.' }; ################################################## # Analyse one line # diff --git a/src/src/convert4r4.src b/src/src/convert4r4.src index 4455fb7fe..fff4e478b 100755 --- a/src/src/convert4r4.src +++ b/src/src/convert4r4.src @@ -1,4 +1,4 @@ -#! PERL_COMMAND -w +#! PERL_COMMAND # This is a Perl script that reads an Exim run-time configuration file for # Exim 3. It makes what changes it can for Exim 4, and also output commentary @@ -6,6 +6,8 @@ # It is assumed that the input is a valid Exim 3 configuration file. +use warnings; +BEGIN { pop @INC if $INC[-1] eq '.' }; # These are lists of main options which are abolished in Exim 4. # The first contains options that are used to construct new options. diff --git a/src/src/daemon.c b/src/src/daemon.c index bc33aec45..ebd06b523 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with running Exim as a daemon */ @@ -19,7 +19,7 @@ typedef struct smtp_slot { } smtp_slot; /* An empty slot for initializing (Standard C does not allow constructor -expressions in assigments except as initializers in declarations). */ +expressions in assignments except as initializers in declarations). */ static smtp_slot empty_smtp_slot = { 0, NULL }; @@ -290,7 +290,7 @@ if ((max_for_this_host > 0) && int other_host_count = 0; /* keep a count of non matches to optimise */ for (i = 0; i < smtp_accept_max; ++i) - if (smtp_slots[i].host_address != NULL) + if (smtp_slots[i].host_address) { if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0) host_accept_count++; @@ -542,9 +542,9 @@ if (pid == 0) DEBUG(D_receive) { int i; - if (sender_address != NULL) + if (sender_address) debug_printf("Sender: %s\n", sender_address); - if (recipients_list != NULL) + if (recipients_list) { debug_printf("Recipients:\n"); for (i = 0; i < recipients_count; i++) @@ -564,6 +564,17 @@ if (pid == 0) /* Reclaim up the store used in accepting this message */ + return_path = sender_address = NULL; + authenticated_sender = NULL; + sending_ip_address = NULL; + deliver_host_address = deliver_host = + deliver_domain_orig = deliver_localpart_orig = NULL; + dnslist_domain = dnslist_matched = NULL; + callout_address = NULL; +#ifndef DISABLE_DKIM + dkim_cur_signer = NULL; +#endif + acl_var_m = NULL; store_reset(reset_point); /* If queue_only is set or if there are too many incoming connections in @@ -734,6 +745,8 @@ else (void)close(dup_accept_socket); the incoming host address and an expanded active_hostname. */ log_close_all(); +interface_address = +sender_host_address = NULL; store_reset(reset_point); sender_host_address = NULL; } @@ -842,13 +855,12 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) /* If it's a listening daemon for which we are keeping track of individual subprocesses, deal with an accepting process that has terminated. */ - if (smtp_slots != NULL) + if (smtp_slots) { for (i = 0; i < smtp_accept_max; i++) - { if (smtp_slots[i].pid == pid) { - if (smtp_slots[i].host_address != NULL) + if (smtp_slots[i].host_address) store_free(smtp_slots[i].host_address); smtp_slots[i] = empty_smtp_slot; if (--smtp_accept_count < 0) smtp_accept_count = 0; @@ -856,7 +868,6 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) smtp_accept_count, (smtp_accept_count == 1)? "" : "es"); break; } - } if (i < smtp_accept_max) continue; /* Found an accepting process */ } @@ -1119,7 +1130,7 @@ if (daemon_listen && !inetd_wait_mode) } /* Create a list of default SMTP ports, to be used if local_interfaces - contains entries without explict ports. First count the number of ports, then + contains entries without explicit ports. First count the number of ports, then build a translated list in a vector. */ list = daemon_smtp_port; @@ -1425,6 +1436,9 @@ if (daemon_listen && !inetd_wait_mode) necessary for (some release of) USAGI Linux; other IP stacks fail at the listen() stage instead. */ +#ifdef TCP_FASTOPEN + tcp_fastopen_ok = TRUE; +#endif for(;;) { uschar *msg, *addr; @@ -1461,7 +1475,10 @@ if (daemon_listen && !inetd_wait_mode) #ifdef TCP_FASTOPEN if (setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN, &smtp_connect_backlog, sizeof(smtp_connect_backlog))) + { DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno)); + tcp_fastopen_ok = FALSE; + } #endif /* Start listening on the bound socket, establishing the maximum backlog of @@ -1670,6 +1687,16 @@ else if (daemon_listen) } else if (ipa->address[0] == 0) (void)sprintf(CS p, " port %d (IPv4)", ipa->port); + else if ( i > 0 + && host_is_tls_on_connect_port(ipa[-1].port) == (j > 0) + && Ustrcmp(ipa->address, ipa[-1].address) == 0 + ) + { + if (p[-1] == '}') p--; + while (isdigit(*--p)) ; + (void)sprintf(CS p+1, "%s%d,%d}", *p == ',' ? "" : "{", + ipa[-1].port, ipa->port); + } else (void)sprintf(CS p, " [%s]:%d", ipa->address, ipa->port); while (*p != 0) p++; diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index 62778d18f..97acccb5a 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -25,7 +25,7 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) # define EXIM_HAVE_ASN1_MACROS # define EXIM_OPAQUE_X509 #else @@ -529,7 +529,7 @@ if (dane->depth < 0) /* * If the TA certificate is self-issued, or need not be, use it directly. - * Otherwise, synthesize requisuite ancestors. + * Otherwise, synthesize requisite ancestors. */ if ( !wrap_to_root || X509_check_issued(tacert, tacert) == X509_V_OK) @@ -667,7 +667,7 @@ for (n = sk_X509_num(in); n > 0; --n, ++depth) { if (grow_chain(dane, UNTRUSTED, ca)) { - if (!X509_check_issued(ca, ca) == X509_V_OK) + if (X509_check_issued(ca, ca) != X509_V_OK) { /* Restart with issuer as subject */ cert = ca; @@ -1658,7 +1658,7 @@ dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static void run_once(volatile int * once, void (*init)(void)) { diff --git a/src/src/dane.c b/src/src/dane.c index 99ca7d02a..137c75418 100644 --- a/src/src/dane.c +++ b/src/src/dane.c @@ -35,7 +35,7 @@ static void dummy(int x) { dummy(x-1); } /* DNSSEC support is also required */ # ifndef RES_USE_DNSSEC -# error DANE support requires that the DNS reolver library supports DNSSEC +# error DANE support requires that the DNS resolver library supports DNSSEC # endif # ifdef USE_GNUTLS diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index 93c715ac2..576941b61 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -582,7 +582,7 @@ done. Originally, there was only one structure, used for both types. However, it got expanded for domain records, so it got split. To make it possible for Exim to handle the old type of record, we retain the old definition. The different -kinds of record can be distinguised by their different lengths. */ +kinds of record can be distinguished by their different lengths. */ typedef struct { time_t time_stamp; diff --git a/src/src/dcc.c b/src/src/dcc.c index 1841e733d..fcdc5a897 100644 --- a/src/src/dcc.c +++ b/src/src/dcc.c @@ -297,7 +297,7 @@ dcc_process(uschar **listptr) } } - /* a blank line seperates header from body */ + /* a blank line separates header from body */ Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1); flushbuffer(sockfd, sendbuf); DEBUG(D_acl) diff --git a/src/src/debug.c b/src/src/debug.c index 8bf4aedd9..35571547f 100644 --- a/src/src/debug.c +++ b/src/src/debug.c @@ -30,7 +30,7 @@ static uschar tree_printline[tree_printlinesize]; Arguments: p tree node - pos amount of indenting & vertical bars to pring + pos amount of indenting & vertical bars to print barswitch if TRUE print | at the pos value Returns: nothing @@ -137,27 +137,41 @@ debug_printf("%s uid=%ld gid=%ld euid=%ld egid=%ld\n", s, *************************************************/ /* There are two entries, one for use when being called directly from a -function with a variable argument list. +function with a variable argument list, one for prepending an indent. If debug_pid is nonzero, print the pid at the start of each line. This is for tidier output when running parallel remote deliveries with debugging turned on. Must do the whole thing with a single printf and flush, as otherwise output may get interleaved. Since some calls to debug_printf() don't end with newline, -we save up the text until we do get the newline. */ +we save up the text until we do get the newline. +Take care to not disturb errno. */ + + +/* Debug printf indented by ACL nest depth */ +void +debug_printf_indent(const char * format, ...) +{ +va_list ap; +va_start(ap, format); +debug_vprintf(acl_level + expand_level, format, ap); +va_end(ap); +} void debug_printf(const char *format, ...) { va_list ap; va_start(ap, format); -debug_vprintf(format, ap); +debug_vprintf(0, format, ap); va_end(ap); } void -debug_vprintf(const char *format, va_list ap) +debug_vprintf(int indent, const char *format, va_list ap) { -if (debug_file == NULL) return; +int save_errno = errno; + +if (!debug_file) return; /* Various things can be inserted at the start of a line. Don't use the tod_stamp() function for the timestamp, because that will overwrite the @@ -192,6 +206,20 @@ if (debug_ptr == debug_buffer) debug_prefix_length = debug_ptr - debug_buffer; } +if (indent > 0) + { + int i; + for (i = indent >> 2; i > 0; i--) + { + Ustrcpy(debug_ptr, " " UTF8_VERT_2DASH); + debug_ptr += 6; /* 3 spaces + 3 UTF-8 octets */ + debug_prefix_length += 6; + } + Ustrncpy(debug_ptr, " ", indent &= 3); + debug_ptr += indent; + debug_prefix_length += indent; + } + /* Use the checked formatting routine to ensure that the buffer does not overflow. Ensure there's space for a newline at the end. */ @@ -235,6 +263,7 @@ if (debug_ptr[-1] == '\n') debug_ptr = debug_buffer; debug_prefix_length = 0; } +errno = save_errno; } /* End of debug.c */ diff --git a/src/src/deliver.c b/src/src/deliver.c index 9fe74df7c..cb4616e6c 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -671,7 +671,7 @@ address_item *aa; while (addr->parent) { addr = addr->parent; - if ((addr->child_count -= 1) > 0) return; /* Incomplete parent */ + if (--addr->child_count > 0) return; /* Incomplete parent */ address_done(addr, now); /* Log the completion of all descendents only when there is no ancestor with @@ -944,7 +944,7 @@ for (topaddr = addr; topaddr->parent; topaddr = topaddr->parent) ; /* We start with just the local part for pipe, file, and reply deliveries, and for successful local deliveries from routers that have the log_as_local flag set. File deliveries from filters can be specified as non-absolute paths in -cases where the transport is goin to complete the path. If there is an error +cases where the transport is going to complete the path. If there is an error before this happens (expansion failure) the local part will not be updated, and so won't necessarily look like a path. Add extra text for this case. */ @@ -2975,13 +2975,13 @@ while (addr_local) addr3 = store_get(sizeof(address_item)); *addr3 = *addr2; addr3->next = NULL; - addr3->shadow_message = (uschar *) &(addr2->shadow_message); + addr3->shadow_message = US &addr2->shadow_message; addr3->transport = stp; addr3->transport_return = DEFER; addr3->return_filename = NULL; addr3->return_file = -1; *last = addr3; - last = &(addr3->next); + last = &addr3->next; } /* If we found any addresses to shadow, run the delivery, and stick any @@ -3238,7 +3238,7 @@ uschar *endptr = big_buffer; uschar *ptr = endptr; uschar *msg = p->msg; BOOL done = p->done; -BOOL unfinished = TRUE; +BOOL finished = FALSE; /* minimum size to read is header size including id, subid and length */ int required = PIPE_HEADER_SIZE; @@ -3271,7 +3271,7 @@ while (!done) There will be only one read if we get all the available data (i.e. don't fill the buffer completely). */ - if (remaining < required && unfinished) + if (remaining < required && !finished) { int len; int available = big_buffer_size - remaining; @@ -3301,11 +3301,11 @@ while (!done) /* If the length is zero (eof or no-more-data), just process what we already have. Note that if the process is still running and we have read all the data in the pipe (but less that "available") then we - won't read any more, as "unfinished" will get set FALSE. */ + won't read any more, as "finished" will get set. */ endptr += len; remaining += len; - unfinished = len == available; + finished = len != available; } /* If we are at the end of the available data, exit the loop. */ @@ -3326,8 +3326,8 @@ while (!done) } DEBUG(D_deliver) - debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n", - id, subid, header+2, required, remaining, unfinished); + debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,finished:%d\n", + id, subid, header+2, required, remaining, finished); /* is there room for the dataset we want to read ? */ if (required > big_buffer_size - PIPE_HEADER_SIZE) @@ -3339,22 +3339,22 @@ while (!done) break; } - /* we wrote all datasets with atomic write() calls - remaining < required only happens if big_buffer was too small - to get all available data from pipe. unfinished has to be true - as well. */ + /* We wrote all datasets with atomic write() calls. Remaining < required only + happens if big_buffer was too small to get all available data from pipe; + finished has to be false as well. */ + if (remaining < required) { - if (unfinished) + if (!finished) continue; msg = string_sprintf("failed to read pipe from transport process " - "%d for transport %s: required size=%d > remaining size=%d and unfinished=false", + "%d for transport %s: required size=%d > remaining size=%d and finished=true", pid, addr->transport->driver_name, required, remaining); done = TRUE; break; } - /* step behind the header */ + /* Step past the header */ ptr += PIPE_HEADER_SIZE; /* Handle each possible type of item, assuming the complete item is @@ -3542,7 +3542,7 @@ while (!done) { #ifdef SUPPORT_SOCKS case '2': /* proxy information; must arrive before A0 and applies to that addr XXX oops*/ - proxy_session = TRUE; /*XXX shouod this be cleared somewhere? */ + proxy_session = TRUE; /*XXX should this be cleared somewhere? */ if (*ptr == 0) ptr++; else @@ -4344,7 +4344,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) ) ) && ( !multi_domain || ( ( - !tp->expand_multi_domain || (deliver_set_expansions(next), 1), + (void)(!tp->expand_multi_domain || ((void)deliver_set_expansions(next), 1)), exp_bool(addr, US"transport", next->transport->name, D_transport, US"multi_domain", next->transport->multi_domain, @@ -4569,7 +4569,7 @@ for (delivery_count = 0; addr_remote; delivery_count++) } /* Now fork a subprocess to do the remote delivery, but before doing so, - ensure that any cached resourses are released so as not to interfere with + ensure that any cached resources are released so as not to interfere with what happens in the subprocess. */ search_tidyup(); @@ -5031,6 +5031,7 @@ if (percent_hack_domains) address_item *new_parent = store_get(sizeof(address_item)); *new_parent = *addr; addr->parent = new_parent; + new_parent->child_count = 1; addr->address = new_address; addr->unique = string_copy(new_address); addr->domain = deliver_domain; @@ -5901,9 +5902,9 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) while (p) { - if (parent->child_count == SHRT_MAX) + if (parent->child_count == USHRT_MAX) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "system filter generated more " - "than %d delivery addresses", SHRT_MAX); + "than %d delivery addresses", USHRT_MAX); parent->child_count++; p->parent = parent; @@ -7141,10 +7142,9 @@ for (addr_dsntmp = addr_succeed; addr_dsntmp; addr_dsntmp = addr_dsntmp->next) ) { /* copy and relink address_item and send report with all of them at once later */ - address_item *addr_next; - addr_next = addr_senddsn; + address_item * addr_next = addr_senddsn; addr_senddsn = store_get(sizeof(address_item)); - memcpy(addr_senddsn, addr_dsntmp, sizeof(address_item)); + *addr_senddsn = *addr_dsntmp; addr_senddsn->next = addr_next; } else @@ -7347,7 +7347,7 @@ while (addr_failed) /* Otherwise, handle the sending of a message. Find the error address for the first address, then send a message that includes all failed addresses that have the same error address. Note the bounce_recipient is a global so - that it can be accesssed by $bounce_recipient while creating a customized + that it can be accessed by $bounce_recipient while creating a customized error message. */ else @@ -8301,7 +8301,7 @@ if (remove_journal) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", fname, strerror(errno)); - /* Move the message off the spool if reqested */ + /* Move the message off the spool if requested */ #ifdef SUPPORT_MOVE_FROZEN_MESSAGES if (deliver_freeze && move_frozen_messages) diff --git a/src/src/dkim.c b/src/src/dkim.c index 70c9547ec..f51021443 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge, 1995 - 2016 */ +/* Copyright (c) University of Cambridge, 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for DKIM support. Other DKIM relevant code is in @@ -18,6 +18,7 @@ int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; pdkim_signature *dkim_signatures = NULL; pdkim_signature *dkim_cur_sig = NULL; +static const uschar * dkim_collect_error = NULL; static int dkim_exim_query_dns_txt(char *name, char *answer) @@ -87,6 +88,7 @@ if (dkim_verify_ctx) dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing); dkim_collect_input = !!dkim_verify_ctx; +dkim_collect_error = NULL; /* Start feed up with any cached data */ receive_get_cache(); @@ -104,8 +106,9 @@ store_pool = POOL_PERM; if ( dkim_collect_input && (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK) { + dkim_collect_error = pdkim_errstr(rc); log_write(0, LOG_MAIN, - "DKIM: validation error: %.100s", pdkim_errstr(rc)); + "DKIM: validation error: %.100s", dkim_collect_error); dkim_collect_input = FALSE; } store_pool = dkim_verify_oldpool; @@ -115,27 +118,22 @@ store_pool = dkim_verify_oldpool; void dkim_exim_verify_finish(void) { -pdkim_signature *sig = NULL; -int dkim_signers_size = 0; -int dkim_signers_ptr = 0; -dkim_signers = NULL; -int rc; +pdkim_signature * sig = NULL; +int dkim_signers_size = 0, dkim_signers_ptr = 0, rc; +const uschar * errstr; store_pool = POOL_PERM; /* Delete eventual previous signature chain */ +dkim_signers = NULL; dkim_signatures = NULL; -/* If we have arrived here with dkim_collect_input == FALSE, it -means there was a processing error somewhere along the way. -Log the incident and disable futher verification. */ - -if (!dkim_collect_input) +if (dkim_collect_error) { log_write(0, LOG_MAIN, - "DKIM: Error while running this message through validation," - " disabling signature verification."); + "DKIM: Error during validation, disabling signature verification: %.100s", + dkim_collect_error); dkim_disable_verify = TRUE; goto out; } @@ -144,46 +142,49 @@ dkim_collect_input = FALSE; /* Finish DKIM operation and fetch link to signatures chain */ -if ((rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures)) != PDKIM_OK) +rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr); +if (rc != PDKIM_OK) { - log_write(0, LOG_MAIN, - "DKIM: validation error: %.100s", pdkim_errstr(rc)); + log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc), + errstr ? ": " : "", errstr ? errstr : US""); goto out; } for (sig = dkim_signatures; sig; sig = sig->next) { - int size = 0; - int ptr = 0; + int size = 0, ptr = 0; + uschar * logmsg = NULL, * s; /* Log a line for each signature */ - uschar *logmsg = string_append(NULL, &size, &ptr, 5, - string_sprintf("d=%s s=%s c=%s/%s a=%s b=%d ", - sig->domain, - sig->selector, - sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->algo == PDKIM_ALGO_RSA_SHA256 - ? "rsa-sha256" - : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err", - (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0 - ), - - sig->identity ? string_sprintf("i=%s ", sig->identity) : US"", - sig->created > 0 ? string_sprintf("t=%lu ", sig->created) : US"", - sig->expires > 0 ? string_sprintf("x=%lu ", sig->expires) : US"", - sig->bodylength > -1 ? string_sprintf("l=%lu ", sig->bodylength) : US"" - ); + if (!(s = sig->domain)) s = US""; + logmsg = string_append(logmsg, &size, &ptr, 2, "d=", s); + if (!(s = sig->selector)) s = US""; + logmsg = string_append(logmsg, &size, &ptr, 2, " s=", s); + logmsg = string_append(logmsg, &size, &ptr, 7, + " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + " a=", sig->algo == PDKIM_ALGO_RSA_SHA256 + ? "rsa-sha256" + : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err", + string_sprintf(" b=%d", + (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0)); + if ((s= sig->identity)) string_append(logmsg, &size, &ptr, 2, " i=", s); + if (sig->created > 0) string_append(logmsg, &size, &ptr, 1, + string_sprintf(" t=%lu", sig->created)); + if (sig->expires > 0) string_append(logmsg, &size, &ptr, 1, + string_sprintf(" x=%lu", sig->expires)); + if (sig->bodylength > -1) string_append(logmsg, &size, &ptr, 1, + string_sprintf(" l=%lu", sig->bodylength)); switch (sig->verify_status) { case PDKIM_VERIFY_NONE: - logmsg = string_append(logmsg, &size, &ptr, 1, "[not verified]"); + logmsg = string_append(logmsg, &size, &ptr, 1, " [not verified]"); break; case PDKIM_VERIFY_INVALID: - logmsg = string_append(logmsg, &size, &ptr, 1, "[invalid - "); + logmsg = string_append(logmsg, &size, &ptr, 1, " [invalid - "); switch (sig->verify_ext_status) { case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: @@ -220,7 +221,7 @@ for (sig = dkim_signatures; sig; sig = sig->next) case PDKIM_VERIFY_FAIL: logmsg = - string_append(logmsg, &size, &ptr, 1, "[verification failed - "); + string_append(logmsg, &size, &ptr, 1, " [verification failed - "); switch (sig->verify_ext_status) { case PDKIM_VERIFY_FAIL_BODY: @@ -240,7 +241,7 @@ for (sig = dkim_signatures; sig; sig = sig->next) case PDKIM_VERIFY_PASS: logmsg = - string_append(logmsg, &size, &ptr, 1, "[verification succeeded]"); + string_append(logmsg, &size, &ptr, 1, " [verification succeeded]"); break; } @@ -249,27 +250,15 @@ for (sig = dkim_signatures; sig; sig = sig->next) /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ - dkim_signers = string_append(dkim_signers, - &dkim_signers_size, - &dkim_signers_ptr, 2, sig->domain, ":"); + if (sig->domain) + dkim_signers = string_append_listele(dkim_signers, ':', sig->domain); if (sig->identity) - dkim_signers = string_append(dkim_signers, - &dkim_signers_size, - &dkim_signers_ptr, 2, sig->identity, ":"); + dkim_signers = string_append_listele(dkim_signers, ':', sig->identity); /* Process next signature */ } -/* NULL-terminate and chop the last colon from the domain list */ - -if (dkim_signers) - { - dkim_signers[dkim_signers_ptr] = '\0'; - if (Ustrlen(dkim_signers) > 0) - dkim_signers[Ustrlen(dkim_signers) - 1] = '\0'; - } - out: store_pool = dkim_verify_oldpool; } @@ -306,7 +295,7 @@ for (sig = dkim_signatures; sig; sig = sig->next) dkim_signing_domain = US sig->domain; dkim_signing_selector = US sig->selector; - dkim_key_length = sig->sigdata.len * 8; + dkim_key_length = sig->sighash.len * 8; return; } } @@ -460,7 +449,7 @@ switch (what) uschar * -dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim) +dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim, const uschar ** errstr) { const uschar * dkim_domain; int sep = 0; @@ -582,7 +571,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, if (dkim_private_key_expanded[0] == '/') { - int privkey_fd = 0; + int privkey_fd, off = 0, len; /* Looks like a filename, load the private key. */ @@ -596,22 +585,33 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, goto bad; } - if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0) + do { - log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", - dkim_private_key_expanded); - goto bad; + if ((len = read(privkey_fd, big_buffer + off, big_buffer_size - 2 - off)) < 0) + { + (void) close(privkey_fd); + log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", + dkim_private_key_expanded); + goto bad; + } + off += len; } + while (len > 0); (void) close(privkey_fd); + big_buffer[off] = '\0'; dkim_private_key_expanded = big_buffer; } - ctx = pdkim_init_sign( CS dkim_signing_domain, - CS dkim_signing_selector, - CS dkim_private_key_expanded, - PDKIM_ALGO_RSA_SHA256, - dkim->dot_stuffed); + if (!(ctx = pdkim_init_sign(CS dkim_signing_domain, + CS dkim_signing_selector, + CS dkim_private_key_expanded, + PDKIM_ALGO_RSA_SHA256, + dkim->dot_stuffed, + &dkim_exim_query_dns_txt, + errstr + ))) + goto bad; dkim_private_key_expanded[0] = '\0'; pdkim_set_optional(ctx, CS dkim_sign_headers_expanded, @@ -633,7 +633,7 @@ while ((dkim_signing_domain = string_nextinlist(&dkim_domain, &sep, goto bad; } - if ((pdkim_rc = pdkim_feed_finish(ctx, &signature)) != PDKIM_OK) + if ((pdkim_rc = pdkim_feed_finish(ctx, &signature, errstr)) != PDKIM_OK) goto pk_bad; sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2, diff --git a/src/src/dkim.h b/src/src/dkim.h index 8474962fc..bfdc7d42b 100644 --- a/src/src/dkim.h +++ b/src/src/dkim.h @@ -6,7 +6,7 @@ /* See the file NOTICE for conditions of use and distribution. */ void dkim_exim_init(void); -uschar *dkim_exim_sign(int, struct ob_dkim *); +uschar *dkim_exim_sign(int, struct ob_dkim *, const uschar **); void dkim_exim_verify_init(BOOL); void dkim_exim_verify_feed(uschar *, int); void dkim_exim_verify_finish(void); diff --git a/src/src/dns.c b/src/src/dns.c index fc0ffb2ba..e29f86c48 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for interfacing with the DNS. */ @@ -326,7 +326,7 @@ The result is in static storage which must be copied if it is to be preserved. Arguments: dnsa pointer to dns answer block dnss pointer to dns scan block - reset option specifing what portion to scan, as described above + reset option specifying what portion to scan, as described above Returns: next dns record, or NULL when no more */ @@ -349,8 +349,8 @@ trace = trace; if (reset != RESET_NEXT) { - TRACE debug_printf("%s: reset\n", __FUNCTION__); dnss->rrcount = ntohs(h->qdcount); + TRACE debug_printf("%s: reset (Q rrcount %d)\n", __FUNCTION__, dnss->rrcount); dnss->aptr = dnsa->answer + sizeof(HEADER); /* Skip over questions; failure to expand the name just gives up */ @@ -369,6 +369,7 @@ if (reset != RESET_NEXT) /* Get the number of answer records. */ dnss->rrcount = ntohs(h->ancount); + TRACE debug_printf("%s: reset (A rrcount %d)\n", __FUNCTION__, dnss->rrcount); /* Skip over answers if we want to look at the authority section. Also skip the NS records (i.e. authority section) if wanting to look at the additional @@ -378,6 +379,7 @@ if (reset != RESET_NEXT) { TRACE debug_printf("%s: additional\n", __FUNCTION__); dnss->rrcount += ntohs(h->nscount); + TRACE debug_printf("%s: reset (NS rrcount %d)\n", __FUNCTION__, dnss->rrcount); } if (reset == RESET_AUTHORITY || reset == RESET_ADDITIONAL) @@ -400,6 +402,8 @@ if (reset != RESET_NEXT) } dnss->rrcount = reset == RESET_AUTHORITY ? ntohs(h->nscount) : ntohs(h->arcount); + TRACE debug_printf("%s: reset (%s rrcount %d)\n", __FUNCTION__, + reset == RESET_AUTHORITY ? "NS" : "AR", dnss->rrcount); } TRACE debug_printf("%s: %d RRs to read\n", __FUNCTION__, dnss->rrcount); } @@ -443,17 +447,17 @@ for convenience so that the scans can use nice-looking for loops. */ return &dnss->srr; null_return: - TRACE debug_printf("%s: terminate (%d RRs left). Last op: %s\n", - __FUNCTION__, dnss->rrcount, trace); + TRACE debug_printf("%s: terminate (%d RRs left). Last op: %s; errno %d %s\n", + __FUNCTION__, dnss->rrcount, trace, errno, strerror(errno)); dnss->rrcount = 0; return NULL; } /* Extract the AUTHORITY information from the answer. If the answer isn't -authoritive (AA not set), we do not extract anything. +authoritative (AA not set), we do not extract anything. -The AUTHORITIVE section contains NS records if the name in question was found, +The AUTHORITY section contains NS records if the name in question was found, it contains a SOA record otherwise. (This is just from experience and some tests, is there some spec?) @@ -486,7 +490,7 @@ return NULL; /* We do not perform DNSSEC work ourselves; if the administrator has installed a verifying resolver which sets AD as appropriate, though, we'll use that. -(AD = Authentic Data, AA = Authoritive Answer) +(AD = Authentic Data, AA = Authoritative Answer) Argument: pointer to dns answer block Returns: bool indicating presence of AD bit @@ -506,7 +510,7 @@ const uschar * trusted; if (h->ad) return TRUE; -/* If the resolver we ask is authoritive for the domain in question, it +/* If the resolver we ask is authoritative for the domain in question, it * may not set the AD but the AA bit. If we explicitly trust * the resolver for that domain (via a domainlist in dns_trust_aa), * we return TRUE to indicate a secure answer. @@ -542,7 +546,7 @@ h->aa = h->ad = 0; /************************************************ * Check whether the AA bit is set * * We need this to warn if we requested AD * - * from an authoritive server * + * from an authoritative server * ************************************************/ BOOL @@ -626,7 +630,7 @@ return rc; /* Call the resolver to look up the given domain name, using the given type, and check the result. The error code TRY_AGAIN is documented as meaning "non- -Authoritive Host not found, or SERVERFAIL". Sometimes there are badly set +Authoritative Host not found, or SERVERFAIL". Sometimes there are badly set up nameservers that produce this error continually, so there is the option of providing a list of domains for which this is treated as a non-existent host. @@ -694,7 +698,7 @@ if ((previous = tree_search(tree_dns_fails, node_name))) } #endif -/* If configured, check the hygene of the name passed to lookup. Otherwise, +/* If configured, check the hygiene of the name passed to lookup. Otherwise, although DNS lookups may give REFUSED at the lower level, some resolvers turn this into TRY_AGAIN, which is silly. Give a NOMATCH return, since such domains cannot be in the DNS. The check is now done by a regular expression; @@ -727,7 +731,7 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) } if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname), - 0, PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int)) < 0) + 0, PCRE_EOPT, ovector, nelem(ovector)) < 0) { DEBUG(D_dns) debug_printf("DNS name syntax check failed: %s (%s)\n", name, @@ -756,14 +760,15 @@ if ((type == T_A || type == T_AAAA) && string_is_ip_address(name, NULL) != 0) domains, and interfaces to a fake nameserver for certain special zones. */ dnsa->answerlen = running_in_test_harness - ? fakens_search(name, type, dnsa->answer, MAXPACKET) - : res_search(CCS name, C_IN, type, dnsa->answer, MAXPACKET); + ? fakens_search(name, type, dnsa->answer, sizeof(dnsa->answer)) + : res_search(CCS name, C_IN, type, dnsa->answer, sizeof(dnsa->answer)); -if (dnsa->answerlen > MAXPACKET) +if (dnsa->answerlen > (int) sizeof(dnsa->answer)) { - DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet (size %d), truncating to %d.\n", - name, dns_text_type(type), dnsa->answerlen, MAXPACKET); - dnsa->answerlen = MAXPACKET; + DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet" + " (size %d), truncating to %u.\n", + name, dns_text_type(type), dnsa->answerlen, (unsigned int) sizeof(dnsa->answer)); + dnsa->answerlen = sizeof(dnsa->answer); } if (dnsa->answerlen < 0) switch (h_errno) diff --git a/src/src/drtables.c b/src/src/drtables.c index a3fa328b9..3e1c5e626 100644 --- a/src/src/drtables.c +++ b/src/src/drtables.c @@ -21,7 +21,7 @@ int lookup_list_count = 0; static int lookup_list_init_done = 0; -/* Table of information about all possible authentication mechamisms. All +/* Table of information about all possible authentication mechanisms. All entries are always present if any mechanism is declared, but the functions are set to NULL for those that are not compiled into the binary. */ diff --git a/src/src/exicyclog.src b/src/src/exicyclog.src index c491b205b..4fb160ac0 100644 --- a/src/src/exicyclog.src +++ b/src/src/exicyclog.src @@ -232,16 +232,16 @@ $b # Now do the job. First remove the files that have "fallen off the bottom". # Look for both the compressed and uncompressed forms. -if [ $keep -lt 10 ]; then keept=0$keep; else keept=$keep; fi; +if [ $keep -lt 10 ]; then rotation=0$keep; else rotation=$keep; fi; -if [ -f $mainlog.$keept ]; then $rm $mainlog.$keept; fi; -if [ -f $mainlog.$keept.$suffix ]; then $rm $mainlog.$keept.$suffix; fi; +if [ -f $mainlog.$rotation ]; then $rm $mainlog.$rotation; fi; +if [ -f $mainlog.$rotation.$suffix ]; then $rm $mainlog.$rotation.$suffix; fi; -if [ -f $rejectlog.$keept ]; then $rm $rejectlog.$keept; fi; -if [ -f $rejectlog.$keept.$suffix ]; then $rm $rejectlog.$keept.$suffix; fi; +if [ -f $rejectlog.$rotation ]; then $rm $rejectlog.$rotation; fi; +if [ -f $rejectlog.$rotation.$suffix ]; then $rm $rejectlog.$rotation.$suffix; fi; -if [ -f $paniclog.$keept ]; then $rm $paniclog.$keept; fi; -if [ -f $paniclog.$keept.$suffix ]; then $rm $paniclog.$keept.$suffix; fi; +if [ -f $paniclog.$rotation ]; then $rm $paniclog.$rotation; fi; +if [ -f $paniclog.$rotation.$suffix ]; then $rm $paniclog.$rotation.$suffix; fi; # Now rename all the previous old files by increasing their numbers by 1. # When the number is less than 10, insert a leading zero. diff --git a/src/src/exigrep.src b/src/src/exigrep.src index bb994d769..faa5cb73b 100644 --- a/src/src/exigrep.src +++ b/src/src/exigrep.src @@ -1,6 +1,8 @@ -#! PERL_COMMAND -w +#! PERL_COMMAND +use warnings; use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; # Copyright (c) 2007-2015 University of Cambridge. # See the file NOTICE for conditions of use and distribution. @@ -174,7 +176,7 @@ sub detect_compressor_capable { if ($filename =~ /\.(?:$ext)$/) { - # Just die if compressor not found; if this occurrs in the middle of + # Just die if compressor not found; if this occurs in the middle of # two valid files with a lot of matches, error could easily be missed. die("Didn't find $ext decompressor for $filename\n") if ($compressors->{$ext}->{bin} eq ''); diff --git a/src/src/exim.c b/src/src/exim.c index e63997030..fd08cc780 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -12,7 +12,7 @@ Also a few functions that don't naturally fit elsewhere. */ #include "exim.h" -#ifdef __GLIBC__ +#if defined(__GLIBC__) && !defined(__UCLIBC__) # include #endif @@ -365,7 +365,7 @@ return 0; /* Exim uses a time + a pid to generate a unique identifier in two places: its message IDs, and in file names for maildir deliveries. Because some OS now re-use pids within the same second, sub-second times are now being used. -However, for absolute certaintly, we must ensure the clock has ticked before +However, for absolute certainty, we must ensure the clock has ticked before allowing the relevant process to complete. At the time of implementation of this code (February 2003), the speed of processors is such that the clock will invariably have ticked already by the time a process has done its job. This @@ -1044,7 +1044,7 @@ DEBUG(D_any) do { fprintf(f, "Compiler: \n"); #endif -#ifdef __GLIBC__ +#if defined(__GLIBC__) && !defined(__UCLIBC__) fprintf(f, "Library version: Glibc: Compile: %d.%d\n", __GLIBC__, __GLIBC_MINOR__); if (__GLIBC_PREREQ(2, 1)) @@ -1331,7 +1331,7 @@ static void exim_usage(uschar *progname) { -/* Handle specific program invocation varients */ +/* Handle specific program invocation variants */ if (Ustrcmp(progname, US"-mailq") == 0) { fprintf(stderr, @@ -1900,7 +1900,7 @@ for (i = 1; i < argc; i++) break; } - /* An option consistion of -- terminates the options */ + /* An option consisting of -- terminates the options */ if (Ustrcmp(arg, "--") == 0) { @@ -2294,7 +2294,7 @@ for (i = 1; i < argc; i++) #ifdef ALT_CONFIG_PREFIX int sep = 0; int len = Ustrlen(ALT_CONFIG_PREFIX); - uschar *list = argrest; + const uschar *list = argrest; uschar *filename; while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)) != NULL) @@ -2708,18 +2708,19 @@ for (i = 1; i < argc; i++) return EXIT_FAILURE; } - /* Set up $sending_ip_address and $sending_port */ + /* Set up $sending_ip_address and $sending_port, unless proxied */ - if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), - &size) == 0) - sending_ip_address = host_ntoa(-1, &interface_sock, NULL, - &sending_port); - else - { - fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", - strerror(errno)); - return EXIT_FAILURE; - } + if (!continue_proxy) + if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock), + &size) == 0) + sending_ip_address = host_ntoa(-1, &interface_sock, NULL, + &sending_port); + else + { + fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n", + strerror(errno)); + return EXIT_FAILURE; + } if (running_in_test_harness) millisleep(500); break; @@ -2727,7 +2728,7 @@ for (i = 1; i < argc; i++) else if (*argrest == 'C' && argrest[1] && !argrest[2]) { - switch(argrest[1]) + switch(argrest[1]) { /* -MCA: set the smtp_authenticated flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which @@ -2771,6 +2772,17 @@ for (i = 1; i < argc; i++) case 'S': smtp_peer_options |= PEER_OFFERED_SIZE; break; #ifdef SUPPORT_TLS + /* -MCt: similar to -MCT below but the connection is still open + via a proxy proces which handles the TLS context and coding. + Require two arguments for the proxied local address and port. */ + + case 't': continue_proxy = TRUE; + if (++i < argc) sending_ip_address = argv[i]; + else badarg = TRUE; + if (++i < argc) sending_port = (int)(Uatol(argv[i])); + else badarg = TRUE; + /*FALLTHROUGH*/ + /* -MCT: set the tls_offered flag; this is useful only when it precedes -MC (see above). The flag indicates that the host to which Exim is connected has offered TLS support. */ @@ -3195,7 +3207,10 @@ for (i = 1; i < argc; i++) } else { + int old_pool = store_pool; + store_pool = POOL_PERM; received_protocol = string_copyn(argrest, hn - argrest); + store_pool = old_pool; sender_host_name = hn + 1; } } @@ -5087,7 +5102,7 @@ if (host_checking) verify_get_ident(1413); } - /* In case the given address is a non-canonical IPv6 address, canonicize + /* In case the given address is a non-canonical IPv6 address, canonicalize it. The code works for both IPv4 and IPv6, as it happens. */ size = host_aton(sender_host_address, x); @@ -5121,12 +5136,21 @@ if (host_checking) if (smtp_start_session()) { - reset_point = store_get(0); - for (;;) + for (reset_point = store_get(0); ; store_reset(reset_point)) { - store_reset(reset_point); if (smtp_setup_msg() <= 0) break; if (!receive_msg(FALSE)) break; + + return_path = sender_address = NULL; + dnslist_domain = dnslist_matched = NULL; +#ifndef DISABLE_DKIM + dkim_cur_signer = NULL; +#endif + acl_var_m = NULL; + deliver_localpart_orig = NULL; + deliver_domain_orig = NULL; + callout_address = sending_ip_address = NULL; + sender_rate = sender_rate_limit = sender_rate_period = NULL; } smtp_log_no_mail(); } @@ -5249,8 +5273,11 @@ if (smtp_input) } else { - if (received_protocol == NULL) + int old_pool = store_pool; + store_pool = POOL_PERM; + if (!received_protocol) received_protocol = string_sprintf("local%s", called_as); + store_pool = old_pool; set_process_info("accepting a local non-SMTP message from <%s>", sender_address); } @@ -5336,7 +5363,7 @@ February 2003: That's *still* not the end of the story. There are now versions of Linux (where SIG_IGN does work) that are picky. If, having set SIG_IGN, a process then calls waitpid(), a grumble is written to the system log, because this is logically inconsistent. In other words, it doesn't like the paranoia. -As a consequenc of this, the waitpid() below is now excluded if we are sure +As a consequence of this, the waitpid() below is now excluded if we are sure that SIG_IGN works. */ if (!synchronous_delivery) @@ -5364,7 +5391,6 @@ collapsed). */ while (more) { - store_reset(reset_point); message_id[0] = 0; /* Handle the SMTP case; call smtp_setup_mst() to deal with the initial SMTP @@ -5406,7 +5432,7 @@ while (more) more = receive_msg(extract_recipients); if (message_id[0] == 0) { - if (more) continue; + if (more) goto moreloop; smtp_log_no_mail(); /* Log no mail if configured */ exim_exit(EXIT_FAILURE); } @@ -5556,7 +5582,7 @@ while (more) if (!receive_timeout) { - struct timeval t = { 30*60, 0 }; /* 30 minutess */ + struct timeval t = { 30*60, 0 }; /* 30 minutes */ fd_set r; FD_ZERO(&r); FD_SET(0, &r); @@ -5769,6 +5795,23 @@ while (more) #ifndef SIG_IGN_WORKS while (waitpid(-1, NULL, WNOHANG) > 0); #endif + +moreloop: + return_path = sender_address = NULL; + authenticated_sender = NULL; + deliver_localpart_orig = NULL; + deliver_domain_orig = NULL; + deliver_host = deliver_host_address = NULL; + dnslist_domain = dnslist_matched = NULL; +#ifdef WITH_CONTENT_SCAN + malware_name = NULL; +#endif + callout_address = NULL; + sending_ip_address = NULL; + acl_var_m = NULL; + { int i; for(i=0; i time. -use vars qw($last_timestamp $last_time); #The last time convertion done. -use vars qw($last_date $date_seconds); #The last date convertion done. -use vars qw($last_offset $offset_seconds); #The last time offset convertion done. +use vars qw($last_timestamp $last_time); #The last time conversion done. +use vars qw($last_date $date_seconds); #The last date conversion done. +use vars qw($last_offset $offset_seconds); #The last time offset conversion done. use vars qw($localtime_offset); use vars qw($i); #General loop counter. use vars qw($debug); #Debug mode? @@ -614,7 +616,7 @@ use vars qw(%ham_count_by_ip %spam_count_by_ip); use vars qw(%rejected_count_by_ip %rejected_count_by_reason); use vars qw(%temporarily_rejected_count_by_ip %temporarily_rejected_count_by_reason); -#For use in Speadsheed::WriteExcel +#For use in Spreadsheet::WriteExcel use vars qw($workbook $ws_global $ws_relayed $ws_errors); use vars qw($row $col $row_hist $col_hist); use vars qw($run_hist); @@ -758,7 +760,7 @@ sub volume_rounded { else { # We don't want any rounding to be done. # and we don't need broken formatted output which on one hand avoids numbers from - # being interpreted as string by Spreadsheed Calculators, on the other hand + # being interpreted as string by Spreadsheet Calculators, on the other hand # breaks if more than 4 digits! -> flexible length instead of fixed length # Format the return value at the output routine! -fh #$rounded = sprintf("%d", ($g * $gig) + $x); @@ -928,7 +930,7 @@ sub seconds { } my $time = $date_seconds + ($5 * 3600) + ($6 * 60) + $7; - # SC. Use cacheing. Also note we want seconds not minutes. + # SC. Use caching. Also note we want seconds not minutes. #my($this_offset) = ($10 * 60 + $11) * ($9 . "1") if defined $8; if (defined $8 && ($8 ne $last_offset)) { $last_offset = $8; @@ -1650,7 +1652,7 @@ sub top_n_sort { # Create a dummy hash entry for the key if required. # Note that setting the dummy_hash value sets it for both href2 & - # href3. Also note that currently we are guarenteed to have a real + # href3. Also note that currently we are guaranteed to have a real # value for href3 if a real value for href2 exists so don't need to # test for it as well. $dummy_hash{$key} = 0 unless exists $href2->{$key}; @@ -2729,7 +2731,7 @@ sub print_grandtotals { if ($messages > 0) { @content = ($total_aref->[0], '', $messages, ''); - #Count the number of distict IPs for the Hosts column. + #Count the number of distinct IPs for the Hosts column. push(@content,scalar(keys %{$total_aref->[1]})) if $do_sender{Host}; #These rows do not have entries for the following columns (if specified) @@ -3676,7 +3678,7 @@ sub update_relayed { # # add_to_totals(\%totals,\@keys,$values); # -# Given a line of space seperated values, add them into the provided hash using @keys +# Given a line of space separated values, add them into the provided hash using @keys # as the hash keys. # # If the value contains a '%', then the value is set rather than added. Otherwise, we @@ -3706,7 +3708,7 @@ sub add_to_totals { # # line_to_hash(\%hash,\@keys,$line); # -# Given a line of space seperated values, set them into the provided hash +# Given a line of space separated values, set them into the provided hash # using @keys as the hash keys. ####################################################################### sub line_to_hash { @@ -3772,7 +3774,7 @@ sub html2txt { # until we've got all of the argument. # # This isn't perfect as all white space gets reduced to one space, -# but it's as good as we can get! If it's esential that spacing +# but it's as good as we can get! If it's essential that spacing # be preserved precisely, then you get that by not using shell # variables. ####################################################################### @@ -3814,7 +3816,7 @@ sub set_worksheet_line { ####################################################################### # @rcpt_times = parse_time_list($string); # -# Parse a comma seperated list of time values in seconds given by +# Parse a comma separated list of time values in seconds given by # the user and fill an array. # # Return a default list if $string is undefined. diff --git a/src/src/exinext.src b/src/src/exinext.src index 182e39574..9c427350b 100644 --- a/src/src/exinext.src +++ b/src/src/exinext.src @@ -115,6 +115,9 @@ fi perl - $exim_path "$eximmacdef" $argone $spool_directory $qualify_domain $config <<'End' + # We don't import anything, but guard against future changes which do + BEGIN { pop @INC if $INC[-1] eq '.' }; + # Name the arguments $exim = $ARGV[0]; diff --git a/src/src/exipick.src b/src/src/exipick.src index bdeba95fc..4999d843f 100644 --- a/src/src/exipick.src +++ b/src/src/exipick.src @@ -12,6 +12,7 @@ my $charset = 'ISO-8859-1'; # http://www.exim.org/eximwiki/ToolExipickManPage use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; use Getopt::Long; my($p_name) = $0 =~ m|/?([^/]+)$|; @@ -81,7 +82,7 @@ GetOptions( 'show-tests' => \$G::show_tests # display tests as applied to each message ) || exit(1); -# if both freeze and thaw specified, only thaw as it is less desctructive +# if both freeze and thaw specified, only thaw as it is less destructive $G::freeze = undef if ($G::freeze && $G::thaw); freeze_start() if ($G::freeze); thaw_start() if ($G::thaw); @@ -761,7 +762,7 @@ sub _decode_2047 { $i += 2; } } - elsif ($ow[$i] =~ /\s/) { # whitspace is illegal + elsif ($ow[$i] =~ /\s/) { # whitespace is illegal $e = 1; last; } @@ -1391,7 +1392,7 @@ Display only the message IDs (exiqgrep) =item --input-dir -Set the name of the directory under the spool directory. By defaut this is "input". If this starts with '/', the value of --spool is ignored. See also --finput. +Set the name of the directory under the spool directory. By default this is "input". If this starts with '/', the value of --spool is ignored. See also --finput. =item -l diff --git a/src/src/exiqgrep.src b/src/src/exiqgrep.src index 2c52f137f..d900e9933 100644 --- a/src/src/exiqgrep.src +++ b/src/src/exiqgrep.src @@ -18,6 +18,7 @@ # Version 1.2 use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; use Getopt::Std; # Have this variable point to your exim binary. @@ -87,7 +88,7 @@ EOF } sub collect() { - open(QUEUE,"$exim $eargs |") or die("Error openning pipe: $!\n"); + open(QUEUE,"$exim $eargs |") or die("Error opening pipe: $!\n"); while() { chomp(); my $line = $_; diff --git a/src/src/exiqsumm.src b/src/src/exiqsumm.src index fc5ad26bb..99a304fef 100644 --- a/src/src/exiqsumm.src +++ b/src/src/exiqsumm.src @@ -1,4 +1,4 @@ -#! PERL_COMMAND -w +#! PERL_COMMAND # Mail Queue Summary # Christoph Lameter, 21 May 1997 @@ -27,7 +27,7 @@ # typo. Fix provided by Chris Liddiard. # November 2006 by Jori Hamalainen # Added feature to separate frozen and bounced messages from queue -# Adedd feature to list queue per source - destination pair +# Added feature to list queue per source - destination pair # Changed regexps to compile once to very minor speed optimization # Short circuit for empty lines # @@ -41,6 +41,9 @@ # Slightly modified sub from eximstats +use warnings; +BEGIN { pop @INC if $INC[-1] eq '.' }; + sub print_volume_rounded { my($x) = pop @_; if ($x < 10000) diff --git a/src/src/expand.c b/src/src/expand.c index cfde23610..b96b2897a 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -46,7 +46,7 @@ the first 8 characters of the password using a 20-round version of crypt (standard crypt does 25 rounds). It then crypts the next 8 characters, or an empty block if the password is less than 9 characters, using a 20-round version of crypt and the same salt as was used for the first -block. Charaters after the first 16 are ignored. It always generates +block. Characters after the first 16 are ignored. It always generates a 16-byte hash, which is expressed together with the salt as a string of 24 base 64 digits. Here are some links to peruse: @@ -1589,7 +1589,7 @@ for (i = 0; i < 2; i++) size += ilen + comma + 1; /* +1 for the newline */ - /* Second pass - concatentate the data, up to a maximum. Note that + /* Second pass - concatenate the data, up to a maximum. Note that the loop stops when size hits the limit. */ if (i != 0) @@ -1966,6 +1966,7 @@ return; /* Unknown variable name, fail silently */ + /************************************************* * Read and expand substrings * *************************************************/ @@ -2098,7 +2099,7 @@ while (i < nsub) } DEBUG(D_expand) - debug_printf("expanding: acl: %s arg: %s%s\n", + debug_printf_indent("expanding: acl: %s arg: %s%s\n", sub[0], acl_narg>0 ? acl_arg[0] : US"", acl_narg>1 ? " +more" : ""); @@ -2522,7 +2523,7 @@ switch(cond_type) { num[i] = 0; DEBUG(D_expand) - debug_printf("empty string cast to zero for numerical comparison\n"); + debug_printf_indent("empty string cast to zero for numerical comparison\n"); } else { @@ -2831,7 +2832,7 @@ switch(cond_type) uschar *save_iterate_item = iterate_item; int (*compare)(const uschar *, const uschar *); - DEBUG(D_expand) debug_printf("condition: %s\n", name); + DEBUG(D_expand) debug_printf_indent("condition: %s\n", name); tempcond = FALSE; compare = cond_type == ECOND_INLISTI @@ -2919,7 +2920,7 @@ switch(cond_type) int sep = 0; uschar *save_iterate_item = iterate_item; - DEBUG(D_expand) debug_printf("condition: %s\n", name); + DEBUG(D_expand) debug_printf_indent("condition: %s\n", name); while (isspace(*s)) s++; if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ @@ -2958,7 +2959,7 @@ switch(cond_type) list = sub[0]; while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL) { - DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item); + DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item); if (!eval_condition(sub[1], resetok, &tempcond)) { expand_string_message = string_sprintf("%s inside \"%s\" condition", @@ -2966,7 +2967,7 @@ switch(cond_type) iterate_item = save_iterate_item; return NULL; } - DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name, + DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name, tempcond? "true":"false"); if (yield != NULL) *yield = (tempcond == testfor); @@ -3023,7 +3024,7 @@ switch(cond_type) } } DEBUG(D_expand) - debug_printf("considering %s: %s\n", ourname, len ? t : US""); + debug_printf_indent("considering %s: %s\n", ourname, len ? t : US""); /* logic for the lax case from expand_check_condition(), which also does expands, and the logic is both short and stable enough that there should be no maintenance burden from replicating it. */ @@ -3050,7 +3051,7 @@ switch(cond_type) "value \"%s\"", t); return NULL; } - DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", ourname, + DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname, boolvalue? "true":"false"); if (yield != NULL) *yield = (boolvalue == testfor); return s; @@ -3193,17 +3194,17 @@ items. */ while (isspace(*s)) s++; if (*s == '}') { - if (!skipping) - if (type[0] == 'i') - { - if (yes) *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4); - } - else - { - if (yes && lookup_value) - *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value); - lookup_value = save_lookup; - } + if (type[0] == 'i') + { + if (yes && !skipping) + *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4); + } + else + { + if (yes && lookup_value && !skipping) + *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value); + lookup_value = save_lookup; + } s++; goto RETURN; } @@ -3446,7 +3447,7 @@ hash_source = string_catn(hash_source, &size, &offset, daystamp, 3); hash_source = string_cat(hash_source, &size, &offset, address); hash_source[offset] = '\0'; -DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source); +DEBUG(D_expand) debug_printf_indent("prvs: hash source is '%s'\n", hash_source); memset(innerkey, 0x36, 64); memset(outerkey, 0x5c, 64); @@ -3635,7 +3636,7 @@ if (*error == NULL) /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where - * -N*M is INT_MIN will yielf INT_MIN. + * -N*M is INT_MIN will yield INT_MIN. * Since we don't support floating point, this is somewhat simpler. * Ideally, we'd return an error, but since we overflow for all other * arithmetic, consistency suggests otherwise, but what's the correct value @@ -3813,7 +3814,7 @@ them here in detail any more. We use an internal routine recursively to handle embedded substrings. The external function follows. The yield is NULL if the expansion failed, and there are two cases: if something collapsed syntactically, or if "fail" was given -as the action on a lookup failure. These can be distinguised by looking at the +as the action on a lookup failure. These can be distinguished by looking at the variable expand_string_forcedfail, which is TRUE in the latter case. The skipping flag is set true when expanding a substring that isn't actually @@ -3869,8 +3870,13 @@ uschar *save_expand_nstring[EXPAND_MAXN+1]; int save_expand_nlength[EXPAND_MAXN+1]; BOOL resetok = TRUE; +expand_level++; DEBUG(D_expand) - debug_printf("%s: %s\n", skipping ? " scanning" : "considering", string); + debug_printf_indent(UTF8_DOWN_RIGHT "%s: %s\n", + skipping + ? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning" + : "considering", + string); expand_string_forcedfail = FALSE; expand_string_message = US""; @@ -4085,7 +4091,7 @@ while (*s != 0) case OK: case FAIL: DEBUG(D_expand) - debug_printf("acl expansion yield: %s\n", user_msg); + debug_printf_indent("acl expansion yield: %s\n", user_msg); if (user_msg) yield = string_cat(yield, &size, &ptr, user_msg); continue; @@ -4116,9 +4122,15 @@ while (*s != 0) if (next_s == NULL) goto EXPAND_FAILED; /* message already set */ DEBUG(D_expand) - debug_printf(" condition: %.*s\n result: %s\n", - (int)(next_s - s), s, - cond ? "true" : "false"); + { + debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ + "condition: %.*s\n", + (int)(next_s - s), s); + debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ + UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "result: %s\n", + cond ? "true" : "false"); + } s = next_s; @@ -4575,11 +4587,11 @@ while (*s != 0) uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]); uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]); - DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part); - DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num); - DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp); - DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash); - DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain); + DEBUG(D_expand) debug_printf_indent("prvscheck localpart: %s\n", local_part); + DEBUG(D_expand) debug_printf_indent("prvscheck key number: %s\n", key_num); + DEBUG(D_expand) debug_printf_indent("prvscheck daystamp: %s\n", daystamp); + DEBUG(D_expand) debug_printf_indent("prvscheck hash: %s\n", hash); + DEBUG(D_expand) debug_printf_indent("prvscheck domain: %s\n", domain); /* Set up expansion variables */ prvscheck_address = string_cat (NULL, &mysize, &myptr, local_part); @@ -4607,8 +4619,8 @@ while (*s != 0) goto EXPAND_FAILED; } - DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash); - DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p); + DEBUG(D_expand) debug_printf_indent("prvscheck: received hash is %s\n", hash); + DEBUG(D_expand) debug_printf_indent("prvscheck: own hash is %s\n", p); if (Ustrcmp(p,hash) == 0) { @@ -4626,18 +4638,18 @@ while (*s != 0) if (iexpire >= inow) { prvscheck_result = US"1"; - DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n"); + DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n"); } else { prvscheck_result = NULL; - DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n"); + DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n"); } } else { prvscheck_result = NULL; - DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n"); + DEBUG(D_expand) debug_printf_indent("prvscheck: hash failure, $pvrs_result unset\n"); } /* Now expand the final argument. We leave this till now so that @@ -4723,8 +4735,9 @@ while (*s != 0) struct sockaddr_un sockun; /* don't call this "sun" ! */ uschar *arg; uschar *sub_arg[4]; + BOOL do_shutdown = TRUE; - if ((expand_forbid & RDO_READSOCK) != 0) + if (expand_forbid & RDO_READSOCK) { expand_string_message = US"socket insertions are not permitted"; goto EXPAND_FAILED; @@ -4740,17 +4753,27 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - /* Sort out timeout, if given */ + /* Sort out timeout, if given. The second arg is a list with the first element + being a time value. Any more are options of form "name=value". Currently the + only option recognised is "shutdown". */ - if (sub_arg[2] != NULL) + if (sub_arg[2]) { - timeout = readconf_readtime(sub_arg[2], 0, FALSE); - if (timeout < 0) + const uschar * list = sub_arg[2]; + uschar * item; + int sep = 0; + + item = string_nextinlist(&list, &sep, NULL, 0); + if ((timeout = readconf_readtime(item, 0, FALSE)) < 0) { - expand_string_message = string_sprintf("bad time value %s", - sub_arg[2]); + expand_string_message = string_sprintf("bad time value %s", item); goto EXPAND_FAILED; } + + while ((item = string_nextinlist(&list, &sep, NULL, 0))) + if (Ustrncmp(item, US"shutdown=", 9) == 0) + if (Ustrcmp(item + 9, US"no") == 0) + do_shutdown = FALSE; } else sub_arg[3] = NULL; /* No eol if no timeout */ @@ -4800,8 +4823,10 @@ while (*s != 0) port = ntohs(service_info->s_port); } - if ((fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port, - timeout, NULL, &expand_string_message)) < 0) + fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port, + timeout, NULL, &expand_string_message); + callout_address = NULL; + if (fd < 0) goto SOCK_FAIL; } @@ -4838,7 +4863,7 @@ while (*s != 0) } } - DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]); + DEBUG(D_expand) debug_printf_indent("connected to socket %s\n", sub_arg[0]); /* Allow sequencing of test actions */ if (running_in_test_harness) millisleep(100); @@ -4848,7 +4873,7 @@ while (*s != 0) if (sub_arg[1][0] != 0) { int len = Ustrlen(sub_arg[1]); - DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n", + DEBUG(D_expand) debug_printf_indent("writing \"%s\" to socket\n", sub_arg[1]); if (write(fd, sub_arg[1], len) != len) { @@ -4862,9 +4887,9 @@ while (*s != 0) recognise that it is their turn to do some work. Just in case some system doesn't have this function, make it conditional. */ - #ifdef SHUT_WR - shutdown(fd, SHUT_WR); - #endif +#ifdef SHUT_WR + if (do_shutdown) shutdown(fd, SHUT_WR); +#endif if (running_in_test_harness) millisleep(100); @@ -4904,7 +4929,7 @@ while (*s != 0) while (isspace(*s)) s++; } - readsock_done: + READSOCK_DONE: if (*s++ != '}') { expand_string_message = US"missing '}' closing readsocket"; @@ -4916,7 +4941,7 @@ while (*s != 0) socket, or timeout on reading. If another substring follows, expand and use it. Otherwise, those conditions give expand errors. */ - SOCK_FAIL: + SOCK_FAIL: if (*s != '{') goto EXPAND_FAILED; DEBUG(D_any) debug_printf("%s\n", expand_string_message); if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok))) @@ -4928,7 +4953,7 @@ while (*s != 0) goto EXPAND_FAILED_CURLY; } while (isspace(*s)) s++; - goto readsock_done; + goto READSOCK_DONE; } /* Handle "run" to execute a program. */ @@ -5386,7 +5411,7 @@ while (*s != 0) /* While skipping we cannot rely on the data for expansions being available (eg. $item) hence cannot decide on numeric vs. keyed. - Read a maximum of 5 arguments (inclding the yes/no) */ + Read a maximum of 5 arguments (including the yes/no) */ if (skipping) { @@ -5796,11 +5821,12 @@ while (*s != 0) processing for real, we perform the iteration. */ if (skipping) continue; - while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL) + while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0))) { *outsep = (uschar)sep; /* Separator as a string */ - DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item); + DEBUG(D_expand) debug_printf_indent("%s: $item = '%s' $value = '%s'\n", + name, iterate_item, lookup_value); if (item_type == EITEM_FILTER) { @@ -5813,7 +5839,7 @@ while (*s != 0) expand_string_message, name); goto EXPAND_FAILED; } - DEBUG(D_expand) debug_printf("%s: condition is %s\n", name, + DEBUG(D_expand) debug_printf_indent("%s: condition is %s\n", name, condresult? "true":"false"); if (condresult) temp = iterate_item; /* TRUE => include this item */ @@ -5968,7 +5994,7 @@ while (*s != 0) uschar * newkeylist = NULL; uschar * srcfield; - DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, srcitem); + DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem); /* extract field for comparisons */ iterate_item = srcitem; @@ -5997,7 +6023,7 @@ while (*s != 0) /* build and run condition string */ expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield); - DEBUG(D_expand) debug_printf("%s: cond = \"%s\"\n", name, expr); + DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr); if (!eval_condition(expr, &resetok, &before)) { expand_string_message = string_sprintf("comparison in sort: %s", @@ -6042,8 +6068,8 @@ while (*s != 0) dstlist = newlist; dstkeylist = newkeylist; - DEBUG(D_expand) debug_printf("%s: dstlist = \"%s\"\n", name, dstlist); - DEBUG(D_expand) debug_printf("%s: dstkeylist = \"%s\"\n", name, dstkeylist); + DEBUG(D_expand) debug_printf_indent("%s: dstlist = \"%s\"\n", name, dstlist); + DEBUG(D_expand) debug_printf_indent("%s: dstkeylist = \"%s\"\n", name, dstkeylist); } if (dstlist) @@ -6440,7 +6466,11 @@ while (*s != 0) blob b; char st[3]; - exim_sha_init(&h, HASH_SHA256); + if (!exim_sha_init(&h, HASH_SHA256)) + { + expand_string_message = US"unrecognised sha256 variant"; + goto EXPAND_FAILED; + } exim_sha_update(&h, sub, Ustrlen(sub)); exim_sha_finish(&h, &b); while (b.len-- > 0) @@ -6467,13 +6497,12 @@ while (*s != 0) : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512 : HASH_BADTYPE; - if (m == HASH_BADTYPE) + if (m == HASH_BADTYPE || !exim_sha_init(&h, m)) { expand_string_message = US"unrecognised sha3 variant"; goto EXPAND_FAILED; } - exim_sha_init(&h, m); exim_sha_update(&h, sub, Ustrlen(sub)); exim_sha_finish(&h, &b); while (b.len-- > 0) @@ -6737,12 +6766,11 @@ while (*s != 0) case EOP_LOCAL_PART: case EOP_DOMAIN: { - uschar *error; + uschar * error; int start, end, domain; - uschar *t = parse_extract_address(sub, &error, &start, &end, &domain, + uschar * t = parse_extract_address(sub, &error, &start, &end, &domain, FALSE); - if (t != NULL) - { + if (t) if (c != EOP_DOMAIN) { if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1; @@ -6753,7 +6781,6 @@ while (*s != 0) domain += start; yield = string_catn(yield, &size, &ptr, sub+domain, end-domain); } - } continue; } @@ -7089,7 +7116,7 @@ while (*s != 0) goto EXPAND_FAILED; } yield = string_cat(yield, &size, &ptr, s); - DEBUG(D_expand) debug_printf("yield: '%s'\n", yield); + DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield); continue; } @@ -7483,10 +7510,19 @@ else if (resetok_p) *resetok_p = FALSE; DEBUG(D_expand) { - debug_printf(" expanding: %.*s\n result: %s\n", (int)(s - string), string, + debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ + "expanding: %.*s\n", + (int)(s - string), string); + debug_printf_indent("%s" + UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "result: %s\n", + skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT, yield); - if (skipping) debug_printf(" skipping: result is not used\n"); + if (skipping) + debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "skipping: result is not used\n"); } +expand_level--; return yield; /* This is the failure exit: easiest to program with a goto. We still need @@ -7508,11 +7544,17 @@ EXPAND_FAILED: if (left != NULL) *left = s; DEBUG(D_expand) { - debug_printf("failed to expand: %s\n", string); - debug_printf(" error message: %s\n", expand_string_message); - if (expand_string_forcedfail) debug_printf("failure was forced\n"); + debug_printf_indent(UTF8_VERT_RIGHT "failed to expand: %s\n", + string); + debug_printf_indent("%s" UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ + "error message: %s\n", + expand_string_forcedfail ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT, + expand_string_message); + if (expand_string_forcedfail) + debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n"); } if (resetok_p) *resetok_p = resetok; +expand_level--; return NULL; } @@ -7639,7 +7681,7 @@ if (isspace(*s)) if (*s == '\0') { DEBUG(D_expand) - debug_printf("treating blank string as number 0\n"); + debug_printf_indent("treating blank string as number 0\n"); return 0; } } @@ -7773,6 +7815,60 @@ return ( ( Ustrstr(s, "failed to expand") != NULL +/************************************************* +* Error-checking for testsuite * +*************************************************/ +typedef struct { + const char * filename; + int linenumber; + uschar * region_start; + uschar * region_end; + const uschar *var_name; + const uschar *var_data; +} err_ctx; + +static void +assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx) +{ +err_ctx * e = ctx; +if (var_data >= e->region_start && var_data < e->region_end) + { + e->var_name = CUS var_name; + e->var_data = CUS var_data; + } +} + +void +assert_no_variables(void * ptr, int len, const char * filename, int linenumber) +{ +err_ctx e = {filename, linenumber, ptr, US ptr + len, NULL }; +int i; +var_entry * v; + +/* check acl_ variables */ +tree_walk(acl_var_c, assert_variable_notin, &e); +tree_walk(acl_var_m, assert_variable_notin, &e); + +/* check auth variables */ +for (i = 0; i < AUTH_VARS; i++) if (auth_vars[i]) + assert_variable_notin(US"auth", auth_vars[i], &e); + +/* check regex variables */ +for (i = 0; i < REGEX_VARS; i++) if (regex_vars[i]) + assert_variable_notin(US"regex", regex_vars[i], &e); + +/* check known-name variables */ +for (v = var_table; v < var_table + var_table_size; v++) + if (v->type == vtype_stringptr) + assert_variable_notin(US v->name, *(USS v->value), &e); + +if (e.var_name) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, + "live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'", + e.var_name, e.filename, e.linenumber, e.var_data); +} + + /************************************************* ************************************************** diff --git a/src/src/filter.c b/src/src/filter.c index 59ab3192f..a5c3b5dfa 100644 --- a/src/src/filter.c +++ b/src/src/filter.c @@ -740,7 +740,7 @@ return nextsigchar(ptr, TRUE); /************************************************* -* Ouput the current indent * +* Output the current indent * *************************************************/ static void @@ -1370,7 +1370,7 @@ return yield; * Read a list of commands * *************************************************/ -/* If condional is TRUE, the list must be terminated +/* If conditional is TRUE, the list must be terminated by the words "else" or "endif". Arguments: diff --git a/src/src/functions.h b/src/src/functions.h index 04d941034..a7d9c1116 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -45,21 +45,21 @@ extern uschar * tls_cert_fprt_sha1(void *); extern uschar * tls_cert_fprt_sha256(void *); extern int tls_client_start(int, host_item *, address_item *, - transport_instance * + transport_instance *, # ifdef EXPERIMENTAL_DANE - , dns_answer * + dns_answer *, # endif - ); + uschar **); extern void tls_close(BOOL, BOOL); extern int tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); extern void tls_free_cert(void **); -extern int tls_getc(void); +extern int tls_getc(unsigned); extern void tls_get_cache(void); extern int tls_import_cert(const uschar *, void **); extern int tls_read(BOOL, uschar *, size_t); -extern int tls_server_start(const uschar *); +extern int tls_server_start(const uschar *, uschar **); extern BOOL tls_smtp_buffered(void); extern int tls_ungetc(int); extern int tls_write(BOOL, const uschar *, size_t); @@ -86,6 +86,7 @@ extern int acl_eval(int, uschar *, uschar **, uschar **); extern tree_node *acl_var_create(uschar *); extern void acl_var_write(uschar *, uschar *, void *); +extern void assert_no_variables(void *, int, const char *, int); extern int auth_call_pam(const uschar *, uschar **); extern int auth_call_pwcheck(uschar *, uschar **); extern int auth_call_radius(const uschar *, uschar **); @@ -94,6 +95,7 @@ extern int auth_call_saslauthd(const uschar *, const uschar *, extern int auth_check_serv_cond(auth_instance *); extern int auth_check_some_cond(auth_instance *, uschar *, uschar *, int); + extern int auth_get_data(uschar **, uschar *, int); extern int auth_get_no64_data(uschar **, uschar *); extern uschar *auth_xtextencode(uschar *, int); @@ -101,7 +103,10 @@ extern int auth_xtextdecode(uschar *, uschar **); extern uschar *b64encode(uschar *, int); extern int b64decode(uschar *, uschar **); -extern int bdat_getc(void); +extern int bdat_getc(unsigned); +extern int bdat_ungetc(int); +extern void bdat_flush_data(void); + extern void bits_clear(unsigned int *, size_t, int *); extern void bits_set(unsigned int *, size_t, int *); @@ -128,9 +133,10 @@ extern void debug_logging_activate(uschar *, uschar *); extern void debug_logging_stop(void); extern void debug_print_argv(const uschar **); extern void debug_print_ids(uschar *); +extern void debug_printf_indent(const char *, ...) PRINTF_FUNCTION(1,2); extern void debug_print_string(uschar *); extern void debug_print_tree(tree_node *); -extern void debug_vprintf(const char *, va_list); +extern void debug_vprintf(int, const char *, va_list); extern void decode_bits(unsigned int *, size_t, int *, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); @@ -147,7 +153,7 @@ extern uschar *deliver_get_sender_address (uschar *id); extern BOOL directory_make(const uschar *, const uschar *, int, BOOL); #ifndef DISABLE_DKIM extern BOOL dkim_transport_write_message(int, transport_ctx *, - struct ob_dkim *); + struct ob_dkim *, const uschar ** errstr); #endif extern dns_address *dns_address_from_rr(dns_answer *, dns_record *); extern int dns_basic_lookup(dns_answer *, const uschar *, int); @@ -169,7 +175,6 @@ extern BOOL enq_start(uschar *, unsigned); extern uschar *event_raise(uschar *, const uschar *, uschar *); extern void msg_event_raise(const uschar *, const address_item *); #endif -extern uschar ehlo_response(uschar *, size_t, uschar); extern const uschar * exim_errstr(int); extern void exim_exit(int); extern void exim_nullstd(void); @@ -395,7 +400,7 @@ extern uschar *smtp_get_connection_info(void); extern BOOL smtp_get_interface(uschar *, int, address_item *, uschar **, uschar *); extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); -extern int smtp_getc(void); +extern int smtp_getc(unsigned); extern void smtp_get_cache(void); extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); extern void smtp_log_no_mail(void); @@ -421,7 +426,7 @@ extern int spool_open_datafile(uschar *); extern int spool_open_temp(uschar *); extern int spool_read_header(uschar *, BOOL, BOOL); extern int spool_write_header(uschar *, int, uschar **); -extern int stdin_getc(void); +extern int stdin_getc(unsigned); extern int stdin_feof(void); extern int stdin_ferror(void); extern int stdin_ungetc(int); diff --git a/src/src/globals.c b/src/src/globals.c index 55d9e98ae..f3e4bad96 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* All the global variables are defined together in this one module, so @@ -183,9 +183,9 @@ incoming TCP/IP. The defaults use stdin. We never need these for any stand-alone tests. */ #ifndef STAND_ALONE -int (*lwr_receive_getc)(void) = stdin_getc; +int (*lwr_receive_getc)(unsigned) = stdin_getc; int (*lwr_receive_ungetc)(int) = stdin_ungetc; -int (*receive_getc)(void) = stdin_getc; +int (*receive_getc)(unsigned) = stdin_getc; void (*receive_get_cache)(void)= NULL; int (*receive_ungetc)(int) = stdin_ungetc; int (*receive_feof)(void) = stdin_feof; @@ -228,6 +228,8 @@ uschar *acl_arg[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}; int acl_narg = 0; +int acl_level = 0; + uschar *acl_not_smtp = NULL; #ifdef WITH_CONTENT_SCAN uschar *acl_not_smtp_mime = NULL; @@ -531,6 +533,7 @@ uschar *continue_hostname = NULL; uschar *continue_host_address = NULL; BOOL continue_more = FALSE; int continue_sequence = 1; +BOOL continue_proxy = FALSE; uschar *continue_transport = NULL; uschar *csa_status = NULL; @@ -597,6 +600,7 @@ bit_table debug_options[] = { /* must be in alphabetical order */ int debug_options_count = nelem(debug_options); unsigned int debug_selector = 0; +BOOL debug_store = FALSE; int delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 }; uschar *delay_warning_condition= US"${if or {" @@ -701,7 +705,7 @@ uschar *errors_reply_to = NULL; int errors_sender_rc = EXIT_FAILURE; #ifndef DISABLE_EVENT uschar *event_action = NULL; /* expansion for delivery events */ -uschar *event_data = NULL; /* auxilary data variable for event */ +uschar *event_data = NULL; /* auxiliary data variable for event */ int event_defer_errno = 0; const uschar *event_name = NULL; /* event name variable */ #endif @@ -713,6 +717,7 @@ uschar *exim_path = US BIN_DIRECTORY "/exim" "\0<---------------Space to patch exim_path->"; uid_t exim_uid = EXIM_UID; BOOL exim_uid_set = TRUE; /* This uid is always set */ +int expand_level = 0; /* Nesting depth, indent for debug */ int expand_forbid = 0; int expand_nlength[EXPAND_MAXN+1]; int expand_nmax = -1; @@ -1400,6 +1405,7 @@ uid_t system_filter_uid = (uid_t)-1; BOOL system_filter_uid_set = FALSE; BOOL system_filtering = FALSE; +BOOL tcp_fastopen_ok = FALSE; BOOL tcp_nodelay = TRUE; #ifdef USE_TCP_WRAPPERS uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME; @@ -1518,8 +1524,8 @@ uschar *uucp_from_sender = US"$1"; uschar *verify_mode = NULL; uschar *version_copyright = - US"Copyright (c) University of Cambridge, 1995 - 2016\n" - "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016"; + US"Copyright (c) University of Cambridge, 1995 - 2017\n" + "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017"; uschar *version_date = US"?"; uschar *version_cnumber = US"????"; uschar *version_string = US"?"; diff --git a/src/src/globals.h b/src/src/globals.h index 6e6a5c224..750a960eb 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Almost all the global variables are defined together in this one header, so @@ -136,9 +136,9 @@ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ /* Input-reading functions for messages, so we can use special ones for incoming TCP/IP. */ -extern int (*lwr_receive_getc)(void); +extern int (*lwr_receive_getc)(unsigned); extern int (*lwr_receive_ungetc)(int); -extern int (*receive_getc)(void); +extern int (*receive_getc)(unsigned); extern void (*receive_get_cache)(void); extern int (*receive_ungetc)(int); extern int (*receive_feof)(void); @@ -160,6 +160,7 @@ extern header_line *acl_added_headers; /* Headers added by an ACL */ extern tree_node *acl_anchor; /* Tree of named ACLs */ extern uschar *acl_arg[9]; /* Argument to ACL call */ extern int acl_narg; /* Number of arguments to ACL call */ +extern int acl_level; /* Nesting depth and debug indent */ extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */ #ifdef WITH_CONTENT_SCAN extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */ @@ -292,13 +293,14 @@ extern uschar *continue_hostname; /* Host for continued delivery */ extern uschar *continue_host_address; /* IP address for ditto */ extern BOOL continue_more; /* Flag more addresses waiting */ extern int continue_sequence; /* Sequence num for continued delivery */ +extern BOOL continue_proxy; /* Continued delivery is proxied for TLS */ extern uschar *continue_transport; /* Transport for continued delivery */ extern uschar *csa_status; /* Client SMTP Authorization result */ typedef struct { unsigned delivery:1; /* When to attempt */ - unsigned defer_pass:1; /* Pass 4xx to caller rather than spoolling */ + unsigned defer_pass:1; /* Pass 4xx to caller rather than spooling */ int fd; /* Open connection */ int nrcpt; /* Count of addresses */ uschar * interface; /* (address of) */ @@ -326,6 +328,7 @@ extern FILE *debug_file; /* Where to write debugging info */ extern int debug_notall[]; /* Debug options excluded from +all */ extern bit_table debug_options[]; /* Table of debug options */ extern int debug_options_count; /* Size of table */ +extern BOOL debug_store; /* Do extra checks on store_reset */ extern int delay_warning[]; /* Times between warnings */ extern uschar *delay_warning_condition; /* Condition string for warnings */ extern BOOL delivery_date_remove; /* Remove delivery-date headers */ @@ -442,6 +445,7 @@ extern uschar *exim_path; /* Path to exec exim */ extern const uschar *exim_sieve_extension_list[]; /* list of sieve extensions */ extern uid_t exim_uid; /* Non-root uid for exim */ extern BOOL exim_uid_set; /* TRUE if exim_uid set */ +extern int expand_level; /* Nesting depth; indent for debug */ extern int expand_forbid; /* RDO flags for forbidding things */ extern int expand_nlength[]; /* Lengths of numbered strings */ extern int expand_nmax; /* Max numerical value */ @@ -683,7 +687,7 @@ extern BOOL queue_only_override; /* Allow override from command line */ extern BOOL queue_only_policy; /* ACL or local_scan wants queue_only */ extern BOOL queue_run_in_order; /* As opposed to random */ extern uschar *queue_run_max; /* Max queue runners */ -extern BOOL queue_smtp; /* Disable all immediate STMP (-odqs)*/ +extern BOOL queue_smtp; /* Disable all immediate SMTP (-odqs)*/ extern uschar *queue_smtp_domains; /* Ditto, for these domains */ extern unsigned int random_seed; /* Seed for random numbers */ @@ -789,7 +793,7 @@ extern uschar *sending_ip_address; /* Address of outgoing (SMTP) interface * extern int sending_port; /* Port of outgoing interface */ extern SIGNAL_BOOL sigalrm_seen; /* Flag for sigalrm_handler */ extern uschar **sighup_argv; /* Args for re-execing after SIGHUP */ -extern int slow_lookup_log; /* Log DNS lookups taking loger than N millisecs */ +extern int slow_lookup_log; /* Log DNS lookups taking longer than N millisecs */ extern int smtp_accept_count; /* Count of connections */ extern BOOL smtp_accept_keepalive; /* Set keepalive on incoming */ extern int smtp_accept_max; /* Max SMTP connections */ @@ -906,6 +910,7 @@ extern uid_t system_filter_uid; /* Uid for running system filter */ extern BOOL system_filter_uid_set; /* TRUE if uid set */ extern BOOL system_filtering; /* TRUE when running system filter */ +extern BOOL tcp_fastopen_ok; /* appears to be supported by kernel */ extern BOOL tcp_nodelay; /* Controls TCP_NODELAY on daemon */ #ifdef USE_TCP_WRAPPERS extern uschar *tcp_wrappers_daemon_name; /* tcpwrappers daemon lookup name */ diff --git a/src/src/hash.c b/src/src/hash.c index c2be85d17..7590d55b7 100644 --- a/src/src/hash.c +++ b/src/src/hash.c @@ -25,20 +25,21 @@ typedef struct sha1 { sha1; #endif /*STAND_ALONE*/ - +#include /******************************************************************************/ #ifdef SHA_OPENSSL -void +BOOL exim_sha_init(hctx * h, hashmethod m) { switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break; case HASH_SHA256: h->hashlen = 32; SHA256_Init(&h->u.sha2); break; - default: h->hashlen = 0; break; + default: h->hashlen = 0; return FALSE; } +return TRUE; } @@ -49,6 +50,9 @@ switch (h->method) { case HASH_SHA1: SHA1_Update (&h->u.sha1, data, len); break; case HASH_SHA256: SHA256_Update(&h->u.sha2, data, len); break; + /* should be blocked by init not handling these, but be explicit to + * guard against accidents later (and hush up clang -Wswitch) */ + default: assert(0); } } @@ -61,6 +65,7 @@ switch (h->method) { case HASH_SHA1: SHA1_Final (b->data, &h->u.sha1); break; case HASH_SHA256: SHA256_Final(b->data, &h->u.sha2); break; + default: assert(0); } } @@ -69,7 +74,7 @@ switch (h->method) #elif defined(SHA_GNUTLS) /******************************************************************************/ -void +BOOL exim_sha_init(hctx * h, hashmethod m) { switch (h->method = m) @@ -79,8 +84,9 @@ switch (h->method = m) #ifdef EXIM_HAVE_SHA3 case HASH_SHA3_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_256); break; #endif - default: h->hashlen = 0; break; + default: h->hashlen = 0; return FALSE; } +return TRUE; } @@ -103,15 +109,16 @@ gnutls_hash_output(h->sha, b->data); #elif defined(SHA_GCRYPT) /******************************************************************************/ -void +BOOL exim_sha_init(hctx * h, hashmethod m) { switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break; case HASH_SHA256: h->hashlen = 32; gcry_md_open(&h->sha, GCRY_MD_SHA256, 0); break; - default: h->hashlen = 0; break; + default: h->hashlen = 0; return FALSE; } +return TRUE; } @@ -135,15 +142,16 @@ memcpy(b->data, gcry_md_read(h->sha, 0), h->hashlen); #elif defined(SHA_POLARSSL) /******************************************************************************/ -void +BOOL exim_sha_init(hctx * h, hashmethod m) { switch (h->method = m) { case HASH_SHA1: h->hashlen = 20; sha1_starts(&h->u.sha1); break; case HASH_SHA256: h->hashlen = 32; sha2_starts(&h->u.sha2, 0); break; - default: h->hashlen = 0; break; + default: h->hashlen = 0; return FALSE; } +return TRUE; } @@ -382,11 +390,12 @@ for (i = 0; i < 5; i++) # ifdef notdef -void +BOOL exim_sha_init(hctx * h, hashmethod m) { h->hashlen = 20; native_sha1_start(&h->sha1); +return TRUE; } @@ -452,7 +461,7 @@ native_sha1_end(&h->sha1, data, len, digest); void sha1_start(hctx * h) { -exim_sha_init(h, HASH_SHA1); +(void) exim_sha_init(h, HASH_SHA1); } void diff --git a/src/src/hash.h b/src/src/hash.h index 9e91f1aad..09b65944d 100644 --- a/src/src/hash.h +++ b/src/src/hash.h @@ -67,7 +67,7 @@ typedef struct { } hctx; -extern void exim_sha_init(hctx *, hashmethod); +extern BOOL exim_sha_init(hctx *, hashmethod); extern void exim_sha_update(hctx *, const uschar *a, int); extern void exim_sha_finish(hctx *, blob *); extern int exim_sha_hashlen(hctx *); diff --git a/src/src/header.c b/src/src/header.c index dad1638cb..decd0cce6 100644 --- a/src/src/header.c +++ b/src/src/header.c @@ -119,7 +119,7 @@ if (name == NULL) hptr = &header_list; /* header_list->text can be NULL if we get here between when the new - received header is allocated and when it is acutally filled in. We want + received header is allocated and when it is actually filled in. We want that header to be first, so skip it for now. */ if (header_list->text == NULL) @@ -132,7 +132,7 @@ else { int len = Ustrlen(name); - /* Find the first non-deleted header witht the correct name. */ + /* Find the first non-deleted header with the correct name. */ for (hptr = &header_list; (h = *hptr) != NULL; hptr = &(h->next)) { diff --git a/src/src/host.c b/src/src/host.c index 25dab2bb8..b5af8f92b 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -554,7 +554,7 @@ if (sender_helo_name == NULL) show_helo = FALSE; /* If HELO/EHLO was followed by an IP literal, it's messy because of two features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and doesn't require this, for historical reasons). Secondly, IPv6 addresses may not -be given in canonical form, so we have to canonicize them before comparing. As +be given in canonical form, so we have to canonicalize them before comparing. As it happens, the code works for both IPv4 and IPv6. */ else if (sender_helo_name[0] == '[' && @@ -1646,7 +1646,7 @@ Returns: OK on success, the answer being placed in the global variable FAIL if no host name can be found DEFER if a temporary error was encountered -The variable host_lookup_msg is set to an empty string on sucess, or to a +The variable host_lookup_msg is set to an empty string on success, or to a reason for the failure otherwise, in a form suitable for tagging onto an error message, and also host_lookup_failed is set TRUE if the lookup failed. If there was a defer, host_lookup_deferred is set TRUE. @@ -1831,7 +1831,7 @@ the names, and accepts only those that have the correct IP address. */ save_hostname = sender_host_name; /* Save for error messages */ aliases = sender_host_aliases; -for (hname = sender_host_name; hname != NULL; hname = *aliases++) +for (hname = sender_host_name; hname; hname = *aliases++) { int rc; BOOL ok = FALSE; @@ -1859,7 +1859,7 @@ for (hname = sender_host_name; hname != NULL; hname = *aliases++) h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified"); if (h.dnssec != DS_YES) sender_host_dnssec = FALSE; - for (hh = &h; hh != NULL; hh = hh->next) + for (hh = &h; hh; hh = hh->next) if (host_is_in_net(hh->address, sender_host_address, 0)) { HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address); @@ -2273,6 +2273,7 @@ Arguments: Returns: HOST_FIND_FAILED couldn't find A record HOST_FIND_AGAIN try again later + HOST_FIND_SECURITY dnssec required but not acheived HOST_FOUND found AAAA and/or A record(s) HOST_IGNORED found, but all IPs ignored */ @@ -2286,6 +2287,7 @@ set_address_from_dns(host_item *host, host_item **lastptr, dns_record *rr; host_item *thishostlast = NULL; /* Indicates not yet filled in anything */ BOOL v6_find_again = FALSE; +BOOL dnssec_fail = FALSE; int i; /* If allow_ip is set, a name which is an IP address returns that value @@ -2381,8 +2383,8 @@ for (; i >= 0; i--) { if (dnssec_require) { - log_write(L_host_lookup_failed, LOG_MAIN, - "dnssec fail on %s for %.256s", + dnssec_fail = TRUE; + DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s", i>0 ? "AAAA" : "A", host->name); continue; } @@ -2504,10 +2506,14 @@ for (; i >= 0; i--) } } -/* Control gets here only if the econdookup (the A record) succeeded. +/* Control gets here only if the second lookup (the A record) succeeded. However, the address may not be filled in if it was ignored. */ -return host->address ? HOST_FOUND : HOST_IGNORED; +return host->address + ? HOST_FOUND + : dnssec_fail + ? HOST_FIND_SECURITY + : HOST_IGNORED; } @@ -2546,6 +2552,7 @@ Returns: HOST_FIND_FAILED Failed to find the host or domain; if there was a syntax error, host_find_failed_syntax is set. HOST_FIND_AGAIN Could not resolve at this time + HOST_FIND_SECURITY dnsssec required but not acheived HOST_FOUND Host found HOST_FOUND_LOCAL The lowest MX record points to this machine, if MX records were found, or @@ -2652,7 +2659,7 @@ same domain. The result will be DNS_NODATA if the domain exists but has no MX records. On DNS failures, we give the "try again" error unless the domain is listed as one for which we continue. */ -if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0) +if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX) { ind_type = T_MX; dnssec = DS_UNK; @@ -2660,13 +2667,12 @@ if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0) rc = dns_lookup_timerwrap(&dnsa, host->name, ind_type, fully_qualified_name); DEBUG(D_dns) - if ((dnssec_request || dnssec_require) - & !dns_is_secure(&dnsa) - & dns_is_aa(&dnsa)) + if ( (dnssec_request || dnssec_require) + && !dns_is_secure(&dnsa) + && dns_is_aa(&dnsa)) debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name); if (dnssec_request) - { if (dns_is_secure(&dnsa)) { DEBUG(D_host_lookup) debug_printf("%s MX DNSSEC\n", host->name); @@ -2676,7 +2682,6 @@ if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0) { dnssec = DS_NO; lookup_dnssec_authenticated = US"no"; } - } switch (rc) { @@ -2686,17 +2691,22 @@ if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0) case DNS_SUCCEED: if (!dnssec_require || dns_is_secure(&dnsa)) break; - log_write(L_host_lookup_failed, LOG_MAIN, - "dnssec fail on MX for %.256s", host->name); + DEBUG(D_host_lookup) + debug_printf("dnssec fail on MX for %.256s", host->name); +#ifndef STAND_ALONE + if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, + MCL_DOMAIN, TRUE, NULL) != OK) + { yield = HOST_FIND_SECURITY; goto out; } +#endif rc = DNS_FAIL; /*FALLTHROUGH*/ case DNS_FAIL: case DNS_AGAIN: - #ifndef STAND_ALONE +#ifndef STAND_ALONE if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL, MCL_DOMAIN, TRUE, NULL) != OK) - #endif +#endif { yield = HOST_FIND_AGAIN; goto out; } DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA " "(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN"); @@ -3062,13 +3072,17 @@ for (h = host; h != last->next; h = h->next) if (rc != HOST_FOUND) { h->status = hstatus_unusable; - if (rc == HOST_FIND_AGAIN) + switch (rc) { - yield = rc; - h->why = hwhy_deferred; + case HOST_FIND_AGAIN: + yield = rc; h->why = hwhy_deferred; break; + case HOST_FIND_SECURITY: + yield = rc; h->why = hwhy_insecure; break; + case HOST_IGNORED: + h->why = hwhy_ignored; break; + default: + h->why = hwhy_failed; break; } - else - h->why = rc == HOST_IGNORED ? hwhy_ignored : hwhy_failed; } } @@ -3077,7 +3091,7 @@ been explicitly ignored, and remove them from the list, as if they did not exist. If we end up with just a single, ignored host, flatten its fields as if nothing was found. */ -if (ignore_target_hosts != NULL) +if (ignore_target_hosts) { host_item *prev = NULL; for (h = host; h != last->next; h = h->next) @@ -3113,24 +3127,22 @@ single MX preference value, IPv6 addresses come first. This can separate the addresses of a multihomed host, but that should not matter. */ #if HAVE_IPV6 -if (h != last && !disable_ipv6) +if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next) { - for (h = host; h != last; h = h->next) - { - host_item temp; - host_item *next = h->next; - if (h->mx != next->mx || /* If next is different MX */ - h->address == NULL || /* OR this one is unset */ - Ustrchr(h->address, ':') != NULL || /* OR this one is IPv6 */ - (next->address != NULL && - Ustrchr(next->address, ':') == NULL)) /* OR next is IPv4 */ - continue; /* move on to next */ - temp = *h; /* otherwise, swap */ - temp.next = next->next; - *h = *next; - h->next = next; - *next = temp; - } + host_item temp; + host_item *next = h->next; + + if (h->mx != next->mx || /* If next is different MX */ + h->address == NULL || /* OR this one is unset */ + Ustrchr(h->address, ':') != NULL || /* OR this one is IPv6 */ + (next->address != NULL && + Ustrchr(next->address, ':') == NULL)) /* OR next is IPv4 */ + continue; /* move on to next */ + temp = *h; /* otherwise, swap */ + temp.next = next->next; + *h = *next; + h->next = next; + *next = temp; } #endif @@ -3154,6 +3166,7 @@ DEBUG(D_host_lookup) debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n", (yield == HOST_FOUND)? "HOST_FOUND" : (yield == HOST_FOUND_LOCAL)? "HOST_FOUND_LOCAL" : + (yield == HOST_FIND_SECURITY)? "HOST_FIND_SECURITY" : (yield == HOST_FIND_AGAIN)? "HOST_FIND_AGAIN" : (yield == HOST_FIND_FAILED)? "HOST_FIND_FAILED" : "?", yield); @@ -3243,7 +3256,7 @@ while (Ufgets(buffer, 256, stdin) != NULL) else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE; else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE; else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE; - else if (Ustrcmp(buffer, "no_reqiret_dnssec") == 0) require_dnssec = FALSE; + else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE; else if (Ustrcmp(buffer, "test_harness") == 0) running_in_test_harness = !running_in_test_harness; else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6; @@ -3285,9 +3298,13 @@ while (Ufgets(buffer, 256, stdin) != NULL) : host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL, &d, &fully_qualified_name, NULL); - if (rc == HOST_FIND_FAILED) printf("Failed\n"); - else if (rc == HOST_FIND_AGAIN) printf("Again\n"); - else if (rc == HOST_FOUND_LOCAL) printf("Local\n"); + switch (rc) + { + case HOST_FIND_FAILED: printf("Failed\n"); break; + case HOST_FIND_AGAIN: printf("Again\n"); break; + case HOST_FIND_SECURITY: printf("Security\n"); break; + case HOST_FOUND_LOCAL: printf("Local\n"); break; + } } printf("\n> "); diff --git a/src/src/ip.c b/src/src/ip.c index c275b1f00..bf564662d 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -2,12 +2,12 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for doing things with sockets. With the advent of IPv6 this has got messier, so that it's worth pulling out the code into separate functions -that other parts of Exim can call, expecially as there are now several +that other parts of Exim can call, especially as there are now several different places in the code where sockets are used. */ @@ -303,6 +303,7 @@ int namelen, port; host_item shost; host_item *h; int af = 0, fd, fd4 = -1, fd6 = -1; +BOOL fastopen = tcp_fastopen_ok && type == SOCK_STREAM; shost.next = NULL; shost.address = NULL; @@ -358,7 +359,7 @@ for (h = &shost; h; h = h->next) } for(port = portlo; port <= porthi; port++) - if (ip_connect(fd, af, h->address, port, timeout, type == SOCK_STREAM) == 0) + if (ip_connect(fd, af, h->address, port, timeout, fastopen) == 0) { if (fd != fd6) close(fd6); if (fd != fd4) close(fd4); diff --git a/src/src/local_scan.h b/src/src/local_scan.h index bca14bcaf..bc4fc8e25 100644 --- a/src/src/local_scan.h +++ b/src/src/local_scan.h @@ -115,7 +115,7 @@ typedef struct header_line { /* Entries in lists options are in this form. */ typedef struct { - const char *name; + const char *name; /* should have been uschar but too late now */ int type; void *value; } optionlist; diff --git a/src/src/log.c b/src/src/log.c index 52570ac13..ddd71377e 100644 --- a/src/src/log.c +++ b/src/src/log.c @@ -704,7 +704,7 @@ If it is not, don't try to write to the log because permission will probably be denied. Avoid actually writing to the logs when exim is called with -bv or -bt to -test an address, but take other actions, such as panicing. +test an address, but take other actions, such as panicking. In Exim proper, the buffer for building the message is got at start-up, so that nothing gets done if it can't be got. However, some functions that are also diff --git a/src/src/lookupapi.h b/src/src/lookupapi.h index 03de8f675..9055f5239 100644 --- a/src/src/lookupapi.h +++ b/src/src/lookupapi.h @@ -34,7 +34,7 @@ typedef struct lookup_info { int, /* length of key or query */ uschar **, /* for returning answer */ uschar **, /* for error message */ - uint *); /* cache TTL, sconds */ + uint *); /* cache TTL, seconds */ void (*close)( /* close function */ void *); /* handle */ void (*tidy)(void); /* tidy function */ diff --git a/src/src/lookups/cdb.c b/src/src/lookups/cdb.c index 3a9078a4e..bc610467c 100644 --- a/src/src/lookups/cdb.c +++ b/src/src/lookups/cdb.c @@ -43,7 +43,7 @@ * cdb.[ch] it does *not* link against an external cdb library. * * - * There are 2 varients included within this code. One uses MMAP and + * There are 2 variants included within this code. One uses MMAP and * should give better performance especially for multiple lookups on a * modern machine. The other is the default implementation which is * used in the case where the MMAP fails or if MMAP was not compiled @@ -131,7 +131,7 @@ cdb_bread(int fd, /* * cdb_bread() - * Internal function to parse 4 byte number (endian independant) */ + * Internal function to parse 4 byte number (endian independent) */ static uint32 cdb_unpack(uschar *buf) diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index da3495beb..c4b5b53ec 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -261,17 +261,15 @@ if ((equals = Ustrchr(keystring, '=')) != NULL) while (tend > keystring && isspace(tend[-1])) tend--; len = tend - keystring; - for (i = 0; i < sizeof(type_names)/sizeof(uschar *); i++) - { + for (i = 0; i < nelem(type_names); i++) if (len == Ustrlen(type_names[i]) && strncmpic(keystring, US type_names[i], len) == 0) { type = type_values[i]; break; } - } - if (i >= sizeof(type_names)/sizeof(uschar *)) + if (i >= nelem(type_names)) { *errmsg = US"unsupported DNS record type"; return DEFER; @@ -558,7 +556,7 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0))) } } /* Loop for list of returned records */ - /* Loop for set of A-lookupu types */ + /* Loop for set of A-lookup types */ } while (type == T_ADDRESSES && searchtype != T_A); } /* Loop for list of domains */ diff --git a/src/src/lookups/ibase.c b/src/src/lookups/ibase.c index 6405a6448..b29fccca7 100644 --- a/src/src/lookups/ibase.c +++ b/src/src/lookups/ibase.c @@ -426,7 +426,7 @@ always leaves enough room for a terminating zero. */ if (stmth != NULL) isc_dsql_free_statement(status, &stmth, DSQL_drop); -/* Non-NULL result indicates a sucessful result */ +/* Non-NULL result indicates a successful result */ if (result != NULL) { *resultptr = result; diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 3db787cce..b52ef2221 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -6,7 +6,7 @@ /* See the file NOTICE for conditions of use and distribution. */ /* Many thanks to Stuart Lynne for contributing the original code for this -driver. Further contibutions from Michael Haardt, Brian Candler, Barry +driver. Further contributions from Michael Haardt, Brian Candler, Barry Pederson, Peter Savitch and Christian Kellner. Particular thanks to Brian for researching how to handle the different kinds of error. */ @@ -580,7 +580,7 @@ if (!lcp->bound || { DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n", (lcp->bound)? "re-" : "", user, password); - if (eldap_start_tls && !lcp->is_start_tls_called) + if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi) { #if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS) /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this. diff --git a/src/src/lookups/lmdb.c b/src/src/lookups/lmdb.c index 8b0ffd2dd..a6888d5a9 100644 --- a/src/src/lookups/lmdb.c +++ b/src/src/lookups/lmdb.c @@ -41,7 +41,7 @@ if ((ret = mdb_env_create(&db_env))) if ((ret = mdb_env_open(db_env, CS filename, MDB_NOSUBDIR|MDB_RDONLY, 0660))) { - errstr = US"open environment"; + errstr = string_sprintf("open environment with %s", filename); goto bad; } diff --git a/src/src/lookups/mysql.c b/src/src/lookups/mysql.c index 632541a61..5cf15af3a 100644 --- a/src/src/lookups/mysql.c +++ b/src/src/lookups/mysql.c @@ -322,7 +322,7 @@ it is cached. */ if (mysql_result != NULL) mysql_free_result(mysql_result); -/* Non-NULL result indicates a sucessful result */ +/* Non-NULL result indicates a successful result */ if (result != NULL) { diff --git a/src/src/lookups/oracle.c b/src/src/lookups/oracle.c index d3fba5e4c..eca15f1b4 100644 --- a/src/src/lookups/oracle.c +++ b/src/src/lookups/oracle.c @@ -490,7 +490,7 @@ oclose(cda); ORACLE_EXIT_NO_VALS: -/* Non-NULL result indicates a sucessful result */ +/* Non-NULL result indicates a successful result */ if (result != NULL) { diff --git a/src/src/lookups/pgsql.c b/src/src/lookups/pgsql.c index 735f85554..d71f97b33 100644 --- a/src/src/lookups/pgsql.c +++ b/src/src/lookups/pgsql.c @@ -97,7 +97,7 @@ configuration line for PostgreSQL via Unix domain sockets looks like this: hide pgsql_servers = (/tmp/.s.PGSQL.5432)/db/user/password[:] We enclose the path name in parentheses so that its slashes aren't visually -confused with the delimeters for the other pgsql_server settings. +confused with the delimiters for the other pgsql_server settings. For TCP/IP connections, the server is a host name and optional port (with a colon separator). @@ -371,7 +371,7 @@ it is cached. */ if (pg_result != NULL) PQclear(pg_result); -/* Non-NULL result indicates a sucessful result */ +/* Non-NULL result indicates a successful result */ if (result != NULL) { diff --git a/src/src/lookups/redis.c b/src/src/lookups/redis.c index df4cf0ca6..3a96f5ef9 100644 --- a/src/src/lookups/redis.c +++ b/src/src/lookups/redis.c @@ -344,7 +344,7 @@ as it is cached. */ if (redis_reply) freeReplyObject(redis_reply); -/* Non-NULL result indicates a sucessful result */ +/* Non-NULL result indicates a successful result */ if (result) { diff --git a/src/src/macros.h b/src/src/macros.h index 1b7cf4abf..004d6dfd7 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -352,7 +352,7 @@ and the first word of the log selector. */ #define BIT_TEST(s,z,n) (((s)[BITWORD(n)] & BITMASK(n)) != 0) /* Used in globals.c for initializing bit_table structures. T will be either -D or L correspondong to the debug and log selector bits declared below. */ +D or L corresponding to the debug and log selector bits declared below. */ #define BIT_TABLE(T,name) { US #name, T##i_##name } @@ -744,7 +744,8 @@ enum { hstatus_unknown, hstatus_usable, hstatus_unusable, /* Reasons why a host is unusable (for clearer log messages) */ -enum { hwhy_unknown, hwhy_retry, hwhy_failed, hwhy_deferred, hwhy_ignored }; +enum { hwhy_unknown, hwhy_retry, hwhy_insecure, hwhy_failed, hwhy_deferred, + hwhy_ignored }; /* Domain lookup types for routers */ @@ -809,6 +810,7 @@ enum { SCH_NONE, SCH_AUTH, SCH_DATA, SCH_BDAT, enum { HOST_FIND_FAILED, /* failed to find the host */ HOST_FIND_AGAIN, /* could not resolve at this time */ + HOST_FIND_SECURITY, /* dnssec required but not acheived */ HOST_FOUND, /* found host */ HOST_FOUND_LOCAL, /* found, but MX points to local host */ HOST_IGNORED /* found but ignored - used internally only */ @@ -846,7 +848,7 @@ enum { #define topt_add_delivery_date 0x002 #define topt_add_envelope_to 0x004 #define topt_use_crlf 0x008 /* Terminate lines with CRLF */ -#define topt_end_dot 0x010 /* Send terminting dot line */ +#define topt_end_dot 0x010 /* Send terminating dot line */ #define topt_no_headers 0x020 /* Omit headers */ #define topt_no_body 0x040 /* Omit body */ #define topt_escape_headers 0x080 /* Apply escape check to headers */ @@ -968,5 +970,18 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; #define PEER_OFFERED_SIZE BIT(6) #define PEER_OFFERED_CHUNKING BIT(7) +/* Argument for *_getc */ + +#define GETC_BUFFER_UNLIMITED UINT_MAX + +/* UTF-8 chars for line-drawing */ + +#define UTF8_DOWN_RIGHT "\xE2\x94\x8c" +#define UTF8_HORIZ "\xE2\x94\x80" +#define UTF8_VERT_RIGHT "\xE2\x94\x9C" +#define UTF8_UP_RIGHT "\xE2\x94\x94" +#define UTF8_VERT_2DASH "\xE2\x95\x8E" + + /* End of macros.h */ diff --git a/src/src/malware.c b/src/src/malware.c index b36bf0d64..f9c4c414f 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -13,7 +13,7 @@ #ifdef WITH_CONTENT_SCAN typedef enum {M_FPROTD, M_DRWEB, M_AVES, M_FSEC, M_KAVD, M_CMDL, - M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD, M_AVAST} scanner_t; + M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD, M_AVAST, M_FPROT6D} scanner_t; typedef enum {MC_NONE, MC_TCP, MC_UNIX, MC_STRM} contype_t; static struct scan { @@ -34,6 +34,7 @@ static struct scan { M_SOCK, US"sock", US"/tmp/malware.sock", MC_STRM }, { M_MKSD, US"mksd", NULL, MC_NONE }, { M_AVAST, US"avast", US"/var/run/avast/scan.sock", MC_STRM }, + { M_FPROT6D, US"f-prot6d", US"localhost 10200", MC_TCP }, { -1, NULL, NULL, MC_NONE } /* end-marker */ }; @@ -84,6 +85,11 @@ static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d\\.\\d\\t\\d\\ static const pcre * ava_re_clean = NULL; static const pcre * ava_re_virus = NULL; +static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$"; +static const uschar * fprot6d_re_virus_str = US "^\\d+\\s\\s+.+$"; +static const pcre * fprot6d_re_error = NULL; +static const pcre * fprot6d_re_virus = NULL; + /******************************************************************************/ @@ -231,13 +237,13 @@ while ((rcv = read(fd, p, 1)) > 0) } if (!ok) { - DEBUG(D_acl) debug_printf("Malware scan: read %s (%s)\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: read %s (%s)\n", rcv==0 ? "EOF" : "error", strerror(errno)); return rcv==0 ? -1 : -2; } *p = '\0'; -DEBUG(D_acl) debug_printf("Malware scan: read '%s'\n", buffer); +DEBUG(D_acl) debug_printf_indent("Malware scan: read '%s'\n", buffer); return p - buffer; } @@ -475,7 +481,7 @@ if (*av_scanner == '$') expand_string_message)); DEBUG(D_acl) - debug_printf("Expanded av_scanner global: %s\n", av_scanner_work); + debug_printf_indent("Expanded av_scanner global: %s\n", av_scanner_work); /* disable result caching in this case */ malware_name = NULL; malware_ok = FALSE; @@ -503,8 +509,8 @@ if (!malware_ok) break; switch(scanent->conn) { - case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break; - case MC_UNIX: sock = ip_unixsocket(scanner_options, &errstr); break; + case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break; + case MC_UNIX: sock = ip_unixsocket(scanner_options, &errstr); break; case MC_STRM: sock = ip_streamsocket(scanner_options, &errstr, 5); break; default: /* compiler quietening */ break; } @@ -512,7 +518,7 @@ if (!malware_ok) return m_errlog_defer(scanent, CUS callout_address, errstr); break; } - DEBUG(D_acl) debug_printf("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout)); + DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout)); switch (scanent->scancode) { @@ -535,7 +541,7 @@ if (!malware_ok) par_count++; } scanrequest = string_sprintf("%s HTTP/1.0\r\n\r\n", scanrequest); - DEBUG(D_acl) debug_printf("Malware scan: issuing %s: %s\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s: %s\n", scanner_name, scanrequest); /* send scan request */ @@ -615,7 +621,7 @@ if (!malware_ok) drweb_slen = htonl(fsize); lseek(drweb_fd, 0, SEEK_SET); - DEBUG(D_acl) debug_printf("Malware scan: issuing %s remote scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n", scanner_name, scanner_options); /* send scan request */ @@ -664,7 +670,7 @@ if (!malware_ok) { drweb_slen = htonl(Ustrlen(eml_filename)); - DEBUG(D_acl) debug_printf("Malware scan: issuing %s local scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s local scan [%s]\n", scanner_name, scanner_options); /* send scan request */ @@ -782,7 +788,7 @@ if (!malware_ok) eml_filename); /* and send it */ - DEBUG(D_acl) debug_printf("Malware scan: issuing %s %s\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s %s\n", scanner_name, buf); if (m_sock_send(sock, buf, Ustrlen(buf), &errstr) < 0) return m_errlog_defer(scanent, CUS callout_address, errstr); @@ -842,7 +848,7 @@ if (!malware_ok) malware_name = NULL; - DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n", scanner_name, scanner_options); /* pass options */ memset(av_buffer, 0, sizeof(av_buffer)); @@ -938,7 +944,7 @@ if (!malware_ok) if (p) *p = '\0'; - DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n", scanner_name, scanner_options); /* send scan request */ @@ -966,7 +972,7 @@ if (!malware_ok) US"reported 'kavdaemon damaged' (code 7).", sock); } - /* code 8 is not handled, since it is ambigous. It appears mostly on + /* code 8 is not handled, since it is ambiguous. It appears mostly on bounces where part of a file has been cut off */ /* "virus found" return codes (2-4) */ @@ -1069,7 +1075,7 @@ if (!malware_ok) /* redirect STDERR too */ commandline = string_sprintf("%s 2>&1", commandline); - DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n", scanner_name, commandline); /* store exims signal handlers */ @@ -1172,7 +1178,7 @@ if (!malware_ok) if ((p = Ustrrchr(file_name, '/'))) *p = '\0'; - DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n", + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n", scanner_name, scanner_options); if ( write(sock, file_name, Ustrlen(file_name)) < 0 @@ -1346,7 +1352,7 @@ if (!malware_ok) int i = random_number( num_servers ); clamd_address * cd = cv[i]; - DEBUG(D_acl) debug_printf("trying server name %s, port %u\n", + DEBUG(D_acl) debug_printf_indent("trying server name %s, port %u\n", cd->hostspec, cd->tcp_port); /* Lookup the host. This is to ensure that we connect to the same IP @@ -1402,7 +1408,7 @@ if (!malware_ok) * that port on a second connection; then in the scan-method-neutral * part, read the response back on the original connection. */ - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "Malware scan: issuing %s old-style remote scan (PORT)\n", scanner_name); @@ -1444,7 +1450,7 @@ if (!malware_ok) chunks, a 4-byte number (network order), terminated by a zero-length chunk. */ - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "Malware scan: issuing %s new-style remote scan (zINSTREAM)\n", scanner_name); @@ -1555,7 +1561,7 @@ if (!malware_ok) /* Pass the string to ClamAV (7 = "SCAN \n" + \0) */ file_name = string_sprintf("SCAN %s\n", eml_filename); - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "Malware scan: issuing %s local-path scan [%s]\n", scanner_name, scanner_options); @@ -1616,7 +1622,7 @@ if (!malware_ok) p = av_buffer + Ustrlen(av_buffer) - 1; if (*p == '\n') *p = '\0'; - DEBUG(D_acl) debug_printf("Malware response: %s\n", av_buffer); + DEBUG(D_acl) debug_printf_indent("Malware response: %s\n", av_buffer); while (isspace(*--p) && (p > av_buffer)) *p = '\0'; @@ -1653,7 +1659,7 @@ if (!malware_ok) *p = '\0'; } malware_name = string_copy(vname); - DEBUG(D_acl) debug_printf("Malware found, name \"%s\"\n", malware_name); + DEBUG(D_acl) debug_printf_indent("Malware found, name \"%s\"\n", malware_name); } else if (Ustrcmp(result_tag, "ERROR") == 0) @@ -1664,7 +1670,7 @@ if (!malware_ok) { /* Everything should be OK */ malware_name = NULL; - DEBUG(D_acl) debug_printf("Malware not found\n"); + DEBUG(D_acl) debug_printf_indent("Malware not found\n"); } else @@ -1770,7 +1776,7 @@ if (!malware_ok) malware_name = NULL; - DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan\n", scanner_name); + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan\n", scanner_name); if ((retval = mksd_scan_packed(scanent, sock, eml_filename, tmo)) != OK) { @@ -1812,7 +1818,7 @@ if (!malware_ok) int slen = Ustrlen(buf); if (slen >= 1) { - DEBUG(D_acl) debug_printf("got from avast: %s\n", buf); + DEBUG(D_acl) debug_printf_indent("got from avast: %s\n", buf); switch (avast_stage) { case AVA_HELO: @@ -1911,8 +1917,53 @@ if (!malware_ok) sock); default: break; } + break; } + + case M_FPROT6D: /* "f-prot6d" scanner type ----------------------------------- */ + { + int bread; + uschar * e; + uschar * linebuffer; + uschar * scanrequest; + uschar av_buffer[1024]; + + if ((!fprot6d_re_virus && !(fprot6d_re_virus = m_pcre_compile(fprot6d_re_virus_str, &errstr))) + || (!fprot6d_re_error && !(fprot6d_re_error = m_pcre_compile(fprot6d_re_error_str, &errstr)))) + return malware_errlog_defer(errstr); + + scanrequest = string_sprintf("SCAN FILE %s\n", eml_filename); + DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s: %s\n", + scanner_name, scanrequest); + + if (m_sock_send(sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0) + return m_errlog_defer(scanent, CUS callout_address, errstr); + + bread = ip_recv(sock, av_buffer, sizeof(av_buffer), tmo-time(NULL)); + + if (bread <= 0) + return m_errlog_defer_3(scanent, CUS callout_address, + string_sprintf("unable to read from socket (%s)", strerror(errno)), + sock); + + if (bread == sizeof(av_buffer)) + return m_errlog_defer_3(scanent, CUS callout_address, + US"buffer too small", sock); + + av_buffer[bread] = '\0'; + linebuffer = string_copy(av_buffer); + + m_sock_send(sock, US"QUIT\n", 5, 0); + + if ((e = m_pcre_exec(fprot6d_re_error, linebuffer))) + return m_errlog_defer_3(scanent, CUS callout_address, + string_sprintf("scanner reported error (%s)", e), sock); + + if (!(malware_name = m_pcre_exec(fprot6d_re_virus, linebuffer))) + malware_name = NULL; + break; + } /* f-prot6d */ } /* scanner type switch */ if (sock >= 0) @@ -1923,7 +1974,7 @@ if (!malware_ok) /* match virus name against pattern (caseless ------->----------v) */ if (malware_name && regex_match_and_setup(re, malware_name, 0, -1)) { - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "Matched regex to malware [%s] [%s]\n", malware_re, malware_name); return OK; } @@ -2028,6 +2079,10 @@ if (!ava_re_clean) ava_re_clean = regex_must_compile(ava_re_clean_str, FALSE, TRUE); if (!ava_re_virus) ava_re_virus = regex_must_compile(ava_re_virus_str, FALSE, TRUE); +if (!fprot6d_re_error) + fprot6d_re_error = regex_must_compile(fprot6d_re_error_str, FALSE, TRUE); +if (!fprot6d_re_virus) + fprot6d_re_virus = regex_must_compile(fprot6d_re_virus_str, FALSE, TRUE); } #endif /*WITH_CONTENT_SCAN*/ diff --git a/src/src/mime.c b/src/src/mime.c index 5ed15b081..821cb541d 100644 --- a/src/src/mime.c +++ b/src/src/mime.c @@ -446,7 +446,7 @@ uschar * s = *sp; uschar * val = NULL; int size = 0, ptr = 0; -/* debug_printf(" considering paramval '%s'\n", s); */ +/* debug_printf_indent(" considering paramval '%s'\n", s); */ while (*s && *s != ';') /* ; terminates */ if (*s == '"') @@ -545,7 +545,7 @@ while(1) if (!fgets(CS header, MIME_MAX_HEADER_SIZE, f)) { /* Hit EOF or read error. Ugh. */ - DEBUG(D_acl) debug_printf("MIME: Hit EOF ...\n"); + DEBUG(D_acl) debug_printf_indent("MIME: Hit EOF ...\n"); return rc; } @@ -557,12 +557,12 @@ while(1) if (Ustrncmp((header+2+Ustrlen(context->boundary)), "--", 2) == 0) { /* END boundary found */ - DEBUG(D_acl) debug_printf("MIME: End boundary found %s\n", + DEBUG(D_acl) debug_printf_indent("MIME: End boundary found %s\n", context->boundary); return rc; } - DEBUG(D_acl) debug_printf("MIME: Next part with boundary %s\n", + DEBUG(D_acl) debug_printf_indent("MIME: Next part with boundary %s\n", context->boundary); break; } @@ -586,7 +586,7 @@ while(1) for (q = p; *q != ';' && *q; q++) ; *mh->value = string_copynlc(p, q-p); - DEBUG(D_acl) debug_printf("MIME: found %s header, value is '%s'\n", + DEBUG(D_acl) debug_printf_indent("MIME: found %s header, value is '%s'\n", mh->name, *mh->value); if (*(p = q)) p++; /* jump past the ; */ @@ -604,7 +604,7 @@ while(1) { mime_parameter * mp; - DEBUG(D_acl) debug_printf("MIME: considering paramlist '%s'\n", p); + DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p); if ( !mime_filename && strncmpic(CUS"content-disposition:", header, 20) == 0 @@ -649,15 +649,15 @@ while(1) else p = q; - DEBUG(D_acl) debug_printf("MIME: charset %s fname '%s'\n", + DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n", mime_filename_charset ? mime_filename_charset : US"", p); temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen); - DEBUG(D_acl) debug_printf("MIME: 2047-name %s\n", temp_string); + DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string); temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', NULL, &err_msg); - DEBUG(D_acl) debug_printf("MIME: plain-name %s\n", temp_string); + DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string); size = Ustrlen(temp_string); @@ -692,7 +692,7 @@ while(1) ? rfc2047_decode(q, check_rfc2047_length, NULL, 32, NULL, &dummy_errstr) : NULL; - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "MIME: found %s parameter in %s header, value '%s'\n", mp->name, mh->name, *mp->value); @@ -710,7 +710,7 @@ while(1) { if (decoding_failed) mime_filename = mime_fname_rfc2231; - DEBUG(D_acl) debug_printf( + DEBUG(D_acl) debug_printf_indent( "MIME: found %s parameter in %s header, value is '%s'\n", "filename", mh->name, mime_filename); } @@ -753,7 +753,7 @@ while(1) (Ustrncmp(mime_content_type,"multipart",9) == 0) ) { DEBUG(D_acl) - debug_printf("MIME: Entering multipart recursion, boundary '%s'\n", + debug_printf_indent("MIME: Entering multipart recursion, boundary '%s'\n", nested_context.boundary); nested_context.context = diff --git a/src/src/os.c b/src/src/os.c index 47af038f7..ca24e8dd2 100644 --- a/src/src/os.c +++ b/src/src/os.c @@ -879,7 +879,7 @@ char * b = (char *)buffer; if (!size) size = PATH_MAX; if (!b && !(b = malloc(size))) return NULL; if (!(b = getcwd(b, size))) return NULL; -return realloc(b, strlen(b) + 1); +return buffer ? buffer : realloc(b, strlen(b) + 1); } #endif diff --git a/src/src/parse.c b/src/src/parse.c index 3d942fd95..94a1af6ab 100644 --- a/src/src/parse.c +++ b/src/src/parse.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for parsing addresses */ @@ -187,7 +187,7 @@ The start of the last potential comment position is remembered to make it possible to ignore comments at the end of compound items. Argument: current character pointer -Regurns: new character pointer +Returns: new character pointer */ static uschar * @@ -661,7 +661,7 @@ if (*s != '@' && *s != '<') while (*s != '<' && (!parse_allow_group || *s != ':')) { s = read_local_part(s, t, errorptr, FALSE); - if (*errorptr != NULL) + if (*errorptr) { *errorptr = string_sprintf("%s (expected word or \"<\")", *errorptr); goto PARSE_FAILED; @@ -686,8 +686,8 @@ processing it. Note that this is "if" rather than "else if" because it's also used after reading a preceding phrase. There are a lot of broken sendmails out there that put additional pairs of <> -round s. If strip_excess_angle_brackets is set, allow any number of -them, as long as they match. */ +round s. If strip_excess_angle_brackets is set, allow a limited +number of them, as long as they match. */ if (*s == '<') { @@ -696,8 +696,11 @@ if (*s == '<') int bracket_count = 1; s++; - if (strip_excess_angle_brackets) - while (*s == '<') { bracket_count++; s++; } + if (strip_excess_angle_brackets) while (*s == '<') + { + if(bracket_count++ > 5) FAILED(US"angle-brackets nested too deep"); + s++; + } t = yield; startptr = s; @@ -711,7 +714,7 @@ if (*s == '<') if (*s == '@') { s = read_route(s, t, errorptr); - if (*errorptr != NULL) goto PARSE_FAILED; + if (*errorptr) goto PARSE_FAILED; *t = 0; /* Ensure route is ignored - probably overkill */ source_routed = TRUE; } @@ -729,7 +732,7 @@ if (*s == '<') else { s = read_addr_spec(s, t, '>', errorptr, &domainptr); - if (*errorptr != NULL) goto PARSE_FAILED; + if (*errorptr) goto PARSE_FAILED; *domain = domainptr - yield; if (source_routed && *domain == 0) FAILED(US"domain missing in source-routed address"); @@ -739,9 +742,10 @@ if (*s == '<') if (*errorptr != NULL) goto PARSE_FAILED; while (bracket_count-- > 0) if (*s++ != '>') { - *errorptr = (s[-1] == 0)? US"'>' missing at end of address" : - string_sprintf("malformed address: %.32s may not follow %.*s", - s-1, s - (uschar *)mailbox - 1, mailbox); + *errorptr = s[-1] == 0 + ? US"'>' missing at end of address" + : string_sprintf("malformed address: %.32s may not follow %.*s", + s-1, s - (uschar *)mailbox - 1, mailbox); goto PARSE_FAILED; } diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index c4bdb5a93..5fc6045d0 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -2,7 +2,7 @@ * PDKIM - a RFC4871 (DKIM) implementation * * Copyright (C) 2009 - 2016 Tom Kistner - * Copyright (C) 2016 Jeremy Harris + * Copyright (C) 2016 - 2017 Jeremy Harris * * http://duncanthrax.net/pdkim/ * @@ -142,19 +142,19 @@ switch(ext_status) } } -const char * +const uschar * pdkim_errstr(int status) { switch(status) { - case PDKIM_OK: return "OK"; - case PDKIM_FAIL: return "FAIL"; - case PDKIM_ERR_RSA_PRIVKEY: return "RSA_PRIVKEY"; - case PDKIM_ERR_RSA_SIGNING: return "RSA SIGNING"; - case PDKIM_ERR_LONG_LINE: return "RSA_LONG_LINE"; - case PDKIM_ERR_BUFFER_TOO_SMALL: return "BUFFER_TOO_SMALL"; - case PDKIM_SIGN_PRIVKEY_WRAP: return "PRIVKEY_WRAP"; - case PDKIM_SIGN_PRIVKEY_B64D: return "PRIVKEY_B64D"; + case PDKIM_OK: return US"OK"; + case PDKIM_FAIL: return US"FAIL"; + case PDKIM_ERR_RSA_PRIVKEY: return US"RSA_PRIVKEY"; + case PDKIM_ERR_RSA_SIGNING: return US"RSA SIGNING"; + case PDKIM_ERR_LONG_LINE: return US"RSA_LONG_LINE"; + case PDKIM_ERR_BUFFER_TOO_SMALL: return US"BUFFER_TOO_SMALL"; + case PDKIM_SIGN_PRIVKEY_WRAP: return US"PRIVKEY_WRAP"; + case PDKIM_SIGN_PRIVKEY_B64D: return US"PRIVKEY_B64D"; default: return "(unknown)"; } } @@ -192,7 +192,8 @@ static void pdkim_hexprint(const uschar *data, int len) { int i; -for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]); +if (data) for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]); +else debug_printf(""); debug_printf("\n"); } @@ -415,7 +416,7 @@ return b64encode(b->data, b->len); static pdkim_signature * pdkim_parse_sig_header(pdkim_ctx *ctx, uschar * raw_hdr) { -pdkim_signature *sig ; +pdkim_signature * sig; uschar *p, *q; uschar * cur_tag = NULL; int ts = 0, tl = 0; uschar * cur_val = NULL; int vs = 0, vl = 0; @@ -493,10 +494,8 @@ for (p = raw_hdr; ; p++) switch (*cur_tag) { case 'b': - if (cur_tag[1] == 'h') - pdkim_decode_base64(cur_val, &sig->bodyhash); - else - pdkim_decode_base64(cur_val, &sig->sigdata); + pdkim_decode_base64(cur_val, + cur_tag[1] == 'h' ? &sig->bodyhash : &sig->sighash); break; case 'v': /* We only support version 1, and that is currently the @@ -578,12 +577,17 @@ DEBUG(D_acl) "PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); pdkim_quoteprint(US sig->rawsig_no_b_val, Ustrlen(sig->rawsig_no_b_val)); debug_printf( - "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sigdata.len*8); + "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sighash.len*8); debug_printf( "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } -exim_sha_init(&sig->body_hash, sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256); +if (!exim_sha_init(&sig->body_hash_ctx, + sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256)) + { + DEBUG(D_acl) debug_printf("PDKIM: hash init internal error\n"); + return NULL; + } return sig; } @@ -697,15 +701,14 @@ return NULL; /* -------------------------------------------------------------------------- */ static int -pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) +pdkim_update_bodyhash(pdkim_ctx * ctx, const char * data, int len) { -pdkim_signature *sig = ctx->sig; -/* Cache relaxed version of data */ -uschar *relaxed_data = NULL; -int relaxed_len = 0; +pdkim_signature * sig; +uschar * relaxed_data = NULL; /* Cache relaxed version of data */ +int relaxed_len = 0; /* Traverse all signatures, updating their hashes. */ -while (sig) +for (sig = ctx->sig; sig; sig = sig->next) { /* Defaults to simple canon (no further treatment necessary) */ const uschar *canon_data = CUS data; @@ -761,12 +764,10 @@ while (sig) if (canon_len > 0) { - exim_sha_update(&sig->body_hash, CUS canon_data, canon_len); + exim_sha_update(&sig->body_hash_ctx, CUS canon_data, canon_len); sig->signed_body_bytes += canon_len; DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len); } - - sig = sig->next; } if (relaxed_data) store_free(relaxed_data); @@ -786,7 +787,7 @@ for (sig = ctx->sig; sig; sig = sig->next) { /* Finish hashes */ blob bh; - exim_sha_finish(&sig->body_hash, &bh); + exim_sha_finish(&sig->body_hash_ctx, &bh); DEBUG(D_acl) { @@ -807,11 +808,11 @@ for (sig = ctx->sig; sig; sig = sig->next) sig->bodylength = -1; } - /* VERIFICATION --------------------------------------------------------- */ else - { - /* Compare bodyhash */ - if (memcmp(bh.data, sig->bodyhash.data, bh.len) == 0) + /* VERIFICATION --------------------------------------------------------- */ + /* Be careful that the header sig included a bodyash */ + + if (sig->bodyhash.data && memcmp(bh.data, sig->bodyhash.data, bh.len) == 0) { DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash verified OK\n", sig->domain); } @@ -820,14 +821,12 @@ for (sig = ctx->sig; sig; sig = sig->next) DEBUG(D_acl) { debug_printf("PDKIM [%s] Body hash signature from headers: ", sig->domain); - pdkim_hexprint(sig->bodyhash.data, - exim_sha_hashlen(&sig->body_hash)); + pdkim_hexprint(sig->bodyhash.data, sig->bodyhash.len); debug_printf("PDKIM [%s] Body hash did NOT verify\n", sig->domain); } sig->verify_status = PDKIM_VERIFY_FAIL; sig->verify_ext_status = PDKIM_VERIFY_FAIL_BODY; } - } } } @@ -876,7 +875,7 @@ ctx->linebuf[ctx->linebuf_offset] = '\0'; /* Terminate on EOD marker */ if (ctx->flags & PDKIM_DOT_TERM) { - if ( memcmp(p, ".\r\n", 3) == 0) + if (memcmp(p, ".\r\n", 3) == 0) return pdkim_body_complete(ctx); /* Unstuff dots */ @@ -932,68 +931,65 @@ return PDKIM_OK; #define DKIM_SIGNATURE_HEADERNAME "DKIM-Signature:" static int -pdkim_header_complete(pdkim_ctx *ctx) +pdkim_header_complete(pdkim_ctx * ctx) { +pdkim_signature * sig, * last_sig; + /* Special case: The last header can have an extra \r appended */ if ( (ctx->cur_header_len > 1) && (ctx->cur_header[(ctx->cur_header_len)-1] == '\r') ) --ctx->cur_header_len; ctx->cur_header[ctx->cur_header_len] = '\0'; -ctx->num_headers++; -if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL; +if (++ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL; /* SIGNING -------------------------------------------------------------- */ if (ctx->flags & PDKIM_MODE_SIGN) - { - pdkim_signature *sig; - for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */ /* Add header to the signed headers list (in reverse order) */ sig->headers = pdkim_prepend_stringlist(sig->headers, ctx->cur_header); - } /* VERIFICATION ----------------------------------------------------------- */ /* DKIM-Signature: headers are added to the verification list */ else { +#ifdef notdef + DEBUG(D_acl) + { + debug_printf("PDKIM >> raw hdr: "); + pdkim_quoteprint(CUS ctx->cur_header, ctx->cur_header_len); + } +#endif if (strncasecmp(CCS ctx->cur_header, DKIM_SIGNATURE_HEADERNAME, Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0) { - pdkim_signature *new_sig; + /* Create and chain new signature block. We could error-check for all + required tags here, but prefer to create the internal sig and expicitly + fail verification of it later. */ - /* Create and chain new signature block */ DEBUG(D_acl) debug_printf( "PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); - if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header))) + sig = pdkim_parse_sig_header(ctx, ctx->cur_header); + + if (!(last_sig = ctx->sig)) + ctx->sig = sig; + else { - pdkim_signature *last_sig = ctx->sig; - if (!last_sig) - ctx->sig = new_sig; - else - { - while (last_sig->next) last_sig = last_sig->next; - last_sig->next = new_sig; - } + while (last_sig->next) last_sig = last_sig->next; + last_sig->next = sig; } - else - DEBUG(D_acl) debug_printf( - "Error while parsing signature header\n" - "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); } - /* every other header is stored for signature verification */ - else - ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header); + /* all headers are stored for signature verification */ + ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header); } BAIL: -*ctx->cur_header = '\0'; -ctx->cur_header_len = 0; /* leave buffer for reuse */ +ctx->cur_header[ctx->cur_header_len = 0] = '\0'; /* leave buffer for reuse */ return PDKIM_OK; } @@ -1005,7 +1001,7 @@ return PDKIM_OK; DLLEXPORT int pdkim_feed(pdkim_ctx *ctx, char *data, int len) { -int p; +int p, rc; /* Alternate EOD signal, used in non-dotstuffing mode */ if (!data) @@ -1017,45 +1013,57 @@ else for (p = 0; pflags & PDKIM_PAST_HDRS) { + if (c == '\n' && !(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */ + { + ctx->linebuf[ctx->linebuf_offset++] = '\r'; + if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1) + return PDKIM_ERR_LONG_LINE; + } + /* Processing body byte */ ctx->linebuf[ctx->linebuf_offset++] = c; - if (c == '\n') + if (c == '\r') + ctx->flags |= PDKIM_SEEN_CR; + else if (c == '\n') { - int rc = pdkim_bodyline_complete(ctx); /* End of line */ - if (rc != PDKIM_OK) return rc; + ctx->flags &= ~PDKIM_SEEN_CR; + if ((rc = pdkim_bodyline_complete(ctx)) != PDKIM_OK) + return rc; } - if (ctx->linebuf_offset == (PDKIM_MAX_BODY_LINE_LEN-1)) + + if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1) return PDKIM_ERR_LONG_LINE; } else { /* Processing header byte */ - if (c != '\r') + if (c == '\r') + ctx->flags |= PDKIM_SEEN_CR; + else if (c == '\n') { - if (c == '\n') - { - if (ctx->flags & PDKIM_SEEN_LF) - { - int rc = pdkim_header_complete(ctx); /* Seen last header line */ - if (rc != PDKIM_OK) return rc; + if (!(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */ + ctx->cur_header = string_catn(ctx->cur_header, &ctx->cur_header_size, + &ctx->cur_header_len, CUS "\r", 1); - ctx->flags = ctx->flags & ~PDKIM_SEEN_LF | PDKIM_PAST_HDRS; - DEBUG(D_acl) debug_printf( - "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>\n"); - continue; - } - else - ctx->flags |= PDKIM_SEEN_LF; - } - else if (ctx->flags & PDKIM_SEEN_LF) - { - if (!(c == '\t' || c == ' ')) - { - int rc = pdkim_header_complete(ctx); /* End of header */ - if (rc != PDKIM_OK) return rc; - } - ctx->flags &= ~PDKIM_SEEN_LF; + if (ctx->flags & PDKIM_SEEN_LF) /* Seen last header line */ + { + if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK) + return rc; + + ctx->flags = (ctx->flags & ~(PDKIM_SEEN_LF|PDKIM_SEEN_CR)) | PDKIM_PAST_HDRS; + DEBUG(D_acl) debug_printf( + "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); + continue; } + else + ctx->flags = (ctx->flags & ~PDKIM_SEEN_CR) | PDKIM_SEEN_LF; + } + else if (ctx->flags & PDKIM_SEEN_LF) + { + if (!(c == '\t' || c == ' ')) /* End of header */ + if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK) + return rc; + ctx->flags &= ~PDKIM_SEEN_LF; } if (ctx->cur_header_len < PDKIM_MAX_HEADER_LEN) @@ -1289,7 +1297,7 @@ if (sig->bodylength >= 0) } /* Preliminary or final version? */ -base64_b = final ? pdkim_encode_base64(&sig->sigdata) : US""; +base64_b = final ? pdkim_encode_base64(&sig->sighash) : US""; hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"b=", base64_b); /* add trailing semicolon: I'm not sure if this is actually needed */ @@ -1300,10 +1308,79 @@ return hdr; } +/* -------------------------------------------------------------------------- */ + +static pdkim_pubkey * +pdkim_key_from_dns(pdkim_ctx * ctx, pdkim_signature * sig, ev_ctx * vctx, + const uschar ** errstr) +{ +uschar * dns_txt_name, * dns_txt_reply; +pdkim_pubkey * p; + +/* Fetch public key for signing domain, from DNS */ + +dns_txt_name = string_sprintf("%s._domainkey.%s.", sig->selector, sig->domain); + +dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN); +memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN); + +if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK + || dns_txt_reply[0] == '\0' + ) + { + sig->verify_status = PDKIM_VERIFY_INVALID; + sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE; + return NULL; + } + +DEBUG(D_acl) + { + debug_printf( + "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n" + " Raw record: "); + pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply)); + } + +if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply)) + || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0) + ) + { + sig->verify_status = PDKIM_VERIFY_INVALID; + sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD; + + DEBUG(D_acl) + { + if (p) + debug_printf(" Invalid public key service type '%s'\n", p->srvtype); + else + debug_printf(" Error while parsing public key record\n"); + debug_printf( + "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + } + return NULL; + } + +DEBUG(D_acl) debug_printf( + "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + +/* Import public key */ +if ((*errstr = exim_rsa_verify_init(&p->key, vctx))) + { + DEBUG(D_acl) debug_printf("verify_init: %s\n", *errstr); + sig->verify_status = PDKIM_VERIFY_INVALID; + sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT; + return NULL; + } + +return p; +} + + /* -------------------------------------------------------------------------- */ DLLEXPORT int -pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures) +pdkim_feed_finish(pdkim_ctx * ctx, pdkim_signature ** return_signatures, + const uschar ** err) { pdkim_signature *sig = ctx->sig; @@ -1335,7 +1412,11 @@ while (sig) hdata.data = NULL; hdata.len = 0; - exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256); + if (!exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256)) + { + DEBUG(D_acl) debug_printf("PDKIM: hask setup internal error\n"); + break; + } DEBUG(D_acl) debug_printf( "PDKIM >> Header data for hash, canonicalized, in sequence >>>>>>>>>>>>>>\n"); @@ -1480,12 +1561,11 @@ while (sig) if (ctx->flags & PDKIM_MODE_SIGN) { es_ctx sctx; - const uschar * errstr; /* Import private key */ - if ((errstr = exim_rsa_signing_init(US sig->rsa_privkey, &sctx))) + if ((*err = exim_rsa_signing_init(US sig->rsa_privkey, &sctx))) { - DEBUG(D_acl) debug_printf("signing_init: %s\n", errstr); + DEBUG(D_acl) debug_printf("signing_init: %s\n", *err); return PDKIM_ERR_RSA_PRIVKEY; } @@ -1497,16 +1577,16 @@ while (sig) hdata = hhash; #endif - if ((errstr = exim_rsa_sign(&sctx, is_sha1, &hdata, &sig->sigdata))) + if ((*err = exim_rsa_sign(&sctx, is_sha1, &hdata, &sig->sighash))) { - DEBUG(D_acl) debug_printf("signing: %s\n", errstr); + DEBUG(D_acl) debug_printf("signing: %s\n", *err); return PDKIM_ERR_RSA_SIGNING; } DEBUG(D_acl) { debug_printf( "PDKIM [%s] b computed: ", sig->domain); - pdkim_hexprint(sig->sigdata.data, sig->sigdata.len); + pdkim_hexprint(sig->sighash.data, sig->sighash.len); } sig->signature_header = pdkim_create_header(sig, TRUE); @@ -1516,17 +1596,14 @@ while (sig) else { ev_ctx vctx; - const uschar * errstr; pdkim_pubkey * p; - uschar *dns_txt_name, *dns_txt_reply; - /* Make sure we have all required signature tags */ if (!( sig->domain && *sig->domain && sig->selector && *sig->selector && sig->headernames && *sig->headernames && sig->bodyhash.data - && sig->sigdata.data + && sig->sighash.data && sig->algo > -1 && sig->version ) ) @@ -1552,73 +1629,20 @@ while (sig) goto NEXT_VERIFY; } - /* Fetch public key for signing domain, from DNS */ - - dns_txt_name = string_sprintf("%s._domainkey.%s.", - sig->selector, sig->domain); - - dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN); - memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN); - - if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK - || dns_txt_reply[0] == '\0') - { - sig->verify_status = PDKIM_VERIFY_INVALID; - sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE; - goto NEXT_VERIFY; - } - - DEBUG(D_acl) - { - debug_printf( - "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n" - " Raw record: "); - pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply)); - } - - if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply)) - || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0) - ) - { - sig->verify_status = PDKIM_VERIFY_INVALID; - sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD; - - DEBUG(D_acl) - { - if (p) - debug_printf(" Invalid public key service type '%s'\n", p->srvtype); - else - debug_printf(" Error while parsing public key record\n"); - debug_printf( - "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); - } + if (!(sig->pubkey = pdkim_key_from_dns(ctx, sig, &vctx, err))) goto NEXT_VERIFY; - } - sig->pubkey = p; - - DEBUG(D_acl) debug_printf( - "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); - - /* Import public key */ - if ((errstr = exim_rsa_verify_init(&sig->pubkey->key, &vctx))) - { - DEBUG(D_acl) debug_printf("verify_init: %s\n", errstr); - sig->verify_status = PDKIM_VERIFY_INVALID; - sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT; - goto NEXT_VERIFY; - } /* Check the signature */ - if ((errstr = exim_rsa_verify(&vctx, is_sha1, &hhash, &sig->sigdata))) + if ((*err = exim_rsa_verify(&vctx, is_sha1, &hhash, &sig->sighash))) { - DEBUG(D_acl) debug_printf("headers verify: %s\n", errstr); + DEBUG(D_acl) debug_printf("headers verify: %s\n", *err); sig->verify_status = PDKIM_VERIFY_FAIL; sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE; goto NEXT_VERIFY; } - /* We have a winner! (if bodydhash was correct earlier) */ + /* We have a winner! (if bodyhash was correct earlier) */ if (sig->verify_status == PDKIM_VERIFY_NONE) sig->verify_status = PDKIM_VERIFY_PASS; @@ -1668,22 +1692,25 @@ return ctx; /* -------------------------------------------------------------------------- */ DLLEXPORT pdkim_ctx * -pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo, - BOOL dot_stuffed) +pdkim_init_sign(char * domain, char * selector, char * rsa_privkey, int algo, + BOOL dot_stuffed, int(*dns_txt_callback)(char *, char *), + const uschar ** errstr) { -pdkim_ctx *ctx; -pdkim_signature *sig; +pdkim_ctx * ctx; +pdkim_signature * sig; if (!domain || !selector || !rsa_privkey) return NULL; -ctx = store_get(sizeof(pdkim_ctx)); +ctx = store_get(sizeof(pdkim_ctx) + PDKIM_MAX_BODY_LINE_LEN + sizeof(pdkim_signature)); memset(ctx, 0, sizeof(pdkim_ctx)); ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN; -ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN); +ctx->linebuf = CS (ctx+1); -sig = store_get(sizeof(pdkim_signature)); +DEBUG(D_acl) ctx->dns_txt_callback = dns_txt_callback; + +sig = (pdkim_signature *)(ctx->linebuf + PDKIM_MAX_BODY_LINE_LEN); memset(sig, 0, sizeof(pdkim_signature)); sig->bodylength = -1; @@ -1694,7 +1721,23 @@ sig->selector = string_copy(US selector); sig->rsa_privkey = string_copy(US rsa_privkey); sig->algo = algo; -exim_sha_init(&sig->body_hash, algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256); +if (!exim_sha_init(&sig->body_hash_ctx, + algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256)) + { + DEBUG(D_acl) debug_printf("PDKIM: hash setup internal error\n"); + return NULL; + } + +DEBUG(D_acl) + { + pdkim_signature s = *sig; + ev_ctx vctx; + + debug_printf("PDKIM (checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + if (!pdkim_key_from_dns(ctx, &s, &vctx, errstr)) + debug_printf("WARNING: bad dkim key in dns\n"); + debug_printf("PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + } return ctx; } diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 07ba5b5c4..8c477f744 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -2,7 +2,7 @@ * PDKIM - a RFC4871 (DKIM) implementation * * Copyright (C) 2009 - 2012 Tom Kistner - * Copyright (c) Jeremy Harris 2016 + * Copyright (c) 2016 - 2017 Jeremy Harris * * http://duncanthrax.net/pdkim/ * @@ -164,7 +164,7 @@ typedef struct pdkim_signature { uschar *copiedheaders; /* (b=) Raw signature data, along with its length in bytes */ - blob sigdata; + blob sighash; /* (bh=) Raw body hash data, along with its length in bytes */ blob bodyhash; @@ -233,7 +233,7 @@ typedef struct pdkim_signature { /* Properties below this point are used internally only ------------- */ /* Per-signature helper variables ----------------------------------- */ - hctx body_hash; + hctx body_hash_ctx; unsigned long signed_body_bytes; /* How many body bytes we hashed */ pdkim_stringlist *headers; /* Raw headers included in the sig */ @@ -250,9 +250,10 @@ typedef struct pdkim_ctx { #define PDKIM_MODE_SIGN BIT(0) /* if unset, mode==verify */ #define PDKIM_DOT_TERM BIT(1) /* dot termination and unstuffing */ -#define PDKIM_SEEN_LF BIT(2) -#define PDKIM_SEEN_EOD BIT(3) +#define PDKIM_SEEN_CR BIT(2) +#define PDKIM_SEEN_LF BIT(3) #define PDKIM_PAST_HDRS BIT(4) +#define PDKIM_SEEN_EOD BIT(5) unsigned flags; /* One (signing) or several chained (verification) signatures */ @@ -285,7 +286,8 @@ extern "C" { void pdkim_init (void); DLLEXPORT -pdkim_ctx *pdkim_init_sign (char *, char *, char *, int, BOOL); +pdkim_ctx *pdkim_init_sign (char *, char *, char *, int, + BOOL, int(*)(char *, char *), const uschar **); DLLEXPORT pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL); @@ -299,13 +301,13 @@ int pdkim_set_optional (pdkim_ctx *, char *, char *,int, int, DLLEXPORT int pdkim_feed (pdkim_ctx *, char *, int); DLLEXPORT -int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **); +int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **, const uschar **); DLLEXPORT void pdkim_free_ctx (pdkim_ctx *); -const char * pdkim_errstr(int); +const uschar * pdkim_errstr(int); #ifdef __cplusplus } diff --git a/src/src/pdkim/rsa.c b/src/src/pdkim/rsa.c index aeb016ce5..950c617c7 100644 --- a/src/src/pdkim/rsa.c +++ b/src/src/pdkim/rsa.c @@ -170,7 +170,7 @@ uschar tag_class; int taglen; long tag, len; -/* debug_printf("as_tag: %02x %02x %02x %02x\n", +/* debug_printf_indent("as_tag: %02x %02x %02x %02x\n", der->data[0], der->data[1], der->data[2], der->data[3]); */ if ((rc = asn1_get_tag_der(der->data++, der->len--, &tag_class, &taglen, &tag)) @@ -183,7 +183,7 @@ if ((len = asn1_get_length_der(der->data, der->len, &taglen)) < 0) return ASN1_DER_ERROR; if (alen) *alen = len; -/* debug_printf("as_tag: tlen %d dlen %d\n", taglen, (int)len); */ +/* debug_printf_indent("as_tag: tlen %d dlen %d\n", taglen, (int)len); */ der->data += taglen; der->len -= taglen; @@ -325,25 +325,25 @@ if ( (s1 = as_mpi(&der, &sign_ctx->n)) ) return s1; -DEBUG(D_acl) debug_printf("rsa_signing_init:\n"); +DEBUG(D_acl) debug_printf_indent("rsa_signing_init:\n"); { uschar * s; gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->n); - debug_printf(" N : %s\n", s); + debug_printf_indent(" N : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->e); - debug_printf(" E : %s\n", s); + debug_printf_indent(" E : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->d); - debug_printf(" D : %s\n", s); + debug_printf_indent(" D : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->p); - debug_printf(" P : %s\n", s); + debug_printf_indent(" P : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->q); - debug_printf(" Q : %s\n", s); + debug_printf_indent(" Q : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->dp); - debug_printf(" DP: %s\n", s); + debug_printf_indent(" DP: %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->dq); - debug_printf(" DQ: %s\n", s); + debug_printf_indent(" DQ: %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->qp); - debug_printf(" QP: %s\n", s); + debug_printf_indent(" QP: %s\n", s); } return NULL; @@ -402,13 +402,13 @@ DEBUG(D_acl) { uschar * s; gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, m_sig); - debug_printf(" SG: %s\n", s); + debug_printf_indent(" SG: %s\n", s); } gerr = gcry_mpi_print(GCRYMPI_FMT_USG, sig->data, SIGSPACE, &sig->len, m_sig); if (gerr) { - debug_printf("signature conversion from MPI to buffer failed\n"); + debug_printf_indent("signature conversion from MPI to buffer failed\n"); return US gcry_strerror(gerr); } #undef SIGSPACE @@ -480,13 +480,13 @@ if ( (errstr = as_mpi(pubkey_der, &verify_ctx->n)) ) return errstr; -DEBUG(D_acl) debug_printf("rsa_verify_init:\n"); +DEBUG(D_acl) debug_printf_indent("rsa_verify_init:\n"); { uschar * s; gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, verify_ctx->n); - debug_printf(" N : %s\n", s); + debug_printf_indent(" N : %s\n", s); gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, verify_ctx->e); - debug_printf(" E : %s\n", s); + debug_printf_indent(" E : %s\n", s); } return NULL; @@ -528,7 +528,7 @@ if ( (stage = US"pkey sexp build", gerr = gcry_pk_verify (s_sig, s_hash, s_pkey)) ) { - DEBUG(D_acl) debug_printf("verify: error in stage '%s'\n", stage); + DEBUG(D_acl) debug_printf_indent("verify: error in stage '%s'\n", stage); return US gcry_strerror(gerr); } diff --git a/src/src/queue.c b/src/src/queue.c index e7ae019d2..50e4aaef3 100644 --- a/src/src/queue.c +++ b/src/src/queue.c @@ -12,7 +12,7 @@ -/* Routines with knowlege of spool layout */ +/* Routines with knowledge of spool layout */ #ifndef COMPILE_UTILITY static void @@ -455,7 +455,7 @@ any messages therein), and then repeats for any subdirectories that were found. When the first argument of queue_get_spool_list() is 0, it scans the top directory, fills in subdirs, and sets subcount. The order of the directories is then randomized after the first time through, before they are scanned in -subsqeuent iterations. +subsequent iterations. When the first argument of queue_get_spool_list() is -1 (for queue_run_in_ order), it scans all directories and makes a single message list. */ @@ -606,6 +606,9 @@ for (i = (queue_run_in_order? -1 : 0); /* Recover store used when reading the header */ + received_protocol = NULL; + sender_address = sender_ident = NULL; + authenticated_id = authenticated_sender = NULL; store_reset(reset_point2); if (!wanted) continue; /* With next message */ } @@ -857,19 +860,16 @@ if (option >= 8) option -= 8; /* Now scan the chain and print information, resetting store used each time. */ -reset_point = store_get(0); - -for (; f != NULL; f = f->next) +for (reset_point = store_get(0); f; f = f->next) { int rc, save_errno; int size = 0; BOOL env_read; - store_reset(reset_point); message_size = 0; message_subdir[0] = f->dir_uschar; rc = spool_read_header(f->text, FALSE, count <= 0); - if (rc == spool_read_notopen && errno == ENOENT && count <= 0) continue; + if (rc == spool_read_notopen && errno == ENOENT && count <= 0) goto next; save_errno = errno; env_read = (rc == spool_read_OK || rc == spool_read_hdrerror); @@ -901,8 +901,7 @@ for (; f != NULL; f = f->next) /* Collect delivered addresses from any J file */ fname[ptr] = 'J'; - jread = Ufopen(fname, "rb"); - if (jread != NULL) + if ((jread = Ufopen(fname, "rb"))) { while (Ufgets(big_buffer, big_buffer_size, jread) != NULL) { @@ -917,7 +916,7 @@ for (; f != NULL; f = f->next) fprintf(stdout, "%s ", string_format_size(size, big_buffer)); for (i = 0; i < 16; i++) fputc(f->text[i], stdout); - if (env_read && sender_address != NULL) + if (env_read && sender_address) { printf(" <%s>", sender_address); if (sender_set_untrusted) printf(" (%s)", originator_login); @@ -940,7 +939,7 @@ for (; f != NULL; f = f->next) if (rc != spool_read_hdrerror) { printf("\n\n"); - continue; + goto next; } } @@ -948,7 +947,7 @@ for (; f != NULL; f = f->next) printf("\n"); - if (recipients_list != NULL) + if (recipients_list) { for (i = 0; i < recipients_count; i++) { @@ -957,12 +956,22 @@ for (; f != NULL; f = f->next) if (!delivered || option != 1) printf(" %s %s\n", (delivered != NULL)? "D":" ", recipients_list[i].address); - if (delivered != NULL) delivered->data.val = TRUE; + if (delivered) delivered->data.val = TRUE; } - if (option == 2 && tree_nonrecipients != NULL) + if (option == 2 && tree_nonrecipients) queue_list_extras(tree_nonrecipients); printf("\n"); } + +next: + received_protocol = NULL; + sender_fullhost = sender_helo_name = + sender_rcvhost = sender_host_address = sender_address = sender_ident = NULL; + sender_host_authenticated = authenticated_sender = authenticated_id = NULL; + interface_address = NULL; + acl_var_m = NULL; + + store_reset(reset_point); } } diff --git a/src/src/rda.c b/src/src/rda.c index 5df361e31..995909b09 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -806,22 +806,21 @@ if (read(fd, filtertype, sizeof(int)) != sizeof(int) || /* Read the contents of any syntax error blocks if we have a pointer */ -if (eblockp != NULL) +if (eblockp) { - uschar *s; error_block *e; - error_block **p = eblockp; - for (;;) + error_block **p; + for (p = eblockp; ; p = &e->next) { + uschar *s; if (!rda_read_string(fd, &s)) goto DISASTER; - if (s == NULL) break; + if (!s) break; e = store_get(sizeof(error_block)); e->next = NULL; e->text1 = s; if (!rda_read_string(fd, &s)) goto DISASTER; e->text2 = s; *p = e; - p = &(e->next); } } @@ -841,8 +840,7 @@ if (system_filtering) while (hn < n) { hn++; - h = h->next; - if (h == NULL) goto DISASTER_NO_HEADER; + if (!(h = h->next)) goto DISASTER_NO_HEADER; } h->type = htype_old; } @@ -852,7 +850,7 @@ if (system_filtering) uschar *s; int type; if (!rda_read_string(fd, &s)) goto DISASTER; - if (s == NULL) break; + if (!s) break; if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER; header_add(type, "%s", s); } diff --git a/src/src/readconf.c b/src/src/readconf.c index c5bd41d47..8b685c8fc 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -226,6 +226,7 @@ static optionlist optionlist_config[] = { { "dccifd_address", opt_stringptr, &dccifd_address }, { "dccifd_options", opt_stringptr, &dccifd_options }, #endif + { "debug_store", opt_bool, &debug_store }, { "delay_warning", opt_timelist, &delay_warning }, { "delay_warning_condition", opt_stringptr, &delay_warning_condition }, { "deliver_drop_privilege", opt_bool, &deliver_drop_privilege }, @@ -253,7 +254,7 @@ static optionlist optionlist_config[] = { { "dns_retry", opt_int, &dns_retry }, { "dns_trust_aa", opt_stringptr, &dns_trust_aa }, { "dns_use_edns0", opt_int, &dns_use_edns0 }, - /* This option is now a no-op, retained for compability */ + /* This option is now a no-op, retained for compatibility */ { "drop_cr", opt_bool, &drop_cr }, /*********************************************************/ { "dsn_advertise_hosts", opt_stringptr, &dsn_advertise_hosts }, @@ -852,7 +853,7 @@ due to conflicts with other common macros. */ #ifdef TRANSPORT_APPENDFILE # ifdef SUPPORT_MAILDIR - macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDR", US"y", FALSE, TRUE); + macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDIR", US"y", FALSE, TRUE); # endif # ifdef SUPPORT_MAILSTORE macro_create(US"_HAVE_TRANSPORT_APPEND_MAILSTORE", US"y", FALSE, TRUE); @@ -877,7 +878,7 @@ of the macros list is in reverse-alpha (we prepend them) - so longer macros that have substrings are always discovered first during expansion. */ -for (i = 0; i < nopt; i++) if (*(s = opts[i].name) && *s != '*') +for (i = 0; i < nopt; i++) if (*(s = US opts[i].name) && *s != '*') if (group) macro_create(string_sprintf("_OPT_%T_%T_%T", section, group, s), US"y", FALSE, TRUE); else @@ -1201,7 +1202,7 @@ for (;;) "configuration file %s", ss); config_filename = string_copy(ss); - config_directory = string_copyn(ss, (const uschar*) strrchr(ss, '/') - ss); + config_directory = string_copyn(ss, CUstrrchr(ss, '/') - ss); config_lineno = 0; continue; } @@ -2368,7 +2369,7 @@ switch (type) /* We get a coverity error here for using count, as it derived from the tainted buffer pointed to by s, as parsed by sscanf(). - By the definition of sscanf we must be aceessing between start + By the definition of sscanf we must be accessing between start and end of s (assuming it is nul-terminated...) so ignore the error. */ /* coverity[tainted_data] */ if (s[count] == '.') @@ -3251,12 +3252,9 @@ if (pid == 0) exim_setugid(exim_uid, exim_gid, FALSE, US"calling tls_validate_require_cipher"); - errmsg = tls_validate_require_cipher(); - if (errmsg) - { + if ((errmsg = tls_validate_require_cipher())) log_write(0, LOG_PANIC_DIE|LOG_CONFIG, "tls_require_ciphers invalid: %s", errmsg); - } fflush(NULL); _exit(0); } @@ -3377,28 +3375,28 @@ logging configuration errors (it changes for .included files) whereas config_main_filename is the name shown by -bP. Failure to open a configuration file is a serious disaster. */ -if (config_file != NULL) +if (config_file) { - uschar *slash = Ustrrchr(filename, '/'); + uschar *last_slash = Ustrrchr(filename, '/'); config_filename = config_main_filename = string_copy(filename); - /* the config_main_directory we need for the $config_dir expansion. + /* The config_main_directory we need for the $config_dir expansion. + config_main_filename we need for $config_file expansion. And config_dir is the directory of the current configuration, used for relative .includes. We do need to know it's name, as we change our working directory later. */ if (filename[0] == '/') - config_main_directory = slash > filename ? string_copyn(filename, slash - filename) : US"/"; + config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename); else { /* relative configuration file name: working dir + / + basename(filename) */ - char buf[PATH_MAX]; + uschar buf[PATH_MAX]; int offset = 0; int size = 0; - const uschar *p = Ustrrchr(filename, '/'); - if (getcwd(buf, PATH_MAX) == NULL) + if (os_getcwd(buf, PATH_MAX) == NULL) { perror("exim: getcwd"); exit(EXIT_FAILURE); @@ -3407,11 +3405,13 @@ if (config_file != NULL) /* If the dir does not end with a "/", append one */ if (config_main_directory[offset-1] != '/') - string_cat(config_main_directory, &size, &offset, US"/"); + config_main_directory = string_catn(config_main_directory, &size, &offset, US"/", 1); /* If the config file contains a "/", extract the directory part */ - if (p) - string_catn(config_main_directory, &size, &offset, filename, p - filename); + if (last_slash) + config_main_directory = string_catn(config_main_directory, &size, &offset, filename, last_slash - filename); + + config_main_directory[offset] = '\0'; } config_directory = config_main_directory; } diff --git a/src/src/receive.c b/src/src/receive.c index e53587619..7980c324f 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for receiving a message and setting up spool files. */ @@ -25,6 +25,7 @@ static FILE *data_file = NULL; static int data_fd = -1; static uschar *spool_name = US""; +enum CH_STATE {LF_SEEN, MID_LINE, CR_SEEN}; /************************************************* @@ -37,7 +38,7 @@ the file. (When SMTP input is occurring, different functions are used by changing the pointer variables.) */ int -stdin_getc(void) +stdin_getc(unsigned lim) { return getc(stdin); } @@ -626,7 +627,7 @@ if (!dot_ends) { register int last_ch = '\n'; - for (; (ch = (receive_getc)()) != EOF; last_ch = ch) + for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch) { if (ch == 0) body_zerocount++; if (last_ch == '\r' && ch != '\n') @@ -668,7 +669,7 @@ if (!dot_ends) ch_state = 1; -while ((ch = (receive_getc)()) != EOF) +while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -786,7 +787,7 @@ int ch_state = 0; int ch; int linelength = 0; -while ((ch = (receive_getc)()) != EOF) +while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) { if (ch == 0) body_zerocount++; switch (ch_state) @@ -898,11 +899,15 @@ return END_EOF; /* Variant of the above read_message_data_smtp() specialised for RFC 3030 -CHUNKING. We assume that the incoming has proper CRLF, so only have to scan -for and strip CR. On the downside there are more protocol reasons to stop. +CHUNKING. Accept input lines separated by either CRLF or CR or LF and write +LF-delimited spoolfile. Until we have wireformat spoolfiles, we need the +body_linecount accounting for proper re-expansion for the wire, so use +a cut-down version of the state-machine above; we don't need to do leading-dot +detection and unstuffing. Arguments: - fout a FILE to which to write the message; NULL if skipping + fout a FILE to which to write the message; NULL if skipping; + must be open for both writing and reading. Returns: One of the END_xxx values indicating why it stopped reading */ @@ -910,43 +915,105 @@ Returns: One of the END_xxx values indicating why it stopped reading static int read_message_bdat_smtp(FILE *fout) { -int ch; -int linelength = 0; +int linelength = 0, ch; +enum CH_STATE ch_state = LF_SEEN; +BOOL fix_nl = FALSE; -for (;;) switch (ch = bdat_getc()) +for(;;) { - case EOF: return END_EOF; - case EOD: return END_DOT; - case ERR: return END_PROTOCOL; + switch ((ch = (bdat_getc)(GETC_BUFFER_UNLIMITED))) + { + case EOF: return END_EOF; + case ERR: return END_PROTOCOL; + case EOD: + /* Nothing to get from the sender anymore. We check the last + character written to the spool. + + RFC 3030 states, that BDAT chunks are normal text, terminated by CRLF. + If we would be strict, we would refuse such broken messages. + But we are liberal, so we fix it. It would be easy just to append + the "\n" to the spool. + + But there are some more things (line counting, message size calculation and such), + that would need to be duplicated here. So we simply do some ungetc + trickery. + */ + if (fout) + { + if (fseek(fout, -1, SEEK_CUR) < 0) return END_PROTOCOL; + if (fgetc(fout) == '\n') return END_DOT; + } - case '\r': - body_linecount++; - if (linelength > max_received_linelength) - max_received_linelength = linelength; - linelength = -1; - break; + if (linelength == -1) /* \r already seen (see below) */ + { + DEBUG(D_receive) debug_printf("Add missing LF\n"); + bdat_ungetc('\n'); + continue; + } + DEBUG(D_receive) debug_printf("Add missing CRLF\n"); + bdat_ungetc('\r'); /* not even \r was seen */ + fix_nl = TRUE; - case 0: - body_zerocount++; - /*FALLTHROUGH*/ - default: - message_size++; - linelength++; - if (fout) - { - if (fputc(ch, fout) == EOF) return END_WERROR; - if (message_size > thismessage_size_limit) return END_SIZE; - } -#ifdef notyet - if(ch == '\n') - (void) cutthrough_put_nl(); - else - { - uschar c = ch; - (void) cutthrough_puts(&c, 1); - } -#endif - break; + continue; + case '\0': body_zerocount++; break; + } + switch (ch_state) + { + case LF_SEEN: /* After LF or CRLF */ + ch_state = MID_LINE; + /* fall through to handle as normal uschar. */ + + case MID_LINE: /* Mid-line state */ + if (ch == '\n') + { + ch_state = LF_SEEN; + body_linecount++; + if (linelength > max_received_linelength) + max_received_linelength = linelength; + linelength = -1; + } + else if (ch == '\r') + { + ch_state = CR_SEEN; + if (fix_nl) bdat_ungetc('\n'); + continue; /* don't write CR */ + } + break; + + case CR_SEEN: /* After (unwritten) CR */ + body_linecount++; + if (linelength > max_received_linelength) + max_received_linelength = linelength; + linelength = -1; + if (ch == '\n') + ch_state = LF_SEEN; + else + { + message_size++; + if (fout && fputc('\n', fout) == EOF) return END_WERROR; + (void) cutthrough_put_nl(); + if (ch == '\r') continue; /* don't write CR */ + ch_state = MID_LINE; + } + break; + } + + /* Add the character to the spool file, unless skipping */ + + message_size++; + linelength++; + if (fout) + { + if (fputc(ch, fout) == EOF) return END_WERROR; + if (message_size > thismessage_size_limit) return END_SIZE; + } + if(ch == '\n') + (void) cutthrough_put_nl(); + else + { + uschar c = ch; + (void) cutthrough_puts(&c, 1); + } } /*NOTREACHED*/ } @@ -1083,7 +1150,7 @@ switch(where) if (acl_removed_headers != NULL) { - DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name); + DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers removed by %s ACL:\n", acl_name); for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old) { @@ -1096,15 +1163,15 @@ if (acl_removed_headers != NULL) if (header_testname(h, s, Ustrlen(s), FALSE)) { h->type = htype_old; - DEBUG(D_receive|D_acl) debug_printf(" %s", h->text); + DEBUG(D_receive|D_acl) debug_printf_indent(" %s", h->text); } } acl_removed_headers = NULL; - DEBUG(D_receive|D_acl) debug_printf(">>\n"); + DEBUG(D_receive|D_acl) debug_printf_indent(">>\n"); } if (acl_added_headers == NULL) return; -DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name); +DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers added by %s ACL:\n", acl_name); for (h = acl_added_headers; h != NULL; h = next) { @@ -1115,7 +1182,7 @@ for (h = acl_added_headers; h != NULL; h = next) case htype_add_top: h->next = header_list; header_list = h; - DEBUG(D_receive|D_acl) debug_printf(" (at top)"); + DEBUG(D_receive|D_acl) debug_printf_indent(" (at top)"); break; case htype_add_rec: @@ -1130,7 +1197,7 @@ for (h = acl_added_headers; h != NULL; h = next) } h->next = last_received->next; last_received->next = h; - DEBUG(D_receive|D_acl) debug_printf(" (after Received:)"); + DEBUG(D_receive|D_acl) debug_printf_indent(" (after Received:)"); break; case htype_add_rfc: @@ -1145,7 +1212,7 @@ for (h = acl_added_headers; h != NULL; h = next) of all headers. Our current header must follow it. */ h->next = last_received->next; last_received->next = h; - DEBUG(D_receive|D_acl) debug_printf(" (before any non-Received: or Resent-*: header)"); + DEBUG(D_receive|D_acl) debug_printf_indent(" (before any non-Received: or Resent-*: header)"); break; default: @@ -1165,11 +1232,11 @@ for (h = acl_added_headers; h != NULL; h = next) h->type = header_checkname(h, FALSE); if (h->type >= 'a') h->type = htype_other; - DEBUG(D_receive|D_acl) debug_printf(" %s", header_last->text); + DEBUG(D_receive|D_acl) debug_printf_indent(" %s", header_last->text); } acl_added_headers = NULL; -DEBUG(D_receive|D_acl) debug_printf(">>\n"); +DEBUG(D_receive|D_acl) debug_printf_indent(">>\n"); } @@ -1321,7 +1388,7 @@ if (rc == OK) { (void) string_format(rfc822_file_path, sizeof(rfc822_file_path), "%s/scan/%s/%s", spool_directory, message_id, entry->d_name); - debug_printf("RFC822 attachment detected: running MIME ACL for '%s'\n", + DEBUG(D_receive) debug_printf("RFC822 attachment detected: running MIME ACL for '%s'\n", rfc822_file_path); break; } @@ -1682,7 +1749,7 @@ next->text. */ for (;;) { - int ch = (receive_getc)(); + int ch = (receive_getc)(GETC_BUFFER_UNLIMITED); /* If we hit EOF on a SMTP connection, it's an error, since incoming SMTP must have a correct "." terminator. */ @@ -1761,10 +1828,10 @@ for (;;) if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) { - ch = (receive_getc)(); + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); if (ch == '\r') { - ch = (receive_getc)(); + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); if (ch != '\n') { receive_ungetc(ch); @@ -1795,7 +1862,7 @@ for (;;) if (ch == '\r') { - ch = (receive_getc)(); + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); if (ch == '\n') { if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE; @@ -1890,7 +1957,7 @@ for (;;) if (ch != EOF) { - int nextch = (receive_getc)(); + int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED); if (nextch == ' ' || nextch == '\t') { next->text[ptr++] = nextch; @@ -2084,6 +2151,21 @@ for (;;) } } + /* Reject CHUNKING messages that do not CRLF their first header line */ + + if (!first_line_ended_crlf && chunking_state > CHUNKING_OFFERED) + { + log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: " + "Non-CRLF-terminated header, under CHUNKING: message abandoned", + sender_address, + sender_fullhost ? " H=" : "", sender_fullhost ? sender_fullhost : US"", + sender_ident ? " U=" : "", sender_ident ? sender_ident : US""); + smtp_printf("552 Message header not CRLF terminated\r\n"); + bdat_flush_data(); + smtp_reply = US""; + goto TIDYUP; /* Skip to end of function */ + } + /* The line has been handled. If we have hit EOF, break out of the loop, indicating no pending data line. */ @@ -2108,7 +2190,7 @@ normal case). */ DEBUG(D_receive) { debug_printf(">>Headers received:\n"); - for (h = header_list->next; h != NULL; h = h->next) + for (h = header_list->next; h; h = h->next) debug_printf("%s", h->text); debug_printf("\n"); } @@ -2135,7 +2217,7 @@ if (filter_test != FTEST_NONE && header_list->next == NULL) /* Scan the headers to identify them. Some are merely marked for later processing; some are dealt with here. */ -for (h = header_list->next; h != NULL; h = h->next) +for (h = header_list->next; h; h = h->next) { BOOL is_resent = strncmpic(h->text, US"resent-", 7) == 0; if (is_resent) contains_resent_headers = TRUE; @@ -2351,7 +2433,7 @@ if (extract_recip) /* Now scan the headers */ - for (h = header_list->next; h != NULL; h = h->next) + for (h = header_list->next; h; h = h->next) { if ((h->type == htype_to || h->type == htype_cc || h->type == htype_bcc) && (!contains_resent_headers || strncmpic(h->text, US"resent-", 7) == 0)) @@ -2845,11 +2927,11 @@ We start at the second header, skipping our own Received:. This rewriting is documented as happening *after* recipient addresses are taken from the headers by the -t command line option. An added Sender: gets rewritten here. */ -for (h = header_list->next; h != NULL; h = h->next) +for (h = header_list->next; h; h = h->next) { header_line *newh = rewrite_header(h, NULL, NULL, global_rewrite_rules, rewrite_existflags, TRUE); - if (newh != NULL) h = newh; + if (newh) h = newh; } @@ -3738,7 +3820,7 @@ if (bmi_run == 1) } #endif -/* Update the timstamp in our Received: header to account for any time taken by +/* Update the timestamp in our Received: header to account for any time taken by an ACL or by local_scan(). The new time is the time that all reception processing is complete. */ @@ -3823,7 +3905,7 @@ string as required. Since we commonly want to add two items at a time, use a macro to simplify the coding. We log the arrival of a new message while the file is still locked, just in case the machine is *really* fast, and delivers it first! Include any message id that is in the message - since the syntax of a -message id is actually an addr-spec, we can use the parse routine to canonicize +message id is actually an addr-spec, we can use the parse routine to canonicalize it. */ size = 256; @@ -4024,7 +4106,7 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket && if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0) { - int c = (receive_getc)(); + int c = (receive_getc)(GETC_BUFFER_UNLIMITED); if (c != EOF) (receive_ungetc)(c); else { smtp_notquit_exit(US"connection-lost", NULL, NULL); @@ -4058,7 +4140,7 @@ for this message. */ Send dot onward. If accepted, wipe the spooled files, log as delivered and accept the sender's dot (below). - If rejected: copy response to sender, wipe the spooled files, log approriately. + If rejected: copy response to sender, wipe the spooled files, log appropriately. If temp-reject: normally accept to sender, keep the spooled file - unless defer=pass in which case pass temp-reject back to initiator and dump the files. diff --git a/src/src/route.c b/src/src/route.c index bb220c69b..08b3e055d 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -714,7 +714,7 @@ while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))) pid = fork(); /* If fork() fails, reinstate the original error and behave as if - this block of code were not present. This is the same behavious as happens + this block of code were not present. This is the same behaviour as happens when Exim is not running as root at this point. */ if (pid < 0) @@ -765,7 +765,7 @@ while ((check = string_nextinlist(&listptr, &sep, buffer, sizeof(buffer)))) rc = -1; } - /* Handle error returns from stat() or route_check_access(). The EACESS error + /* Handle error returns from stat() or route_check_access(). The EACCES error is handled specially. At present, we can force it to be treated as non-existence. Write the code so that it will be easy to add forcing for existence if required later. */ @@ -966,7 +966,7 @@ if (r->router_home_directory) } /* Skip if the sender condition is not met. We leave this one till after the -local user check so that $home is set - enabling the possiblity of letting +local user check so that $home is set - enabling the possibility of letting individual recipients specify lists of acceptable/unacceptable senders. */ if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL, @@ -1177,7 +1177,7 @@ NIS or NFS whatever cause an incorrect refusal. It's a pity that getgrnam() doesn't have some kind of indication as to why it has failed. Arguments: - s the group namd or textual form of the numerical gid + s the group name or textual form of the numerical gid return_gid return the gid via this address Returns: TRUE if the group was found; FALSE otherwise @@ -1483,7 +1483,7 @@ for (r = addr->start_router ? addr->start_router : routers; r; r = nextr) by this router, even if it was different to the current address. Just in case someone does put it into a loop (possible with redirection - continally adding to an address, for example), put a long stop counter on + continually adding to an address, for example), put a long stop counter on the number of parents. */ for (parent = addr->parent; parent; parent = parent->parent) diff --git a/src/src/routers/README b/src/src/routers/README index f2a73c83c..a674e8b47 100644 --- a/src/src/routers/README +++ b/src/src/routers/README @@ -23,7 +23,7 @@ The yield of a router is one of: DISCARD the address was discarded (:blackhole: or "seen finish") - FAIL the address was not routed; do not pass to any subseqent + FAIL the address was not routed; do not pass to any subsequent routers, i.e. cause routing to fail. DEFER retry this address later. diff --git a/src/src/routers/dnslookup.c b/src/src/routers/dnslookup.c index d2be40e0f..e4f7a2539 100644 --- a/src/src/routers/dnslookup.c +++ b/src/src/routers/dnslookup.c @@ -291,6 +291,11 @@ for (;;) /* Deferral returns forthwith, and anything other than failure breaks the loop. */ + if (rc == HOST_FIND_SECURITY) + { + addr->message = US"host lookup done insecurely"; + return DEFER; + } if (rc == HOST_FIND_AGAIN) { if (rblock->pass_on_timeout) diff --git a/src/src/routers/iplookup.c b/src/src/routers/iplookup.c index e6a35a7f3..96e9626df 100644 --- a/src/src/routers/iplookup.c +++ b/src/src/routers/iplookup.c @@ -382,9 +382,9 @@ new_addr->parent = addr; copyflag(new_addr, addr, af_propagate); new_addr->prop = addr->prop; -if (addr->child_count == SHRT_MAX) +if (addr->child_count == USHRT_MAX) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " - "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address); + "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address); addr->child_count++; new_addr->next = *addr_new; *addr_new = new_addr; diff --git a/src/src/routers/queryprogram.c b/src/src/routers/queryprogram.c index bfcaefcfd..cd02f366f 100644 --- a/src/src/routers/queryprogram.c +++ b/src/src/routers/queryprogram.c @@ -120,9 +120,9 @@ while (generated != NULL) next->next = *addr_new; *addr_new = next; - if (addr->child_count == SHRT_MAX) + if (addr->child_count == USHRT_MAX) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " - "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address); + "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address); addr->child_count++; DEBUG(D_route) diff --git a/src/src/routers/redirect.c b/src/src/routers/redirect.c index 8aad1d4ab..29537baae 100644 --- a/src/src/routers/redirect.c +++ b/src/src/routers/redirect.c @@ -335,9 +335,9 @@ while (generated) next->parent = addr; orflag(next, addr, af_ignore_error); next->start_router = rblock->redirect_router; - if (addr->child_count == SHRT_MAX) + if (addr->child_count == USHRT_MAX) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " - "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address); + "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address); addr->child_count++; next->next = *addr_new; diff --git a/src/src/routers/rf_change_domain.c b/src/src/routers/rf_change_domain.c index 8986925c1..219e283cc 100644 --- a/src/src/routers/rf_change_domain.c +++ b/src/src/routers/rf_change_domain.c @@ -57,6 +57,7 @@ addr->prop = parent->prop; addr->address = address; addr->unique = string_copy(address); addr->parent = parent; +parent->child_count = 1; addr->next = *addr_new; *addr_new = addr; diff --git a/src/src/routers/rf_lookup_hostlist.c b/src/src/routers/rf_lookup_hostlist.c index 78eda22fb..c826857a7 100644 --- a/src/src/routers/rf_lookup_hostlist.c +++ b/src/src/routers/rf_lookup_hostlist.c @@ -146,6 +146,12 @@ for (prev = NULL, h = addr->host_list; h; h = next_h) /* Temporary failure defers, unless pass_on_timeout is set */ + if (rc == HOST_FIND_SECURITY) + { + addr->message = string_sprintf("host lookup for %s done insecurely" , h->name); + addr->basic_errno = ERRNO_DNSDEFER; + return DEFER; + } if (rc == HOST_FIND_AGAIN) { if (rblock->pass_on_timeout) diff --git a/src/src/search.c b/src/src/search.c index ccad25021..b1dc884c9 100644 --- a/src/src/search.c +++ b/src/src/search.c @@ -757,7 +757,7 @@ else if (partial >= 0) } /* If nothing has been matched, but the option to look for "*@" is set, try -replacing everthing to the left of @ by *. After a match, the wild part +replacing everything to the left of @ by *. After a match, the wild part is set to the string to the left of the @. */ if (yield == NULL && (starflags & SEARCH_STARAT) != 0) diff --git a/src/src/sieve.c b/src/src/sieve.c index 19bc5337b..96344c416 100644 --- a/src/src/sieve.c +++ b/src/src/sieve.c @@ -3104,7 +3104,7 @@ while (*filter->pc) message.character=US"Notification"; message.length=Ustrlen(message.character); } - /* Allocation is larger than neccessary, but enough even for split MIME words */ + /* Allocation is larger than necessary, but enough even for split MIME words */ buffer_capacity=32+4*message.length; buffer=store_get(buffer_capacity); if (message.length!=-1) fprintf(f,"Subject: %s\n",parse_quote_2047(message.character, message.length, US"utf-8", buffer, buffer_capacity, TRUE)); @@ -3356,7 +3356,7 @@ while (*filter->pc) addr->reply->from = expand_string(US"$local_part@$domain"); else addr->reply->from = from.character; - /* Allocation is larger than neccessary, but enough even for split MIME words */ + /* Allocation is larger than necessary, but enough even for split MIME words */ buffer_capacity=32+4*subject.length; buffer=store_get(buffer_capacity); /* deconst cast safe as we pass in a non-const item */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 148486161..f0885b3a1 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions for handling an incoming SMTP call. */ @@ -44,11 +44,11 @@ The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and we need room to handle large base64-encoded AUTHs for GSSAPI. */ -#define smtp_cmd_buffer_size 16384 +#define SMTP_CMD_BUFFER_SIZE 16384 /* Size of buffer for reading SMTP incoming packets */ -#define in_buffer_size 8192 +#define IN_BUFFER_SIZE 8192 /* Structure for SMTP command list */ @@ -82,19 +82,23 @@ enum { MAIL_CMD, RCPT_CMD, RSET_CMD, + /* This is a dummy to identify the non-sync commands when not pipelining */ + + NON_SYNC_CMD_NON_PIPELINING, + /* RFC3030 section 2: "After all MAIL and RCPT responses are collected and processed the message is sent using a series of BDAT commands" implies that BDAT should be synchronized. However, we see Google, at least, sending MAIL,RCPT,BDAT-LAST in a single packet, clearly not waiting for - processing of the RPCT response(s). We shall do the same, and not require - synch for BDAT. */ + processing of the RCPT response(s). We shall do the same, and not require + synch for BDAT. Worse, as the chunk may (very likely will) follow the + command-header in the same packet we cannot do the usual "is there any + follow-on data after the command line" even for non-pipeline mode. + So we'll need an explicit check after reading the expected chunk amount + when non-pipe, before sending the ACK. */ BDAT_CMD, - /* This is a dummy to identify the non-sync commands when not pipelining */ - - NON_SYNC_CMD_NON_PIPELINING, - /* I have been unable to find a statement about the use of pipelining with AUTH, so to be on the safe side it is here, though I kind of feel it should be up there with the synchronized commands. */ @@ -300,12 +304,102 @@ static int smtp_had_error; /* forward declarations */ -int bdat_ungetc(int ch); -static int smtp_read_command(BOOL check_sync); +static int smtp_read_command(BOOL check_sync, unsigned buffer_lim); static int synprot_error(int type, int code, uschar *data, uschar *errmess); static void smtp_quit_handler(uschar **, uschar **); static void smtp_rset_handler(void); +/************************************************* +* Recheck synchronization * +*************************************************/ + +/* Synchronization checks can never be perfect because a packet may be on its +way but not arrived when the check is done. Such checks can in any case only be +done when TLS is not in use. Normally, the checks happen when commands are +read: Exim ensures that there is no more input in the input buffer. In normal +cases, the response to the command will be fast, and there is no further check. + +However, for some commands an ACL is run, and that can include delays. In those +cases, it is useful to do another check on the input just before sending the +response. This also applies at the start of a connection. This function does +that check by means of the select() function, as long as the facility is not +disabled or inappropriate. A failure of select() is ignored. + +When there is unwanted input, we read it so that it appears in the log of the +error. + +Arguments: none +Returns: TRUE if all is well; FALSE if there is input pending +*/ + +static BOOL +check_sync(void) +{ +int fd, rc; +fd_set fds; +struct timeval tzero; + +if (!smtp_enforce_sync || sender_host_address == NULL || + sender_host_notsocket || tls_in.active >= 0) + return TRUE; + +fd = fileno(smtp_in); +FD_ZERO(&fds); +FD_SET(fd, &fds); +tzero.tv_sec = 0; +tzero.tv_usec = 0; +rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); + +if (rc <= 0) return TRUE; /* Not ready to read */ +rc = smtp_getc(GETC_BUFFER_UNLIMITED); +if (rc < 0) return TRUE; /* End of file or error */ + +smtp_ungetc(rc); +rc = smtp_inend - smtp_inptr; +if (rc > 150) rc = 150; +smtp_inptr[rc] = 0; +return FALSE; +} + + + +/************************************************* +* Log incomplete transactions * +*************************************************/ + +/* This function is called after a transaction has been aborted by RSET, QUIT, +connection drops or other errors. It logs the envelope information received +so far in order to preserve address verification attempts. + +Argument: string to indicate what aborted the transaction +Returns: nothing +*/ + +static void +incomplete_transaction_log(uschar *what) +{ +if (sender_address == NULL || /* No transaction in progress */ + !LOGGING(smtp_incomplete_transaction)) + return; + +/* Build list of recipients for logging */ + +if (recipients_count > 0) + { + int i; + raw_recipients = store_get(recipients_count * sizeof(uschar *)); + for (i = 0; i < recipients_count; i++) + raw_recipients[i] = recipients_list[i].address; + raw_recipients_count = recipients_count; + } + +log_write(L_smtp_incomplete_transaction, LOG_MAIN|LOG_SENDER|LOG_RECIPIENTS, + "%s incomplete transaction (%s)", host_and_ident(TRUE), what); +} + + + + /************************************************* * SMTP version of getc() * *************************************************/ @@ -313,14 +407,14 @@ static void smtp_rset_handler(void); /* This gets the next byte from the SMTP input buffer. If the buffer is empty, it flushes the output, and refills the buffer, with a timeout. The signal handler is set appropriately by the calling function. This function is not used -after a connection has negotated itself into an TLS/SSL state. +after a connection has negotiated itself into an TLS/SSL state. -Arguments: none +Arguments: lim Maximum amount to read/buffer Returns: the next character or EOF */ int -smtp_getc(void) +smtp_getc(unsigned lim) { if (smtp_inptr >= smtp_inend) { @@ -328,7 +422,10 @@ if (smtp_inptr >= smtp_inend) if (!smtp_out) return EOF; fflush(smtp_out); if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); - rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size); + + /* Limit amount read, so non-message data is not fed to DKIM */ + + rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE, lim)); save_errno = errno; alarm(0); if (rc <= 0) @@ -376,23 +473,47 @@ to handle the BDAT command/response. Placed here due to the correlation with the above smtp_getc(), which it wraps, and also by the need to do smtp command/response handling. -Arguments: none +Arguments: lim (ignored) Returns: the next character or ERR, EOD or EOF */ int -bdat_getc(void) +bdat_getc(unsigned lim) { uschar * user_msg = NULL; uschar * log_msg; for(;;) { - if (chunking_data_left-- > 0) - return lwr_receive_getc(); +#ifndef DISABLE_DKIM + BOOL dkim_save; +#endif + + if (chunking_data_left > 0) + return lwr_receive_getc(chunking_data_left--); receive_getc = lwr_receive_getc; receive_ungetc = lwr_receive_ungetc; +#ifndef DISABLE_DKIM + dkim_save = dkim_collect_input; + dkim_collect_input = FALSE; +#endif + + /* Unless PIPELINING was offered, there should be no next command + until after we ack that chunk */ + + if (!pipelining_advertised && !check_sync()) + { + incomplete_transaction_log(US"sync failure"); + log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error " + "(next input sent too soon: pipelining was not advertised): " + "rejected \"%s\" %s next input=\"%s\"", + smtp_cmd_buffer, host_and_ident(TRUE), + string_printing(smtp_inptr)); + (void) synprot_error(L_smtp_protocol_error, 554, NULL, + US"SMTP synchronization error"); + goto repeat_until_rset; + } /* If not the last, ack the received chunk. The last response is delayed until after the data ACL decides on it */ @@ -405,21 +526,22 @@ for(;;) return EOD; } - chunking_state = CHUNKING_OFFERED; smtp_printf("250 %u byte chunk received\r\n", chunking_datasize); + chunking_state = CHUNKING_OFFERED; + DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state); /* Expect another BDAT cmd from input. RFC 3030 says nothing about QUIT, RSET or NOOP but handling them seems obvious */ next_cmd: - switch(smtp_read_command(TRUE)) + switch(smtp_read_command(TRUE, 1)) { default: (void) synprot_error(L_smtp_protocol_error, 503, NULL, US"only BDAT permissible after non-LAST BDAT"); repeat_until_rset: - switch(smtp_read_command(TRUE)) + switch(smtp_read_command(TRUE, 1)) { case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */ case EOF_CMD: return EOF; @@ -458,6 +580,8 @@ next_cmd: chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 ? CHUNKING_LAST : CHUNKING_ACTIVE; chunking_data_left = chunking_datasize; + DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", + (int)chunking_state, chunking_data_left); if (chunking_datasize == 0) if (chunking_state == CHUNKING_LAST) @@ -471,24 +595,30 @@ next_cmd: receive_getc = bdat_getc; receive_ungetc = bdat_ungetc; +#ifndef DISABLE_DKIM + dkim_collect_input = dkim_save; +#endif break; /* to top of main loop */ } } } } -static void +void bdat_flush_data(void) { -while (chunking_data_left-- > 0) - if (lwr_receive_getc() < 0) +while (chunking_data_left > 0) + if (lwr_receive_getc(chunking_data_left--) < 0) break; receive_getc = lwr_receive_getc; receive_ungetc = lwr_receive_ungetc; if (chunking_state != CHUNKING_LAST) + { chunking_state = CHUNKING_OFFERED; + DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state); + } } @@ -771,7 +901,8 @@ if (get_ok == 0) * Check if host is required proxy host * *************************************************/ /* The function determines if inbound host will be a regular smtp host -or if it is configured that it must use Proxy Protocol. +or if it is configured that it must use Proxy Protocol. A local +connection cannot. Arguments: none Returns: bool @@ -781,12 +912,10 @@ static BOOL check_proxy_protocol_host() { int rc; -/* Cannot configure local connection as a proxy inbound */ -if (sender_host_address == NULL) return proxy_session; -rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL, - sender_host_address, NULL); -if (rc == OK) +if ( sender_host_address + && (rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL, + sender_host_address, NULL)) == OK) { DEBUG(D_receive) debug_printf("Detected proxy protocol configured host\n"); @@ -796,6 +925,71 @@ return proxy_session; } +/************************************************* +* Read data until newline or end of buffer * +*************************************************/ +/* While SMTP is server-speaks-first, TLS is client-speaks-first, so we can't +read an entire buffer and assume there will be nothing past a proxy protocol +header. Our approach normally is to use stdio, but again that relies upon +"STARTTLS\r\n" and a server response before the client starts TLS handshake, or +reading _nothing_ before client TLS handshake. So we don't want to use the +usual buffering reads which may read enough to block TLS starting. + +So unfortunately we're down to "read one byte at a time, with a syscall each, +and expect a little overhead", for all proxy-opened connections which are v1, +just to handle the TLS-on-connect case. Since SSL functions wrap the +underlying fd, we can't assume that we can feed them any already-read content. + +We need to know where to read to, the max capacity, and we'll read until we +get a CR and one more character. Let the caller scream if it's CR+!LF. + +Return the amount read. +*/ + +static int +swallow_until_crlf(int fd, uschar *base, int already, int capacity) +{ +uschar *to = base + already; +uschar *cr; +int have = 0; +int ret; +int last = 0; + +/* For "PROXY UNKNOWN\r\n" we, at time of writing, expect to have read +up through the \r; for the _normal_ case, we haven't yet seen the \r. */ + +cr = memchr(base, '\r', already); +if (cr != NULL) + { + if ((cr - base) < already - 1) + { + /* \r and presumed \n already within what we have; probably not + actually proxy protocol, but abort cleanly. */ + return 0; + } + /* \r is last character read, just need one more. */ + last = 1; + } + +while (capacity > 0) + { + do { ret = recv(fd, to, 1, 0); } while (ret == -1 && errno == EINTR); + if (ret == -1) + return -1; + have++; + if (last) + return have; + if (*to == '\r') + last = 1; + capacity--; + to++; + } + +/* reached end without having room for a final newline, abort */ +errno = EOVERFLOW; +return -1; +} + /************************************************* * Setup host for proxy protocol * *************************************************/ @@ -808,7 +1002,7 @@ Arguments: none Returns: Boolean success */ -static BOOL +static void setup_proxy_protocol_host() { union { @@ -848,14 +1042,45 @@ struct sockaddr_in tmpaddr; char tmpip6[INET6_ADDRSTRLEN]; struct sockaddr_in6 tmpaddr6; +/* We can't read "all data until end" because while SMTP is +server-speaks-first, the TLS handshake is client-speaks-first, so for +TLS-on-connect ports the proxy protocol header will usually be immediately +followed by a TLS handshake, and with N TLS libraries, we can't reliably +reinject data for reading by those. So instead we first read "enough to be +safely read within the header, and figure out how much more to read". +For v1 we will later read to the end-of-line, for v2 we will read based upon +the stated length. + +The v2 sig is 12 octets, and another 4 gets us the length, so we know how much +data is needed total. For v1, where the line looks like: +PROXY TCPn L3src L3dest SrcPort DestPort \r\n + +However, for v1 there's also `PROXY UNKNOWN\r\n` which is only 15 octets. +We seem to support that. So, if we read 14 octets then we can tell if we're +v2 or v1. If we're v1, we can continue reading as normal. + +If we're v2, we can't slurp up the entire header. We need the length in the +15th & 16th octets, then to read everything after that. + +So to safely handle v1 and v2, with client-sent-first supported correctly, +we have to do a minimum of 3 read calls, not 1. Eww. +*/ + +#define PROXY_INITIAL_READ 14 +#define PROXY_V2_HEADER_SIZE 16 +#if PROXY_INITIAL_READ > PROXY_V2_HEADER_SIZE +# error Code bug in sizes of data to read for proxy usage +#endif + int get_ok = 0; int size, ret; int fd = fileno(smtp_in); const char v2sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A"; -uschar *iptype; /* To display debug info */ +uschar * iptype; /* To display debug info */ struct timeval tv; struct timeval tvtmp; socklen_t vslen = sizeof(struct timeval); +BOOL yield = FALSE; /* Save current socket timeout values */ get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tvtmp, &vslen); @@ -865,45 +1090,85 @@ get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tvtmp, &vslen); tv.tv_sec = PROXY_NEGOTIATION_TIMEOUT_SEC; tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC; if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tv, sizeof(tv)) < 0) - return FALSE; + goto bad; do { /* The inbound host was declared to be a Proxy Protocol host, so - don't do a PEEK into the data, actually slurp it up. */ - ret = recv(fd, &hdr, sizeof(hdr), 0); + don't do a PEEK into the data, actually slurp up enough to be + "safe". Can't take it all because TLS-on-connect clients follow + immediately with TLS handshake. */ + ret = recv(fd, &hdr, PROXY_INITIAL_READ, 0); } while (ret == -1 && errno == EINTR); if (ret == -1) goto proxyfail; -if (ret >= 16 && - memcmp(&hdr.v2, v2sig, 12) == 0) +/* For v2, handle reading the length, and then the rest. */ +if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0)) { - uint8_t ver, cmd; + int retmore; + uint8_t ver; + + /* First get the length fields. */ + do + { + retmore = recv(fd, (uschar*)&hdr + ret, PROXY_V2_HEADER_SIZE - PROXY_INITIAL_READ, 0); + } while (retmore == -1 && errno == EINTR); + if (retmore == -1) + goto proxyfail; + ret += retmore; - /* May 2014: haproxy combined the version and command into one byte to - allow two full bytes for the length field in order to proxy SSL - connections. SSL Proxy is not supported in this version of Exim, but - must still seperate values here. */ ver = (hdr.v2.ver_cmd & 0xf0) >> 4; - cmd = (hdr.v2.ver_cmd & 0x0f); + + /* May 2014: haproxy combined the version and command into one byte to + allow two full bytes for the length field in order to proxy SSL + connections. SSL Proxy is not supported in this version of Exim, but + must still separate values here. */ if (ver != 0x02) { DEBUG(D_receive) debug_printf("Invalid Proxy Protocol version: %d\n", ver); goto proxyfail; } - DEBUG(D_receive) debug_printf("Detected PROXYv2 header\n"); + /* The v2 header will always be 16 bytes per the spec. */ - size = 16 + hdr.v2.len; - if (ret < size) + size = 16 + ntohs(hdr.v2.len); + DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n", + size, (int)sizeof(hdr)); + + /* We should now have 16 octets (PROXY_V2_HEADER_SIZE), and we know the total + amount that we need. Double-check that the size is not unreasonable, then + get the rest. */ + if (size > sizeof(hdr)) { - DEBUG(D_receive) debug_printf("Truncated or too large PROXYv2 header (%d/%d)\n", - ret, size); + DEBUG(D_receive) debug_printf("PROXYv2 header size unreasonably large; security attack?\n"); goto proxyfail; } + + do + { + do + { + retmore = recv(fd, (uschar*)&hdr + ret, size-ret, 0); + } while (retmore == -1 && errno == EINTR); + if (retmore == -1) + goto proxyfail; + ret += retmore; + DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size); + } while (ret < size); + + } /* end scope for getting rest of data for v2 */ + +/* At this point: if PROXYv2, we've read the exact size required for all data; +if PROXYv1 then we've read "less than required for any valid line" and should +read the rest". */ + +if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0) + { + uint8_t cmd = (hdr.v2.ver_cmd & 0x0f); + switch (cmd) { case 0x01: /* PROXY command */ @@ -912,8 +1177,8 @@ if (ret >= 16 && case 0x11: /* TCPv4 address type */ iptype = US"IPv4"; tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr; - inet_ntop(AF_INET, &(tmpaddr.sin_addr), (char *)&tmpip, sizeof(tmpip)); - if (!string_is_ip_address(US tmpip,NULL)) + inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip)); + if (!string_is_ip_address(US tmpip, NULL)) { DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); goto proxyfail; @@ -925,8 +1190,8 @@ if (ret >= 16 && sender_host_port = tmpport; /* Save dest ip/port */ tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.dst_addr; - inet_ntop(AF_INET, &(tmpaddr.sin_addr), (char *)&tmpip, sizeof(tmpip)); - if (!string_is_ip_address(US tmpip,NULL)) + inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip)); + if (!string_is_ip_address(US tmpip, NULL)) { DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); goto proxyfail; @@ -938,8 +1203,8 @@ if (ret >= 16 && case 0x21: /* TCPv6 address type */ iptype = US"IPv6"; memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16); - inet_ntop(AF_INET6, &(tmpaddr6.sin6_addr), (char *)&tmpip6, sizeof(tmpip6)); - if (!string_is_ip_address(US tmpip6,NULL)) + inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6)); + if (!string_is_ip_address(US tmpip6, NULL)) { DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype); goto proxyfail; @@ -951,8 +1216,8 @@ if (ret >= 16 && sender_host_port = tmpport; /* Save dest ip/port */ memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.dst_addr, 16); - inet_ntop(AF_INET6, &(tmpaddr6.sin6_addr), (char *)&tmpip6, sizeof(tmpip6)); - if (!string_is_ip_address(US tmpip6,NULL)) + inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6)); + if (!string_is_ip_address(US tmpip6, NULL)) { DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype); goto proxyfail; @@ -971,6 +1236,7 @@ if (ret >= 16 && break; case 0x00: /* LOCAL command */ /* Keep local connection address for LOCAL */ + iptype = US"local"; break; default: DEBUG(D_receive) @@ -978,25 +1244,35 @@ if (ret >= 16 && goto proxyfail; } } -else if (ret >= 8 && - memcmp(hdr.v1.line, "PROXY", 5) == 0) +else if (ret >= 8 && memcmp(hdr.v1.line, "PROXY", 5) == 0) { - uschar *p = string_copy(hdr.v1.line); - uschar *end = memchr(p, '\r', ret - 1); + uschar *p; + uschar *end; uschar *sp; /* Utility variables follow */ int tmp_port; + int r2; char *endc; - if (!end || end[1] != '\n') + /* get the rest of the line */ + r2 = swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret); + if (r2 == -1) + goto proxyfail; + ret += r2; + + p = string_copy(hdr.v1.line); + end = memchr(p, '\r', ret - 1); + + if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n') { DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n"); goto proxyfail; } *end = '\0'; /* Terminate the string */ - size = end + 2 - hdr.v1.line; /* Skip header + CRLF */ + size = end + 2 - p; /* Skip header + CRLF */ DEBUG(D_receive) debug_printf("Detected PROXYv1 header\n"); + DEBUG(D_receive) debug_printf("Bytes read not within PROXY header: %d\n", ret - size); /* Step through the string looking for the required fields. Ensure - strict adherance to required formatting, exit for any error. */ + strict adherence to required formatting, exit for any error. */ p += 5; if (!isspace(*(p++))) { @@ -1032,7 +1308,7 @@ else if (ret >= 8 && goto proxyfail; } *sp = '\0'; - if(!string_is_ip_address(p,NULL)) + if(!string_is_ip_address(p, NULL)) { DEBUG(D_receive) debug_printf("Proxied src arg is not an %s address\n", iptype); @@ -1048,7 +1324,7 @@ else if (ret >= 8 && goto proxyfail; } *sp = '\0'; - if(!string_is_ip_address(p,NULL)) + if(!string_is_ip_address(p, NULL)) { DEBUG(D_receive) debug_printf("Proxy dest arg is not an %s address\n", iptype); @@ -1062,7 +1338,7 @@ else if (ret >= 8 && goto proxyfail; } *sp = '\0'; - tmp_port = strtol(CCS p,&endc,10); + tmp_port = strtol(CCS p, &endc, 10); if (*endc || tmp_port == 0) { DEBUG(D_receive) @@ -1077,7 +1353,7 @@ else if (ret >= 8 && DEBUG(D_receive) debug_printf("Did not find proxy dest port\n"); goto proxyfail; } - tmp_port = strtol(CCS p,&endc,10); + tmp_port = strtol(CCS p, &endc, 10); if (*endc || tmp_port == 0) { DEBUG(D_receive) @@ -1086,26 +1362,41 @@ else if (ret >= 8 && } proxy_external_port = tmp_port; /* Already checked for /r /n above. Good V1 header received. */ - goto done; } else { /* Wrong protocol */ DEBUG(D_receive) debug_printf("Invalid proxy protocol version negotiation\n"); + (void) swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret); goto proxyfail; } +done: + DEBUG(D_receive) + debug_printf("Valid %s sender from Proxy Protocol header\n", iptype); + yield = proxy_session; + +/* Don't flush any potential buffer contents. Any input on proxyfail +should cause a synchronization failure */ + proxyfail: -restore_socket_timeout(fd, get_ok, &tvtmp, vslen); -/* Don't flush any potential buffer contents. Any input should cause a - synchronization failure */ -return FALSE; + restore_socket_timeout(fd, get_ok, &tvtmp, vslen); -done: -restore_socket_timeout(fd, get_ok, &tvtmp, vslen); -DEBUG(D_receive) - debug_printf("Valid %s sender from Proxy Protocol header\n", iptype); -return proxy_session; +bad: + if (yield) + { + sender_host_name = NULL; + (void) host_name_lookup(); + host_build_sender_fullhost(); + } + else + { + proxy_session_failed = TRUE; + DEBUG(D_receive) + debug_printf("Failure to extract proxied host, only QUIT allowed\n"); + } + +return; } #endif @@ -1126,13 +1417,14 @@ signal handler that closes down the session on a timeout. Control does not return when it runs. Arguments: - check_sync if TRUE, check synchronization rules if global option is TRUE + check_sync if TRUE, check synchronization rules if global option is TRUE + buffer_lim maximum to buffer in lower layer Returns: a code identifying the command (enumerated above) */ static int -smtp_read_command(BOOL check_sync) +smtp_read_command(BOOL check_sync, unsigned buffer_lim) { int c; int ptr = 0; @@ -1141,9 +1433,9 @@ BOOL hadnull = FALSE; os_non_restarting_signal(SIGALRM, command_timeout_handler); -while ((c = (receive_getc)()) != '\n' && c != EOF) +while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF) { - if (ptr >= smtp_cmd_buffer_size) + if (ptr >= SMTP_CMD_BUFFER_SIZE) { os_non_restarting_signal(SIGALRM, sigalrm_handler); return OTHER_CMD; @@ -1182,14 +1474,11 @@ if required. */ for (p = cmd_list; p < cmd_list_end; p++) { - #ifdef SUPPORT_PROXY +#ifdef SUPPORT_PROXY /* Only allow QUIT command if Proxy Protocol parsing failed */ - if (proxy_session && proxy_session_failed) - { - if (p->cmd != QUIT_CMD) - continue; - } - #endif + if (proxy_session && proxy_session_failed && p->cmd != QUIT_CMD) + continue; +#endif if ( p->len && strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0 && ( smtp_cmd_buffer[p->len-1] == ':' /* "mail from:" or "rcpt to:" */ @@ -1259,60 +1548,6 @@ return OTHER_CMD; -/************************************************* -* Recheck synchronization * -*************************************************/ - -/* Synchronization checks can never be perfect because a packet may be on its -way but not arrived when the check is done. Such checks can in any case only be -done when TLS is not in use. Normally, the checks happen when commands are -read: Exim ensures that there is no more input in the input buffer. In normal -cases, the response to the command will be fast, and there is no further check. - -However, for some commands an ACL is run, and that can include delays. In those -cases, it is useful to do another check on the input just before sending the -response. This also applies at the start of a connection. This function does -that check by means of the select() function, as long as the facility is not -disabled or inappropriate. A failure of select() is ignored. - -When there is unwanted input, we read it so that it appears in the log of the -error. - -Arguments: none -Returns: TRUE if all is well; FALSE if there is input pending -*/ - -static BOOL -check_sync(void) -{ -int fd, rc; -fd_set fds; -struct timeval tzero; - -if (!smtp_enforce_sync || sender_host_address == NULL || - sender_host_notsocket || tls_in.active >= 0) - return TRUE; - -fd = fileno(smtp_in); -FD_ZERO(&fds); -FD_SET(fd, &fds); -tzero.tv_sec = 0; -tzero.tv_usec = 0; -rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); - -if (rc <= 0) return TRUE; /* Not ready to read */ -rc = smtp_getc(); -if (rc < 0) return TRUE; /* End of file or error */ - -smtp_ungetc(rc); -rc = smtp_inend - smtp_inptr; -if (rc > 150) rc = 150; -smtp_inptr[rc] = 0; -return FALSE; -} - - - /************************************************* * Forced closedown of call * *************************************************/ @@ -1337,7 +1572,7 @@ if (smtp_in == NULL || smtp_batched_input) return; receive_swallow_smtp(); smtp_printf("421 %s\r\n", message); -for (;;) switch(smtp_read_command(FALSE)) +for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) { case EOF_CMD: return; @@ -1503,7 +1738,7 @@ log_write(0, LOG_MAIN, "no MAIL in SMTP connection from %s D=%s%s", /* Check the format of a HELO line. The data for HELO/EHLO is supposed to be the domain name of the sending host, or an ip literal in square brackets. The -arrgument is placed in sender_helo_name, which is in malloc store, because it +argument is placed in sender_helo_name, which is in malloc store, because it must persist over multiple incoming messages. If helo_accept_junk is set, this host is permitted to send any old junk (needed for some broken hosts). Otherwise, helo_allow_chars can be used for rogue characters in general @@ -1604,7 +1839,13 @@ uschar *n; uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1; while (isspace(*v)) v--; v[1] = 0; -while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) v--; +while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) + { + /* Take care to not stop at a space embedded in a quoted local-part */ + + if (*v == '"') do v--; while (*v != '"' && v > smtp_cmd_data+1); + v--; + } n = v; if (*v == '=') @@ -1643,7 +1884,6 @@ Returns: nothing static void smtp_reset(void *reset_point) { -store_reset(reset_point); recipients_list = NULL; rcpt_count = rcpt_defer_count = rcpt_fail_count = raw_recipients_count = recipients_count = recipients_list_max = 0; @@ -1666,7 +1906,12 @@ submission_mode = FALSE; /* Can be set by ACL */ suppress_local_fixups = suppress_local_fixups_default; /* Can be set by ACL */ active_local_from_check = local_from_check; /* Can be set by ACL */ active_local_sender_retain = local_sender_retain; /* Can be set by ACL */ -sender_address = NULL; +sending_ip_address = NULL; +return_path = sender_address = NULL; +sender_data = NULL; /* Can be set by ACL */ +deliver_localpart_orig = NULL; +deliver_domain_orig = NULL; +callout_address = NULL; submission_name = NULL; /* Can be set by ACL */ raw_sender = NULL; /* After SMTP rewrite, before qualifying */ sender_address_unrewritten = NULL; /* Set only after verify rewrite */ @@ -1679,6 +1924,7 @@ authenticated_sender = NULL; bmi_run = 0; bmi_verdicts = NULL; #endif +dnslist_domain = dnslist_matched = NULL; #ifndef DISABLE_DKIM dkim_signers = NULL; dkim_disable_verify = FALSE; @@ -1686,6 +1932,7 @@ dkim_collect_input = FALSE; #endif dsn_ret = 0; dsn_envid = NULL; +deliver_host = deliver_host_address = NULL; /* Can be set by ACL */ #ifndef DISABLE_PRDR prdr_requested = FALSE; #endif @@ -1712,13 +1959,13 @@ acl_var_m = NULL; not the first message in an SMTP session and the previous message caused them to be referenced in an ACL. */ -if (message_body != NULL) +if (message_body) { store_free(message_body); message_body = NULL; } -if (message_body_end != NULL) +if (message_body_end) { store_free(message_body_end); message_body_end = NULL; @@ -1728,12 +1975,13 @@ if (message_body_end != NULL) repetition in the same message, but it seems right to repeat them for different messages. */ -while (acl_warn_logged != NULL) +while (acl_warn_logged) { string_item *this = acl_warn_logged; acl_warn_logged = acl_warn_logged->next; store_free(this); } +store_reset(reset_point); } @@ -1781,7 +2029,7 @@ while (done <= 0) uschar *recipient = NULL; int start, end, sender_domain, recipient_domain; - switch(smtp_read_command(FALSE)) + switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) { /* The HELO/EHLO commands set sender_address_helo if they have valid data; otherwise they are ignored, except that they do @@ -1976,6 +2224,19 @@ return done - 2; /* Convert yield values */ +static BOOL +smtp_log_tls_fail(uschar * errstr) +{ +uschar * conn_info = smtp_get_connection_info(); + +if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5; +/* I'd like to get separated H= here, but too hard for now */ + +log_write(0, LOG_MAIN, "TLS error on %s %s", conn_info, errstr); +return FALSE; +} + + /************************************************* * Start an SMTP session * *************************************************/ @@ -2040,12 +2301,12 @@ acl_var_c = NULL; /* Allow for trailing 0 in the command and data buffers. */ -if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2))) +if (!(smtp_cmd_buffer = US malloc(2*SMTP_CMD_BUFFER_SIZE + 2))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP command buffer"); smtp_cmd_buffer[0] = 0; -smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1; +smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1; /* For batched input, the protocol setting can be overridden from the command line by a trusted caller. */ @@ -2065,7 +2326,7 @@ else /* Set up the buffer for inputting using direct read() calls, and arrange to call the local functions instead of the standard C ones. */ -if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size))) +if (!(smtp_inbuffer = (uschar *)malloc(IN_BUFFER_SIZE))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer"); receive_getc = smtp_getc; @@ -2328,14 +2589,6 @@ if (!sender_host_unknown) "bad value for smtp_receive_timeout: '%s'", exp ? exp : US""); } - /* Start up TLS if tls_on_connect is set. This is for supporting the legacy - smtps port for use with older style SSL MTAs. */ - - #ifdef SUPPORT_TLS - if (tls_in.on_connect && tls_server_start(tls_require_ciphers) != OK) - return FALSE; - #endif - /* Test for explicit connection rejection */ if (verify_check_host(&host_reject_connection) == OK) @@ -2355,19 +2608,17 @@ if (!sender_host_unknown) value of errno is 0 or ENOENT (which happens if /etc/hosts.{allow,deny} does not exist). */ - #ifdef USE_TCP_WRAPPERS +#ifdef USE_TCP_WRAPPERS errno = 0; - tcp_wrappers_name = expand_string(tcp_wrappers_daemon_name); - if (tcp_wrappers_name == NULL) - { + if (!(tcp_wrappers_name = expand_string(tcp_wrappers_daemon_name))) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" " "(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name), expand_string_message); - } + if (!hosts_ctl(tcp_wrappers_name, - (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name, - (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address, - (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident)) + sender_host_name ? CS sender_host_name : STRING_UNKNOWN, + sender_host_address ? CS sender_host_address : STRING_UNKNOWN, + sender_ident ? CS sender_ident : STRING_UNKNOWN)) { if (errno == 0 || errno == ENOENT) { @@ -2389,7 +2640,7 @@ if (!sender_host_unknown) } return FALSE; } - #endif +#endif /* Check for reserved slots. The value of smtp_accept_count has already been incremented to include this process. */ @@ -2460,27 +2711,25 @@ if (!sender_host_unknown) if (smtp_batched_input) return TRUE; -#ifdef SUPPORT_PROXY /* If valid Proxy Protocol source is connecting, set up session. * Failure will not allow any SMTP function other than QUIT. */ + +#ifdef SUPPORT_PROXY proxy_session = FALSE; proxy_session_failed = FALSE; if (check_proxy_protocol_host()) - if (!setup_proxy_protocol_host()) - { - proxy_session_failed = TRUE; - DEBUG(D_receive) - debug_printf("Failure to extract proxied host, only QUIT allowed\n"); - } - else - { - sender_host_name = NULL; - (void)host_name_lookup(); - host_build_sender_fullhost(); - } + setup_proxy_protocol_host(); #endif -/* Run the ACL if it exists */ + /* Start up TLS if tls_on_connect is set. This is for supporting the legacy + smtps port for use with older style SSL MTAs. */ + +#ifdef SUPPORT_TLS + if (tls_in.on_connect && tls_server_start(tls_require_ciphers, &user_msg) != OK) + return smtp_log_tls_fail(user_msg); +#endif + +/* Run the connect ACL if it exists */ user_msg = NULL; if (acl_smtp_connect) @@ -2637,43 +2886,6 @@ return yield; -/************************************************* -* Log incomplete transactions * -*************************************************/ - -/* This function is called after a transaction has been aborted by RSET, QUIT, -connection drops or other errors. It logs the envelope information received -so far in order to preserve address verification attempts. - -Argument: string to indicate what aborted the transaction -Returns: nothing -*/ - -static void -incomplete_transaction_log(uschar *what) -{ -if (sender_address == NULL || /* No transaction in progress */ - !LOGGING(smtp_incomplete_transaction)) - return; - -/* Build list of recipients for logging */ - -if (recipients_count > 0) - { - int i; - raw_recipients = store_get(recipients_count * sizeof(uschar *)); - for (i = 0; i < recipients_count; i++) - raw_recipients[i] = recipients_list[i].address; - raw_recipients_count = recipients_count; - } - -log_write(L_smtp_incomplete_transaction, LOG_MAIN|LOG_SENDER|LOG_RECIPIENTS, - "%s incomplete transaction (%s)", host_and_ident(TRUE), what); -} - - - - /************************************************* * Send SMTP response, possibly multiline * *************************************************/ @@ -2900,7 +3112,7 @@ we have not sent a response about it yet, do so now, as a preliminary line for failures, but not defers. However, always log it for defer, and log it for fail unless the sender_verify_fail log selector has been turned off. */ -if (sender_verified_failed != NULL && +if (sender_verified_failed && !testflag(sender_verified_failed, af_sverify_told)) { BOOL save_rcpt_in_progress = rcpt_in_progress; @@ -2916,7 +3128,7 @@ if (sender_verified_failed != NULL && (sender_verified_failed->message == NULL)? US"" : string_sprintf(": %s", sender_verified_failed->message)); - if (rc == FAIL && sender_verified_failed->user_message != NULL) + if (rc == FAIL && sender_verified_failed->user_message) smtp_respond(smtp_code, codelen, FALSE, string_sprintf( testflag(sender_verified_failed, af_verify_pmfail)? "Postmaster verification failed while checking <%s>\n%s\n" @@ -3028,7 +3240,7 @@ the ACL that obeyed "drop" has already supplied the custom message, and NULL is passed to this function. In case things go wrong while processing this function, causing an error that -may re-enter this funtion, there is a recursion check. +may re-enter this function, there is a recursion check. Arguments: reason What $smtp_notquit_reason will be set to in the ACL; @@ -3550,7 +3762,7 @@ while (done <= 0) US &off, sizeof(off)); #endif - switch(smtp_read_command(TRUE)) + switch(smtp_read_command(TRUE, GETC_BUFFER_UNLIMITED)) { /* The AUTH command is not permitted to occur inside a transaction, and may occur successfully only once per connection. Actually, that isn't quite @@ -3886,19 +4098,20 @@ while (done <= 0) dsn_advertised = TRUE; } - /* Advertise ETRN if there's an ACL checking whether a host is - permitted to issue it; a check is made when any host actually tries. */ + /* Advertise ETRN/VRFY/EXPN if there's are ACL checking whether a host is + permitted to issue them; a check is made when any host actually tries. */ - if (acl_smtp_etrn != NULL) + if (acl_smtp_etrn) { s = string_catn(s, &size, &ptr, smtp_code, 3); s = string_catn(s, &size, &ptr, US"-ETRN\r\n", 7); } - - /* Advertise EXPN if there's an ACL checking whether a host is - permitted to issue it; a check is made when any host actually tries. */ - - if (acl_smtp_expn != NULL) + if (acl_smtp_vrfy) + { + s = string_catn(s, &size, &ptr, smtp_code, 3); + s = string_catn(s, &size, &ptr, US"-VRFY\r\n", 7); + } + if (acl_smtp_expn) { s = string_catn(s, &size, &ptr, smtp_code, 3); s = string_catn(s, &size, &ptr, US"-EXPN\r\n", 7); @@ -4282,9 +4495,13 @@ while (done <= 0) case ENV_MAIL_OPT_UTF8: if (smtputf8_advertised) { + int old_pool = store_pool; + DEBUG(D_receive) debug_printf("smtputf8 requested\n"); message_smtputf8 = allow_utf8_domains = TRUE; + store_pool = POOL_PERM; received_protocol = string_sprintf("utf8%s", received_protocol); + store_pool = old_pool; } break; #endif @@ -4600,7 +4817,7 @@ while (done <= 0) friends now makes it absolutely clear that it means *mailbox*. Consequently we must always qualify this address, regardless. */ - if (recipient_domain == 0) + if (!recipient_domain) if (!(recipient_domain = qualify_recipient(&recipient, smtp_cmd_data, US"recipient"))) { @@ -4750,14 +4967,14 @@ while (done <= 0) chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 ? CHUNKING_LAST : CHUNKING_ACTIVE; chunking_data_left = chunking_datasize; + DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", + (int)chunking_state, chunking_data_left); lwr_receive_getc = receive_getc; lwr_receive_ungetc = receive_ungetc; receive_getc = bdat_getc; receive_ungetc = bdat_ungetc; - DEBUG(D_any) - debug_printf("chunking state %d\n", (int)chunking_state); goto DATA_BDAT; } @@ -4858,7 +5075,7 @@ while (done <= 0) break; } - if (recipient_domain == 0) + if (!recipient_domain) if (!(recipient_domain = qualify_recipient(&address, smtp_cmd_data, US"verify"))) break; @@ -4941,7 +5158,7 @@ while (done <= 0) /* RFC 2487 is not clear on when this command may be sent, though it does state that all information previously obtained from the client - must be discarded if a TLS session is started. It seems reasonble to + must be discarded if a TLS session is started. It seems reasonable to do an implied RSET when STARTTLS is received. */ incomplete_transaction_log(US"STARTTLS"); @@ -4966,14 +5183,14 @@ while (done <= 0) /* and if TLS is already active, tls_server_start() should fail */ } - /* There is nothing we value in the input buffer and if TLS is succesfully + /* There is nothing we value in the input buffer and if TLS is successfully negotiated, we won't use this buffer again; if TLS fails, we'll just read fresh content into it. The buffer contains arbitrary content from an untrusted remote source; eg: NOOP \r\nSTARTTLS\r\n It seems safest to just wipe away the content rather than leave it as a target to jump to. */ - memset(smtp_inbuffer, 0, in_buffer_size); + memset(smtp_inbuffer, 0, IN_BUFFER_SIZE); /* Attempt to start up a TLS session, and if successful, discard all knowledge that was obtained previously. At least, that's what the RFC says, @@ -4983,7 +5200,8 @@ while (done <= 0) We must allow for an extra EHLO command and an extra AUTH command after STARTTLS that don't add to the nonmail command count. */ - if ((rc = tls_server_start(tls_require_ciphers)) == OK) + s = NULL; + if ((rc = tls_server_start(tls_require_ciphers, &s)) == OK) { if (!tls_remember_esmtp) helo_seen = esmtp = auth_advertised = pipelining_advertised = FALSE; @@ -5012,11 +5230,13 @@ while (done <= 0) DEBUG(D_tls) debug_printf("TLS active\n"); break; /* Successful STARTTLS */ } + else + (void) smtp_log_tls_fail(s); /* Some local configuration problem was discovered before actually trying to do a TLS handshake; give a temporary error. */ - else if (rc == DEFER) + if (rc == DEFER) { smtp_printf("454 TLS currently unavailable\r\n"); break; @@ -5027,7 +5247,7 @@ while (done <= 0) set, but we must still reject all incoming commands. */ DEBUG(D_tls) debug_printf("TLS failed to start\n"); - while (done <= 0) switch(smtp_read_command(FALSE)) + while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) { case EOF_CMD: log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF", @@ -5315,8 +5535,8 @@ while (done <= 0) case BADSYN_CMD: SYNC_FAILURE: - if (smtp_inend >= smtp_inbuffer + in_buffer_size) - smtp_inend = smtp_inbuffer + in_buffer_size - 1; + if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE) + smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1; c = smtp_inend - smtp_inptr; if (c > 150) c = 150; smtp_inptr[c] = 0; diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index 3154c9767..ba6153ea9 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -166,7 +166,7 @@ if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1; if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on))) HDEBUG(D_transport|D_acl|D_v) - debug_printf("failed to set NODELAY: %s ", strerror(errno)); + debug_printf_indent("failed to set NODELAY: %s ", strerror(errno)); /* Set DSCP value, if we can. For now, if we fail to set the value, we don't bomb out, just log it and continue in default traffic class. */ @@ -174,10 +174,10 @@ bomb out, just log it and continue in default traffic class. */ if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value)) { HDEBUG(D_transport|D_acl|D_v) - debug_printf("DSCP \"%s\"=%x ", dscp, dscp_value); + debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value); if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0) HDEBUG(D_transport|D_acl|D_v) - debug_printf("failed to set DSCP: %s ", strerror(errno)); + debug_printf_indent("failed to set DSCP: %s ", strerror(errno)); /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the option for both; ignore failures here */ if (host_af == AF_INET6 && @@ -196,7 +196,7 @@ if (interface && ip_bind(sock, host_af, interface, 0) < 0) { save_errno = errno; HDEBUG(D_transport|D_acl|D_v) - debug_printf("unable to bind outgoing SMTP call to %s: %s", interface, + debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface, strerror(errno)); } @@ -212,7 +212,7 @@ if (save_errno != 0) { HDEBUG(D_transport|D_acl|D_v) { - debug_printf("failed: %s", CUstrerror(save_errno)); + debug_printf_indent("failed: %s", CUstrerror(save_errno)); if (save_errno == ETIMEDOUT) debug_printf(" (timeout=%s)", readconf_printtime(timeout)); debug_printf("\n"); @@ -228,7 +228,7 @@ else { union sockaddr_46 interface_sock; EXIM_SOCKLEN_T size = sizeof(interface_sock); - HDEBUG(D_transport|D_acl|D_v) debug_printf("connected\n"); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("connected\n"); if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0) sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port); else @@ -280,7 +280,7 @@ smtp_transport_options_block * ob = if (host->port != PORT_NONE) { HDEBUG(D_transport|D_acl|D_v) - debug_printf("Transport port=%d replaced by host-specific port=%d\n", port, + debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port, host->port); port = host->port; } @@ -295,7 +295,7 @@ HDEBUG(D_transport|D_acl|D_v) #ifdef SUPPORT_SOCKS if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s); #endif - debug_printf("Connecting to %s %s%s... ", host->name, callout_address, s); + debug_printf_indent("Connecting to %s %s%s... ", host->name, callout_address, s); } /* Create and connect the socket */ @@ -329,7 +329,7 @@ flush_buffer(smtp_outblock *outblock) int rc; int n = outblock->ptr - outblock->buffer; -HDEBUG(D_transport|D_acl) debug_printf("cmd buf flush %d bytes\n", n); +HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes\n", n); #ifdef SUPPORT_TLS if (tls_out.active == outblock->sock) rc = tls_write(FALSE, outblock->buffer, n); @@ -339,7 +339,7 @@ else if (rc <= 0) { - HDEBUG(D_transport|D_acl) debug_printf("send failed: %s\n", strerror(errno)); + HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno)); return FALSE; } @@ -420,7 +420,7 @@ if (format) while (*p != 0) *p++ = '*'; } - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> %s\n", big_buffer); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer); } if (!noflush) @@ -498,15 +498,19 @@ for (;;) /* Need to read a new input packet. */ - rc = ip_recv(sock, inblock->buffer, inblock->buffersize, timeout); - if (rc <= 0) break; + if((rc = ip_recv(sock, inblock->buffer, inblock->buffersize, timeout)) <= 0) + { + if (!errno) + DEBUG(D_deliver|D_transport|D_acl) debug_printf_indent(" SMTP(closed)<<\n"); + break; + } /* Another block of data has been successfully read. Set up the pointers and let the loop continue. */ ptrend = inblock->ptrend = inblock->buffer + rc; ptr = inblock->buffer; - DEBUG(D_transport|D_acl) debug_printf("read response data: size=%d\n", rc); + DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc); } /* Get here if there has been some kind of recv() error; errno is set, but we @@ -550,7 +554,7 @@ int count; errno = 0; /* Ensure errno starts out zero */ -/* This is a loop to read and concatentate the lines that make up a multi-line +/* This is a loop to read and concatenate the lines that make up a multi-line response. */ for (;;) @@ -559,7 +563,7 @@ for (;;) return FALSE; HDEBUG(D_transport|D_acl|D_v) - debug_printf(" %s %s\n", (ptr == buffer)? "SMTP<<" : " ", ptr); + debug_printf_indent(" %s %s\n", (ptr == buffer)? "SMTP<<" : " ", ptr); /* Check the format of the response: it must start with three digits; if these are followed by a space or end of line, the response is complete. If diff --git a/src/src/spam.c b/src/src/spam.c index 93c0a540d..d4b95b2f9 100644 --- a/src/src/spam.c +++ b/src/src/spam.c @@ -251,7 +251,7 @@ if (*spamd_address == '$') else spamd_address_work = spamd_address; -DEBUG(D_acl) debug_printf("spamd: addrlist '%s'\n", spamd_address_work); +DEBUG(D_acl) debug_printf_indent("spamd: addrlist '%s'\n", spamd_address_work); /* check if previous spamd_address was expanded and has changed. dump cached results if so */ if ( spam_ok @@ -295,7 +295,7 @@ start = time(NULL); unsigned args; uschar * s; - DEBUG(D_acl) debug_printf("spamd: addr entry '%s'\n", address); + DEBUG(D_acl) debug_printf_indent("spamd: addr entry '%s'\n", address); sd = (spamd_address_container *)store_get(sizeof(spamd_address_container)); for (sublist = address, args = 0, spamd_param_init(sd); @@ -303,7 +303,7 @@ start = time(NULL); args++ ) { - DEBUG(D_acl) debug_printf("spamd: addr parm '%s'\n", s); + DEBUG(D_acl) debug_printf_indent("spamd: addr parm '%s'\n", s); switch (args) { case 0: sd->hostspec = s; @@ -342,7 +342,7 @@ start = time(NULL); { uschar * errstr; - DEBUG(D_acl) debug_printf("spamd: trying server %s\n", sd->hostspec); + DEBUG(D_acl) debug_printf_indent("spamd: trying server %s\n", sd->hostspec); for (;;) { @@ -350,7 +350,7 @@ start = time(NULL); || sd->retry <= 0 ) break; - DEBUG(D_acl) debug_printf("spamd: server %s: retry conn\n", sd->hostspec); + DEBUG(D_acl) debug_printf_indent("spamd: server %s: retry conn\n", sd->hostspec); while (sd->retry > 0) sd->retry = sleep(sd->retry); } if (spamd_sock >= 0) @@ -414,12 +414,12 @@ if (wrote == -1) } /* now send the file */ -/* spamd sometimes accepts conections but doesn't read data off +/* spamd sometimes accepts connections but doesn't read data off * the connection. We make the file descriptor non-blocking so * that the write will only write sufficient data without blocking - * and we poll the desciptor to make sure that we can write without + * and we poll the descriptor to make sure that we can write without * blocking. Short writes are gracefully handled and if the whole - * trasaction takes too long it is aborted. + * transaction takes too long it is aborted. * Note: poll() is not supported in OSX 10.2 and is reported to be * broken in more recent versions (up to 10.4). */ diff --git a/src/src/spool_in.c b/src/src/spool_in.c index e1d6e3422..6ed566411 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -232,7 +232,7 @@ Arguments: Returns: spool_read_OK success spool_read_notopen open failed spool_read_enverror error in the envelope portion - spool_read_hdrdrror error in the header portion + spool_read_hdrerror error in the header portion */ int diff --git a/src/src/spool_out.c b/src/src/spool_out.c index e49d89a09..652506fb3 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -378,7 +378,7 @@ if (close(fd) < 0) #endif /* NEED_SYNC_DIRECTORY */ /* Return the number of characters in the headers, which is the file size, less -the prelimary stuff, less the additional count fields on the headers. */ +the preliminary stuff, less the additional count fields on the headers. */ DEBUG(D_receive) debug_printf("Size of headers = %d\n", (int)(statbuf.st_size - size_correction)); diff --git a/src/src/store.c b/src/src/store.c index b1a47799b..8628954b5 100644 --- a/src/src/store.c +++ b/src/src/store.c @@ -144,39 +144,39 @@ if (size > yield_length[store_pool]) { int length = (size <= STORE_BLOCK_SIZE)? STORE_BLOCK_SIZE : size; int mlength = length + ALIGNED_SIZEOF_STOREBLOCK; - storeblock *newblock = NULL; + storeblock * newblock = NULL; /* Sometimes store_reset() may leave a block for us; check if we can use it */ - if (current_block[store_pool] != NULL && - current_block[store_pool]->next != NULL) + if ( (newblock = current_block[store_pool]) + && (newblock = newblock->next) + && newblock->length < length + ) { - newblock = current_block[store_pool]->next; - if (newblock->length < length) - { - /* Give up on this block, because it's too small */ - store_free(newblock); - newblock = NULL; - } + /* Give up on this block, because it's too small */ + store_free(newblock); + newblock = NULL; } /* If there was no free block, get a new one */ - if (newblock == NULL) + if (!newblock) { pool_malloc += mlength; /* Used in pools */ nonpool_malloc -= mlength; /* Exclude from overall total */ newblock = store_malloc(mlength); newblock->next = NULL; newblock->length = length; - if (chainbase[store_pool] == NULL) chainbase[store_pool] = newblock; - else current_block[store_pool]->next = newblock; + if (!chainbase[store_pool]) + chainbase[store_pool] = newblock; + else + current_block[store_pool]->next = newblock; } current_block[store_pool] = newblock; yield_length[store_pool] = newblock->length; next_yield[store_pool] = - (void *)((char *)current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK); + (void *)(CS current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK); (void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[store_pool], yield_length[store_pool]); } @@ -325,9 +325,9 @@ Returns: nothing void store_reset_3(void *ptr, const char *filename, int linenumber) { -storeblock *bb; -storeblock *b = current_block[store_pool]; -char *bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK; +storeblock * bb; +storeblock * b = current_block[store_pool]; +char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; int newlength; /* Last store operation was not a get */ @@ -337,14 +337,14 @@ store_last_get[store_pool] = NULL; /* See if the place is in the current block - as it often will be. Otherwise, search for the block in which it lies. */ -if ((char *)ptr < bc || (char *)ptr > bc + b->length) +if (CS ptr < bc || CS ptr > bc + b->length) { - for (b = chainbase[store_pool]; b != NULL; b = b->next) + for (b = chainbase[store_pool]; b; b = b->next) { - bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK; - if ((char *)ptr >= bc && (char *)ptr <= bc + b->length) break; + bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; + if (CS ptr >= bc && CS ptr <= bc + b->length) break; } - if (b == NULL) + if (!b) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) " "failed: pool=%d %-14s %4d", ptr, store_pool, filename, linenumber); } @@ -352,17 +352,21 @@ if ((char *)ptr < bc || (char *)ptr > bc + b->length) /* Back up, rounding to the alignment if necessary. When testing, flatten the released memory. */ -newlength = bc + b->length - (char *)ptr; +newlength = bc + b->length - CS ptr; #ifndef COMPILE_UTILITY -if (running_in_test_harness) +if (running_in_test_harness || debug_store) { - (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength); - memset(ptr, 0xF0, newlength); + assert_no_variables(ptr, newlength, filename, linenumber); + if (running_in_test_harness) + { + (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength); + memset(ptr, 0xF0, newlength); + } } #endif (void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength); yield_length[store_pool] = newlength - (newlength % alignment); -next_yield[store_pool] = (char *)ptr + (newlength % alignment); +next_yield[store_pool] = CS ptr + (newlength % alignment); current_block[store_pool] = b; /* Free any subsequent block. Do NOT free the first successor, if our @@ -370,20 +374,29 @@ current block has less than 256 bytes left. This should prevent us from flapping memory. However, keep this block only when it has the default size. */ if (yield_length[store_pool] < STOREPOOL_MIN_SIZE && - b->next != NULL && + b->next && b->next->length == STORE_BLOCK_SIZE) { b = b->next; - (void) VALGRIND_MAKE_MEM_NOACCESS((char *)b + ALIGNED_SIZEOF_STOREBLOCK, +#ifndef COMPILE_UTILITY + if (running_in_test_harness || debug_store) + assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK, + filename, linenumber); +#endif + (void) VALGRIND_MAKE_MEM_NOACCESS(CS b + ALIGNED_SIZEOF_STOREBLOCK, b->length - ALIGNED_SIZEOF_STOREBLOCK); } bb = b->next; b->next = NULL; -while (bb != NULL) +while ((b = bb)) { - b = bb; +#ifndef COMPILE_UTILITY + if (running_in_test_harness || debug_store) + assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK, + filename, linenumber); +#endif bb = bb->next; pool_malloc -= b->length + ALIGNED_SIZEOF_STOREBLOCK; store_free_3(b, filename, linenumber); diff --git a/src/src/string.c b/src/src/string.c index be1a1d7a4..cec59506d 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -306,7 +306,7 @@ expanded string. */ ss = store_get(length + nonprintcount * 3 + 1); -/* Copy everying, escaping non printers. */ +/* Copy everything, escaping non printers. */ t = s; tt = ss; @@ -974,14 +974,14 @@ return buffer; ************************************************/ /* This function is used to build a list, returning an allocated null-terminated growable string. The -given element has any embedded seperator characters +given element has any embedded separator characters doubled. Arguments: list points to the start of the list that is being built, or NULL if this is a new list that has no contents yet - sep list seperator charactoer - ele new lement to be appended to the list + sep list separator character + ele new element to be appended to the list Returns: pointer to the start of the list, changed if copied for expansion. */ diff --git a/src/src/structs.h b/src/src/structs.h index 12d714f28..38b095f06 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -244,17 +244,7 @@ typedef struct transport_context { /* items below only used with option topt_use_bdat */ tpt_chunk_cmd_cb chunk_cb; /* per-datachunk callback */ - struct smtp_inblock * inblock; - struct smtp_outblock * outblock; - host_item * host; - struct address_item * first_addr; - struct address_item **sync_addr; - BOOL pending_MAIL; - BOOL pending_BDAT; - BOOL good_RCPT; - BOOL * completed_address; - int cmd_count; - uschar * buffer; + void * smtp_context; } transport_ctx; @@ -635,7 +625,7 @@ typedef struct address_item { /* (may need to hold a timestamp) */ short int basic_errno; /* status after failure */ - short int child_count; /* number of child addresses */ + unsigned short child_count; /* number of child addresses */ short int return_file; /* fileno of return data file */ short int special_action; /* ( used when when deferred or failed */ /* ( also */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 10bfaca32..8836bb259 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -13,7 +13,7 @@ tls.c when USE_GNUTLS has been set. The code herein is a revamp of GnuTLS integration using the current APIs; the original tls-gnu.c was based on a patch which was contributed by Nikos -Mavroyanopoulos. The revamp is partially a rewrite, partially cut&paste as +Mavrogiannopoulos. The revamp is partially a rewrite, partially cut&paste as appropriate. APIs current as of GnuTLS 2.12.18; note that the GnuTLS manual is for GnuTLS 3, @@ -206,9 +206,12 @@ before, for now. */ #endif #define exim_gnutls_err_check(Label) do { \ - if (rc != GNUTLS_E_SUCCESS) { return tls_error((Label), gnutls_strerror(rc), host); } } while (0) + if (rc != GNUTLS_E_SUCCESS) \ + return tls_error((Label), gnutls_strerror(rc), host, errstr); \ + } while (0) -#define expand_check_tlsvar(Varname) expand_check(state->Varname, US #Varname, &state->exp_##Varname) +#define expand_check_tlsvar(Varname, errstr) \ + expand_check(state->Varname, US #Varname, &state->exp_##Varname, errstr) #if GNUTLS_VERSION_NUMBER >= 0x020c00 # define HAVE_GNUTLS_SESSION_CHANNEL_BINDING @@ -264,29 +267,18 @@ Argument: usually obtained from gnutls_strerror() host NULL if setting up a server; the connected host if setting up a client + errstr pointer to returned error string Returns: OK/DEFER/FAIL */ static int -tls_error(const uschar *prefix, const char *msg, const host_item *host) +tls_error(const uschar *prefix, const char *msg, const host_item *host, + uschar ** errstr) { -if (host) - { - log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection (%s)%s%s", - host->name, host->address, prefix, msg ? ": " : "", msg ? msg : ""); - return FAIL; - } -else - { - uschar *conn_info = smtp_get_connection_info(); - if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) - conn_info += 5; - /* I'd like to get separated H= here, but too hard for now */ - log_write(0, LOG_MAIN, "TLS error on %s (%s)%s%s", - conn_info, prefix, msg ? ": " : "", msg ? msg : ""); - return DEFER; - } +if (errstr) + *errstr = string_sprintf("(%s)%s%s", prefix, msg ? ": " : "", msg ? msg : ""); +return host ? FAIL : DEFER; } @@ -310,7 +302,8 @@ Returns: nothing static void record_io_error(exim_gnutls_state_st *state, int rc, uschar *when, uschar *text) { -const char *msg; +const char * msg; +uschar * errstr; if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) msg = CS string_sprintf("%s: %s", US gnutls_strerror(rc), @@ -318,7 +311,18 @@ if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) else msg = gnutls_strerror(rc); -tls_error(when, msg, state->host); +(void) tls_error(when, msg, state->host, &errstr); + +if (state->host) + log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection %s", + state->host->name, state->host->address, errstr); +else + { + uschar * conn_info = smtp_get_connection_info(); + if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5; + /* I'd like to get separated H= here, but too hard for now */ + log_write(0, LOG_MAIN, "TLS error on %s %s", conn_info, errstr); + } } @@ -454,7 +458,7 @@ Returns: OK/DEFER/FAIL */ static int -init_server_dh(void) +init_server_dh(uschar ** errstr) { int fd, rc; unsigned int dh_bits; @@ -475,7 +479,7 @@ exim_gnutls_err_check(US"gnutls_dh_params_init"); m.data = NULL; m.size = 0; -if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam)) +if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam, errstr)) return DEFER; if (!exp_tls_dhparam) @@ -494,7 +498,7 @@ else if (Ustrcmp(exp_tls_dhparam, "none") == 0) else if (exp_tls_dhparam[0] != '/') { if (!(m.data = US std_dh_prime_named(exp_tls_dhparam))) - return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL); + return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL, errstr); m.size = Ustrlen(m.data); } else @@ -516,7 +520,7 @@ if (m.data) different filename and ensure we have sufficient bits. */ dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL); if (!dh_bits) - return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL); + return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL, errstr); DEBUG(D_tls) debug_printf("GnuTLS tells us that for D-H PK, NORMAL is %d bits.\n", dh_bits); @@ -540,7 +544,7 @@ if (use_file_in_spool) { if (!string_format(filename_buf, sizeof(filename_buf), "%s/gnutls-params-%d", spool_directory, dh_bits)) - return tls_error(US"overlong filename", NULL, NULL); + return tls_error(US"overlong filename", NULL, NULL, errstr); filename = filename_buf; } @@ -557,33 +561,33 @@ if ((fd = Uopen(filename, O_RDONLY, 0)) >= 0) { saved_errno = errno; (void)close(fd); - return tls_error(US"TLS cache stat failed", strerror(saved_errno), NULL); + return tls_error(US"TLS cache stat failed", strerror(saved_errno), NULL, errstr); } if (!S_ISREG(statbuf.st_mode)) { (void)close(fd); - return tls_error(US"TLS cache not a file", NULL, NULL); + return tls_error(US"TLS cache not a file", NULL, NULL, errstr); } if (!(fp = fdopen(fd, "rb"))) { saved_errno = errno; (void)close(fd); return tls_error(US"fdopen(TLS cache stat fd) failed", - strerror(saved_errno), NULL); + strerror(saved_errno), NULL, errstr); } m.size = statbuf.st_size; if (!(m.data = malloc(m.size))) { fclose(fp); - return tls_error(US"malloc failed", strerror(errno), NULL); + return tls_error(US"malloc failed", strerror(errno), NULL, errstr); } if (!(sz = fread(m.data, m.size, 1, fp))) { saved_errno = errno; fclose(fp); free(m.data); - return tls_error(US"fread failed", strerror(saved_errno), NULL); + return tls_error(US"fread failed", strerror(saved_errno), NULL, errstr); } fclose(fp); @@ -604,7 +608,7 @@ else if (errno == ENOENT) } else return tls_error(string_open_failed(errno, "\"%s\" for reading", filename), - NULL, NULL); + NULL, NULL, errstr); /* If ret < 0, either the cache file does not exist, or the data it contains is not useful. One particular case of this is when upgrading from an older @@ -619,11 +623,11 @@ if (rc < 0) if ((PATH_MAX - Ustrlen(filename)) < 10) return tls_error(US"Filename too long to generate replacement", - CS filename, NULL); + CS filename, NULL, errstr); temp_fn = string_copy(US "%s.XXXXXXX"); if ((fd = mkstemp(CS temp_fn)) < 0) /* modifies temp_fn */ - return tls_error(US"Unable to open temp file", strerror(errno), NULL); + return tls_error(US"Unable to open temp file", strerror(errno), NULL, errstr); (void)fchown(fd, exim_uid, exim_gid); /* Probably not necessary */ /* GnuTLS overshoots! @@ -660,7 +664,7 @@ if (rc < 0) exim_gnutls_err_check(US"gnutls_dh_params_export_pkcs3(NULL) sizing"); m.size = sz; if (!(m.data = malloc(m.size))) - return tls_error(US"memory allocation failed", strerror(errno), NULL); + return tls_error(US"memory allocation failed", strerror(errno), NULL, errstr); /* this will return a size 1 less than the allocation size above */ rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM, @@ -676,19 +680,19 @@ if (rc < 0) { free(m.data); return tls_error(US"TLS cache write D-H params failed", - strerror(errno), NULL); + strerror(errno), NULL, errstr); } free(m.data); if ((sz = write_to_fd_buf(fd, US"\n", 1)) != 1) return tls_error(US"TLS cache write D-H params final newline failed", - strerror(errno), NULL); + strerror(errno), NULL, errstr); if ((rc = close(fd))) - return tls_error(US"TLS cache write close() failed", strerror(errno), NULL); + return tls_error(US"TLS cache write close() failed", strerror(errno), NULL, errstr); if (Urename(temp_fn, filename) < 0) return tls_error(string_sprintf("failed to rename \"%s\" as \"%s\"", - temp_fn, filename), strerror(errno), NULL); + temp_fn, filename), strerror(errno), NULL, errstr); DEBUG(D_tls) debug_printf("wrote D-H parameters to file \"%s\"\n", filename); } @@ -703,7 +707,7 @@ return OK; /* Create and install a selfsigned certificate, for use in server mode */ static int -tls_install_selfsign(exim_gnutls_state_st * state) +tls_install_selfsign(exim_gnutls_state_st * state, uschar ** errstr) { gnutls_x509_crt_t cert = NULL; time_t now; @@ -761,7 +765,7 @@ out: return rc; err: - rc = tls_error(where, gnutls_strerror(rc), NULL); + rc = tls_error(where, gnutls_strerror(rc), NULL, errstr); goto out; } @@ -782,12 +786,13 @@ which we are responsible for setting on the first pass through. Arguments: state exim_gnutls_state_st * + errstr error string pointer Returns: OK/DEFER/FAIL */ static int -tls_expand_session_files(exim_gnutls_state_st *state) +tls_expand_session_files(exim_gnutls_state_st *state, uschar ** errstr) { struct stat statbuf; int rc; @@ -831,7 +836,7 @@ false if expansion failed, unless expansion was forced to fail. */ /* check if we at least have a certificate, before doing expensive D-H generation. */ -if (!expand_check_tlsvar(tls_certificate)) +if (!expand_check_tlsvar(tls_certificate, errstr)) return DEFER; /* certificate is mandatory in server, optional in client */ @@ -840,11 +845,11 @@ if ( !state->exp_tls_certificate || !*state->exp_tls_certificate ) if (!host) - return tls_install_selfsign(state); + return tls_install_selfsign(state, errstr); else DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n"); -if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey)) +if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr)) return DEFER; /* tls_privatekey is optional, defaulting to same file as certificate */ @@ -897,7 +902,7 @@ if ( !host /* server */ else { if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", - &state->exp_tls_ocsp_file)) + &state->exp_tls_ocsp_file, errstr)) return DEFER; /* Use the full callback method for stapling just to get observability. @@ -921,14 +926,14 @@ behaviour. */ if (state->tls_verify_certificates && *state->tls_verify_certificates) { - if (!expand_check_tlsvar(tls_verify_certificates)) + if (!expand_check_tlsvar(tls_verify_certificates, errstr)) return DEFER; #ifndef SUPPORT_SYSDEFAULT_CABUNDLE if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0) state->exp_tls_verify_certificates = NULL; #endif if (state->tls_crl && *state->tls_crl) - if (!expand_check_tlsvar(tls_crl)) + if (!expand_check_tlsvar(tls_crl, errstr)) return DEFER; if (!(state->exp_tls_verify_certificates && @@ -1041,12 +1046,13 @@ out to this. Arguments: state exim_gnutls_state_st * + errstr error string pointer Returns: OK/DEFER/FAIL */ static int -tls_set_remaining_x509(exim_gnutls_state_st *state) +tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr) { int rc; const host_item *host = state->host; /* macro should be reconsidered? */ @@ -1059,7 +1065,7 @@ if (!state->host) { if (!dh_server_params) { - rc = init_server_dh(); + rc = init_server_dh(errstr); if (rc != OK) return rc; } gnutls_certificate_set_dh_params(state->x509_cred, dh_server_params); @@ -1121,6 +1127,7 @@ Arguments: crl CRL file require_ciphers tls_require_ciphers setting caller_state returned state-info structure + errstr error string pointer Returns: OK/DEFER/FAIL */ @@ -1134,7 +1141,8 @@ tls_init( const uschar *cas, const uschar *crl, const uschar *require_ciphers, - exim_gnutls_state_st **caller_state) + exim_gnutls_state_st **caller_state, + uschar ** errstr) { exim_gnutls_state_st *state; int rc; @@ -1212,19 +1220,17 @@ that's tls_certificate, tls_privatekey, tls_verify_certificates, tls_crl */ DEBUG(D_tls) debug_printf("Expanding various TLS configuration options for session credentials.\n"); -rc = tls_expand_session_files(state); -if (rc != OK) return rc; +if ((rc = tls_expand_session_files(state, errstr)) != OK) return rc; /* These are all other parts of the x509_cred handling, since SNI in GnuTLS requires a new structure afterwards. */ -rc = tls_set_remaining_x509(state); -if (rc != OK) return rc; +if ((rc = tls_set_remaining_x509(state, errstr)) != OK) return rc; /* set SNI in client, only */ if (host) { - if (!expand_check(sni, US"tls_out_sni", &state->tlsp->sni)) + if (!expand_check(sni, US"tls_out_sni", &state->tlsp->sni, errstr)) return DEFER; if (state->tlsp->sni && *state->tlsp->sni) { @@ -1250,7 +1256,7 @@ want_default_priorities = TRUE; if (state->tls_require_ciphers && *state->tls_require_ciphers) { - if (!expand_check_tlsvar(tls_require_ciphers)) + if (!expand_check_tlsvar(tls_require_ciphers, errstr)) return DEFER; if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers) { @@ -1324,12 +1330,13 @@ don't apply. Arguments: state exim_gnutls_state_st * + errstr pointer to error string Returns: OK/DEFER/FAIL */ static int -peer_status(exim_gnutls_state_st *state) +peer_status(exim_gnutls_state_st *state, uschar ** errstr) { uschar cipherbuf[256]; const gnutls_datum_t *cert_list; @@ -1383,7 +1390,7 @@ if (cert_list == NULL || cert_list_size == 0) cert_list, cert_list_size); if (state->verify_requirement >= VERIFY_REQUIRED) return tls_error(US"certificate verification failed", - "no certificate received from peer", state->host); + "no certificate received from peer", state->host, errstr); return OK; } @@ -1395,7 +1402,7 @@ if (ct != GNUTLS_CRT_X509) debug_printf("TLS: peer cert not X.509 but instead \"%s\"\n", ctn); if (state->verify_requirement >= VERIFY_REQUIRED) return tls_error(US"certificate verification not possible, unhandled type", - ctn, state->host); + ctn, state->host, errstr); return OK; } @@ -1406,7 +1413,7 @@ if (ct != GNUTLS_CRT_X509) DEBUG(D_tls) debug_printf("TLS: peer cert problem: %s: %s\n", \ (Label), gnutls_strerror(rc)); \ if (state->verify_requirement >= VERIFY_REQUIRED) \ - return tls_error((Label), gnutls_strerror(rc), state->host); \ + return tls_error((Label), gnutls_strerror(rc), state->host, errstr); \ return OK; \ } \ } while (0) @@ -1447,7 +1454,7 @@ the peer information, but that's too new for some OSes. Arguments: state exim_gnutls_state_st * - error where to put an error message + errstr where to put an error message Returns: FALSE if the session should be rejected @@ -1455,17 +1462,17 @@ Returns: */ static BOOL -verify_certificate(exim_gnutls_state_st *state, const char **error) +verify_certificate(exim_gnutls_state_st *state, uschar ** errstr) { int rc; unsigned int verify; -*error = NULL; +*errstr = NULL; -if ((rc = peer_status(state)) != OK) +if ((rc = peer_status(state, errstr)) != OK) { verify = GNUTLS_CERT_INVALID; - *error = "certificate not supplied"; + *errstr = US"certificate not supplied"; } else rc = gnutls_certificate_verify_peers2(state->session, &verify); @@ -1478,13 +1485,13 @@ if (rc < 0 || ) { state->peer_cert_verified = FALSE; - if (!*error) - *error = verify & GNUTLS_CERT_REVOKED - ? "certificate revoked" : "certificate invalid"; + if (!*errstr) + *errstr = verify & GNUTLS_CERT_REVOKED + ? US"certificate revoked" : US"certificate invalid"; DEBUG(D_tls) debug_printf("TLS certificate verification failed (%s): peerdn=\"%s\"\n", - *error, state->peerdn ? state->peerdn : US""); + *errstr, state->peerdn ? state->peerdn : US""); if (state->verify_requirement >= VERIFY_REQUIRED) { @@ -1579,6 +1586,7 @@ size_t data_len = MAX_HOST_LEN; exim_gnutls_state_st *state = &state_server; unsigned int sni_type; int rc, old_pool; +uschar * dummy_errstr; rc = gnutls_server_name_get(session, sni_name, &data_len, &sni_type, 0); if (rc != GNUTLS_E_SUCCESS) @@ -1589,7 +1597,7 @@ if (rc != GNUTLS_E_SUCCESS) else debug_printf("TLS failure: gnutls_server_name_get(): %s [%d]\n", gnutls_strerror(rc), rc); - }; + } return 0; } @@ -1614,15 +1622,14 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", sni_name, if (!state->trigger_sni_changes) return 0; -rc = tls_expand_session_files(state); -if (rc != OK) +if ((rc = tls_expand_session_files(state, &dummy_errstr)) != OK) { /* If the setup of certs/etc failed before handshake, TLS would not have been offered. The best we can do now is abort. */ return GNUTLS_E_APPLICATION_ERROR_MIN; } -rc = tls_set_remaining_x509(state); +rc = tls_set_remaining_x509(state, &dummy_errstr); if (rc != OK) return GNUTLS_E_APPLICATION_ERROR_MIN; return 0; @@ -1720,24 +1727,24 @@ a TLS session. Arguments: require_ciphers list of allowed ciphers or NULL + errstr pointer to error string Returns: OK on success DEFER for errors before the start of the negotiation - FAIL for errors during the negotation; the server can't + FAIL for errors during the negotiation; the server can't continue running. */ int -tls_server_start(const uschar *require_ciphers) +tls_server_start(const uschar * require_ciphers, uschar ** errstr) { int rc; -const char *error; -exim_gnutls_state_st *state = NULL; +exim_gnutls_state_st * state = NULL; /* Check for previous activation */ if (tls_in.active >= 0) { - tls_error(US"STARTTLS received after TLS started", "", NULL); + tls_error(US"STARTTLS received after TLS started", "", NULL, errstr); smtp_printf("554 Already in TLS\r\n"); return FAIL; } @@ -1747,10 +1754,9 @@ and sent an SMTP response. */ DEBUG(D_tls) debug_printf("initialising GnuTLS as a server\n"); -rc = tls_init(NULL, tls_certificate, tls_privatekey, +if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, NULL, tls_verify_certificates, tls_crl, - require_ciphers, &state); -if (rc != OK) return rc; + require_ciphers, &state, errstr)) != OK) return rc; /* If this is a host for which certificate verification is mandatory or optional, set up appropriately. */ @@ -1828,12 +1834,12 @@ if (rc != GNUTLS_E_SUCCESS) if (sigalrm_seen) { - tls_error(US"gnutls_handshake", "timed out", NULL); + tls_error(US"gnutls_handshake", "timed out", NULL, errstr); gnutls_db_remove_session(state->session); } else { - tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL); + tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL, errstr); (void) gnutls_alert_send_appropriate(state->session, rc); gnutls_deinit(state->session); gnutls_certificate_free_credentials(state->x509_cred); @@ -1853,21 +1859,21 @@ DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n"); /* Verify after the fact */ if ( state->verify_requirement != VERIFY_NONE - && !verify_certificate(state, &error)) + && !verify_certificate(state, errstr)) { if (state->verify_requirement != VERIFY_OPTIONAL) { - tls_error(US"certificate verification failed", error, NULL); + (void) tls_error(US"certificate verification failed", *errstr, NULL, errstr); return FAIL; } DEBUG(D_tls) debug_printf("TLS: continuing on only because verification was optional, after: %s\n", - error); + *errstr); } /* Figure out peer DN, and if authenticated, etc. */ -if ((rc = peer_status(state)) != OK) return rc; +if ((rc = peer_status(state, NULL)) != OK) return rc; /* Sets various Exim expansion variables; always safe within server */ @@ -1922,6 +1928,8 @@ Arguments: addr the first address (not used) tb transport (always smtp) + errstr error string pointer + Returns: OK/DEFER/FAIL (because using common functions), but for a client, DEFER and FAIL have the same meaning */ @@ -1929,16 +1937,15 @@ Returns: OK/DEFER/FAIL (because using common functions), int tls_client_start(int fd, host_item *host, address_item *addr ARG_UNUSED, - transport_instance *tb + transport_instance * tb, #ifdef EXPERIMENTAL_DANE - , dns_answer * unused_tlsa_dnsa + dns_answer * tlsa_dnsa ARG_UNUSED, #endif - ) + uschar ** errstr) { smtp_transport_options_block *ob = (smtp_transport_options_block *)tb->options_block; int rc; -const char *error; exim_gnutls_state_st *state = NULL; #ifndef DISABLE_OCSP BOOL require_ocsp = @@ -1951,7 +1958,7 @@ DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", fd); if ((rc = tls_init(host, ob->tls_certificate, ob->tls_privatekey, ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, - ob->tls_require_ciphers, &state)) != OK) + ob->tls_require_ciphers, &state, errstr)) != OK) return rc; { @@ -2012,7 +2019,7 @@ if (request_ocsp) if ((rc = gnutls_ocsp_status_request_enable_client(state->session, NULL, 0, NULL)) != OK) return tls_error(US"cert-status-req", - gnutls_strerror(rc), state->host); + gnutls_strerror(rc), state->host, errstr); tls_out.ocsp = OCSP_NOT_RESP; } #endif @@ -2046,18 +2053,18 @@ if (rc != GNUTLS_E_SUCCESS) if (sigalrm_seen) { gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_USER_CANCELED); - return tls_error(US"gnutls_handshake", "timed out", state->host); + return tls_error(US"gnutls_handshake", "timed out", state->host, errstr); } else - return tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host); + return tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host, errstr); DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n"); /* Verify late */ if (state->verify_requirement != VERIFY_NONE && - !verify_certificate(state, &error)) - return tls_error(US"certificate verification failed", error, state->host); + !verify_certificate(state, errstr)) + return tls_error(US"certificate verification failed", *errstr, state->host, errstr); #ifndef DISABLE_OCSP if (require_ocsp) @@ -2077,13 +2084,13 @@ if (require_ocsp) gnutls_free(printed.data); } else - (void) tls_error(US"ocsp decode", gnutls_strerror(rc), state->host); + (void) tls_error(US"ocsp decode", gnutls_strerror(rc), state->host, errstr); } if (gnutls_ocsp_status_request_is_checked(state->session, 0) == 0) { tls_out.ocsp = OCSP_FAILED; - return tls_error(US"certificate status check failed", NULL, state->host); + return tls_error(US"certificate status check failed", NULL, state->host, errstr); } DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); tls_out.ocsp = OCSP_VFIED; @@ -2092,7 +2099,7 @@ if (require_ocsp) /* Figure out peer DN, and if authenticated, etc. */ -if ((rc = peer_status(state)) != OK) +if ((rc = peer_status(state, errstr)) != OK) return rc; /* Sets various Exim expansion variables; may need to adjust for ACL callouts */ @@ -2142,7 +2149,6 @@ if ((state_server.session == NULL) && (state_client.session == NULL)) gnutls_global_deinit(); exim_gnutls_base_init_done = FALSE; } - } @@ -2158,12 +2164,12 @@ Only used by the server-side TLS. This feeds DKIM and should be used for all message-body reads. -Arguments: none +Arguments: lim Maximum amount to read/bufffer Returns: the next character or EOF */ int -tls_getc(void) +tls_getc(unsigned lim) { exim_gnutls_state_st *state = &state_server; if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) @@ -2175,7 +2181,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); inbytes = gnutls_record_recv(state->session, state->xfer_buffer, - ssl_xfer_buffer_size); + MIN(ssl_xfer_buffer_size, lim)); alarm(0); /* Timeouts do not get this far; see command_timeout_handler(). @@ -2213,7 +2219,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) state->tlsp->peercert = NULL; state->tlsp->peerdn = NULL; - return smtp_getc(); + return smtp_getc(lim); } /* Handle genuine errors */ @@ -2437,6 +2443,7 @@ int rc; uschar *expciphers = NULL; gnutls_priority_t priority_cache; const char *errpos; +uschar * dummy_errstr; #define validate_check_rc(Label) do { \ if (rc != GNUTLS_E_SUCCESS) { if (exim_gnutls_base_init_done) gnutls_global_deinit(); \ @@ -2461,7 +2468,8 @@ exim_gnutls_base_init_done = TRUE; if (!(tls_require_ciphers && *tls_require_ciphers)) return_deinit(NULL); -if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers)) +if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers, + &dummy_errstr)) return_deinit(US"failed to expand tls_require_ciphers"); if (!(expciphers && *expciphers)) diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 2862111ab..4a41ba192 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Portions Copyright (c) The OpenSSL Project 1999 */ @@ -180,7 +180,7 @@ tls_ext_ctx_cb *server_static_cbinfo = NULL; static int setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional, - int (*cert_vfy_cb)(int, X509_STORE_CTX *) ); + int (*cert_vfy_cb)(int, X509_STORE_CTX *), uschar ** errstr ); /* Callbacks */ #ifdef EXIM_HAVE_OPENSSL_TLSEXT @@ -207,35 +207,22 @@ Argument: host NULL if setting up a server; the connected host if setting up a client msg error message or NULL if we should ask OpenSSL + errstr pointer to output error message Returns: OK/DEFER/FAIL */ static int -tls_error(uschar * prefix, const host_item * host, uschar * msg) +tls_error(uschar * prefix, const host_item * host, uschar * msg, uschar ** errstr) { if (!msg) { ERR_error_string(ERR_get_error(), ssl_errstring); - msg = (uschar *)ssl_errstring; + msg = US ssl_errstring; } -if (host) - { - log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection (%s): %s", - host->name, host->address, prefix, msg); - return FAIL; - } -else - { - uschar *conn_info = smtp_get_connection_info(); - if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) - conn_info += 5; - /* I'd like to get separated H= here, but too hard for now */ - log_write(0, LOG_MAIN, "TLS error on %s (%s): %s", - conn_info, prefix, msg); - return DEFER; - } +if (errstr) *errstr = string_sprintf("(%s): %s", prefix, msg); +return host ? FAIL : DEFER; } @@ -461,7 +448,7 @@ else if (rc < 0) { log_write(0, LOG_MAIN, "[%s] SSL verify error: internal error", - tlsp == &tls_out ? deliver_host_address : sender_host_address); + deliver_host_address); name = NULL; } break; @@ -526,8 +513,8 @@ verify_callback_client_dane(int preverify_ok, X509_STORE_CTX * x509ctx) { X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx); uschar dn[256]; -#ifndef DISABLE_EVENT int depth = X509_STORE_CTX_get_error_depth(x509ctx); +#ifndef DISABLE_EVENT BOOL dummy_called, optional = FALSE; #endif @@ -596,19 +583,20 @@ Arguments: sctx The current SSL CTX (inbound or outbound) dhparam DH parameter file or fixed parameter identity string host connected host, if client; NULL if server + errstr error string pointer Returns: TRUE if OK (nothing to set up, or setup worked) */ static BOOL -init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host) +init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr) { BIO *bio; DH *dh; uschar *dhexpanded; const char *pem; -if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded)) +if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr)) return FALSE; if (!dhexpanded || !*dhexpanded) @@ -618,7 +606,7 @@ else if (dhexpanded[0] == '/') if (!(bio = BIO_new_file(CS dhexpanded, "r"))) { tls_error(string_sprintf("could not read dhparams file %s", dhexpanded), - host, US strerror(errno)); + host, US strerror(errno), errstr); return FALSE; } } @@ -633,7 +621,7 @@ else if (!(pem = std_dh_prime_named(dhexpanded))) { tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded), - host, US strerror(errno)); + host, US strerror(errno), errstr); return FALSE; } bio = BIO_new_mem_buf(CS pem, -1); @@ -643,7 +631,7 @@ if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL))) { BIO_free(bio); tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded), - host, NULL); + host, NULL, errstr); return FALSE; } @@ -696,12 +684,13 @@ Patches welcome. Arguments: sctx The current SSL CTX (inbound or outbound) host connected host, if client; NULL if server + errstr error string pointer Returns: TRUE if OK (nothing to set up, or setup worked) */ static BOOL -init_ecdh(SSL_CTX * sctx, host_item * host) +init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr) { #ifdef OPENSSL_NO_ECDH return TRUE; @@ -721,15 +710,15 @@ DEBUG(D_tls) return TRUE; # else -if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve)) +if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr)) return FALSE; if (!exp_curve || !*exp_curve) return TRUE; /* "auto" needs to be handled carefully. - * OpenSSL < 1.0.2: we do not select anything, but fallback to primve256v1 + * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1 * OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto - * (openss/ssl.h defines SSL_CTRL_SET_ECDH_AUTO) + * (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO) * OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection * https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b */ @@ -760,15 +749,14 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef # endif ) { - tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", - exp_curve), - host, NULL); + tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve), + host, NULL, errstr); return FALSE; } if (!(ecdh = EC_KEY_new_by_curve_name(nid))) { - tls_error(US"Unable to create ec curve", host, NULL); + tls_error(US"Unable to create ec curve", host, NULL, errstr); return FALSE; } @@ -776,7 +764,7 @@ if (!(ecdh = EC_KEY_new_by_curve_name(nid))) not to the stability of the interface. */ if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0)) - tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL); + tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr); else DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve); @@ -862,7 +850,7 @@ verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */ OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT OCSP_TRUSTOTHER OCSP_NOINTERN */ -/* This does a full verify on the OCSP proof before we load it for serviing +/* This does a full verify on the OCSP proof before we load it for serving up; possibly overkill - just date-checks might be nice enough. OCSP_basic_verify takes a "store" arg, but does not @@ -879,10 +867,10 @@ function for getting a stack from a store. We do not free the stack since it could be needed a second time for SNI handling. -Seperately we might try to replace using OCSP_basic_verify() - which seems to not +Separately we might try to replace using OCSP_basic_verify() - which seems to not be a public interface into the OpenSSL library (there's no manual entry) - But what with? We also use OCSP_basic_verify in the client stapling callback. -And there we NEED it; we miust verify that status... unless the +And there we NEED it; we must verify that status... unless the library does it for us anyway? */ if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0) @@ -951,7 +939,7 @@ return; /* Create and install a selfsigned certificate, for use in server mode */ static int -tls_install_selfsign(SSL_CTX * sctx) +tls_install_selfsign(SSL_CTX * sctx, uschar ** errstr) { X509 * x509 = NULL; EVP_PKEY * pkey; @@ -972,7 +960,7 @@ where = US"generating pkey"; if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) goto err; -where = US"assiging pkey"; +where = US"assigning pkey"; if (!EVP_PKEY_assign_RSA(pkey, rsa)) goto err; @@ -1006,7 +994,7 @@ if (!SSL_CTX_use_PrivateKey(sctx, pkey)) return OK; err: - (void) tls_error(where, NULL, NULL); + (void) tls_error(where, NULL, NULL, errstr); if (x509) X509_free(x509); if (pkey) EVP_PKEY_free(pkey); return DEFER; @@ -1026,12 +1014,14 @@ the certificate string. Arguments: sctx the SSL_CTX* to update cbinfo various parts of session state + errstr error string pointer Returns: OK/DEFER/FAIL */ static int -tls_expand_session_files(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo) +tls_expand_session_files(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo, + uschar ** errstr) { uschar *expanded; @@ -1040,7 +1030,7 @@ if (!cbinfo->certificate) if (cbinfo->host) /* client */ return OK; /* server */ - if (tls_install_selfsign(sctx) != OK) + if (tls_install_selfsign(sctx, errstr) != OK) return DEFER; } else @@ -1051,7 +1041,7 @@ else ) reexpand_tls_files_for_sni = TRUE; - if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded)) + if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded, errstr)) return DEFER; if (expanded != NULL) @@ -1060,11 +1050,11 @@ else if (!SSL_CTX_use_certificate_chain_file(sctx, CS expanded)) return tls_error(string_sprintf( "SSL_CTX_use_certificate_chain_file file=%s", expanded), - cbinfo->host, NULL); + cbinfo->host, NULL, errstr); } if (cbinfo->privatekey != NULL && - !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded)) + !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded, errstr)) return DEFER; /* If expansion was forced to fail, key_expanded will be NULL. If the result @@ -1076,14 +1066,14 @@ else DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded); if (!SSL_CTX_use_PrivateKey_file(sctx, CS expanded, SSL_FILETYPE_PEM)) return tls_error(string_sprintf( - "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL); + "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL, errstr); } } #ifndef DISABLE_OCSP if (cbinfo->is_server && cbinfo->u_ocsp.server.file) { - if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded)) + if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded, errstr)) return DEFER; if (expanded && *expanded) @@ -1131,6 +1121,7 @@ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); tls_ext_ctx_cb *cbinfo = (tls_ext_ctx_cb *) arg; int rc; int old_pool = store_pool; +uschar * dummy_errstr; if (!servername) return SSL_TLSEXT_ERR_OK; @@ -1167,8 +1158,8 @@ SSL_CTX_set_timeout(server_sni, SSL_CTX_get_timeout(server_ctx)); SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb); SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo); -if ( !init_dh(server_sni, cbinfo->dhparam, NULL) - || !init_ecdh(server_sni, NULL) +if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr) + || !init_ecdh(server_sni, NULL, &dummy_errstr) ) return SSL_TLSEXT_ERR_NOACK; @@ -1183,12 +1174,12 @@ if (cbinfo->u_ocsp.server.file) #endif if ((rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, - verify_callback_server)) != OK) + verify_callback_server, &dummy_errstr)) != OK) return SSL_TLSEXT_ERR_NOACK; /* do this after setup_certs, because this can require the certs for verifying OCSP information. */ -if ((rc = tls_expand_session_files(server_sni, cbinfo)) != OK) +if ((rc = tls_expand_session_files(server_sni, cbinfo, &dummy_errstr)) != OK) return SSL_TLSEXT_ERR_NOACK; DEBUG(D_tls) debug_printf("Switching SSL context.\n"); @@ -1414,6 +1405,7 @@ Arguments: ocsp_file file of stapling info (server); flag for require ocsp (client) addr address if client; NULL if server (for some randomness) cbp place to put allocated callback context + errstr error string pointer Returns: OK/DEFER/FAIL */ @@ -1424,7 +1416,7 @@ tls_init(SSL_CTX **ctxp, host_item *host, uschar *dhparam, uschar *certificate, #ifndef DISABLE_OCSP uschar *ocsp_file, #endif - address_item *addr, tls_ext_ctx_cb ** cbp) + address_item *addr, tls_ext_ctx_cb ** cbp, uschar ** errstr) { long init_options; int rc; @@ -1471,7 +1463,7 @@ existing knob. */ *ctxp = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method()); -if (!*ctxp) return tls_error(US"SSL_CTX_new", host, NULL); +if (!*ctxp) return tls_error(US"SSL_CTX_new", host, NULL, errstr); /* It turns out that we need to seed the random number generator this early in order to get the full complement of ciphers to work. It took me roughly a day @@ -1493,7 +1485,7 @@ if (!RAND_status()) if (!RAND_status()) return tls_error(US"RAND_status", host, - US"unable to seed random number generator"); + US"unable to seed random number generator", errstr); } /* Set up the information callback, which outputs if debugging is at a suitable @@ -1515,14 +1507,14 @@ availability of the option value macros from OpenSSL. */ okay = tls_openssl_options_parse(openssl_options, &init_options); if (!okay) - return tls_error(US"openssl_options parsing failed", host, NULL); + return tls_error(US"openssl_options parsing failed", host, NULL, errstr); if (init_options) { DEBUG(D_tls) debug_printf("setting SSL CTX options: %#lx\n", init_options); if (!(SSL_CTX_set_options(*ctxp, init_options))) return tls_error(string_sprintf( - "SSL_CTX_set_option(%#lx)", init_options), host, NULL); + "SSL_CTX_set_option(%#lx)", init_options), host, NULL, errstr); } else DEBUG(D_tls) debug_printf("no SSL CTX options to set\n"); @@ -1530,14 +1522,14 @@ else /* Initialize with DH parameters if supplied */ /* Initialize ECDH temp key parameter selection */ -if ( !init_dh(*ctxp, dhparam, host) - || !init_ecdh(*ctxp, host) +if ( !init_dh(*ctxp, dhparam, host, errstr) + || !init_ecdh(*ctxp, host, errstr) ) return DEFER; /* Set up certificate and key (and perhaps OCSP info) */ -if ((rc = tls_expand_session_files(*ctxp, cbinfo)) != OK) +if ((rc = tls_expand_session_files(*ctxp, cbinfo, errstr)) != OK) return rc; /* If we need to handle SNI or OCSP, do so */ @@ -1694,17 +1686,18 @@ Arguments: optional TRUE if called from a server for a host in tls_try_verify_hosts; otherwise passed as FALSE cert_vfy_cb Callback function for certificate verification + errstr error string pointer Returns: OK/DEFER/FAIL */ static int setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional, - int (*cert_vfy_cb)(int, X509_STORE_CTX *) ) + int (*cert_vfy_cb)(int, X509_STORE_CTX *), uschar ** errstr) { uschar *expcerts, *expcrl; -if (!expand_check(certs, US"tls_verify_certificates", &expcerts)) +if (!expand_check(certs, US"tls_verify_certificates", &expcerts, errstr)) return DEFER; if (expcerts && *expcerts) @@ -1713,7 +1706,7 @@ if (expcerts && *expcerts) CA bundle. Then add the ones specified in the config, if any. */ if (!SSL_CTX_set_default_verify_paths(sctx)) - return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL); + return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr); if (Ustrcmp(expcerts, "system") != 0) { @@ -1757,14 +1750,14 @@ if (expcerts && *expcerts) if ( (!file || statbuf.st_size > 0) && !SSL_CTX_load_verify_locations(sctx, CS file, CS dir)) - return tls_error(US"SSL_CTX_load_verify_locations", host, NULL); + return tls_error(US"SSL_CTX_load_verify_locations", host, NULL, errstr); /* Load the list of CAs for which we will accept certs, for sending to the client. This is only for the one-file tls_verify_certificates variant. If a list isn't loaded into the server, but some verify locations are set, the server end appears to make - a wildcard reqest for client certs. + a wildcard request for client certs. Meanwhile, the client library as default behaviour *ignores* the list we send over the wire - see man SSL_CTX_set_client_cert_cb. Because of this, and that the dir variant is likely only used for @@ -1795,7 +1788,7 @@ if (expcerts && *expcerts) OpenSSL will then handle the verify against CA certs and CRLs by itself in the verify callback." */ - if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER; + if (!expand_check(crl, US"tls_crl", &expcrl, errstr)) return DEFER; if (expcrl && *expcrl) { struct stat statbufcrl; @@ -1823,7 +1816,7 @@ if (expcerts && *expcerts) DEBUG(D_tls) debug_printf("SSL CRL value is a file %s\n", file); } if (X509_STORE_load_locations(cvstore, CS file, CS dir) == 0) - return tls_error(US"X509_STORE_load_locations", host, NULL); + return tls_error(US"X509_STORE_load_locations", host, NULL, errstr); /* setting the flags to check against the complete crl chain */ @@ -1856,19 +1849,20 @@ a TLS session. Arguments: require_ciphers allowed ciphers + errstr pointer to error message Returns: OK on success DEFER for errors before the start of the negotiation - FAIL for errors during the negotation; the server can't + FAIL for errors during the negotiation; the server can't continue running. */ int -tls_server_start(const uschar *require_ciphers) +tls_server_start(const uschar * require_ciphers, uschar ** errstr) { int rc; -uschar *expciphers; -tls_ext_ctx_cb *cbinfo; +uschar * expciphers; +tls_ext_ctx_cb * cbinfo; static uschar peerdn[256]; static uschar cipherbuf[256]; @@ -1876,7 +1870,7 @@ static uschar cipherbuf[256]; if (tls_in.active >= 0) { - tls_error(US"STARTTLS received after TLS started", NULL, US""); + tls_error(US"STARTTLS received after TLS started", NULL, US"", errstr); smtp_printf("554 Already in TLS\r\n"); return FAIL; } @@ -1888,11 +1882,11 @@ rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey, #ifndef DISABLE_OCSP tls_ocsp_file, #endif - NULL, &server_static_cbinfo); + NULL, &server_static_cbinfo, errstr); if (rc != OK) return rc; cbinfo = server_static_cbinfo; -if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers)) +if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr)) return FAIL; /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they @@ -1906,7 +1900,7 @@ if (expciphers) while (*s != 0) { if (*s == '_') *s = '-'; s++; } DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers); if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers)) - return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL); + return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr); cbinfo->server_cipher_list = expciphers; } @@ -1922,21 +1916,22 @@ server_verify_callback_called = FALSE; if (verify_check_host(&tls_verify_hosts) == OK) { rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL, - FALSE, verify_callback_server); + FALSE, verify_callback_server, errstr); if (rc != OK) return rc; server_verify_optional = FALSE; } else if (verify_check_host(&tls_try_verify_hosts) == OK) { rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL, - TRUE, verify_callback_server); + TRUE, verify_callback_server, errstr); if (rc != OK) return rc; server_verify_optional = TRUE; } /* Prepare for new connection */ -if (!(server_ssl = SSL_new(server_ctx))) return tls_error(US"SSL_new", NULL, NULL); +if (!(server_ssl = SSL_new(server_ctx))) + return tls_error(US"SSL_new", NULL, NULL, errstr); /* Warning: we used to SSL_clear(ssl) here, it was removed. * @@ -1980,10 +1975,7 @@ alarm(0); if (rc <= 0) { - tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL); - if (ERR_get_error() == 0) - log_write(0, LOG_MAIN, - "TLS client disconnected cleanly (rejected our certificate?)"); + (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr); return FAIL; } @@ -2035,8 +2027,8 @@ return OK; static int tls_client_basic_ctx_init(SSL_CTX * ctx, - host_item * host, smtp_transport_options_block * ob, tls_ext_ctx_cb * cbinfo - ) + host_item * host, smtp_transport_options_block * ob, tls_ext_ctx_cb * cbinfo, + uschar ** errstr) { int rc; /* stick to the old behaviour for compatibility if tls_verify_certificates is @@ -2055,7 +2047,8 @@ else return OK; if ((rc = setup_certs(ctx, ob->tls_verify_certificates, - ob->tls_crl, host, client_verify_optional, verify_callback_client)) != OK) + ob->tls_crl, host, client_verify_optional, verify_callback_client, + errstr)) != OK) return rc; if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK) @@ -2075,7 +2068,7 @@ return OK; #ifdef EXPERIMENTAL_DANE static int -dane_tlsa_load(SSL * ssl, host_item * host, dns_answer * dnsa) +dane_tlsa_load(SSL * ssl, host_item * host, dns_answer * dnsa, uschar ** errstr) { dns_record * rr; dns_scan dnss; @@ -2083,7 +2076,7 @@ const char * hostnames[2] = { CS host->name, NULL }; int found = 0; if (DANESSL_init(ssl, NULL, hostnames) != 1) - return tls_error(US"hostnames load", host, NULL); + return tls_error(US"hostnames load", host, NULL, errstr); for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; @@ -2114,7 +2107,7 @@ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); switch (DANESSL_add_tlsa(ssl, usage, selector, mdname, p, rr->size - 3)) { default: - return tls_error(US"tlsa load", host, NULL); + return tls_error(US"tlsa load", host, NULL, errstr); case 0: /* action not taken */ case 1: break; } @@ -2144,6 +2137,7 @@ Argument: addr the first address tb transport (always smtp) tlsa_dnsa tlsa lookup, if DANE, else null + errstr error string pointer Returns: OK on success FAIL otherwise - note that tls_error() will not give DEFER @@ -2152,11 +2146,11 @@ Returns: OK on success int tls_client_start(int fd, host_item *host, address_item *addr, - transport_instance *tb + transport_instance * tb, #ifdef EXPERIMENTAL_DANE - , dns_answer * tlsa_dnsa + dns_answer * tlsa_dnsa, #endif - ) + uschar ** errstr) { smtp_transport_options_block * ob = (smtp_transport_options_block *)tb->options_block; @@ -2207,27 +2201,27 @@ rc = tls_init(&client_ctx, host, NULL, #ifndef DISABLE_OCSP (void *)(long)request_ocsp, #endif - addr, &client_static_cbinfo); + addr, &client_static_cbinfo, errstr); if (rc != OK) return rc; tls_out.certificate_verified = FALSE; client_verify_callback_called = FALSE; if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers", - &expciphers)) + &expciphers, errstr)) return FAIL; /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they are separated by underscores. So that I can use either form in my tests, and also for general convenience, we turn underscores into hyphens here. */ -if (expciphers != NULL) +if (expciphers) { uschar *s = expciphers; - while (*s != 0) { if (*s == '_') *s = '-'; s++; } + while (*s) { if (*s == '_') *s = '-'; s++; } DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers); if (!SSL_CTX_set_cipher_list(client_ctx, CS expciphers)) - return tls_error(US"SSL_CTX_set_cipher_list", host, NULL); + return tls_error(US"SSL_CTX_set_cipher_list", host, NULL, errstr); } #ifdef EXPERIMENTAL_DANE @@ -2238,29 +2232,29 @@ if (tlsa_dnsa) verify_callback_client_dane); if (!DANESSL_library_init()) - return tls_error(US"library init", host, NULL); + return tls_error(US"library init", host, NULL, errstr); if (DANESSL_CTX_init(client_ctx) <= 0) - return tls_error(US"context init", host, NULL); + return tls_error(US"context init", host, NULL, errstr); } else #endif - if ((rc = tls_client_basic_ctx_init(client_ctx, host, ob, client_static_cbinfo)) - != OK) + if ((rc = tls_client_basic_ctx_init(client_ctx, host, ob, + client_static_cbinfo, errstr)) != OK) return rc; if ((client_ssl = SSL_new(client_ctx)) == NULL) - return tls_error(US"SSL_new", host, NULL); + return tls_error(US"SSL_new", host, NULL, errstr); SSL_set_session_id_context(client_ssl, sid_ctx, Ustrlen(sid_ctx)); SSL_set_fd(client_ssl, fd); SSL_set_connect_state(client_ssl); if (ob->tls_sni) { - if (!expand_check(ob->tls_sni, US"tls_sni", &tls_out.sni)) + if (!expand_check(ob->tls_sni, US"tls_sni", &tls_out.sni, errstr)) return FAIL; - if (tls_out.sni == NULL) + if (!tls_out.sni) { DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n"); } @@ -2280,7 +2274,7 @@ if (ob->tls_sni) #ifdef EXPERIMENTAL_DANE if (tlsa_dnsa) - if ((rc = dane_tlsa_load(client_ssl, host, tlsa_dnsa)) != OK) + if ((rc = dane_tlsa_load(client_ssl, host, tlsa_dnsa, errstr)) != OK) return rc; #endif @@ -2330,7 +2324,8 @@ if (tlsa_dnsa) #endif if (rc <= 0) - return tls_error(US"SSL_connect", host, sigalrm_seen ? US"timed out" : NULL); + return tls_error(US"SSL_connect", host, sigalrm_seen ? US"timed out" : NULL, + errstr); DEBUG(D_tls) debug_printf("SSL_connect succeeded\n"); @@ -2360,14 +2355,14 @@ return OK; /* This gets the next byte from the TLS input buffer. If the buffer is empty, it refills the buffer via the SSL reading function. -Arguments: none +Arguments: lim Maximum amount to read/buffer Returns: the next character or EOF Only used by the server-side TLS. */ int -tls_getc(void) +tls_getc(unsigned lim) { if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) { @@ -2378,7 +2373,8 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) ssl_xfer_buffer, ssl_xfer_buffer_size); if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); - inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size); + inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, + MIN(ssl_xfer_buffer_size, lim)); error = SSL_get_error(server_ssl, inbytes); alarm(0); @@ -2405,7 +2401,7 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) tls_in.peerdn = NULL; tls_in.sni = NULL; - return smtp_getc(); + return smtp_getc(lim); } /* Handle genuine errors */ @@ -2483,9 +2479,7 @@ if (error == SSL_ERROR_ZERO_RETURN) return -1; } else if (error != SSL_ERROR_NONE) - { return -1; - } return inbytes; } @@ -2624,7 +2618,8 @@ EVP_add_digest(EVP_sha256()); if (!(tls_require_ciphers && *tls_require_ciphers)) return NULL; -if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers)) +if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers, + &err)) return US"failed to expand tls_require_ciphers"; if (!(expciphers && *expciphers)) @@ -2649,7 +2644,8 @@ DEBUG(D_tls) if (!SSL_CTX_set_cipher_list(ctx, CS expciphers)) { ERR_error_string(ERR_get_error(), ssl_errstring); - err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed", expciphers); + err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed: %s", + expciphers, ssl_errstring); } SSL_CTX_free(ctx); diff --git a/src/src/tls.c b/src/src/tls.c index 55295108c..a5cb35bd9 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -8,7 +8,7 @@ /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is based on a patch that was originally contributed by Steve Haslam. It was adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is -based on a patch contributed by Nikos Mavroyanopoulos. Because these packages +based on a patch contributed by Nikos Mavrogiannopoulos. Because these packages are so very different, the functions for each are kept in separate files. The relevant file is #included as required, after any any common functions. @@ -64,17 +64,18 @@ Returns: TRUE if OK; result may still be NULL after forced failure */ static BOOL -expand_check(const uschar *s, const uschar *name, uschar **result) +expand_check(const uschar *s, const uschar *name, uschar **result, uschar ** errstr) { -if (s == NULL) *result = NULL; else +if (!s) + *result = NULL; +else if ( !(*result = expand_string(US s)) /* need to clean up const more */ + && !expand_string_forcedfail + ) { - *result = expand_string(US s); /* need to clean up const some more */ - if (*result == NULL && !expand_string_forcedfail) - { - log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name, - expand_string_message); - return FALSE; - } + *errstr = US"Internal error"; + log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name, + expand_string_message); + return FALSE; } return TRUE; } diff --git a/src/src/transport-filter.src b/src/src/transport-filter.src index 92a3b9dc4..3f250e657 100644 --- a/src/src/transport-filter.src +++ b/src/src/transport-filter.src @@ -1,4 +1,4 @@ -#! PERL_COMMAND -w +#! PERL_COMMAND # This is a Perl script to demonstrate the possibilities of on-the-fly # delivery filtering in Exim. It is presented with a message on its standard @@ -11,6 +11,8 @@ # Philip Hazel, May 1997 ############################################################################# +use warnings; +BEGIN { pop @INC if $INC[-1] eq '.' }; # If the filter is called with any arguments, insert them into the message # as X-Arg headers, just to verify what they are. diff --git a/src/src/transport.c b/src/src/transport.c index c48f1575b..aca33762b 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -624,7 +624,7 @@ return write_chunk(fd, tctx, pp->address, Ustrlen(pp->address)); -/* Add/remove/rewwrite headers, and send them plus the empty-line sparator. +/* Add/remove/rewrite headers, and send them plus the empty-line separator. Globals: header_list @@ -908,7 +908,7 @@ if (!(tctx->options & topt_no_headers)) /* Pick up from all the addresses. The plist and dlist variables are anchors for lists of addresses already handled; they have to be defined at - this level becuase write_env_to() calls itself recursively. */ + this level because write_env_to() calls itself recursively. */ for (p = tctx->addr; p; p = p->next) if (!write_env_to(p, &plist, &dlist, &first, fd, tctx)) @@ -978,7 +978,7 @@ if (tctx->options & topt_use_bdat) if (size > DELIVER_OUT_BUFFER_SIZE && hsize > 0) { DEBUG(D_transport) - debug_printf("sending small initial BDAT; hssize=%d\n", hsize); + debug_printf("sending small initial BDAT; hsize=%d\n", hsize); if ( tctx->chunk_cb(fd, tctx, hsize, 0) != OK || !transport_write_block(fd, deliver_out_buffer, hsize) || tctx->chunk_cb(fd, tctx, 0, tc_reap_prev) != OK @@ -1062,18 +1062,16 @@ Returns: TRUE on success; FALSE (with errno) for any failure BOOL dkim_transport_write_message(int out_fd, transport_ctx * tctx, - struct ob_dkim * dkim) + struct ob_dkim * dkim, const uschar ** err) { int dkim_fd; int save_errno = 0; BOOL rc; uschar * dkim_spool_name; -int sread = 0; -int wwritten = 0; -uschar *dkim_signature = NULL; -int siglen = 0; +uschar * dkim_signature = NULL; +int sread = 0, wwritten = 0, siglen = 0, options; off_t k_file_size; -int options; +const uschar * errstr; /* If we can't sign, just call the original function. */ @@ -1088,6 +1086,7 @@ if ((dkim_fd = Uopen(dkim_spool_name, O_RDWR|O_CREAT|O_TRUNC, SPOOL_MODE)) < 0) /* Can't create spool file. Ugh. */ rc = FALSE; save_errno = errno; + *err = string_sprintf("dkim spoolfile create: %s", strerror(errno)); goto CLEANUP; } @@ -1109,7 +1108,7 @@ if (!rc) /* Rewind file and feed it to the goats^W DKIM lib */ dkim->dot_stuffed = !!(options & topt_end_dot); lseek(dkim_fd, 0, SEEK_SET); -if ((dkim_signature = dkim_exim_sign(dkim_fd, dkim))) +if ((dkim_signature = dkim_exim_sign(dkim_fd, dkim, &errstr))) siglen = Ustrlen(dkim_signature); else if (dkim->dkim_strict) { @@ -1122,6 +1121,7 @@ else if (dkim->dkim_strict) save_errno = EACCES; log_write(0, LOG_MAIN, "DKIM: message could not be signed," " and dkim_strict is set. Deferring message delivery."); + *err = errstr; rc = FALSE; goto CLEANUP; } @@ -1959,7 +1959,7 @@ DEBUG(D_transport) debug_printf("transport_pass_socket entered\n"); if ((pid = fork()) == 0) { - int i = 17; + int i = 19; const uschar **argv; /* Disconnect entirely from the parent process. If we are running in the @@ -1982,7 +1982,15 @@ if ((pid = fork()) == 0) if (smtp_peer_options & PEER_OFFERED_PIPE) argv[i++] = US"-MCP"; if (smtp_peer_options & PEER_OFFERED_SIZE) argv[i++] = US"-MCS"; #ifdef SUPPORT_TLS - if (smtp_peer_options & PEER_OFFERED_TLS) argv[i++] = US"-MCT"; + if (smtp_peer_options & PEER_OFFERED_TLS) + if (tls_out.active >= 0 || continue_proxy) + { + argv[i++] = US"-MCt"; + argv[i++] = sending_ip_address; + argv[i++] = string_sprintf("%d", sending_port); + } + else + argv[i++] = US"-MCT"; #endif if (queue_run_pid != (pid_t)0) @@ -2272,7 +2280,7 @@ if (expand_arguments) */ if (address_pipe_argcount > 1) memmove( - /* current position + additonal args */ + /* current position + additional args */ argv + i + address_pipe_argcount, /* current position + 1 (for the (uschar *)0 at the end) */ argv + i + 1, diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index 884452208..9b3379be2 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -1146,7 +1146,7 @@ directory name) is given, that is, when appending to a single file: Open with O_WRONLY + O_EXCL + O_CREAT with configured mode, unless we know this is via a symbolic link (only possible if allow_symlinks is set), in - which case don't use O_EXCL, as it dosn't work. + which case don't use O_EXCL, as it doesn't work. If open fails because the file already exists, go to (6f). To avoid looping for ever in a situation where the file is continuously being @@ -3128,7 +3128,7 @@ if (yield != OK) fcntl() call (BSDI & FreeBSD do not). */ if (!isdirectory && ftruncate(fd, saved_size)) - DEBUG(D_transport) debug_printf("Error restting file size\n"); + DEBUG(D_transport) debug_printf("Error resetting file size\n"); } /* Handle successful writing - we want the modification time to be now for diff --git a/src/src/transports/lmtp.c b/src/src/transports/lmtp.c index 0cc981064..c4606ef8b 100644 --- a/src/src/transports/lmtp.c +++ b/src/src/transports/lmtp.c @@ -106,7 +106,7 @@ Arguments: more_errno from the top address for use with ERRNO_FILTER_FAIL buffer the LMTP response buffer yield where to put a one-digit LMTP response code - message where to put an errror message + message where to put an error message Returns: TRUE if a "QUIT" command should be sent, else FALSE */ diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index 0535b6743..8b87e4a95 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -576,7 +576,7 @@ if (testflag(addr, af_pfr) && addr->local_part[0] == '|') { if (ob->force_command) { - /* Enables expansion of $address_pipe into seperate arguments */ + /* Enables expansion of $address_pipe into separate arguments */ setflag(addr, af_force_command); cmd = ob->cmd; expand_arguments = TRUE; @@ -1024,7 +1024,7 @@ if ((rc = child_close(pid, timeout)) != 0) the command that was given is a non-existent path). By default this is treated as just another failure, but if freeze_exec_fail is set, the reaction is to freeze the message rather than bounce the address. Exim used to signal - this failure with EX_UNAVAILABLE, which is definined in many systems as + this failure with EX_UNAVAILABLE, which is defined in many systems as #define EX_UNAVAILABLE 69 @@ -1062,7 +1062,7 @@ if ((rc = child_close(pid, timeout)) != 0) uschar *ss; int size, ptr, i; - /* If temp_errors is "*" all codes are temporary. Initializion checks + /* If temp_errors is "*" all codes are temporary. Initialization checks that it's either "*" or a list of numbers. If not "*", scan the list of temporary failure codes; if any match, the result is DEFER. */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 527142967..52e04b8a5 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2,18 +2,12 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" #include "smtp.h" -#define PENDING 256 -#define PENDING_DEFER (PENDING + DEFER) -#define PENDING_OK (PENDING + OK) - -#define DELIVER_BUFFER_SIZE 4096 - /* Options specific to the smtp transport. This transport also supports LMTP over TCP/IP. The options must be in alphabetic order (note that "_" comes @@ -93,6 +87,8 @@ optionlist smtp_transport_options[] = { #ifdef SUPPORT_TLS { "hosts_nopass_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) }, + { "hosts_noproxy_tls", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) }, #endif { "hosts_override", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_override) }, @@ -225,6 +221,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* hosts_avoid_pipelining */ NULL, /* hosts_avoid_esmtp */ NULL, /* hosts_nopass_tls */ + US"*", /* hosts_noproxy_tls */ 5*60, /* command_timeout */ 5*60, /* connect_timeout; shorter system default overrides */ 5*60, /* data timeout */ @@ -289,6 +286,8 @@ static uschar *smtp_command; /* Points to last cmd for error messages */ static uschar *mail_command; /* Points to MAIL cmd for error messages */ static uschar *data_command = US""; /* Points to DATA cmd for error messages */ static BOOL update_waiting; /* TRUE to update the "wait" database */ + +/*XXX move to smtp_context */ static BOOL pipelining_active; /* current transaction is in pipe mode */ @@ -327,7 +326,7 @@ gid = gid; /* Pass back options if required. This interface is getting very messy. */ -if (tf != NULL) +if (tf) { tf->interface = ob->interface; tf->port = ob->port; @@ -346,11 +345,8 @@ host lists, provided that the local host wasn't present in the original host list. */ if (!testflag(addrlist, af_local_host_removed)) - { - for (; addrlist != NULL; addrlist = addrlist->next) - if (addrlist->fallback_hosts == NULL) - addrlist->fallback_hosts = ob->fallback_hostlist; - } + for (; addrlist; addrlist = addrlist->next) + if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist; return OK; } @@ -458,7 +454,7 @@ for (addr = addrlist; addr; addr = addr->next) { addr->basic_errno = errno_value; addr->more_errno |= orvalue; - if (msg != NULL) + if (msg) { addr->message = msg; if (pass_message) setflag(addr, af_pass_message); @@ -508,7 +504,7 @@ Arguments: more_errno from the top address for use with ERRNO_FILTER_FAIL buffer the SMTP response buffer yield where to put a one-digit SMTP response code - message where to put an errror message + message where to put an error message pass_message set TRUE if message is an SMTP response Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE @@ -519,82 +515,62 @@ check_response(host_item *host, int *errno_value, int more_errno, uschar *buffer, int *yield, uschar **message, BOOL *pass_message) { uschar * pl = pipelining_active ? US"pipelined " : US""; +const uschar * s; *yield = '4'; /* Default setting is to give a temporary error */ -/* Handle response timeout */ - -if (*errno_value == ETIMEDOUT) - { - *message = US string_sprintf("SMTP timeout after %s%s", - pl, smtp_command); - if (transport_count > 0) - *message = US string_sprintf("%s (%d bytes written)", *message, - transport_count); - return FALSE; - } - -/* Handle malformed SMTP response */ - -if (*errno_value == ERRNO_SMTPFORMAT) - { - const uschar *malfresp = string_printing(buffer); - while (isspace(*malfresp)) malfresp++; - *message = *malfresp == 0 - ? string_sprintf("Malformed SMTP reply (an empty line) " - "in response to %s%s", pl, smtp_command) - : string_sprintf("Malformed SMTP reply in response to %s%s: %s", - pl, smtp_command, malfresp); - return FALSE; - } - -/* Handle a failed filter process error; can't send QUIT as we mustn't -end the DATA. */ - -if (*errno_value == ERRNO_FILTER_FAIL) - { - *message = US string_sprintf("transport filter process failed (%d)%s", - more_errno, - (more_errno == EX_EXECFAILED)? ": unable to execute command" : ""); - return FALSE; - } - -/* Handle a failed add_headers expansion; can't send QUIT as we mustn't -end the DATA. */ - -if (*errno_value == ERRNO_CHHEADER_FAIL) - { - *message = - US string_sprintf("failed to expand headers_add or headers_remove: %s", - expand_string_message); - return FALSE; - } - -/* Handle failure to write a complete data block */ - -if (*errno_value == ERRNO_WRITEINCOMPLETE) +switch(*errno_value) { - *message = US string_sprintf("failed to write a data block"); - return FALSE; - } + case ETIMEDOUT: /* Handle response timeout */ + *message = US string_sprintf("SMTP timeout after %s%s", + pl, smtp_command); + if (transport_count > 0) + *message = US string_sprintf("%s (%d bytes written)", *message, + transport_count); + return FALSE; + + case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */ + s = string_printing(buffer); + while (isspace(*s)) s++; + *message = *s == 0 + ? string_sprintf("Malformed SMTP reply (an empty line) " + "in response to %s%s", pl, smtp_command) + : string_sprintf("Malformed SMTP reply in response to %s%s: %s", + pl, smtp_command, s); + return FALSE; + + case ERRNO_FILTER_FAIL: /* Handle a failed filter process error; + can't send QUIT as we mustn't end the DATA. */ + *message = string_sprintf("transport filter process failed (%d)%s", + more_errno, + more_errno == EX_EXECFAILED ? ": unable to execute command" : ""); + return FALSE; + + case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion; + can't send QUIT as we mustn't end the DATA. */ + *message = + string_sprintf("failed to expand headers_add or headers_remove: %s", + expand_string_message); + return FALSE; + + case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */ + *message = string_sprintf("failed to write a data block"); + return FALSE; #ifdef SUPPORT_I18N -/* Handle lack of advertised SMTPUTF8, for international message */ -if (*errno_value == ERRNO_UTF8_FWD) - { - *message = US string_sprintf("utf8 support required but not offered for forwarding"); - DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message); - return TRUE; - } + case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */ + *message = US"utf8 support required but not offered for forwarding"; + DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message); + return TRUE; #endif + } /* Handle error responses from the remote mailer. */ if (buffer[0] != 0) { - const uschar *s = string_printing(buffer); - *message = US string_sprintf("SMTP error from remote mail server after %s%s: " - "%s", pl, smtp_command, s); + *message = string_sprintf("SMTP error from remote mail server after %s%s: " + "%s", pl, smtp_command, s = string_printing(buffer)); *pass_message = TRUE; *yield = buffer[0]; return TRUE; @@ -610,9 +586,10 @@ if (*errno_value == 0 || *errno_value == ECONNRESET) { *errno_value = ERRNO_SMTPCLOSED; *message = US string_sprintf("Remote host closed connection " - "in response to %s%s", pl, smtp_command); + "in response to %s%s", pl, smtp_command); } -else *message = US string_sprintf("%s [%s]", host->name, host->address); +else + *message = US string_sprintf("%s [%s]", host->name, host->address); return FALSE; } @@ -744,21 +721,11 @@ subsequent general error, it will get reset accordingly. If not, it will get converted to OK at the end. Arguments: - addrlist the complete address list - include_affixes TRUE if affixes include in RCPT - sync_addr ptr to the ptr of the one to start scanning at (updated) - host the host we are connected to + sx smtp connection context count the number of responses to read - address_retry_ - include_sender true if 4xx retry is to include the sender it its key - pending_MAIL true if the first response is for MAIL pending_DATA 0 if last command sent was not DATA +1 if previously had a good recipient -1 if not previously had a good recipient - inblock incoming SMTP block - timeout timeout value - buffer buffer for reading response - buffsize size of buffer Returns: 3 if at least one address had 2xx and one had 5xx 2 if at least one address had 5xx but none had 2xx @@ -770,39 +737,38 @@ Returns: 3 if at least one address had 2xx and one had 5xx */ static int -sync_responses(address_item *addrlist, BOOL include_affixes, - address_item **sync_addr, host_item *host, int count, - BOOL address_retry_include_sender, BOOL pending_MAIL, - int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer, - int buffsize) +sync_responses(smtp_context * sx, int count, int pending_DATA) { -address_item *addr = *sync_addr; +address_item *addr = sx->sync_addr; +smtp_transport_options_block *ob = + (smtp_transport_options_block *)sx->tblock->options_block; int yield = 0; /* Handle the response for a MAIL command. On error, reinstate the original command in big_buffer for error message use, and flush any further pending responses before returning, except after I/O errors and timeouts. */ -if (pending_MAIL) +if (sx->pending_MAIL) { count--; - if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout)) + if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '2', ob->command_timeout)) { DEBUG(D_transport) debug_printf("bad response for MAIL\n"); Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */ - if (errno == 0 && buffer[0] != 0) + if (errno == 0 && sx->buffer[0] != 0) { uschar flushbuffer[4096]; int save_errno = 0; - if (buffer[0] == '4') + if (sx->buffer[0] == '4') { save_errno = ERRNO_MAIL4XX; - addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8; } while (count-- > 0) { - if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer), - '2', timeout) + if (!smtp_read_response(&sx->inblock, flushbuffer, sizeof(flushbuffer), + '2', ob->command_timeout) && (errno != 0 || flushbuffer[0] == 0)) break; } @@ -813,7 +779,7 @@ if (pending_MAIL) while (count-- > 0) /* Mark any pending addrs with the host used */ { while (addr->transport_return != PENDING_DEFER) addr = addr->next; - addr->host_used = host; + addr->host_used = sx->host; addr = addr->next; } return -3; @@ -831,9 +797,10 @@ while (count-- > 0) while (addr->transport_return != PENDING_DEFER) addr = addr->next; /* The address was accepted */ - addr->host_used = host; + addr->host_used = sx->host; - if (smtp_read_response(inblock, buffer, buffsize, '2', timeout)) + if (smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '2', ob->command_timeout)) { yield |= 1; addr->transport_return = PENDING_OK; @@ -856,8 +823,8 @@ while (count-- > 0) else if (errno == ETIMEDOUT) { uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>", - transport_rcpt_address(addr, include_affixes)); - set_errno_nohost(addrlist, ETIMEDOUT, message, DEFER, FALSE); + transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes)); + set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE); retry_add_item(addr, addr->address_retry_key, 0); update_waiting = FALSE; return -1; @@ -868,10 +835,10 @@ while (count-- > 0) big_buffer for which we are checking the response, so the error message makes sense. */ - else if (errno != 0 || buffer[0] == 0) + else if (errno != 0 || sx->buffer[0] == 0) { string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>", - transport_rcpt_address(addr, include_affixes)); + transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes)); return -2; } @@ -881,14 +848,15 @@ while (count-- > 0) { addr->message = string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: " - "%s", transport_rcpt_address(addr, include_affixes), - string_printing(buffer)); + "%s", transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes), + string_printing(sx->buffer)); setflag(addr, af_pass_message); - msglog_line(host, addr->message); + if (!sx->verify) + msglog_line(sx->host, addr->message); /* The response was 5xx */ - if (buffer[0] == '5') + if (sx->buffer[0] == '5') { addr->transport_return = FAIL; yield |= 2; @@ -900,40 +868,42 @@ while (count-- > 0) { addr->transport_return = DEFER; addr->basic_errno = ERRNO_RCPT4XX; - addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8; + if (!sx->verify) + { #ifndef DISABLE_EVENT - event_defer_errno = addr->more_errno; - msg_event_raise(US"msg:rcpt:host:defer", addr); + event_defer_errno = addr->more_errno; + msg_event_raise(US"msg:rcpt:host:defer", addr); #endif - /* Log temporary errors if there are more hosts to be tried. - If not, log this last one in the == line. */ + /* Log temporary errors if there are more hosts to be tried. + If not, log this last one in the == line. */ - if (host->next) - log_write(0, LOG_MAIN, "H=%s [%s]: %s", host->name, host->address, addr->message); + if (sx->host->next) + log_write(0, LOG_MAIN, "H=%s [%s]: %s", + sx->host->name, sx->host->address, addr->message); #ifndef DISABLE_EVENT - else - msg_event_raise(US"msg:rcpt:defer", addr); + else + msg_event_raise(US"msg:rcpt:defer", addr); #endif - /* Do not put this message on the list of those waiting for specific - hosts, as otherwise it is likely to be tried too often. */ + /* Do not put this message on the list of those waiting for specific + hosts, as otherwise it is likely to be tried too often. */ - update_waiting = FALSE; + update_waiting = FALSE; - /* Add a retry item for the address so that it doesn't get tried again - too soon. If address_retry_include_sender is true, add the sender address - to the retry key. */ + /* Add a retry item for the address so that it doesn't get tried again + too soon. If address_retry_include_sender is true, add the sender address + to the retry key. */ - if (address_retry_include_sender) - { - uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key, - sender_address); - retry_add_item(addr, altkey, 0); - } - else retry_add_item(addr, addr->address_retry_key, 0); + retry_add_item(addr, + ob->address_retry_include_sender + ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address) + : addr->address_retry_key, + 0); + } } } } /* Loop for next RCPT response */ @@ -941,27 +911,28 @@ while (count-- > 0) /* Update where to start at for the next block of responses, unless we have already handled all the addresses. */ -if (addr != NULL) *sync_addr = addr->next; +if (addr) sx->sync_addr = addr->next; /* Handle a response to DATA. If we have not had any good recipients, either previously or in this block, the response is ignored. */ if (pending_DATA != 0 && - !smtp_read_response(inblock, buffer, buffsize, '3', timeout)) + !smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '3', ob->command_timeout)) { int code; uschar *msg; BOOL pass_message; if (pending_DATA > 0 || (yield & 1) != 0) { - if (errno == 0 && buffer[0] == '4') + if (errno == 0 && sx->buffer[0] == '4') { errno = ERRNO_DATA4XX; - addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8; } return -3; } - (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message); + (void)check_response(sx->host, &errno, 0, sx->buffer, &code, &msg, &pass_message); DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining " "is in use and there were no good recipients\n", msg); } @@ -1247,9 +1218,10 @@ typedef struct smtp_compare_s struct transport_instance *tblock; } smtp_compare_t; -/* -Create a unique string that identifies this message, it is based on -sender_address, helo_data and tls_certificate if enabled. */ + +/* Create a unique string that identifies this message, it is based on +sender_address, helo_data and tls_certificate if enabled. +*/ static uschar * smtp_local_identity(uschar * sender, struct transport_instance * tblock) @@ -1318,9 +1290,11 @@ return Ustrcmp(current_local_identity, message_local_identity) == 0; -uschar -ehlo_response(uschar * buf, size_t bsize, uschar checks) +static uschar +ehlo_response(uschar * buf, uschar checks) { +size_t bsize = Ustrlen(buf); + #ifdef SUPPORT_TLS if ( checks & PEER_OFFERED_TLS && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) @@ -1383,16 +1357,15 @@ smtp_chunk_cmd_callback(int fd, transport_ctx * tctx, { smtp_transport_options_block * ob = (smtp_transport_options_block *)(tctx->tblock->options_block); +smtp_context * sx = tctx->smtp_context; int cmd_count = 0; int prev_cmd_count; -uschar * buffer = tctx->buffer; - /* Write SMTP chunk header command */ if (chunk_size > 0) { - if((cmd_count = smtp_write_command(tctx->outblock, FALSE, "BDAT %u%s\r\n", + if((cmd_count = smtp_write_command(&sx->outblock, FALSE, "BDAT %u%s\r\n", chunk_size, flags & tc_chunk_last ? " LAST" : "") ) < 0) return ERROR; @@ -1400,13 +1373,13 @@ if (chunk_size > 0) data_command = string_copy(big_buffer); /* Save for later error message */ } -prev_cmd_count = cmd_count += tctx->cmd_count; +prev_cmd_count = cmd_count += sx->cmd_count; /* Reap responses for any previous, but not one we just emitted */ if (chunk_size > 0) prev_cmd_count--; -if (tctx->pending_BDAT) +if (sx->pending_BDAT) prev_cmd_count--; if (flags & tc_reap_prev && prev_cmd_count > 0) @@ -1414,202 +1387,127 @@ if (flags & tc_reap_prev && prev_cmd_count > 0) DEBUG(D_transport) debug_printf("look for %d responses" " for previous pipelined cmds\n", prev_cmd_count); - switch(sync_responses(tctx->first_addr, tctx->tblock->rcpt_include_affixes, - tctx->sync_addr, tctx->host, prev_cmd_count, - ob->address_retry_include_sender, - tctx->pending_MAIL, 0, - tctx->inblock, - ob->command_timeout, - buffer, DELIVER_BUFFER_SIZE)) + switch(sync_responses(sx, prev_cmd_count, 0)) { case 1: /* 2xx (only) => OK */ - case 3: tctx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */ - case 2: *tctx->completed_address = TRUE; /* 5xx (only) => progress made */ + case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */ case 0: break; /* No 2xx or 5xx, but no probs */ case -1: /* Timeout on RCPT */ default: return ERROR; /* I/O error, or any MAIL/DATA error */ } cmd_count = 1; - if (!tctx->pending_BDAT) + if (!sx->pending_BDAT) pipelining_active = FALSE; } /* Reap response for an outstanding BDAT */ -if (tctx->pending_BDAT) +if (sx->pending_BDAT) { DEBUG(D_transport) debug_printf("look for one response for BDAT\n"); - if (!smtp_read_response(tctx->inblock, buffer, DELIVER_BUFFER_SIZE, '2', + if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2', ob->command_timeout)) { - if (errno == 0 && buffer[0] == '4') + if (errno == 0 && sx->buffer[0] == '4') { errno = ERRNO_DATA4XX; /*XXX does this actually get used? */ - tctx->first_addr->more_errno |= - ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + sx->addrlist->more_errno |= + ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8; } return ERROR; } cmd_count--; - tctx->pending_BDAT = FALSE; + sx->pending_BDAT = FALSE; pipelining_active = FALSE; } else if (chunk_size > 0) - tctx->pending_BDAT = TRUE; + sx->pending_BDAT = TRUE; -tctx->cmd_count = cmd_count; +sx->cmd_count = cmd_count; return OK; } /************************************************* -* Deliver address list to given host * +* Make connection for given message * *************************************************/ -/* If continue_hostname is not null, we get here only when continuing to -deliver down an existing channel. The channel was passed as the standard -input. TLS is never active on a passed channel; the previous process always -closes it down before passing the connection on. - -Otherwise, we have to make a connection to the remote host, and do the -initial protocol exchange. - -When running as an MUA wrapper, if the sender or any recipient is rejected, -temporarily or permanently, we force failure for all recipients. - +/* Arguments: - addrlist chain of potential addresses to deliver; only those whose - transport_return field is set to PENDING_DEFER are currently - being processed; others should be skipped - they have either - been delivered to an earlier host or IP address, or been - failed by one of them. - host host to deliver to - host_af AF_INET or AF_INET6 - port default TCP/IP port to use, in host byte order - interface interface to bind to, or NULL - tblock transport instance block - message_defer set TRUE if yield is OK, but all addresses were deferred - because of a non-recipient, non-host failure, that is, a - 4xx response to MAIL FROM, DATA, or ".". This is a defer - that is specific to the message. + ctx connection context suppress_tls if TRUE, don't attempt a TLS connection - this is set for a second attempt after TLS initialization fails Returns: OK - the connection was made and the delivery attempted; - the result for each address is in its data block. + fd is set in the conn context, tls_out set up. DEFER - the connection could not be made, or something failed while setting up the SMTP session, or there was a non-message-specific error, such as a timeout. - ERROR - a filter command is specified for this transport, - and there was a problem setting it up; OR helo_data - or add_headers or authenticated_sender is specified - for this transport, and the string failed to expand + ERROR - helo_data or add_headers or authenticated_sender is + specified for this transport, and the string failed + to expand */ - -static int -smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port, - uschar *interface, transport_instance *tblock, - BOOL *message_defer, BOOL suppress_tls) +int +smtp_setup_conn(smtp_context * sx, BOOL suppress_tls) { -address_item *addr; -address_item *sync_addr; -address_item *first_addr = addrlist; -int yield = OK; -int address_count; -int save_errno; -int rc; -time_t start_delivery_time = time(NULL); -smtp_transport_options_block *ob = - (smtp_transport_options_block *)(tblock->options_block); -struct lflags { - BOOL lmtp:1; - BOOL smtps:1; - BOOL ok:1; - BOOL send_rset:1; - BOOL send_quit:1; - BOOL setting_up:1; - BOOL esmtp:1; - BOOL esmtp_sent:1; - BOOL pending_MAIL:1; -#ifndef DISABLE_PRDR - BOOL prdr_active:1; -#endif -#ifdef SUPPORT_I18N - BOOL utf8_needed:1; -#endif - BOOL dsn_all_lasthop:1; -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) - BOOL dane:1; - BOOL dane_required:1; -#endif -} lflags; - -BOOL pass_message = FALSE; -BOOL completed_address = FALSE; -uschar peer_offered = 0; #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) dns_answer tlsa_dnsa; #endif -smtp_inblock inblock; -smtp_outblock outblock; -int max_rcpt = tblock->max_addresses; -uschar *igquotstr = US""; - -#ifdef EXPERIMENTAL_DSN_INFO -uschar *smtp_greeting = NULL; -uschar *helo_response = NULL; -#endif -uschar *helo_data = NULL; - -uschar *message = NULL; -uschar new_message_id[MESSAGE_ID_LENGTH + 1]; -uschar *p; -uschar buffer[DELIVER_BUFFER_SIZE]; -uschar inbuffer[4096]; -uschar outbuffer[4096]; +BOOL pass_message = FALSE; +uschar * message = NULL; +int yield = OK; +int rc; -suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */ +sx->ob = (smtp_transport_options_block *) sx->tblock->options_block; -lflags.lmtp = strcmpic(ob->protocol, US"lmtp") == 0; -lflags.smtps = strcmpic(ob->protocol, US"smtps") == 0; -lflags.ok = FALSE; -lflags.send_rset = TRUE; -lflags.send_quit = TRUE; -lflags.setting_up = TRUE; -lflags.esmtp = TRUE; -lflags.esmtp_sent = FALSE; +sx->lmtp = strcmpic(sx->ob->protocol, US"lmtp") == 0; +sx->smtps = strcmpic(sx->ob->protocol, US"smtps") == 0; +sx->ok = FALSE; +sx->send_rset = TRUE; +sx->send_quit = TRUE; +sx->setting_up = TRUE; +sx->esmtp = TRUE; +sx->esmtp_sent = FALSE; #ifdef SUPPORT_I18N -lflags.utf8_needed = FALSE; +sx->utf8_needed = FALSE; #endif -lflags.dsn_all_lasthop = TRUE; +sx->dsn_all_lasthop = TRUE; #if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) -lflags.dane = FALSE; -lflags.dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK; +sx->dane = FALSE; +sx->dane_required = verify_check_given_host(&sx->ob->hosts_require_dane, sx->host) == OK; +#endif + +if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999; +sx->peer_offered = 0; +sx->igquotstr = US""; +if (!sx->helo_data) sx->helo_data = sx->ob->helo_data; +#ifdef EXPERIMENTAL_DSN_INFO +sx->smtp_greeting = NULL; +sx->helo_response = NULL; #endif -*message_defer = FALSE; smtp_command = US"initial connection"; -buffer[0] = '\0'; -if (max_rcpt == 0) max_rcpt = 999999; +sx->buffer[0] = '\0'; /* Set up the buffer for reading SMTP response packets. */ -inblock.buffer = inbuffer; -inblock.buffersize = sizeof(inbuffer); -inblock.ptr = inbuffer; -inblock.ptrend = inbuffer; +sx->inblock.buffer = sx->inbuffer; +sx->inblock.buffersize = sizeof(sx->inbuffer); +sx->inblock.ptr = sx->inbuffer; +sx->inblock.ptrend = sx->inbuffer; /* Set up the buffer for holding SMTP commands while pipelining */ -outblock.buffer = outbuffer; -outblock.buffersize = sizeof(outbuffer); -outblock.ptr = outbuffer; -outblock.cmd_count = 0; -outblock.authenticating = FALSE; +sx->outblock.buffer = sx->outbuffer; +sx->outblock.buffersize = sizeof(sx->outbuffer); +sx->outblock.ptr = sx->outbuffer; +sx->outblock.cmd_count = 0; +sx->outblock.authenticating = FALSE; /* Reset the parameters of a TLS session. */ @@ -1625,14 +1523,15 @@ tls_out.ocsp = OCSP_NOT_REQ; /* Flip the legacy TLS-related variables over to the outbound set in case they're used in the context of the transport. Don't bother resetting -afterward as we're in a subprocess. */ +afterward (when being used by a transport) as we're in a subprocess. +For verify, unflipped once the callout is dealt with */ tls_modify_variables(&tls_out); #ifndef SUPPORT_TLS -if (lflags.smtps) +if (sx->smtps) { - set_errno_nohost(addrlist, ERRNO_TLSFAILURE, US"TLS support not available", + set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available", DEFER, FALSE); return ERROR; } @@ -1644,14 +1543,28 @@ specially so they can be identified for retries. */ if (continue_hostname == NULL) { + if (sx->verify) + HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->interface, sx->port); + /* This puts port into host->port */ - inblock.sock = outblock.sock = - smtp_connect(host, host_af, port, interface, ob->connect_timeout, tblock); + sx->inblock.sock = sx->outblock.sock = + smtp_connect(sx->host, sx->host_af, sx->port, sx->interface, + sx->ob->connect_timeout, sx->tblock); - if (inblock.sock < 0) + if (sx->inblock.sock < 0) { - set_errno_nohost(addrlist, errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno, - NULL, DEFER, FALSE); + uschar * msg = NULL; + if (sx->verify) + { + msg = US strerror(errno); + HDEBUG(D_verify) debug_printf("connect: %s\n", msg); + } + set_errno_nohost(sx->addrlist, + errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno, + sx->verify ? string_sprintf("could not connect: %s", msg) + : NULL, + DEFER, FALSE); + sx->send_quit = FALSE; return DEFER; } @@ -1660,32 +1573,32 @@ if (continue_hostname == NULL) tls_out.dane_verified = FALSE; tls_out.tlsa_usage = 0; - if (host->dnssec == DS_YES) + if (sx->host->dnssec == DS_YES) { - if( lflags.dane_required - || verify_check_given_host(&ob->hosts_try_dane, host) == OK + if( sx->dane_required + || verify_check_given_host(&sx->ob->hosts_try_dane, sx->host) == OK ) - switch (rc = tlsa_lookup(host, &tlsa_dnsa, lflags.dane_required)) + switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required)) { - case OK: lflags.dane = TRUE; break; + case OK: sx->dane = TRUE; break; case FAIL_FORCED: break; - default: set_errno_nohost(addrlist, ERRNO_DNSDEFER, + default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER, string_sprintf("DANE error: tlsa lookup %s", rc == DEFER ? "DEFER" : "FAIL"), rc, FALSE); return rc; } } - else if (lflags.dane_required) + else if (sx->dane_required) { - set_errno_nohost(addrlist, ERRNO_DNSDEFER, - string_sprintf("DANE error: %s lookup not DNSSEC", host->name), + set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER, + string_sprintf("DANE error: %s lookup not DNSSEC", sx->host->name), FAIL, FALSE); return FAIL; } - if (lflags.dane) - ob->tls_tempfail_tryclear = FALSE; + if (sx->dane) + sx->ob->tls_tempfail_tryclear = FALSE; } #endif /*DANE*/ @@ -1693,18 +1606,26 @@ if (continue_hostname == NULL) sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is delayed till here so that $sending_interface and $sending_port are set. */ - helo_data = expand_string(ob->helo_data); + if (sx->helo_data) + if (!(sx->helo_data = expand_string(sx->helo_data))) + if (sx->verify) + log_write(0, LOG_MAIN|LOG_PANIC, + "<%s>: failed to expand transport's helo_data value for callout: %s", + sx->addrlist->address, expand_string_message); + #ifdef SUPPORT_I18N - if (helo_data) + if (sx->helo_data) { - uschar * errstr = NULL; - if ((helo_data = string_domain_utf8_to_alabel(helo_data, &errstr)), errstr) - { - errstr = string_sprintf("failed to expand helo_data: %s", errstr); - set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE); - yield = DEFER; - goto SEND_QUIT; - } + expand_string_message = NULL; + if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data, + &expand_string_message)), + expand_string_message) + if (sx->verify) + log_write(0, LOG_MAIN|LOG_PANIC, + "<%s>: failed to expand transport's helo_data value for callout: %s", + sx->addrlist->address, expand_string_message); + else + sx->helo_data = NULL; } #endif @@ -1712,29 +1633,29 @@ if (continue_hostname == NULL) is nevertheless a reasonably clean way of programming this kind of logic, where you want to escape on any error. */ - if (!lflags.smtps) + if (!sx->smtps) { BOOL good_response; #ifdef TCP_QUICKACK - (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); + (void) setsockopt(sx->inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); #endif - good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), - '2', ob->command_timeout); + good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '2', sx->ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO - smtp_greeting = string_copy(buffer); + sx->smtp_greeting = string_copy(sx->buffer); #endif if (!good_response) goto RESPONSE_FAILED; #ifndef DISABLE_EVENT { uschar * s; - lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes" - : host->dnssec==DS_NO ? US"no" : NULL; - s = event_raise(tblock->event_action, US"smtp:connect", buffer); + lookup_dnssec_authenticated = sx->host->dnssec==DS_YES ? US"yes" + : sx->host->dnssec==DS_NO ? US"no" : NULL; + s = event_raise(sx->tblock->event_action, US"smtp:connect", sx->buffer); if (s) { - set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, + set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, string_sprintf("deferred by smtp:connect event expansion: %s", s), DEFER, FALSE); yield = DEFER; @@ -1746,18 +1667,18 @@ if (continue_hostname == NULL) /* Now check if the helo_data expansion went well, and sign off cleanly if it didn't. */ - if (!helo_data) + if (!sx->helo_data) { - uschar *message = string_sprintf("failed to expand helo_data: %s", + message = string_sprintf("failed to expand helo_data: %s", expand_string_message); - set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE); + set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE); yield = DEFER; goto SEND_QUIT; } } /** Debugging without sending a message -addrlist->transport_return = DEFER; +sx->addrlist->transport_return = DEFER; goto SEND_QUIT; **/ @@ -1791,96 +1712,91 @@ goto SEND_QUIT; mailers use upper case for some reason (the RFC is quite clear about case independence) so, for peace of mind, I gave in. */ - lflags.esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK; + sx->esmtp = verify_check_given_host(&sx->ob->hosts_avoid_esmtp, sx->host) != OK; /* Alas; be careful, since this goto is not an error-out, so conceivably we might set data between here and the target which we assume to exist and be usable. I can see this coming back to bite us. */ #ifdef SUPPORT_TLS - if (lflags.smtps) + if (sx->smtps) { smtp_peer_options |= PEER_OFFERED_TLS; suppress_tls = FALSE; - ob->tls_tempfail_tryclear = FALSE; + sx->ob->tls_tempfail_tryclear = FALSE; smtp_command = US"SSL-on-connect"; goto TLS_NEGOTIATE; } #endif - if (lflags.esmtp) + if (sx->esmtp) { - if (smtp_write_command(&outblock, FALSE, "%s %s\r\n", - lflags.lmtp ? "LHLO" : "EHLO", helo_data) < 0) + if (smtp_write_command(&sx->outblock, FALSE, "%s %s\r\n", + sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0) goto SEND_FAILED; - lflags.esmtp_sent = TRUE; - if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->command_timeout)) + sx->esmtp_sent = TRUE; + if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2', + sx->ob->command_timeout)) { - if (errno != 0 || buffer[0] == 0 || lflags.lmtp) + if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp) { #ifdef EXPERIMENTAL_DSN_INFO - helo_response = string_copy(buffer); + sx->helo_response = string_copy(sx->buffer); #endif goto RESPONSE_FAILED; } - lflags.esmtp = FALSE; + sx->esmtp = FALSE; } #ifdef EXPERIMENTAL_DSN_INFO - helo_response = string_copy(buffer); + sx->helo_response = string_copy(sx->buffer); #endif } else DEBUG(D_transport) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); - if (!lflags.esmtp) + if (!sx->esmtp) { BOOL good_response; - int n = sizeof(buffer); - uschar * rsp = buffer; + int n = sizeof(sx->buffer); + uschar * rsp = sx->buffer; - if (lflags.esmtp_sent && (n = Ustrlen(buffer)) < sizeof(buffer)/2) - { rsp = buffer + n + 1; n = sizeof(buffer) - n; } + if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2) + { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; } - if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0) + if (smtp_write_command(&sx->outblock, FALSE, "HELO %s\r\n", sx->helo_data) < 0) goto SEND_FAILED; - good_response = smtp_read_response(&inblock, rsp, n, - '2', ob->command_timeout); + good_response = smtp_read_response(&sx->inblock, rsp, n, + '2', sx->ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO - helo_response = string_copy(rsp); + sx->helo_response = string_copy(rsp); #endif if (!good_response) { /* Handle special logging for a closed connection after HELO when had previously sent EHLO */ - if (rsp != buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET)) + if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET)) { - message = NULL; - lflags.send_quit = FALSE; - save_errno = ERRNO_SMTPCLOSED; - message = string_sprintf("Remote host closed connection " - "in response to %s (EHLO response was: %s)", - smtp_command, buffer); - goto FAILED; + errno = ERRNO_SMTPCLOSED; + goto EHLOHELO_FAILED; } - Ustrncpy(buffer, rsp, sizeof(buffer)/2); + Ustrncpy(sx->buffer, rsp, sizeof(sx->buffer)/2); goto RESPONSE_FAILED; } } - peer_offered = smtp_peer_options = 0; + sx->peer_offered = smtp_peer_options = 0; - if (lflags.esmtp || lflags.lmtp) + if (sx->esmtp || sx->lmtp) { - peer_offered = ehlo_response(buffer, Ustrlen(buffer), + sx->peer_offered = ehlo_response(sx->buffer, PEER_OFFERED_TLS /* others checked later */ ); /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ #ifdef SUPPORT_TLS - smtp_peer_options |= peer_offered & PEER_OFFERED_TLS; + smtp_peer_options |= sx->peer_offered & PEER_OFFERED_TLS; #endif } } @@ -1893,15 +1809,28 @@ set from the command line if they were set in the process that passed the connection on. */ /*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c -as the contine goes via transport_pass_socket() and doublefork and exec. +as the continue goes via transport_pass_socket() and doublefork and exec. It does not wait. Unclear how we keep separate host's responses separate - we could match up by host ip+port as a bodge. */ else { - inblock.sock = outblock.sock = fileno(stdin); + sx->inblock.sock = sx->outblock.sock = 0; /* stdin */ smtp_command = big_buffer; - host->port = port; /* Record the port that was used */ + sx->host->port = sx->port; /* Record the port that was used */ + sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */ + + /* For a continued connection with TLS being proxied for us, nothing + more to do. */ + + if (continue_proxy) + { + sx->peer_offered = smtp_peer_options; + pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE); + HDEBUG(D_transport) debug_printf("continued connection, proxied TLS\n"); + return OK; + } + HDEBUG(D_transport) debug_printf("continued connection, no TLS\n"); } /* If TLS is available on this connection, whether continued or not, attempt to @@ -1915,10 +1844,13 @@ for error analysis. */ #ifdef SUPPORT_TLS if ( smtp_peer_options & PEER_OFFERED_TLS && !suppress_tls - && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK) + && verify_check_given_host(&sx->ob->hosts_avoid_tls, sx->host) != OK + && ( !sx->verify + || verify_check_given_host(&sx->ob->hosts_verify_avoid_tls, sx->host) != OK + ) ) { uschar buffer2[4096]; - if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0) + if (smtp_write_command(&sx->outblock, FALSE, "STARTTLS\r\n") < 0) goto SEND_FAILED; /* If there is an I/O error, transmission of this message is deferred. If @@ -1928,15 +1860,16 @@ if ( smtp_peer_options & PEER_OFFERED_TLS STARTTLS, we carry on. This means we will try to send the message in clear, unless the host is in hosts_require_tls (tested below). */ - if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', - ob->command_timeout)) + if (!smtp_read_response(&sx->inblock, buffer2, sizeof(buffer2), '2', + sx->ob->command_timeout)) { if ( errno != 0 || buffer2[0] == 0 - || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear) + || (buffer2[0] == '4' && !sx->ob->tls_tempfail_tryclear) ) { - Ustrncpy(buffer, buffer2, sizeof(buffer)); + Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer)); + sx->buffer[sizeof(sx->buffer)-1] = '\0'; goto RESPONSE_FAILED; } } @@ -1946,11 +1879,13 @@ if ( smtp_peer_options & PEER_OFFERED_TLS else TLS_NEGOTIATE: { - int rc = tls_client_start(inblock.sock, host, addrlist, tblock + address_item * addr; + uschar * errstr; + int rc = tls_client_start(sx->inblock.sock, sx->host, sx->addrlist, sx->tblock, # ifdef EXPERIMENTAL_DANE - , lflags.dane ? &tlsa_dnsa : NULL + sx->dane ? &tlsa_dnsa : NULL, # endif - ); + &errstr); /* TLS negotiation failed; give an error. From outside, this function may be called again to try in clear on a new connection, if the options permit @@ -1959,21 +1894,21 @@ if ( smtp_peer_options & PEER_OFFERED_TLS if (rc != OK) { # ifdef EXPERIMENTAL_DANE - if (lflags.dane) log_write(0, LOG_MAIN, - "DANE attempt failed; no TLS connection to %s [%s]", - host->name, host->address); + if (sx->dane) log_write(0, LOG_MAIN, + "DANE attempt failed; TLS connection to %s [%s]: %s", + sx->host->name, sx->host->address, errstr); # endif - save_errno = ERRNO_TLSFAILURE; - message = US"failure while setting up TLS session"; - lflags.send_quit = FALSE; + errno = ERRNO_TLSFAILURE; + message = string_sprintf("TLS session: %s", errstr); + sx->send_quit = FALSE; goto TLS_FAILED; } /* TLS session is set up */ smtp_peer_options_wrap = smtp_peer_options; - for (addr = addrlist; addr; addr = addr->next) + for (addr = sx->addrlist; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { addr->cipher = tls_out.cipher; @@ -2000,31 +1935,27 @@ if (tls_out.active >= 0) char *greeting_cmd; BOOL good_response; - if (helo_data == NULL) + if (!sx->helo_data && !(sx->helo_data = expand_string(sx->ob->helo_data))) { - helo_data = expand_string(ob->helo_data); - if (helo_data == NULL) - { - uschar *message = string_sprintf("failed to expand helo_data: %s", - expand_string_message); - set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE); - yield = DEFER; - goto SEND_QUIT; - } + uschar *message = string_sprintf("failed to expand helo_data: %s", + expand_string_message); + set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE); + yield = DEFER; + goto SEND_QUIT; } /* For SMTPS we need to wait for the initial OK response. */ - if (lflags.smtps) + if (sx->smtps) { - good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), - '2', ob->command_timeout); + good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '2', sx->ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO - smtp_greeting = string_copy(buffer); + sx->smtp_greeting = string_copy(sx->buffer); #endif if (!good_response) goto RESPONSE_FAILED; } - if (lflags.esmtp) + if (sx->esmtp) greeting_cmd = "EHLO"; else { @@ -2033,13 +1964,13 @@ if (tls_out.active >= 0) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); } - if (smtp_write_command(&outblock, FALSE, "%s %s\r\n", - lflags.lmtp ? "LHLO" : greeting_cmd, helo_data) < 0) + if (smtp_write_command(&sx->outblock, FALSE, "%s %s\r\n", + sx->lmtp ? "LHLO" : greeting_cmd, sx->helo_data) < 0) goto SEND_FAILED; - good_response = smtp_read_response(&inblock, buffer, sizeof(buffer), - '2', ob->command_timeout); + good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), + '2', sx->ob->command_timeout); #ifdef EXPERIMENTAL_DSN_INFO - helo_response = string_copy(buffer); + sx->helo_response = string_copy(sx->buffer); #endif if (!good_response) goto RESPONSE_FAILED; smtp_peer_options = 0; @@ -2048,14 +1979,14 @@ if (tls_out.active >= 0) /* If the host is required to use a secure channel, ensure that we have one. */ -else if ( lflags.smtps +else if ( sx->smtps # ifdef EXPERIMENTAL_DANE - || lflags.dane + || sx->dane # endif - || verify_check_given_host(&ob->hosts_require_tls, host) == OK + || verify_check_given_host(&sx->ob->hosts_require_tls, sx->host) == OK ) { - save_errno = ERRNO_TLSREQUIRED; + errno = ERRNO_TLSREQUIRED; message = string_sprintf("a TLS session is required, but %s", smtp_peer_options & PEER_OFFERED_TLS ? "an attempt to start TLS failed" : "the server did not offer TLS support"); @@ -2074,72 +2005,72 @@ if (continue_hostname == NULL #endif ) { - if (lflags.esmtp || lflags.lmtp) + if (sx->esmtp || sx->lmtp) { - peer_offered = ehlo_response(buffer, Ustrlen(buffer), - 0 /* no TLS */ - | (lflags.lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0) - | PEER_OFFERED_CHUNKING - | PEER_OFFERED_PRDR + sx->peer_offered = ehlo_response(sx->buffer, + 0 /* no TLS */ + | (sx->lmtp && sx->ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0) + | PEER_OFFERED_CHUNKING + | PEER_OFFERED_PRDR #ifdef SUPPORT_I18N - | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0) - /*XXX if we hand peercaps on to continued-conn processes, - must not depend on this addr */ + | (sx->addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0) + /*XXX if we hand peercaps on to continued-conn processes, + must not depend on this addr */ #endif - | PEER_OFFERED_DSN - | PEER_OFFERED_PIPE - | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0) + | PEER_OFFERED_DSN + | PEER_OFFERED_PIPE + | (sx->ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0) ); /* Set for IGNOREQUOTA if the response to LHLO specifies support and the lmtp_ignore_quota option was set. */ - igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US""; + sx->igquotstr = sx->peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US""; /* If the response to EHLO specified support for the SIZE parameter, note this, provided size_addition is non-negative. */ - smtp_peer_options |= peer_offered & PEER_OFFERED_SIZE; + smtp_peer_options |= sx->peer_offered & PEER_OFFERED_SIZE; /* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched the current host, esmtp will be false, so PIPELINING can never be used. If the current host matches hosts_avoid_pipelining, don't do it. */ - if ( peer_offered & PEER_OFFERED_PIPE - && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK) + if ( sx->peer_offered & PEER_OFFERED_PIPE + && verify_check_given_host(&sx->ob->hosts_avoid_pipelining, sx->host) != OK) smtp_peer_options |= PEER_OFFERED_PIPE; DEBUG(D_transport) debug_printf("%susing PIPELINING\n", smtp_peer_options & PEER_OFFERED_PIPE ? "" : "not "); - if ( peer_offered & PEER_OFFERED_CHUNKING - && verify_check_given_host(&ob->hosts_try_chunking, host) != OK) - peer_offered &= ~PEER_OFFERED_CHUNKING; + if ( sx->peer_offered & PEER_OFFERED_CHUNKING + && verify_check_given_host(&sx->ob->hosts_try_chunking, sx->host) != OK) + sx->peer_offered &= ~PEER_OFFERED_CHUNKING; - if (peer_offered & PEER_OFFERED_CHUNKING) + if (sx->peer_offered & PEER_OFFERED_CHUNKING) {DEBUG(D_transport) debug_printf("CHUNKING usable\n");} #ifndef DISABLE_PRDR - if ( peer_offered & PEER_OFFERED_PRDR - && verify_check_given_host(&ob->hosts_try_prdr, host) != OK) - peer_offered &= ~PEER_OFFERED_PRDR; + if ( sx->peer_offered & PEER_OFFERED_PRDR + && verify_check_given_host(&sx->ob->hosts_try_prdr, sx->host) != OK) + sx->peer_offered &= ~PEER_OFFERED_PRDR; - if (peer_offered & PEER_OFFERED_PRDR) + if (sx->peer_offered & PEER_OFFERED_PRDR) {DEBUG(D_transport) debug_printf("PRDR usable\n");} #endif /* Note if the server supports DSN */ - smtp_peer_options |= peer_offered & PEER_OFFERED_DSN; + smtp_peer_options |= sx->peer_offered & PEER_OFFERED_DSN; DEBUG(D_transport) debug_printf("%susing DSN\n", - peer_offered & PEER_OFFERED_DSN ? "" : "not "); + sx->peer_offered & PEER_OFFERED_DSN ? "" : "not "); /* Note if the response to EHLO specifies support for the AUTH extension. If it has, check that this host is one we want to authenticate to, and do the business. The host name and address must be available when the authenticator's client driver is running. */ - switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host, - ob, lflags.esmtp, &inblock, &outblock)) + switch (yield = smtp_auth(sx->buffer, sizeof(sx->buffer), sx->addrlist, sx->host, + sx->ob, sx->esmtp, &sx->inblock, &sx->outblock)) { default: goto SEND_QUIT; case OK: break; @@ -2153,103 +2084,168 @@ pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE); /* The setting up of the SMTP call is now complete. Any subsequent errors are message-specific. */ -lflags.setting_up = FALSE; +sx->setting_up = FALSE; #ifdef SUPPORT_I18N -if (addrlist->prop.utf8_msg) +if (sx->addrlist->prop.utf8_msg) { - lflags.utf8_needed = !addrlist->prop.utf8_downcvt - && !addrlist->prop.utf8_downcvt_maybe; - DEBUG(D_transport) if (!lflags.utf8_needed) + sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt + && !sx->addrlist->prop.utf8_downcvt_maybe; + DEBUG(D_transport) if (!sx->utf8_needed) debug_printf("utf8: %s downconvert\n", - addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); + sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional"); } /* If this is an international message we need the host to speak SMTPUTF8 */ -if (lflags.utf8_needed && !(peer_offered & PEER_OFFERED_UTF8)) +if (sx->utf8_needed && !(sx->peer_offered & PEER_OFFERED_UTF8)) { errno = ERRNO_UTF8_FWD; goto RESPONSE_FAILED; } #endif -/* If there is a filter command specified for this transport, we can now -set it up. This cannot be done until the identify of the host is known. */ +return OK; + -if (tblock->filter_command != NULL) { - BOOL rc; - uschar fbuf[64]; - sprintf(CS fbuf, "%.50s transport", tblock->name); - rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command, - TRUE, DEFER, addrlist, fbuf, NULL); - transport_filter_timeout = tblock->filter_timeout; + int code; - /* On failure, copy the error to all addresses, abandon the SMTP call, and - yield ERROR. */ + RESPONSE_FAILED: + message = NULL; + sx->send_quit = check_response(sx->host, &errno, sx->addrlist->more_errno, + sx->buffer, &code, &message, &pass_message); + goto FAILED; - if (!rc) - { - set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER, - FALSE); - yield = ERROR; - goto SEND_QUIT; - } + SEND_FAILED: + code = '4'; + message = US string_sprintf("send() to %s [%s] failed: %s", + sx->host->name, sx->host->address, strerror(errno)); + sx->send_quit = FALSE; + goto FAILED; - if ( transport_filter_argv - && *transport_filter_argv - && **transport_filter_argv - && peer_offered & PEER_OFFERED_CHUNKING - ) - { - peer_offered &= ~PEER_OFFERED_CHUNKING; - DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n"); - } + /* This label is jumped to directly when a TLS negotiation has failed, + or was not done for a host for which it is required. Values will be set + in message and errno, and setting_up will always be true. Treat as + a temporary error. */ + + EHLOHELO_FAILED: + code = '4'; + message = string_sprintf("Remote host closed connection in response to %s" + " (EHLO response was: %s)", smtp_command, sx->buffer); + sx->send_quit = FALSE; + goto FAILED; + +#ifdef SUPPORT_TLS + TLS_FAILED: + code = '4'; + goto FAILED; +#endif + + /* The failure happened while setting up the call; see if the failure was + a 5xx response (this will either be on connection, or following HELO - a 5xx + after EHLO causes it to try HELO). If so, fail all addresses, as this host is + never going to accept them. For other errors during setting up (timeouts or + whatever), defer all addresses, and yield DEFER, so that the host is not + tried again for a while. */ + +FAILED: + sx->ok = FALSE; /* For when reached by GOTO */ + + yield = code == '5' +#ifdef SUPPORT_I18N + || errno == ERRNO_UTF8_FWD +#endif + ? FAIL : DEFER; + + set_errno(sx->addrlist, errno, message, yield, pass_message, sx->host +#ifdef EXPERIMENTAL_DSN_INFO + , sx->smtp_greeting, sx->helo_response +#endif + ); } -/* For messages that have more than the maximum number of envelope recipients, -we want to send several transactions down the same SMTP connection. (See -comments in deliver.c as to how this reconciles, heuristically, with -remote_max_parallel.) This optimization was added to Exim after the following -code was already working. The simplest way to put it in without disturbing the -code was to use a goto to jump back to this point when there is another -transaction to handle. */ +SEND_QUIT: -SEND_MESSAGE: -sync_addr = first_addr; -address_count = 0; -lflags.ok = FALSE; -lflags.send_rset = TRUE; -completed_address = FALSE; +if (sx->send_quit) + (void)smtp_write_command(&sx->outblock, FALSE, "QUIT\r\n"); + +#ifdef SUPPORT_TLS +tls_close(FALSE, TRUE); +#endif + +/* Close the socket, and return the appropriate value, first setting +works because the NULL setting is passed back to the calling process, and +remote_max_parallel is forced to 1 when delivering over an existing connection, + +If all went well and continue_more is set, we shouldn't actually get here if +there are further addresses, as the return above will be taken. However, +writing RSET might have failed, or there may be other addresses whose hosts are +specified in the transports, and therefore not visible at top level, in which +case continue_more won't get set. */ + +HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); +if (sx->send_quit) + { + shutdown(sx->outblock.sock, SHUT_WR); + if (fcntl(sx->inblock.sock, F_SETFL, O_NONBLOCK) == 0) + for (rc = 16; read(sx->inblock.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && rc > 0;) + rc--; /* drain socket */ + sx->send_quit = FALSE; + } +(void)close(sx->inblock.sock); +sx->inblock.sock = sx->outblock.sock = -1; + +#ifndef DISABLE_EVENT +(void) event_raise(sx->tblock->event_action, US"tcp:close", NULL); +#endif + +continue_transport = NULL; +continue_hostname = NULL; +return yield; +} + + + + +/* Create the string of options that will be appended to the MAIL FROM: +in the connection context buffer */ + +static int +build_mailcmd_options(smtp_context * sx, address_item * addrlist) +{ +uschar * p = sx->buffer; +address_item * addr; +int address_count; +*p = 0; -/* Initiate a message transfer. If we know the receiving MTA supports the SIZE -qualification, send it, adding something to the message size to allow for -imprecision and things that get added en route. Exim keeps the number of lines +/* If we know the receiving MTA supports the SIZE qualification, +send it, adding something to the message size to allow for imprecision +and things that get added en route. Exim keeps the number of lines in a message, so we can give an accurate value for the original message, but we need some additional to handle added headers. (Double "." characters don't get included in the count.) */ -p = buffer; -*p = 0; - -if (peer_offered & PEER_OFFERED_SIZE) +if (sx->peer_offered & PEER_OFFERED_SIZE) { - sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition); + sprintf(CS p, " SIZE=%d", message_size+message_linecount+sx->ob->size_addition); while (*p) p++; } #ifndef DISABLE_PRDR -lflags.prdr_active = FALSE; -if (peer_offered & PEER_OFFERED_PRDR) - for (addr = first_addr; addr; addr = addr->next) +/* If it supports Per-Recipient Data Reponses, and we have omre than one recipient, +request that */ + +sx->prdr_active = FALSE; +if (sx->peer_offered & PEER_OFFERED_PRDR) + for (addr = addrlist; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { for (addr = addr->next; addr; addr = addr->next) if (addr->transport_return == PENDING_DEFER) { /* at least two recipients to send */ - lflags.prdr_active = TRUE; + sx->prdr_active = TRUE; sprintf(CS p, " PRDR"); p += 5; break; } @@ -2258,27 +2254,32 @@ if (peer_offered & PEER_OFFERED_PRDR) #endif #ifdef SUPPORT_I18N -if ( addrlist->prop.utf8_msg +/* If it supports internationalised messages, and this meesage need that, +request it */ + +if ( sx->peer_offered & PEER_OFFERED_UTF8 + && addrlist->prop.utf8_msg && !addrlist->prop.utf8_downcvt - && peer_offered & PEER_OFFERED_UTF8 ) - sprintf(CS p, " SMTPUTF8"), p += 9; + Ustrcpy(p, " SMTPUTF8"), p += 9; #endif -/* check if all addresses have lasthop flag */ -/* do not send RET and ENVID if true */ -for (lflags.dsn_all_lasthop = TRUE, addr = first_addr; - address_count < max_rcpt && addr != NULL; - addr = addr->next) - if ((addr->dsn_flags & rf_dsnlasthop) != 1) - { - lflags.dsn_all_lasthop = FALSE; +/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */ +for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0; + addr && address_count < sx->max_rcpt; + addr = addr->next) if (addr->transport_return == PENDING_DEFER) + { + address_count++; + if (!(addr->dsn_flags & rf_dsnlasthop)) + { + sx->dsn_all_lasthop = FALSE; break; } + } /* Add any DSN flags to the mail command */ -if (peer_offered & PEER_OFFERED_DSN && !lflags.dsn_all_lasthop) +if (sx->peer_offered & PEER_OFFERED_DSN && !sx->dsn_all_lasthop) { if (dsn_ret == dsn_ret_hdrs) { Ustrcpy(p, " RET=HDRS"); p += 9; } @@ -2287,7 +2288,7 @@ if (peer_offered & PEER_OFFERED_DSN && !lflags.dsn_all_lasthop) if (dsn_envid) { - string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid); + string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid); while (*p) p++; } } @@ -2299,10 +2300,71 @@ Other expansion failures are serious. An empty result is ignored, but there is otherwise no check - this feature is expected to be used with LMTP and other cases where non-standard addresses (e.g. without domains) might be required. */ -if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob)) +if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->ob)) + return ERROR; + +return OK; +} + + +static void +build_rcptcmd_options(smtp_context * sx, const address_item * addr) +{ +uschar * p = sx->buffer; +*p = 0; + +/* Add any DSN flags to the rcpt command */ + +if (sx->peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop)) + { + if (addr->dsn_flags & rf_dsnflags) + { + int i; + BOOL first = TRUE; + + Ustrcpy(p, " NOTIFY="); + while (*p) p++; + for (i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i]) + { + if (!first) *p++ = ','; + first = FALSE; + Ustrcpy(p, rf_names[i]); + while (*p) p++; + } + } + + if (addr->dsn_orcpt) + { + string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s", + addr->dsn_orcpt); + while (*p) p++; + } + } +} + + + +/* +Return: + 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL) + -1 MAIL response error + -2 any non-MAIL read i/o error + -3 non-MAIL response timeout + -4 internal error; channel still usable + -5 transmit failed + */ + +int +smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield) +{ +address_item * addr; +int address_count; +int rc; + +if (build_mailcmd_options(sx, sx->first_addr) != OK) { - yield = ERROR; - goto SEND_QUIT; + *yield = ERROR; + return -4; } /* From here until we send the DATA command, we can make use of PIPELINING @@ -2311,10 +2373,10 @@ at any point, for when the buffer fills up, so we write it totally generally. When PIPELINING is off, each command written reports that it has flushed the buffer. */ -lflags.pending_MAIL = TRUE; /* The block starts with MAIL */ +sx->pending_MAIL = TRUE; /* The block starts with MAIL */ { - uschar * s = return_path; + uschar * s = sx->from_addr; #ifdef SUPPORT_I18N uschar * errstr = NULL; @@ -2322,22 +2384,22 @@ lflags.pending_MAIL = TRUE; /* The block starts with MAIL */ for the to-addresses (done below), and also (ugly) for re-doing when building the delivery log line. */ - if ( addrlist->prop.utf8_msg - && (addrlist->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8)) + if ( sx->addrlist->prop.utf8_msg + && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & PEER_OFFERED_UTF8)) ) { - if (s = string_address_utf8_to_alabel(return_path, &errstr), errstr) + if (s = string_address_utf8_to_alabel(s, &errstr), errstr) { - set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE); - yield = ERROR; - goto SEND_QUIT; + set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE); + *yield = ERROR; + return -4; } - setflag(addrlist, af_utf8_downcvt); + setflag(sx->addrlist, af_utf8_downcvt); } #endif - rc = smtp_write_command(&outblock, pipelining_active, - "MAIL FROM:<%s>%s\r\n", s, buffer); + rc = smtp_write_command(&sx->outblock, pipelining_active, + "MAIL FROM:<%s>%s\r\n", s, sx->buffer); } mail_command = string_copy(big_buffer); /* Save for later error message */ @@ -2345,126 +2407,333 @@ mail_command = string_copy(big_buffer); /* Save for later error message */ switch(rc) { case -1: /* Transmission error */ - goto SEND_FAILED; + return -5; - case +1: /* Block was sent */ - if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->command_timeout)) + case +1: /* Cmd was sent */ + if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2', + sx->ob->command_timeout)) { - if (errno == 0 && buffer[0] == '4') + if (errno == 0 && sx->buffer[0] == '4') { errno = ERRNO_MAIL4XX; - addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8; } - goto RESPONSE_FAILED; + return -1; } - lflags.pending_MAIL = FALSE; + sx->pending_MAIL = FALSE; break; + + /* otherwise zero: command queued for pipeline */ } /* Pass over all the relevant recipient addresses for this host, which are the ones that have status PENDING_DEFER. If we are using PIPELINING, we can send several before we have to read the responses for those seen so far. This checking is done by a subroutine because it also needs to be done at the end. -Send only up to max_rcpt addresses at a time, leaving first_addr pointing to +Send only up to max_rcpt addresses at a time, leaving next_addr pointing to the next one if not all are sent. In the MUA wrapper situation, we want to flush the PIPELINING buffer for the last address because we want to abort if any recipients have any kind of problem, temporary or permanent. We know that all recipient addresses will have the PENDING_DEFER status, because only one attempt is ever made, and we know -that max_rcpt will be large, so all addresses will be done at once. */ +that max_rcpt will be large, so all addresses will be done at once. -for (addr = first_addr; - addr && address_count < max_rcpt; - addr = addr->next) - if (addr->transport_return == PENDING_DEFER) +For verify we flush the pipeline after any (the only) rcpt address. */ + +for (addr = sx->first_addr, address_count = 0; + addr && address_count < sx->max_rcpt; + addr = addr->next) if (addr->transport_return == PENDING_DEFER) { int count; BOOL no_flush; uschar * rcpt_addr; - addr->dsn_aware = peer_offered & PEER_OFFERED_DSN + addr->dsn_aware = sx->peer_offered & PEER_OFFERED_DSN ? dsn_support_yes : dsn_support_no; address_count++; - no_flush = pipelining_active && (!mua_wrapper || addr->next); - - /* Add any DSN flags to the rcpt command and add to the sent string */ + no_flush = pipelining_active && !sx->verify && (!mua_wrapper || addr->next); - p = buffer; - *p = 0; - - if (peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop)) - { - if (addr->dsn_flags & rf_dsnflags) - { - int i; - BOOL first = TRUE; - Ustrcpy(p, " NOTIFY="); - while (*p) p++; - for (i = 0; i < 4; i++) - if ((addr->dsn_flags & rf_list[i]) != 0) - { - if (!first) *p++ = ','; - first = FALSE; - Ustrcpy(p, rf_names[i]); - while (*p) p++; - } - } - - if (addr->dsn_orcpt) - { - string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s", - addr->dsn_orcpt); - while (*p) p++; - } - } + build_rcptcmd_options(sx, addr); /* Now send the RCPT command, and process outstanding responses when necessary. After a timeout on RCPT, we just end the function, leaving the yield as OK, because this error can often mean that there is a problem with just one address, so we don't want to delay the host. */ - rcpt_addr = transport_rcpt_address(addr, tblock->rcpt_include_affixes); + rcpt_addr = transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes); #ifdef SUPPORT_I18N - if ( testflag(addrlist, af_utf8_downcvt) + if ( testflag(sx->addrlist, af_utf8_downcvt) && !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL)) ) { /*XXX could we use a per-address errstr here? Not fail the whole send? */ errno = ERRNO_EXPANDFAIL; - goto SEND_FAILED; + return -5; /*XXX too harsh? */ } #endif - count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n", - rcpt_addr, igquotstr, buffer); + count = smtp_write_command(&sx->outblock, no_flush, "RCPT TO:<%s>%s%s\r\n", + rcpt_addr, sx->igquotstr, sx->buffer); - if (count < 0) goto SEND_FAILED; + if (count < 0) return -5; if (count > 0) { - switch(sync_responses(first_addr, tblock->rcpt_include_affixes, - &sync_addr, host, count, ob->address_retry_include_sender, - lflags.pending_MAIL, 0, &inblock, ob->command_timeout, buffer, - sizeof(buffer))) + switch(sync_responses(sx, count, 0)) { - case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ - case 2: completed_address = TRUE; /* 5xx (only) => progress made */ - break; + case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */ + break; + + case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!sx->lmtp) /* can't tell about progress yet */ + sx->completed_addr = TRUE; + case 0: /* No 2xx or 5xx, but no probs */ + break; + + case -1: return -3; /* Timeout on RCPT */ + case -2: return -2; /* non-MAIL read i/o error */ + default: return -1; /* any MAIL error */ + } + sx->pending_MAIL = FALSE; /* Dealt with MAIL */ + } + } /* Loop for next address */ - case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ - if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ - case 0: /* No 2xx or 5xx, but no probs */ - break; +sx->next_addr = addr; +return 0; +} - case -1: goto END_OFF; /* Timeout on RCPT */ - default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */ + +#ifdef SUPPORT_TLS +/***************************************************** +* Proxy TLS connection for another transport process * +******************************************************/ +/* +Use the smtp-context buffer as a staging area, and select on both the slave +process and the TLS'd fd for data to read (per the coding in ip_recv() and +fd_ready() this is legitimate). Do blocking full-size writes, and reads +under a timeout. + +Arguments: + sx smtp context block + proxy_fd comms to proxied process + timeout per-read timeout, seconds +*/ + +static void +smtp_proxy_tls(smtp_context * sx, int proxy_fd, int timeout) +{ +fd_set fds; +int max_fd = MAX(proxy_fd, tls_out.active) + 1; +int rc, i, fd_bits, nbytes; + +set_process_info("proxying TLS connection for continued transport"); +FD_ZERO(&fds); +FD_SET(tls_out.active, &fds); +FD_SET(proxy_fd, &fds); + +for (fd_bits = 3; fd_bits; ) + { + time_t time_left = timeout; + time_t time_start = time(NULL); + + /* wait for data */ + do + { + struct timeval tv = { time_left, 0 }; + + rc = select(max_fd, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tv); + + if (rc < 0 && errno == EINTR) + if ((time_left -= time(NULL) - time_start) > 0) continue; + + if (rc <= 0) + { + DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__); + return; } - lflags.pending_MAIL = FALSE; /* Dealt with MAIL */ } - } /* Loop for next address */ + while (rc < 0 || !(FD_ISSET(tls_out.active, &fds) || FD_ISSET(proxy_fd, &fds))); + + /* handle inbound data */ + if (FD_ISSET(tls_out.active, &fds)) + if ((rc = tls_read(FALSE, sx->buffer, sizeof(sx->buffer))) <= 0) + { + fd_bits &= ~1; + FD_CLR(tls_out.active, &fds); + shutdown(proxy_fd, SHUT_WR); + } + else + { + for (nbytes = 0; rc - nbytes > 0; nbytes += i) + if ((i = write(proxy_fd, sx->buffer + nbytes, rc - nbytes)) < 0) return; + } + else if (fd_bits & 1) + FD_SET(tls_out.active, &fds); + + /* handle outbound data */ + if (FD_ISSET(proxy_fd, &fds)) + if ((rc = read(proxy_fd, sx->buffer, sizeof(sx->buffer))) <= 0) + { + fd_bits &= ~2; + FD_CLR(proxy_fd, &fds); + shutdown(tls_out.active, SHUT_WR); + } + else + { + for (nbytes = 0; rc - nbytes > 0; nbytes += i) + if ((i = tls_write(FALSE, sx->buffer + nbytes, rc - nbytes)) < 0) return; + } + else if (fd_bits & 2) + FD_SET(proxy_fd, &fds); + } +} +#endif + + +/************************************************* +* Deliver address list to given host * +*************************************************/ + +/* If continue_hostname is not null, we get here only when continuing to +deliver down an existing channel. The channel was passed as the standard +input. TLS is never active on a passed channel; the previous process always +closes it down before passing the connection on. + +Otherwise, we have to make a connection to the remote host, and do the +initial protocol exchange. + +When running as an MUA wrapper, if the sender or any recipient is rejected, +temporarily or permanently, we force failure for all recipients. + +Arguments: + addrlist chain of potential addresses to deliver; only those whose + transport_return field is set to PENDING_DEFER are currently + being processed; others should be skipped - they have either + been delivered to an earlier host or IP address, or been + failed by one of them. + host host to deliver to + host_af AF_INET or AF_INET6 + port default TCP/IP port to use, in host byte order + interface interface to bind to, or NULL + tblock transport instance block + message_defer set TRUE if yield is OK, but all addresses were deferred + because of a non-recipient, non-host failure, that is, a + 4xx response to MAIL FROM, DATA, or ".". This is a defer + that is specific to the message. + suppress_tls if TRUE, don't attempt a TLS connection - this is set for + a second attempt after TLS initialization fails + +Returns: OK - the connection was made and the delivery attempted; + the result for each address is in its data block. + DEFER - the connection could not be made, or something failed + while setting up the SMTP session, or there was a + non-message-specific error, such as a timeout. + ERROR - a filter command is specified for this transport, + and there was a problem setting it up; OR helo_data + or add_headers or authenticated_sender is specified + for this transport, and the string failed to expand +*/ + +static int +smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port, + uschar *interface, transport_instance *tblock, + BOOL *message_defer, BOOL suppress_tls) +{ +address_item *addr; +int yield = OK; +int save_errno; +int rc; +time_t start_delivery_time = time(NULL); + +BOOL pass_message = FALSE; +uschar *message = NULL; +uschar new_message_id[MESSAGE_ID_LENGTH + 1]; +uschar *p; + +smtp_context sx; + +suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */ +*message_defer = FALSE; + +sx.addrlist = addrlist; +sx.host = host; +sx.host_af = host_af, +sx.port = port; +sx.interface = interface; +sx.helo_data = NULL; +sx.tblock = tblock; +sx.verify = FALSE; + +/* Get the channel set up ready for a message (MAIL FROM being the next +SMTP command to send */ + +if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK) + return rc; + +/* If there is a filter command specified for this transport, we can now +set it up. This cannot be done until the identify of the host is known. */ + +if (tblock->filter_command) + { + BOOL rc; + uschar fbuf[64]; + sprintf(CS fbuf, "%.50s transport", tblock->name); + rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command, + TRUE, DEFER, addrlist, fbuf, NULL); + transport_filter_timeout = tblock->filter_timeout; + + /* On failure, copy the error to all addresses, abandon the SMTP call, and + yield ERROR. */ + + if (!rc) + { + set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER, + FALSE); + yield = ERROR; + goto SEND_QUIT; + } + + if ( transport_filter_argv + && *transport_filter_argv + && **transport_filter_argv + && sx.peer_offered & PEER_OFFERED_CHUNKING + ) + { + sx.peer_offered &= ~PEER_OFFERED_CHUNKING; + DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n"); + } + } + + +/* For messages that have more than the maximum number of envelope recipients, +we want to send several transactions down the same SMTP connection. (See +comments in deliver.c as to how this reconciles, heuristically, with +remote_max_parallel.) This optimization was added to Exim after the following +code was already working. The simplest way to put it in without disturbing the +code was to use a goto to jump back to this point when there is another +transaction to handle. */ + +SEND_MESSAGE: +sx.from_addr = return_path; +sx.first_addr = sx.sync_addr = addrlist; +sx.ok = FALSE; +sx.send_rset = TRUE; +sx.completed_addr = FALSE; + + +/* Initiate a message transfer. */ + +switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield)) + { + case 0: break; + case -1: case -2: goto RESPONSE_FAILED; + case -3: goto END_OFF; + case -4: goto SEND_QUIT; + default: goto SEND_FAILED; + } /* If we are an MUA wrapper, abort if any RCPTs were rejected, either permanently or temporarily. We should have flushed and synced after the last @@ -2473,13 +2742,13 @@ RCPT. */ if (mua_wrapper) { address_item *badaddr; - for (badaddr = first_addr; badaddr; badaddr = badaddr->next) + for (badaddr = sx.first_addr; badaddr; badaddr = badaddr->next) if (badaddr->transport_return != PENDING_OK) { /*XXX could we find a better errno than 0 here? */ set_errno_nohost(addrlist, 0, badaddr->message, FAIL, testflag(badaddr, af_pass_message)); - lflags.ok = FALSE; + sx.ok = FALSE; break; } } @@ -2492,22 +2761,20 @@ are pipelining. The responses are all handled by sync_responses(). If using CHUNKING, do not send a BDAT until we know how big a chunk we want to send is. */ -if ( !(peer_offered & PEER_OFFERED_CHUNKING) - && (lflags.ok || (pipelining_active && !mua_wrapper))) +if ( !(sx.peer_offered & PEER_OFFERED_CHUNKING) + && (sx.ok || (pipelining_active && !mua_wrapper))) { - int count = smtp_write_command(&outblock, FALSE, "DATA\r\n"); + int count = smtp_write_command(&sx.outblock, FALSE, "DATA\r\n"); if (count < 0) goto SEND_FAILED; - switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr, - host, count, ob->address_retry_include_sender, lflags.pending_MAIL, - lflags.ok ? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer))) + switch(sync_responses(&sx, count, sx.ok ? +1 : -1)) { - case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ - case 2: completed_address = TRUE; /* 5xx (only) => progress made */ + case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */ break; - case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ - if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ + case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */ case 0: break; /* No 2xx or 5xx, but no probs */ case -1: goto END_OFF; /* Timeout on RCPT */ @@ -2524,12 +2791,12 @@ for handling the SMTP dot-handling protocol, flagging to apply to headers as well as body. Set the appropriate timeout value to be used for each chunk. (Haven't been able to make it work using select() for writing yet.) */ -if (!(peer_offered & PEER_OFFERED_CHUNKING) && !lflags.ok) +if (!(sx.peer_offered & PEER_OFFERED_CHUNKING) && !sx.ok) { /* Save the first address of the next batch. */ - first_addr = addr; + sx.first_addr = sx.next_addr; - lflags.ok = TRUE; + sx.ok = TRUE; } else { @@ -2550,48 +2817,42 @@ else of responses. The callback needs a whole bunch of state so set up a transport-context structure to be passed around. */ - if (peer_offered & PEER_OFFERED_CHUNKING) + if (sx.peer_offered & PEER_OFFERED_CHUNKING) { tctx.check_string = tctx.escape_string = NULL; tctx.options |= topt_use_bdat; tctx.chunk_cb = smtp_chunk_cmd_callback; - tctx.inblock = &inblock; - tctx.outblock = &outblock; - tctx.host = host; - tctx.first_addr = first_addr; - tctx.sync_addr = &sync_addr; - tctx.pending_MAIL = lflags.pending_MAIL; - tctx.pending_BDAT = FALSE; - tctx.good_RCPT = lflags.ok; - tctx.completed_address = &completed_address; - tctx.cmd_count = 0; - tctx.buffer = buffer; + sx.pending_BDAT = FALSE; + sx.good_RCPT = sx.ok; + sx.cmd_count = 0; + tctx.smtp_context = &sx; } else tctx.options |= topt_end_dot; /* Save the first address of the next batch. */ - first_addr = addr; + sx.first_addr = sx.next_addr; /* Responses from CHUNKING commands go in buffer. Otherwise, there has not been a response. */ - buffer[0] = 0; + sx.buffer[0] = 0; sigalrm_seen = FALSE; - transport_write_timeout = ob->data_timeout; + transport_write_timeout = sx.ob->data_timeout; smtp_command = US"sending data block"; /* For error messages */ DEBUG(D_transport|D_v) - if (peer_offered & PEER_OFFERED_CHUNKING) + if (sx.peer_offered & PEER_OFFERED_CHUNKING) debug_printf(" will write message using CHUNKING\n"); else debug_printf(" SMTP>> writing message and terminating \".\"\n"); transport_count = 0; #ifndef DISABLE_DKIM - lflags.ok = dkim_transport_write_message(inblock.sock, &tctx, &ob->dkim); + sx.ok = dkim_transport_write_message(sx.inblock.sock, &tctx, &sx.ob->dkim, + CUSS &message); #else - lflags.ok = transport_write_message(inblock.sock, &tctx, 0); + sx.ok = transport_write_message(sx.inblock.sock, &tctx, 0); #endif /* transport_write_message() uses write() because it is called from other @@ -2605,8 +2866,9 @@ else or the failure of a transport filter or the expansion of added headers. Or, when CHUNKING, it can be a protocol-detected failure. */ - if (!lflags.ok) - goto RESPONSE_FAILED; + if (!sx.ok) + if (message) goto SEND_FAILED; + else goto RESPONSE_FAILED; /* We used to send the terminating "." explicitly here, but because of buffering effects at both ends of TCP/IP connections, you don't gain @@ -2616,20 +2878,17 @@ else smtp_command = US"end of data"; - if (peer_offered & PEER_OFFERED_CHUNKING && tctx.cmd_count > 1) + if (sx.peer_offered & PEER_OFFERED_CHUNKING && sx.cmd_count > 1) { /* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */ - switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr, - host, tctx.cmd_count-1, ob->address_retry_include_sender, - lflags.pending_MAIL, 0, - &inblock, ob->command_timeout, buffer, sizeof(buffer))) + switch(sync_responses(&sx, sx.cmd_count-1, 0)) { - case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */ - case 2: completed_address = TRUE; /* 5xx (only) => progress made */ + case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */ + case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */ break; - case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ - if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */ + case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ + if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */ case 0: break; /* No 2xx or 5xx, but no probs */ case -1: goto END_OFF; /* Timeout on RCPT */ @@ -2642,18 +2901,18 @@ else * followed by the individual responses, before going on with * the overall response. If we don't get the warning then deal * with per non-PRDR. */ - if(lflags.prdr_active) + if(sx.prdr_active) { - lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3', - ob->final_timeout); - if (!lflags.ok && errno == 0) switch(buffer[0]) + sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '3', + sx.ob->final_timeout); + if (!sx.ok && errno == 0) switch(sx.buffer[0]) { - case '2': lflags.prdr_active = FALSE; - lflags.ok = TRUE; + case '2': sx.prdr_active = FALSE; + sx.ok = TRUE; break; case '4': errno = ERRNO_DATA4XX; addrlist->more_errno |= - ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8; break; } } @@ -2663,14 +2922,14 @@ else /* For non-PRDR SMTP, we now read a single response that applies to the whole message. If it is OK, then all the addresses have been delivered. */ - if (!lflags.lmtp) + if (!sx.lmtp) { - lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->final_timeout); - if (!lflags.ok && errno == 0 && buffer[0] == '4') + sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2', + sx.ob->final_timeout); + if (!sx.ok && errno == 0 && sx.buffer[0] == '4') { errno = ERRNO_DATA4XX; - addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8; } } @@ -2686,14 +2945,14 @@ else software before the spool gets updated. Also record the final SMTP confirmation if needed (for SMTP only). */ - if (lflags.ok) + if (sx.ok) { int flag = '='; int delivery_time = (int)(time(NULL) - start_delivery_time); int len; uschar *conf = NULL; - lflags.send_rset = FALSE; + sx.send_rset = FALSE; pipelining_active = FALSE; /* Set up confirmation if needed - applies only to SMTP */ @@ -2702,18 +2961,18 @@ else #ifdef DISABLE_EVENT LOGGING(smtp_confirmation) && #endif - !lflags.lmtp + !sx.lmtp ) { - const uschar *s = string_printing(buffer); + const uschar *s = string_printing(sx.buffer); /* deconst cast ok here as string_printing was checked to have alloc'n'copied */ - conf = (s == buffer)? (uschar *)string_copy(s) : US s; + conf = (s == sx.buffer)? (uschar *)string_copy(s) : US s; } /* Process all transported addresses - for LMTP or PRDR, read a status for each one. */ - for (addr = addrlist; addr != first_addr; addr = addr->next) + for (addr = addrlist; addr != sx.first_addr; addr = addr->next) { if (addr->transport_return != PENDING_OK) continue; @@ -2723,43 +2982,43 @@ else it doesn't get tried again too soon. */ #ifndef DISABLE_PRDR - if (lflags.lmtp || lflags.prdr_active) + if (sx.lmtp || sx.prdr_active) #else - if (lflags.lmtp) + if (sx.lmtp) #endif { - if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->final_timeout)) + if (!smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2', + sx.ob->final_timeout)) { - if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED; + if (errno != 0 || sx.buffer[0] == 0) goto RESPONSE_FAILED; addr->message = string_sprintf( #ifndef DISABLE_PRDR - "%s error after %s: %s", lflags.prdr_active ? "PRDR":"LMTP", + "%s error after %s: %s", sx.prdr_active ? "PRDR":"LMTP", #else "LMTP error after %s: %s", #endif - data_command, string_printing(buffer)); + data_command, string_printing(sx.buffer)); setflag(addr, af_pass_message); /* Allow message to go to user */ - if (buffer[0] == '5') + if (sx.buffer[0] == '5') addr->transport_return = FAIL; else { errno = ERRNO_DATA4XX; - addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + addr->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8; addr->transport_return = DEFER; #ifndef DISABLE_PRDR - if (!lflags.prdr_active) + if (!sx.prdr_active) #endif retry_add_item(addr, addr->address_retry_key, 0); } continue; } - completed_address = TRUE; /* NOW we can set this flag */ + sx.completed_addr = TRUE; /* NOW we can set this flag */ if (LOGGING(smtp_confirmation)) { - const uschar *s = string_printing(buffer); + const uschar *s = string_printing(sx.buffer); /* deconst cast ok here as string_printing was checked to have alloc'n'copied */ - conf = (s == buffer)? (uschar *)string_copy(s) : US s; + conf = (s == sx.buffer) ? US string_copy(s) : US s; } } @@ -2772,13 +3031,13 @@ else addr->special_action = flag; addr->message = conf; #ifndef DISABLE_PRDR - if (lflags.prdr_active) addr->flags |= af_prdr_used; + if (sx.prdr_active) addr->flags |= af_prdr_used; #endif - if (peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used; + if (sx.peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used; flag = '-'; #ifndef DISABLE_PRDR - if (!lflags.prdr_active) + if (!sx.prdr_active) #endif { /* Update the journal. For homonymic addresses, use the base address plus @@ -2787,55 +3046,55 @@ else write error, as it may prove possible to update the spool file later. */ if (testflag(addr, af_homonym)) - sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); + sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); else - sprintf(CS buffer, "%.500s\n", addr->unique); + sprintf(CS sx.buffer, "%.500s\n", addr->unique); - DEBUG(D_deliver) debug_printf("journalling %s\n", buffer); - len = Ustrlen(CS buffer); - if (write(journal_fd, buffer, len) != len) + DEBUG(D_deliver) debug_printf("journalling %s\n", sx.buffer); + len = Ustrlen(CS sx.buffer); + if (write(journal_fd, sx.buffer, len) != len) log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " - "%s: %s", buffer, strerror(errno)); + "%s: %s", sx.buffer, strerror(errno)); } } #ifndef DISABLE_PRDR - if (lflags.prdr_active) + if (sx.prdr_active) { /* PRDR - get the final, overall response. For any non-success upgrade all the address statuses. */ - lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->final_timeout); - if (!lflags.ok) + sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2', + sx.ob->final_timeout); + if (!sx.ok) { - if(errno == 0 && buffer[0] == '4') + if(errno == 0 && sx.buffer[0] == '4') { errno = ERRNO_DATA4XX; - addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8; } - for (addr = addrlist; addr != first_addr; addr = addr->next) - if (buffer[0] == '5' || addr->transport_return == OK) + for (addr = addrlist; addr != sx.first_addr; addr = addr->next) + if (sx.buffer[0] == '5' || addr->transport_return == OK) addr->transport_return = PENDING_OK; /* allow set_errno action */ goto RESPONSE_FAILED; } /* Update the journal, or setup retry. */ - for (addr = addrlist; addr != first_addr; addr = addr->next) + for (addr = addrlist; addr != sx.first_addr; addr = addr->next) if (addr->transport_return == OK) - { - if (testflag(addr, af_homonym)) - sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); - else - sprintf(CS buffer, "%.500s\n", addr->unique); - - DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", buffer); - len = Ustrlen(CS buffer); - if (write(journal_fd, buffer, len) != len) - log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " - "%s: %s", buffer, strerror(errno)); - } - else if (addr->transport_return == DEFER) - retry_add_item(addr, addr->address_retry_key, -2); + { + if (testflag(addr, af_homonym)) + sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); + else + sprintf(CS sx.buffer, "%.500s\n", addr->unique); + + DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx.buffer); + len = Ustrlen(CS sx.buffer); + if (write(journal_fd, sx.buffer, len) != len) + log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " + "%s: %s", sx.buffer, strerror(errno)); + } + else if (addr->transport_return == DEFER) + retry_add_item(addr, addr->address_retry_key, -2); } #endif @@ -2856,7 +3115,7 @@ assumed if errno == 0 and there is no text in the buffer. If control reaches here during the setting up phase (i.e. before MAIL FROM) then always defer, as the problem is not related to this specific message. */ -if (!lflags.ok) +if (!sx.ok) { int code, set_rc; uschar * set_message; @@ -2865,8 +3124,8 @@ if (!lflags.ok) { save_errno = errno; message = NULL; - lflags.send_quit = check_response(host, &save_errno, addrlist->more_errno, - buffer, &code, &message, &pass_message); + sx.send_quit = check_response(host, &save_errno, addrlist->more_errno, + sx.buffer, &code, &message, &pass_message); goto FAILED; } @@ -2874,38 +3133,18 @@ if (!lflags.ok) { save_errno = errno; code = '4'; - message = US string_sprintf("send() to %s [%s] failed: %s", - host->name, host->address, strerror(save_errno)); - lflags.send_quit = FALSE; + message = string_sprintf("send() to %s [%s] failed: %s", + host->name, host->address, message ? message : US strerror(save_errno)); + sx.send_quit = FALSE; goto FAILED; } - /* This label is jumped to directly when a TLS negotiation has failed, - or was not done for a host for which it is required. Values will be set - in message and save_errno, and setting_up will always be true. Treat as - a temporary error. */ - -#ifdef SUPPORT_TLS - TLS_FAILED: - code = '4'; -#endif - - /* If the failure happened while setting up the call, see if the failure was - a 5xx response (this will either be on connection, or following HELO - a 5xx - after EHLO causes it to try HELO). If so, fail all addresses, as this host is - never going to accept them. For other errors during setting up (timeouts or - whatever), defer all addresses, and yield DEFER, so that the host is not - tried again for a while. */ - FAILED: - lflags.ok = FALSE; /* For when reached by GOTO */ - set_message = message; + { + BOOL message_error; - if (lflags.setting_up) - if (code == '5') - set_rc = FAIL; - else - yield = set_rc = DEFER; + sx.ok = FALSE; /* For when reached by GOTO */ + set_message = message; /* We want to handle timeouts after MAIL or "." and loss of connection after "." specially. They can indicate a problem with the sender address or with @@ -2913,17 +3152,8 @@ if (!lflags.ok) cases are treated in the same way as a 4xx response. This next bit of code does the classification. */ - else - { - BOOL message_error; - switch(save_errno) { -#ifdef SUPPORT_I18N - case ERRNO_UTF8_FWD: - code = '5'; - /*FALLTHROUGH*/ -#endif case 0: case ERRNO_MAIL4XX: case ERRNO_DATA4XX: @@ -2996,7 +3226,7 @@ if (!lflags.ok) set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host #ifdef EXPERIMENTAL_DSN_INFO - , smtp_greeting, helo_response + , sx.smtp_greeting, sx.helo_response #endif ); } @@ -3032,10 +3262,10 @@ hosts_nopass_tls. */ DEBUG(D_transport) debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d " - "yield=%d first_address is %sNULL\n", lflags.ok, lflags.send_quit, - lflags.send_rset, continue_more, yield, first_addr ? "not " : ""); + "yield=%d first_address is %sNULL\n", sx.ok, sx.send_quit, + sx.send_rset, continue_more, yield, sx.first_addr ? "not " : ""); -if (completed_address && lflags.ok && lflags.send_quit) +if (sx.completed_addr && sx.ok && sx.send_quit) { BOOL more; smtp_compare_t t_compare; @@ -3043,12 +3273,15 @@ if (completed_address && lflags.ok && lflags.send_quit) t_compare.tblock = tblock; t_compare.current_sender_address = sender_address; - if ( first_addr != NULL + if ( sx.first_addr != NULL || continue_more - || ( ( tls_out.active < 0 - || verify_check_given_host(&ob->hosts_nopass_tls, host) != OK + || ( +#ifdef SUPPORT_TLS + ( tls_out.active < 0 && !continue_proxy + || verify_check_given_host(&sx.ob->hosts_nopass_tls, host) != OK ) && +#endif transport_check_waiting(tblock->name, host->name, tblock->connection_max_messages, new_message_id, &more, (oicf)smtp_are_same_identities, (void*)&t_compare) @@ -3057,74 +3290,118 @@ if (completed_address && lflags.ok && lflags.send_quit) uschar *msg; BOOL pass_message; - if (lflags.send_rset) - { - if (! (lflags.ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0)) + if (sx.send_rset) + if (! (sx.ok = smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0)) { msg = US string_sprintf("send() to %s [%s] failed: %s", host->name, - host->address, strerror(save_errno)); - lflags.send_quit = FALSE; + host->address, strerror(errno)); + sx.send_quit = FALSE; } - else if (! (lflags.ok = smtp_read_response(&inblock, buffer, - sizeof(buffer), '2', ob->command_timeout))) + else if (! (sx.ok = smtp_read_response(&sx.inblock, sx.buffer, + sizeof(sx.buffer), '2', sx.ob->command_timeout))) { int code; - lflags.send_quit = check_response(host, &errno, 0, buffer, &code, &msg, + sx.send_quit = check_response(host, &errno, 0, sx.buffer, &code, &msg, &pass_message); - if (!lflags.send_quit) + if (!sx.send_quit) { DEBUG(D_transport) debug_printf("H=%s [%s] %s\n", host->name, host->address, msg); } } - } /* Either RSET was not needed, or it succeeded */ - if (lflags.ok) + if (sx.ok) { - if (first_addr != NULL) /* More addresses still to be sent */ + int pfd[2]; + int socket_fd = sx.inblock.sock; + + + if (sx.first_addr != NULL) /* More addresses still to be sent */ { /* in this run of the transport */ continue_sequence++; /* Causes * in logging */ goto SEND_MESSAGE; } if (continue_more) return yield; /* More addresses for another run */ - /* Pass the socket to a new Exim process. Before doing so, we must shut - down TLS. Not all MTAs allow for the continuation of the SMTP session - when TLS is shut down. We test for this by sending a new EHLO. If we - don't get a good response, we don't attempt to pass the socket on. */ - + /* Pass the connection on to a new Exim process. */ #ifdef SUPPORT_TLS if (tls_out.active >= 0) - { - tls_close(FALSE, TRUE); - smtp_peer_options = smtp_peer_options_wrap; - if (lflags.smtps) - lflags.ok = FALSE; - else - lflags.ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 && - smtp_read_response(&inblock, buffer, sizeof(buffer), '2', - ob->command_timeout); - } + if (verify_check_given_host(&sx.ob->hosts_noproxy_tls, host) == OK) + { + /* Pass the socket, for direct use, to a new Exim process. Before + doing so, we must shut down TLS. Not all MTAs allow for the + continuation of the SMTP session when TLS is shut down. We test for + this by sending a new EHLO. If we don't get a good response, we don't + attempt to pass the socket on. */ + + tls_close(FALSE, TRUE); + smtp_peer_options = smtp_peer_options_wrap; + sx.ok = !sx.smtps + && smtp_write_command(&sx.outblock, FALSE, + "EHLO %s\r\n", sx.helo_data) >= 0 + && smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), + '2', sx.ob->command_timeout); + } + else + { + /* Set up a pipe for proxying TLS for the new transport process */ + + smtp_peer_options |= PEER_OFFERED_TLS; + if (sx.ok = (socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0)) + socket_fd = pfd[1]; + else + set_errno(sx.first_addr, errno, US"internal allocation problem", + DEFER, FALSE, host +# ifdef EXPERIMENTAL_DSN_INFO + , sx.smtp_greeting, sx.helo_response +# endif + ); + } #endif - /* If the socket is successfully passed, we musn't send QUIT (or + /* If the socket is successfully passed, we mustn't send QUIT (or indeed anything!) from here. */ /*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to propagate it from the initial */ - if (lflags.ok && transport_pass_socket(tblock->name, host->name, - host->address, new_message_id, inblock.sock)) - lflags.send_quit = FALSE; + if (sx.ok && transport_pass_socket(tblock->name, host->name, + host->address, new_message_id, socket_fd)) + { + sx.send_quit = FALSE; + + /* If TLS is still active, we need to proxy it for the transport we + just passed the baton to. Fork a child to to do it, and return to + get logging done asap. Which way to place the work makes assumptions + about post-fork prioritisation which may not hold on all platforms. */ + + if (tls_out.active >= 0) + { + int pid = fork(); + if (pid > 0) /* parent */ + { + tls_close(FALSE, FALSE); + (void)close(sx.inblock.sock); + continue_transport = NULL; + continue_hostname = NULL; + return yield; + } + else if (pid == 0) /* child */ + { + smtp_proxy_tls(&sx, pfd[0], sx.ob->command_timeout); + exim_exit(0); + } + } + } } /* If RSET failed and there are addresses left, they get deferred. */ - - else set_errno(first_addr, errno, msg, DEFER, FALSE, host + else + set_errno(sx.first_addr, errno, msg, DEFER, FALSE, host #ifdef EXPERIMENTAL_DSN_INFO - , smtp_greeting, helo_response + , sx.smtp_greeting, sx.helo_response #endif ); } @@ -3149,7 +3426,7 @@ This change is being made on 31-Jul-98. After over a year of trouble-free operation, the old commented-out code was removed on 17-Sep-99. */ SEND_QUIT: -if (lflags.send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); +if (sx.send_quit) (void)smtp_write_command(&sx.outblock, FALSE, "QUIT\r\n"); END_OFF: @@ -3167,15 +3444,15 @@ writing RSET might have failed, or there may be other addresses whose hosts are specified in the transports, and therefore not visible at top level, in which case continue_more won't get set. */ -HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); -if (lflags.send_quit) +HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); +if (sx.send_quit) { - shutdown(outblock.sock, SHUT_WR); - if (fcntl(inblock.sock, F_SETFL, O_NONBLOCK) == 0) - for (rc = 16; read(inblock.sock, inbuffer, sizeof(inbuffer)) > 0 && rc > 0;) + shutdown(sx.outblock.sock, SHUT_WR); + if (fcntl(sx.inblock.sock, F_SETFL, O_NONBLOCK) == 0) + for (rc = 16; read(sx.inblock.sock, sx.inbuffer, sizeof(sx.inbuffer)) > 0 && rc > 0;) rc--; /* drain socket */ } -(void)close(inblock.sock); +(void)close(sx.inblock.sock); #ifndef DISABLE_EVENT (void) event_raise(tblock->event_action, US"tcp:close", NULL); @@ -3210,7 +3487,7 @@ void smtp_transport_closedown(transport_instance *tblock) { smtp_transport_options_block *ob = - (smtp_transport_options_block *)(tblock->options_block); + (smtp_transport_options_block *)tblock->options_block; smtp_inblock inblock; smtp_outblock outblock; uschar buffer[256]; @@ -3597,7 +3874,7 @@ for (cutoff_retry = 0; commonly points to a configuration error, but the best action is still to carry on for the next host. */ - if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED) + if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED) { retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0); expired = FALSE; @@ -3610,8 +3887,11 @@ for (cutoff_retry = 0; { if (addr->transport_return != DEFER) continue; addr->basic_errno = ERRNO_UNKNOWNHOST; - addr->message = - string_sprintf("failed to lookup IP address for %s", host->name); + addr->message = string_sprintf( + rc == HOST_FIND_SECURITY + ? "lookup of IP address for %s was insecure" + : "failed to lookup IP address for %s", + host->name); } continue; } @@ -3729,7 +4009,7 @@ for (cutoff_retry = 0; host_is_expired = retry_check_address(addrlist->domain, host, pistring, incl_ip, &retry_host_key, &retry_message_key); - DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name, + DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name, (host->address == NULL)? US"" : host->address, pistring, (host->status == hstatus_usable)? "usable" : (host->status == hstatus_unusable)? "unusable" : @@ -3750,6 +4030,7 @@ for (cutoff_retry = 0; { case hwhy_retry: hosts_retry++; break; case hwhy_failed: hosts_fail++; break; + case hwhy_insecure: case hwhy_deferred: hosts_defer++; break; } @@ -3933,8 +4214,9 @@ for (cutoff_retry = 0; && verify_check_given_host(&ob->hosts_require_tls, host) != OK ) { - log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted " - "to %s [%s] (not in hosts_require_tls)", host->name, host->address); + log_write(0, LOG_MAIN, + "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)", + first_addr->message, host->name, host->address); first_addr = prepare_addresses(addrlist, host); rc = smtp_deliver(addrlist, thost, host_af, port, interface, tblock, &message_defer, TRUE); diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index c8df38ab4..88b608bcc 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -2,9 +2,16 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ +#define DELIVER_BUFFER_SIZE 4096 + +#define PENDING 256 +#define PENDING_DEFER (PENDING + DEFER) +#define PENDING_OK (PENDING + OK) + + /* Private structure for the private options and other private data. */ typedef struct { @@ -39,7 +46,10 @@ typedef struct { uschar *hosts_verify_avoid_tls; uschar *hosts_avoid_pipelining; uschar *hosts_avoid_esmtp; +#ifdef SUPPORT_TLS uschar *hosts_nopass_tls; + uschar *hosts_noproxy_tls; +#endif int command_timeout; int connect_timeout; int data_timeout; @@ -82,6 +92,69 @@ typedef struct { #endif } smtp_transport_options_block; +/* smtp connect context */ +typedef struct { + uschar * from_addr; + address_item * addrlist; + host_item * host; + int host_af; + int port; + uschar * interface; + + BOOL verify:1; + BOOL lmtp:1; + BOOL smtps:1; + BOOL ok:1; + BOOL setting_up:1; + BOOL esmtp:1; + BOOL esmtp_sent:1; +#ifndef DISABLE_PRDR + BOOL prdr_active:1; +#endif +#ifdef SUPPORT_I18N + BOOL utf8_needed:1; +#endif + BOOL dsn_all_lasthop:1; +#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) + BOOL dane:1; + BOOL dane_required:1; +#endif + BOOL pending_MAIL:1; + BOOL pending_BDAT:1; + BOOL good_RCPT:1; + BOOL completed_addr:1; + BOOL send_rset:1; + BOOL send_quit:1; + + int max_rcpt; + int cmd_count; + + uschar peer_offered; + uschar * igquotstr; + uschar * helo_data; +#ifdef EXPERIMENTAL_DSN_INFO + uschar * smtp_greeting; + uschar * helo_response; +#endif + + address_item * first_addr; + address_item * next_addr; + address_item * sync_addr; + + smtp_inblock inblock; + smtp_outblock outblock; + uschar buffer[DELIVER_BUFFER_SIZE]; + uschar inbuffer[4096]; + uschar outbuffer[4096]; + + transport_instance * tblock; + smtp_transport_options_block * ob; +} smtp_context; + +extern int smtp_setup_conn(smtp_context *, BOOL); +extern int smtp_write_mail_and_rcpt_cmds(smtp_context *, int *); + + /* Data for reading the private options. */ extern optionlist smtp_transport_options[]; diff --git a/src/src/transports/smtp_socks.c b/src/src/transports/smtp_socks.c index 33b25d1da..555843068 100644 --- a/src/src/transports/smtp_socks.c +++ b/src/src/transports/smtp_socks.c @@ -112,7 +112,7 @@ switch(method) case AUTH_NONE: return OK; case AUTH_NAME: - HDEBUG(D_transport|D_acl|D_v) debug_printf(" socks auth NAME '%s' '%s'\n", + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" socks auth NAME '%s' '%s'\n", sob->auth_name, sob->auth_pwd); i = Ustrlen(sob->auth_name); j = Ustrlen(sob->auth_pwd); @@ -122,7 +122,7 @@ switch(method) HDEBUG(D_transport|D_acl|D_v) { int i; - debug_printf(" SOCKS>>"); + debug_printf_indent(" SOCKS>>"); for (i = 0; i> 05 01 %02x\n", sob->auth_type); +HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SOCKS>> 05 01 %02x\n", sob->auth_type); buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type; if (send(fd, buf, 3, 0) < 0) goto snd_err; @@ -316,7 +316,7 @@ if ( !fd_ready(fd, tmo-time(NULL)) ) goto rcv_err; HDEBUG(D_transport|D_acl|D_v) - debug_printf(" SOCKS<< %02x %02x\n", buf[0], buf[1]); + debug_printf_indent(" SOCKS<< %02x %02x\n", buf[0], buf[1]); if ( buf[0] != 5 || socks_auth(fd, buf[1], sob, tmo) != OK ) @@ -351,7 +351,7 @@ state = US"connect"; HDEBUG(D_transport|D_acl|D_v) { int i; - debug_printf(" SOCKS>>"); + debug_printf_indent(" SOCKS>>"); for (i = 0; i>"); + debug_printf_indent(" SOCKS>>"); for (i = 0; i nelem(socks_errs) ? NULL : socks_errs + buf[1]; HDEBUG(D_transport|D_acl|D_v) - debug_printf(" proxy %s: %s\n", state, se ? se->reason : US"unknown error code received"); + debug_printf_indent(" proxy %s: %s\n", state, se ? se->reason : US"unknown error code received"); errno = se ? se->errcode : EPROTO; } rcv_err: - HDEBUG(D_transport|D_acl|D_v) debug_printf(" proxy rcv_err %s: %s\n", state, strerror(errno)); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" proxy rcv_err %s: %s\n", state, strerror(errno)); if (!errno) errno = EPROTO; else if (errno == ENOENT) errno = ECONNABORTED; return -1; diff --git a/src/src/transports/tf_maildir.c b/src/src/transports/tf_maildir.c index 0fbb77243..7be72896a 100644 --- a/src/src/transports/tf_maildir.c +++ b/src/src/transports/tf_maildir.c @@ -356,7 +356,7 @@ Or, at least, it is supposed to! Arguments: path the path to the maildir directory; this is already backed-up - to the parent if the delivery diretory is a maildirfolder + to the parent if the delivery directory is a maildirfolder ob the appendfile options block regex a compiled regex for getting a file's size from its name dir_regex a compiled regex for selecting maildir directories diff --git a/src/src/tree.c b/src/src/tree.c index 72c084a6e..3b6c3603b 100644 --- a/src/src/tree.c +++ b/src/src/tree.c @@ -330,11 +330,11 @@ Returns: pointer to node, or NULL if not found tree_node * tree_search(tree_node *p, const uschar *name) { -while (p != NULL) +while (p) { int c = Ustrcmp(name, p->name); if (c == 0) return p; - p = (c < 0)? p->left : p->right; + p = c < 0 ? p->left : p->right; } return NULL; } @@ -355,10 +355,10 @@ Arguments: void tree_walk(tree_node *p, void (*f)(uschar*, uschar*, void*), void *ctx) { -if (p == NULL) return; +if (!p) return; f(p->name, p->data.ptr, ctx); -if (p->left != NULL) tree_walk(p->left, f, ctx); -if (p->right != NULL) tree_walk(p->right, f, ctx); +tree_walk(p->left, f, ctx); +tree_walk(p->right, f, ctx); } diff --git a/src/src/utf8.c b/src/src/utf8.c index be5bcb078..7b7b88f66 100644 --- a/src/src/utf8.c +++ b/src/src/utf8.c @@ -52,6 +52,10 @@ uschar * s1, * s; int rc; #ifdef SUPPORT_I18N_2008 +/* Avoid lowercasing plain-ascii domains */ +if (!string_is_utf8(utf8)) + return string_copy(utf8); + /* Only lowercase is accepted by the library call. A pity since we lose any mixed-case annotation. This does not really matter for a domain. */ { @@ -198,7 +202,7 @@ return NULL; /* Whole address conversion. The *err string pointer should be null before the call. -Return NULL on oeeror, with (optional) errstring pointer filled in +Return NULL on error, with (optional) errstring pointer filled in */ uschar * diff --git a/src/src/valgrind.h b/src/src/valgrind.h index f16e70177..01c49dae7 100644 --- a/src/src/valgrind.h +++ b/src/src/valgrind.h @@ -1271,7 +1271,7 @@ typedef /* NB 9 Sept 07. There is a nasty kludge here in all these CALL_FN_ macros. In order not to trash the stack redzone, we need to drop %rsp by 128 before the hidden call, and restore afterwards. The - nastyness is that it is only by luck that the stack still appears + nastiness is that it is only by luck that the stack still appears to be unwindable during the hidden call - since then the behaviour of any routine using this macro does not match what the CFI data says. Sigh. @@ -4493,7 +4493,7 @@ VALGRIND_PRINTF_BACKTRACE(const char *format, ...) /* These requests allow control to move from the simulated CPU to the - real CPU, calling an arbitary function. + real CPU, calling an arbitrary function. Note that the current ThreadId is inserted as the first argument. So this call: diff --git a/src/src/verify.c b/src/src/verify.c index 0959b0051..9ff1807d4 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2016 */ +/* Copyright (c) University of Cambridge 1995 - 2017 */ /* See the file NOTICE for conditions of use and distribution. */ /* Functions concerned with verifying things. The original code for callout @@ -119,98 +119,21 @@ return cache_record; -/************************************************* -* Do callout verification for an address * -*************************************************/ - -/* This function is called from verify_address() when the address has routed to -a host list, and a callout has been requested. Callouts are expensive; that is -why a cache is used to improve the efficiency. - -Arguments: - addr the address that's been routed - host_list the list of hosts to try - tf the transport feedback block +/* Check the callout cache. +Options * pm_mailfrom may be modified by cache partial results. - ifstring "interface" option from transport, or NULL - portstring "port" option from transport, or NULL - protocolstring "protocol" option from transport, or NULL - callout the per-command callout timeout - callout_overall the overall callout timeout (if < 0 use 4*callout) - callout_connect the callout connection timeout (if < 0 use callout) - options the verification options - these bits are used: - vopt_is_recipient => this is a recipient address - vopt_callout_no_cache => don't use callout cache - vopt_callout_fullpm => if postmaster check, do full one - vopt_callout_random => do the "random" thing - vopt_callout_recipsender => use real sender for recipient - vopt_callout_recippmaster => use postmaster for recipient - se_mailfrom MAIL FROM address for sender verify; NULL => "" - pm_mailfrom if non-NULL, do the postmaster check with this sender - -Returns: OK/FAIL/DEFER +Return: TRUE if result found */ -static int -do_callout(address_item *addr, host_item *host_list, transport_feedback *tf, - int callout, int callout_overall, int callout_connect, int options, - uschar *se_mailfrom, uschar *pm_mailfrom) +static BOOL +cached_callout_lookup(address_item * addr, uschar * address_key, + uschar * from_address, int * opt_ptr, uschar ** pm_ptr, + int * yield, uschar ** failure_ptr, + dbdata_callout_cache * new_domain_record, int * old_domain_res) { -int yield = OK; -int old_domain_cache_result = ccache_accept; -BOOL done = FALSE; -uschar *address_key; -uschar *from_address; -uschar *random_local_part = NULL; -const uschar *save_deliver_domain = deliver_domain; -uschar **failure_ptr = options & vopt_is_recipient - ? &recipient_verify_failure : &sender_verify_failure; +int options = *opt_ptr; open_db dbblock; open_db *dbm_file = NULL; -dbdata_callout_cache new_domain_record; -dbdata_callout_cache_address new_address_record; -host_item *host; -time_t callout_start_time; -uschar peer_offered = 0; - -new_domain_record.result = ccache_unknown; -new_domain_record.postmaster_result = ccache_unknown; -new_domain_record.random_result = ccache_unknown; - -memset(&new_address_record, 0, sizeof(new_address_record)); - -/* For a recipient callout, the key used for the address cache record must -include the sender address if we are using the real sender in the callout, -because that may influence the result of the callout. */ - -address_key = addr->address; -from_address = US""; - -if (options & vopt_is_recipient) - { - if (options & vopt_callout_recipsender) - { - address_key = string_sprintf("%s/<%s>", addr->address, sender_address); - from_address = sender_address; - if (cutthrough.delivery) options |= vopt_callout_no_cache; - } - else if (options & vopt_callout_recippmaster) - { - address_key = string_sprintf("%s/", addr->address, - qualify_domain_sender); - from_address = string_sprintf("postmaster@%s", qualify_domain_sender); - } - } - -/* For a sender callout, we must adjust the key if the mailfrom address is not -empty. */ - -else - { - from_address = (se_mailfrom == NULL)? US"" : se_mailfrom; - if (from_address[0] != 0) - address_key = string_sprintf("%s/<%s>", addr->address, from_address); - } /* Open the callout cache database, it it exists, for reading only at this stage, unless caching has been disabled. */ @@ -219,21 +142,19 @@ if (options & vopt_callout_no_cache) { HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n"); } -else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL) +else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE))) { HDEBUG(D_verify) debug_printf("callout cache: not available\n"); } - -/* If a cache database is available see if we can avoid the need to do an -actual callout by making use of previously-obtained data. */ - -if (dbm_file) +else { - dbdata_callout_cache_address *cache_address_record; - dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file, - addr->domain, US"domain", - callout_cache_domain_positive_expire, - callout_cache_domain_negative_expire); + /* If a cache database is available see if we can avoid the need to do an + actual callout by making use of previously-obtained data. */ + + dbdata_callout_cache_address * cache_address_record; + dbdata_callout_cache * cache_record = get_callout_cache_record(dbm_file, + addr->domain, US"domain", + callout_cache_domain_positive_expire, callout_cache_domain_negative_expire); /* If an unexpired cache record was found for this domain, see if the callout process can be short-circuited. */ @@ -248,20 +169,21 @@ if (dbm_file) not to disturb the cached domain value if this whole verification succeeds (we don't want it turning into "accept"). */ - old_domain_cache_result = cache_record->result; + *old_domain_res = cache_record->result; - if (cache_record->result == ccache_reject || - (*from_address == 0 && cache_record->result == ccache_reject_mfnull)) + if ( cache_record->result == ccache_reject + || *from_address == 0 && cache_record->result == ccache_reject_mfnull) { setflag(addr, af_verify_nsfail); HDEBUG(D_verify) - debug_printf("callout cache: domain gave initial rejection, or " - "does not accept HELO or MAIL FROM:<>\n"); + debug_printf("callout cache: domain gave initial rejection, or " + "does not accept HELO or MAIL FROM:<>\n"); setflag(addr, af_verify_nsfail); addr->user_message = US"(result of an earlier callout reused)."; - yield = FAIL; + *yield = FAIL; *failure_ptr = US"mail"; - goto END_CALLOUT; + dbfn_close(dbm_file); + return TRUE; } /* If a previous check on a "random" local part was accepted, we assume @@ -276,21 +198,23 @@ if (dbm_file) case ccache_accept: HDEBUG(D_verify) debug_printf("callout cache: domain accepts random addresses\n"); - goto END_CALLOUT; /* Default yield is OK */ + dbfn_close(dbm_file); + return TRUE; /* Default yield is OK */ case ccache_reject: HDEBUG(D_verify) debug_printf("callout cache: domain rejects random addresses\n"); - options &= ~vopt_callout_random; - new_domain_record.random_result = ccache_reject; - new_domain_record.random_stamp = cache_record->random_stamp; + *opt_ptr = options & ~vopt_callout_random; + new_domain_record->random_result = ccache_reject; + new_domain_record->random_stamp = cache_record->random_stamp; break; default: HDEBUG(D_verify) debug_printf("callout cache: need to check random address handling " "(not cached or cache expired)\n"); - goto END_CACHE; + dbfn_close(dbm_file); + return FALSE; } /* If a postmaster check is requested, but there was a previous failure, @@ -298,27 +222,29 @@ if (dbm_file) but has not been done before, we are going to have to do a callout, so skip remaining cache processing. */ - if (pm_mailfrom) + if (*pm_ptr) { if (cache_record->postmaster_result == ccache_reject) - { - setflag(addr, af_verify_pmfail); - HDEBUG(D_verify) - debug_printf("callout cache: domain does not accept " - "RCPT TO:\n"); - yield = FAIL; - *failure_ptr = US"postmaster"; - setflag(addr, af_verify_pmfail); - addr->user_message = US"(result of earlier verification reused)."; - goto END_CALLOUT; - } + { + setflag(addr, af_verify_pmfail); + HDEBUG(D_verify) + debug_printf("callout cache: domain does not accept " + "RCPT TO:\n"); + *yield = FAIL; + *failure_ptr = US"postmaster"; + setflag(addr, af_verify_pmfail); + addr->user_message = US"(result of earlier verification reused)."; + dbfn_close(dbm_file); + return TRUE; + } if (cache_record->postmaster_result == ccache_unknown) - { - HDEBUG(D_verify) - debug_printf("callout cache: need to check RCPT " - "TO: (not cached or cache expired)\n"); - goto END_CACHE; - } + { + HDEBUG(D_verify) + debug_printf("callout cache: need to check RCPT " + "TO: (not cached or cache expired)\n"); + dbfn_close(dbm_file); + return FALSE; + } /* If cache says OK, set pm_mailfrom NULL to prevent a redundant postmaster check if the address itself has to be checked. Also ensure @@ -326,10 +252,10 @@ if (dbm_file) */ HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT " - "TO:\n"); - pm_mailfrom = NULL; - new_domain_record.postmaster_result = ccache_accept; - new_domain_record.postmaster_stamp = cache_record->postmaster_stamp; + "TO:\n"); + *pm_ptr = NULL; + new_domain_record->postmaster_result = ccache_accept; + new_domain_record->postmaster_stamp = cache_record->postmaster_stamp; } } @@ -338,37 +264,300 @@ if (dbm_file) sender address if we are doing a recipient callout with a non-empty sender). */ - cache_address_record = (dbdata_callout_cache_address *) - get_callout_cache_record(dbm_file, - address_key, US"address", - callout_cache_positive_expire, - callout_cache_negative_expire); + if (!(cache_address_record = (dbdata_callout_cache_address *) + get_callout_cache_record(dbm_file, address_key, US"address", + callout_cache_positive_expire, callout_cache_negative_expire))) + { + dbfn_close(dbm_file); + return FALSE; + } - if (cache_address_record) + if (cache_address_record->result == ccache_accept) { - if (cache_address_record->result == ccache_accept) - { - HDEBUG(D_verify) - debug_printf("callout cache: address record is positive\n"); - } - else - { - HDEBUG(D_verify) - debug_printf("callout cache: address record is negative\n"); - addr->user_message = US"Previous (cached) callout verification failure"; - *failure_ptr = US"recipient"; - yield = FAIL; - } - goto END_CALLOUT; + HDEBUG(D_verify) + debug_printf("callout cache: address record is positive\n"); + } + else + { + HDEBUG(D_verify) + debug_printf("callout cache: address record is negative\n"); + addr->user_message = US"Previous (cached) callout verification failure"; + *failure_ptr = US"recipient"; + *yield = FAIL; } /* Close the cache database while we actually do the callout for real. */ - END_CACHE: dbfn_close(dbm_file); - dbm_file = NULL; + return TRUE; + } +return FALSE; +} + + +/* Write results to callout cache +*/ +static void +cache_callout_write(dbdata_callout_cache * dom_rec, const uschar * domain, + int done, dbdata_callout_cache_address * addr_rec, uschar * address_key) +{ +open_db dbblock; +open_db *dbm_file = NULL; + +/* If we get here with done == TRUE, a successful callout happened, and yield +will be set OK or FAIL according to the response to the RCPT command. +Otherwise, we looped through the hosts but couldn't complete the business. +However, there may be domain-specific information to cache in both cases. + +The value of the result field in the new_domain record is ccache_unknown if +there was an error before or with MAIL FROM:, and errno was not zero, +implying some kind of I/O error. We don't want to write the cache in that case. +Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */ + +if (dom_rec->result != ccache_unknown) + if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))) + { + HDEBUG(D_verify) debug_printf("callout cache: not available\n"); + } + else + { + (void)dbfn_write(dbm_file, domain, dom_rec, + (int)sizeof(dbdata_callout_cache)); + HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n" + " result=%d postmaster=%d random=%d\n", + domain, + dom_rec->result, + dom_rec->postmaster_result, + dom_rec->random_result); + } + +/* If a definite result was obtained for the callout, cache it unless caching +is disabled. */ + +if (done && addr_rec->result != ccache_unknown) + { + if (!dbm_file) + dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE); + if (!dbm_file) + { + HDEBUG(D_verify) debug_printf("no callout cache available\n"); + } + else + { + (void)dbfn_write(dbm_file, address_key, addr_rec, + (int)sizeof(dbdata_callout_cache_address)); + HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n", + addr_rec->result == ccache_accept ? "positive" : "negative", + address_key); + } + } + +if (dbm_file) dbfn_close(dbm_file); +} + + +/* Cutthrough-multi. If the existing cached cutthrough connection matches +the one we would make for a subsequent recipient, use it. Send the RCPT TO +and check the result, nonpipelined as it may be wanted immediately for +recipient-verification. + +It seems simpler to deal with this case separately from the main callout loop. +We will need to remember it has sent, or not, so that rcpt-acl tail code +can do it there for the non-rcpt-verify case. For this we keep an addresscount. + +Return: TRUE for a definitive result for the recipient +*/ +static int +cutthrough_multi(address_item * addr, host_item * host_list, + transport_feedback * tf, int * yield) +{ +BOOL done = FALSE; +host_item * host; + +if (addr->transport == cutthrough.addr.transport) + for (host = host_list; host; host = host->next) + if (Ustrcmp(host->address, cutthrough.host.address) == 0) + { + int host_af; + uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ + int port = 25; + + deliver_host = host->name; + deliver_host_address = host->address; + deliver_host_port = host->port; + deliver_domain = addr->domain; + transport_name = addr->transport->name; + + host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; + + if (!smtp_get_interface(tf->interface, host_af, addr, &interface, + US"callout") || + !smtp_get_port(tf->port, addr, &port, US"callout")) + log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, + addr->message); + + if ( ( interface == cutthrough.interface + || ( interface + && cutthrough.interface + && Ustrcmp(interface, cutthrough.interface) == 0 + ) ) + && port == cutthrough.host.port + ) + { + uschar * resp = NULL; + + /* Match! Send the RCPT TO, set done from the response */ + done = + smtp_write_command(&ctblock, FALSE, "RCPT TO:<%.1000s>\r\n", + transport_rcpt_address(addr, + addr->transport->rcpt_include_affixes)) >= 0 && + cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2'; + + /* This would go horribly wrong if a callout fail was ignored by ACL. + We punt by abandoning cutthrough on a reject, like the + first-rcpt does. */ + + if (done) + { + address_item * na = store_get(sizeof(address_item)); + *na = cutthrough.addr; + cutthrough.addr = *addr; + cutthrough.addr.host_used = &cutthrough.host; + cutthrough.addr.next = na; + + cutthrough.nrcpt++; + } + else + { + cancel_cutthrough_connection("recipient rejected"); + if (!resp || errno == ETIMEDOUT) + { + HDEBUG(D_verify) debug_printf("SMTP timeout\n"); + } + else if (errno == 0) + { + if (*resp == 0) + Ustrcpy(resp, US"connection dropped"); + + addr->message = + string_sprintf("response to \"%s\" was: %s", + big_buffer, string_printing(resp)); + + addr->user_message = + string_sprintf("Callout verification failed:\n%s", resp); + + /* Hard rejection ends the process */ + + if (resp[0] == '5') /* Address rejected */ + { + *yield = FAIL; + done = TRUE; + } + } + } + } + break; /* host_list */ + } +if (!done) + cancel_cutthrough_connection("incompatible connection"); +return done; +} + + +/************************************************* +* Do callout verification for an address * +*************************************************/ + +/* This function is called from verify_address() when the address has routed to +a host list, and a callout has been requested. Callouts are expensive; that is +why a cache is used to improve the efficiency. + +Arguments: + addr the address that's been routed + host_list the list of hosts to try + tf the transport feedback block + + ifstring "interface" option from transport, or NULL + portstring "port" option from transport, or NULL + protocolstring "protocol" option from transport, or NULL + callout the per-command callout timeout + callout_overall the overall callout timeout (if < 0 use 4*callout) + callout_connect the callout connection timeout (if < 0 use callout) + options the verification options - these bits are used: + vopt_is_recipient => this is a recipient address + vopt_callout_no_cache => don't use callout cache + vopt_callout_fullpm => if postmaster check, do full one + vopt_callout_random => do the "random" thing + vopt_callout_recipsender => use real sender for recipient + vopt_callout_recippmaster => use postmaster for recipient + se_mailfrom MAIL FROM address for sender verify; NULL => "" + pm_mailfrom if non-NULL, do the postmaster check with this sender + +Returns: OK/FAIL/DEFER +*/ + +static int +do_callout(address_item *addr, host_item *host_list, transport_feedback *tf, + int callout, int callout_overall, int callout_connect, int options, + uschar *se_mailfrom, uschar *pm_mailfrom) +{ +int yield = OK; +int old_domain_cache_result = ccache_accept; +BOOL done = FALSE; +uschar *address_key; +uschar *from_address; +uschar *random_local_part = NULL; +const uschar *save_deliver_domain = deliver_domain; +uschar **failure_ptr = options & vopt_is_recipient + ? &recipient_verify_failure : &sender_verify_failure; +dbdata_callout_cache new_domain_record; +dbdata_callout_cache_address new_address_record; +time_t callout_start_time; + +new_domain_record.result = ccache_unknown; +new_domain_record.postmaster_result = ccache_unknown; +new_domain_record.random_result = ccache_unknown; + +memset(&new_address_record, 0, sizeof(new_address_record)); + +/* For a recipient callout, the key used for the address cache record must +include the sender address if we are using the real sender in the callout, +because that may influence the result of the callout. */ + +if (options & vopt_is_recipient) + if (options & vopt_callout_recipsender) + { + from_address = sender_address; + address_key = string_sprintf("%s/<%s>", addr->address, sender_address); + if (cutthrough.delivery) options |= vopt_callout_no_cache; + } + else if (options & vopt_callout_recippmaster) + { + from_address = string_sprintf("postmaster@%s", qualify_domain_sender); + address_key = string_sprintf("%s/", addr->address, + qualify_domain_sender); + } + else + { + from_address = US""; + address_key = addr->address; + } + +/* For a sender callout, we must adjust the key if the mailfrom address is not +empty. */ + +else + { + from_address = se_mailfrom ? se_mailfrom : US""; + address_key = *from_address + ? string_sprintf("%s/<%s>", addr->address, from_address) : addr->address; } +if (cached_callout_lookup(addr, address_key, from_address, + &options, &pm_mailfrom, &yield, failure_ptr, + &new_domain_record, &old_domain_cache_result)) + goto END_CALLOUT; + if (!addr->transport) { HDEBUG(D_verify) debug_printf("cannot callout via null transport\n"); @@ -380,14 +569,15 @@ else { smtp_transport_options_block *ob = (smtp_transport_options_block *)addr->transport->options_block; + host_item * host; /* The information wasn't available in the cache, so we have to do a real callout and save the result in the cache for next time, unless no_cache is set, or unless we have a previously cached negative random result. If we are to test with a random local part, ensure that such a local part is available. If not, - log the fact, but carry on without randomming. */ + log the fact, but carry on without randomising. */ - if (options & vopt_callout_random && callout_random_local_part != NULL) + if (options & vopt_callout_random && callout_random_local_part) if (!(random_local_part = expand_string(callout_random_local_part))) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); @@ -407,143 +597,32 @@ else if (smtp_out && !disable_callout_flush) mac_smtp_fflush(); + clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ + clearflag(addr, af_verify_nsfail); /* null sender callout flag */ + /* cutthrough-multi: if a nonfirst rcpt has the same routing as the first, and we are holding a cutthrough conn open, we can just append the rcpt to -that conn for verification purposes (and later delivery also). Simplest -coding means skipping this whole loop and doing the append separately. - -We will need to remember it has been appended so that rcpt-acl tail code -can do it there for the non-rcpt-verify case. For this we keep an addresscount. -*/ - - /* Can we re-use an open cutthrough connection? */ - if ( cutthrough.fd >= 0 - && (options & (vopt_callout_recipsender | vopt_callout_recippmaster)) - == vopt_callout_recipsender - && !random_local_part - && !pm_mailfrom - ) - { - if (addr->transport == cutthrough.addr.transport) - for (host = host_list; host; host = host->next) - if (Ustrcmp(host->address, cutthrough.host.address) == 0) - { - int host_af; - uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ - int port = 25; - - deliver_host = host->name; - deliver_host_address = host->address; - deliver_host_port = host->port; - deliver_domain = addr->domain; - transport_name = addr->transport->name; - - host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; - - if (!smtp_get_interface(tf->interface, host_af, addr, &interface, - US"callout") || - !smtp_get_port(tf->port, addr, &port, US"callout")) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, - addr->message); - - if ( ( interface == cutthrough.interface - || ( interface - && cutthrough.interface - && Ustrcmp(interface, cutthrough.interface) == 0 - ) ) - && port == cutthrough.host.port - ) - { - uschar * resp = NULL; - - /* Match! Send the RCPT TO, append the addr, set done */ - done = - smtp_write_command(&ctblock, FALSE, "RCPT TO:<%.1000s>\r\n", - transport_rcpt_address(addr, - (addr->transport == NULL)? FALSE : - addr->transport->rcpt_include_affixes)) >= 0 && - cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2'; - - /* This would go horribly wrong if a callout fail was ignored by ACL. - We punt by abandoning cutthrough on a reject, like the - first-rcpt does. */ - - if (done) - { - address_item * na = store_get(sizeof(address_item)); - *na = cutthrough.addr; - cutthrough.addr = *addr; - cutthrough.addr.host_used = &cutthrough.host; - cutthrough.addr.next = na; - - cutthrough.nrcpt++; - } - else - { - cancel_cutthrough_connection("recipient rejected"); - if (!resp || errno == ETIMEDOUT) - { - HDEBUG(D_verify) debug_printf("SMTP timeout\n"); - } - else if (errno == 0) - { - if (*resp == 0) - Ustrcpy(resp, US"connection dropped"); - - addr->message = - string_sprintf("response to \"%s\" from %s [%s] was: %s", - big_buffer, host->name, host->address, - string_printing(resp)); - - addr->user_message = - string_sprintf("Callout verification failed:\n%s", resp); - - /* Hard rejection ends the process */ - - if (resp[0] == '5') /* Address rejected */ - { - yield = FAIL; - done = TRUE; - } - } - } - } - break; - } - if (!done) - cancel_cutthrough_connection("incompatible connection"); - } +that conn for verification purposes (and later delivery also). Simplest +coding means skipping this whole loop and doing the append separately. */ + + /* Can we re-use an open cutthrough connection? */ + if ( cutthrough.fd >= 0 + && (options & (vopt_callout_recipsender | vopt_callout_recippmaster)) + == vopt_callout_recipsender + && !random_local_part + && !pm_mailfrom + ) + done = cutthrough_multi(addr, host_list, tf, &yield); - /* Now make connections to the hosts and do real callouts. The list of hosts - is passed in as an argument. */ + /* If we did not use a cached connection, make connections to the hosts + and do real callouts. The list of hosts is passed in as an argument. */ for (host = host_list; host && !done; host = host->next) { - smtp_inblock inblock; - smtp_outblock outblock; int host_af; int port = 25; - BOOL send_quit = TRUE; - uschar *active_hostname = smtp_active_hostname; - BOOL lmtp; - BOOL smtps; - BOOL esmtp; - BOOL suppress_tls = FALSE; uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) - BOOL dane = FALSE; - BOOL dane_required; - dns_answer tlsa_dnsa; -#endif - uschar inbuffer[4096]; - uschar outbuffer[1024]; - uschar responsebuffer[4096]; - uschar * size_str; - - clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ - clearflag(addr, af_verify_nsfail); /* null sender callout flag */ - - /* Skip this host if we don't have an IP address for it. */ + smtp_context sx; if (!host->address) { @@ -562,7 +641,7 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Set IPv4 or IPv6 */ - host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6; + host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET; /* Expand and interpret the interface and port strings. The latter will not be used if there is a host-specific port (e.g. from a manualroute router). @@ -583,436 +662,83 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, addr->message); - /* Set HELO string according to the protocol */ - lmtp= Ustrcmp(tf->protocol, "lmtp") == 0; - smtps= Ustrcmp(tf->protocol, "smtps") == 0; - - - HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port); - - /* Set up the buffer for reading SMTP response packets. */ - - inblock.buffer = inbuffer; - inblock.buffersize = sizeof(inbuffer); - inblock.ptr = inbuffer; - inblock.ptrend = inbuffer; + sx.addrlist = addr; + sx.host = host; + sx.host_af = host_af, + sx.port = port; + sx.interface = interface; + sx.helo_data = tf->helo_data; + sx.tblock = addr->transport; + sx.verify = TRUE; - /* Set up the buffer for holding SMTP commands while pipelining */ +tls_retry_connection: + /* Set the address state so that errors are recorded in it */ - outblock.buffer = outbuffer; - outblock.buffersize = sizeof(outbuffer); - outblock.ptr = outbuffer; - outblock.cmd_count = 0; - outblock.authenticating = FALSE; + addr->transport_return = PENDING_DEFER; + ob->connect_timeout = callout_connect; + ob->command_timeout = callout; - /* Connect to the host; on failure, just loop for the next one, but we - set the error for the last one. Use the callout_connect timeout. */ + /* Get the channel set up ready for a message (MAIL FROM being the next + SMTP command to send. If we tried TLS but it failed, try again without + if permitted */ - tls_retry_connection: - - /* Reset the parameters of a TLS session */ - tls_out.cipher = tls_out.peerdn = tls_out.peercert = NULL; - - inblock.sock = outblock.sock = - smtp_connect(host, host_af, port, interface, callout_connect, - addr->transport); - if (inblock.sock < 0) + yield = smtp_setup_conn(&sx, FALSE); +#ifdef SUPPORT_TLS + if ( yield == DEFER + && addr->basic_errno == ERRNO_TLSFAILURE + && ob->tls_tempfail_tryclear + && verify_check_given_host(&ob->hosts_require_tls, host) != OK + ) { - HDEBUG(D_verify) debug_printf("connect: %s\n", strerror(errno)); - addr->message = string_sprintf("could not connect to %s [%s]: %s", - host->name, host->address, strerror(errno)); + log_write(0, LOG_MAIN, + "%s: callout unencrypted to %s [%s] (not in hosts_require_tls)", + addr->message, host->name, host->address); + addr->transport_return = PENDING_DEFER; + yield = smtp_setup_conn(&sx, TRUE); + } +#endif + if (yield != OK) + { + errno = addr->basic_errno; transport_name = NULL; deliver_host = deliver_host_address = NULL; deliver_domain = save_deliver_domain; - continue; - } - -#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE) - { - int rc; - - tls_out.dane_verified = FALSE; - tls_out.tlsa_usage = 0; - - dane_required = - verify_check_given_host(&ob->hosts_require_dane, host) == OK; - - if (host->dnssec == DS_YES) - { - if( dane_required - || verify_check_given_host(&ob->hosts_try_dane, host) == OK - ) - { - if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required)) != OK) - return rc; - dane = TRUE; - } - } - else if (dane_required) - { - log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name); - return FAIL; - } - - if (dane) - ob->tls_tempfail_tryclear = FALSE; - } -#endif /*DANE*/ - - /* Expand the helo_data string to find the host name to use. */ - if (tf->helo_data) - { - uschar * s = expand_string(tf->helo_data); - if (!s) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " - "helo_data value for callout: %s", addr->address, - expand_string_message); - else active_hostname = s; - } - - /* Wait for initial response, and send HELO. The smtp_write_command() - function leaves its command in big_buffer. This is used in error responses. - Initialize it in case the connection is rejected. */ - - Ustrcpy(big_buffer, "initial connection"); - - /* Unless ssl-on-connect, wait for the initial greeting */ - smtps_redo_greeting: - -#ifdef SUPPORT_TLS - if (!smtps || (smtps && tls_out.active >= 0)) -#endif - { -#ifdef TCP_QUICKACK - (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); -#endif - if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) - goto RESPONSE_FAILED; + /* Failure to accept HELO is cached; this blocks the whole domain for all + senders. I/O errors and defer responses are not cached. */ -#ifndef DISABLE_EVENT - lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes" - : host->dnssec==DS_NO ? US"no" : NULL; - if (event_raise(addr->transport->event_action, - US"smtp:connect", responsebuffer)) + if (yield == FAIL && (errno == 0 || errno == ERRNO_SMTPCLOSED)) { - lookup_dnssec_authenticated = NULL; - /* Logging? Debug? */ - goto RESPONSE_FAILED; + setflag(addr, af_verify_nsfail); + new_domain_record.result = ccache_reject; + done = TRUE; } - lookup_dnssec_authenticated = NULL; -#endif - } - - /* Not worth checking greeting line for ESMTP support */ - if (!(esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK)) - DEBUG(D_transport) - debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); - - tls_redo_helo: - -#ifdef SUPPORT_TLS - if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */ - { - peer_offered &= ~PEER_OFFERED_TLS; - ob->tls_tempfail_tryclear = FALSE; - } - else /* all other cases */ -#endif - - { esmtp_retry: - - if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n", - !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0)) - goto SEND_FAILED; - if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)) - { - if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0) - { - done= FALSE; - goto RESPONSE_FAILED; - } -#ifdef SUPPORT_TLS - peer_offered &= ~PEER_OFFERED_TLS; -#endif - esmtp = FALSE; - goto esmtp_retry; /* fallback to HELO */ - } - - /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ - - peer_offered = esmtp - ? ehlo_response(responsebuffer, sizeof(responsebuffer), - (!suppress_tls && tls_out.active < 0 ? PEER_OFFERED_TLS : 0) - | 0 /* no IGNQ */ - | 0 /* no PRDR */ -#ifdef SUPPORT_I18N - | (addr->prop.utf8_msg && !addr->prop.utf8_downcvt - ? PEER_OFFERED_UTF8 : 0) -#endif - | 0 /* no DSN */ - | 0 /* no PIPE */ - - /* only care about SIZE if we have size from inbound */ - | (message_size > 0 && ob->size_addition >= 0 - ? PEER_OFFERED_SIZE : 0) - ) - : 0; - } - - size_str = options & vopt_is_recipient && peer_offered & PEER_OFFERED_SIZE - ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US""; - -#ifdef SUPPORT_TLS - smtp_peer_options |= peer_offered & PEER_OFFERED_TLS; -#endif - - /* If TLS is available on this connection attempt to - start up a TLS session, unless the host is in hosts_avoid_tls. If successful, - send another EHLO - the server may give a different answer in secure mode. We - use a separate buffer for reading the response to STARTTLS so that if it is - negative, the original EHLO data is available for subsequent analysis, should - the client not be required to use TLS. If the response is bad, copy the buffer - for error analysis. */ - -#ifdef SUPPORT_TLS - if ( peer_offered & PEER_OFFERED_TLS - && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK - && verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK - ) - { - uschar buffer2[4096]; - if ( !smtps - && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0)) - goto SEND_FAILED; - - /* If there is an I/O error, transmission of this message is deferred. If - there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is - false, we also defer. However, if there is a temporary rejection of STARTTLS - and tls_tempfail_tryclear is true, or if there is an outright rejection of - STARTTLS, we carry on. This means we will try to send the message in clear, - unless the host is in hosts_require_tls (tested below). */ - - if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', - ob->command_timeout)) - { - if ( errno != 0 - || buffer2[0] == 0 - || buffer2[0] == '4' && !ob->tls_tempfail_tryclear - ) - { - Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer)); - done= FALSE; - goto RESPONSE_FAILED; - } - } - - /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */ else - { - int oldtimeout = ob->command_timeout; - int rc; - - ob->command_timeout = callout; - rc = tls_client_start(inblock.sock, host, addr, addr->transport -# ifdef EXPERIMENTAL_DANE - , dane ? &tlsa_dnsa : NULL -# endif - ); - ob->command_timeout = oldtimeout; - - /* TLS negotiation failed; give an error. Try in clear on a new - connection, if the options permit it for this host. */ - if (rc != OK) - { - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); - (void)close(inblock.sock); -# ifndef DISABLE_EVENT - (void) event_raise(addr->transport->event_action, - US"tcp:close", NULL); -# endif - if ( ob->tls_tempfail_tryclear - && !smtps - && verify_check_given_host(&ob->hosts_require_tls, host) != OK - ) - { - log_write(0, LOG_MAIN, "TLS session failure:" - " callout unencrypted to %s [%s] (not in hosts_require_tls)", - host->name, host->address); - suppress_tls = TRUE; - goto tls_retry_connection; - } - - /*save_errno = ERRNO_TLSFAILURE;*/ - /*message = US"failure while setting up TLS session";*/ - send_quit = FALSE; - done= FALSE; - goto TLS_FAILED; - } - - /* TLS session is set up. Copy info for logging. */ - addr->cipher = tls_out.cipher; - addr->peerdn = tls_out.peerdn; - - /* For SMTPS we need to wait for the initial OK response, then do HELO. */ - if (smtps) - goto smtps_redo_greeting; - - /* For STARTTLS we need to redo EHLO */ - goto tls_redo_helo; - } - } - - /* If the host is required to use a secure channel, ensure that we have one. */ - if (tls_out.active < 0) - if ( -# ifdef EXPERIMENTAL_DANE - dane || -# endif - verify_check_given_host(&ob->hosts_require_tls, host) == OK - ) - { - /*save_errno = ERRNO_TLSREQUIRED;*/ - log_write(0, LOG_MAIN, - "H=%s [%s]: a TLS session is required for this host, but %s", - host->name, host->address, - peer_offered & PEER_OFFERED_TLS - ? "an attempt to start TLS failed" - : "the server did not offer TLS support"); - done= FALSE; - goto TLS_FAILED; - } - -#endif /*SUPPORT_TLS*/ - - done = TRUE; /* so far so good; have response to HELO */ - - /* For now, transport_filter by cutthrough-delivery is not supported */ - /* Need proper integration with the proper transport mechanism. */ - if (cutthrough.delivery) - { -#ifndef DISABLE_DKIM - uschar * s; -#endif - if (addr->transport->filter_command) - { - cutthrough.delivery = FALSE; - HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n"); - } -#ifndef DISABLE_DKIM - else if ((s = ob->dkim.dkim_domain) && (s = expand_string(s)) && *s) - { - cutthrough.delivery = FALSE; - HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n"); - } -#endif - } - - SEND_FAILED: - RESPONSE_FAILED: - TLS_FAILED: - ; - /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */ - - /* Failure to accept HELO is cached; this blocks the whole domain for all - senders. I/O errors and defer responses are not cached. */ - - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') - { - setflag(addr, af_verify_nsfail); - new_domain_record.result = ccache_reject; - } - } - -#ifdef SUPPORT_I18N - else if ( addr->prop.utf8_msg - && !addr->prop.utf8_downcvt - && !(peer_offered & PEER_OFFERED_UTF8) - ) - { - HDEBUG(D_acl|D_v) debug_printf("utf8 required but not offered\n"); - errno = ERRNO_UTF8_FWD; - setflag(addr, af_verify_nsfail); - done = FALSE; - } - else if ( addr->prop.utf8_msg - && (addr->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8)) - && !(setflag(addr, af_utf8_downcvt), - from_address = string_address_utf8_to_alabel(from_address, - &addr->message) - ) ) - { - errno = ERRNO_EXPANDFAIL; - setflag(addr, af_verify_nsfail); - done = FALSE; + done = FALSE; + goto no_conn; } -#endif - - /* If we haven't authenticated, but are required to, give up. */ - /* Try to AUTH */ - - else done = smtp_auth(responsebuffer, sizeof(responsebuffer), - addr, host, ob, esmtp, &inblock, &outblock) == OK && - - /* Copy AUTH info for logging */ - ( (addr->authenticator = client_authenticator), - (addr->auth_id = client_authenticated_id), - - /* Build a mail-AUTH string (re-using responsebuffer for convenience */ - !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob) - ) && - - ( (addr->auth_sndr = client_authenticated_sender), - - /* Send the MAIL command */ - (smtp_write_command(&outblock, FALSE, -#ifdef SUPPORT_I18N - addr->prop.utf8_msg && !addr->prop.utf8_downcvt - ? "MAIL FROM:<%s>%s%s SMTPUTF8\r\n" - : -#endif - "MAIL FROM:<%s>%s%s\r\n", - from_address, responsebuffer, size_str) >= 0) - ) && - - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); - deliver_host = deliver_host_address = NULL; - deliver_domain = save_deliver_domain; + /* If we needed to authenticate, smtp_setup_conn() did that. Copy + the AUTH info for logging */ - /* If the host does not accept MAIL FROM:<>, arrange to cache this - information, but again, don't record anything for an I/O error or a defer. Do - not cache rejections of MAIL when a non-empty sender has been used, because - that blocks the whole domain for all senders. */ + addr->authenticator = client_authenticator; + addr->auth_id = client_authenticated_id; - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') - { - setflag(addr, af_verify_nsfail); - if (from_address[0] == 0) - new_domain_record.result = ccache_reject_mfnull; - } - } + sx.from_addr = from_address; + sx.first_addr = sx.sync_addr = addr; + sx.ok = FALSE; /*XXX these 3 last might not be needed for verify? */ + sx.send_rset = TRUE; + sx.completed_addr = FALSE; - /* Otherwise, proceed to check a "random" address (if required), then the - given address, and the postmaster address (if required). Between each check, - issue RSET, because some servers accept only one recipient after MAIL - FROM:<>. + new_domain_record.result = old_domain_cache_result == ccache_reject_mfnull + ? ccache_reject_mfnull : ccache_accept; - Before doing this, set the result in the domain cache record to "accept", - unless its previous value was ccache_reject_mfnull. In that case, the domain - rejects MAIL FROM:<> and we want to continue to remember that. When that is - the case, we have got here only in the case of a recipient verification with - a non-null sender. */ + /* Do the random local part check first. Temporarily replace the recipient + with the "random" value */ - else + if (random_local_part) { + uschar * main_address = addr->address; const uschar * rcpt_domain = addr->domain; #ifdef SUPPORT_I18N @@ -1030,180 +756,185 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. } #endif - new_domain_record.result = - (old_domain_cache_result == ccache_reject_mfnull)? - ccache_reject_mfnull: ccache_accept; - - /* Do the random local part check first */ - - if (random_local_part != NULL) - { - uschar randombuffer[1024]; - BOOL random_ok = - smtp_write_command(&outblock, FALSE, - "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part, - rcpt_domain) >= 0 && - smtp_read_response(&inblock, randombuffer, - sizeof(randombuffer), '2', callout); - - /* Remember when we last did a random test */ - - new_domain_record.random_stamp = time(NULL); - - /* If accepted, we aren't going to do any further tests below. */ - - if (random_ok) - new_domain_record.random_result = ccache_accept; - - /* Otherwise, cache a real negative response, and get back to the right - state to send RCPT. Unless there's some problem such as a dropped - connection, we expect to succeed, because the commands succeeded above. - However, some servers drop the connection after responding to an - invalid recipient, so on (any) error we drop and remake the connection. - */ + /* This would be ok for 1st rcpt of a cutthrough (XXX do we have a count?) , but no way to + handle a subsequent because of the RSET. So refuse to support any. */ + cancel_cutthrough_connection("random-recipient"); - else if (errno == 0) - { - /* This would be ok for 1st rcpt a cutthrough, but no way to - handle a subsequent. So refuse to support any */ - cancel_cutthrough_connection("random-recipient"); + addr->address = string_sprintf("%s@%.1000s", + random_local_part, rcpt_domain); + done = FALSE; - if (randombuffer[0] == '5') - new_domain_record.random_result = ccache_reject; + /* If accepted, we aren't going to do any further tests below. + Otherwise, cache a real negative response, and get back to the right + state to send RCPT. Unless there's some problem such as a dropped + connection, we expect to succeed, because the commands succeeded above. + However, some servers drop the connection after responding to an + invalid recipient, so on (any) error we drop and remake the connection. + XXX We don't care about that for postmaster_full. Should we? + + XXX could we add another flag to the context, and have the common + code emit the RSET too? Even pipelined after the RCPT... + Then the main-verify call could use it if there's to be a subsequent + postmaster-verify. + The sync_responses() would need to be taught about it and we'd + need another return code filtering out to here. + */ - done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout) && + /* Remember when we last did a random test */ + new_domain_record.random_stamp = time(NULL); - smtp_write_command(&outblock, FALSE, -#ifdef SUPPORT_I18N - addr->prop.utf8_msg && !addr->prop.utf8_downcvt - ? "MAIL FROM:<%s> SMTPUTF8\r\n" - : -#endif - "MAIL FROM:<%s>\r\n", - from_address) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); + if (smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0) + switch(addr->transport_return) + { + case PENDING_OK: + new_domain_record.random_result = ccache_accept; + break; + case FAIL: + new_domain_record.random_result = ccache_reject; + + /* Between each check, issue RSET, because some servers accept only + one recipient after MAIL FROM:<>. + XXX We don't care about that for postmaster_full. Should we? */ + + if ((done = + smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0 && + smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), + '2', callout))) + break; - if (!done) - { HDEBUG(D_acl|D_v) - debug_printf("problem after random/rset/mfrom; reopen conn\n"); + debug_printf_indent("problem after random/rset/mfrom; reopen conn\n"); random_local_part = NULL; #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); - (void)close(inblock.sock); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); + (void)close(sx.inblock.sock); + sx.inblock.sock = sx.outblock.sock = -1; #ifndef DISABLE_EVENT (void) event_raise(addr->transport->event_action, US"tcp:close", NULL); #endif + addr->address = main_address; + addr->transport_return = PENDING_DEFER; + sx.first_addr = sx.sync_addr = addr; + sx.ok = FALSE; + sx.send_rset = TRUE; + sx.completed_addr = FALSE; goto tls_retry_connection; - } - } - else done = FALSE; /* Some timeout/connection problem */ - } /* Random check */ + } - /* If the host is accepting all local parts, as determined by the "random" - check, we don't need to waste time doing any further checking. */ + /* Re-setup for main verify, or for the error message when failing */ + addr->address = main_address; + addr->transport_return = PENDING_DEFER; + sx.first_addr = sx.sync_addr = addr; + sx.ok = FALSE; + sx.send_rset = TRUE; + sx.completed_addr = FALSE; + } + else + done = TRUE; - if (new_domain_record.random_result != ccache_accept && done) - { - /* Get the rcpt_include_affixes flag from the transport if there is one, - but assume FALSE if there is not. */ + /* Main verify. If the host is accepting all local parts, as determined + by the "random" check, we don't need to waste time doing any further + checking. */ - uschar * rcpt = transport_rcpt_address(addr, - addr->transport ? addr->transport->rcpt_include_affixes : FALSE); + if (done) + { + done = FALSE; + switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield)) + { + case 0: switch(addr->transport_return) /* ok so far */ + { + case PENDING_OK: done = TRUE; + new_address_record.result = ccache_accept; + break; + case FAIL: done = TRUE; + yield = FAIL; + *failure_ptr = US"recipient"; + new_address_record.result = ccache_reject; + break; + default: break; + } + break; + + case -1: /* MAIL response error */ + *failure_ptr = US"mail"; + if (errno == 0 && sx.buffer[0] == '5') + { + setflag(addr, af_verify_nsfail); + if (from_address[0] == 0) + new_domain_record.result = ccache_reject_mfnull; + } + break; + /* non-MAIL read i/o error */ + /* non-MAIL response timeout */ + /* internal error; channel still usable */ + default: break; /* transmit failed */ + } + } -#ifdef SUPPORT_I18N - /*XXX should the conversion be moved into transport_rcpt_address() ? */ - if ( testflag(addr, af_utf8_downcvt) - && !(rcpt = string_address_utf8_to_alabel(rcpt, NULL)) - ) - { - errno = ERRNO_EXPANDFAIL; - *failure_ptr = US"recipient"; - done = FALSE; - } - else -#endif + addr->auth_sndr = client_authenticated_sender; - done = - smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n", - rcpt) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); + deliver_host = deliver_host_address = NULL; + deliver_domain = save_deliver_domain; - if (done) - new_address_record.result = ccache_accept; - else if (errno == 0 && responsebuffer[0] == '5') - { - *failure_ptr = US"recipient"; - new_address_record.result = ccache_reject; - } + /* Do postmaster check if requested; if a full check is required, we + check for RCPT TO: (no domain) in accordance with RFC 821. */ - /* Do postmaster check if requested; if a full check is required, we - check for RCPT TO: (no domain) in accordance with RFC 821. */ + if (done && pm_mailfrom) + { + /* Could possibly shift before main verify, just above, and be ok + for cutthrough. But no way to handle a subsequent rcpt, so just + refuse any */ + cancel_cutthrough_connection("postmaster verify"); + HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n"); - if (done && pm_mailfrom != NULL) - { - /* Could possibly shift before main verify, just above, and be ok - for cutthrough. But no way to handle a subsequent rcpt, so just - refuse any */ - cancel_cutthrough_connection("postmaster verify"); - HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n"); - - done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && - - smtp_write_command(&outblock, FALSE, - "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && - - /* First try using the current domain */ - - (( - smtp_write_command(&outblock, FALSE, - "RCPT TO:\r\n", rcpt_domain) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - ) - - || - - /* If that doesn't work, and a full check is requested, - try without the domain. */ - - ( - (options & vopt_callout_fullpm) != 0 && - smtp_write_command(&outblock, FALSE, - "RCPT TO:\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - )); - - /* Sort out the cache record */ - - new_domain_record.postmaster_stamp = time(NULL); - - if (done) - new_domain_record.postmaster_result = ccache_accept; - else if (errno == 0 && responsebuffer[0] == '5') - { - *failure_ptr = US"postmaster"; - setflag(addr, af_verify_pmfail); - new_domain_record.postmaster_result = ccache_reject; - } - } - } /* Random not accepted */ - } /* MAIL FROM: accepted */ + done = smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0 + && smtp_read_response(&sx.inblock, sx.buffer, + sizeof(sx.buffer), '2', callout); + if (done) + { + uschar * main_address = addr->address; + + /*XXX oops, affixes */ + addr->address = string_sprintf("postmaster@%.1000s", addr->domain); + addr->transport_return = PENDING_DEFER; + + sx.from_addr = pm_mailfrom; + sx.first_addr = sx.sync_addr = addr; + sx.ok = FALSE; + sx.send_rset = TRUE; + sx.completed_addr = FALSE; + + if( smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0 + && addr->transport_return == PENDING_OK + ) + done = TRUE; + else + done = (options & vopt_callout_fullpm) != 0 + && smtp_write_command(&sx.outblock, FALSE, + "RCPT TO:\r\n") >= 0 + && smtp_read_response(&sx.inblock, sx.buffer, + sizeof(sx.buffer), '2', callout); + + /* Sort out the cache record */ + + new_domain_record.postmaster_stamp = time(NULL); + + if (done) + new_domain_record.postmaster_result = ccache_accept; + else if (errno == 0 && sx.buffer[0] == '5') + { + *failure_ptr = US"postmaster"; + setflag(addr, af_verify_pmfail); + new_domain_record.postmaster_result = ccache_reject; + } + + addr->address = main_address; + } + } /* For any failure of the main check, other than a negative response, we just close the connection and carry on. We can identify a negative response by the fact that errno is zero. For I/O errors it will be non-zero @@ -1214,55 +945,63 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. don't give the IP address because this may be an internal host whose identity is not to be widely broadcast. */ - if (!done) +no_conn: + switch(errno) { - if (errno == ETIMEDOUT) - { - HDEBUG(D_verify) debug_printf("SMTP timeout\n"); - send_quit = FALSE; - } + case ETIMEDOUT: + HDEBUG(D_verify) debug_printf("SMTP timeout\n"); + sx.send_quit = FALSE; + break; + #ifdef SUPPORT_I18N - else if (errno == ERRNO_UTF8_FWD) + case ERRNO_UTF8_FWD: { extern int acl_where; /* src/acl.c */ errno = 0; addr->message = string_sprintf( - "response to \"%s\" from %s [%s] did not include SMTPUTF8", - big_buffer, host->name, host->address); - addr->user_message = acl_where == ACL_WHERE_RCPT - ? US"533 mailbox name not allowed" + "response to \"EHLO\" did not include SMTPUTF8"); + addr->user_message = acl_where == ACL_WHERE_RCPT + ? US"533 no support for internationalised mailbox name" : US"550 mailbox unavailable"; yield = FAIL; done = TRUE; } + break; #endif - else if (errno == 0) - { - if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped"); + case ECONNREFUSED: + sx.send_quit = FALSE; + break; - addr->message = - string_sprintf("response to \"%s\" from %s [%s] was: %s", - big_buffer, host->name, host->address, - string_printing(responsebuffer)); + case 0: + if (*sx.buffer == 0) Ustrcpy(sx.buffer, US"connection dropped"); - addr->user_message = options & vopt_is_recipient - ? string_sprintf("Callout verification failed:\n%s", responsebuffer) - : string_sprintf("Called: %s\nSent: %s\nResponse: %s", - host->address, big_buffer, responsebuffer); + /*XXX test here is ugly; seem to have a split of responsibility for + building this message. Need to reationalise. Where is it done + before here, and when not? + Not == 5xx resp to MAIL on main-verify + */ + if (!addr->message) addr->message = + string_sprintf("response to \"%s\" was: %s", + big_buffer, string_printing(sx.buffer)); - /* Hard rejection ends the process */ + addr->user_message = options & vopt_is_recipient + ? string_sprintf("Callout verification failed:\n%s", sx.buffer) + : string_sprintf("Called: %s\nSent: %s\nResponse: %s", + host->address, big_buffer, sx.buffer); - if (responsebuffer[0] == '5') /* Address rejected */ - { - yield = FAIL; - done = TRUE; - } - } + /* Hard rejection ends the process */ + + if (sx.buffer[0] == '5') /* Address rejected */ + { + yield = FAIL; + done = TRUE; + } + break; } /* End the SMTP conversation and close the connection. */ - /* Cutthrough - on a successfull connect and recipient-verify with + /* Cutthrough - on a successful connect and recipient-verify with use-sender and we are 1st rcpt and have no cutthrough conn so far here is where we want to leave the conn open */ if ( cutthrough.delivery @@ -1274,12 +1013,12 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. && !random_local_part && !pm_mailfrom && cutthrough.fd < 0 - && !lmtp + && !sx.lmtp ) { - HDEBUG(D_acl|D_v) debug_printf("holding verify callout open for cutthrough delivery\n"); + HDEBUG(D_acl|D_v) debug_printf_indent("holding verify callout open for cutthrough delivery\n"); - cutthrough.fd = outblock.sock; /* We assume no buffer in use in the outblock */ + cutthrough.fd = sx.outblock.sock; /* We assume no buffer in use in the outblock */ cutthrough.nrcpt = 1; cutthrough.interface = interface; cutthrough.host = *host; @@ -1300,96 +1039,56 @@ can do it there for the non-rcpt-verify case. For this we keep an addresscount. /* Ensure no cutthrough on multiple address verifies */ if (options & vopt_callout_recipsender) cancel_cutthrough_connection("not usable for cutthrough"); - if (send_quit) + if (sx.send_quit) { - (void) smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + (void) smtp_write_command(&sx.outblock, FALSE, "QUIT\r\n"); /* Wait a short time for response, and discard it */ - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2', 1); } + if (sx.inblock.sock >= 0) + { #ifdef SUPPORT_TLS - tls_close(FALSE, TRUE); + tls_close(FALSE, TRUE); #endif - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); - (void)close(inblock.sock); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); + (void)close(sx.inblock.sock); + sx.inblock.sock = sx.outblock.sock = -1; #ifndef DISABLE_EVENT - (void) event_raise(addr->transport->event_action, US"tcp:close", NULL); + (void) event_raise(addr->transport->event_action, US"tcp:close", NULL); #endif + } } + if (!done || yield != OK) + addr->message = string_sprintf("%s [%s] : %s", host->name, host->address, + addr->message); } /* Loop through all hosts, while !done */ } /* If we get here with done == TRUE, a successful callout happened, and yield will be set OK or FAIL according to the response to the RCPT command. Otherwise, we looped through the hosts but couldn't complete the business. -However, there may be domain-specific information to cache in both cases. - -The value of the result field in the new_domain record is ccache_unknown if -there was an error before or with MAIL FROM:, and errno was not zero, -implying some kind of I/O error. We don't want to write the cache in that case. -Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */ - -if ( !(options & vopt_callout_no_cache) - && new_domain_record.result != ccache_unknown) - { - if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE)) - == NULL) - { - HDEBUG(D_verify) debug_printf("callout cache: not available\n"); - } - else - { - (void)dbfn_write(dbm_file, addr->domain, &new_domain_record, - (int)sizeof(dbdata_callout_cache)); - HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n" - " result=%d postmaster=%d random=%d\n", - addr->domain, - new_domain_record.result, - new_domain_record.postmaster_result, - new_domain_record.random_result); - } - } - -/* If a definite result was obtained for the callout, cache it unless caching -is disabled. */ +However, there may be domain-specific information to cache in both cases. */ -if (done) - { - if ( !(options & vopt_callout_no_cache) - && new_address_record.result != ccache_unknown) - { - if (!dbm_file) - dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE); - if (!dbm_file) - { - HDEBUG(D_verify) debug_printf("no callout cache available\n"); - } - else - { - (void)dbfn_write(dbm_file, address_key, &new_address_record, - (int)sizeof(dbdata_callout_cache_address)); - HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n", - new_address_record.result == ccache_accept ? "positive" : "negative", - address_key); - } - } - } /* done */ +if (!(options & vopt_callout_no_cache)) + cache_callout_write(&new_domain_record, addr->domain, + done, &new_address_record, address_key); /* Failure to connect to any host, or any response other than 2xx or 5xx is a temporary error. If there was only one host, and a response was received, leave it alone if supplying details. Otherwise, give a generic response. */ -else /* !done */ +if (!done) { uschar * dullmsg = string_sprintf("Could not complete %s verify callout", options & vopt_is_recipient ? "recipient" : "sender"); yield = DEFER; - if (host_list->next || !addr->message) - addr->message = dullmsg; + addr->message = host_list->next || !addr->message + ? dullmsg : string_sprintf("%s: %s", dullmsg, addr->message); addr->user_message = smtp_return_error_details ? string_sprintf("%s for <%s>.\n" @@ -1411,7 +1110,7 @@ else /* !done */ /* Come here from within the cache-reading code on fast-track exit. */ END_CALLOUT: -if (dbm_file) dbfn_close(dbm_file); +tls_modify_variables(&tls_in); return yield; } @@ -1431,7 +1130,7 @@ int rc; get rewritten. */ addr2 = *addr; -HDEBUG(D_acl) debug_printf("----------- %s cutthrough setup ------------\n", +HDEBUG(D_acl) debug_printf_indent("----------- %s cutthrough setup ------------\n", rcpt_count > 1 ? "more" : "start"); rc = verify_address(&addr2, NULL, vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache, @@ -1439,7 +1138,7 @@ rc = verify_address(&addr2, NULL, NULL, NULL, NULL); addr->message = addr2.message; addr->user_message = addr2.user_message; -HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n"); +HDEBUG(D_acl) debug_printf_indent("----------- end cutthrough setup ------------\n"); return rc; } @@ -1464,7 +1163,7 @@ if( return TRUE; } -HDEBUG(D_transport|D_acl) debug_printf("cutthrough_send failed: %s\n", strerror(errno)); +HDEBUG(D_transport|D_acl) debug_printf_indent("cutthrough_send failed: %s\n", strerror(errno)); return FALSE; } @@ -1562,7 +1261,7 @@ cutthrough_predata(void) if(cutthrough.fd < 0) return FALSE; -HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> DATA\n"); +HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> DATA\n"); cutthrough_puts(US"DATA\r\n", 6); cutthrough_flush_send(); @@ -1600,7 +1299,7 @@ if(cutthrough.fd < 0) /* We share a routine with the mainline transport to handle header add/remove/rewrites, but having a separate buffered-output function (for now) */ -HDEBUG(D_acl) debug_printf("----------- start cutthrough headers send -----------\n"); +HDEBUG(D_acl) debug_printf_indent("----------- start cutthrough headers send -----------\n"); tctx.tblock = cutthrough.addr.transport; tctx.addr = &cutthrough.addr; @@ -1611,7 +1310,7 @@ tctx.options = topt_use_crlf; if (!transport_headers_send(cutthrough.fd, &tctx, &cutthrough_write_chunk)) return FALSE; -HDEBUG(D_acl) debug_printf("----------- done cutthrough headers send ------------\n"); +HDEBUG(D_acl) debug_printf_indent("----------- done cutthrough headers send ------------\n"); return TRUE; } @@ -1626,7 +1325,7 @@ if(cutthrough.fd >= 0) conn before the final dot. */ ctblock.ptr = ctbuffer; - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n"); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ _cutthrough_flush_send(); @@ -1636,10 +1335,10 @@ if(cutthrough.fd >= 0) #ifdef SUPPORT_TLS tls_close(FALSE, TRUE); #endif - HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n"); + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n"); (void)close(cutthrough.fd); cutthrough.fd = -1; - HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why); + HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why); } ctblock.ptr = ctbuffer; } @@ -1664,7 +1363,7 @@ cutthrough_finaldot(void) { uschar res; address_item * addr; -HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> .\n"); +HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> .\n"); /* Assume data finshed with new-line */ if( !cutthrough_puts(US".", 1) @@ -2104,7 +1803,7 @@ while (addr_new) dnssec_domains = &ob->dnssec; } - (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL, + (void) host_find_bydns(host, NULL, flags, NULL, NULL, NULL, dnssec_domains, NULL, NULL); } } @@ -2526,7 +2225,7 @@ return yield; * Check header names for 8-bit characters * *************************************************/ -/* This function checks for invalid charcters in header names. See +/* This function checks for invalid characters in header names. See RFC 5322, 2.2. and RFC 6532, 3. Arguments: @@ -3107,7 +2806,7 @@ if (*ss == '@') } /* If the pattern is an IP address, optionally followed by a bitmask count, do -a (possibly masked) comparision with the current IP address. */ +a (possibly masked) comparison with the current IP address. */ if (string_is_ip_address(ss, &maskoffset) != 0) return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL); @@ -3622,7 +3321,7 @@ else (void)tree_insertnode(&dnsbl_cache, t); } - /* Do the DNS loopup . */ + /* Do the DNS lookup . */ HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query); cb->rc = dns_basic_lookup(&dnsa, query, T_A); diff --git a/src/util/chunking_fixqueue_finalnewlines.pl b/src/util/chunking_fixqueue_finalnewlines.pl new file mode 100755 index 000000000..5dddfa505 --- /dev/null +++ b/src/util/chunking_fixqueue_finalnewlines.pl @@ -0,0 +1,160 @@ +#!/usr/bin/env perl + +use warnings; +use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; + +use Fcntl qw(:DEFAULT :flock :seek); +use File::Find; +use File::Spec; + +use constant MIN_AGE => 60; # seconds +my $exim = exists $ENV{'EXIM_BINARY'} ? $ENV{'EXIM_BINARY'} : 'exim'; + +my %known_okay = map {$_=>1} qw( linux darwin freebsd ); +unless (exists $known_okay{$^O}) { + warn "for ease, this perl uses flock, not fcntl, assuming they're the same\n"; + warn "this is not known by this author to be the case on $^O\n"; + warn "please investigate and either add to allowed-list in script, or rewrite\n"; + die "bailing out"; + + # Another approach to rewriting script: stop all exim receivers and + # queue-runners, prevent them from starting, then add your OS to the list and + # run, even though the locking type is wrong, relying upon not actually + # contending. +} + +my $spool_dir = `$exim -n -bP spool_directory`; +chomp $spool_dir; + +chdir(File::Spec->catfile($spool_dir, 'input')) + or die "chdir($spool_dir/input) failed: $!\n"; + +my $exim_msgid_r = qr/(?:[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2})/; +my $spool_dfile_r = qr/^(($exim_msgid_r)-D)\z/o; + +sub fh_ends_newline { + my ($fh, $dfn, $verbose) = @_; + seek($fh, -1, 2) or do { warn "seek(file($dfn)) failed: $!\n"; return -1 }; + my $count = read $fh, my $ch, 1; + if ($count == -1) { warn "failed to read last byte of $dfn\n"; return -1 }; + if ($count == 0) { warn "file shrunk by one?? problem with $dfn\n"; return -1 }; + if ($ch eq "\n") { print "okay!\n" if $verbose; return 1 } + print "PROBLEM: $dfn missing final newline (got $ch)\n" if $verbose; + return 0; +} + + +sub each_found_file { + return unless $_ =~ $spool_dfile_r; + my ($msgid, $dfn) = ($2, $1); + + # We should have already upgraded Exim before invoking us, thus any spool + # files will be old and we can reduce spending time trying to lock files + # still being written to, etc. + my @st = lstat($dfn) or return; + if ($^T - $st[9] < MIN_AGE) { return }; + -f "./${msgid}-H" || return; + + print "consider: $dfn\n"; + open(my $fh, '+<:raw', $dfn) or do { + warn "open($dfn) failed: $!\n"; + return; + }; + # return with a lexical FH in modern Perl should guarantee close, AIUI + + # we do our first check without a lock, so that we can scan past messages + # being handled by Exim quickly, and only lock up on those which Exim is + # trying and failing to deliver. However, since Exim will be hung on remote + # hosts, this is likely. Thus best to kill queue-runners first. + + return if fh_ends_newline($fh, $dfn, 0); # also returns on error + print "Problem? $msgid probably missing newline, locking to be sure ...\n"; + flock($fh, LOCK_EX) or do { warn "flock(file($dfn)) failed: $!\n"; return }; + return if fh_ends_newline($fh, $dfn, 1); # also returns on error + + fixup_message($msgid, $dfn, $fh); + + close($fh) or warn "close($dfn) failed: $!\n"; +}; + +sub fixup_message { + my ($msgid, $dfn, $fh) = @_; + # we can't freeze the message, our lock stops that, which is good! + + seek($fh, 0, 2) or do { warn "seek(file($dfn)) failed: $!\n"; return -1 }; + + my $r = inc_message_header_linecount($msgid); + if ($r < 0) { + warn "failed to fix message headers in ${msgid}-H so not editing message\n"; + return; + } + + print {$fh} "\n"; + + print "${msgid}: added newline\n"; +}; + +sub inc_message_header_linecount { + my ($msgid) = @_; + my $name_in = "${msgid}-H"; + my $name_out = "${msgid}-chunkfix"; + + open(my $in, '<:perlio', $name_in) or do { warn "open(${name_in}) failed: $!\n"; return -1 }; + open(my $out, '>:perlio', $name_out) or do { warn "write-open(${name_out}) failed: $!\n"; return -1 }; + my $seen = 0; + my $lc; + foreach (<$in>) { + if ($seen) { + print {$out} $_; + next; + } + if (/^(-body_linecount\s+)(\d+)(\s*)$/) { + $lc = $2 + 1; + print {$out} "${1}${lc}${3}"; + $seen = 1; + next; + } + print {$out} $_; + } + close($in) or do { + warn "read-close(${msgid}-H) failed, assuming incomplete: $!\n"; + close($out); + unlink $name_out; + return -1; + }; + close($out) or do { + warn "write-close(${msgid}-chunkfix) failed, aborting: $!\n"; + unlink $name_out; + return -1; + }; + + my @target = stat($name_in) or do { warn "stat($name_in) failed: $!\n"; unlink $name_out; return -1 }; + my @created = stat($name_out) or do { warn "stat($name_out) failed: $!\n"; unlink $name_out; return -1 }; + # 4=uid, 5=gid, 2=mode + if (($created[5] != $target[5]) or ($created[4] != $target[4])) { + chown $target[4], $target[5], $name_out or do { + warn "chown($name_out) failed: $!\n"; + unlink $name_out; + return -1; + }; + } + if (($created[2]&07777) != ($target[2]&0x7777)) { + chmod $target[2]&0x7777, $name_out or do { + warn "chmod($name_out) failed: $!\n"; + unlink $name_out; + return -1; + }; + } + + rename $name_out, $name_in or do { + warn "rename '${msgid}-chunkfix' -> '${msgid}-H' failed: $!\n"; + unlink $name_out; + return -1; + }; + + print "${msgid}: linecount set to $lc\n"; + return 1; +} + +find({wanted => \&each_found_file}, '.'); diff --git a/src/util/cramtest.pl b/src/util/cramtest.pl index cb70eb404..48f989a0c 100755 --- a/src/util/cramtest.pl +++ b/src/util/cramtest.pl @@ -24,6 +24,8 @@ # Vadim Vygonets . All rights reserved. # Public domain is OK with me. +BEGIN { pop @INC if $INC[-1] eq '.' }; + use MIME::Base64; use Digest::MD5; diff --git a/src/util/mkcdb.pl b/src/util/mkcdb.pl index 2486e8f5d..691849dcd 100755 --- a/src/util/mkcdb.pl +++ b/src/util/mkcdb.pl @@ -9,12 +9,13 @@ # Little Perl script to convert flat file into CDB file. Two advantages over # cdbmake-12 awk script that is distributed with CDB: # 1) Handles 'dpc22:dpc22@hermes' as well as 'dpc22 dpc22@hermes' -# 2) Perl works with arbitary length strings: awk chokes at 1,024 chars +# 2) Perl works with arbitrary length strings: awk chokes at 1,024 chars # # Cambridge: hermes/src/admin/mkcdb,v 1.9 2005/02/15 18:14:12 fanf2 Exp use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; $ENV{'PATH'} = ""; umask(022); diff --git a/src/util/ocsp_fetch.pl b/src/util/ocsp_fetch.pl index 0d214d62a..08ca4cbe4 100755 --- a/src/util/ocsp_fetch.pl +++ b/src/util/ocsp_fetch.pl @@ -2,6 +2,7 @@ # Copyright (C) 2012 Wizards Internet Ltd # License GPLv2: GNU GPL version 2 use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; use Getopt::Std; $Getopt::Std::STANDARD_HELP_VERSION=1; use IO::Handle; diff --git a/src/util/proxy_protocol_client.pl b/src/util/proxy_protocol_client.pl index feae3ca90..67a171d5d 100644 --- a/src/util/proxy_protocol_client.pl +++ b/src/util/proxy_protocol_client.pl @@ -21,6 +21,7 @@ # use strict; use warnings; +BEGIN { pop @INC if $INC[-1] eq '.' }; use IO::Select; use IO::Socket; use Getopt::Long; diff --git a/src/util/ratelimit.pl b/src/util/ratelimit.pl index d7fd43ab1..e212fa241 100644 --- a/src/util/ratelimit.pl +++ b/src/util/ratelimit.pl @@ -2,6 +2,8 @@ use strict; +BEGIN { pop @INC if $INC[-1] eq '.' }; + sub usage () { print < diff --git a/test/Makefile.in b/test/Makefile.in index 0c8d9b71c..3d7810c8b 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -33,7 +33,7 @@ makebin:; @if [ ! -e bin ] ; then mkdir bin 2>/dev/null; echo ""; fi # bin/client an SMTP script-driven client, without TLS support # bin/client-gnutls ditto, with GnuTLS support # bin/client-ssl ditto, with OpenSSL support -# bin/fakens a fake namserver +# bin/fakens a fake nameserver # bin/fd output details of open file descriptors # bin/iefbr14 a program that does nothing and returns 0 # bin/loaded a dynamically loaded test module diff --git a/test/README b/test/README index 1a300663b..c08b63b0d 100644 --- a/test/README +++ b/test/README @@ -151,8 +151,8 @@ RUNNING THE TEST SUITE (2) cd into the exim-testsuite-x.xx directory. -(3) Run "autoconf" then "./configure" and then "make". This builds a few - auxiliary programs that are written in C. +(3) Run "./configure" and then "make". This builds a few auxiliary programs that + are written in C. (4) echo $PWD/test-config >> your_TRUSTED_CONFIG_LIST_filename Typically that is .../exim/test/trusted_configs @@ -269,7 +269,7 @@ There are some options for the ./runtest script itself: This allows "overrides" for the test results. It's intended use is to deal with distro specific differences in the test output. The default flavour is "FOO" if autodetection fails. - (Autodection is possible for known flavours only. Known + (Autodetection is possible for known flavours only. Known flavours are computed after file name extensions in stdout/* and stderr/*.) @@ -298,6 +298,9 @@ There are some options for the ./runtest script itself: maintainer after making a change to the code that affects a lot of tests (for example, the wording of a message). + -SLOW For very slow hosts that appear to have Heisenbugs, delay before + comparing output files from a testcase + The options for ./runtest must be given first (but after the name of the binary, if present). Any further options, that is, items on the command line that start with a hyphen, are passed to the Exim binary when it is run as part @@ -416,7 +419,7 @@ after doing any further comparisons that may be necessary. Other circumstances give rise to other prompts. If a test generates output for which there is no saved data, the prompt (after a message stating which file is -unexpectely not empty) is: +unexpectedly not empty) is: Continue, Show, or Quit? [Q] @@ -685,7 +688,7 @@ just one command: The expected return code in this case is 1, and the data lines are passed to Exim on its standard input. Both the command line and the data lines have the -standard substitions applied to them. Thus, HOSTNAME in the example above will +standard substitutions applied to them. Thus, HOSTNAME in the example above will be replaced by the local host's name. Long commands can be continued over several lines by using \ as a continuation character. This does *not* apply to data lines. @@ -778,7 +781,7 @@ found, the entire script is skipped, and a comment is output. need_largefiles This command must be at the head of a script. If the Exim binary does not -suppport large files (off_t is <= 4), the entire script is skipped, and a +support large files (off_t is <= 4), the entire script is skipped, and a comment is output. @@ -884,7 +887,7 @@ When OpenSSL is available on the host, an alternative version of the client program is compiled, one that supports TLS using OpenSSL. The additional arguments specify a certificate and key file when required for the connection. There are two additional options: -tls-on-connect, that causes the client to -initiate TLS negociation immediately on connection; -ocsp that causes the TLS +initiate TLS negotiation immediately on connection; -ocsp that causes the TLS negotiation to include a certificate-status request. The latter takes a filename argument, the CA info for verifying the stapled response. @@ -1023,9 +1026,20 @@ Lines in client scripts are of two kinds: (2) If a line starts with three plus signs followed by a space, the rest of the line specifies a number of seconds to sleep for before proceeding. -(3) Otherwise, the line is an input line line that is sent to the server. Any +(3) If a line begins with three '>' characters and a space, the rest of the + line is input to be sent to the server. Backslash escaping is done as + described below, but no trailing "\r\n" is sent. + +(4) If a line begin with three '<' characters and a space, the rest of the + line is a filename; the content of the file is inserted intto the script + at this point. + +(5) Otherwise, the line is an input line line that is sent to the server. Any occurrences of \r and \n in the line are turned into carriage return and linefeed, respectively. This is used for testing PIPELINING. + Any sequences of \x followed by two hex digits are converted to the equvalent + byte value. Any other character following a \ is sent verbatim. + The line is sent with a trailing "\r\n". Here is a simple example: @@ -1129,7 +1143,7 @@ indicating that they are specific to that one test. A few fixed files (for example, some TLS certificates) are used by more than one test, and so their names are not of this form. -There are also some auxilary DNS zone files, which are described in the next +There are also some auxiliary DNS zone files, which are described in the next section. diff --git a/test/aux-fixed/4500.msg2.txt b/test/aux-fixed/4500.msg2.txt new file mode 100644 index 000000000..0467dd4b3 --- /dev/null +++ b/test/aux-fixed/4500.msg2.txt @@ -0,0 +1,8 @@ +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: +Subject: simple test + +Line 1: This is a simple test. +Line 2: This is a simple test. diff --git a/test/aux-fixed/exim-ca/README.regenerate b/test/aux-fixed/exim-ca/README.regenerate new file mode 100644 index 000000000..aba0a8f08 --- /dev/null +++ b/test/aux-fixed/exim-ca/README.regenerate @@ -0,0 +1,3 @@ +WARNING for Exim Testsuite: + +If you change these certificates you will also need to update the TLSA records in dnszone-src/db.test.ex diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem index aab959bdb..e54eb9ac1 100644 --- a/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem +++ b/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem index a6a9e5b94..7c7305548 100644 --- a/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem +++ b/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db index d1e263ae5..327af2a8a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db and b/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/key3.db b/test/aux-fixed/exim-ca/example.com/BLANK/key3.db index 261c5657f..f081060f9 100644 Binary files a/test/aux-fixed/exim-ca/example.com/BLANK/key3.db and b/test/aux-fixed/exim-ca/example.com/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/CA.pem b/test/aux-fixed/exim-ca/example.com/CA/CA.pem index aab959bdb..e54eb9ac1 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/CA.pem +++ b/test/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.key b/test/aux-fixed/exim-ca/example.com/CA/OCSP.key index f44a3c497..dd521595b 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/OCSP.key +++ b/test/aux-fixed/exim-ca/example.com/CA/OCSP.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: OCSP Signer - localKeyID: 5C 45 60 73 58 0B 05 B0 8A E3 5E E0 82 F4 43 38 BC 92 11 D1 + localKeyID: 71 A9 2F 71 11 ED 33 7A 5A AC BD 8A E8 31 B5 F4 00 1A 96 7B Key Attributes: -----BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOXfY0A/oOp7KA4Q -AtDupzSVuTLwDERtvI0C3Lbo7gsyx+PAbpnOwOkKoR8BbJ3/ay5UB8Ximwf2u2A4 -MDdtlK1/gmtkkU7l4bKlszy/CQ9ovYaKixFvfM5bI2Z5OUgjDtYG2HkatCKWPrdu -RSV7xrCYZ+FAV/1zC4On0WoYu80RAgMBAAECgYACAERSalthvym1maEUpYcyF32R -unI45EWoapZ2RyfPVCVWT7YGw7x9KtkFNpN1+qO5twSMTfEwjA7MgyC0UtFg/wpM -QeeEK8KIOg7xgur1Q3mpb3E6o4ZOFcPV0S3dGP/kT3TSMbgGzChu2ZK5fLpwNk74 -BCD8eOE8JLq60yGxYwJBAPa431ywNBPp7atC9BDdON4BAEr0r6Cb+SZUJK1+DKpR -1kVjq7Tt5TipsdBtYnQh2r0SFDKJw37ULDH54DFw07MCQQDuhE8jIQPPohFyLEUn -HhIHSs/LEYWXtbSkWsZji4r1Q+1tCUOeqfZiMLo6MQgnwu1N534IpOXgmoAWGFsS -z8orAkEAzIJqA7a7NFaP/4o8LU5yuPMzfu5cNlGTsMXGsVjuvq+fYV1BE3SusM1Y -62AAYCs/2cGGpG21cwgEqlhqEhFoKQJBAKIT+orOhn5zjRNejedVAb8+0REW6Qb8 -jLIalTFTw6uC6zXq065fpHN41TNx2i7awNLtebF6DFOh6WQaTNjtpl0CQQCt7EvE -fxcjWKwEJrUXF4gLho1GebR38Et5eRqFuhnMfPM7gu2FrPtXeIel4/Mm7QvBklv7 -a4epoR/YDYlkJ/xa +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMWL5GdlufxkZH6j +c2yV5cjRyUotDklCAjNi0lHUqcIddHDE3JYoOY+awfoK8p0uIbBuLYucYKoPJT9p +k7Q5S3dGjMR83AMig36vaLqkUoDHGH1WVcwYzyFYyNn6xsV7lPqD+gdb3NdmhrPN +XOUwZPVs47fprqRGqTuuqthmr3inAgMBAAECgYAFRZ951vAouTEpZAlPi4yPWHHr +xdoMwHM4ldmRD4DcSlbyL37HjxlCKNomZyZkZXfGspoKkMjPoQnYcGPdum22HC2V +kfiiVbT9+1JHfEQ52MJPf5DC38KSiJXigOwljN580baDNEcFuyqQY/+zv7iH1AeM +kRXeUs8k4+SI4DNSGQJBAOT9gNbe/GfBUQHPWkB4RGYFcwJSZrRyBCKqYK6W38Fs +Ii/8OKZ/WRxzEQQ5+AA9PR9EWXFVMq7wU9Zn1Ufzdj0CQQDc2OzFIpkyAG5T1iXo +ptf41hzva2Z8mH9BeYCk8ChSq76vIYig1x//+Hndwsx8X2gCxcbijMJvjHQPrG6Y +C7yzAkEApgt0e1qiKBIzzV4wEYOkBV56MPrTYpEyknh9NtxMUBM7DxSTd5fsZAbE +Fg562KGPSrbjLJ0c7WFzSYttSokt+QJBAIcxiCfZ2TwhxWgvBP/Z+wYKVKY/8fo+ +BFDZh2Xw2k5Zcp6VAaWsa5tvyXJ2yGUupmZkGi8fifttWLMrlHwhWz8CQQDWKBtW +NRAwS7yq8DNFEJs4zP8P4U3/7iQnlX1VPzU517m3x++VSwWcMSSy7pF3toXZJRF+ +eF94ASUz85rI54FT -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 index 25627d990..d51806d3e 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 and b/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem index db7c4dc01..6ca582bf4 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem +++ b/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY +MzQwMVoXDTM4MDEwMTEyMzQwMVowMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDl32NAP6DqeygOEALQ7qc0lbky8AxEbbyNAty26O4LMsfjwG6ZzsDpCqEf -AWyd/2suVAfF4psH9rtgODA3bZStf4JrZJFO5eGypbM8vwkPaL2GiosRb3zOWyNm -eTlIIw7WBth5GrQilj63bkUle8awmGfhQFf9cwuDp9FqGLvNEQIDAQABoyowKDAO +iQKBgQDFi+RnZbn8ZGR+o3NsleXI0clKLQ5JQgIzYtJR1KnCHXRwxNyWKDmPmsH6 +CvKdLiGwbi2LnGCqDyU/aZO0OUt3RozEfNwDIoN+r2i6pFKAxxh9VlXMGM8hWMjZ ++sbFe5T6g/oHW9zXZoazzVzlMGT1bOO36a6kRqk7rqrYZq94pwIDAQABoyowKDAO BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN -AQELBQADgYEAItOiudWgomzwbClA9o7UIHV3bP5hQ6ZB6UA47+BB+BYqyq1toxNY -uUZYuMr02fJzh3Y7yJCipQ0ac0vlFgVg1cuBcjYb+Qj8+jZPdU6iNuHhQVOArCqJ -htS+pkqXstFkSRvFU6Ps5D8xgSbgFe+UE1iHqMHl5V8h9QlL85QM4Lg= +AQELBQADgYEAVv4Md0Knp0gutMKCvPTb78cQbCrYJCZY/rD5bFrLdjb04/Vp6wxZ +Zml5UeYlXDrlaAZ9pvv2JItNrkJdDgy4dfXnHYkEyf0VRXchy/ORnzOCIiq83lim +Zng6m70reCwFJar9yaofPk7eMOOl2BoNJIMalmZH3Sn0PW+zLa98qi8= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.key b/test/aux-fixed/exim-ca/example.com/CA/Signer.key index d10600a32..e70b1ff3b 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/Signer.key +++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: Signing Cert - localKeyID: 66 80 BF 3A C9 12 D9 85 0A B5 ED B3 6A A6 5A A2 73 20 52 EE + localKeyID: 9E 3C E0 62 B3 A1 22 50 86 25 CD A7 F5 F1 59 CD A0 DC FE 07 Key Attributes: -----BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOOMkRJs7F2ue2M4 -756NNjcQt6ZFfreQOq/A8zl6iM80dcT4OSYTj4x8ekr0kF/pND1GJe8X/RdqDhn3 -ETnJbzPTWnR+ujEI3a/PvdW5lKeyWrfdYKx2XycB+wW16sGB5csHNh3HsCxR3dSR -v/Oj2lL6pe2/FNjh3sLUbkIF9+MTAgMBAAECgYAa5hHQ0Z3KteaxxC1rRY/MSEZ1 -ZM9bHV/FSUlXQ5lq6RgnjceaV9icclXgiMg3q5vNxyjnz82kLW4iT/cHfjzjSefm -IYilLzE5jtkXJnCfzWIzLHYKwe1HCLX5S78YYiVJkjKtZrC9hnAPTHRQBBJ9IHHo -U7Qk2mKzBdbYEpeQ1QJBAPW/Yi0VDisjbFI601PhzoiWLBLz3dEy9ZWj58MvrLWo -0a/bxsjrxmumcR1qpuszZcHFl/JRQVmJ55Mpy0cFff8CQQDtCtIfGwrN3/QVE2K5 -2+dEbzlDPpk2qmsQXduZT5bXYo9t2Q5bac+V8X9WfvmfxP71SdpvqDUSCVkBACcx -mcLtAkAI5PhksVJl9U5CW6ayboXPI8BMn07z92g0Fk6ZHeyeVpHgT5AOTZpM4yVM -70NDWATi0ogBWTeIShl7lhOpamV5AkBRt5ZCdO8flCIwFdPGIQI0PGewP+dPyiZI -qSKoUqC8tdSeWOKzLuIKXgu5BOMHakE+zGwKbCGHi0NsreHVHp3tAkAUC2+PTjlj -Z3A+ZzwC/Vt81W+GtQOOmGTWwfUZMowFV/uw7hQRN1ALWTCv6O0xGa7evoSTjS9s -FXqDkIT381kD +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMLY+HnZQx0PwIBb +qYChJQqBBsISmzpVg8GprTfUnMMHOkcPxyYgl9GWY+D1XwrYtc/xVV54bstbZEFW +VLH3TzYRk0Lnjk0UoODhe7TWNg/wGs1wnPO7yKnyiyKoDOj33cBlehZ4ZkonuFgD +UzlEIyRIgGEXHCg5uMb0G3UtD+R5AgMBAAECgYABeqTaab8XyIOBnMprpC2DY0rN +nV1UOGa/RhCFR1IesowxgGbQjCvo9HelOTjAoVBWxCbTznwEibdWn31MsezSOFKs +vIiXfyFJUhONnt88Yx4YmSfoRLNjSUsjXyxc5qnnk1zEXyrg8Ek2HzBmxEY1nuGA +JTAF6q8c6y15PL4pdQJBAOaBfap41wGg2RjKRHgcop0xcLIw4+GIJM4FLw6H5LyB +MuqiGi93otTgCWgNS1diV1D9PEjvxxXA5TJgx/u5m30CQQDYZdsvYF3qXI1wPLXk +uATJDFEHpk3doHEXPoErvkGrEke9HC6spSkMk2yxj1Rdkd/U1PF4dqJi35BaDYgi +p+WtAkB5D8FkaxrhLA1ZS8IyIzf0vyalL7A/nzVVTrusMgscRe7r9D80duz6SMAn ++fN77ZZWXunulKBG+IxnrRTbTFwxAkEArRVTKmK225RpoMM+bZFuamyKh0bScxk4 +O3JIGPfVSIKXlL/s6TQ1UBS+1Iqi3TCnSnGELmkdW14b9JtsLuQCBQJBAOH9NRNW +rCQRCy+zlEo1c5Aukm+q2JHkuZwyVbBx7EEqX9RXwQ74OMVUUfqk7XhspY3SOg5i ++BfrMwWtyFCfgmg= -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.p12 b/test/aux-fixed/exim-ca/example.com/CA/Signer.p12 index d9ef4ce4a..6d58d5e8c 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/Signer.p12 and b/test/aux-fixed/exim-ca/example.com/CA/Signer.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.pem index a6a9e5b94..7c7305548 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/Signer.pem +++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/ca.conf b/test/aux-fixed/exim-ca/example.com/CA/ca.conf index 299506f96..915a72efc 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/ca.conf +++ b/test/aux-fixed/exim-ca/example.com/CA/ca.conf @@ -1,19 +1,19 @@ ; Config::Simple 4.59 -; Thu Nov 1 12:34:02 2012 - -[CLICA] -sighash=SHA256 -crl_signer=Signing Cert -crl_url=http://crl.example.com/latest.crl -level=1 -signer=Signing Cert -ocsp_signer=OCSP Signer -ocsp_url=http://oscp.example.com/ +; Thu Nov 1 12:34:01 2012 [CA] +bits=1024 org=example.com subject=clica CA name=Certificate Authority -bits=1024 + +[CLICA] +crl_url=http://crl.example.com/latest.crl +ocsp_url=http://oscp.example.com/ +signer=Signing Cert +ocsp_signer=OCSP Signer +sighash=SHA256 +crl_signer=Signing Cert +level=1 diff --git a/test/aux-fixed/exim-ca/example.com/CA/cert8.db b/test/aux-fixed/exim-ca/example.com/CA/cert8.db index c1e110e9e..f3eb5710d 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/cert8.db and b/test/aux-fixed/exim-ca/example.com/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty b/test/aux-fixed/exim-ca/example.com/CA/crl.empty index 53a795670..f88dc832e 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/crl.empty and b/test/aux-fixed/exim-ca/example.com/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt index c7de23ec6..94f20b071 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt @@ -1 +1 @@ -update=20161101174750Z +update=20170131185506Z diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem index 1e496dfbd..bbe01d70d 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem @@ -1,7 +1,7 @@ -----BEGIN X509 CRL----- MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20x -GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTBaMA0G -CSqGSIb3DQEBCwUAA4GBANWNiRAfuqCpy5xCJRHBQX8PeS7SMvKsgN3/7CahxPMo -/1AXqiQfsSK91kI4EVbcTUuEIlSmZyVk5fVFsfn1nYDyTjqmpuiNhR1473KJsLO6 -CkWLFB0FLcpZIxoKjA00F7fWXA+OI95pr76JixcWUYESQBkgWQGYxEvhdgDH+Fh6 +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G +CSqGSIb3DQEBCwUAA4GBALweRJiNR6xxBHSq8yJwCQ8QTPk20k3HZMqkiHJsXk2k +7Bi8u084dWT6qusM0sX+EIijWaq0PeI62eMIxTypD8f+ug3ookeq1uTr5/oxitfp +5Q2t5yFzk6fqmnozxyb2BhRGiEpwouLFngt9yz3WjJmOXVIQbz3JDpzHBx8kIhMm -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2 b/test/aux-fixed/exim-ca/example.com/CA/crl.v2 index d3acb6e5e..7a4733b84 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/crl.v2 and b/test/aux-fixed/exim-ca/example.com/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt index a488ee041..8384c35bd 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt @@ -1,3 +1,3 @@ -update=20161101174753Z -addcert 102 20161101174753Z -addcert 202 20161101174753Z +update=20170131185508Z +addcert 102 20170131185508Z +addcert 202 20170131185508Z diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem index 4f3928500..fb08e4a12 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLmNv -bTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow -LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN -BgkqhkiG9w0BAQsFAAOBgQBecwRKnMEtZ1Hy5UKs5KR8N9oM1lvHeVCpf2KDYgR2 -x0W4qsPVhMQTt23XhNZwQ+FX+u1l+doNZlwBk7HJOdnrT0X6KlCIO/jomd5NtQ7c -DtWoNakhoESob/L2Kcd9RlkeZmhV9sJ/nFDURy6367+jWa5HHhyfEQDOj2rQ8mqQ -Qw== +bTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow +LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN +BgkqhkiG9w0BAQsFAAOBgQB+5VosBl1uvUXUQ17NdPZJSR0ZyJ9+jwTSauGwGjHa +sKjpVCwT8Lzf0CL15/sv3mR4P67v3xLHKuxLpdzVhrgOFanoeplGUJFmXjIQ547H +5Psyeg3C1+Ob6uIUZR0p7SVSeJJNiv8XlrIu78YsPrFigE8X/qUqEeXOXYyINlFh +7w== -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/key3.db b/test/aux-fixed/exim-ca/example.com/CA/key3.db index 99a934872..a39c46087 100644 Binary files a/test/aux-fixed/exim-ca/example.com/CA/key3.db and b/test/aux-fixed/exim-ca/example.com/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/noise.file b/test/aux-fixed/exim-ca/example.com/CA/noise.file index 175520295..7aea9a551 100644 --- a/test/aux-fixed/exim-ca/example.com/CA/noise.file +++ b/test/aux-fixed/exim-ca/example.com/CA/noise.file @@ -1,188 +1,309 @@ processor : 0 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB physical id : 0 -siblings : 1 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5424.00 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 1 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 1 -initial apicid : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 +apicid : 2 +initial apicid : 2 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.15 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 2 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 2 -initial apicid : 2 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 4 +initial apicid : 4 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.09 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 3 -siblings : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 6 +initial apicid : 6 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 4 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 +apicid : 1 +initial apicid : 1 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.40 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 5 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 apicid : 3 initial apicid : 3 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 6 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 5 +initial apicid : 5 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.27 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 7 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 7 +initial apicid : 7 +fpu : yes +fpu_exception : yes +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.26 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: - CPU0 CPU1 CPU2 CPU3 - 0: 135 0 0 0 IO-APIC-edge timer - 1: 1 2 3 2 IO-APIC-edge i8042 - 6: 0 1 1 1 IO-APIC-edge floppy - 8: 0 0 0 0 IO-APIC-edge rtc0 - 9: 0 0 0 0 IO-APIC-fasteoi acpi - 10: 496 482 486 468 IO-APIC-fasteoi virtio4 - 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl - 12: 0 41 47 38 IO-APIC-edge i8042 - 14: 0 0 0 0 IO-APIC-edge ata_piix - 15: 24 20 182194 20 IO-APIC-edge ata_piix - 24: 0 0 0 0 PCI-MSI-edge virtio0-config - 25: 0 0 0 0 PCI-MSI-edge virtio2-config - 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues - 27: 3075029 25 27 24 PCI-MSI-edge virtio0-input.0 - 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0 - 29: 0 0 0 0 PCI-MSI-edge virtio1-config - 30: 8 10 6 263036 PCI-MSI-edge virtio1-input.0 - 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0 - 32: 0 0 0 0 PCI-MSI-edge virtio3-config - 33: 2251 1443 1443 76412 PCI-MSI-edge virtio3-req.0 -NMI: 0 0 0 0 Non-maskable interrupts -LOC: 2927588 2332410 2357757 2469878 Local timer interrupts -SPU: 0 0 0 0 Spurious interrupts -PMI: 0 0 0 0 Performance monitoring interrupts -IWI: 171654 62779 47813 57003 IRQ work interrupts -RTR: 0 0 0 0 APIC ICR read retries -RES: 801927 676810 570786 698330 Rescheduling interrupts -CAL: 22675 11464 17532 1233 Function call interrupts -TLB: 82281 78051 78821 80323 TLB shootdowns -TRM: 0 0 0 0 Thermal event interrupts -THR: 0 0 0 0 Threshold APIC interrupts -MCE: 0 0 0 0 Machine check exceptions -MCP: 624 624 624 624 Machine check polls -ERR: 0 -MIS: 0 -MemTotal: 1785008 kB -MemFree: 252440 kB -MemAvailable: 1297232 kB -Buffers: 0 kB -Cached: 491464 kB -SwapCached: 252 kB -Active: 330668 kB -Inactive: 223256 kB -Active(anon): 30216 kB -Inactive(anon): 73420 kB -Active(file): 300452 kB -Inactive(file): 149836 kB + CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7 + 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer + 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042 + 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0 + 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi + 12: 201 49375 1144 1233 5340 1378 1701 919 IR-IO-APIC 12-edge i8042 + 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus + 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi + 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0 + 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1 + 124: 7929 1965 1951 91785 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0] + 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd + 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci + 127: 0 0 87 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6 + 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge + 129: 725 32 125 185 13085 451 6925 254 IR-PCI-MSI 32768-edge i915 + 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me + 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi + 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0 + NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts + LOC: 33252 27470 28482 27041 44011 60675 27232 32342 Local timer interrupts + SPU: 0 0 0 0 0 0 0 0 Spurious interrupts + PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts + IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts + RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries + RES: 9953 4152 2811 2503 2970 1497 2330 2606 Rescheduling interrupts + CAL: 51614 26930 27696 38549 30005 38582 36536 38830 Function call interrupts + TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns + TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts + THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts + DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts + MCE: 0 0 0 0 0 0 0 0 Machine check exceptions + MCP: 3 3 3 3 3 3 3 3 Machine check polls + ERR: 0 + MIS: 0 + PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event + PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event +MemTotal: 15855100 kB +MemFree: 11476980 kB +MemAvailable: 12986624 kB +Buffers: 385492 kB +Cached: 1341284 kB +SwapCached: 0 kB +Active: 2944176 kB +Inactive: 986248 kB +Active(anon): 2204748 kB +Inactive(anon): 57096 kB +Active(file): 739428 kB +Inactive(file): 929152 kB Unevictable: 0 kB Mlocked: 0 kB -SwapTotal: 3354620 kB -SwapFree: 3353308 kB -Dirty: 728 kB -Writeback: 0 kB -AnonPages: 62116 kB -Mapped: 18712 kB -Shmem: 41176 kB -Slab: 898296 kB -SReclaimable: 847920 kB -SUnreclaim: 50376 kB -KernelStack: 2752 kB -PageTables: 5844 kB +SwapTotal: 7933948 kB +SwapFree: 7933948 kB +Dirty: 896 kB +Writeback: 24 kB +AnonPages: 1629712 kB +Mapped: 243280 kB +Shmem: 58204 kB +Slab: 251984 kB +SReclaimable: 179424 kB +SUnreclaim: 72560 kB +KernelStack: 6816 kB +PageTables: 29640 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB -CommitLimit: 4247124 kB -Committed_AS: 387204 kB +CommitLimit: 15861496 kB +Committed_AS: 8757188 kB VmallocTotal: 34359738367 kB -VmallocUsed: 149692 kB -VmallocChunk: 34359524352 kB +VmallocUsed: 0 kB +VmallocChunk: 0 kB HardwareCorrupted: 0 kB -AnonHugePages: 6144 kB +AnonHugePages: 684032 kB +ShmemHugePages: 0 kB +ShmemPmdMapped: 0 kB +CmaTotal: 0 kB +CmaFree: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB -DirectMap4k: 67576 kB -DirectMap2M: 4126720 kB +DirectMap4k: 147456 kB +DirectMap2M: 6608896 kB +DirectMap1G: 10485760 kB Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed - eth0: 218818091 3198854 0 95478 0 0 0 0 7346771 57437 0 0 0 0 0 0 - eth1: 29581672 268301 0 93500 0 0 0 0 30026524 67527 0 0 0 0 0 0 - lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0 +wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + vnet0: 32675 319 0 0 0 0 0 0 42290 545 0 0 0 0 0 0 +virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0 +virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db index c22fc2d82..eb69671b3 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem index 5490231f0..86c4cf923 100644 --- a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired1.example.com - localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5 + localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA subject=/CN=expired1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNVoXDTEyMTIwMTEyMzQwNVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALy2HJZRTcNSDF5QRW3X -BQNLIYmrDUq3yumF4PE9MOXr0+xg/EmPQwJDB3zh06zwt1T+sV6iQb2Q0c2FhaHO -uwWJqUbAiFsnT9BTVoRKu2ucZGSMQnkN6/pm72DHob6rMrTfPj6KOyTivuAhyDW5 -i1goyUFTdn8SJ61l8HL5byF9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTCvf315OK4Yr6gzhR/ +UgD+UArs0hNH2W2Uc+IJnRyrXrfqH3WYRV+tWsijqOoA9z6JcgXaImH5XSq35buY +caS1IhHg7ubtIEG0QcY4qf1wZK0V1A48Yk9iwYU4eBlBaqe2hNjVnXZprYteZ9Ws +VWfjH+H3/Xh3BGrxL6FjcE+pAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEARaN7 -KMTp2MpeFZ1L2SN9WRYwykEiD9E9aP+ML/TKtt+9T7GUooFVuJCo6XxwDwKQeU5k -hXeBId0fzHBbxmm8hv/OCC8A0bXokabggpwcpJj1KiWjTCNjP0SpcDbCVh/tnqnW -VObxV0+BX8B33kUGQmxWMZTknCSQYOcae9Oifac= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAnAU6 +0ELaqsG85xaBG0ygY7VPEZFvsO45F37Y/VXp3YmwMMKpyN3DT6B3vSl64XLHCBcb +91Sl1A3kkTJS4lLxPt12PNuImc+lr+D3vJqgJ2uoKznYmgX7cHWLnXkL3fX8TmSc +UW3WlWPM+DqP9rTX1Rpw0PLb02WgnkAzbDegeR8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key index c8917b26b..a4d132e90 100644 --- a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.com - localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5 + localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI4jACuaIHJ84CAggA -MBQGCCqGSIb3DQMHBAj08DCtju6rWwSCAoD1UBHO5lXLwHuQcfSjaRQF6fwzI8fK -okLEQMxBRXirCP6webLBy3X6kGsKNxxs3Wd6JAV0Gw4ESRUConGQEpqGIjdmKhcH -+lKSQssW0CSw5axXpJr0nt+hBbxpKPScJugriJBJlZoGf86/1j81bHmZV7bT9G8e -jMD1VeGmRi9kVZWfKLmMWiR6FbXei9jsqZCVtoYWj/zu4HBveVwfKFW58Eff1nYT -YcW9eLJPvMFYpCnCVptkXK6IjNjnGlGkXUC2QAH+J1IH83kXOw/O+EccdJFKD1tP -uxNQCiw4X5vAmcdmt4i6N8Iozqz2vz2OGxCW+ymCEJq6ZdaHLQngHeN/FzHq2kiD -3crfjsoZYKzHV8XkzyHAx1qTySRbucgf/HukabqVBUZ8VEQKRCfMsF6csd9Ch0bm -gUcqU8vSxlzlG+pRPxYBsSZraOyj9+Gkkb9XwMnXm+kTHqBejgB8iL27ZA6mUNX9 -Flnu3fmg8XUJWmsmUvHInAEm0QkuvR21wlyq3OvFXW5Z3YCimm6sWCYgJRBe7l8I -DhIr4ki/oMwfKGmnvBSFJoSlj/O9JiNVO+5WdB4c43HQ3Ck07oVFw3UJNhXHnVnh -u8fAYrgui+LTBEoKOVwEAADQBDMZ2Eq2PLSAs5xQp/n7Ygrptb8egbpiY75CvRuv -I6Yq6Yb6vnE20Q8LapUZNymN6mfltu/79/XGYYTki89eSpsjgDPvcA95y8t7UuHi -PlEYxaVo5qqRJGh/GKBa6rtsJR+hRwTeVhGp503N6e6eLpc+wZm0tuRv1BFu6HM/ -sCpnza17FDflZk8A27TGNguUnYtV6sZ9Db2LcdAKMiGbgYXxzsXzPjnr +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIF6bmOIjY8xECAggA +MBQGCCqGSIb3DQMHBAi/0D3fDlzKwgSCAoBNavhFtNwnXQ+Um51KYksca5ul2XDp +IIOweOixkUeOsPLlWEXE1FnD795WqWMcJHilFGtC01cTplsf0W042ECwBbAzr4Z2 +aniI+IyTDtSD9LbIqOHQEDzR0MfrtwyQ66A1OFxhi1yU5uYDCvLqzSQp485l3LHK +/ZN2hloTgUYZMFQr9g+PTpzgyHwUls0jnOMN6BVVblwv1L4MqeS+15Z2AtnRWGtl +rDmAbGLm/aeCe49IrFRIc0jHE3gDs+iRUTJ/bnSEgLUtRL2w7aNTA4XcvCQP631V ++AYXH91FSRpq1braQZjlJSmZCK0whdqDuZDy+pHl9dTqOEqtrOeryY7hsmKpibZG +t69G6A7fJGsWCxi/pVw92y1rfn3TNSxx6EiZMDwL+Y7A47+u7tGYitNtoN2s9gS+ +WQqHqgVd81zGxwi79VIH/K2kyaBc2fhIJspa7a9CUQW+nA5abrwCrDP5d+Y1OfaQ +q6vT/eVto05T4LlcwrqIdhkvcWxk/lQG3oi6f/Wy80bOdk5CmfpwJc87J4mRTcwK +6mK9b8nq1eX/aj4JXZPrbl/boz2KMP4lxbmw4H0kueC84JgZmqifCCGIVSHZFUDV +tNpijNXLAwgnNBUxk0ffFI8LC6FvSHs46Ij+RS0Hth8D2+DA5b//N/Z18iIi8chQ +11f/MzCuN4MsZ6f8yrvTYfsf9FlMpUCWFnrKMCMHikVh4usk1VAUjszyMp2wwujl +mt531rN/eB8P9edh8+2Zg0FG8wZeiRaLzBmktEZmDXv3A4o/Ksr2bDqp8nAU5n8V +wBEQ3q6AAHosVq5PyRAbm2KwOEJVMDdR8tF3QZuogvXW2GbyhNsthsjz -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp index d6731eddb..d5ac08077 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp index f65e84336..d0b3a807a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req index 2a0661886..44c149549 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp index 6f2afa08e..36fb0d1e6 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.dated.resp index bc3bf999c..b4a9aeba9 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.good.resp index c9f2a7234..156b36b81 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.revoked.resp index 1a94405aa..a9cb57832 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.dated.resp index 76584f9e9..5b3670296 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.good.resp index 0aa9f4e1a..51478aa06 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.revoked.resp index 540c48a63..03c8b7a26 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 index e581f0f89..4ac3a7019 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem index 42ce2bb6a..a73389074 100644 --- a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.com - localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5 + localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA subject=/CN=expired1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNVoXDTEyMTIwMTEyMzQwNVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALy2HJZRTcNSDF5QRW3X -BQNLIYmrDUq3yumF4PE9MOXr0+xg/EmPQwJDB3zh06zwt1T+sV6iQb2Q0c2FhaHO -uwWJqUbAiFsnT9BTVoRKu2ucZGSMQnkN6/pm72DHob6rMrTfPj6KOyTivuAhyDW5 -i1goyUFTdn8SJ61l8HL5byF9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTCvf315OK4Yr6gzhR/ +UgD+UArs0hNH2W2Uc+IJnRyrXrfqH3WYRV+tWsijqOoA9z6JcgXaImH5XSq35buY +caS1IhHg7ubtIEG0QcY4qf1wZK0V1A48Yk9iwYU4eBlBaqe2hNjVnXZprYteZ9Ws +VWfjH+H3/Xh3BGrxL6FjcE+pAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEARaN7 -KMTp2MpeFZ1L2SN9WRYwykEiD9E9aP+ML/TKtt+9T7GUooFVuJCo6XxwDwKQeU5k -hXeBId0fzHBbxmm8hv/OCC8A0bXokabggpwcpJj1KiWjTCNjP0SpcDbCVh/tnqnW -VObxV0+BX8B33kUGQmxWMZTknCSQYOcae9Oifac= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAnAU6 +0ELaqsG85xaBG0ygY7VPEZFvsO45F37Y/VXp3YmwMMKpyN3DT6B3vSl64XLHCBcb +91Sl1A3kkTJS4lLxPt12PNuImc+lr+D3vJqgJ2uoKznYmgX7cHWLnXkL3fX8TmSc +UW3WlWPM+DqP9rTX1Rpw0PLb02WgnkAzbDegeR8= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key index 04e991a12..9856ea8a9 100644 --- a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC8thyWUU3DUgxeUEVt1wUDSyGJqw1Kt8rpheDxPTDl69PsYPxJ -j0MCQwd84dOs8LdU/rFeokG9kNHNhYWhzrsFialGwIhbJ0/QU1aESrtrnGRkjEJ5 -Dev6Zu9gx6G+qzK03z4+ijsk4r7gIcg1uYtYKMlBU3Z/EietZfBy+W8hfQIDAQAB -AoGAARQ7A3xRGbmmuCOFh0siXiOEn+q8Ynh/EGL4KuufmrjOEKOMCB7K6NwAy3LB -0dLubIpL8cySGbcnQur6aRqeUApckTKEQCJVngWNCuyOsS2c4ymMhL6c5iKM/s7z -DK/JR7rSI6eaWuNzJDN7uk3d6B36UPQrKYcY3LUUgcJ4n3ECQQDj4IXAQ2U3szUW -ZWIH43GrF3RVj6ozfLoyX/JEV8AZlLwzYBTcrMncTwxbGSZgf1axWMBg/X77OAlP -pbAwYvsRAkEA1AAzet5Dn/dZbsF03gSOSF7sb8UvgYUZwVWN9o4FXFjkYTCOhLFi -xKGLQEb5KBUef1KEUpxgr79NVycs6s4HrQJBAJmlHQmRZ4Gy1yyOlxZyiIWvfsTh -5QRqKLEmeBcUg3W8D1kkg2x3JHPi6JXT00hlE3LoQG4k/aUtFzoYoT8+vcECQGu/ -smqHXv2FvOmi36Ab1qkHvcnNAaklmgJ+Vknywty9vU18XWMpuRZROLIxoF7z5O03 -ZlOKcUXByDA8lAK/Nn0CQQCMpajB4RGF9IxWhfkNqdcEaei1qFlLo7l7KpZUI6UK -056Q7UpuPfUaUG1reUKlwDAUzvj0djAQhbJqrmagd2NV +MIICXQIBAAKBgQDEwr399eTiuGK+oM4Uf1IA/lAK7NITR9ltlHPiCZ0cq1636h91 +mEVfrVrIo6jqAPc+iXIF2iJh+V0qt+W7mHGktSIR4O7m7SBBtEHGOKn9cGStFdQO +PGJPYsGFOHgZQWqntoTY1Z12aa2LXmfVrFVn4x/h9/14dwRq8S+hY3BPqQIDAQAB +AoGAAqXDgbHNKSHQWP6ilz2uqvXBD6HnzRDymNoJBHnFo+zzDX14e+VsdYudxO+y +0PyUrGzpXFvMNPjygHsl+7QNlLg4i0dP762tHD4QE32qMBVhBPty1koAyM1cWi3P +QttMl+/pGcVy4h/YtEA2MFnFqAG3oNpYwqolaVjm1qCqENsCQQDzgVgUKq++/y8D +I7gqxSjoYapzGm7izJpHR4fXoSlYuSNiF1DXlwKSj0RgXcYueKYViycxt2zJnF2g +UEOTiWr/AkEAztteDppqGJAW8qI5e0llnZwKe67osrw6s7I/ttXfcNxRCqGWiqH8 +aP9hShFx9urN4ytgi6XLWo0E84jAILINVwJAYlqhH+wp9mSOMZ9w2N2v60TfmwRX +O4ZW3mmXBdKTp8GH+CvgvGPDZz006hOWY9jZhKQjHaKv7zMYYhNpaCM+MwJBALiy +PeUkEp8j6Jl0J4bhHg4ACYwtvC/6yR8xhJonlH4c+W9YoCXgRJMrkx6jPPKO7I5t +aKLHwi5zw3v/Gi0XTbkCQQC+2rPSR007V864RuUK2ze112YtiL50nAEywbbQVvtf +56yQWG6eI0hVTWVJ5iRAdtUdyBgnAGHWKga1IVOqE+zc -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db index d3c7c6fa2..1f6fb6eee 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db index 9193f520a..e05e2b59e 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem index cf0d3a438..219a4b87a 100644 --- a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired2.example.com - localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E + localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2 subject=/CN=expired2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDhaFw0xMjEyMDExMjM0MDhaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbz0OWRqZiN1CDR91 -FskX0vqava1R6/9PfVFwD/7D6FpEVV97OBkDVORWbx/V/3yaeoT0TKDU3DWompq4 -1oIhfvq8ffKINjZEk9d3f89lOPomajUg3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SF -L7g4QqHHE/ZqbEm6YxouFZTT4QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7gLu3gydH924Hw35f +2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSUizcx83byD4Csd/rkHnVSTm3VJdpCcmXN +42Snj3D+F2+/IY3pLnWt49n3ivgQKk9pnnRfXMQO7rG/U8geumxXp6XC5Q3qeZqv +EHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAD1w -KJkGLBSlvTDA8jJJaiVEJiWgdF9pz/QonwzZxArktb69nlZLrS6BJLQtf83IU3/n -l7Rpo7cWkSY6XpBEUsV0qemZkhoqon658Kz/8b/7QSL5ch8uHSY8SqTJj5OoJN6P -efJ0EKBciYbOWgwmdR1ywSs9rAoIFGrhuwJC3FQT +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAHhC +cMpcjXZKmjzJJQm9VepmbPizYXxR2KMOVNC5G8JH0/0U6TfIkdu+qF4G0WXRJEVT +44ePzwgjOK/7mmHMQvNxwtWAQhQzQ2JFxrQ7vjXGhqVFIm0fNU/Gf01300si1HUI +nwRhyQxG9IxIE7/FbT01JsWUxtHBHOHCohaEYSyq -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key index 0deebaf1a..3b31a57f7 100644 --- a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.com - localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E + localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIJiwjFZ552mACAggA -MBQGCCqGSIb3DQMHBAj0PuFR42ejFQSCAoBt9UrR6LOVJ3y5JA/6hTg9/QTzQ8Vp -o43rQ7VVYyYM4K9CcFgZlMbxTiHac0n2zqcy2cwewOULnUg/ddhzViU46pRWvY85 -4TPTKQETHCHc+/h3G0sAhb3YG/khFeez/kg75ZESpfhfaNLq2SMFjJ1K9JgztHYi -UdrVAD51KBUQhQCGG4p5vw+AL6+RH2Lao1U4T8r2XGt8Du4UemkBS/sE17F2xGru -axZ1Y/lkM0SXL2kYqwTFvb2XXtLFhGcMRxJbntNQk5HmweON+RWZ7EulF9f2jkei -XqZT2vzDDzDufvxlFlbjzS88OUf52oj1wdewwqtqA/Ab97ETAWCOcC02CdxIcaXw -Uyy5OWigW69TYQONgvY75r0l9hytR8wG4tujXUJOZWkVE37hzWFifE8AYLmf0Bog -Oinb/YHMYvJtnUH0YCk3pH+I5km23Jb3wxUbM0RCntvJso0ZGBbJ2dHpD2jAF2dK -wgNYA3FBTjSOaJBHw1VNo2npOOR3/9YephvkYlFQIvwn7M+QMmYwzYiSp/o957A7 -IqC1SNyDl2Mbw7hVLKFYAZV323zmnH48eWeYyVeHoksqB3b97zVnpVYhkwYZz9so -vNpFOaoVYyRZujRWDzrwjEsvxAvxCgZoRQETPuGHBIc32TlynNuWWeD3Uwok+Yq0 -U/MCj+7+W3jmy3gUeqU+eA5sIQcopp5pzUUuvxc/wgMiWvxokPRBQquTSri3Arkk -3uzK5Nee6XbkG0rf1fz9XBn+I/i6/m0pxGWkvAI2xoOWTEI2Tk4RkgwiMtNf0NrO -nMOum0uygKyMFLWt1oN41xXciYLMF2lfZgn+zTGJB6YU8mXETfs1BNS4 +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI+1fTTnzZeCICAggA +MBQGCCqGSIb3DQMHBAjtTHCBCPf9ngSCAoAVmQMk3hX9mk0xc4GhSQUW/ncAfK/N +WxlMvcE+C85Liy+ZNFIn509+boPd1Di4DCTcM1Q88JDAqGkeS5uv38pPK+c4EpSQ +Wn5UWx1ly0OYmebzGVgQMgF6pa2HBhbcEyAiWkvZX/9+ME0amR0glQj6N6G61TjG +WmRGjUqkPkYkKBSg5+HqlGJRNOwYWLR2R/mAw9L+zsPOVzyalfeyNDHOEMjWF6MZ +bWQRH79UWD7uC10652/VXpxua+myPQ4WWYBy3aYLKLAAxYfzEfZddnegrt+vK2zn +oSST1nwEKXRKxs3s6CMrEoA1wy7u8MD+YCSBy1ciXqa3Lf51GjOKJJzdbAblVoEu +5ST/OpX7ivqbsq6zHRulFqeeggN9Hoqc4CGKj+R4aia2EumMro3qNNCAJVrMHDIH +/ncXvAW1zU6ZlpP8aOjc+ITHXtOGIhCFa5+XP5/D78To7Jz793NZAG3yxcVgSlUV +rdJ2I4RqBEpOUdyAABbpHjocsey554gbv+0htleuwTTe+jXNuwMY1m0CCzPaMRno +LL18EXndjsyuEhhOw78wLUTLF0ZKfhBTvoa/wHr1ahzWTjkgvp5z5h/2WWGiGT76 +8dP6ZX2WyX5smXHqKfnpncAXeAGFdDYz2VPiRcj5pAN8bgrZF5b10rREP6BluLxJ +DmT719RyDcGLjR3vZzWk3yMXsnruJTvNE3bVufQ8uHeHJXLpO4tvxKQqJa4MbyhI +ZIdZsRMopmoqh6ZZUFtjBcF7Rg8GmD5xgGmRUeGDDm9dhGlmtCGhqlkrS4p50hhE +iZ1rYvts3vEjkGwrMyRBBDEKAmbNPX1SOF9IIaClV5MOvMEUrUuPDs18 -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp index e8760d60d..0363b8e87 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp index 42eafcd70..2cccecfd6 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req index 050b978f6..efd3ec215 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp index 42eafcd70..2cccecfd6 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.dated.resp index 6b8dcf557..25419ffdf 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.good.resp index be54cd85d..8bb7a2983 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.revoked.resp index be54cd85d..8bb7a2983 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.dated.resp index 34ca8911f..3991276a0 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.good.resp index 05e7a4672..70ff76ef7 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.revoked.resp index 05e7a4672..70ff76ef7 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 index 93ac81853..88f517bab 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem index 68038cdf6..2535405f0 100644 --- a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.com - localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E + localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2 subject=/CN=expired2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDhaFw0xMjEyMDExMjM0MDhaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbz0OWRqZiN1CDR91 -FskX0vqava1R6/9PfVFwD/7D6FpEVV97OBkDVORWbx/V/3yaeoT0TKDU3DWompq4 -1oIhfvq8ffKINjZEk9d3f89lOPomajUg3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SF -L7g4QqHHE/ZqbEm6YxouFZTT4QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7gLu3gydH924Hw35f +2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSUizcx83byD4Csd/rkHnVSTm3VJdpCcmXN +42Snj3D+F2+/IY3pLnWt49n3ivgQKk9pnnRfXMQO7rG/U8geumxXp6XC5Q3qeZqv +EHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAD1w -KJkGLBSlvTDA8jJJaiVEJiWgdF9pz/QonwzZxArktb69nlZLrS6BJLQtf83IU3/n -l7Rpo7cWkSY6XpBEUsV0qemZkhoqon658Kz/8b/7QSL5ch8uHSY8SqTJj5OoJN6P -efJ0EKBciYbOWgwmdR1ywSs9rAoIFGrhuwJC3FQT +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAHhC +cMpcjXZKmjzJJQm9VepmbPizYXxR2KMOVNC5G8JH0/0U6TfIkdu+qF4G0WXRJEVT +44ePzwgjOK/7mmHMQvNxwtWAQhQzQ2JFxrQ7vjXGhqVFIm0fNU/Gf01300si1HUI +nwRhyQxG9IxIE7/FbT01JsWUxtHBHOHCohaEYSyq -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key index 11b9c1d30..b0af1ef1c 100644 --- a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQClbz0OWRqZiN1CDR91FskX0vqava1R6/9PfVFwD/7D6FpEVV97 -OBkDVORWbx/V/3yaeoT0TKDU3DWompq41oIhfvq8ffKINjZEk9d3f89lOPomajUg -3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SFL7g4QqHHE/ZqbEm6YxouFZTT4QIDAQAB -AoGAH7HsNK+FlRzPpzP0bu5qoJHfSX5FkohwZb5Qt/OYj9gYUzc4D9dzk1vUU2r+ -4nUMXlxS1KtJtP5rmV3lfrw6OfmhTO+W71ytTz8ZzHtdj/je8d4aWNE8WqQfg2j6 -jHsieWi8CygWx4ka7U3UrxgX0nh0N+ioaqjPNgHvV2rR3EECQQDbbYdn+lV/5Y9e -GSGE09QccqPZ3sEdnp3ELBIzezvkSdA5EDIbzma5spSj8wm2/VIfCn3uh5X0A3ti -0WzrofjNAkEAwQHw+DRoI2vy21wSL0yQaM4Um1fITjSslmdUFZpilhzqFyZcLyyK -TCqRCmlqP2tUuLMWpWKxNpW0VbnX36BXZQJAOfJLzuaqC5N47/WdB3HVUwnnQVL1 -Frhbm4Gz8Mp7f4cKqPcg9HzmXeXOIRm+mAd/11iy9vnxXLZKsEb0B6oHhQJAfSVD -F8zzUTRnbfCPIfglEq+9ENSkXoEs/wDUtoU6M1dgOc53q2bX7XcUQIoFiEWR04jb -wDTz7w62tXchEDEpOQJBAJyZKsZn18xufngUMUjY/7ZxW5ndDI82Ek5b19eiKJ/4 -w2xcrO/s4E9BQBRKIBtZB7+PiniUduQIifA4AaUGGFw= +MIICXAIBAAKBgQC7gLu3gydH924Hw35f2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSU +izcx83byD4Csd/rkHnVSTm3VJdpCcmXN42Snj3D+F2+/IY3pLnWt49n3ivgQKk9p +nnRfXMQO7rG/U8geumxXp6XC5Q3qeZqvEHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQAB +AoGAAJl5xf7kikKj0MmhUnLFQHACChpLvTc+5DJcZ/HegfqSTv0JvbYHg8lH8/1F ++Q0EbhLW245sGGOOUnYRLXH8aWXiLZHL/Y/RHZf/F2MCu+8nB1n2WRwzJAiJFlah +heSPV7DzQdIdSl4CSBh69hLQKYYltbM+iihKfDDcn8nHKjkCQQDrIZIu3Sk8LW35 +xstQkNASR6u2IoMeNVZmvPwyCJGvqz6VXMGIxSGi7DWUpiXleFzFBUNCzZORhosX +yufpGI9XAkEAzCT/UdesO59lhc+DfezRM/yFc1IhBzbdYCrg4XsdGjfj5XwnDE4a +1vDSgXwFuRagQlqdAd6uZjcfsisFBWY4nQJAUIJmM3W2sMw9Y9EVvLhZBmlT+kFG +9Aj/VJ5RHDCi8auI+kuQWOxm4ApRLlzVjQTxfuSWa0FIzgNrjPIFBmNKcQJAQPWM +4QgV4CsKbRfpKYrPzxENjfKWW+tTaiR6xoUcb5lVRVLKQhogZEDhWx6R26GdgT/A +MjYfnJrx1QnnYR5z6QJBAL/xT2kJ2qnd1HTnJN8Qnst0qyFtM7A6CAg4KbT+DXhz +KQiPnjaJ90xM6ulBhFXgFxxZf17Il3D0oKgpIBD1hBk= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db index 8733aeea1..73e05e43e 100644 Binary files a/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db index 8aca12a5b..e2220994d 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db index 8f12d2ae6..d2c6f319f 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem index 896802452..e08a47ed1 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked1.example.com - localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B + localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A subject=/CN=revoked1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyYHbMbeVQ8dkOnPIfX -2g8umDn9cjwm323zvGSHrg272vPedx9sEdYNFnfci8J4K07izRlO3wzYwQYQX6Hb -N03uBjpkIHRNj+XK3QxGbQ33CnPWLtdBO6WUrMVJtIqQDjJCDoiKMaWatt5zFcSJ -kqy5cJSRnCEDYZt3c57TngedAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMVoXDTM3MTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWRE4+5vBjQ8HKVvG6A +P63xO0tLcyJqfWDiQs+1dis0POIH5U3UJ3gTUxgwii0Lbmm+f9cjXITGTEjifTOt ++jI4t7X2wOYNC4986xlj+OqtcwpkjByUoRiJUgZqkrjRqA3OLaXBoK6CJnz0Ar9W +XR+xSPTfS0M9erQ4u4pUptVvAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAPmeh -CHnTo0ibhhjyGp1rhblScvRrPTpNLipDwTp2qVVo1T47lwaX2VsEYByEP/cP/MVn -ymzifYvwnEQg49hLEFVoNmMVJgwwxcw0pAkDRCG9cQzYDLHt7nr2QL2/67kRexqO -T2WnHsi/6x3z6z0CWv/F0n8NkBki+9QKWzumpQE= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAfMKs +DF9N6RkX03DDgnHCSeWrGGTbkD+O2r8MutrHUGDVOkd0HNTH6q207Ro7PX5kqvhO +lboY6ZEvQKVNSfAi01i5Y5s6wb1DDv7DxHhcLqHwtdFBieoSlyWZKP2wO63g79DF +ApUPsvWWzYNNY00kw375TMgpKwWuT41Ku6su4eU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key index 293a15497..271ee628f 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.com - localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B + localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRQJD2Jy7lCwCAggA -MBQGCCqGSIb3DQMHBAgMKJPII3znFgSCAoALLJf1g9rfI6itd9sWFuQEgsgQPA/d -B+HEoEYZkMG9fRpn/OkpVVj2OKKnw0tzhOHvSJS9wc4PGkfp433K84J+GvQf9+pd -hilP7z8rzN1y8DGWEU5jyY4o7jFtF3UNTdNEJvv6w8HxFSf9Ne5Gnp3qhP0r9AQw -ulPHvR5UbIf0G7rkj1bGsUxBqazApaBmBr7tcY+9wuSRjZFNhr72e8cerYvYo3ow -I6kO+1dFGKEoBuOADGD5OzWU+cLBuQ+uid10IlctkKM/3ORlKSfutN8O/Qdbx+nb -TTTJHa+RHVp2dU1sxPTt4WXqvTjx4r5IL4LThqA7yGBBPBZHO6Wk2nCTRnmxaAkh -SE1FSzt9A2X90MEwteZZpKuB2IJwEJYLfqwA6woBf9EoSrMtlcCF8rX/EtVMD1ss -QIYO/2vdESAFTq7PuDEbC0Lgp0USZLeqTtOifHcPCWSr7d8q93zwdZpWPJF7EayD -mzpbM5olt3VdFGQrJDgx/lJqqROz5sA1+PkdxbD9lgAQA1CQVA6OdN2B8GcOuIO3 -mg1L4KTZ6lecCuq7uP4rC4TBU707gqurVsX4N6Y6G/99ChbrwrQ9MdkeZpBPP/hx -HtNwxQjnGklzcqPEf5n8Bu4PUnPFSFSM9lGy1ugF6AS5uDTOdoHaWpDpG5TF8+cc -2P9DnT1H28zqSkEmKp1u4WbbChc3h9KSFB2oKg322DLF33ehPDJr1yx42SNXmvcF -IhiJXk0toe+vE7TpW6tZEigpakLv6731ioUDBvUv12YU2OmLoK4zktjP/Yb/+DEr -J4UUmSU1bi0nS5JynQpnTQhgvN9z18neSp1OxL0tHogpyoQRnIPaRyfP +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxIoJd+wM7r8CAggA +MBQGCCqGSIb3DQMHBAjniEOF/iAnggSCAoCGcL9tpCttSP5YygyMiWoJAGuIku9p +VqA1arNd3rxsKTOWeBnl/c8+p/bbRCkQ/6/Ibf+53AHaNCazVdXWrZQqr8mUK+vu +DtIUD9at2Ke+rKmSyZXxQ6R9USnU2XI3OQtRou1h1Ba9dSd8YmbTAs9eTuwxeI8/ +0k2lD46LhCIulQZRNzW5Balb8GnvCK+qeIbFzFti8R8ofqA9/mNNTCxHa1ZiXREe +R1Wtd9GdRxagshp6VIm4huKaa7NPfDALaH6OHKtCh3ZmV4y+V/ZBpFRe8JHc1ppS +ZM0viEW4+upIGdW1wO1LC5Ncf9B2T4nH0bx9Ic2WP3EntTISkPfDzirQxpkkjqOk +6cn657OM2Yz8ueqsj/jFf+ah0+x+CeXQCMduZIVm6Us5KhjXW0uuliIegQzqv3bF +wEEt+Qf6hno3VmDVLfS9G1P+FVEJh8yIpvxJt2wtV8w94HeaNHsE4EFpc9GBloY1 +XjlMm81rNFWxUQwRd7pN004IA/WnUpBg9ZdC2zxsoympCbe+GrLnlv9XG/aCLYpM +0JneX5RjM4l+S46UgjpDgwsmkvtxdubYiu1O7b0btEV0pg0poz//PxR/MCPLFcrc +vuuj03BJPEVJkHWq+LtszRI2WMqz1kfHcmDVoWC05IkpIUYjd8pSv4tFkGbdaczr +3alR5o6UFRMiL7ziURnxwUlJvqxIy0533rTtdU42qUxX1fNfKTQXAABBhBAQME68 +vApjNrrTbr0FlEcZvGMRDedbxTWqvRSlM50FpiTLpm4+roSpKKOs150+TW6fXX7F +CC0y0s+NCxFawyi2BZacLRWb95OuZoVOLw34nJcpaSOc9uVHOS34KzAa -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp index 8ccd6d93e..3cb228176 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp index 3b7ac1ea4..3c06a8106 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req index 07d2ad223..2f76807ae 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp index e95fc4317..f5fe0ca4b 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.dated.resp index 4c6b97ce5..1422efe94 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.good.resp index df239a695..efbb9da11 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.revoked.resp index 321280de1..b3fe7e7f0 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.dated.resp index 770dfbb0b..752c3dcb3 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.good.resp index 5030b74ff..6e2c784ea 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.revoked.resp index 246743029..54464e5ac 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 index 256487146..f2cb65b65 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem index 5e5d00f63..4ba3317de 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.com - localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B + localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A subject=/CN=revoked1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyYHbMbeVQ8dkOnPIfX -2g8umDn9cjwm323zvGSHrg272vPedx9sEdYNFnfci8J4K07izRlO3wzYwQYQX6Hb -N03uBjpkIHRNj+XK3QxGbQ33CnPWLtdBO6WUrMVJtIqQDjJCDoiKMaWatt5zFcSJ -kqy5cJSRnCEDYZt3c57TngedAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMVoXDTM3MTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWRE4+5vBjQ8HKVvG6A +P63xO0tLcyJqfWDiQs+1dis0POIH5U3UJ3gTUxgwii0Lbmm+f9cjXITGTEjifTOt ++jI4t7X2wOYNC4986xlj+OqtcwpkjByUoRiJUgZqkrjRqA3OLaXBoK6CJnz0Ar9W +XR+xSPTfS0M9erQ4u4pUptVvAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAPmeh -CHnTo0ibhhjyGp1rhblScvRrPTpNLipDwTp2qVVo1T47lwaX2VsEYByEP/cP/MVn -ymzifYvwnEQg49hLEFVoNmMVJgwwxcw0pAkDRCG9cQzYDLHt7nr2QL2/67kRexqO -T2WnHsi/6x3z6z0CWv/F0n8NkBki+9QKWzumpQE= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAfMKs +DF9N6RkX03DDgnHCSeWrGGTbkD+O2r8MutrHUGDVOkd0HNTH6q207Ro7PX5kqvhO +lboY6ZEvQKVNSfAi01i5Y5s6wb1DDv7DxHhcLqHwtdFBieoSlyWZKP2wO63g79DF +ApUPsvWWzYNNY00kw375TMgpKwWuT41Ku6su4eU= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key index 95e1c9021..bc27cf915 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC8mB2zG3lUPHZDpzyH19oPLpg5/XI8Jt9t87xkh64Nu9rz3ncf -bBHWDRZ33IvCeCtO4s0ZTt8M2MEGEF+h2zdN7gY6ZCB0TY/lyt0MRm0N9wpz1i7X -QTullKzFSbSKkA4yQg6IijGlmrbecxXEiZKsuXCUkZwhA2Gbd3Oe054HnQIDAQAB -AoGASF9BinGBGmPHaIfdUS3ypr/VN++8Ljwmop2VjqiIkQmlaM9WvE6u+4rzM9UF -JwARcojTdyJOszHcxNR0tnqW2l5yJhKKEQ/3fOgGkQuqzP2KH6JESQiUsCQAbOyE -ncnnNFJ5UaI+8LB5SeT06L9EXQ6bqRVRG433Cs6/EMqlYqsCQQDrZGm7BIzzzxfY -DLLn91SyAlf/WXgM6tIMqYL6DpLWZlTGgXZeFuLU0y3V1NgMaj9flWPR6iO8vn1j -KX5aBz6DAkEAzRrexFY1bzHpQkrzbX75lUCSE3N1/JKTfMTq7x6FZJ6N1tyLHrp4 -1niwMHikazs5hjWlMsIZYTgPkjD/0XLHXwJAAitevhaApg6WjaswSusAoNNctEHC -1Xuki/FT/7H6sHco+Ntgl+VmGcgIeBwKEbM4+kyKKvkZczfeN/e97l56uQJBAMVV -iur/vp1jOfeMQTUiK2NMIr8QIX6GT9yFYTv684BhhDorKra/1i8TIwEfsaFx8+CK -kIyLbvu4glK3TgnoEqUCQDu6hMf9ppZ9jTa79LAmZnNQotAwYYMVrUwvfoEBSK9i -6j+27Ki18/saH9SJyYIrQSXEVgWLrRHu24+pkJ48E68= +MIICXQIBAAKBgQClkROPubwY0PBylbxugD+t8TtLS3Mian1g4kLPtXYrNDziB+VN +1Cd4E1MYMIotC25pvn/XI1yExkxI4n0zrfoyOLe19sDmDQuPfOsZY/jqrXMKZIwc +lKEYiVIGapK40agNzi2lwaCugiZ89AK/Vl0fsUj030tDPXq0OLuKVKbVbwIDAQAB +AoGAT+DK+bwH0kc3wmiYdQ1964snar+3iAKtg8kVp8VqAhUdTIW3rRFui2FzZQfC +GlJaDj1gyyhd0hcjpcRT2FOXEc4g489xkS/kOgeQPCFlwPN+I/PmZ1E3iDM7Qs4i +2XUePg2Zb+el4QEuBNWkVpU3btOy+8gQmao0GnRX9Q0C0O0CQQDN8NjE7cLIZKBQ +00yVtD7F40yGWnKl/DW0QzHbn+etWJ5xsZk17BiTHFXfEUtTzzYA79WsNFJX5j7+ +neGJhtONAkEAzc/bEQwF3KclOfGo5o8LGftbafME64QYhrp46R086jpuZR+mw3vv +5deBNgYwyswomQklAR9z4DnXH16klmrv6wJBAMhQ5FkxOAz6LCJSVaUsbP7JaE8r +PWeM2qQb1Cxf7tdjYsMOUAvuOb0mi7RtuwqrfEkPAJT/U7UiRdYethmypqUCQAW/ +NhjFwywkJq/1hYfamq7BDA5rUMnayGyKrHGl9Vt9AjQkrB1tSoeaeustRROEm+Wa +EcR0QmISe2VO2T2yAr0CQQCznB4IUSbabutzmEavAlwu45Bart2lDTm+WVq1+Tn0 +/fcwC7q50lB5yfnlJPuhWGvEZmluFcr8HeMIAZ8mHuPZ -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db index 4bd149396..f43b3af59 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db index 4cd46729a..757fb3c0a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem index 04dc774ae..ca60c8119 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked2.example.com - localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52 + localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89 subject=/CN=revoked2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDdaFw0zODAxMDExMjM0MDdaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH+p2yj4NWa1uzkvNN -E3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEGH6+VvmTgntn9143mhaYnA5moXk5bETXw -OJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0UsDq3EhNEw6+AKDBwT+9uD2y50X9UKkLJh -JshmcK0fStVWlExN1ytD0gKURQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDJaFw0zNzEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGe+/fQwDwwqWA0ysH +eTLg7C1qmbgu39qxlggpYqfD9FmphJnhw9fDwndeCVxiAtYFThJ6MtJgTV1R/II9 +4oBftgWT2LlvCrUK+3j6PjVHlpFSoLtmOSj0I4NBTcxofXH6Vje6pYruEOnXLhxK +Sn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAFbp -R8Z0SgNHSvM/NAjsWvrHHMFfOggViyNk9Z2TOJ3NHsQ/WPmWJfVobD0wS9JupDsY -i9J3RjmkIPv/R3bJ2zNrGZ0Vo26T8VW8WZV+K47jDhl8Yc6nm633qaIkvDUrQT1D -8ndRU/5kTWzsj49lU8uxzxK6Zi3anMKeucZN2N1G +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBABzS +kAeaoXMuHHyYsrKY2nuzP2OWi65kgyL6TngE1rDGySkhrgkro+Am8/z1uHzpwR6c +hfCMY/XA2LEfenVJ71gxTBHnIItIAcLN7ZJkLKhgOGMEupzPNZlUnqFwUpAhxtPy +0tIlyeKHR4hlWb1hs2z6PEqqOLB2ovvfqAxdqf9h -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key index 19598677a..ff49272f2 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.com - localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52 + localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIzQ9LbVmACpoCAggA -MBQGCCqGSIb3DQMHBAiQAqzjbeMJdQSCAoDIZV+TwEeKGLUd579pnH7rbgghDFZh -uBH+Nn/T4w2cRZzePbGLORnaLUw4TqwNj0wkT1z3qWvVAv5EDbDrOJiWv+AhUCsR -Efu1N486pkCnZH5YYQ+A1TKR4SkWgqVXdsg8YA7rafsz59i/HBm5aE95iV1cIuZS -PGJSxZxUZqAFzWs6P3tGe6bO87BrQ6BRqIgYaZu3TTWvadSMEbnOnsnGOu4Q6frG -4qEcaG4u0T2LnvcMDyh35O11kOoF+WxqnJSKnPuJtuyODN43e0hx9akNWI0e4LKH -PvQ2KREajv2B000SE+dIMoYR2r6et4+mTqkmmVtTpBhsnw9CS1I3WyDEJLtSIWs1 -EdIiPSRLWVT3cDy3TBIX8iTu6yTUk+isXPEUHRyUvSOdRjpYrQgEWhVuUBOgwo9V -FpS6Zt+JFR47q3VRA/3VMcDT4BF0viee0SFNwsgGKRBPdajGUpVuyxsrussirBBm -32/lmb/gRMqsDtuBz1gaasa8N0u1bIYzXBvwYGritLT2Ijsd/PsydJBNPG3CjYNE -BCABnMW7oJ5aEU1+fItj88K+d0WCjb6O0dV8DfpLxHyzQeZDJuRiRUBEDfyddl2N -3MixmChxb/p2jiznlxSPspqp3uBzvJYO1mx6UTy3tgexyknmZDFhmaenZbwLqcrD -JLjwbdvpgRE06RzDQVH7feNoqYlQl4LD/E+taQzBtBZuBSXZliLF20DlnXSoC+ho -/RjoBZMqA6zm+keHvisX204m5xa1xcwhVXJdaOqmfPpi2oS/3ijCScVLJFtbRGPD -Ch9++RCyfE/3VjtHQF2LpxeICIF5aZlrhNxzJHdfh44ZLv8Q0iK/S4GE +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIb0wALdeJZD8CAggA +MBQGCCqGSIb3DQMHBAgKGxPM9mU8ZASCAoCTwlu6oehSYz24UqwHYgk5EjZzaGKC +O2cedBNqLeuR2XONmnsELaFSlPgUpiPcV//AjuJapRy0Jizm8g+mKL95P6NNx61J +ha/Tr7ACCJnnD0HaqVx/2lLyjCS781oXrB3hSM4M9lsgL8XR88yw9cVly5PA6vfE +IICqsJWI7ZENYfmwJSx2Sbh0NhPt6S0Ps33l7i/0iPiXcIjJdDDdtZy6HSMz2eDH +apZlEZcEeUsZ42esDOnyB3zAFIt1I27ex0D5Yj/LjcSdP6nuxn87lqfppwciKSRm +8HfVFtpqb3b2M2Q70E/yNEND5BL00LZzuotEo7CMvTK37OQIJhindWE8Hk0Q8x3H +5p7cEKKclqoPB0MiXHXtPiV9j8Amn8FtquRYsBqJn8VQDum/7BCpduiMNrHaj0hU +6775q2qbC8A5JVbcplTerCuRHaX/DE3vjAIBnFmXm+AGwcu9j/Q6ZWSWW4mDO1UW +p77EHLHBkluFI0P2rhccgyg7O/31d48Lf2csS/rUKGb9B0gR0eumzCgLw5UCtD6y +2U2GWL3H2EGN1Ph3L5lOjG6PdS9o8u0omU23JtYVpRwEDwS/fvS4emFunMpH2X4O +9cmPAvTh0RwQIwcbG81dxhNR8AEa2GENwYBIuh0S9ZWiWB3Z+a2eXNPtzt28wPfo +sPeRnVuvooGbu29hzKuY9L8s+aqAYccqzrOn3Z6Qwl7VPml/yMxPjpyfTjvu5vxU +1z8jzzuCZG7Pn9wqSvQjSImUoqE+c0NXkFU0jA0cvrTceODNcgylRvwy8l05YeOW +uFmMzr+GCY2Fvk37BS+2yUetIU49EHLCXnzk+nsLkRG8pGgdnl1MTnJV -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp index f7cd813a4..684fb7a9a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp index bbdce3331..dc454be8b 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req index 96f16d588..3e2db6bec 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp index bbdce3331..dc454be8b 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.dated.resp index b772948fc..838cf031b 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.good.resp index 1152cceea..39f3cd5fc 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.revoked.resp index 1152cceea..39f3cd5fc 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.dated.resp index 40035ab9f..50e526ae6 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.good.resp index 3efffc287..9a394d8b4 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.revoked.resp index 3efffc287..9a394d8b4 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 index f6151cc72..910292602 100644 Binary files a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem index 7af534e6e..dafaf5713 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.com - localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52 + localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89 subject=/CN=revoked2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDdaFw0zODAxMDExMjM0MDdaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH+p2yj4NWa1uzkvNN -E3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEGH6+VvmTgntn9143mhaYnA5moXk5bETXw -OJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0UsDq3EhNEw6+AKDBwT+9uD2y50X9UKkLJh -JshmcK0fStVWlExN1ytD0gKURQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDJaFw0zNzEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGe+/fQwDwwqWA0ysH +eTLg7C1qmbgu39qxlggpYqfD9FmphJnhw9fDwndeCVxiAtYFThJ6MtJgTV1R/II9 +4oBftgWT2LlvCrUK+3j6PjVHlpFSoLtmOSj0I4NBTcxofXH6Vje6pYruEOnXLhxK +Sn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAFbp -R8Z0SgNHSvM/NAjsWvrHHMFfOggViyNk9Z2TOJ3NHsQ/WPmWJfVobD0wS9JupDsY -i9J3RjmkIPv/R3bJ2zNrGZ0Vo26T8VW8WZV+K47jDhl8Yc6nm633qaIkvDUrQT1D -8ndRU/5kTWzsj49lU8uxzxK6Zi3anMKeucZN2N1G +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBABzS +kAeaoXMuHHyYsrKY2nuzP2OWi65kgyL6TngE1rDGySkhrgkro+Am8/z1uHzpwR6c +hfCMY/XA2LEfenVJ71gxTBHnIItIAcLN7ZJkLKhgOGMEupzPNZlUnqFwUpAhxtPy +0tIlyeKHR4hlWb1hs2z6PEqqOLB2ovvfqAxdqf9h -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key index 173cdeaff..e0cc51add 100644 --- a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDH+p2yj4NWa1uzkvNNE3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEG -H6+VvmTgntn9143mhaYnA5moXk5bETXwOJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0Us -Dq3EhNEw6+AKDBwT+9uD2y50X9UKkLJhJshmcK0fStVWlExN1ytD0gKURQIDAQAB -AoGAUKTHiFTobWaw3bsyY1ApeuoyrWEczaLacZTFmmSm4Ccp1kzEAQixGY1kh9J3 -bS7KWf5mcRA6HFQffAj2O+/QqSYRh+FpqF7G+Vuy9EEp1DFEHBW5EVAuL4yv8g6Y -6b8w4bd1qegg/85teFQgPgLYjQUs9jyOwTf4YGeiP6cgLvcCQQDyBFbxbxNz9mpl -U4RfzxDZMALHlYrQPPOpHdM5veKYpHInGtpf2/HIqeRLiuQ4dadK4KSfHaUiVgc1 -hFh1BnQvAkEA04h+plOp9rQLBFcnr4fD0xR6/5GNigUL3CftIOJrGcOdMpZFMwNu -GDRqwLqwEe4k0yTXJJOFYkYW0ZgMPY79ywJBAOpmDZcUz7B2ryGoPANXV6gi+e44 -BhQdlJjtDBFWucrBKtZ5CZviOFDzSutngBa2zOqWnJqHadLRo3XP0qS1NX0CQHq5 -+3j2m2qlxKqNAlpls2iYvk/em7bS/LGLfJmSo7677k02QAm72Lk0WCdfaN3ORBE4 -k5YF/OIqdfy+cYOZnYcCQQDgWQddjHDpMTmGSIHF7LFvmOsxc8RvaCf/rbqIR4me -GTtOL3aAlwVcagn1Otph+abTL6PSNJQOe5kGwatGKcAn +MIICXQIBAAKBgQDGe+/fQwDwwqWA0ysHeTLg7C1qmbgu39qxlggpYqfD9FmphJnh +w9fDwndeCVxiAtYFThJ6MtJgTV1R/II94oBftgWT2LlvCrUK+3j6PjVHlpFSoLtm +OSj0I4NBTcxofXH6Vje6pYruEOnXLhxKSn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQAB +AoGAI6UXT2+PiC1Unp2NwTJVXkpb36SKjLR76F+KyK/kdA76WTSsk/xhT9EpMbSZ +qCpdOCesrtBYsp3CMBqaYzW9muGko3LchOCXVxMTp0GUQDNg51qZSTCgDf7656TL +mW1P39sqqPdabA6+SyjV1sKv2uvOPOvbK4Wipk+M7pqSjEsCQQDqoD8olMo7rdxb +D/+3DuoeeZepoMNUsXK2goWzbYuy4DKCEkXsTjg7RM+MIk8t+RNXXQvA7j6aysvV +dozFkpOHAkEA2JDR+X/idbwjGa23Qep01oBQzEMb38u+vdJFC0lKl8u2CQ471Uxt +a+ILOs+V+pxAU/GCSZNP6TgiNebCu6ld2wJBAMY6QWI942bsi0H8kGXPGgpJXNOZ +2a4ShgKg3+kqYl7sgH/YhG8T3vpkNp4E1rTWvXqQSD/micoqEHD3ShQatL0CQBV8 +WLiuLWOM5NaZW4MYpbraRCnfxpYvep8Oi3cRMGta9JZ1aQ5CZOC9LmwJSFHyypcJ +cOmnydfTj+FVIaDIrt0CQQC/YwxvWaM9zTasK7xJqNabFF+nFb2mfi2xhmguqr6u +TinTMeyhZR4q78Qg/xrYSQTilrZgwGaDp7ikVSwonkjZ -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db index bf36a5b8b..d2fdfb3cd 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem index 78033a246..8e63fba38 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/fullchain.pem @@ -1,25 +1,25 @@ Bag Attributes friendlyName: server1.example.com - localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46 + localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD subject=/CN=server1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk -XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ -3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI -MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d +FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r +d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE +v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud -EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu -YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv -bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a -3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46 -aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp -jdetILV31wGPhJXB6CXb +EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy +bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9 +2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7 +9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb +yl7Vs7CTftVe8Jh9XwdL -----END CERTIFICATE----- Bag Attributes friendlyName: Signing Cert @@ -27,17 +27,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -45,14 +45,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db index 869ae1191..1b5f36a4f 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem index 0c217a74a..6783c7ca1 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem @@ -1,37 +1,37 @@ Bag Attributes friendlyName: server1.example.com - localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46 + localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD subject=/CN=server1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk -XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ -3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI -MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d +FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r +d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE +v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud -EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu -YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv -bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a -3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46 -aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp -jdetILV31wGPhJXB6CXb +EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy +bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9 +2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7 +9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb +yl7Vs7CTftVe8Jh9XwdL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key index 11679524a..28b557938 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server1.example.com - localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46 + localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICbhwx2ULosMCAggA -MBQGCCqGSIb3DQMHBAiYrkRIOMV+swSCAoBerG3VHBlRrcYC55/infkD5/5+O+1I -tCK6keqj9CrQ8jo7vX6Rpx4Cy1oiNHJgo+tUGxsLau7as+4EhfJSGG08FEUZny04 -7Ve5WtSsufbz0ZALjk0R9lJ363rMxSAOl6tP20dMjBYGLmHTMt5+uJbA5kmhQ3ul -jPuhvVlfG+pxM0WFHglgBA/8OKyT2ka2ldhwHBBofX5LXc5QcbLmicO9Dr81hzbb -paqLhuVZ0GNrl1sM8HkifLMOPNlm8UlkLZV3m456E9HgDAgBxq12YAChz07njNbs -e6l6La0bbmLYJ4sVyRqNPzrMgricuxKranzpODA9+dgAuhjQoXGIWyarScPKdcaL -QXjZK0l9i6wNXaI5gYEEP4mJ6cwmoG/SKZ+DRMAibl3J/nvoq2deCM19mpJPAp+L -60Q3ZadfrLPUMquLMHMoJ6EOLsFqLoaFxjFzLSdOJoz4i7lYCy7C0/GDbU4xsu+q -55lwPflzOxDRXh6NDVuXeVevOVJr4KD3acvLqxDigNXpTxKvCQaS1uiy9UXSMCvv -Y6JEhD9HPjqRAzzssy3HkEP6IDTXr9X7JTyl0iENkxt4fERYG8BufrVMBEw1ELr5 -zkieo67RYv9OUfpf3kYFnVR3/Dkkpz3HVRhef/H320/8ThKhotdUUORRbOsDaZoS -ETLG6oTkGDm2TBRvdjh511gKUr+yTMxqRmPTTsym6DDVfggXV7aWE+ef5RKjbndZ -NjgD2SR1VlVn/60j+1UYoLfhOjw4iIfEShFlWiYHZd37B1tQappbzs+VXjkRVYix -DlxzzRALkOX2oisWH6Y9Fnq79k2t0LlY9aRA8RE6rPLxw3TgPnDLHgZY +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYGrq4Gcw4KoCAggA +MBQGCCqGSIb3DQMHBAg+KGahXoie+ASCAoAri89FemSuJebVOZnSJM5inxBeqLLV +FqWPjgIrpjlTnc2Vjus37RMwToxqo0E8u1oXFoeaDbn2S78JNuf04SdQ+sxBsFEi +wur1n6HftSyokdVZeN7I60HEscpYpGgodU0RhxdnvrypHpVLbi8mqwVys36MkF/W +e0achT07b5g7mOisy52cf7hVWnHVFuGWHGAdUL6UpUBhT2uv3C+0V0Pj+XqMDU7z +OFSqE3ctFt+QzXQDPtxesVH06JVvLhTsS+2wpLPt+ATny3W140K4mg69eaeHHEMk +VKcvnUDxr3ByuD6WoEyB4Co2oTJ7Zk0F4HvN/59uOo1z7Rq8Ex54ZW3FIjrV6xOS +6idg5D8DsBXN1tTQ1EWF1KsVufiH2cPkm8t5rAB9kX4w7NPYeYgY/V62Z93uhe56 +iIrPcBm0/dnVObkQRhk1DcaBL8DsSBlTP+jmb55+RVGJR3kGWgPpeCIf1qF5dG+H +qIluxf5BEZ+BE8mRcj6hKm99lB5bA8TG/MFFQdYC9i1z5rtcRpKp3HJhCXBWfhwf +D3VPpLp9rPXKXK4Fr9G/1JmnrExI9+PGlGj9QuyNizoiBCBF33JnoGedorbV2nFc +igh+LJf2Kc4GSRYGaxsTieYC4mvZ0OxUHcWkJ3u7kSDqqyvxqd9CruYDpj4s2iSg +0i3DVwerMK39qZhWoMLDBdI8aq/BVSItQXjPESuZb1YH1V8N06gmF6qjcRHaXzC/ +gUH6m0WMyZM3hPFSfXzb89aaLIn1UsH7we+6RWpoDb2a6VJke4M7XtcfM1KuAMBF +INmjVC6LoVQrA3zHydnmYImkHVz4n4KHCi31mrA+G/mj2vAB6pKQi/Re -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp index 1ae0307ad..e4a2994fc 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp index 89c960ca5..750fae3bf 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req index 56837f35a..9a08c91b7 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp index 3d978d4fb..2f51ebdd5 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.dated.resp index cecce7884..3c556b30a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.good.resp index 331db0aa9..6183d248c 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.revoked.resp index 8385415f9..e4d3bbdfb 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.dated.resp index 61263f98d..e3c7cae6b 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp index 34518ef2e..23d726d2a 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.revoked.resp index 801547233..9969c2718 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 index 3b191af3d..82a927baa 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem index 9562c3cf8..3f0fedf3d 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem @@ -1,23 +1,23 @@ Bag Attributes friendlyName: server1.example.com - localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46 + localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD subject=/CN=server1.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk -XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ -3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI -MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d +FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r +d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE +v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud -EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu -YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv -bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a -3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46 -aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp -jdetILV31wGPhJXB6CXb +EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy +bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx +LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9 +2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7 +9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb +yl7Vs7CTftVe8Jh9XwdL -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key index fb8228772..4fa103a17 100644 --- a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDngJusgfSAK9Q/AzQ1dmRc889OnZPeygQl8OrT04UXd+tvNufd -j0BruxoTfzyZrGYH3Zd1h1yW6HzbAZykw1nfNndiwaKh+NWMUIYims5pDSVldjGM -d23GufSAKzKBLx4FncWtMtuyG+8kuUt2UYgxEFvVdOEPRRl0vahXSPjwqQIDAQAB -AoGAMTC5I2Mrtk5Z15fRMKj682tU+fHuuTC4x+0UoLT5uz5edu+2PfRR7nI/vLPV -BxxEQ9iYdb8w89nrqceCZtohjq55WDWCuJUewZQyNSHC/v+Q+J9YmCnoU9SFX4gB -Kr8tU+I1LhlIzCBd4K/0iCrASN69L93G6IIrpfR24pBNjU8CQQD0rfDVXLPjpjA2 -8E9kaqYlfk7QL9XhAla3wRioqPDg9001H8KVRnWqbLmiGFCWn+sATZ2nW9oV9THp -6MFkjAt3AkEA8jaYCzt6LW051XpovqfEN9n4fAPDSAhMx4Hych4BlA2k4oLtTNqB -xh6fTY5PIkKuhH7vSiMnZSGX1vpGQrGs3wJBAIXfzg/PoxWBzougvK/Cspl9HH5I -TgvJDc2It4dAuFs+tF3GvN6UKLlQt9j62M0xPpFx5jq1xQOSnvbOxVHQVk0CQCt0 -nAa33w2zYQLp+UzrcIrMsoYdbrXHt26747GRrJrRb9mrv8NgGJRg/he+BniRGhpv -Y6Mbd3/vbPyG3oAsvGUCQBX/JRVcosW/GqF0Au6rd7pPS0HU6ebXtlSTb3Nd24Xk -uutI78VFuyv4ZUmj3qRxj65IoVCK2h3Z96PDgw1QbFU= +MIICXAIBAAKBgQD1QxBfmCORsysVGrvQvt0UX1ln6UyMR69A1RQqsxHBsNYvHZzf +jdgI9qUUYNLKlzGxZyFzgCcinMogCN/Nvit37GYXJpRX+8WYYUK43sDm8gL1gj94 +obkKnNjgfuUeZ5ac9JUmkY7n8h+eVccde0S/u5GqfTG35XNJKnTOVUJ82QIDAQAB +AoGAXyp6EHWym4bXeTVp2gotM4n54ZGLc8Ue8fub+yOHiM4KlbaaV74srPGzRVB6 +ikSXchwvxSbdSJdo8HwxBx66s2fLKb/XfntFDdUij36qmZfJjPElBPMpjwU1PYlc +mgIXIPGsicKTowjws5kX8SwB+dQFxDqO0LZEBlGq0bpl80cCQQD+Tm3LP4nIHjQM +YTllT2pcPIFoG+qq3ff2AJkcw94UdLuerb4IkDC1G8l5tqIXz3fJ6nyMAUoRIA+d +dDQmFq9rAkEA9uU3E1l0BLxtDYGtsJ6uGI9QYdtfc+NuhBIU1KLZyO43PVsKA7QJ +i7Y0PzlyeYItttsB0zgY7uPAZFXKaxfpywJBAPwKTSTohyzQSnOOlG0FRXu+995v +9Kd+MPgeZaGtulf5zc2ZksM37R5COO+pg4MnuyhifyffS0InzXIXLmwlhZsCQB+o +/QsKKYqB7yoQOwmvD3wuxIwH6ZGe1IkzGGC8EVlm0saXag1XhPHZh5Gj+D4Ep4AP +TYicZPYdVoqHRdG920kCQGVrR1boFcnMavhdlOUUIupDXldVsThol4jI0A82EgSy +0HoqR7W9I23uGOtAMGLJsITVNr67FixHyxJ5g26oXv8= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem index a231554fb..93e18035b 100644 --- a/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.com/CN=clica Signing Cert issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.com/CN=clica CA issuer=/O=example.com/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f -Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn -90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf -MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR -XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u -X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u -MTXhPAdr1Fn6Jj+eZy1Uv/yu +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX +4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk +EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk +xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs +RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf +gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh +iaEG3X51ApoqRRyXcSJZBcYN -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db index 26f197eea..cc10d01bc 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db and b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db index 380b60566..1b6a8c362 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db and b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem index 3fd06a48f..6f9460635 100644 --- a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: server2.example.com - localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17 + localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF subject=/CN=server2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275 -Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sx -lbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64f -gzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9g +bFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7 +ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchm +TbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97 -lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7M -xv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0 -Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg== +BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJ +wKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoG +ROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQ +gLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw -MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES -bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv -F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd -x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5 +2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe +eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW +eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu -amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX -zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ= +JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO +zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4 +iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key index 20886e279..b412ecbc3 100644 --- a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.com - localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17 + localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIaCVkvUUXUUoCAggA -MBQGCCqGSIb3DQMHBAiHwVLAkyFHwASCAoCvzbvhMu88cVthellg1tLg6gIhGaus -E9ieFnGgBEtuiKe6aZ7YAMkloEAZTOOMS0E4YAPOeKk3Yi9qRIngYpkSJHmx2FXu -Z5sxV48Rb8+V1I7IxcWt0aWuvfPf/fNHXCxNFAVjA6Pyv1we8qKuJ+eQhHE5GE7o -nwE2wbnIkJEQczGomuxJz1NpI6wlCWhr13n8CKlqctwhiUEqWQ6F6T/OJ8KMyPl5 -hQZunwLsnbPaXkqQS052RbDs8CpR7tTb6BiH8JcusDD4Tac4Tni1/A5ikgHLYeMt -IIj9ywBX4a/w3Q7rXvYWlePo5UHFaHwMovgITEfg0E/O2FRsOkNZMyXhhzWdxI+O -id8olki2dSq2QclpkU+KQZJG1he7cgw4H3uq999YWpsM1ZYYnQWl/2ygvOv/xQZo -3HHHBm1rITifu1PZK0Nrk2L0EGUiyJhyha24imR2sAlL4kfSj6sQe86DmdtQ4CJ8 -oLFntckhHx/WzEng8ZTBkl1VcmW2hQOAWLZ/fjidMTW0JRIVlsl1UbA8g5SwaSKL -yaFyVWksit5vPDe2hEHXZrJRN5xnto5vwKnkks4FNah8cJRT7Tvv13hQTNqxBBGk -YqJdPryEv7XAFpKvM5B7d8prJOTflCoPm5T4tHeWwwmE04OqhNl/lenbW4er+JpD -6zAd1temSUZVMne9X6uSQ7oRNZgoay1TeSeo0mPITR/iFGoGrvppupxY7SLRthxk -GLJS5r143eMfAHwtj0uyn7JMBaIpUBhqTFtncE2Z6bas1iCyGp6THz7r/Kci3zCj -qkOPVxen4rjqz3Y99ctQAvOa0npIYUe++9Oj8hEAJMZeqhxJEeijoykv +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIA6708poqRaECAggA +MBQGCCqGSIb3DQMHBAjxI7tR7pallgSCAoApDIMC+I4DyiyYAbZ0rp4FD4IrabLn +Vnwa/QMJ3b8oXVOD57zgJtV3hqRWQ1vjMm+dhW2UegFaFwluutEKTuijw25Vu6CF +CfiHf+3Lnf7l/3vjYJcLuP58BRMe6VcK3BWBbvJu/kCEyyYYqY8Z4bfR/CeCiNb1 +oOInQ2IallqhzJU4/DpSzTzSwP2gjMTRkmMtMhdiGV/OC4t1stXNuSTkvf6SrckH +4/LcLWyl0zf+HKA/VXdyko05XEM226BFX1GfhDTgLHMVc4Z552XYIdsXCJfwhNQ6 +IGct946WRV2elrq7YwaVFI6dTKv2Gh+rs5K4excypcFSEt2fE3DYsnVlsDAs/Lut +i8DOHktLNoULrqmSDu3G6bhQ9R2CAy46Jr/1qyN/PyLx7qdGQ0VDUlxLRbitjFJf +v3bV8xcGjDhmv1qZbUcBBP2ugsSk29mAXyyRF/nemggetvIUWqVduZyYVT/BYAK1 +Nag8ZzDhL0GWWXLky6hinDnhp6Q9P1xDV2Uz7NIPMiRXkW+JRsIoRZ1an+mbDp74 +iIuNDIIoonF48Wgj6uV0UfZB03zOM5lY+YtIkPBD7BFViWPBP7h0tDUyQn6Li0X3 +GabS4rws5YwSBzgqTIEJli4FnCFMFrWKdtdT3eBsbPp/CR4WszDgKgtUdddYLu+P +hfny8mEbftelyd66a0ufyKTGgvoC+Up9WVavnJEMaipIgOIQ33akNPrjJUOKBmUo +NeEr9bKaazZmvNfFadaQBf5c68OK0VIsyS//9Px7d39NcmA7pM9Z4a5fmWbFn59D +XymB042vK2hcuGBCx4B+Crc4kSVkGHah0LsmnfKBeMStKux+I1cX7FzB -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp index 20dda65fe..32ad1b5b2 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp index 223e57081..3df8a2cb5 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req index 0d068fd25..bad8c46dd 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp index 223e57081..3df8a2cb5 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.dated.resp index 6808a9692..b3302cf5c 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.good.resp index 4a0688372..1bc719448 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.revoked.resp index 4a0688372..1bc719448 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.dated.resp index c912e8eab..c7af3c3d3 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.good.resp index 45bf7a979..4af21f954 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.revoked.resp index 10dc884d0..4af21f954 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 index af92f2164..4d7263d67 100644 Binary files a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem index 9ac33c061..a36f946df 100644 --- a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.com - localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17 + localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF subject=/CN=server2.example.com issuer=/O=example.com/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275 -Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sx -lbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64f -gzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9g +bFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7 +ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchm +TbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97 -lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7M -xv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0 -Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg== +BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJ +wKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoG +ROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQ +gLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ== -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key index 5ba159d78..e1deb2de7 100644 --- a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCsn1cjNvzhKdO41E9u+WeON08c5xzu0f4DstmEoPG6L4ge9oF1 -nJ7zw+ySdfc0+HQF+8nGISSR7537qyPbMZW3gtdr9VXIvWrhrUnck34hROrB4+Vh -vOXkSz8qfQYddKBxeX+fzvKpeaGOjKeuH4M5EMMOmnS0yYTF3WLpuKWEuwIDAQAB -AoGAFRVnGq16KHQn4GDKDOdYXxXhS0ntDjxGtqPvDlRsAc4RZZq9CCTngyVwbRkM -ZwNbhGmS5OiiY1KtbJIkEH8XZn2d4SpRkGumIaMVOyN4iHuj7ALNXkTvcBT50J2J -YUjeIdjTTvj2AR3h3kA/4HMU10qvn5j5wXegKjTt1vFctxUCQQDeNsRQj0L6DKoI -d9HaDTpmSfiVEtsbtkclBZ9z38AVduHA6lv9hUd2I6NkAVPqJ9Nc9786ACtCNAvd -Y85rSMedAkEAxt5SuZ7TP64x+eWXgLMO36N3z4F/R7GWlGwOR1bKjOY3Z3CSb+5M -w+Voef3x2jshqOQaYSGsdOvkhF5aaYiKNwJBANnr3cSfanCsoMejMiLknCQaYPVZ -Q5W+wbC1/fT2NnsWVjkJ3OMYpMdgFemKP9A/9FGVCW0JI2NOhWA9c/7UpiUCQC7A -b3RB2WncGtWj2wUfkzySIoV+7Rw+rKbB7G1rAv0y1g2UUmjL/fIDyZb8U1I5moUo -8uao0vE9z6AqyliLB+sCQQC6aavxAR1ylgoQfcKLkZZu5PXzmyxJcWvUn74f0abd -crkYiOyNvh7VAiYsWDB2cZ/Bqe/VcY6qt/uZS5nA9Jv9 +MIICXAIBAAKBgQCqVQzFmJvrFIJNkrsvYGxUtUErq0CQDWtSOPtskIaivK9imjTD +g3kwT5vMIw2omtzlD1F8dHVMMxeaIurK+87U4Y8+rwLz8qu3wsiDuT9fRXUPD6NU +Hn8aD1k7ze4Ilo4dJ9RXqBvy7PrETo3IZk21bsa21PZBn0qpgSDxdUdKjwIDAQAB +AoGAGoE9iYnjyULZu+R3SDoC4XOK/paZZ1EPQC4pwY0DxlMCH5/LUhklRIU+wxc5 +SuE+Ok6V6X3dusvAgnWof4mLd4erej11dbPL0o9m5oUT9RYmajOLDHsM6sPgwlpi +FNMHi1iM0KRfwexu1pQ4jR8pXOlSF7VcXRPvHtmI+kTd25ECQQDhjCDtp8iCBVPE +2uv0FMv3yow7X26xj/Ah08jrDwsq+eS6NxX+ZZcbbBR4pcbw7adQ+mXl6q+jqfk5 +3TbqDddbAkEAwVRzvAq17TkIfGkNGhpN91/lb0UM4ogYfIUKlHBBa973tdtH9YNk +ZiXU3GeYb1adVjRRJff6msaGMHm0eQvz3QJBAJstsBIS2A8s3x+Xh7OdA2BuyOCo +nh4obAy6C4g+B28AE3BTKhynhLlnOQZw+FkXCYDbZnQzbbhq34ACRR/vefUCQHj4 +jzKqwQufFGBEm54pt3+C0d2+J0HYRvojhWs8krMc4YM5ot1NShVgtsDzUb7ZQ7od +ImnPsVAHyQ+sF/FmOUECQH/JRqucORx5ZrJUh3dkMmELYQXQ3n9J2hhbOvuv/7oe +BXCWOE7DqDODFARgXbqA7uaZfWmVKT4s/6AO9aDvmSo= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem index e26debdbb..a28c0b558 100644 --- a/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem +++ b/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem index fb8e87823..9d19239da 100644 --- a/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem +++ b/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db index b0a0fe2f6..2aa87e55c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db and b/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/key3.db b/test/aux-fixed/exim-ca/example.net/BLANK/key3.db index dab30bd94..9133b96b1 100644 Binary files a/test/aux-fixed/exim-ca/example.net/BLANK/key3.db and b/test/aux-fixed/exim-ca/example.net/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/CA.pem b/test/aux-fixed/exim-ca/example.net/CA/CA.pem index e26debdbb..a28c0b558 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/CA.pem +++ b/test/aux-fixed/exim-ca/example.net/CA/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.key b/test/aux-fixed/exim-ca/example.net/CA/OCSP.key index 081bef5d0..38b9a202e 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/OCSP.key +++ b/test/aux-fixed/exim-ca/example.net/CA/OCSP.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: OCSP Signer - localKeyID: 83 C3 E7 52 73 7B A0 21 3F 34 6F 32 52 51 4C FF F9 D2 8A B5 + localKeyID: 78 F3 7C 5D 22 37 23 2E 25 E0 FB 04 7C 0C B4 05 54 05 99 6A Key Attributes: -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANpnYhecN75yeM5F -IRsYNr79au1MLQ4FIudAPAsAFCj5AQ2dTq5na+Au807Tg/pNa/DscXsnMPusyEF2 -9tBOzGQjytdK80thpMgxPfZtknPJXs/09qH1AfuDNA5+d0wp3lzp+HIPZ+6qEsjG -gAzF8O3Hxn66tTh96su7+PeTvxGhAgMBAAECgYAFkOifmtqi9e1zLpDmhRddVoWY -ccpkyOvJ5GW5VyuUXBz3OhPvmv01WtX2o3ppvUoRyzFU0N/JPLbzb+jwL+9qln5W -hn8ZRAVQurdg+pIDjsv18uEf01ac7mW8HySG25gQh7JdEwBKdn520gBZ4HlzEKT8 -zT9B+6UyYSH1rfZYwQJBAPK4Gix/LFWlGbUZTgZlVt8WmUg8Py8hEAsnOQouzdCn -+ODFL45GXvIwUMK/KJUX4RWUoyNv4RtZLzm2vMfUPOECQQDmWq7toGkd95shGy/u -5WZS5KE0fQG7k1nVb2ja2lyekisJIpaNbswqN/TsYIGCcJjsBzov1fUx3gxAh3Oo -lqzBAkBwmkBqTEWBJisa/TZZeUIoFQ/flzOo5anPws6Pjs8k8ghgHprFYphBu3B8 -KLrnEED4BhD5K7o/OczS9Zf3DNuBAkBroeemhJNZOz6y418sQufix41DVz2eBaWu -AtZ9nBY2yZluNUkfYKvo9ihs4lLhPfdWIbJgc5qT6GrVI/U4yt6BAkEAsuJIERpj -5ICE0nhqM4UUKNuplmnW15tRRft0synrXm7fJm3je+sJoq5id3ylrD0nLAiF3yNA -UFclX4W55QENIw== +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANomNfuqsa1ahnza +wpXuvhr2NkfdzFXzZlL1NXZUcfQFV/h0gg0V/+OBfyvWiA7Gcx1g9nhREuHNaMDU +0K0w5C+gUChtEflLiXVnsYPDpAtP+SqjmbnqxH8sI/GrZAB1Ssgd8eNQiYvv+PWl +5BPNB2zocWfNwAs7SWWbeUtPeML7AgMBAAECgYAC86zC730fhVKF0IxsKfS1D/OI +CblPb/7InZbDixMy4qcER7d8neMtrvwvp6aFXCPH+YheWIxpwG+8ofw6XXVeMEH6 +TF93OmZU8b1nt/hjDi/hO8BpP6uLgdAbBQwhP9GJwtKjXwwx2lbkXtlMhNDzAjF1 +wVoAWwsbJ5HjOPnWbQJBAPQW06A7K/dbv00sYPPUGfUnmM1nmGxbt15NgJLh8gWv +9Dnk56vrluBVDEm08x69ymN543olGPRAY4USPqFBxdcCQQDky1d5BXtqLqqUaqVq +5tj4uY0F5hVLswne2x19/cTtE9XwbIRFjEUfFs6hwaz7dIdi9lbjpmb789vX74wG +xv99AkB6c9ErO0QtTfvEzZS9/hQfpwPDWEthYQm2546vIWb3b3RIbwvCdeg1FrWZ +bIvjSjd0fDuglWfVcU/7/FErOQH1AkEAj18NFX1l9QgBRLf/qJm4ZUSBJq0jsygi +i1BrjsQzXw0LB3o4+QwJVI4KNjsTlw9St6T+lfF0n3YU0Z/+81BIUQJALwXf4X5O +yHXXoXEKDKoRzduu2jzY8NtorkVwdroNa/Ey38cU7Qfq8E+yP+RkBoZBkC0GFYYk +uMDc6VSZR8FHGQ== -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 index bb3bcbc70..cf83d60a9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 and b/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem index b8cc1c618..b010e6c4e 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem +++ b/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxN1oXDTM4MDEwMTEyMzQxN1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY +MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDaZ2IXnDe+cnjORSEbGDa+/WrtTC0OBSLnQDwLABQo+QENnU6uZ2vgLvNO -04P6TWvw7HF7JzD7rMhBdvbQTsxkI8rXSvNLYaTIMT32bZJzyV7P9Pah9QH7gzQO -fndMKd5c6fhyD2fuqhLIxoAMxfDtx8Z+urU4ferLu/j3k78RoQIDAQABoyowKDAO +iQKBgQDaJjX7qrGtWoZ82sKV7r4a9jZH3cxV82ZS9TV2VHH0BVf4dIINFf/jgX8r +1ogOxnMdYPZ4URLhzWjA1NCtMOQvoFAobRH5S4l1Z7GDw6QLT/kqo5m56sR/LCPx +q2QAdUrIHfHjUImL7/j1peQTzQds6HFnzcALO0llm3lLT3jC+wIDAQABoyowKDAO BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN -AQELBQADgYEAUsdueNj83wgbyybqrEIeL8opnLTyX+hwomW2vqGT4+7GTCMKsJJT -fo/iC8O+t6aUt4HdiO3IBqtjibYxluykCA9AzfBT1GjMDp5Kd2FhTHIQq5yGACiq -YSJ/qNRL4IwZ+rC6q47OwdhFlvgwGHTRi5Njn6bmJ+8k2DN1hJVnkOM= +AQELBQADgYEAXPnZ7D7SoaGa8EcMXI5DgJwI7kH3Ww/9xa3/0aF0OD7dsw/qeW1W +2r04MuiGb6MBfNxa1njL3kSnCmKs6G7Ronpb6icFZq3v+f9LabhLBI3uz6kgwrI/ +Js4k0c9VlR18yb2xYY89m32HkRefAsBMjEiCv/xl5PuBLQ4O0gjkr9s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/Signer.key b/test/aux-fixed/exim-ca/example.net/CA/Signer.key index 7f0836301..386f31090 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/Signer.key +++ b/test/aux-fixed/exim-ca/example.net/CA/Signer.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: Signing Cert - localKeyID: 58 8C 98 1B 26 7E 2E 4E 46 B8 4E B9 F5 C9 F7 86 85 EE 51 6A + localKeyID: FD CF A0 42 1B 5A 49 F7 CD E2 2C 14 DF 08 5F 77 54 CA 2E 9B Key Attributes: -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOkttp796P+PVpTi -2285PNrEXM2yb40jK4T+wS7J9hbeV/RDcNRISCbQKT5cL6M9pjI0ONXsWDzbpzLz -/MYz6m9FQTwuwlse3iTzF06YsdwozHRPsmGkxcejZRkzE9NxmwB8HIkatxQw5hh7 -y4JXVpuAfM5kNKT7opMus/RjaFszAgMBAAECgYAw2zKl2naMwVg3RtcKVVhSUA1P -zgDAdiuCqKwKZSeKQBj2pYDJAcIYW8ogdklG7z5Yy4dTDzunuLAuJWADmVIXiuvo -jnX3RwpVbSm+nCje391A5q5yHv30GEVPjXrjg/GjEvkClZ5tDEdkKljUxIMbJyq/ -yjSYlMNPB6UKK28FjQJBAPbr2D+7/SL6gKFou5m7lwIAlNuynuxclZUXD7POlRQ/ -88PQyOdGABIKpLeWJNt2+ufq5haP3OLgzVU6XfXMXd8CQQDxwIPVspRw2H5q2N7k -+6OE9gxdr5koBtnGnSmTqHHLlMTWuFsm7C1Nw8uBq7N/XLh2raZARO5m5JVsq+sn -KYUtAkB1nIC0WuaH8qmyOCCjaSbUXVKKEtp/2tmk2gcwrgV0T8HcU2ZeQolmDovG -pk2H+3QnY0uVE5Eyv8EOB28Z1O4hAkEAh5XFWtDxV+jT3fEL8bkAGM42WUTmzQAq -m64BZ4MNb3RcgWCcHtRPBFJPjMZTwZarDkSN/XWrj6Gb/HrfQ/ORcQJBAIhfTkOy -DDTIOVLQeeP1hJooxPBZlisGzyUOKRgjeplhHfTRQ+4tAHdxcdgZgF1NIQgi2ofo -OqABIbFcG8z0FZQ= +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMKxk6+mNy/jmG+R +eZuRktKjLDBf3hreMUL33c7FMvyLGlDQrFjZtzxMtw5MD6neEfSmLY0nCKJZVCMD +0det/uz9GbK1cVmInmwT+a2QE0JSMfa6gbP3HW5W4jCrZyiVF7sl1DloKdvcPvuc +XL1s68Tn2yWMJuN5TY3AjUshpSB9AgMBAAECgYAD3vH3wQ9B1X2XYkYPsMJBi9r6 +Dz3kPNyv3yu6y7Lq0H0ydCOpFJMPENtm3l5FW1PyEEfBkbAbQjlpBM9sQVpbJPUq +bqMdEq2GR6/qNp/GOIS6oJe7uBzab8lxVrcUt0nYc1DFku1oTpI5MLlotStB/Ssl +oQdBmkuCgIXh73lxAQJBAPalNgKdVJojCFw8keUNTPSpr/qDnIWheM9VbU+DsPPd +bjEnBJNy32PNn5OZabAIsi3RqAMXSkMAX93NoYfCpkECQQDKE/GjAN8NzLx6/cQi +Fhl1UKWU5RQiMcg3N6rE6tkz4VnkISUsJb/D+r0ZvPSIb7bkQFheQMnUC2bbAsPb +oMM9AkEA249OeR1dBqlQ8+rnZSNl8hZsFXG7kCmhxc+iMzpj93KSeSbmp+uGeO2+ +tEHJF29mTetoyPeen+5haK14scXRAQJACTXNfptsjyl0sbpdNRyCvokVcurZ9xED +yhh8bQszKR0tRquIETILQnhsI/8rugg1csPIA0u6pzJ51qOSn7D9FQJBANutlC47 +4MzmhDPsXKyNM4bSfqByIHf+LbRLj8zIug6cyxmZomy55wCQbpqXUcg/W+i58ydJ +JNoOayt+2wuK4/M= -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/Signer.p12 b/test/aux-fixed/exim-ca/example.net/CA/Signer.p12 index 53276dc4f..1fb6ca85f 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/Signer.p12 and b/test/aux-fixed/exim-ca/example.net/CA/Signer.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/Signer.pem b/test/aux-fixed/exim-ca/example.net/CA/Signer.pem index fb8e87823..9d19239da 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/Signer.pem +++ b/test/aux-fixed/exim-ca/example.net/CA/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/ca.conf b/test/aux-fixed/exim-ca/example.net/CA/ca.conf index 9f6038396..f89e93d81 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/ca.conf +++ b/test/aux-fixed/exim-ca/example.net/CA/ca.conf @@ -1,19 +1,19 @@ ; Config::Simple 4.59 -; Thu Nov 1 12:34:16 2012 +; Thu Nov 1 12:34:03 2012 + +[CA] +org=example.net +name=Certificate Authority +subject=clica CA +bits=1024 [CLICA] -sighash=SHA256 crl_signer=Signing Cert +ocsp_url=http://oscp.example.net/ crl_url=http://crl.example.net/latest.crl -level=1 signer=Signing Cert +sighash=SHA256 ocsp_signer=OCSP Signer -ocsp_url=http://oscp.example.net/ - -[CA] -org=example.net -subject=clica CA -name=Certificate Authority -bits=1024 +level=1 diff --git a/test/aux-fixed/exim-ca/example.net/CA/cert8.db b/test/aux-fixed/exim-ca/example.net/CA/cert8.db index 86d163733..1d6b1ded9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/cert8.db and b/test/aux-fixed/exim-ca/example.net/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty b/test/aux-fixed/exim-ca/example.net/CA/crl.empty index 5c5a78b68..ac5cd63e9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/crl.empty and b/test/aux-fixed/exim-ca/example.net/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt index a29362bdb..94f20b071 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt @@ -1 +1 @@ -update=20161101174751Z +update=20170131185506Z diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem index 3035713fa..bd2c5aba4 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem @@ -1,7 +1,7 @@ -----BEGIN X509 CRL----- MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5uZXQx -GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTFaMA0G -CSqGSIb3DQEBCwUAA4GBAHJwzBzqjnhUHwDcUqCb2/V3lygZcDSYuH5bm6nMXTML -T/nAYYNEnx+vLvl3PoOnY3R4QOUfFO7IdW/Awxp9Pl5aARBMAqgtGdyEX26n/g5n -ayj9Go1CaaVhRP/2x2hnlvvyKvwGxrA0w7Fp7qIBTQXd71yNdqkAXwPjZ+IjzIdh +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G +CSqGSIb3DQEBCwUAA4GBAHNFzPgtGmXUXcr29O60RAqo47rUjgMgna6Se3uI9DDh +uKhuf23lrT8pEVtvedYFo3cuTO8t4LH6B/3b+giyboxkoAEbC1PA6aHGJC1W9DCc +xJenmVm5JbqEjiI3ondpNyvyOiLYX9J7iVMl1/XoW/dFI4p1reA8z2Zc1iDOvgzP -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2 b/test/aux-fixed/exim-ca/example.net/CA/crl.v2 index df8c59847..7d8dcfc0c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/crl.v2 and b/test/aux-fixed/exim-ca/example.net/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt index a488ee041..8384c35bd 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt @@ -1,3 +1,3 @@ -update=20161101174753Z -addcert 102 20161101174753Z -addcert 202 20161101174753Z +update=20170131185508Z +addcert 102 20170131185508Z +addcert 202 20170131185508Z diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem index 6096391ec..4098c4ce2 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLm5l -dDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow -LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN -BgkqhkiG9w0BAQsFAAOBgQCIo/iYs4nbqo6CVRT6JDlNEvsPqKtlqlE22bPMNZVw -smpdTlIk+MZ8bf3wH9TStOA7u1/9cKlE1eCLzXVjlKWevY81/Pk+aoJxlJMIBeRB -zbKKcF9WzuD/FxbueS2OfDUJqR/+cFMhII+1OF7WwGAZsBH3UwG2TdO/dtIER2vc -gg== +dDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow +LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN +BgkqhkiG9w0BAQsFAAOBgQCzAPuByn/+gsqzO6hE8JPs6AIPSK98dA2x2R7rOMuf +tAekmPym5wdfeEAISyxRSeDZbT9tbNcG3N7SBaZf/tAC6zdGP8lMqnYiSfkwq7ee +iVwLdAUxyusgPW4jmEKk5n7ppFS8tlaY+lmSHfnE5dCbD9Ol4fnyRC2dobuD0pNe +bg== -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/key3.db b/test/aux-fixed/exim-ca/example.net/CA/key3.db index 1ae5c4826..69821ef1e 100644 Binary files a/test/aux-fixed/exim-ca/example.net/CA/key3.db and b/test/aux-fixed/exim-ca/example.net/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/noise.file b/test/aux-fixed/exim-ca/example.net/CA/noise.file index 24a5a48ef..b66651f29 100644 --- a/test/aux-fixed/exim-ca/example.net/CA/noise.file +++ b/test/aux-fixed/exim-ca/example.net/CA/noise.file @@ -1,188 +1,309 @@ processor : 0 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB physical id : 0 -siblings : 1 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5424.00 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 1 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 1 -initial apicid : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 +apicid : 2 +initial apicid : 2 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.15 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 2 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 2 -initial apicid : 2 +microcode : 0x9e +cpu MHz : 2700.164 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 4 +initial apicid : 4 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.09 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 3 -siblings : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 6 +initial apicid : 6 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 4 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 +apicid : 1 +initial apicid : 1 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.40 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 5 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 apicid : 3 initial apicid : 3 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 6 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 5 +initial apicid : 5 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.27 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 7 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 7 +initial apicid : 7 +fpu : yes +fpu_exception : yes +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.26 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: - CPU0 CPU1 CPU2 CPU3 - 0: 135 0 0 0 IO-APIC-edge timer - 1: 1 2 3 2 IO-APIC-edge i8042 - 6: 0 1 1 1 IO-APIC-edge floppy - 8: 0 0 0 0 IO-APIC-edge rtc0 - 9: 0 0 0 0 IO-APIC-fasteoi acpi - 10: 496 482 486 468 IO-APIC-fasteoi virtio4 - 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl - 12: 0 41 47 38 IO-APIC-edge i8042 - 14: 0 0 0 0 IO-APIC-edge ata_piix - 15: 24 20 182208 20 IO-APIC-edge ata_piix - 24: 0 0 0 0 PCI-MSI-edge virtio0-config - 25: 0 0 0 0 PCI-MSI-edge virtio2-config - 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues - 27: 3075309 25 27 24 PCI-MSI-edge virtio0-input.0 - 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0 - 29: 0 0 0 0 PCI-MSI-edge virtio1-config - 30: 8 10 6 263048 PCI-MSI-edge virtio1-input.0 - 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0 - 32: 0 0 0 0 PCI-MSI-edge virtio3-config - 33: 2251 1443 1443 76460 PCI-MSI-edge virtio3-req.0 -NMI: 0 0 0 0 Non-maskable interrupts -LOC: 2930727 2337740 2362650 2473899 Local timer interrupts -SPU: 0 0 0 0 Spurious interrupts -PMI: 0 0 0 0 Performance monitoring interrupts -IWI: 172169 63376 48335 57101 IRQ work interrupts -RTR: 0 0 0 0 APIC ICR read retries -RES: 803394 677845 571916 698750 Rescheduling interrupts -CAL: 22684 11471 17545 1233 Function call interrupts -TLB: 82385 78148 78910 80389 TLB shootdowns -TRM: 0 0 0 0 Thermal event interrupts -THR: 0 0 0 0 Threshold APIC interrupts -MCE: 0 0 0 0 Machine check exceptions -MCP: 624 624 624 624 Machine check polls -ERR: 0 -MIS: 0 -MemTotal: 1785008 kB -MemFree: 255196 kB -MemAvailable: 1299360 kB -Buffers: 0 kB -Cached: 490764 kB -SwapCached: 252 kB -Active: 329040 kB -Inactive: 222876 kB -Active(anon): 28888 kB -Inactive(anon): 73412 kB -Active(file): 300152 kB -Inactive(file): 149464 kB + CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7 + 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer + 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042 + 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0 + 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi + 12: 201 49498 1295 1310 5642 1517 1861 1019 IR-IO-APIC 12-edge i8042 + 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus + 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi + 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0 + 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1 + 124: 7929 1965 1951 91821 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0] + 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd + 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci + 127: 0 0 88 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6 + 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge + 129: 725 32 125 185 13085 451 7280 254 IR-PCI-MSI 32768-edge i915 + 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me + 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi + 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0 + NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts + LOC: 33592 27812 28870 27337 44352 61045 27556 32668 Local timer interrupts + SPU: 0 0 0 0 0 0 0 0 Spurious interrupts + PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts + IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts + RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries + RES: 10018 4170 2813 2504 2970 1497 2333 2607 Rescheduling interrupts + CAL: 51614 26932 27696 38549 30005 38583 36538 38831 Function call interrupts + TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns + TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts + THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts + DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts + MCE: 0 0 0 0 0 0 0 0 Machine check exceptions + MCP: 3 3 3 3 3 3 3 3 Machine check polls + ERR: 0 + MIS: 0 + PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event + PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event +MemTotal: 15855100 kB +MemFree: 11478688 kB +MemAvailable: 12987704 kB +Buffers: 385504 kB +Cached: 1340144 kB +SwapCached: 0 kB +Active: 2943928 kB +Inactive: 985216 kB +Active(anon): 2204596 kB +Inactive(anon): 56576 kB +Active(file): 739332 kB +Inactive(file): 928640 kB Unevictable: 0 kB Mlocked: 0 kB -SwapTotal: 3354620 kB -SwapFree: 3353308 kB -Dirty: 2224 kB +SwapTotal: 7933948 kB +SwapFree: 7933948 kB +Dirty: 2456 kB Writeback: 0 kB -AnonPages: 60940 kB -Mapped: 18716 kB -Shmem: 41148 kB -Slab: 898272 kB -SReclaimable: 847964 kB -SUnreclaim: 50308 kB -KernelStack: 2656 kB -PageTables: 5240 kB +AnonPages: 1629696 kB +Mapped: 242564 kB +Shmem: 57684 kB +Slab: 251912 kB +SReclaimable: 179404 kB +SUnreclaim: 72508 kB +KernelStack: 6864 kB +PageTables: 29584 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB -CommitLimit: 4247124 kB -Committed_AS: 383304 kB +CommitLimit: 15861496 kB +Committed_AS: 8745148 kB VmallocTotal: 34359738367 kB -VmallocUsed: 149692 kB -VmallocChunk: 34359524352 kB +VmallocUsed: 0 kB +VmallocChunk: 0 kB HardwareCorrupted: 0 kB -AnonHugePages: 6144 kB +AnonHugePages: 684032 kB +ShmemHugePages: 0 kB +ShmemPmdMapped: 0 kB +CmaTotal: 0 kB +CmaFree: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB -DirectMap4k: 67576 kB -DirectMap2M: 4126720 kB +DirectMap4k: 147456 kB +DirectMap2M: 6608896 kB +DirectMap1G: 10485760 kB Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed - eth0: 218836605 3199144 0 95485 0 0 0 0 7359507 57561 0 0 0 0 0 0 - eth1: 29582512 268313 0 93507 0 0 0 0 30026986 67532 0 0 0 0 0 0 - lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0 +wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + vnet0: 32675 319 0 0 0 0 0 0 42342 546 0 0 0 0 0 0 +virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0 +virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db index c0d93a72f..70bb25cf0 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem index 4dd728c7f..2510822e0 100644 --- a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired1.example.net - localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9 + localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA subject=/CN=expired1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQyMFoXDTEyMTIwMTEyMzQyMFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOetOZ/lz5792Jijv3XL -2sZ489lHQBYdaC87pXVJ7xTedmZ/S/dlKA9DYuRmZIay+pCZwDIxL8OSKTbQHjKN -cXDOqVLzraH6VGjZPNjUxNrci23yoXC1GQkEcjSgJDU/kQeqbwppqr2mq28MK4XP -fPZnX726A9kOYi54MJN4JqDXAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALam9ms8TMqjajj0f4Lp +kkzchktMmqxsekP+x7juWbpWHA2jcu5k3FQ8uk6haYR2L5azhTugyvKMmUhs22QM +xLklebk+vJgsFDYD+Hp1P/KOljuohaIEemNf0S5KochyQnsVaRlYUGjnSnms3BTH +VoiUsmVgfTx+Uc+nFHyud90VAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAlW3u -wOkP/n3NxCdnmsIMPkUfsYhB2QwOnXTeS3X0Wkb9UETJxL/wyOubx6rV3BCQDk0k -bHlofR66DbqXkZ+W+LvJ4ibIaxkE6OpcJS3kx+twJ0Ii70tYPfoRcjAY4n+w+BIn -CbVeXkP8zop5pnIJfmauz63oaOkPa2fyUeq+lXA= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAiafH +LUsttmpVmeexSBZLTDznG7cn+TnqwtXrzcxj0R4n3qwdN/JwySsxTGBtBRWYp2bj +3GrEMxNZA05KtZ7dWWK2hib/Re8MqDoOEJmpgGxQAZ2i7qJdXGworodKU+dWPKDJ +URTK97yW4e+l/krzF0ZquGYl9Lv1qeL75xB0FP0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key index 9b705cfdf..5f3f8886f 100644 --- a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.net - localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9 + localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBdkc/9nuKRkCAggA -MBQGCCqGSIb3DQMHBAga59grlxIvnASCAoAOPMW/jpiJuAtqmJJFeFmeUz8ucX7N -laacTJjPGEXfmTNNsB/gBXbsEGm3yKSXIjcb1S62HFbdAbdpHdj0Usr9RxuBlcC6 -GcRdL3qt9YSZ/RuzFr0jYZbiqI3vB0N6fX8qg6Lp/AhZLxsRi2sAzdQ0cAHWP3c3 -6YpL0OTv0VJtqM6foAmmUwEU1xkSr1bcXML23I5Vm13OxkX1RdY1OyQqqJ48wyIY -wdtxBfwQUobpNZg+G4ioqXfv1ZhsI0UyxKUYf5wP+7noQgv/SWGe3IOMxLZp8YOD -lm0TMjB7L9QqzZlOT+AjkATuycetzPiYgxAey0JVvTk/An+jJqgDIkbeAxuGIQp7 -k146GsD4MiVtqU73dkZdm+ZsEl+rAbhjLgXuDNc0mgvqRBWr80PdBDWXP89n59by -Vx55mMCB+4IyiFW/PdsydC8fWZH0EIE/ntsDCjyf+tDHkBk7nB9l/FlRJSY539vn -PIaL6/7iCon+gGe6aHVTNtLJX9ICxFU4xFrhoprV4GBjCWLdaHc/al7kXKAO+3xD -y0IT1ousFn8IsPvAZS2Lkn9V46ok5mUJXoOwnBMZWsHXhm6u0lVa7AweqJtYhUIc -bdueSPVyblHDaXIUaL6oU0F5Y8DKDy4ZNKXRYaFrU9vT8g8EdwALpoWY38q7p30r -K7HvXmGrW2tvDIKNKrycnQO0M27av3zpm44Ch5o97gXGZFLFnsfOcn3NN/tr14IJ -m25WE5DIcxL5kIAi2/80PiR3Donj1Xco5lsx3aMuWAp1hkTC5PKN0o1oKZHCuXae -7t0e655FRJ7DARZW+qqfnBRHQTRxDrgMgn3Q2R0E+QlS1YQJLXhsQvxm +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9iAVPu6cdvECAggA +MBQGCCqGSIb3DQMHBAjfYK+uNUzfKwSCAoApd2yPxqavn4kI8V7+3bhs3VNKL+3N +CvrQR3uHo+UQcRRhgE/mMzWvVxAL1YFwW8y5SQ/2qXyeT7Rfvqx6iOvWWpHg/yIp +7FdwM83zCHgTEUGYTEzyhCbt4MZvvtf9SBhrqCT7LSg3oDklWj9xQ0BBBS1C5fY3 +g47WyXTButmUK0QTqENQrzCTm5QD1YJtZVD1zaWp6txUPCSv8zKb1HSZEFvetU6t +P5LdIfja+2ntqipiU6X53tN3RphZXJtquQH8oNLxwmixgDfHQW7+cPrZGUJ4MfMy +nJOWzjalg2/LT6P/LCxI4wL7nlVQvoT6e2DByHMnG+dvUN6DHTUzBTGabzVQN9KC +HfiNWtmsQlb2clcd9WKmuVcGRiI944o5PKjn2kfrzZqWIa1R0Os0Y55sOg4981nK +VsTsUNuc4ap3V8m+3MI3yTXD7nRwZaHw5GTdacGOWAS+7v+dm6z8sqB+fjDsgwED +3t9b42N4LmMEX5GrmJ0lE/3PqF3emYmJfbkAD6Juf1Y+jBRzEhav24y6p7dBwlPo +qrntYHRikiOlwMVJQ/qsLsJwz87VhYhslRpmERE/vp44uENGTu/1JomhGKDXpZDL +P+Q9iuGVAJihFF2AsaOEQxHEKMxY7bOmHjSoiF8bzloi2PHkwF9tZqdfRjoRjLnH +YEWTuJ1DvzWGskq+oy/3ywzZg3BjO7H5hD38ujdp/xNfsGre9yZYIr8VXXFSyPEe +XfEqrgjnAeAiAQgXiHOJXQGr/cwRn1wS1bZPJfq4P0ubdymdtkwdTfR189fmfQGD +AoUXyRdU+Ewg0ne40wON6LQjkAXMw7FPP6jJIC8fLfwhuXw3w1EBqD2p -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp index 0c2e60999..2d3a92c5e 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp index 4b9db77b4..f6f43cf5b 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req index fde5be432..8897daba2 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp index ed05f5daa..ed32fc345 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.dated.resp index 2d6e1c301..edd7b7b08 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.good.resp index 668919d74..fcf145ba2 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.revoked.resp index 777255b2a..506d7bb42 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.dated.resp index 038581e73..bfa8543eb 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.good.resp index 073b3c161..9a2cdd0c9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.revoked.resp index 233ddca97..a9949f332 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 index 05f122d29..a386c0aee 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem index b7a32db9e..296dcca3e 100644 --- a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.net - localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9 + localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA subject=/CN=expired1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQyMFoXDTEyMTIwMTEyMzQyMFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOetOZ/lz5792Jijv3XL -2sZ489lHQBYdaC87pXVJ7xTedmZ/S/dlKA9DYuRmZIay+pCZwDIxL8OSKTbQHjKN -cXDOqVLzraH6VGjZPNjUxNrci23yoXC1GQkEcjSgJDU/kQeqbwppqr2mq28MK4XP -fPZnX726A9kOYi54MJN4JqDXAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALam9ms8TMqjajj0f4Lp +kkzchktMmqxsekP+x7juWbpWHA2jcu5k3FQ8uk6haYR2L5azhTugyvKMmUhs22QM +xLklebk+vJgsFDYD+Hp1P/KOljuohaIEemNf0S5KochyQnsVaRlYUGjnSnms3BTH +VoiUsmVgfTx+Uc+nFHyud90VAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAlW3u -wOkP/n3NxCdnmsIMPkUfsYhB2QwOnXTeS3X0Wkb9UETJxL/wyOubx6rV3BCQDk0k -bHlofR66DbqXkZ+W+LvJ4ibIaxkE6OpcJS3kx+twJ0Ii70tYPfoRcjAY4n+w+BIn -CbVeXkP8zop5pnIJfmauz63oaOkPa2fyUeq+lXA= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAiafH +LUsttmpVmeexSBZLTDznG7cn+TnqwtXrzcxj0R4n3qwdN/JwySsxTGBtBRWYp2bj +3GrEMxNZA05KtZ7dWWK2hib/Re8MqDoOEJmpgGxQAZ2i7qJdXGworodKU+dWPKDJ +URTK97yW4e+l/krzF0ZquGYl9Lv1qeL75xB0FP0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key index 76cba4a96..399877118 100644 --- a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDnrTmf5c+e/diYo791y9rGePPZR0AWHWgvO6V1Se8U3nZmf0v3 -ZSgPQ2LkZmSGsvqQmcAyMS/Dkik20B4yjXFwzqlS862h+lRo2TzY1MTa3Itt8qFw -tRkJBHI0oCQ1P5EHqm8Kaaq9pqtvDCuFz3z2Z1+9ugPZDmIueDCTeCag1wIDAQAB -AoGAZOIfp6sw37D2MnGLm8XrPGXK+aB3HaoshfTZNdu+Cj5dHIDuGYqpCQx08bRM -rgMd7P2mnbShce4hmEbD/4tsC7kCGGtwRsxeVZyxklgpBXRMGjQghx32JM9jn7lE -0ZVILJlrKRFlUY96wAB3rjAefPqrpYV1d48fVUc2/ofXSAECQQD+xRAkJfKUn+wv -1ro/xwsITbCWLTL4Gl6LTM5pbEsrA/CU686A6yW5ku5CnjoB3XAz4e71fMepf3WE -GHzILb7XAkEA6MudfRW9Yq5HkKpkwGoSPBsE9ip5fszNDLmLxjAKI9IzLutSwtFU -Gh/0B4FJpu+xUiWgQTVozBwvEnKjmzvuAQJBAK1fASr4P+nwIlQzta7tDo7p/39S -5tp7Z1c4P0bykPyGw9Mz3OVSH+v3FvhyoFrgjBhiabDY5y5rNFdeKpw2tSUCQQCH -ST0+4hFrdai1U7C1eW8bawBZJpnwrIhFatbl2CksZA3GqI8yFIBxpjwk2Ge7EfTU -rnURMD60z3Qznleh8RQBAkBRm+clmkmjPx6ZzD5+3vX0lPa+Lf4HQb6OqgJpchDk -AkFnH61DZRdCX7DRipkhzuBlzK0tbSsl+labyfTY7g2H +MIICXgIBAAKBgQC2pvZrPEzKo2o49H+C6ZJM3IZLTJqsbHpD/se47lm6VhwNo3Lu +ZNxUPLpOoWmEdi+Ws4U7oMryjJlIbNtkDMS5JXm5PryYLBQ2A/h6dT/yjpY7qIWi +BHpjX9EuSqHIckJ7FWkZWFBo50p5rNwUx1aIlLJlYH08flHPpxR8rnfdFQIDAQAB +AoGAB/2u/8sLf5iiO0c9ZlLBQwe7tvCkGkhWrC+XlJhxg8ytWM6MMAuyByUl3cnM +wFvBVIa/HNOnaxVKDzPAAJUP2nYCVKUhHT5H1/ifG+sovO7K3KAvUSgthJMFIQwp +urRAFAI8ItacZh5Gwf6VEIw2Ivpt0/YRBfT8q1wRzLKrVVMCQQDfI47B/sCROF7X +PDpCVih1o9TYRQnB1n8UXZ91oYUd9/NNjM+qhcj+vvxDoXySWHTRHY2bZyY37qkc +NNWCttubAkEA0Y0JgZ3Jk89p7LEHdawAkKvXd9vP7HvC1BjbcdGSggs0OfRCv/2r +QelPlxCyBiieEUBbXdxzhq/ammhmwsBtDwJBANfWzEMoidqu3UZzMqNyNca9R6g+ +95YxRlFL0m/1Yg9ABW/RMhrvOCH6WYeN0DK7L5wLayuUFirqR1hKXvEGsdsCQQC0 +bBWyRxPnMx+FjorYsyataXeUmGr2tzxxd5GB9yqI03K9L2VFfvi0QFipvdM54EDw +o5PHRecmIUU7ywYnSpzbAkEAvmoueUG/+ZtS0QFzAc5X4qdZBPhHXZqPzG7EodrP +9JxPzbtd5ydroRoQIEv6t9zlpRVDinMzoeCA6fbFbsrdTw== -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db index 32cae78ff..e6fdf8d56 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db index 8487428dc..be6560fc6 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem index 9ceb8fdde..2ae07e26d 100644 --- a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired2.example.net - localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95 + localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6 subject=/CN=expired2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjJaFw0xMjEyMDExMjM0MjJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVBCb/zCK6rPCw1M9n -PBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8HoIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir -6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez7DdIusFZpwpusmhbwl2PkFF5+w5xRN/p -mI+AH3EDLeL4e8rGEDjUlYEHBQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDRaFw0xMjEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzNkxwec9ojJFsCyEr +TAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTa +RgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTmI+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7 +kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAK8/ -DlZCyZtARfYN3wRLvn5QP397KqugKDRSGW5pQVsheBPCe5DPnZ6XbL1DWQgzoAA6 -kRBKNm5l9C5lOtzcD0h8OmX+GOpHZyVF4LGKTowqKeS79CxqOCzYvOsOIfHcI0AF -jARIiZn1GzMKQvrf3Lq7ctrs5M6a3GCsbr38rvlr +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAKli +I2LORJdRj6SUnyA5wnuIIJ8hmCur9T+IfclLrsUOFixrGd7GYkOKkQgulErZth4e +cz2IQvc4dsR/moJxiVJvcgRJ+bPSI+K1jTVuZo3RY7N+kAMcWmiWNWlvfx5sQy91 +jkCpTUy+4I2Uj3iRxuQK6iGKyx2t7RH495VfXn5J -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key index 2c6212ed0..3e122f97c 100644 --- a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.net - localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95 + localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIo+Z1MMAxXMUCAggA -MBQGCCqGSIb3DQMHBAi2sn4DoRlq9wSCAoAFcaKcbpOKq563nFJqtRUeC50PJsns -uRnK54IDJV8FyiC1k4YRFuyzD6v0p2CyNp7AG3bBo7CvMCcVaPZQwU9QB4/m7/VQ -9BWHjJuNyK6Ea4T7j+N2mnqhKTUDxgu3uSMgjgykkpiduCGVXetabt0GNWLs+zNh -I+NESGFS4E52Lec4g5kBuCfDOR+gAXV0Gbc8/MaHygAR2/rtRn5Nc+wutKchvCzx -SUQFiK6NFnCB5fuci1A1P8nZckk9ik987f/lY94EgWVeXy36Dnjk7S3l7bDqAwVD -aglrZfXarhts4VCj0JfHKfZ+Dw+2Nl6LZzaTEBeGWyQ4IRZxn7c5CQv5PtK22oKx -00R9YIaEwKnkLqwhxGnOL3isNixuMQsHAvBvzf/3rRkiN++6NlWKwF4ULcb9qm+O -k/KEITJbFxhOogAS3aZmXD8NeJPzbQ8CTrJGs5lT+xatb2pqDC/9FpYcLSreTWNu -3T0EjfRCOmW5E5pPlpKIFxRUd/U0tHC26v7mOX1nTCnrzRVQALliNUnDCXDKsVbQ -QNrkUwdSba7SrVy5Gxrd23mQriJRA082pA7fZ/P8hqKBneB0xCYMdsd2wOaA8ZUz -OxvvIcEOaAjDWVOYoi3TKBYxhaLLFFbeDITSAVSbvqWXWzWflPaAfAU0jkSK4mHb -Hj1wnmCexxO/Kv9sYxX1Hq3b4SrrpywWDwCR70AewdcftBp8tw4uV5A0EZoEjutA -pQMxFSAPdQ/vBmqLNZzYQlcbhTY4cnIEnlfG7cG458h2pUT2wfqYaBki/Ehjl5Yq -R2foB9GcFuGxNTsUheREjG5hQMHLaZISpA7ZZPkLpL+ffrNZr22lQDq6 +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIX/6iAvJ+djQCAggA +MBQGCCqGSIb3DQMHBAgCbjjMCQenvQSCAoBe+ruh68oZ5C59n0MZioRk71eDPokd +vVl9WuJ5jC7h3Zo7ELDl0GRGUxunULkGPsUyj6za/64OALKIcrLbdWnqfVjssF60 +l8TansAcp0ZwWcK1BGSXopYFNSUdrZtW0l9NSLp/rBvtvVeT74LzZ3GY0QN/IA/o +9ZcmYM11XKJU8dCTJ6AZ7xnBDnJWDrsG3imcBdWDKLORhBrRYyCDgUVwc5nT24gS +uOhUV8PzsClUglGVSeXbnUDJRwETG/IraToPjxUi/YS/MJVXecHCeR0kDRb4dvMU +BOQ1Gn7bbKpIfaCJgLBiCGzBm6AIJ0NTQnhovBm9N6w22DssGZ18P5EjDj0ppat+ +42YMgH6CJE6RPT4CU1NvIthe8mhYJVVzXEStFSStF2igxcj+4pTdx5+mz8EnzFch +M99vzblIivfh2CnR0DJceQf+G1WFwMqu2on3VEqYEyKYlFTkan8QkbCz21eI4UsV +IVqlLurlGbIoDYK9ttBN8YrKFVemoE1lrZVQj2aPHIoZCZ2QQxrQYxv9B/BnnUOF +3IUMGgzdzvs1VwH2SBLHIZtb+8LrPkNb0gtEPuHJKA8yZUobARVWaeaOXaxz4BM9 +RUGM2AyFnhIhfrZjinT3RShVjCkVTTng3JaJDcqgmHIeLGR/J5ZRO/bTyXMHFAly +ib7QjkgnxAo+Bv+UHO9rCBp8vVKg1Digq4PnNVosYRMOz8Ew9U4/gnbAK2qkrY8h +yqSAc15kgEU3ezSkZnsKqoqXMA6CfmtXAUNWnPXsdCDfcFdr6+BlP+uT1n4Agacv +inqxUoOHAn/nw4NQmdwAzpDtIlFCJjT18uTVhDknDRF1UACzR1tsCA3g -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp index deda60206..af61419ee 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp index e14739606..af3e08231 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req index a11fe0573..32e07d186 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp index e14739606..af3e08231 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.dated.resp index 594bff309..847c9cca4 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.good.resp index 78fa4ad40..fa2dfdbf1 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.revoked.resp index 78fa4ad40..fa2dfdbf1 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.dated.resp index ed31d931e..e7ae2b9d0 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.good.resp index 2c7f98a87..37eca0e41 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.revoked.resp index 2c7f98a87..37eca0e41 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 index 5798024a7..0cdde0250 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem index 385a44de1..ee3b22499 100644 --- a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.net - localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95 + localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6 subject=/CN=expired2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjJaFw0xMjEyMDExMjM0MjJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVBCb/zCK6rPCw1M9n -PBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8HoIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir -6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez7DdIusFZpwpusmhbwl2PkFF5+w5xRN/p -mI+AH3EDLeL4e8rGEDjUlYEHBQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDRaFw0xMjEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzNkxwec9ojJFsCyEr +TAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTa +RgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTmI+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7 +kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAK8/ -DlZCyZtARfYN3wRLvn5QP397KqugKDRSGW5pQVsheBPCe5DPnZ6XbL1DWQgzoAA6 -kRBKNm5l9C5lOtzcD0h8OmX+GOpHZyVF4LGKTowqKeS79CxqOCzYvOsOIfHcI0AF -jARIiZn1GzMKQvrf3Lq7ctrs5M6a3GCsbr38rvlr +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAKli +I2LORJdRj6SUnyA5wnuIIJ8hmCur9T+IfclLrsUOFixrGd7GYkOKkQgulErZth4e +cz2IQvc4dsR/moJxiVJvcgRJ+bPSI+K1jTVuZo3RY7N+kAMcWmiWNWlvfx5sQy91 +jkCpTUy+4I2Uj3iRxuQK6iGKyx2t7RH495VfXn5J -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key index 45271166d..e6d853e8b 100644 --- a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQDVBCb/zCK6rPCw1M9nPBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8H -oIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez -7DdIusFZpwpusmhbwl2PkFF5+w5xRN/pmI+AH3EDLeL4e8rGEDjUlYEHBQIDAQAB -AoGACrYgPemmb2ul2MaCvWa0pm3Y/B3+b/7dlktEImmHWm+ds63Sr5f/liTMuIII -Nwjf2QRRPuVoeP/q15aBa6rbyXHbDjTkKrqFhOTdoEIuwJUK+XFXjY6nuNGlDgbJ -MGt0zFvnc0HX8w7IF+UswicZwP+B7X2vvCkviASAJEEEl8ECQQD2t3vx35ssXZry -SDizl4REmAElp6nIay1IKi7PxidiwZdjA9I25KIYxHvq9BRGBFzT2Jo9JYpZXgrh -q7DFJukhAkEA3QgLsKQEztzSm2D9gPbXvLqnYep3a/sRW/60J9g/BtjFBFx8HNsy -oxVGx5iId6TN0zu8XJVbuuYhwg51y2RtZQJAJPLvzhaV77wJE5X7X/ImLfux2EjW -5ZwfiPpATn+3sFOb74lH906gdCMhB9wMGTxYBqYe219+68loycljzPL54QJARPFv -hAeFIGksoB6etA1KuamW8CnMWjgT8BgAZbVD44TV30hhxjZxEwFd9IAVgQw8zziA -xngoBqIlwXv1Lh4DKQJAd9TcaAxoTOwxcjFwo6bQzAMPk3DVxcBK94M/s54Bd9iu -Do79WbyY1PwkfGbqm0ZU6hQ/ebQ8VpN0aps/plbKCw== +MIICXQIBAAKBgQCzNkxwec9ojJFsCyErTAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL +9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTaRgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTm +I+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQAB +AoGAImNPbJ+7EE001F4YWcYHnWWQqpggSSMv3GArhtBuLDDQVSzxx9hPWG7QjEl3 +T7aL8nYE7VfBoNBkUi4okKexX79JJM2+05EdYXIm3aYjA+lwgESIFFNr/TxFHC+E +jFCRmhddUYPmUf5lbs+6ICvPyKTVmShfLb8R+j6gKeXcljMCQQDiMelc2eBM6waF +3MVemNAqiPpgntpOKJPuHpSnugGDHMYO1Al+mmMLy9ru8G2htOy/RCzdGefhK9Yv +N2pSEMbvAkEAytOLZHcDeX8j8AgPydkfkHE4sQjY0fiSHBY7O3FU4hQzeALXEfQ5 +f99uLVRBP4pndiXsbkJa/DvkIvEU9Z+YowJAcJeDn9JcEi2TC6L/I71RMTsJ1np8 +FBeiuw7B1FOEWS1DcTIen8RdtQt+KR3IlIuopPRcmJpCkBTwAoTFCaCMRQJBAL3w +f2A05+cWflQhaI+xKhL9RIbdbxaq/kEZPJz9E+2n108y8a+Zk2NBnI8MkRHtDdih +yRi0QTpm580lEWi37ZsCQQCki1fxtuErImwvdQhnuGyZWu/2v0AhRlr3w3QLgs8Q +Gcwpvv56og8XdKqJ+ZHjuxfbnV2X9rXJ12ywNaQtxZ5I -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db index 0d1e29940..f0d8d1904 100644 Binary files a/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db index edf55a6d2..9aec4e267 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db index 4a77acd45..5bb055ca6 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem index 66706013e..cd6af40b2 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked1.example.net - localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE + localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0 subject=/CN=revoked1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxOVoXDTM4MDEwMTEyMzQxOVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1WXW0S7RgmWV4aWaOU -dgKR11AozRW4lPaV1RBuES6KFpf3UaAidXB4b4b+GCPSm/ipkIuKgndhZLF7I+sw -fRtxCivf2Ma0DHJsY61ngf17zBP65nMmQAev360R6plasC84mjVZeYtPSpy/KUgY -1Kfg2PRTMfPIPmBvaK1Rx+Q9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwM1oXDTM3MTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrqKjZH8h3OBLrGB30b +KJNKeJq0+93l6ojTCdaCRY9/LaTrHMcz0b9STUJr40NtD8rrfrqHT+u8LyiBFGPP +WXtau5oPn0nwfPCwnMCqRL0JHP8rcNjkJ2IrVMUaxf7ESt37gP9HtY107W/M65qM +I4L8fQKSFAOE9S3mDOr5LwGrAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAB6xH -EtocDYao+0eNrhKVnr5KZ0U2Ll8GF+xUoZrkDwXs1o5Juue/+1B4CPcK2UlqH1F2 -UDH40fPCKzdZeKfkpvU3+iqrht1ThJf6AOERqoqFCfxmb/Zvu4YgACkCZezlyCfK -IbLb7ZU0lAT7wu4/T3bxKp7NdU6QDEoQq5/NgUA= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEApfi5 +vZVllEdnt9Ak/2SGu7jNuKWegXJaO9L04B3Bjdr+KMM2lRUSEkWGHg/KIdIPsOC2 +rH0ThzwFBq628WXf+1eD2KdSMK2YMrAWXV9Xt+rIjz/NT8mvjsl0dKU13gwnptqs +cgOCEUY8hm0LET0p/0NmyRwKqZsvqDgoNEnHzuw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key index 5412c8a40..d941be809 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.net - localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE + localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIT4DkRKP6XOoCAggA -MBQGCCqGSIb3DQMHBAhTQIh3a3KSlQSCAoBB/GpPS7kNKT+442dnPS4BXbT3hxg2 -9/tZPRWHKIYh4aCzu+QQbjJ73jLBmrjlwTHyaTJYuOTHxMW5rnji8U+2hX3pSBgi -3cBmcH8pfsx8IC0Y2JyM65tJItCs8Uh3Zp6TKBddc5bDVbKrC2wS8xvm9QILJT33 -Cvm6oC/3HvxmnSHrpm8Mt/WhwvYY1SlSueGrQ5iqFnqtnOmMicKQiieWpw2b5++v -OVmHsSbuh6gfTPCVovM/Q0wsGzHRrYbyHVoUJFTBGDlLrSru0pOHyDpQHfTTfGF/ -EFClCgcWtu3pcXpyjCdsvzuawxQVFyTKTojxNy0TLNcx+4U8kma+1kFPn2+umFlp -VN2tYfOVDOBHDft8kthaQfPhE9yQo+CGBE0fqpxCteXqoObFpQnn+fR4L2CUPvgg -+WZcLm3ig6WNhSjx1kQrp6OEALi0oCLZGKmOs1FyiKv07AyrsuSaBw1k4cHWgn1f -LWvF1ndpgRCh+WFGrjYkkKI3KU+4EFRCqUIPFruALtUSymuThbvyJY1lut5MilmO -t3WGkvfIEQhrSN58lT7eJcNn0m4GTznRITc7pJ6N8jNnSKFRzTUJ/auWncDvdNYh -jEP/uEn9aOMjS0hHGYzl0YPsC9ryo1XGEi9kh0TSI/UVP06GgAXKYl6awe66l8pJ -61dLP2O/Pim3FeRcGVBPA6uBdPVx2gr048FgcrOSX+KTLA+bnEJhMGNuUf85pKvD -jUlYG38fypfjQk8eQfJiuMpcipT0aQBxHeRvdsygGqxkzjOFbYLVmvDhw5xR0Aml -K3tZHz2mD43xCfn1d2H9fuHj45Xabk+aDY4p2gP/qsz2SiiHXb6Ytz7x +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIWBK2hryEVlACAggA +MBQGCCqGSIb3DQMHBAh9wEe6UUaoqgSCAoA7ZNT4mYD7fU9qRc7DECUXO5q+VmFm +H3rmQOV0npaSJb9EVF1/ZCayzYpCAV7n0rXkXdnDY/j/jACCMa/EXnRAp5v0z1nC +U3q48FwjBXyJpUiZsxq8py+8XdQrILFxNO6gELahmMU11ZC5Car1UunWYTZfVr+7 +MpP3PE9KqqTrrIWlUDj7b3UuMIvX04pq++4R01/ctA/SltzsjH0Rv1bbuvoLdTrZ +MhBMLZG54Y8W1a+VaDdXsatiZn0TxZ6hCg3LszJ7eh0/xasXPfjfmqT3wnS6lzSE +nsSYJM2jgcKQi/WCHqXIMl2ZQvvVTmja/0P5IZ94EFMzyItP4DPZY5pWv1wAk6wZ +DTQTrxsBbZF8DuO+yTA/3iPTMHzYdsqLyZMTg5mEdE8dIEJu5B3Fx7bNRgvAcSU6 +GRnNdFaXKfb/LmZu0KDBpHF+BCqMRAFXqSsijwyvwy1Jt23QLFQUajZM7yms8rX1 +ev6tlSpSVxhlUnwEuCVNgbact8YfFSEeAv3hmFPTt8h3VmNp06Y2C/U8hBNJm+SR +b4H6RdUFq6i50ygd52HEO5NCwQuDsQMLLysDau7plUOdwql8NO1ji0PzLYIbBowZ +WhibSjWx6bKpmwNS+Dh//BY3XosvCNCHRRm+QnDqnK2IIFfPGuabw2YlmVTqSY0V +ooOq3iaKuhuREakZ6XaW2l/bQel//9uVkb5aqo8/8Zg56xEfIVg+6XNiG+zIBtj6 +en0y6/fWLT9zonam2V8h7FUdsIGLsHMoGoWaW7ItZqrJF7Z9esgz4lU7gOtWl7YG +Wd2KhJfciJcemystNsUxB5opNg37Xz54bwUcAKvceCmSaq9ZzAkklhFa -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp index 4844d37d9..7165ae429 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp index 70f99d3d9..a5e322a6c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req index 08548f8a0..48faff2e9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp index 04d35a0f0..f62b91fb8 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.dated.resp index 71d8c8068..d3829c6f2 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.good.resp index eb68e1ddd..0d5b4ec42 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.revoked.resp index d9f99da6f..4c36df01c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.dated.resp index 4d5a45b02..22fbeeb2f 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.good.resp index 64c992689..e43caebb2 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.revoked.resp index 3021513b4..799cd4503 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 index c31ebfa59..a077b23f1 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem index aab5b2fab..64fb3709d 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.net - localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE + localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0 subject=/CN=revoked1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxOVoXDTM4MDEwMTEyMzQxOVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1WXW0S7RgmWV4aWaOU -dgKR11AozRW4lPaV1RBuES6KFpf3UaAidXB4b4b+GCPSm/ipkIuKgndhZLF7I+sw -fRtxCivf2Ma0DHJsY61ngf17zBP65nMmQAev360R6plasC84mjVZeYtPSpy/KUgY -1Kfg2PRTMfPIPmBvaK1Rx+Q9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwM1oXDTM3MTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrqKjZH8h3OBLrGB30b +KJNKeJq0+93l6ojTCdaCRY9/LaTrHMcz0b9STUJr40NtD8rrfrqHT+u8LyiBFGPP +WXtau5oPn0nwfPCwnMCqRL0JHP8rcNjkJ2IrVMUaxf7ESt37gP9HtY107W/M65qM +I4L8fQKSFAOE9S3mDOr5LwGrAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAB6xH -EtocDYao+0eNrhKVnr5KZ0U2Ll8GF+xUoZrkDwXs1o5Juue/+1B4CPcK2UlqH1F2 -UDH40fPCKzdZeKfkpvU3+iqrht1ThJf6AOERqoqFCfxmb/Zvu4YgACkCZezlyCfK -IbLb7ZU0lAT7wu4/T3bxKp7NdU6QDEoQq5/NgUA= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEApfi5 +vZVllEdnt9Ak/2SGu7jNuKWegXJaO9L04B3Bjdr+KMM2lRUSEkWGHg/KIdIPsOC2 +rH0ThzwFBq628WXf+1eD2KdSMK2YMrAWXV9Xt+rIjz/NT8mvjsl0dKU13gwnptqs +cgOCEUY8hm0LET0p/0NmyRwKqZsvqDgoNEnHzuw= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key index e74439b32..58cae2c9d 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDNVl1tEu0YJlleGlmjlHYCkddQKM0VuJT2ldUQbhEuihaX91Gg -InVweG+G/hgj0pv4qZCLioJ3YWSxeyPrMH0bcQor39jGtAxybGOtZ4H9e8wT+uZz -JkAHr9+tEeqZWrAvOJo1WXmLT0qcvylIGNSn4Nj0UzHzyD5gb2itUcfkPQIDAQAB -AoGAUMaZyA+671Yer9Mj0iLT7Zzbm7ABRXswNnSotWbnIWy3CJ8FID6N/mmSTgNl -EaqHKuHhd9NMEZRhnSP49EtF2zIja4GyMHegemv5N8qsiYP98S+vH4hk4/sKIqHB -BhLOFf/rd8kyXdJxkzTh+9/Cw8AxdYl0BNApuM15zmYa3o0CQQDvqdpJ8M3Jq4eV -tABvH2UjS0zcH2Xg2u4Yxvr2wuIsMhScqIeww/DvnpdaWWpBEUA2ZtmttNZebpIi -H+gfjZdrAkEA21WEwzgDx9LNOTaVjASeHp4jcPQU0AVDiMvh0eBuaGlXuhsq/wcO -kvSU3/CEpWIT9UO+m6mjL4nUuXkmRU9k9wJBAK22AUCCx8YbDAVYGNBygw4X8DfE -kkVuqhFPeGwPSXwbOJFsHh3jh+lGnBGiqb9Lz60e0zxyzMZZgpY1Zjwols0CQCDN -959jH12hr8Qg39kjT6rwqAha2UoLn4A0TkAfuyOurcpOCe4+1fUw05ty08QQmT+T -tEx/4MJZcRGUhx7Ssx0CQQCF5X9X5kNNLVTEjmnGSJHobuLUYXRH74olKGAxfQm9 -YuKwgEJAGEAuAG9+QYMJsBPsqm18w6bd0FIhrqNzW+0+ +MIICXAIBAAKBgQDq6io2R/IdzgS6xgd9GyiTSniatPvd5eqI0wnWgkWPfy2k6xzH +M9G/Uk1Ca+NDbQ/K6366h0/rvC8ogRRjz1l7WruaD59J8HzwsJzAqkS9CRz/K3DY +5CdiK1TFGsX+xErd+4D/R7WNdO1vzOuajCOC/H0CkhQDhPUt5gzq+S8BqwIDAQAB +AoGAFLdNVt4Y9t6zjt9ml6mTQwuLmTEIQqhDR4k80kLiUxltcznpa5O64nryjAuR +muEwrFdm8WVI+5cfA+mZXIS59W1pXGeJ7+plhLEan97ja6bQKHUAzfJoF/iN3B0y +oSC7DpO5jcI4s/iF4BgHFk6/CRGKqnmvHe3F+69IaRoeVKkCQQD1s4zslyBoCrvH +2dESoKGRVgm/DgOL01ky1igkiMj8ICmOkjI+kciAKnGOcQEgUW48rgV8zYTA25mi +3ZT6pjutAkEA9MLeym0eGVER5bMvhes9QTtIpaOvEIhgFGGq50mbcPfE8s4Uq8xL +oVfDL2AEIsV7mpXxxbZrfBat/rxUEO7dtwJAQnHC63xXFCvK6lnaM1pjNwV4b0Vf +6iFGnvvRMUgYai5cbqTUl50fBqHzwZyHvHCpChnZfA2sF+eLHcMkdcAcpQJBANfw +xVaahp+XYs7hE+B29ogCoclhbCaN6xaQRJPh4P392wjMwHgBuggSweWeNIfo63Ar +Mi9ZDeNgrwm7Zf+6fmkCQARjGSwgobjSXiABXj3t/psyoeEScKHk2vwjgUtjHWMS +imyxwPsWyorJxFYLT6EWjkGd9OSJ3EXaBbNWFMAMbgM= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db index 075b72fe9..41044e5c9 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db index 84ed95130..7ac296788 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem index 05f67932d..da13c8cff 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked2.example.net - localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20 + localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45 subject=/CN=revoked2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjFaFw0zODAxMDExMjM0MjFaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnDs91kOgdASz36BY9 -VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2MiA+LtRxitsaoNOS0UIxebeqaZ570H/G -MN01QVwsxSrqxGPESUrLybk0qUxnd7MkRnq1CKjldCG7ufH3ACFjlOGUEbbCIKeY -bTyBbFjrsCRdzoyeSII4y6HxJQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDRaFw0zNzEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6mq2TPyXL30lDv6nm +k6cDAfPw70OceffXFbBtGT0gVYo1uu3uwbgsXlVAWKbOVwB5eyANgjCu1cT8Ijmu +Smver4PEI54NVT5LCMhaqZh//eh99KCeCL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ +1Qw9CX5d5YTQuIsJtad8I3bimQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAGXt -Sqxp2tsIOszNEdaj8QGunGxXWfX5J8z/XjPhJz0uLTTau7FU12Kxs/UrKq1Y5Gdr -6VjY0aRj4MylBx7QGMtHAHcHHs90Fb9sA4lCDfrFoP4tkLFOhyJRIj525SLN8nHW -u0dr1LlV0T9SNfsFDkyNhlb8/5TxM2ujGcQVvWlU +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBALZH +gmXhmLpZ7kqPoOiA/DU17X0wfouWx7wPSbzlNRnSuv255oLXnuYaFAadSr0V9fIq +pwfS4SOSuvL9eil1hBSUDaFrYfLdmCgXNa+W3mskvDc8M589CnHEoR6QOrOZGzgB +ffLYT2L+Z8A0K3XOGhA6JSrUKG46Ilmph3D17USQ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key index 0b8c68eaa..d6c969189 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.net - localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20 + localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIimhRhAhkNdwCAggA -MBQGCCqGSIb3DQMHBAhaasJDQXVyJQSCAoDVjygVy8c0w0QsbPCvYDbiyrkPOqES -r8ubXlcI5B4GSsoi4Ho9xdOiYQOyi3fCGpj/xa8uwvyDNCUNt0ndc9lO7m2joUpx -rRvbjsFWDdWXUaKRnCKfYd6P3NxAs/bu0x0VzySI/d3goG55q8EdM9O69VYcuwSK -uD2bHdd044TDCUvIhtd/j6BwiSvXbReDSrRAi2YaKTBTkg/hJmNltkyh2POlaHt1 -MXijtn4V1STsp+3Z3Vi4g3W9CG2e772McVtrtcwVPkN9iigpFNJymA2hBOS1xKzU -+XTMNwPrdx/wN5jzkV6e9d91kXwTBgzc1cI7sARi8dn5q0cNUyt9dA116ujXbE1b -kSFwhCYVgYW/XxxbjicnQQ+3rH/SPlGGrccvqEyYfTYggK9cQoKVYZrkKbbjhb9z -25xegLYHH6m00sYw/9dLxK+AhhHcUpJaJ+so6jJVmPHJRJq8Uwom8DElZEuwYEYF -g+2juJ6bc5nbZVn4Sud/yUzl9TEkgLJXWCPw6BClDID6IoQGct8hI4/LizvK/cJp -YQZ+iVl8wyPigDR1+1RPdbRiCLqZRpONXa1OVmQNlOVbNYJhJ8kOtNBLnOrYi/hN -WDcgY6FmSDIaSrk168y079bibguONh7XYtJ8JbY2tJGXJfnlwqF6xkJvtWUhRpqE -VzEk+5/WcuxxXRERunYAzZ00VFZi/g5+LfL9GeJWpU8VYlh/OExYXDmq/BRnMxlh -8NIR4b5zZQ4lfUazMRZOvKXTPhjwf2YWly9IYuFzQdOvRY4JZpP5hGH1YzU66tVw -w7na64Uiq9jvWvqJsgaXd89z0AJ/FrhQ5YIHulvuinFiJEI0g1GvAWAX +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIl8ORkiq1WgcCAggA +MBQGCCqGSIb3DQMHBAhQynRXr7dKyASCAoCUInV8bnrIdALtUsJjSorOPDnKfo31 +jvT9nnowjwQGVDSB0spwjChqab2BanhimzPgPJatNsp3eoQ4Tqg+vCRa543PQMTv +C3DNngH9mC2gv9utEnoOlg0bhT8WbgTsLTlbY8cg2bz2APRVvjyug46G3uZkbq4d +vaHIZJtL6JeokSAaRnuHJHxZmbsxlbDj2A1kmt4kH7+PRrrs/VLESQ6gTATnb24R +ChHPW/9nhCT4VJTkN2XgLGdnuja2HmFjOSlhOUU6gCh9oCQIbqOz/eJNQassbEub +4AvFuOUTAG/O+1DxGe5ou61+i32WW3eOgAgobnrz0Ws/7EwME1mDUzQX0PxSiEVn +kWqvg58LDcsi6Vl8Xm+LEDalh6xYRKtmM06dhfis9itxKQCWTj4uN2UDukQE2p7L +epZjeoGAJ1YkaE8dRewM7VbaVRx037Qe93MUNhifngMWimni9uL2k5sgP4sfiks4 +x7jXbc5T1xNOkMRNpkjUyu2YbdnyKfdSg0iUV8+cFJ74oc8lwpXxkj2Uoq0Q3VhA +TEMKlDeKvI0QIf7MXKhWRG025+44kLVzdloFIGZvg/3viBWaxbnSzMJS6nJWSbEq +feXN03XpomrB2Cw3GkS5EcHSibuQ5ziXUnVbOnD+7wkKyA0NxPsavDt+0u9DqoWk +0Upu2/Q8eVa6s6bFVLc0xeHCoxITIJXYNF421yE3D4PgXN3Jx10GJVo6LAk9eTjD +GRZ73oLHnzEUkE/G7uuDt69nPPW+GEaskW8Mc8ZAedJ21/SSmkvLB1/cnUQsf9Sp +fd2RKymIozWGXImbnEgMO/7pfhm7acgo+V1IUmY0mCTjWUAYWQj4Ba6a -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp index 038917466..311ca3f8c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp index 11befcce6..720caf8aa 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req index a0543ac74..4c541f56d 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp index 11befcce6..720caf8aa 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.dated.resp index a50ed008f..d9087df0c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.good.resp index f0f53d4cc..0aa2cd301 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.revoked.resp index f0f53d4cc..0aa2cd301 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.dated.resp index 671a58cdf..3714e9405 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.good.resp index 01ee3fbc0..e4a7c38cf 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.revoked.resp index 01ee3fbc0..e4a7c38cf 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 index 145e55e24..e91449ff3 100644 Binary files a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem index 664b4c415..dfbb8f3e5 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.net - localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20 + localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45 subject=/CN=revoked2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjFaFw0zODAxMDExMjM0MjFaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnDs91kOgdASz36BY9 -VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2MiA+LtRxitsaoNOS0UIxebeqaZ570H/G -MN01QVwsxSrqxGPESUrLybk0qUxnd7MkRnq1CKjldCG7ufH3ACFjlOGUEbbCIKeY -bTyBbFjrsCRdzoyeSII4y6HxJQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDRaFw0zNzEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6mq2TPyXL30lDv6nm +k6cDAfPw70OceffXFbBtGT0gVYo1uu3uwbgsXlVAWKbOVwB5eyANgjCu1cT8Ijmu +Smver4PEI54NVT5LCMhaqZh//eh99KCeCL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ +1Qw9CX5d5YTQuIsJtad8I3bimQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAGXt -Sqxp2tsIOszNEdaj8QGunGxXWfX5J8z/XjPhJz0uLTTau7FU12Kxs/UrKq1Y5Gdr -6VjY0aRj4MylBx7QGMtHAHcHHs90Fb9sA4lCDfrFoP4tkLFOhyJRIj525SLN8nHW -u0dr1LlV0T9SNfsFDkyNhlb8/5TxM2ujGcQVvWlU +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBALZH +gmXhmLpZ7kqPoOiA/DU17X0wfouWx7wPSbzlNRnSuv255oLXnuYaFAadSr0V9fIq +pwfS4SOSuvL9eil1hBSUDaFrYfLdmCgXNa+W3mskvDc8M589CnHEoR6QOrOZGzgB +ffLYT2L+Z8A0K3XOGhA6JSrUKG46Ilmph3D17USQ -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key index 909e31bbc..22c52831b 100644 --- a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDnDs91kOgdASz36BY9VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2 -MiA+LtRxitsaoNOS0UIxebeqaZ570H/GMN01QVwsxSrqxGPESUrLybk0qUxnd7Mk -Rnq1CKjldCG7ufH3ACFjlOGUEbbCIKeYbTyBbFjrsCRdzoyeSII4y6HxJQIDAQAB -AoGAGLr6lHxGg7g4/m2+V6EXlMmR8vcaRKo/Z+FWPFtuGrbY26PrYzDZR56OiXqR -ufdlvcyc95ut/1TfrCPkUSuwuUrsEGQ3ikTpJ6VvC/MSsTcR0+pTCanCjOqqT4ww -/Z6aMqTJRh1fcCZqExmgrvg8ErK/NnxMUh0ow2pmJcBpVsECQQD3bTVrtEEiIcup -hUs35rE1L3E7srlnHRL5Adt4yjwBjGWH9YU2ZPLZJlHJGBlrF8Z02M79cl9U0zuu -awmLHU7FAkEA7xBnN5kPeit4LH4MMsOFfN7dYAsAcJfWY2bxzaEeLopY2MK1omdV -aAAm7FynZNz2t5AgEtBqobELCuDtk1w+4QJBAL5tD6tH/MUPK5bZnq10YDhlvglL -IURJ7Rs2IbrSMuKiMlY0UQUvJnSX+GQDpzR0BOpTHuOTDenT9N/lQ2AM+10CQQDM -YYys5qlpvBIgj56kI65S5EIEo0M7/0OlddRSBWXFSjfNESGx93/3yvF773aY76Pp -qUkSbKZNGAwlv8i8zAdhAkA69PWHkogtutdvmUoQSsmzsqIg561sD6n5243Afhq8 -5TMwYm9olx6gDrobNYOTf8rsrikSf3O3LpUA9e7tIBp4 +MIICXAIBAAKBgQC6mq2TPyXL30lDv6nmk6cDAfPw70OceffXFbBtGT0gVYo1uu3u +wbgsXlVAWKbOVwB5eyANgjCu1cT8IjmuSmver4PEI54NVT5LCMhaqZh//eh99KCe +CL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ1Qw9CX5d5YTQuIsJtad8I3bimQIDAQAB +AoGAHPmlrYaRrOLYB9q8BrSzVeaOEBcRouYsKMwSYBkaLRTQkt/wJYcTvQ1MzuK1 +IWHQY2H4q9WlD5DcDIvtSaCpYl+/XWf5LB+F7UQNOzqVCVADBgGIbf+kvncIHYud +OAf+ifgEJrN4JJAmPpf+jIb4Z7THBl1nPzErxC1ZfRXzrT0CQQDhmHEtF3d4JpsZ +Sg7AK9g9ZOLq775ufjRFt65nI49Iq/zg2NxUO4GVxd3LIKK91P+tdchenZSMa58b +boHjI7c3AkEA08DyzF2lJk4HyEDssxJQGPSf4Qkb14ialSnYnQKcuY9uFaSq2qmD +UqKCy2K07bWbxFST+SgbWXjuUYdppCJ8rwJBAJPnVPQiOYJ9lRwscKVPWZNOzHMJ +QYnBllXLCj22k58qmz1zEGjtJpViR3qAaBIbTpGT8g0ONTEm8gaTGfcoGFsCQChK +kGhecSwmsMhjwiYYl/EHqtww1YFfVrqHKdZGRvfv2Kx5lqDgnEI+9dApSe/pHGhx +B27jOMD/h6kvsOQwQ7UCQFT6lidTnHgwDif41JCGxTE3HggKfhkPEz3ZOcQ+WOgf +qsGi1sjzEl1pEwJwYm6xTp17AonJ6wnl6gNTbQIcGmU= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db index 8ccfa25d4..c4d097941 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/fullchain.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/fullchain.pem index 2e9d047a2..8df23cc80 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/fullchain.pem +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/fullchain.pem @@ -1,25 +1,25 @@ Bag Attributes friendlyName: server1.example.net - localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD + localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D subject=/CN=server1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ -kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm -gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y -DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa +Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1 +B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr +XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl -cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj -T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1 -nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox -KH2Y1/8YLIYzqDIpv1FV +cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l +dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y +qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu +MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk +g0JdrloqoSXkK9aDIAD3 -----END CERTIFICATE----- Bag Attributes friendlyName: Signing Cert @@ -27,17 +27,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -45,14 +45,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db index 93896e23b..fb072382e 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem index bcfafb139..fc08b865f 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem @@ -1,37 +1,37 @@ Bag Attributes friendlyName: server1.example.net - localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD + localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D subject=/CN=server1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ -kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm -gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y -DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa +Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1 +B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr +XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl -cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj -T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1 -nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox -KH2Y1/8YLIYzqDIpv1FV +cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l +dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y +qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu +MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk +g0JdrloqoSXkK9aDIAD3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key index 9ee1df6ef..392037a4b 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server1.example.net - localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD + localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI62XXI1iHMRwCAggA -MBQGCCqGSIb3DQMHBAgUfBqahNODUQSCAoAAns5L+WDU8Ax0WUYmdqBHVeOmhclz -LaPCde8mum8ZZ7eAo4YxuPXMJUnxdBLdR0xGH+GFOwmk3B1jTRKuJapHrKlEBCgk -jni46aFXqNRMZQJnaJiw9lx48DIiLi7QE8nGxVivVKGG0/nUbqtCpyA3tE9LJgmA -VlawKPwdiUhE+spUMEruwNoqCTT7ZK+25AjrWYwTsGKatlFRur2iMnsXd8UwXKy3 -kXLf7FZtM6ZpTLNiwcGFzxLDLrMHd4YrUzTkrsGS3Nw3JbeLUZ6JRqU6W8AOS9Js -/kryPO0SUIvCosmhKfdik5L3EGy4hffjEyidSk2VCzqzAVvwk9oIVC7tS8GOdxno -uJ929KUbjWOMdaVgh+VUWKG0anViZhQmrtDAajKuWtYbr+jprydaN40kw4/sE3c4 -90X5vCr7fBuqy3ODYg45k+H2RdN3ATYFwr4AhRBIDr2oIS1SdSwj48T7RG2zqlYe -XM9JLmmbr6mmX1QY2rMnBbZyriHLpHEx4UV9Codt5y2xJmLhyz8bzKxngKkHC3Ov -vdTS6R5Lar4SguWUY8q0gwvvLGGjU3xpLFt1xya82ZzDoz182mByjNvVqAgxy6Zb -VC8W/wvcsQt11NxH7XoEdumBu1THGQn7oVOv0iSlaaoQwjvBG2vsXxlrOG3syk2A -H/b80kI2VZyxI/VGgLO5Qm6S5gpeq+ZcgMlaJ9sHI4Y+O5AqJzADpLRIdLgRaFnE -BTlNGjrtxSXIUyvXsqR5CJ7Nrq1zBhqjVoGewRVR3aXPcQayrIWDAiIzeegGsCTP -xJvWzk2IZGrsl2a4z7YmgTvZssZJzqSIePbeAE1PDc/er6oglPtAndKa +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOd+1INjFUxECAggA +MBQGCCqGSIb3DQMHBAg9VZq9DU5CbwSCAoA7jHnjoTklLx5kS/0wLcjzd/+EmYuz +X2jVsD6al33pBgKbvOdMt3Jss26llvNB5MSGev/HcXK6+U512zhnjhL5f0eBoVEM +K+zkwO/D4j5wR9URRB3i6Z/H1qWf+lpvB4S8BGeFENM/aLEPUvf4JN4BhKmeAIyD +367Q0nlkNhRNNPvFQ8UNTDBhfXYT25lDMtBUl6cyibbc+LmFX6MUAbfffjoqaBBX +OF7sJ/AJmCZDKI+QFeeabf1hiroyio661Ip09ygz2xnaY7CxJLuEJySVzNA3NyNJ +hOevn78Owerv57F9X6hkSRteKJ8drc+hbbV6BIglkkoFEMWwJXshy+q6raKaqzfy +mZ6tY9ehgC/wzCIPWFZOQCFDGNpLvxrX0SncSFegr8utueHBf1Je4maxAXl+qVtr +wmU6ybI8XY6CaRWgpCohed8xjR5hEokmhNV0BXDghChb5TORk2578a8AhsgdhB0t +wthyCE1i7zS61ITP86E5LWOhOpThZmm4E01QHgnXzjr5f8pAkO/guXizAsD37W9W +NmgfQYwKu6H64HbjPguLxXLP5FuVryYlyAYse/RtLOG9aiH+gUce2rGxkr6FQNKt +dg82cctgMWDJ4STbrEr+D4yceCYErpDiXx7D3ZH7ZouunReEhZpG6E3o/T0jGuzv +0G5WY5C989TH2p2OS7EL3Od8HtqtCuV16ECNUkaEVkOXI6fq9GuRBUPeRWd6V7iU +DBn5NOtMoBY0qJ5rOgBY9t391VaZpTIQp5A0SilXuoKFM69d+3IQOzvnKAT8Ok/8 +l4pODZvzgHAwcXL+U7DzVcBswxaKukbv2yLag7Ebh19GzLEYWZJhUUUS -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp index 4f879e278..5eb365022 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp index 08ac6ea53..24d598ab7 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req index e1fc2a5f1..ffee1ffe2 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp index 14fa19503..c0cc4682a 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.dated.resp index 1c6284a38..68671e583 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.good.resp index 0c9f56117..9c1cbf83c 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.revoked.resp index 4c8e4e478..5347205dc 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.dated.resp index d61082adb..4a1e5040a 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.good.resp index de1c598ed..3cacf4f91 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.revoked.resp index 45a56c35c..d3b83e123 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 index c678f8d27..e138cb631 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem index ad2de62e4..b58dc977f 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem @@ -1,23 +1,23 @@ Bag Attributes friendlyName: server1.example.net - localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD + localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D subject=/CN=server1.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ -kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm -gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y -DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa +Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1 +B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr +XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl -cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj -T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1 -nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox -KH2Y1/8YLIYzqDIpv1FV +cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l +dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y +qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu +MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk +g0JdrloqoSXkK9aDIAD3 -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key index de18f056d..ee116a16f 100644 --- a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDWBXPQ3N72BAJghGuVqRmQp7I/LkfoTm4lTeOIraxDZxv2dAtd -09fsed2EWLExJoo8HZGBjLGeu6j4NnVdKmaBOeh8/kiYGZnpE74Fw7IwBrnvqisQ -M7F18VLxBjOTrEozyPgDVOXEz8QSCoBA3bIOoKXNArUroLHnaTuHXVvWrQIDAQAB -AoGAA4at+I43By8cOepcmmfhkbJNm8Bfs2pdYrR0j/sqiCbB/W6+hDJ6D32Xgndy -nehwZRqom82NXJvjZgmBqAILk8Q8PrArj6azlHBIQpymmvtxTCogHNdSw4k8+q6Q -dtyW9W4vYbrTXaYTEElLmVSYgxlVddWL6eTmqMTKGYjgkcECQQD8I9rEtydHgET0 -tSJvsGGrCeuGFpsL3KVhdSWKcaIxiuHs9umkAdU11K7ArWTCbqkeAowdZTvZiymZ -oaSAA47tAkEA2Uw1idLroZ6Oo0jti1EFxFtKKRyWAgyu5PqPqqrI+7VqmfWfH+LQ -2lCCjwW+1rjFJ3Y5uNuoOFmd3/3ctKiuwQJBALDFhmwiKFS1tiKGF5WMaH0coFZK -5Prk/8Ga+u3cCyWGxCx5U4abjlqGONp29kxmfwS+LnOxdMtpCIpgTE8/r2UCQAj3 -K/5TxYUVla0HBUYKQcKoQZcQpt/OxiiMbgEMqt43zf4sNDSMlzFqwPhFtGoHlZrb -NeZ6qaYpjGoBf2m0zAECQAbyKsFxNNHpWbzRS6HLVNanwLHBdJcy0cPRiownLJQ+ -zjuKEyPdvg74CEz4/gvF+h0XvRjbnKsvf05WVz14YwQ= +MIICXAIBAAKBgQD2GuMdRDTR17wtsXV6UpoqOLPlQFjOaPwFYQfYnLgHPeVZ8FUv +HtiUthGjufDCWPsgAnltTq701JcvENQjfDUHuJdmltsYw5qLbOlQ5UqeFaieSv77 +13x53fh42/TUcdDDnGq6ldCHwyhVD0w6dOtewyQTyCQOkNPmmIXOtgMshQIDAQAB +AoGABy2kQVXVS67vqGreAQIMOm/t2gUVIEHrN+zyYaP0IxO3Gb5AYV/p14V5xHYc +2PkD5M475HaHgvvAbusB2l45+iNBW6wgTLCztPYbgMPiDVp47AcACRqIaC3SoDqC +rUP8cUhlge1KTKjIlP7q8MVRl1ckPFaoTOM7hyNqyev6BHECQQD9HWO77AyIUcUC +6gaPuvx2FZ6C7dnN+ojyVMu6lcd6CJekNhoN912AoKB8vsjoEuPejPsipGWuWso6 +ZwbFl3izAkEA+OkK3s5woOSd0NjP7BHRHEOAW337qMMcT3AI8CzJDg1YBZTMrX6r +ixk77khw3FjWk4USTpJpBYjsansJslkx5wJAXBPx8S4IzRp6AfpikqziJI7u0BB4 +uG7YnNduGZ1dKK6xg4JO7h+7uwwz9c1txscAcDh3L34Ao3HRuXc7Rmw48wJABjS5 +QqjfAgPxM13UgUxIbG36a02O0rxanlhqwKI9OQ54HVuCZuj7mfI9HknMFpJYd0Eg +HblkyPCLBHSg30N+DQJBALpMoB9ayQBQgTWUl9yJs1b4bu6/SUduAgVTdIU+0Af8 +yfzJkTVaCEH+Y0MS8uyuu6vdnhsQnbwk1eFVj6XMXlU= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem index 860ab0a8f..569dda104 100644 --- a/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.net/CN=clica Signing Cert issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.net/CN=clica CA issuer=/O=example.net/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7 -qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ -FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua -Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS -QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU -CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw -+IUzziMDFxJiuC4JNJkapdKX +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz +wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ +ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V +1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w +jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c +/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C +vAJ2oHvLkS1MOpYEUICjB6xe -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db index ee40f21f8..ea2c6ab33 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db and b/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db index 35f015fcc..685a75715 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db and b/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem index e2db0a183..145287924 100644 --- a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: server2.example.net - localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56 + localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0 subject=/CN=server2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjFaFw0zODAxMDExMjM0MjFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANENFWh+HMxEjZsG21Fp -OhPtsdBiudnR48Wu3NYD5lraEaVePlwTxPoMEmYqwIqtYe4+x8vlmLaWvKkTjJwT -AgJV8NVWr9jH4XjyZm9/GK0CyQScibjE/fsCYQvBU/VKHO9pTc5sr7nsaOTZW7NH -l1ocYnzIj9YXAu3Iw6AX7gLDAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlsgV5oLe2Grkp1uZAu +FPgYedF8iBTxWxeMwDYrv02zlMGYVvNpqu0rYFw9Z5AMTUt8nCTVWlo17KkWUkfl +1jLL4+5VYVcSmQkh8Th7N9hjwks5dgoGttXODEIraagU0Q00K+3iWkHaUkJL/jOh +xEeDfO83QB3xZL9WOgyFM0xvAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBKHs44 -5Sv7+GVj7XgmAsYDiOTfMcQ/bD4RRa2err0iku/SCYEATCxZLbo6iCLcwgtkf3YQ -6AFj+d5w1qAmOgm9wfZKIRPoM5ndEOeR3VdffHEeXG4yo7/8DL+pbZjDTFl9dLSa -kblJFdinSu4Gcy4E+bH0mC0E04ujCTqxiIg2fg== +BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBivwX4 +EgnDGiBc5peorNumyRuk5OBSiftJoy+CvV7tOqs/hU64PJZri103eEr49cgt3FC+ +YcuZWVJtzb6x5XN2YtEvwZY2WdGEdo7H4v0AVGfevguvIqtTxoBc8ZyYtXEflIVD +tavL2kS8jbk82eIIVn6S2FvR/PBhH4wW6NK3XQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw -MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae -/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV -7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ -GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv +pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N +JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5 +aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng -JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7 -/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA= +Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF +RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f +7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key index 28866d164..dfce3c7c2 100644 --- a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.net - localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56 + localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9zGVV4cEu7ECAggA -MBQGCCqGSIb3DQMHBAjD1hKFRDzEsASCAoBQNuSurHPQ4NdFqMPbcZM1H+OOIkZF -4YEUKCPoSyeTKVkaNKiwipZ4uLVamJLlbpJ3eOpyTNU0TNyVzBSxRyyxRgiDmY+/ -KYUvaI59LpXGE/OZEIdb/lsxQr5mKhFg8bNseg/HpLl0KHgIt+5hiufvP602b9Ch -02HZmXcYKhFDnO6X/bQMp+fed2Y2tPdfNXUdwhrp9y0gKZtzXIvme0PQN1wG22Iu -s0eC51z391eJ/CoTx4yxV00slpN5ItbxCmqBTBSF5eMBZHcSQpmt0d+xGDaYfhyL -xdM353qu2NJ/nX4vILtz6KdWBrJt5PuN3DjTzjJM566KYLRVQSUMVeDsGm3jb+QR -hV4beOplXkD1J72BVgs6I5unBuoem9MHMZSC/TVaEUDPZtWzbjGWLErK4zUfugq1 -ITfFbS4wusy4t8M1pSL/0gqNSRCvcPJN7JvmOKfY4vhvmYGmqsduJ3nHetvWPOsC -2pAlwfJIhQGhvXZpVtEh6jyGC/YFGUfrDASYzF3TTcVGpklVZmgglYNg3r0wiV2D -cz6P6O1fR1K3fA3FuSLdhGBitfN01RZdWCsmjP7HHqHEx+4CjTX3qfimCYZkC5xJ -+q0deKfchndPvqNhiKZpWsubFpXtKNTIAvE1HwkA+O6PUHbnd6GE3qjehaKCNK01 -u9+z6ZljGq+tPybNO4D/NlU8XKzfoYXg3ADCqUXs1JsssoCqae0l5do90ZI8vkwr -dEyRdYdHUaByl28qMTW9Mp9NsnHMf+pFbEpdcWMQCaSTXnoTA7Ocgax7n4sJEQ+U -GByIBSmb0BnWKLhXAgHMZ7VWAYAfLGo1qfrB5X3nqGcbziQ/7z9rdzPx +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2ZqeNNhoV1ICAggA +MBQGCCqGSIb3DQMHBAiVpXY5TfQEiQSCAoAiD60iC1798cMn9RFq3fpWITpKISb6 +VX9n+SrWrNe14JeDXFAm1xoqCJtL1hi8lbpNXXwtzSk+s4ZTIa+VCegKFZ26lVfG +uTPT8ivNLHNq1vEGP0Kl/PJvJW7aNJP9R0fYnbtQwXNbvPGfWfGzL/6y/5toLp+d +FNBZCda5bZ5UTLXCUX3mFq9+y7bz4NjcyryAjOQ+mhTewo6XSZR48FNyZmql47Ca +hwtkfkRCd0AMZTJFUv5uYavjP+qgpv1JOoM6DQPacWdqG6Bc7wUL4rlXCipzQCkc +rKOw73T5wYgrHLc7kNMbIxOGfYt+rBkNGjlQ/RoJ/NJgq9EPswY13AglDZRXnCtC +yd7HXrllM2+3tAjmipC1kXX9+V/cqmt4SuLWnXstpF9wuu9N0/hJtxC1sg5kinMt +2K4M4XRTby5x/9FMCebCRPGJnCSUbCyV9Jsc9IK/9M9N2r5VSVHCHkjNOMJdALBm +1OqaxDOIOy5/CaCCUTxM6WHqQPEEIz5bPkt+Pgbg5zmdTGMnM8HbJogFu/Tiyihz +zVDgnsv8cXMHp16ZfFULbuDf1RLdfYGaJVu94MNXnsLJtKQ96QVxaXCtC4ywpkPO +DWVne+Svu5YtrangHhUILbbMtivj1zgJmfZ35Qo8RVhCeNsV57k0GutYnto+Vcde +iR8j94i2cE/V9q/b12i4+aMS7gfvcxEVIYEz81L51cm/lOCxPmhwQcV/ozHrqA15 +U/FDFYMEvQBNOjiiTQZvzwd+FDidFR/szYGVQ8nNiMcPLvmeLgRHKgAi6PSyrPi4 +MVK3EFCdQC0Otb6uKDbsD8yRKKB47V2ky4gi7xSKN8j1muf1kG4WS372 -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp index a1968f29f..fb4b91a9d 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp index 9bdc7952c..750f63c0e 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req index 4e6a94f59..3eb1b603f 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp index 9bdc7952c..750f63c0e 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.dated.resp index 1e1cfa0c1..5e422d6ae 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.good.resp index 7329776bd..51de6e670 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.revoked.resp index 6aa87a7c9..51de6e670 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.dated.resp index e92aa97f3..6083eeb0d 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.good.resp index 848474224..e81863f0d 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.revoked.resp index 848474224..e81863f0d 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 index 02a13a035..4c4b6aced 100644 Binary files a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem index 5b62114d2..0a92703ad 100644 --- a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.net - localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56 + localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0 subject=/CN=server2.example.net issuer=/O=example.net/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MjFaFw0zODAxMDExMjM0MjFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANENFWh+HMxEjZsG21Fp -OhPtsdBiudnR48Wu3NYD5lraEaVePlwTxPoMEmYqwIqtYe4+x8vlmLaWvKkTjJwT -AgJV8NVWr9jH4XjyZm9/GK0CyQScibjE/fsCYQvBU/VKHO9pTc5sr7nsaOTZW7NH -l1ocYnzIj9YXAu3Iw6AX7gLDAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlsgV5oLe2Grkp1uZAu +FPgYedF8iBTxWxeMwDYrv02zlMGYVvNpqu0rYFw9Z5AMTUt8nCTVWlo17KkWUkfl +1jLL4+5VYVcSmQkh8Th7N9hjwks5dgoGttXODEIraagU0Q00K+3iWkHaUkJL/jOh +xEeDfO83QB3xZL9WOgyFM0xvAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBKHs44 -5Sv7+GVj7XgmAsYDiOTfMcQ/bD4RRa2err0iku/SCYEATCxZLbo6iCLcwgtkf3YQ -6AFj+d5w1qAmOgm9wfZKIRPoM5ndEOeR3VdffHEeXG4yo7/8DL+pbZjDTFl9dLSa -kblJFdinSu4Gcy4E+bH0mC0E04ujCTqxiIg2fg== +BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBivwX4 +EgnDGiBc5peorNumyRuk5OBSiftJoy+CvV7tOqs/hU64PJZri103eEr49cgt3FC+ +YcuZWVJtzb6x5XN2YtEvwZY2WdGEdo7H4v0AVGfevguvIqtTxoBc8ZyYtXEflIVD +tavL2kS8jbk82eIIVn6S2FvR/PBhH4wW6NK3XQ== -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key index bde062bae..5e8472b67 100644 --- a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDRDRVofhzMRI2bBttRaToT7bHQYrnZ0ePFrtzWA+Za2hGlXj5c -E8T6DBJmKsCKrWHuPsfL5Zi2lrypE4ycEwICVfDVVq/Yx+F48mZvfxitAskEnIm4 -xP37AmELwVP1ShzvaU3ObK+57Gjk2VuzR5daHGJ8yI/WFwLtyMOgF+4CwwIDAQAB -AoGAFrOyCHfxjqk/K3+yH4Qq33Enpzahcisd7iDQMJmZ0XHvCqNSaFNpR7I56Uhp -QmYTxXih392eGO4DrOTHl0dlJ0NH6i9nOg8qrHKnItozZ6xtCJ1DE3kB8SqXk3xW -ghRepamaHlujSu8yWIwWNt+vPftccTDu+k/LkGV84YYfKJECQQD/2qtuyNOxceAa -llD9PSGWHGgEwQt6Ko5BQX8ZyQdAs9BD/FKWLTsmvbJ3XxKlQ92KWRI9RmXgFeKq -N49vCjYrAkEA0SuVzhjSbWvn7gWESnRHVsdodiB9YIBBZB0Qj3FgPx+9w/RuJFyi -SwlEo9tbQE2ZeAPbXn9071BQd9CyIUHxyQJBAKuCTkEpZp8gkvW/pfLcM9OIn0Hw -ll0CgfHEkgsa8z2wTAAG+OWq1GgX6baTiNA4Oh4vr0ZcFpaslRE9xWzOD5kCQARA -Uoch0gUPUGNyEUJCIsEMxH7CIko30Rxrys5fi4k85+p3qVVr3JCR26dI6g3gheH+ -khLVnFbQ1xHYWAZ9BKECQQC87g+wvVpo8sQ94QYPPKfpJiVx/0yURYnkMRHIa1b0 -zaNNeDg6bBSOxclqtF5ZZKYkThu4iZJ9ZARNxvZ4/8CN +MIICXQIBAAKBgQCZbIFeaC3thq5KdbmQLhT4GHnRfIgU8VsXjMA2K79Ns5TBmFbz +aartK2BcPWeQDE1LfJwk1VpaNeypFlJH5dYyy+PuVWFXEpkJIfE4ezfYY8JLOXYK +BrbVzgxCK2moFNENNCvt4lpB2lJCS/4zocRHg3zvN0Ad8WS/VjoMhTNMbwIDAQAB +AoGAArP+s4MdDApLbSnAfeHR920MTbyRSTfXZbAn0syChQPyTaw5cUsd+n/BJYmP +bDegmlaKXxEYk8OkynXc4pdnZrFk0nFGjWISvXWe0ONd651UP4BBuMPP/K+H980D +mWEe5UK5kbem0d5v8+i1UVx2Kf6TRnm0mCysqiqU2zqEtsECQQDKFWJNUXOQPIaF +DLbK4dl5njJSSh5IqwEplnrzngokN55xc2aZgcpUnB0kXMPQikoeron0gbcvVe/d +vZKwOttFAkEAwluXGGVShUpJLyjT+elvtY1yXI3Waez5/xFrEJys20EboUfNXpoN +Hm9E7zE8k9gwXuh42WqfO/WlEdR2bFYqIwJBAIQqRCZpNPmKfDgcPpil6UPfMO4c +x32jSZlXb4ZRQDS7o4ZzgRC4kAmSKIUVnoOPTjaO1G7zP0lYHQ6a44sakzkCQQCQ +XcgV7u0k5NEHnqQV9jdr++z+orypYcUwmZeVd0tOcUY8vkDmDDfCa5Qgt8nvZ55G +YRejJ3ev6f77B34PatFRAkBd4mWCQ7joLRU4x9cTJnZVtk7ZS/9AvGm2Exiu89Z0 +yuRHeHU4uLKy4cww8xgQHEUDk+qZf/4yuhL+CzeQMepx -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem index 3605fed62..df582786b 100644 --- a/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem +++ b/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem index 0d15f116b..ad4e9f4db 100644 --- a/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem +++ b/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db index 2116ce305..e93ba1bfc 100644 Binary files a/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db and b/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/key3.db b/test/aux-fixed/exim-ca/example.org/BLANK/key3.db index 26e4de73c..c283f5f74 100644 Binary files a/test/aux-fixed/exim-ca/example.org/BLANK/key3.db and b/test/aux-fixed/exim-ca/example.org/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/CA.pem b/test/aux-fixed/exim-ca/example.org/CA/CA.pem index 3605fed62..df582786b 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/CA.pem +++ b/test/aux-fixed/exim-ca/example.org/CA/CA.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.key b/test/aux-fixed/exim-ca/example.org/CA/OCSP.key index 4b2b1441d..ce5c4d450 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/OCSP.key +++ b/test/aux-fixed/exim-ca/example.org/CA/OCSP.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: OCSP Signer - localKeyID: DA A9 16 A1 04 4F F1 18 E3 A4 58 B8 71 3F 53 46 B5 4B 22 EC + localKeyID: 46 CA 70 9F 5E 12 ED DE C8 E5 3C 49 74 8F 24 5E E6 2A 3F C4 Key Attributes: -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMVsIWDfi6gE1Wx9 -TeovWG3Zy33eImGUuNk9q/vDYULCTUlH0iSyZF59iqGGMOEsPtCBWghmDIupO917 -7ewiuX3Yk+k/N54XfB/gvWD1iiDcBBrAIkAy36WwnVFSJwt4c1UaOhRV+zjC4jiJ -5P0xAG5p/FgWHuafIdlZtrujuFa3AgMBAAECgYAUFQA+NO8lW7yECSkEUeWaYwW2 -m4J+z5yQCJx2gzThEBfBhQtEzVq1W+rerGJLfW80UXwhj5PmHwRmbsVQeGXK0A2A -OIbuRJ/0Z/iQ2ppp/Uqalgkfen2Eopb8dn6bT0hZooaJpGAwIqrnyQ7vDfC8Uylh -7k9FpQYX24zTidEeJQJBAO4m+Y+0Z7L0hKlZZeamcbjBCPX8I1Y085d5KM4LTNvA -Ey7/IY8Ft6ImnzCvz05SZnalVwz23dtzr2Lr/jaEUoUCQQDUN72NVHKuGO79rMuv -IFW7f79qCt3hS1J023aWACRNVqggt1eBmBzjQFVwESyL2BbQzzb2aK8bIR8q+MeA -Vw8LAkEAgZVbfcIgGtPJy4wFUneGsYz3n0FOyP2O/gDDHzou2/OrfIr+a6Akx2pU -fF1tY6SadDyLHVbGaT6NVDos3OUrMQJAO3pj5fiFK8ZRNUf4zlyBqstjGpVxGnPB -6H6Z/fCMPCDNfl3kaK35arfdOkuV8JvfySZKgUVVzoS595FCWPYNgQJBANQWNkkC -J4PminJFaEWz/zKt74oJCihdHatmWAB/udxVsAxcP1S2lZnqvj19H3Q5ffNaCHSM -iBB4GC0UWPEjpWY= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMvqTqy7scJ4os3C +niym37cs2tEu4h1QQUPTb9KoZZwnnZzaiYb8jrx6PSCDAQK1IRCtTFi9vtSZWHlg +B25y2Ul296C9ME/ajj9k4c/47oAypdbYzfagIblPzL47/AyAG94Fk//mAIfxWrBa +MH8CyWh9vtnpih132yhg48wPMOZFAgMBAAECgYABNEIArR8QmevEMUkD1HxvtXkZ +USCOscGg5+e6I7pt4KICohu7y1QAcuxXe86OuIkYcx2HTJ+K29j05odEtLLpxHIy +J/rFhAD4D/cenUzAJG8LdN2AHCtLdzSwL5e9W9Fed7lO/hwzNWwxGTtYuf2qEo3r +2MKsYt1FLw6qZsyIhQJBAOg9dmeo4SEaeFddg5WFdmsaYk604Mmp0yPfKOKybGzp +mutxVf9wEbJ0wpoPxiKQIf9qdFBH2si/hcyxpwEavIMCQQDgxv84eI1NTrCa9Qf5 +/ZU72EL8kNU6v5UjOg7g8a2Y/8yh5AJDtUt/dcppLVF1dsC53mKAcHfo4rbeYiFw +sWeXAkEAk+Be/o5YG34BVo/i81gyGOyJ4FfoMkCCgvrby82UoJz22igmfCnd+uXB +69tTbDqei0Y7ncrDEsRw6+/KyTc/BQJAOFkKb/Cgk4mvchkM99lfCNKM8F2qZoDS +dTM/uZo8R4eQl+DdxHV1SK2RoU4wBn9Pjwi1rrcDCEmVSChXc7W1XwJAJ9Dw+hxl +YgQoz5SSsK+oLai8eKqKp03AH0xeqZGZS1uEkEaPRDVhsx36b6UTZVDnzmEnP73e +0E2TXBv9glr6pg== -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 index 0200fdfd9..fbda1a4bd 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 and b/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem index 14c32460b..65549aa96 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem +++ b/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQwOVoXDTM4MDEwMTEyMzQwOVowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY +MzQwMloXDTM4MDEwMTEyMzQwMlowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDFbCFg34uoBNVsfU3qL1ht2ct93iJhlLjZPav7w2FCwk1JR9IksmRefYqh -hjDhLD7QgVoIZgyLqTvde+3sIrl92JPpPzeeF3wf4L1g9Yog3AQawCJAMt+lsJ1R -UicLeHNVGjoUVfs4wuI4ieT9MQBuafxYFh7mnyHZWba7o7hWtwIDAQABoyowKDAO +iQKBgQDL6k6su7HCeKLNwp4spt+3LNrRLuIdUEFD02/SqGWcJ52c2omG/I68ej0g +gwECtSEQrUxYvb7UmVh5YAductlJdvegvTBP2o4/ZOHP+O6AMqXW2M32oCG5T8y+ +O/wMgBveBZP/5gCH8VqwWjB/Aslofb7Z6Yodd9soYOPMDzDmRQIDAQABoyowKDAO BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN -AQELBQADgYEAOqoUYB9JsaA6P6BRreY2d7vq/mEgMdQqOmLs372MUgEmuaTib+8T -W1ZzPVAyKAXLA0Mx9Cm4M2u6GM2xd5n+pZQEF+PMJEnLOUOZzIZMd3FQoq2YOvKG -5oosmINwUkb9JeBFLcHZDZ+/byKa7gPPWGwhqo/X9aCWyRISLjOZSTY= +AQELBQADgYEADdWWEn+mEAo9wST4LfuXNT4gVs7xKDvGarvDmFHEQo+vK4MdBz/l +kdDlN2gSJmKkJz/gDLTAA2pnJc/28fM/n/WLIcn2xW5QyMPJkpbLETRMQz7Dy0NH +ZEJ/GefzAfetO9kPTYckCWxANRfOkBEs0Bq+me6khDH2ckLaNBMi+A0= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/Signer.key b/test/aux-fixed/exim-ca/example.org/CA/Signer.key index 8f7d2bebe..17c1099b2 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/Signer.key +++ b/test/aux-fixed/exim-ca/example.org/CA/Signer.key @@ -1,20 +1,20 @@ Bag Attributes friendlyName: Signing Cert - localKeyID: 60 68 96 E4 EE 63 A4 1C 88 76 FC AC 75 0D C9 27 DD DC 0F 16 + localKeyID: 2C 93 44 07 DE 13 D0 4A 78 2F 06 D4 27 89 FB 9E 82 64 50 E8 Key Attributes: -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALuQnzM8pAcc33ZD -SRd5pcpUdTSwuNKtJLI6WPbR08aIraXeHnnrcZ7MtyRyCXBdRWFkKjYyT/l6rSzQ -otZY+f30JR52TGEyzsM/y7etYHAO1NyouzTm6+Jx92jRCnP3BoCjHBHYhyHA0kPY -jp9eEhqP8ZjfimN/sJn7pB+eOW2DAgMBAAECgYA8cjykFgBknGz1n3SQQK9p17MY -AnXly0/eskgWbwO5YTXZFQ6sSvDIdP/2mlupXx2rZ8zkv20foOXrYeeAfZc+r7Bw -k9WBOrca9JW8evBq6Pz5WuhCy7MNtvSY+0OjIIqf4MDh8FtJunN7GcGp+D0xc3kr -QMnoP4zSXdTNhT4rDQJBANzFSWGHbTlG0NSxSDCxXffSxWpAEbVGuy+hYXGXpQBh -qht94exlHJSUKLNj7aAXpG/H23/gnuTUyfMxsJf2LEUCQQDZfti4W8E3N2hKxLQS -OJDy2MdNTCRmgyrVriedvhY20jay2y1nhvfiqPUZzNnyyYoAfuR+lncIETyS82Vk -0mMnAkEAweRrPELKhKFTS1mgA1PjKYJta5F1e/Xw9DYR9MewXJNp6Nc4EnwDC+LL -lDHRQudAvgOTHc5S/rp72yDq7auA2QJBAJPmVE2Z55w6y2r8tE8ntDnP/EeuHZqw -W7KPCVWVa9m/vX6G2StrdqnlpzbyPMuDDZskrxD+FNehkQWFClAzWUUCQBMtw1jj -ofWdwvPI9+S9+Ar9boRfjm560R7WAM4Vpca+Bfn8XODBuL3zJZYtuPqOeZcf945L -Tbh+58nTebzJg44= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMjSl5m+1346jw4w +/L8QiVw2JVIlDrNvlrC4Bw+NvmBQTd1nX7s+IHgGUuFPXBtQmKoLezpSjaPPM1Jx +abAhsxPByRQiNLpD7eSGBkdaHa4EBf2P06sxonoOO3KNaK0NcxRyuey29CzhMygW +S8G8f3iCxi2dtMLkMKYootGRbBCFAgMBAAECgYAFJkVF53teHMFLU10/xvxGtYq6 +cwHP/xYFnQptTyypCpYcjciKJBswCLV6Wo8ZkjT/80BrK+++2hLOU+MqZYrSdLqH +W2P3vBlaAhssaGu4dxa/X6og2fKrsn6Q9JBPNL4hvHNbUkQNCz7YAKgKdVaBbp98 +cRrWqV2Oz0inGl+k5wJBAO5zEhZIzKUUJZYdwP8q605+lTGua6hW1zf/OgvYaJxu +V4KS8t4RGyK69ELp7fsGeZoXpgH+CZyYYcm9Z7ltvY8CQQDXmovFMDtNL36U7661 +uIJz1wI9eB3ISGo4EhuK5FDF0Wd3G4JlvZ+s99JoNRlkP60pSNX4mIVNWaFlTMpY +JW6rAkAAyEHb7ts1A27oIira63IgLMwigJb702UbWuv+0/Pr53TECeVgEyBKqeBZ +Q9kzBJ9rgP5bbVDswZc4iTWI5zJDAkAajHdFksjamkyV/mWfDtdReFpYQ2A3d2NN +AD3P/olLsptw+Tw3VwBAhkusdU1pIMYr3UIr2GwhuDW9iZUpAYL9AkEA3QUuCDHa +nUNJ7095aeaFIsRcKS8GDAiQS9+RMOadhvH9cWButRuoLEAZxxGkcnL1Pby3lGa/ +cLQpsTMExg5Log== -----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/Signer.p12 b/test/aux-fixed/exim-ca/example.org/CA/Signer.p12 index 56d304b98..52bd39fc4 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/Signer.p12 and b/test/aux-fixed/exim-ca/example.org/CA/Signer.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/Signer.pem b/test/aux-fixed/exim-ca/example.org/CA/Signer.pem index 0d15f116b..ad4e9f4db 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/Signer.pem +++ b/test/aux-fixed/exim-ca/example.org/CA/Signer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/ca.conf b/test/aux-fixed/exim-ca/example.org/CA/ca.conf index 17ad6f648..cfc13019c 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/ca.conf +++ b/test/aux-fixed/exim-ca/example.org/CA/ca.conf @@ -1,19 +1,19 @@ ; Config::Simple 4.59 -; Thu Nov 1 12:34:08 2012 +; Thu Nov 1 12:34:02 2012 [CLICA] sighash=SHA256 -crl_signer=Signing Cert -crl_url=http://crl.example.org/latest.crl -level=1 signer=Signing Cert -ocsp_signer=OCSP Signer +level=1 ocsp_url=http://oscp.example.org/ +crl_signer=Signing Cert +ocsp_signer=OCSP Signer +crl_url=http://crl.example.org/latest.crl [CA] -org=example.org -subject=clica CA name=Certificate Authority +subject=clica CA bits=1024 +org=example.org diff --git a/test/aux-fixed/exim-ca/example.org/CA/cert8.db b/test/aux-fixed/exim-ca/example.org/CA/cert8.db index ad54edb08..ce972c62b 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/cert8.db and b/test/aux-fixed/exim-ca/example.org/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty b/test/aux-fixed/exim-ca/example.org/CA/crl.empty index 918cb9044..fe8f07b90 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/crl.empty and b/test/aux-fixed/exim-ca/example.org/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt index a29362bdb..94f20b071 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt @@ -1 +1 @@ -update=20161101174751Z +update=20170131185506Z diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem index 82a72d4d8..4f821e838 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem @@ -1,7 +1,7 @@ -----BEGIN X509 CRL----- MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5vcmcx -GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTFaMA0G -CSqGSIb3DQEBCwUAA4GBAFTm0R/eAa6I8NpxnYj8JaaPMla1Y85epIzla3MiT49/ -sxRGwfsvxVRbBgDOkGICVgnEOPF68efOQhGrDP8mUccHYConCPnlwphhjBbf5coQ -QfJBDqr6hBbYf5qnWdgND+eso+nhA2bJOElAs6bk+R0FCJdeubd+HhjFoQ6idEeP +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G +CSqGSIb3DQEBCwUAA4GBADLD6OroW8EWuq29VZY20bC+GRrfYYQVr6bnlFBeXci4 +9OeBuLSiuil3JJ6+dxudnY5EiuR5n0xCbrtXZl0Vo5vOG5715rHZJa1qClmuN/lg +/1qEhrv07xM0Nr1KAolfY/AbCG/qfJQqYjfGE4PhYHoWCkorediQEZcCZttWNa1X -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2 b/test/aux-fixed/exim-ca/example.org/CA/crl.v2 index 0bee035f7..8bebdc182 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/crl.v2 and b/test/aux-fixed/exim-ca/example.org/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt index a488ee041..8384c35bd 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt @@ -1,3 +1,3 @@ -update=20161101174753Z -addcert 102 20161101174753Z -addcert 202 20161101174753Z +update=20170131185508Z +addcert 102 20170131185508Z +addcert 202 20170131185508Z diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem index 08a80ea4f..921dcbe94 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLm9y -ZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow -LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN -BgkqhkiG9w0BAQsFAAOBgQCwqQU6wOjlfQ4FtSznjytU5foi0kZWHFlWjmMjuz0f -1UpZzpddpu8mxXIjZebvRSj5e1IQP9sk8H3sdd0D7mmiItk+qUKyJoWbEeA4om5y -0DOoRpBGj5xE9QggV4eoxlesqI+WgKjv4vkJqlh6Ot/Ift6Wg6VrKREJTVLm3MQK -5g== +ZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow +LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN +BgkqhkiG9w0BAQsFAAOBgQAJBbIgdSCMTdcUL0399zEfbd5c12WOIo+emgVrfNsr +23prPL1ZoPm8l+49oPX+QEamoupbYNwAAKZ+pB1geKL/h7fOidLHunsee8Fh7D/L +KTxHFe93JZzHl5+xiQM8WRGnsWrRVVebmcktKHG2oGglzY3e1m1xZrIJ6eXmzPXM +zw== -----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/key3.db b/test/aux-fixed/exim-ca/example.org/CA/key3.db index ff1ae49ad..1da610737 100644 Binary files a/test/aux-fixed/exim-ca/example.org/CA/key3.db and b/test/aux-fixed/exim-ca/example.org/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/noise.file b/test/aux-fixed/exim-ca/example.org/CA/noise.file index a6e21f498..f8678deb1 100644 --- a/test/aux-fixed/exim-ca/example.org/CA/noise.file +++ b/test/aux-fixed/exim-ca/example.org/CA/noise.file @@ -1,188 +1,309 @@ processor : 0 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB physical id : 0 -siblings : 1 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5424.00 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 1 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 1 -initial apicid : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 +apicid : 2 +initial apicid : 2 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.15 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 2 -siblings : 1 -core id : 0 -cpu cores : 1 -apicid : 2 -initial apicid : 2 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 4 +initial apicid : 4 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.09 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family : 6 -model : 13 -model name : QEMU Virtual CPU version 1.5.3 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz stepping : 3 -microcode : 0x1 -cpu MHz : 1994.999 -cache size : 4096 KB -physical id : 3 -siblings : 1 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 6 +initial apicid : 6 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 4 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 core id : 0 -cpu cores : 1 +cpu cores : 4 +apicid : 1 +initial apicid : 1 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.40 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 5 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 1 +cpu cores : 4 apicid : 3 initial apicid : 3 fpu : yes fpu_exception : yes -cpuid level : 4 +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5428.13 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 6 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.164 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 2 +cpu cores : 4 +apicid : 5 +initial apicid : 5 +fpu : yes +fpu_exception : yes +cpuid level : 22 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.27 +clflush size : 64 +cache_alignment : 64 +address sizes : 39 bits physical, 48 bits virtual +power management: + +processor : 7 +vendor_id : GenuineIntel +cpu family : 6 +model : 94 +model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz +stepping : 3 +microcode : 0x9e +cpu MHz : 2700.000 +cache size : 8192 KB +physical id : 0 +siblings : 8 +core id : 3 +cpu cores : 4 +apicid : 7 +initial apicid : 7 +fpu : yes +fpu_exception : yes +cpuid level : 22 wp : yes -flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm -bogomips : 3989.99 +flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp +bugs : +bogomips : 5427.26 clflush size : 64 cache_alignment : 64 -address sizes : 38 bits physical, 48 bits virtual +address sizes : 39 bits physical, 48 bits virtual power management: - CPU0 CPU1 CPU2 CPU3 - 0: 135 0 0 0 IO-APIC-edge timer - 1: 1 2 3 2 IO-APIC-edge i8042 - 6: 0 1 1 1 IO-APIC-edge floppy - 8: 0 0 0 0 IO-APIC-edge rtc0 - 9: 0 0 0 0 IO-APIC-fasteoi acpi - 10: 496 482 486 468 IO-APIC-fasteoi virtio4 - 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl - 12: 0 41 47 38 IO-APIC-edge i8042 - 14: 0 0 0 0 IO-APIC-edge ata_piix - 15: 24 20 182202 20 IO-APIC-edge ata_piix - 24: 0 0 0 0 PCI-MSI-edge virtio0-config - 25: 0 0 0 0 PCI-MSI-edge virtio2-config - 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues - 27: 3075155 25 27 24 PCI-MSI-edge virtio0-input.0 - 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0 - 29: 0 0 0 0 PCI-MSI-edge virtio1-config - 30: 8 10 6 263042 PCI-MSI-edge virtio1-input.0 - 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0 - 32: 0 0 0 0 PCI-MSI-edge virtio3-config - 33: 2251 1443 1443 76439 PCI-MSI-edge virtio3-req.0 -NMI: 0 0 0 0 Non-maskable interrupts -LOC: 2928502 2336072 2358940 2472920 Local timer interrupts -SPU: 0 0 0 0 Spurious interrupts -PMI: 0 0 0 0 Performance monitoring interrupts -IWI: 172144 62813 48129 57019 IRQ work interrupts -RTR: 0 0 0 0 APIC ICR read retries -RES: 803123 677010 571558 698502 Rescheduling interrupts -CAL: 22679 11469 17535 1233 Function call interrupts -TLB: 82367 78077 78876 80352 TLB shootdowns -TRM: 0 0 0 0 Thermal event interrupts -THR: 0 0 0 0 Threshold APIC interrupts -MCE: 0 0 0 0 Machine check exceptions -MCP: 624 624 624 624 Machine check polls -ERR: 0 -MIS: 0 -MemTotal: 1785008 kB -MemFree: 254052 kB -MemAvailable: 1298532 kB -Buffers: 0 kB -Cached: 491108 kB -SwapCached: 252 kB -Active: 329132 kB -Inactive: 223080 kB -Active(anon): 28840 kB -Inactive(anon): 73412 kB -Active(file): 300292 kB -Inactive(file): 149668 kB + CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7 + 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer + 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042 + 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0 + 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi + 12: 201 49438 1213 1262 5483 1423 1806 952 IR-IO-APIC 12-edge i8042 + 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus + 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi + 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0 + 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1 + 124: 7929 1965 1951 91801 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0] + 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd + 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci + 127: 0 0 88 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6 + 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge + 129: 725 32 125 185 13085 451 7136 254 IR-PCI-MSI 32768-edge i915 + 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me + 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi + 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0 + NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts + LOC: 33466 27621 28699 27181 44170 60850 27384 32510 Local timer interrupts + SPU: 0 0 0 0 0 0 0 0 Spurious interrupts + PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts + IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts + RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries + RES: 9981 4165 2812 2504 2970 1497 2331 2607 Rescheduling interrupts + CAL: 51614 26930 27696 38549 30005 38583 36536 38830 Function call interrupts + TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns + TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts + THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts + DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts + MCE: 0 0 0 0 0 0 0 0 Machine check exceptions + MCP: 3 3 3 3 3 3 3 3 Machine check polls + ERR: 0 + MIS: 0 + PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event + PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event +MemTotal: 15855100 kB +MemFree: 11477720 kB +MemAvailable: 12987088 kB +Buffers: 385492 kB +Cached: 1340976 kB +SwapCached: 0 kB +Active: 2943984 kB +Inactive: 985944 kB +Active(anon): 2204564 kB +Inactive(anon): 57088 kB +Active(file): 739420 kB +Inactive(file): 928856 kB Unevictable: 0 kB Mlocked: 0 kB -SwapTotal: 3354620 kB -SwapFree: 3353308 kB -Dirty: 1476 kB +SwapTotal: 7933948 kB +SwapFree: 7933948 kB +Dirty: 1696 kB Writeback: 0 kB -AnonPages: 61072 kB -Mapped: 18504 kB -Shmem: 41148 kB -Slab: 898368 kB -SReclaimable: 847936 kB -SUnreclaim: 50432 kB -KernelStack: 2672 kB -PageTables: 5384 kB +AnonPages: 1629620 kB +Mapped: 242948 kB +Shmem: 58196 kB +Slab: 252040 kB +SReclaimable: 179452 kB +SUnreclaim: 72588 kB +KernelStack: 6800 kB +PageTables: 29632 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB -CommitLimit: 4247124 kB -Committed_AS: 383308 kB +CommitLimit: 15861496 kB +Committed_AS: 8751488 kB VmallocTotal: 34359738367 kB -VmallocUsed: 149692 kB -VmallocChunk: 34359524352 kB +VmallocUsed: 0 kB +VmallocChunk: 0 kB HardwareCorrupted: 0 kB -AnonHugePages: 6144 kB +AnonHugePages: 684032 kB +ShmemHugePages: 0 kB +ShmemPmdMapped: 0 kB +CmaTotal: 0 kB +CmaFree: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB -DirectMap4k: 67576 kB -DirectMap2M: 4126720 kB +DirectMap4k: 147456 kB +DirectMap2M: 6608896 kB +DirectMap1G: 10485760 kB Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed - eth0: 218826535 3198986 0 95481 0 0 0 0 7353205 57500 0 0 0 0 0 0 - eth1: 29582092 268307 0 93503 0 0 0 0 30026750 67530 0 0 0 0 0 0 - lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0 +wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + vnet0: 32675 319 0 0 0 0 0 0 42290 545 0 0 0 0 0 0 +virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0 +virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db index f1366921b..79273d121 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem index 2ea593ca8..dec44d33a 100644 --- a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired1.example.org - localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85 + localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1 subject=/CN=expired1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMloXDTEyMTIwMTEyMzQxMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ65ETDQ0BFUzfULaRgT -7y3Lmo6D824GBywv4Dndgc5pChikv7TyCv3d8JdGs+ujXJUqzp0ahK/vamjoj8WH -+MKRVXamiDbNsVggjr9GaF+4bP4+Pxlk9RNpbqlpuMzn0U1u63/QnMjOii/zZN5T -q0yvOLl2RYYnftKkhA1o9h2tAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANImCjuDNWSYsLa2Kav2 +9Pu+dMrn+gXIUJ5WGNzjc0fZUf9u3W2is1Y/6XrNkHsMAELyadAD9DJCzNQxB7YL +Gn0wlo/glr8Njxe4q3FmJq1AjCUB0lDXEeHbyP8HoVu1Y/aY5vAJsVwW5od+S77d +ewSvg6vR8zhjTAZiscgHwzPnAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAuyaK -diFbp3JdXCjvrupsLExA9592LshGTyBO8o36MLUFdzGIIsYN0vXWvJfiTShIGAtx -9RMiwbjoUwVf5bQPHBeQJTIlkxBSJ11h8DJynNLVrxcQ9l95sO0KbCcJF/C24xO+ -FmxmReGz95B/70pGdejwqbZHND6jTU7lzk17iEA= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAN3HU +uSw4LZzflDXB6rtzOBrYU52GnZmBgwdKO851kHDIi5HJSe8KFk7thDtMQHQskh/R +650WMAHy+S/k87OONlk4p9ZoM7yIoJgvJ2WFcGK66eM76o5vnm2dhy88s4MzNsks ++H3xFAI2lPYBoKJKeKz3XZj0QuDli6KjlCte290= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key index 6438fad2d..5af649a8f 100644 --- a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.org - localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85 + localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIa+ZaRfZ9YdMCAggA -MBQGCCqGSIb3DQMHBAiiBWlQ0jW19wSCAoCiihzOTQtSnUUuGcsOlhbJOZKALjU+ -55566IeI7awy2s+E3YqFc+Ii+kLHVc1aAiWLhOLvQJEs5ox1xAqgJyZwxs2mgxRS -kLkFrYtjeqXVZPr1rO77ngWxRR+f9biHXjjbi8aAt2dfn8JdaL6lD+e6H0Y6+coP -VIFCgov8gNB0sm+QDB5Jq9+vxZSgplbyJsJdzUUDST90XDtI1PFdXZlV+3fCUT+H -u3gJ38OdQ5HEQYizDCR6buwiGWGJkAONI5oBBtyfAH5eGE9ogzEwf8OHUSqQwuNl -EVaCUrwrCCu8w8DE24rsRaMcP8ApXQEtxN8hdBWqqyYs3uGdHWmVp/h7CutVqyVj -JBt8yqNdRyBeGXLH1PnnLS94J93hVj3XrOG/ScGEXgPzDXNK7ws47iySLCW/DVwQ -XpawOMKvnRRPw8Tmeq8Gx4uFke5h45EwlsBIa5Sfq00uMCyJXg62BD21Opo3jo0T -dhBxlUTXlQXgF0GzxM6aXX2ZDoNfHzJR+C6mBAVs26NobLr2NZ+i4HgylylA6tuJ -rYL1PgQbKeWHMIcx22PHij97BV/+H7bBRUxqJM4da9cg4t6IxPpB3dJf6cXqAkbH -/msgx0KVYdBANIC8AF5+pyhRA2+WrVvFxyvb8Ji4DaV5re+nNLt9ZFRiCiFjUL0z -pydZiTddgQ3I1WGCiteqLEEsSvy34Ju3PyQoQJkNH3TFmvHcNvjd78gRWPTnY9DI -1PpUJD0GYtvAxj5PZaord+ESHEzGURaIVbUEuguXVdg239f7Kw+NymdEo/Ne3LD6 -+VU/2Sq/vxRUCdJKkhEGcBLeLvducWbB7duVLi8agK4LyaakcCsy91GX +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYw5AHKHpvwACAggA +MBQGCCqGSIb3DQMHBAjPjI96QuNFaASCAoAjCiOv8zLE19SudivjlvejgTBwUXXb +RKTIijmHGXjP2WaW47vWcCZ8hSDI5TEuDF56khVea56GyWW86XFB/1P2Mcwg2HBP +OfqrFG5ZZI1zQ/40U/jkYpQ79IUAvY1Xn3Af8hsbFGo0saIG2HpWdDQqWE+MM+fU +rTliQVtCHaU2V5w4clcz+CkzUyHtRogc+gX+VMl/bKK0OkyT8R1tA1eRJIUiDTc9 +kpEFD9wQB+TpWH3UyMg8Vy+GBQVH9R6Q9mcoDMWvmYTnT9wkcb3DhHZ7Fb+vlzNK +NssdtTjxguFpjDozvxbUH9niJUAZcC5owd0LO8q/0IVuNhJEZOAtP9aeCklMvs5n +u+4e4/jDXWmU3LHIPVy4X3j8Rf1y5YTdu2DZQLZs707mplLtBqnf0DLY1va1Y4/E +i2SDfRamfjvQKissZL1QywniMLXT66dXMSINSG+jPt8l8DkYNEgwcaSepJAERF1q +3y3TCBXhj+juhN4aiZT0zbQiDA4NHzHI8+xs2yThpaqA71o5xh35l+dMcRNLcWuc +3CpVQvsGeVyF6Rn9isMFa3TuzGMfeG+2GNWjL1/hy5i3ROiV3yuuGX10kSSbg0sn +nbAhCFugRYEywE6+Rnv9tfTwU9zutQPK2VZrG6GNzT0cucLGLbsHIts20QOWjiI8 +5cV5fDKTZhzPld2K8OpkhGSnRkdWvay89RwAzebcsBwSNoPfuxX0pXgi98mnaXVY +KDhpmGhUya+AcflPJyd3DY9Ys/Eldq8aPEj0JWUGhyJyy0K6waoFTuZ6lIZMMLWV +vHfsQlgTEqHlaXvs4qg9yzLHJaa40ucaeIbPjDtHB82Rd4APCoSkYTFn -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp index b50485125..78092bac6 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp index da0c15310..67705a989 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req index 183d4ccde..e7cd35cba 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp index 2d038f9c8..6ecf45ecb 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.dated.resp index 32f5b2a9c..3e16f3650 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.good.resp index 888033cd6..d7e27c332 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.revoked.resp index 7fb1ac034..efa865b60 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.dated.resp index 83e946e09..e42697062 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.good.resp index 4a0ed3278..6a96d0a50 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.revoked.resp index 8619084a6..2e9ba797a 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 index 5e7d57bcd..103ccc9e5 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem index a58f0afa0..ed4ff4c2f 100644 --- a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired1.example.org - localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85 + localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1 subject=/CN=expired1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMloXDTEyMTIwMTEyMzQxMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ65ETDQ0BFUzfULaRgT -7y3Lmo6D824GBywv4Dndgc5pChikv7TyCv3d8JdGs+ujXJUqzp0ahK/vamjoj8WH -+MKRVXamiDbNsVggjr9GaF+4bP4+Pxlk9RNpbqlpuMzn0U1u63/QnMjOii/zZN5T -q0yvOLl2RYYnftKkhA1o9h2tAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANImCjuDNWSYsLa2Kav2 +9Pu+dMrn+gXIUJ5WGNzjc0fZUf9u3W2is1Y/6XrNkHsMAELyadAD9DJCzNQxB7YL +Gn0wlo/glr8Njxe4q3FmJq1AjCUB0lDXEeHbyP8HoVu1Y/aY5vAJsVwW5od+S77d +ewSvg6vR8zhjTAZiscgHwzPnAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R -BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAuyaK -diFbp3JdXCjvrupsLExA9592LshGTyBO8o36MLUFdzGIIsYN0vXWvJfiTShIGAtx -9RMiwbjoUwVf5bQPHBeQJTIlkxBSJ11h8DJynNLVrxcQ9l95sO0KbCcJF/C24xO+ -FmxmReGz95B/70pGdejwqbZHND6jTU7lzk17iEA= +BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAN3HU +uSw4LZzflDXB6rtzOBrYU52GnZmBgwdKO851kHDIi5HJSe8KFk7thDtMQHQskh/R +650WMAHy+S/k87OONlk4p9ZoM7yIoJgvJ2WFcGK66eM76o5vnm2dhy88s4MzNsks ++H3xFAI2lPYBoKJKeKz3XZj0QuDli6KjlCte290= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key index 6394db1ff..1b00779ad 100644 --- a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCeuREw0NARVM31C2kYE+8ty5qOg/NuBgcsL+A53YHOaQoYpL+0 -8gr93fCXRrPro1yVKs6dGoSv72po6I/Fh/jCkVV2pog2zbFYII6/RmhfuGz+Pj8Z -ZPUTaW6pabjM59FNbut/0JzIzoov82TeU6tMrzi5dkWGJ37SpIQNaPYdrQIDAQAB -AoGAFPxRGowxRmlZBdIpZgaUtBBccgVeNSjU3/HAisYPuJPIwvNdaXYrH9+tRMMT -XM9vmUVcpgbwjjZwckh1Yd+VcybnPABw3auOeoKWTKHg0B6gShwBSkkh9Pq8zW3t -lOR8GFm0UmbvKf0Z8GFGfkHab/eKwMCVm8t4PHNnwfE81l0CQQDMFWNViXqe+n0g -ZHh6Sp3/+nKJ0bKQD6dYcTI6tPhBhBFvQUFVSRsVyeBlGRB++BOxd/Yw93qJbCcC -VD/PrMbXAkEAxxmkLlBr3nfOabPT3Yi8ctvg3zIJ9j6NslZMxCdJ96qoZu51VnBl -1TvhM78/LnbW9uCh2KkPR1SV9W+bsuhjGwJAaKcjHC72sWWUGrNK0LNI2IZOi/v7 -jEJqt0C82DwK/lXCNwIIhbqKaB7wsgcrXWDLgHsaxTtzG9tZGamoW0+nWwJBALW8 -LQXteJjnyOzpLXGgt0sscxWoSjmQHaz0YzwFFNpR10elUEunavx5nPWsExLpfQx6 -PKFUp9KXXg5bYsaqopMCQQCEGg5SRni9xSapkmf0RjA/6v+rSGGyLnMl2hNGazN0 -BVMfbhPWJ3Xs8vJYZUAnDC8P1BC2t45lOVNr/Ah9bJ1T +MIICXAIBAAKBgQDSJgo7gzVkmLC2timr9vT7vnTK5/oFyFCeVhjc43NH2VH/bt1t +orNWP+l6zZB7DABC8mnQA/QyQszUMQe2Cxp9MJaP4Ja/DY8XuKtxZiatQIwlAdJQ +1xHh28j/B6FbtWP2mObwCbFcFuaHfku+3XsEr4Or0fM4Y0wGYrHIB8Mz5wIDAQAB +AoGAQNzE48GHxVjrkjl/ezhqPRl36vjWztoZKAXi/qqldlO5X2HUrnY9bC2l3uV7 +5r65hfBUgIP351t+5S+M9b9PmS0cMTQ9M6GHF8Ahvw5CKlttg1cHcU+5GMYUGPJ6 +NRI3V3RVJI8ew7SljN9dEoPjXThqAQwgDfxAbJCvr163rOECQQDuxqjJxMfvg3Yf +RYvMPsAfaYfGymXXKoAUsEZdqcWFVk4OcMd+lpN2yWZ7+CSVok0XaLA3wObgRV1S +Le5IhrSzAkEA4U68AOuu8fgTGwY62Z/ux6K0qYFomwhUxy/RVdezMHP/KSgjH5cT +6L3jVr2vOfO8WwNst7IdUNQG9LhLkUhl/QJAXl/YsL79QzaThnKneZfHueKtDq5K +qEudChBOD5Edh8D/4wdCYk9Dg6zAu/jtBNN8Yuc21yKAXl4sL2IGD1ZmrwJAD/nM +POh5TDEB8c2cSKgdf0xbMRW6/Bs4H7OVTVfxHcNr2Vg+PVQyFjO4tgLXNO3CclWo +1NGtYHjYUWvr985BZQJBAOD5MMnrWWpXW1b7GTQfw24zMfYbw5CNEYXUn3t8mwhL +/wDBfNicDchags/kP7AhQ9xR5br29v41kJhk6DuoKbk= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db index 1717e7393..77823254c 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db index 4617a4de8..240836f84 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem index f467d062a..8d7c0244e 100644 --- a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: expired2.example.org - localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69 + localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D subject=/CN=expired2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTVaFw0xMjEyMDExMjM0MTVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpk3vdqmKGLJ1atHFL -VM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5yjA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i -9nD2leVy8vjfudjqgdAb3BSXdXMuqm6GFHHAAClB46Cr6pzHD4f9r8GoDvHjvqFe -n1EObewAbGAhj22DfPA2vfV68wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrcutPy6MwDf8v9KY+ +EmfD1UgqwzWDfExzOLltPoqYDe/925YdyR4APYZwMYKSz6aCqcr2RHXNlhaQxn28 +QXBEiqYN9oDxSUBGnMYpahG1kVChdwDOmB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5v +JXvFsLyoqpWHF1hvRFpPAtjY9wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAG5q -2Axh9aXYSUyzVv478q7JhGOJKQ6ZpmVChQghFikeo/GAxv0gm62aD2Ka9+iNkc66 -yGIFOc+QK7pOIClhDpp3AKWrgzhmdYQ3aOfbgTigG4jYjz5SldE0nedrK/xRVJ/J -oLxAhtxpRO9htIJTcx2pW4DRu4Wv13uncB436kPD +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAIlD +3fGGN1764ZR0OBfhIcfR18putZkIlFQSQojhj4ZgCisqU/pXlkQ8FM2mUhDLZfi1 +dezo36i6x3tmNnnVVc0DUn8mmD0t0SlH7PBrIyhv10spu2wfitNqnuyknAIpEE5V +v2FZRwnBxqhQkWoGjDb+vCOJxH3zYgXMEaN99Ifu -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key index d77fea48d..9bb8a7902 100644 --- a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.org - localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69 + localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIXzoSEpxpBAACAggA -MBQGCCqGSIb3DQMHBAg9BBR7hWZt7wSCAoBlLeuxRVykDRj7vKA4febmUGxPbNwF -Vyt6Y1Bsn8VpwxDypA32u7xx+o4fi0J6o8CbovDChfFO/U9ptxyRHNN3ZGWuBuEB -XwXMzIAjymoqRVDEOdTWziyrTHVm74SuUPirxZ1TwGVz4tJKQclhaIOpB3dByV6x -QyJ208vp9D1ona7TYJ/+CfQUHLHcZ6b1am9DitIxfoRJL6n11A8LYA1JjIYK+ESa -ZKngsYOnl9LMoTXaPWsR5KSCmi4OrqnjAoDCb9Mrn4Bn2UeJkYRg4FEVK+fM0wrs -UytmP4p/u88reHRWiCT/yRNCJxuRcDrFMYtU3InExEXDIek+IjQQAeF82rn9Ku0m -Sl+q1wxT15PRPmFXK5rkcdzlwu8dS7vo9W9wUQyE2BpDGUJmKGWmhFeus8XoJuTa -7jC1TR60VkGUHyHPfatV7IjyEGBr4rWp1MnpRH1Yw4vSgX7AAVWdoeX4YfNB6gsA -ioX1dYLQpZZ4+DB6lPNUEX6pYyszwqmYUMuVvu/j6SGYsyoxrIHapL5cmTsBjt+S -uvoeglZixIrZLcUDn4fpcC9Ks7QswF1MzEsqxW2ZcKjPYyBJ6otMid6u8BRWnkAx -8IZvRFddStKjS7iiuAQ3N02cn727q/sdwvXEaV3A7Pc/hK+PPF47m/Yg4Wi4JSIp -6OLwRPqTkBDJ7QJcrem6zod+eyoMY2KyDmP9geJAM7hfk7JhPcV9ikEZe7rAUaA4 -F08WxbFSEIKoc07ZBjeQjztmpK6z2c5+JsDenPpRS+p1gonKvpbIIeKfsPoW4IEE -cWGFH7GPtWfc+ubPiGsFEFICUwxFK9rc82pxe7qmQ/ZEw0JUnM+Hv+o4 +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIm43+EhADc5wCAggA +MBQGCCqGSIb3DQMHBAhpt6/mtIXjNwSCAoDi0VXOiUz3lGJBbkvrD9woQ6e5w3gu +VVIfze/89KJsBTlLo7Idg1/veb9I2swd8XuKMjo3uiJdt3Xtv5LyJysF8qMRlm4L +WosNaJ5iTve6beJlLcy1KnPyrReq+CHGToALGoejewlaU4zRzW8yTY6J1Hg7xiKD +QzgfbGeji+4W8fsWMVk1vhmj1edf1upNeFdTS8esmZOfk4LlP5WGV8KtE2ikZ/mj +V8kHg0pJY3jNhcolpUSw1y4C4U4Sus00L3wiRFEG98ltZPPtp6wcVV1brU7XwzP8 +StKMCyCte6e/PoOklkcznZZZKABo+/yfrzrH7GI0ATwoyQATvObAZdmsF41Lw8Zx +aY1YEYulFVcqjrGFP8b1vRllw//XvYm6xr3xcPgSnifJ0b4lGjqjW3peJW2n5fp7 +mwr6pmWEGFE5c//DjbvvswiIMa5xBbBkEaySbSnS2mzzTIHYP8ezEgyU8jDACEJD +/F/evkvyTM3fYQMh+x9npD5dI3Ea7rd+6CikFhFGT2f4JT3HO9z5pB2VWR8i5E06 +c73VwLQGCkQKyPj+5M+ISooVgohKo9MhPpNPdG7lDLW6Z/PNhCS60TorQF7BbqhZ +1r1sp9Cc+rFlV6fAJy0DB7lrVUKi7Sfk+uaqtNlHc4shPEs4uB4SLPBLXXgoYzBD +mFi7OFQwLaSQVv4XV88ewxYTNkRJFowZzeRoxRZit8ReVC+28Tv8ISnKK6+ZAY1o +N3CkI4CBdZtg6I9KS9ABt2BspcSEGuN3XEzkfVDk09POVaO2t/HQZIAyNVu4RAny +afaGdLUyaGWNYNSqH436XeiNZyoIg/QfI041JQb4/fwcrYikZNlCo4i6 -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp index 2a4543f65..441d6e14c 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp index 949dda73a..7ad2ba7f6 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req index 6580a7bf0..a73559a97 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp index 9bb4399f2..7ad2ba7f6 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.dated.resp index e09228da2..449f9b8c0 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.good.resp index 6a5d3e0a5..44a4f95f4 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.revoked.resp index 6a5d3e0a5..44a4f95f4 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.dated.resp index 8da9a6f6d..21a46a381 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.good.resp index efa2b94d0..138d7c7a2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.revoked.resp index efa2b94d0..138d7c7a2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 index c71e9921e..c960a7c9d 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem index ebb0e515b..244eb7543 100644 --- a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: expired2.example.org - localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69 + localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D subject=/CN=expired2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTVaFw0xMjEyMDExMjM0MTVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w -bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpk3vdqmKGLJ1atHFL -VM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5yjA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i -9nD2leVy8vjfudjqgdAb3BSXdXMuqm6GFHHAAClB46Cr6pzHD4f9r8GoDvHjvqFe -n1EObewAbGAhj22DfPA2vfV68wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrcutPy6MwDf8v9KY+ +EmfD1UgqwzWDfExzOLltPoqYDe/925YdyR4APYZwMYKSz6aCqcr2RHXNlhaQxn28 +QXBEiqYN9oDxSUBGnMYpahG1kVChdwDOmB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5v +JXvFsLyoqpWHF1hvRFpPAtjY9wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud -EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAG5q -2Axh9aXYSUyzVv478q7JhGOJKQ6ZpmVChQghFikeo/GAxv0gm62aD2Ka9+iNkc66 -yGIFOc+QK7pOIClhDpp3AKWrgzhmdYQ3aOfbgTigG4jYjz5SldE0nedrK/xRVJ/J -oLxAhtxpRO9htIJTcx2pW4DRu4Wv13uncB436kPD +EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAIlD +3fGGN1764ZR0OBfhIcfR18putZkIlFQSQojhj4ZgCisqU/pXlkQ8FM2mUhDLZfi1 +dezo36i6x3tmNnnVVc0DUn8mmD0t0SlH7PBrIyhv10spu2wfitNqnuyknAIpEE5V +v2FZRwnBxqhQkWoGjDb+vCOJxH3zYgXMEaN99Ifu -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key index 8df9ef56d..a7bd3fb80 100644 --- a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCpk3vdqmKGLJ1atHFLVM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5y -jA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i9nD2leVy8vjfudjqgdAb3BSXdXMuqm6G -FHHAAClB46Cr6pzHD4f9r8GoDvHjvqFen1EObewAbGAhj22DfPA2vfV68wIDAQAB -AoGADiqfB3argnAJuUEn0dZE5jB2IW03wUP6oDTANUdYVaAYsRzXhIRE1VMMDRua -tV/aFGdB+8svkvk/Zntls/dImn42uCr9WlM26qsV9c8e8dcQRmHQgWn3uSimrYP7 -FMTYrpTv+WCBxmDkAioh/efN0R2UNiv4i1AwRBiagXFVLkECQQDYf13hDEgV2Djq -LDcjNyHLLDPI8kCdCYiy8BNitv6iOVdW9KB5Wpa200qYPhyFicXz3eWZtgm62ODo -rX875CdhAkEAyIRpD5vTmsezgmH4N2dZzAf55QtXEnM+t/rAf3tu6Tb/DVJnDlLr -oEu3lTJk8egoYd2s1u7EbTfmkkTFovTG0wJAENdHjDwSV3CsbLrnxxuAy3cyyAzg -LdcSBSlbuLAXerMPMjpxST9cvfgNs24RdenTtjaqp5xbgWdhh3gHj7cdwQJBAKXw -znFYZ/oDoo8YPK69HRc40pm2lMx0C0d+gKf/on3mQZToyNiVzuHNR5R1LAz2L9Ut -+se0uWIZjPsnZtfA8nkCQEEtRUwc4wj8Mit2SWHViaK7EckNZrQ6ZkC55DxCDulv -Qgy1MaPR7Imzh8RTvWywSMrvkE/+lwEZjMKzxb56sIo= +MIICXAIBAAKBgQCrcutPy6MwDf8v9KY+EmfD1UgqwzWDfExzOLltPoqYDe/925Yd +yR4APYZwMYKSz6aCqcr2RHXNlhaQxn28QXBEiqYN9oDxSUBGnMYpahG1kVChdwDO +mB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5vJXvFsLyoqpWHF1hvRFpPAtjY9wIDAQAB +AoGAJC0c+trgpaCmcnOAaoOOspM75Y4IKiTdqshS0/rI2rnCJIIjhEhuFKXmyqCf +ySOYomR6Z4ldhBJB062WVVVHf05811usTNPaaKGsYlgN9h8VZkMXL6jGdUCuoKV7 +4RpMN5cXoLofZEiuqQgfoJRPksEPFkq4vIFwCtMylE+ecoECQQDY8MJYCFh6XO6R +JtmDgT5x1nIPKXNx7b2JSFkKr2HDRwuc/U/RlTHZNIqJy0B0EOunurQf46aq4yHm +luZ8KROBAkEAylFbyhfEbhT1Ky0zZtwHsgfyi8ZifXeY1XQPU4QGsckeH6VuU+Qt +di5IX42xvn5fNiv7OnOwYWokwTIYJoTIdwJAOYBfUuwrX4ugZHLytoucXJols2Ue +R3VnhqrZhx6DgDolluABtyCfjN4DVpC8LceKXvP66HTz6Vm406DtyL0ugQJAQ5Ee +RYTgfh8TreK/mud6znMnBpUviVVqvkavY6XhEnjnTYxTJ0M6B5D3bKoGpWbQ52eS +1HeUfUQUmEzhkeOgiwJBAIuSckRkCGwPz1lJMEXWGPnXIHX5m6xS7czZiXYEQjDI +sc7ZX5ChkTH+xkG/kKCux3uzWZV9/Bze9Nf1HTJQlHY= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db index 54bf2cb79..50a71ba19 100644 Binary files a/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db index f205eba15..778894200 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db index 8f7a57ea4..8716501f2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem index 02f8e08fa..e7c28b9ce 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked1.example.org - localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E + localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65 subject=/CN=revoked1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMVoXDTM4MDEwMTEyMzQxMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzAXVcUFIbXHd4434hL -AMLBwWwJfq9081hOorKkcOvZJ1AosMWzWRgnMuC5srj4zkGiJq2iR2CL26A+/34u -b6QQbVaTdtYz4xPNY760BECVOzpXKkD+8LYpZpZY6BU6LKHgdtwwWit2jiryLLhH -RTGwGQpd5zmNvk6yAB4AKcaDAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTM3MTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANQ5TGY6CeRUAIwm8yIr +LUEgx8w4fgM8aoZJ7e3rm4nyNHbokZKUz/ixjsfTmvp2HP64GGhfi7s2tV+4m4oe +uklEvxjc5beTOOF2kLPAD85ycizzUtA2zYPp00F52FwDHC17/5wGwXmQ43ULuguJ +xlWLAAnhtTLvlt4kizHeI9JxAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAR4pF -hRr+vuDmtx4Z1H4PQrMviAolUggT5fK6Xt/VWI42rhRyIAmk9+L72UpeOJPay9zH -Y90WWTmVF3Z0ygtJoqxMa4+yCHP0X5YvoMxU0F69gwZ1VwMSH0eaqfy96keC51IH -GGJhDQnSCvdaZkwHSr9x0NbjkScHEIYbGGjgFHI= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAAFxO +ibdqx4Poxsp/s48C8LnzVoudTMFqszwDTaUdiOQppBL9PMEgQKo2Ai/stxGfSl/s +/QcBVjXt6fhGs6jojVWMuDbAmLGa8JUjSK9zwcvHvHef0lIw30nwI7OXK6pV1Nnk +ShW5r683Zm3fWBPk/meEDUNuKH4fVC5hcbJPulQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key index cf605b57c..502671182 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.org - localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E + localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQINt3ve3qUUP0CAggA -MBQGCCqGSIb3DQMHBAgrqUmSSqVCSwSCAoBmJ39SMKPkCtt3ZVosxt3FRTOCDDLJ -2o9MS+QMqLxHZC8bDefqM205j22PLE82XfVGIkgOKCRF7tXeH5hEMeSm/YzY+c15 -Nd3kjasxBCPH1DUnOCoFQ/aZ84krdSVPRPf1eVuWSLymMPDG7WchdQY0qcKHGPCS -5tMOFGFhR+pYJTuEasK9PfSDx6bG3ia2Big+6O9SW8ubJ8f5T0v4dQ+NXOHJ690r -y0YoqtZcQG+9RoXTKFVLpKFW3PEWkDVjOrTpkvzHrbtZGETvp7uM2z0QtCS4ylCq -jDwfoeAGmJexcImVWWHSKESCWoK5vwvC/0wd/WO4I5WCL2rgRzQM1K6TyB+0p99n -dzVqDKy++7Y7CHP61RZmP/rHL12xFhKAax+kW3QTqceT7Q3iXvM9h5NEoWAOPjkO -qWr3nmeHDvzYof6WB4TojbcqNNVep9LHxfkIltiLemyniigf/uisq+Nbbwxuv538 -raOUjqV0FKPsNXeOM5dJ85dQ7MUZj9UNFE6siSDMb4r7wdLLrcEv0yOecXHNfnzL -JFP51OfMJh6kVSxuagH8W7X5LG/W4NhRc4EAVvLiYyFnAaJvH/twdgepEgNMnF+H -xMvn8JqBEiwXSUdU0rSOmmB1DDJi756oRFbWn0s9+yy5ZonkPnSUtUCTw9rBXijx -s+9OvsF+a8igsTrPv48bBNxKumwSwasM329CUSj1bnoFMdXU5CeKAdrpFUvpKTlX -//HmRqnJ46OyNP+uUrktg9pDAucCg36vXMn0VOVqrh+XiZX0NAIghCD9ZjWDtECp -yvvIcdEmF5hNt2c8pnCvoabVC9SHUfF6rPUx9RQyUWFcFhiPLGqa4nx1 +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRkXoekprbYgCAggA +MBQGCCqGSIb3DQMHBAjhK23s2B87MgSCAoDQv3pazdLUvYbPkShsuco700PJRn0i +Iu4o446zUSLfgrFRbMfGdMSQoCklSGtHfhEwqIwg9j7mkJ3Rh9BoA/tFcM7/eOsx +2rbb9EFPGsNm4a6AXkI+1+umXJJizPORGZ2uYrqoQ/ACaLegS8VMeEOvp2RJXxBN +MqeESk2OCxA21YHgrGH0Noiuhy9NjW9WWFzvis5lgCJd24gLiEXyNBY6oq1oIUd7 +Xi095aBC+KHsQRQngbGxNd/M/TYI6RkdxNhPpvibHN83fhza+y/EVWtkJ/UW9gcv +WPeBFFLjFHfQg51R8Ra4xZvaVgR6PB8ULPi+fSLt7XtvextUuR65mbTk8a15fljB +SkJnjGFS1zZABJD7rDj1WpqMEH+2QIqn3usRxYa5tGVbONI3wlqV49Z08eIjDPwT +DDXTlUOGZg1VIYWN1qkAJuApuZS4Ax/ND0fK/Qm5UMPBjbXOG6FLX3R2EfXcOeXC +HVhSRTlRay/7YTlByek1V9UQv5NCF2Urpvio4xaMs5K5DFMpXsnUyzgfIzv0101e +nEjDrZjkDmWqIm0hMjJpgAzu6GC5dzBS8gu4tLFhmdxMnBnhd6xRscu4Tkqtl6oy +pIWdgiCJZfQ6ydUnzbOl6qgI0RNDrV8kg0FSINFbQ+aDUts3P3TVL+DM5locJiRd +zCz3Cs4YcEYrKeHi3NT2tIouDE3+wNSa1LfGCdUm+tv47sS+7zBuQ32cZn6fPLH+ +9C8SFlE1dMqf+DaBbF+EssQuwotl4c335I9WfYO5//zgBHkc9kuft9B9yJ8BRiN6 +o2NJu6dkC3rENWpaKA7t28Kfq0KHkrz1QWmaQf/3UeHnjXoEBVRY8bnf -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp index 0d1a5cd57..66eb161d4 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp index c19cb4c9e..e07271c4f 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req index 68f02ea86..de30e995c 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp index f3e2287d0..d1225b963 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.dated.resp index 63863a169..b879412df 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.good.resp index 643482e0b..b56a3fd9b 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.revoked.resp index 6bdac0eb3..b94f5f907 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.dated.resp index 7fe063033..ec08fcf97 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.good.resp index 155b6c285..e6647785e 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.revoked.resp index b4ae58517..e44178050 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 index 2c8620c06..83a353f8d 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem index a9950ae8f..3387863d6 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked1.example.org - localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E + localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65 subject=/CN=revoked1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMVoXDTM4MDEwMTEyMzQxMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzAXVcUFIbXHd4434hL -AMLBwWwJfq9081hOorKkcOvZJ1AosMWzWRgnMuC5srj4zkGiJq2iR2CL26A+/34u -b6QQbVaTdtYz4xPNY760BECVOzpXKkD+8LYpZpZY6BU6LKHgdtwwWit2jiryLLhH -RTGwGQpd5zmNvk6yAB4AKcaDAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG +MzQwMloXDTM3MTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANQ5TGY6CeRUAIwm8yIr +LUEgx8w4fgM8aoZJ7e3rm4nyNHbokZKUz/ixjsfTmvp2HP64GGhfi7s2tV+4m4oe +uklEvxjc5beTOOF2kLPAD85ycizzUtA2zYPp00F52FwDHC17/5wGwXmQ43ULuguJ +xlWLAAnhtTLvlt4kizHeI9JxAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R -BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAR4pF -hRr+vuDmtx4Z1H4PQrMviAolUggT5fK6Xt/VWI42rhRyIAmk9+L72UpeOJPay9zH -Y90WWTmVF3Z0ygtJoqxMa4+yCHP0X5YvoMxU0F69gwZ1VwMSH0eaqfy96keC51IH -GGJhDQnSCvdaZkwHSr9x0NbjkScHEIYbGGjgFHI= +BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAAFxO +ibdqx4Poxsp/s48C8LnzVoudTMFqszwDTaUdiOQppBL9PMEgQKo2Ai/stxGfSl/s +/QcBVjXt6fhGs6jojVWMuDbAmLGa8JUjSK9zwcvHvHef0lIw30nwI7OXK6pV1Nnk +ShW5r683Zm3fWBPk/meEDUNuKH4fVC5hcbJPulQ= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key index a07ff6938..cf58651d3 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCswF1XFBSG1x3eON+ISwDCwcFsCX6vdPNYTqKypHDr2SdQKLDF -s1kYJzLgubK4+M5Boiatokdgi9ugPv9+Lm+kEG1Wk3bWM+MTzWO+tARAlTs6VypA -/vC2KWaWWOgVOiyh4HbcMFordo4q8iy4R0UxsBkKXec5jb5OsgAeACnGgwIDAQAB -AoGAOr/w/nxFvtXJwpl069UWHSXnseZIv0L2v0F+82IZRRxE0m4EMDgeRKiQFP0S -WvXCr2+F1+cofx0RRB4opbEFJic+kXq+B1JHjzODN5A0hUyMxmn6mvVQ6WmKzL81 -nhZKXq2Y0KWHG4gpUwIXAfcXIx9NGauwj7jO3VtT6InjKYECQQDiunzwfC0D2lHm -V/8o1BQ7ej8ITwo9wCxwMRqefCk5EEtmIAMp5OU+GEi9Bev89BhEJZCh+usZQG7V -OrAso39FAkEAww3nIQ4eEM4dqdIZXvFxQRqhXS3bPC7mCvDc1KykYPHUFtSSG1HL -GVi3/edZRLLvQ1WCRUUffArxklPPntSHJwJAJtAL4VMwlY9DI+5+dKvRhtkHf1Gg -jC+gq9gMGYNhvy4F6kaipAJWKAoaMZmY62WR3eCcYM5Gfr0j/Aae8BVRDQJAIZV/ -Oj3IB3S1vsuh+qrvqRoAtp5ypQYeLbwTCbtAAkEhF106WuHWamLQKzNuN1nnwFw0 -teCU7zKjLWKo2NwW+QJAIAu5TSZI53Tfn/hRBqvIbgOUIkisPkOQUikCSj8/OGNc -JT/EdpMGPF62VtSPPJnCe4q2+r2tUfmuWGNJvvzI5g== +MIICXAIBAAKBgQDUOUxmOgnkVACMJvMiKy1BIMfMOH4DPGqGSe3t65uJ8jR26JGS +lM/4sY7H05r6dhz+uBhoX4u7NrVfuJuKHrpJRL8Y3OW3kzjhdpCzwA/OcnIs81LQ +Ns2D6dNBedhcAxwte/+cBsF5kON1C7oLicZViwAJ4bUy75beJIsx3iPScQIDAQAB +AoGAB7cGssYsHHhHIKaHVZqyeCuaBnpsw/nEU8Stq7snkhKYyz795hwMZJmcK6Ht +ixVJYqNRuX9KB/36MWRCMkRBncM5AwgX/BOX29xSXtDW0F1A/5iao2mPiZBu/fOB +XVouF9w/XJsIy+QmL+exux+0IF5gAezgGopMQ/5yyu6D/AkCQQDtV5AUoav7rk8S +1xtk8L4mZGh5QWJCeEQsN7Xp1zde8QCTFd2hfvzHkncDPDWL9+m+NL46X2xeeD1C +aNRDf0q5AkEA5Og9LtO3nB1ti6HMMms9HX4X5v6p96bJhQl5/EXyFbO6rJBXbWe+ +2AmwBbXFU1Me/na1G6c7vY75WNsY96EJeQJATNG2lLbvT3rPpS1ydG1nXk3JctWy +1AjRJ+6wNouuJFCk+vZs0cSkVIQXeTiXrEIFqcawe3w/OyR3z3LWoTImIQJBAKfT +QXBAl0BlLviNwnlAuIkT9pBMK+8/IEZioUX9PjT9FaMJHKBAzOH1kFFPaIHj0jh8 +beH9ZUZgOZ4U3KRJM/kCQEVAgKgZaulkv8IxPoTLuaimonyJPI0Ku8P5jzxuAdHw +1sHXicVddvjPJtJ09ptt58X5qVbkrXX7IHxtcSZTSXM= -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db index e8741033a..b7df35b8c 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db index 361b23099..34a29287e 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem index 9c1fb4786..b6d2fef98 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: revoked2.example.org - localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA + localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8 subject=/CN=revoked2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTRaFw0zODAxMDExMjM0MTRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWREymQBM1gpiZ6S4o -NXLaz/Ib3aV0rYWemC20Fwmrm94vJogfLKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8 -edEWGq0g5Ke0985W9vH58tHjSIUtRWeCFqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0 -j/VJnogI+YnXAItuWWerohQ84QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh98fCkIQKwpKyfg2o +fEYF9ZV7Lo9dQWnHtumygfIipzVtMzEEvQ0UKOwvaUdKqT81IrmEokjBo/phHjMN +iQxunhO4i//CNk0qImDrR3/alvxMO1lquWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9 +BLyMkg0EOZZHo46VW5J3EFA21wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBACF2 -0KANuezWEJ42ouOza31RHJEAt1KG4Bg4s6sGjUV4mV87sdob5cdUTZOJFMZK/QmJ -q4s6PtYTh3fGqg07T6C8k0zrmN30KPGlpdhPZjOqXzZXu56yYMgHZC6D85udK+vh -zgDbkg4/4chZBdOsM+ErMDJNZulK3vsYbTVvviDm +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAET9 +V8w/BEUzYzeBZlFLAsgfTQxc4OxqWfJDCfEA/fJ7TrTpBPRkqV3ndx4ML4TkP6qt +dtAe6FMV2ZFhqe4X2uvHPXTcO44Zz3cLR7S1ykJcEK3S6w6cmjgOAIBwsSW1enrX +G42IbhOW5XVRrASQSA4ylHbGvEsoz5yfnCTzaNfs -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key index 7b6dc038d..17517724a 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.org - localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA + localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOqUsEZxApfECAggA -MBQGCCqGSIb3DQMHBAiS2tvMTVDiQQSCAoAteyeon9iTmTlqZqspp3GLMUDreM9W -2C0RZdAZJTr+joPK7yIKZe7lEEBL4ednib7l3Jz3ogSyAyuBiZTU4NBpDlxLYgnT -0PLncSe2z+Lw29+oNYcD5EMrjFpyQnlZa01kv2B5QK+HTkusCUbkBIkpb4yxCXrb -3ra0eB4me73+I9URPQHOlcDxKDAo0QZQIAgp5OfE2G8UeWu5Wnc+Fj6OsakhfloI -s2ujZQFWlc7b57BeL/i4bKaJEkNcQqZjp72Rh0NAZRLEjs/WawBQpbB3Uqxg/vID -4YeTmPh5tHwWiyEUBeXVilGEF9i6Dn9TILHVjsgHHM5CUe0EA+JPfzsyj8MZYsfK -VJ1l9ZYx9r4eJPg3mHc+DzWGmK58mav2FeTGHaFW1gxmR38n4T5rIUXgnX6dzJS8 -caGS4Yt8EvGyUOmvelTv0LaVHwav28fAEzQ+rO9ofGDBpcpbAHZuFjnYrb/YuoWa -FND9XQFVCUWi/rasadg0sTlR8k/6/BcMuGheUlyc/LEOVsD8nRO7109sIAjzlXOQ -ejf6uzVEkOtr7EC0TYyFPudFewOvjzdPgR+TMIG+7mwaCt5XKZuaJhGCaL+rReyQ -HNTvBId2NmBLX6atcg2AAP4KFkPvBXpqK3cFvFTagA8q9lA3qYGIRehxu9e5NQeq -oI5WfniiFunZ8I4Qjj4wTDnJtyRkkxXt3ng8uuqBpXmQjFcDbupoqD9V6MZciJIb -pgf+H2oUSuz+QaJW003SbxrnCcYp69rVfkZBs68ob+hU4GkhOKFvNdJEqhfNEr6Y -3gKjomLAUXQMK6CrEQm+uTaDXVjb64ANPp67DJaMmY9IM4pkszdL+Ci/ +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIGHbR7WtopmoCAggA +MBQGCCqGSIb3DQMHBAh0zlUUYCw0mQSCAoAfAQ9wwJjxeHg8cun5HROWb8uU0e1x +8i70wELecOA0U34te0Ng3n9sjsGj/YHSiGJIHws9zO3pA9mGW5o9QpqV97MVA9ix +E8JDU+4aI120s02p8y2PW9WUARJUKudp31TOxITv28HuXdsE3XPkevHqAD1TotUV +nyVTib5efhqDkBMv1t7tPhPd6fwoxttgR6HL1tzEg48kb6pFAjp2Wijf3m5kt6DE +xOoujA3b50aSkpkdlpDDoD+4QoPYs33KUuQ7ScFvXI5+u70DC30NBqqkghOrwTnM +TK+5ralTXuWEn72PZPAAlvFFORyVySAbM5lMIwBukeUD1DwWKztVspg+3m9yd/2+ +4F4LcQiRnK61k0UBico+NxOzu8Nty0foRLXVQOmjGVMV40FLxTqV8zDAT3dxysij +Mhy0lKWq7PIwUYUfue/MLe6bs48kK2tm5oEjhdR/j8JHi2dWje4iH3KyYqZzEtTH +X8ezmSsIkx2w2CGTt4K5kFZv19kGEavzZ9JfG0PMnV90KGI1MvJvcQ1o/Mb0mQdq +ZkzF9gAoLwGqMImDFXx7byaxGYcAdAFK6ZpmEE/+lFAVMo4/8z/i87xpEdPGtWbQ +f7npJ80oK6G0nog+HOmY58n8iIf/2/oRrCuC+OMcl8/slA7/JwkXfaUQaiZyUvMf +Csja31m7nL/OOmvsPUwlxlDRKP55egEmy5qCyJWKzfEPBK7CbzPbvGuTmfF5aGEq +B/eLlr42JJV2vAAc3XnSCOwp5zyaZyKlTsnI5A+ywK6FAj/bQ2xe+tj6SeAD9k28 +Gt8cwWVyKGXsAv1JTXPzv1uzQPORU4pDqA4gZAKC4S0E1Q1VN8O9tMw3 -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp index fd246fa0e..7e4277842 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp index 63860eaa4..d52907068 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req index 1903acc0a..824205d9b 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp index 63860eaa4..d52907068 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.dated.resp index 19d87f887..7d8416e13 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.good.resp index c201e960d..f0a5b99b2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.revoked.resp index c201e960d..f0a5b99b2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.dated.resp index 96bf11063..85365674f 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.good.resp index 1dbe916c7..604cfe4a9 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.revoked.resp index 1dbe916c7..604cfe4a9 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 index 6e30b03ab..9bf7bea0e 100644 Binary files a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem index 30872bca4..4964312cb 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: revoked2.example.org - localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA + localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8 subject=/CN=revoked2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTRaFw0zODAxMDExMjM0MTRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w -bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWREymQBM1gpiZ6S4o -NXLaz/Ib3aV0rYWemC20Fwmrm94vJogfLKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8 -edEWGq0g5Ke0985W9vH58tHjSIUtRWeCFqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0 -j/VJnogI+YnXAItuWWerohQ84QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh98fCkIQKwpKyfg2o +fEYF9ZV7Lo9dQWnHtumygfIipzVtMzEEvQ0UKOwvaUdKqT81IrmEokjBo/phHjMN +iQxunhO4i//CNk0qImDrR3/alvxMO1lquWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9 +BLyMkg0EOZZHo46VW5J3EFA21wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud -EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBACF2 -0KANuezWEJ42ouOza31RHJEAt1KG4Bg4s6sGjUV4mV87sdob5cdUTZOJFMZK/QmJ -q4s6PtYTh3fGqg07T6C8k0zrmN30KPGlpdhPZjOqXzZXu56yYMgHZC6D85udK+vh -zgDbkg4/4chZBdOsM+ErMDJNZulK3vsYbTVvviDm +EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAET9 +V8w/BEUzYzeBZlFLAsgfTQxc4OxqWfJDCfEA/fJ7TrTpBPRkqV3ndx4ML4TkP6qt +dtAe6FMV2ZFhqe4X2uvHPXTcO44Zz3cLR7S1ykJcEK3S6w6cmjgOAIBwsSW1enrX +G42IbhOW5XVRrASQSA4ylHbGvEsoz5yfnCTzaNfs -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key index d3feb16eb..6e587259b 100644 --- a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDWREymQBM1gpiZ6S4oNXLaz/Ib3aV0rYWemC20Fwmrm94vJogf -LKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8edEWGq0g5Ke0985W9vH58tHjSIUtRWeC -FqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0j/VJnogI+YnXAItuWWerohQ84QIDAQAB -AoGASAqQxvkWPFCbpGwdY9GMu3tdSPc+ETviiE9cVofEbZmrm6jV7b1hlIAC/lLd -6g0mhY8E3dayN8L0Lg7kEY4XuTwdGD9pfRLsoPQzWcmr0gw5p/36CcZQIP+Pt1vV -stExLwGNLOybPlmHN57dHN7mmx7M+6QFG6/F/VxxEp8Sy/0CQQD4YnwDMTJV8NIZ -lZzDItcrmd5984nO5+nUJeCVCQgPw4I1uZiY0E/Cx6kcdwxD45eEBa37E/xRMIFg -RvX4A/+jAkEA3NYH/KnYE7ZeP7PeubJ3W2pJ5GqBEK7Nge+T6DieYPYdapXsVu1V -wy8JxA6s2egCsSsubYHKCbYQ/sTemqFJqwJASfsLdOfyViakbXpidryp2hK6cklX -gokQ3F9rxPgrroZNAjOFf/6Lwzg05oWO4amoN2p5p48MWCJaZpK8MGMAgQJBAJso -jggJ1VVURrf/SreyGoZSEYS5B+GOz7lBeOwqC60YfuaKW7lfm2g9vmDP5sZbarjM -HBy4mhlkoGBANh7yv20CQCqx6S5HWBL3pq9SIvIRsB+WkwW2n30+qrTu723eeT1/ -NvDlRNEI5NxCrCyaokKgXZU7sRTP0JgcZoczHY5gyZ8= +MIICXQIBAAKBgQDh98fCkIQKwpKyfg2ofEYF9ZV7Lo9dQWnHtumygfIipzVtMzEE +vQ0UKOwvaUdKqT81IrmEokjBo/phHjMNiQxunhO4i//CNk0qImDrR3/alvxMO1lq +uWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9BLyMkg0EOZZHo46VW5J3EFA21wIDAQAB +AoGAGDk5M1zNot+n3TWRHkIwOXxRqXJc0Qjtn4i2tbmjbN6S5iFqPFFN4R7f7tcw +2sqY6YfO7m59MTD0asvTejx6Vf+4Ff/GGMXMTw2SNyQwk0U6bYJLuz6MqhHAd4N0 +BDntsPAvmPi4io8oenbodx0SJlAE4yPWIt/SJX2BawA9To0CQQD/c4cmjYP/ic9Z +VFrrZpKKrRJXoBtw7hdhpd5oi9gIlOIZ1H2iJKK44qbnHTOm8b6J/OG4Z+Zdqu8L +JI0dg3dVAkEA4nQKHtfCb37DpF0fQe2JymcjtV126wV8zWlCqzP0W9Kphe2tt9QY +mjgOgwB6LwzMrVd1LQQVz18lssMyyJxdewJAM+lAP79mYZmZv2d7CndPtEqzfYcV +zH811Swl5Ez229eVkvYxia+0OaoljLXMd1KNC/GN1TGYCNThuvv0iVjb+QJBAJiu +emBfQuZfxtMcQkX2PXAtaEMRWGuPkJ0CeoPqDLiYado17WnDZC8e2pHzEW6Fp767 +9/I5Ded6lHVZ7PSbkN8CQQCZrZqk4elkEUH6mjnENehBxLYod03U01Ghyg/HH/e2 +on2c+26Cjj9Qd81SDU5Hy5yInEm28Htz5//R1wX7QVLK -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db index 254ea6b51..2cd26382e 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/fullchain.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/fullchain.pem index 20e8583f5..324c7a6d9 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/fullchain.pem +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/fullchain.pem @@ -1,25 +1,25 @@ Bag Attributes friendlyName: server1.example.org - localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE + localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47 subject=/CN=server1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb -N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp -yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq -A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN +4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG +/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW +r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud -EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl -cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/ -oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk -cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre -nlli+ow6thH+fYgpjRFU +EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu +YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y +Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ +Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F +IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB +7RhKtFMpHNW3cm2hITZf -----END CERTIFICATE----- Bag Attributes friendlyName: Signing Cert @@ -27,17 +27,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -45,14 +45,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db index 30d07e1d7..5d78385d2 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem index 0bda2214e..d7861820a 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem @@ -1,37 +1,37 @@ Bag Attributes friendlyName: server1.example.org - localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE + localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47 subject=/CN=server1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb -N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp -yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq -A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN +4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG +/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW +r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud -EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl -cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/ -oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk -cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre -nlli+ow6thH+fYgpjRFU +EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu +YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y +Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ +Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F +IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB +7RhKtFMpHNW3cm2hITZf -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key index b34ec69dc..0f11091db 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server1.example.org - localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE + localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIiQi2yo4iWpUCAggA -MBQGCCqGSIb3DQMHBAhU5AKV9mRkdgSCAoCir+zzDqSL5hmUS/4WmPoRsVYB/w27 -mCi9x5+2gPSzNk4zOoMjArwEjDKtdc970fRkxglesl7pj9JLVfrnuAP/F4r91q/W -TTraltXGK87/2a3YEVcgPQlzleEeeOWKQAePbK/uRzCmKgItyRQJ2Dr189opE3HH -OwKr3hfRvZvHxzrPMmIVeeG7xRDJRkyVXNOoni+jmZOROElvXnJ/+gHhZZYiQfkn -tuXGTxOTGC1AmMcu5PK69B7S079SwX7MLZQ6W7AJpl3rrsPlEg8LfxCc3uT5rqfv -1PNtjUr0VlVPx+K6gI3Fxr3WX+hLlPI2lBYBmOKDbFL5lfXoSGA08aaC3vdO0cQA -L+4w7fHyn19if7JZ6ucoXn+9OM50PsGKB0TlOgvKH2u0z4p1/nfK5e2849BMBKVs -uNuhTlxPkXh7qNCEfhprFQY0AB0P0OKk2CfKoucAVYD0zHjwaxMtEH/vP0oWvk5t -B6iiT9WXzggXiRQyvSd6LQB1sqgzGMKTdtwWHZ4lO+jtwqPgr0NeQCnszD/sD/1x -qNLSNAZBVH+2NL319j2itogoe3k76NQ8QbNPfEcKVEsfrT6IByho9tV759RRsFze -+ufN1Fkkms8xMkl0L/CLAgHvoYuFjCyjVDRJ1IdrIhjT9Rjbgpq5Kbhlwkk0oUVd -4A+irv61PdguBo7vVFRVSRE35cJxrcG9Z4WB74OIG6tcYomq2PStJ1IOe/WJI6VZ -g/3iOQms11qN4uZ0kZsDo3qN8qaPkvc8inQXOV0T5l2Fzr/kc+trRIaFQSsQBYhA -vW9SZwSD9iPBO0xIkxgdvVL7op4y8qCIY4dpU5bpxinND/tlSh+F66uO +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0KA9siaIVP8CAggA +MBQGCCqGSIb3DQMHBAg6Gg3j5UDUbQSCAoDUEoPxBLNYMXBTA+6k8MdrSurwRYSS +VcYEV6au+lbp27F8VBgiBk0eQEo6AAAYsV2qyucZ+r4TfMuWgF3kHMqUqesTDePB +0p2WNSB8Fy6/9vjwzhDwzKGNi8kksnUNmEgqZKEEn01H+TT1F3a0o7//teDJnNCg +5avTCnnNkcXzZcKaMKQRos1cg1QIBdgrLdFIVzvAa+2Osd5v3UWI7lSSJT5sA9Od +sU2bPYTDSQx2iK8+fMVCsGvUeTxae5DATYvo17ypBZEMW5eoUG+aHerueOtihdMU +vvq0pPmP1dcKVSWxBYVepc/IMeoM7axyA+JJATTK7asBbnB4Biq813p/vKpRCqLF +dAgMTeces6Kax/rxMIUJ+LbEPDY9umooJbwMxREz1tyrvc7gOoIPNss/9LdiFtzY +lrKlL/gt1Xfp1NAHHtmD5znzpzJVXDaw7U8jWuy9ADb29LpOAaffdZy24hpCa/My +qzJz4qhGtjXKvzXfqhy+ZMu91e+rRO1kqe7AVY58B7yvmm9kQBZeAaQOknjdWyS4 +ofylo2DpeIRgkt2zvt1KBEDXJMI/dZfbL52EoCdFGZ7mLSDsOh9A8/tMg1TZBUaZ +BTo6igkcjeKXYd+poCD3pSftFvOz2APKJqxH/I74/jtf1g2l5TJa/mTxRllPSWRF +embdxZetofkZ2w5HvRAt8xa8ePckd8dOqcOsQ2ZVHabyAylH0fara8mdzaD4NvWE +meWtSdv5jkYa9MSqiQvgDGBAeBIRwi98vJcbdcTjdEkgWRNfEKDeEXj/TRd6KLp4 +RooJAzlvtUa7XrwYvvmJr1YYhkVUN/ZLe71Z8tsYzIVhEgux8Lm4P4wA -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp index ac9155f40..d41465aed 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp index bbea88e11..160d28a6b 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req index 54239452c..8ba90699e 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp index 7a9343d01..352e29e7d 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.dated.resp index aabc0804b..4db1e1546 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.good.resp index 016415a50..fede7d492 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.revoked.resp index e5aaa84d5..635d4dcc7 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.dated.resp index fb5a5ae60..7663a5a01 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.good.resp index 5a63a2809..52200b461 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.revoked.resp index 686c10de4..edb77946d 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 index edf0ac330..53f965419 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem index 53ea242e0..9169187a9 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem @@ -1,23 +1,23 @@ Bag Attributes friendlyName: server1.example.org - localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE + localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47 subject=/CN=server1.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy -MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl -Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb -N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp -yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq -A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg +MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN +4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG +/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW +r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud -EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl -cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx -LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/ -oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk -cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre -nlli+ow6thH+fYgpjRFU +EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu +YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y +Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ +Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F +IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB +7RhKtFMpHNW3cm2hITZf -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key index 0410cf7bb..e30f94b37 100644 --- a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCpHnS3uMScCv3xaNDO+xs31Ihw8uuJIlVo5c5Os8Lx+5oFu3wU -NwY/8ZzxT8PBtu9xcschZ3hWTTjQzRxkiqnIhbPuE0zaphoqUgoMSmf6HVF8bIKV -agLYr83OH2GBbKXM/bVtPAuVvcigaEiVQWoDUoRZd0r00k4F3JsOYEm5wwIDAQAB -AoGANwfbiAr+Ix6qinsGc0ufjDfC3CoXvaxn6XXZ/58cANzTvijHU9ah2H3ZCWbg -trC90oc8R+Dg9ggzxDHyGr9KRpewk9CDAEgkKASCHogALyTl85fGf0XBjgfa4ys0 -LCWpjLDHySNx+wTln5DI4MU2OpShbgfvBY5hNRnGXebj9F0CQQDa40lMSbUX65gl -s9sar/S2ExOVZCpcYaR/38H5Bti8HzvGEMGjx1AaOTW0v/hjXRadovbDC9vgtSsU -uXINuvSNAkEAxcr6P2mnoin7v/7Jne9JpDBjdB+WiUJY+1h10tLIaD0eu71yx/oO -Icp1/6FY4RyTKtj8jeE3kvy4MkCzkOFbjwJALntHjHC2iR7Zj2ATLiahY6zHYtkD -edyuTw1YJqbCjahgTB4w0LO5mef+NKTzfT4+WDlMB31UMvKl9F+xDaNe3QJASMxJ -SLehXD0pjGPBXyCoMQciQ6YwqLpDt9a6Hus3ma4NNrommdW+B8/VmE2RQeFbhSSx -56Jh6vaa8NwBeyyGnwJAV403J4IfFKu1jwH/bi4zoQI5F9M7zKXyxz+z85UJIHIR -7S7T3vbMa8aWMGdOkxN/44+EYHKZigDgN0fngTRuKw== +MIICWwIBAAKBgQC3Pn93EHRYauVI8GXahs3hQv4mEKyUkltOd3ihilA0buCyY9Jr +F/dbf6LVADS6B+91Q/vMQ6VT4fphqhQis8b9LSHpwaTBbVnrwcO9hHNQh2JUUl8h +S5IoxyRAe/WWSJfYZc4d8ATpUkziJpOB5Vav/8msnqq1U16fhqKl1HQKGwIDAQAB +AoGAEgIF08Udsey7YKojUFDsHaWQRVxhIW6qo3DxPWrSy/xTf6R4ssaVq/vEnEsb +Y2bRPQRz09SYBEDSctOci/Z/6QntdIeuh+07EOQnjZpKHn60uat/cWUMvj53texv +YKjsNGdavZHWlS7unI7dQBlCt6BzYX0WOHSmx4CQcBADQ1UCQQDjpVE0IIiXpRAo +C2b8Wq0dBO1L6Y8lHQ5bkqbMteX4/PfIK7JjKfmdl0sU+scxlHzXEpfD/8qZudx5 +I+JpGJb3AkEAzhFlXwc6iJhBAon7J/nDKV4LGRjISbV207YnQ0espGTTjlhubckl +5v/SHbUmo4I/wKxaDrrVn7LJenK266Ho/QJAE2HkBBgxCRhYw9AUuK/PxYTB35DH +S1Wp/0oBQbTLG+QOBNETozXTtwNGtUaU5zfJWVaP7XQ9/9C/YOEZSfF6CQJATuWS +LmQSISJKIbK6mn+iHUCIdz9pz+7OZBilx7i1fOutpB5viVEuVdc0l3M4K/o+doKG +qIUYLWDCi0NIjccb8QJAJJcst+8d9yW6IX6/KeMJ2C1NConB6mtrjRbxHsGG1ViE +jwEHoX0bhn5EhNZOpxOYVMdQTg7PoNGBCPh1BQ4nzQ== -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem index 47f6b1cc0..e3165d194 100644 --- a/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem @@ -4,17 +4,17 @@ subject=/O=example.org/CN=clica Signing Cert issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- Bag Attributes friendlyName: Certificate Authority @@ -22,14 +22,14 @@ subject=/O=example.org/CN=clica CA issuer=/O=example.org/CN=clica CA -----BEGIN CERTIFICATE----- MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp -Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci -UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy -KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB -mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw -DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq -DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO -gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy -e/xewJdeLc+y5zuobX05I7rP +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l +yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk +esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd +FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB +uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9 +tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5 +U9+lNhpF9AUWEAAo3FqHgShh -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db index 84f186edd..9c520f79c 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db and b/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db index 4fafdbe58..7bcd71382 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db and b/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem index be2d7d601..c844ed859 100644 --- a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem @@ -1,35 +1,35 @@ Bag Attributes friendlyName: server2.example.org - localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2 + localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E subject=/CN=server2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTNaFw0zODAxMDExMjM0MTNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsNJFJOkDN3pjWXSiId -781OhAJ8Tev7iHxPqT/CBjvBbBqBYnAk5q2VzeBBdrD9g3s0uXTdv8KsJeKVU9cE -2VzaAiTXT0EG/kLpxR/HimLHpS6VMHWe6V//nNOscwa1v3h+MVc45rDT9l0MDvIC -OgzW8rM3xzhFhtk1zbSn5ieJAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPK/TJn4ZDN286XMhCLH +ipnWbbNsFpqMotrAxdyA9thomMnYXU89uqPnQsyUyD5c7rUp+F2LWUGDPkd8v4q+ +EL3dUTRTnVY47ZMtVLz08nyucZTo/y+8ysaYDGmgioCQ8MME4C1lYe06bK33OYUe +jYCM1DgDB/h04vkftlrQcOAbAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQB8tfPX -PqGaV8+AkMX/qtqd745YYYE1tibX2LX6ok8OdLcjdM8mPRb3J/bJrifpJiVhYESY -XKBruZZxh4Fzh9HgKHidkfCP3py2CfpycR1BQ8eellv6mNibdoEjSCAvCEVJAaez -pmwN1VlAzO9qx6sH5xKMxCfV2uJDQNSYAwH4Bg== +BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQCs5mI1 +W3xtz2hR/I2EWAAr415QJ43LRyzNQun0/b4k52BgubGDVAXKzkhes7RRNCW7+h6d +wgJKFvBnHviThkmM00DGzSYJ2VCmHXsogJmWMl8zcEjOgC9E3LZKjp27dsjr4GlM +jwf8XjoOCu3RUtdzuFOEmXviVYNbeiSlFsJSEQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt -cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw -MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp -Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z -PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2 -Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR -2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ +vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6 +Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns +tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA -IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV -6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi -QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc= +eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ +mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk +1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c= -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key index 56747036e..7de7196ba 100644 --- a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.org - localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2 + localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI3OJxMlFMPCICAggA -MBQGCCqGSIb3DQMHBAjtwebzSkWpeQSCAoDs+GuspE8T6O+6y30iq0g0b57q0eNH -oxAal4jHMOL1N7Kuxh1qSjkQUfCK+QQIiGEfyHA/kNzgs8lC0iHWOZ4OuaWzYrPP -5cCVJYEfkGaT6DzfzHAkIcJv/3i5sfLdsHi9hTYKrj1cXEa2oEbLF9BVUhqPfM8+ -ius1tcNClNqfVFg6hcyr/iIQOkG+MwoLxYaX1vLOm42DQtQoPWFD4JrlsdDI1x0L -TWpYTCv3twnFkiO037MhB0E6SSE9rDnwm5zFDY5/7gBK8lgm/qlK7IJre9pvzx38 -WI1QLViWKOtMXxLf49MDMBJMP0vk1TW5xhjuZ9dw9RvMrmv/9nQiSyjV4DA1QzVx -qj16E0lCQe+JbJ91iiMAGVh91AS1mxlcHY09T3oZ8yUN758hOZCVQnpmZwEJybIc -E0NxXE5dIj83aMPiIfOBLIPZG9h3VPUYDUCfWm2/7YIbZcCDgrNo+Jly2+E4AJ9b -evgnXsIMd7Rf9+bzew+j7oObDdJ09Bp+gAGv9sRClcWuuQgdTLLkzJYG3ppq7AaH -AnlquIfgCH+OaJOHFAhnFzq6viSmQjg2Q3SDbyyYeOorrS2r7zMqmG+ctnfjTF0/ -z3VjqOsoHj9WPA6aJTH7mcK5wB/QrFQhVAQTShOuJ2AkbIwb5pLf8PEH7ginnlFc -ZUuRhl4oTsanIkUnisynG2MfnEcSwl2oYjWURque2qgVQEfFjvjxwPNl6ZUExrdP -bymXsBnOh25Q9sQCFukZiZdEuxnMNnXZQL0ed4sJ8zSx7VS/IbR/20zID0BlraTJ -i0po2h1IIotsBkcUU4/a6EA7jSpKLBiiIf0jk7J0hEWCRXiEY1QmxjVU +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIdTvmpL9IhJ8CAggA +MBQGCCqGSIb3DQMHBAgW9kM3XgA1bASCAoB8x3/0XnKhZ+FysQyzoVMHHPf8834g +pMx1U/2cIO+fvHH/3nQEiO/J5eOTbWdUoBKKujsGf7y+Y3fZ2jW5KRd4NAw708v0 +lCncRlEaTuQSAxMl/njeouj+VZPYth2KXewRMLwetvQN1r5ZnpE7DRdYvDggEzLA +rAF2ss30BRpe1+pziIFxnBPaEZ8IaZmDBRLyhrVuvNRDQ0+9AzQGxX1AUchlTrNM +1dtKZGgma/sV6RTKrHcsxswy9iY18bmsSOLlSf4Vmia8j5WUY48NyTqLYR1bm+2l +MQxP2TrKw9DrnAcIFo13Xfz32bhYz7fCA6vheOxA7/j/n/Wab/0f1QCbVyGg6qj8 +Nle9bBQMyo/4A9jXKPJq9Ja3XpLBwuaPd4kNG/nC5qmpxYAkiJY2yoaF+eWUb/Bd +VnaKTzyEHedKi2TkB3lnTwRhDNiP9e55L0BaCGrDy289X37FmNOqv1TZ8bbbl78m +icGaQlKmdVIP8za7jjBuyt0FUxgMZ395SY0CcIBNT0g4wv1p08QNQKOR6ElLPumR +n7419MxONeQlRKbN1ADKmhDUNSSW1r0RAaVx5nDVuVhzFybHAEiuoAdx9RR1/juC +hey2ukbytqACDbfbkXp0k+xbNFtkFohdUfc1RgAXs7jKIxqw1Ump7CyGO7RpQEYi +/HLjnRCbaGJSSrPXSDE52L+n1aCWLQ5iovh5/eRLqxzLpL8Wir+ye9m3c4y3ak6x +vJr5tx3ECx3/9/EHh2H4xo0F3dNb+fNmC+JYVLcPoZLc+46xSh02ODAaKK3r1H9/ +2gvVLUpByG8hpAhCvvOoNunUu/0i1pEFPhuLj3nVB7IUb28a5MmatUSa -----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp index 8b2cb21aa..f0a9cdb85 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp index 73a95e22a..759f541ba 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req index e604249fd..cb97e6098 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp index 73a95e22a..759f541ba 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.dated.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.dated.resp index 8e8e64355..b530829b0 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.dated.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.good.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.good.resp index e65f49a7f..c242afcee 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.good.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.revoked.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.revoked.resp index e65f49a7f..c242afcee 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signer.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.dated.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.dated.resp index 76bced2c3..de2bcf556 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.dated.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.good.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.good.resp index c6702e86d..d0eaf3900 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.good.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.revoked.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.revoked.resp index c6702e86d..d0eaf3900 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.revoked.resp and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.signernocert.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 index 2e9ed5d04..46c7e55e1 100644 Binary files a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem index 833986aa4..a4b7b9332 100644 --- a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem @@ -1,21 +1,21 @@ Bag Attributes friendlyName: server2.example.org - localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2 + localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E subject=/CN=server2.example.org issuer=/O=example.org/CN=clica Signing Cert -----BEGIN CERTIFICATE----- MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx -MjM0MTNaFw0zODAxMDExMjM0MTNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs -ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsNJFJOkDN3pjWXSiId -781OhAJ8Tev7iHxPqT/CBjvBbBqBYnAk5q2VzeBBdrD9g3s0uXTdv8KsJeKVU9cE -2VzaAiTXT0EG/kLpxR/HimLHpS6VMHWe6V//nNOscwa1v3h+MVc45rDT9l0MDvIC -OgzW8rM3xzhFhtk1zbSn5ieJAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG +MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPK/TJn4ZDN286XMhCLH +ipnWbbNsFpqMotrAxdyA9thomMnYXU89uqPnQsyUyD5c7rUp+F2LWUGDPkd8v4q+ +EL3dUTRTnVY47ZMtVLz08nyucZTo/y+8ysaYDGmgioCQ8MME4C1lYe06bK33OYUe +jYCM1DgDB/h04vkftlrQcOAbAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHgYDVR0R -BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQB8tfPX -PqGaV8+AkMX/qtqd745YYYE1tibX2LX6ok8OdLcjdM8mPRb3J/bJrifpJiVhYESY -XKBruZZxh4Fzh9HgKHidkfCP3py2CfpycR1BQ8eellv6mNibdoEjSCAvCEVJAaez -pmwN1VlAzO9qx6sH5xKMxCfV2uJDQNSYAwH4Bg== +BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQCs5mI1 +W3xtz2hR/I2EWAAr415QJ43LRyzNQun0/b4k52BgubGDVAXKzkhes7RRNCW7+h6d +wgJKFvBnHviThkmM00DGzSYJ2VCmHXsogJmWMl8zcEjOgC9E3LZKjp27dsjr4GlM +jwf8XjoOCu3RUtdzuFOEmXviVYNbeiSlFsJSEQ== -----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key index a91f89397..c17253a81 100644 --- a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC7DSRSTpAzd6Y1l0oiHe/NToQCfE3r+4h8T6k/wgY7wWwagWJw -JOatlc3gQXaw/YN7NLl03b/CrCXilVPXBNlc2gIk109BBv5C6cUfx4pix6UulTB1 -nulf/5zTrHMGtb94fjFXOOaw0/ZdDA7yAjoM1vKzN8c4RYbZNc20p+YniQIDAQAB -AoGADQLjQ6ls3POl92TcdoaUE3kydBTO+8sNqa4F5SY7NkVkXmyhGxFqDWmV/lM3 -bSTZVETs4Jz7NZCxevMtt4+CChW6vEM7TosEfUQ+Sp8D1t7PJJm8fIVAagm42HmA -xUS0+5nAKepo0cWytuNVKLg1t/RFAASWhDVGVLre5OD63/0CQQDeCBg5O2QrjQEx -CttJf+UfQ4PMv1gLEP/toY4ZINrItPo9rIaqbev2jkovDNIILVuImAT7zbQAgKQA -/X5BThDVAkEA16sJ4box1KjnuAzsIMvs/gEVlX1ba3Hf8XlQ+8yMO/tbIKZNX2LQ -4ZdEi2IextphwxrF9IO6OAzR5cf8V8E15QJAfmidYfguT5030HQd5Pqrt+D4aNmH -hsVm8CPKgwPxi9N9pR9UjDOI5Baeparm6UDpnBrwu2uhz6dtuCKafxOzAQJAdJy6 -3x66Su55PH9gPeuF3WHgtc/uWo5cNEkQjNXxDY2/nEvPkj/wCcqs+WC4m3UBX2le -l/OSATSNWd1kiF6kMQJBALwevGEIolnWI19Q/V1kigRYM+6SXDHcqZ+Bd4/MbdFS -6XQBwJke2ysY9iKCx9dzUUtS0vMpEv15g+RFveWe9Ss= +MIICWwIBAAKBgQDyv0yZ+GQzdvOlzIQix4qZ1m2zbBaajKLawMXcgPbYaJjJ2F1P +Pbqj50LMlMg+XO61Kfhdi1lBgz5HfL+KvhC93VE0U51WOO2TLVS89PJ8rnGU6P8v +vMrGmAxpoIqAkPDDBOAtZWHtOmyt9zmFHo2AjNQ4Awf4dOL5H7Za0HDgGwIDAQAB +AoGAKCTvJUbDmhKRxaQWYBgReafRWYrxDAW2XaiOsDeFsGalNJA7Ei06Y1EN+35J +cALMw+9ucFiTXgxh2CRZxYycK4TsAc9pxDr5Kqicr1kJbcIvYVA+Ddv5amI7wnVB +abXMwCkoiVx7Kx1NgOMNT2RxF5pRDwioirQ0tMgLTN+U1n0CQQD8Fvqj//LRiKh9 +ADcK/gW0pZlD+4JzWKgF2Mx3wUsYZOppzkYj4KhAEGGMvN1Gz7RcNUxUGr9Y3aqA +lDYuCkEHAkEA9oM43HW+Bm1+4ykhNzHGoN0FZZfeKhNXuH2VgYnBAZ2K47OQTTA6 +6JdmU3fiutquH59JTgnis2eoepdIHmLnTQJAaFBd8OUlpn0FM4yWOk85LzJjRJVb +ur1R8fFvUpLCr1p7AcNglNIO7UuaAjHY4sdqG8nWRus2iOBZAJHUBaMqmwJAMEYu +Qm4EUnnq2U1apdZnkWT3A5gj95VmHkjpmD6Dv288na6yWYtSXe4YKcxWaEUeyC6H +SnMBJCTuh2NMyjaQGQJAJlzGzxq5Vxqt+QKfXiCbsj1tMW+8S8UYQqZLET/+/4kF +8HKKO6653D1kjcvonBI/OyuwaZESdOImNzdAAhfgxQ== -----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall index a5c8b2105..899bb8069 100755 --- a/test/aux-fixed/exim-ca/genall +++ b/test/aux-fixed/exim-ca/genall @@ -17,12 +17,13 @@ do clica -D "$idir" -p password -B 1024 -I -N example.$tld -F \ -C http://crl.example.$tld/latest.crl -O http://oscp.example.$tld/ - clica -D example.$tld -p password -s 101 -S server1.example.$tld \ + # -m + clica -D example.$tld -p password -s 101 -S server1.example.$tld -m 301 \ -8 alternatename.server1.example.$tld,alternatename2.server1.example.$tld,*.test.ex - clica -D example.$tld -p password -s 102 -S revoked1.example.$tld + clica -D example.$tld -p password -s 102 -S revoked1.example.$tld -m 301 clica -D example.$tld -p password -s 103 -S expired1.example.$tld -m 1 - clica -D example.$tld -p password -s 201 -S server2.example.$tld - clica -D example.$tld -p password -s 202 -S revoked2.example.$tld + clica -D example.$tld -p password -s 201 -S server2.example.$tld -m 301 + clica -D example.$tld -p password -s 202 -S revoked2.example.$tld -m 301 clica -D example.$tld -p password -s 203 -S expired2.example.$tld -m 1 diff --git a/test/confs/0001 b/test/confs/0001 index b0f8f61e3..471c8f817 100644 --- a/test/confs/0001 +++ b/test/confs/0001 @@ -54,6 +54,7 @@ daemon_smtp_port = daemon_smtp_ports = daemon_startup_retries = 3 daemon_startup_sleep = 8s +debug_store delay_warning = 1d delay_warning_condition = ${if match{$h_precedence:}{(?i)bulk|list}{no}{yes}} deliver_drop_privilege diff --git a/test/confs/0041 b/test/confs/0041 index 5157170f2..f7fa61ed8 100644 --- a/test/confs/0041 +++ b/test/confs/0041 @@ -11,6 +11,7 @@ acl_smtp_vrfy = check_vrfy acl_smtp_expn = check_expn qualify_domain = test.ex no_write_rejectlog +recipient_unqualified_hosts = 3.3.3.3 # ----- ACLs ----- @@ -20,6 +21,9 @@ begin acl check_vrfy: deny local_parts = hardfail message = 599 custom reject + accept local_parts = acceptable + accept local_parts = ok_with_dom + domains = test.ex check_expn: accept hosts = 2.2.2.2 @@ -36,7 +40,7 @@ system_aliases: localuser: driver = accept - local_parts = userx + local_parts = userx : ok_with_dom : acceptable transport = local_delivery diff --git a/test/confs/0222 b/test/confs/0222 index e69bbb3d0..8f4a5b688 100644 --- a/test/confs/0222 +++ b/test/confs/0222 @@ -39,6 +39,7 @@ autoreply: driver = autoreply once = DIR/test-once once_file_size = 30 + once_repeat = 4s text = "Auto reply message" to = $sender_address user = CALLER diff --git a/test/confs/0577 b/test/confs/0577 new file mode 100644 index 000000000..261a096f1 --- /dev/null +++ b/test/confs/0577 @@ -0,0 +1 @@ +.include confs/TESTNUM./aaa diff --git a/test/confs/0577./aaa b/test/confs/0577./aaa new file mode 100644 index 000000000..746f316bf --- /dev/null +++ b/test/confs/0577./aaa @@ -0,0 +1 @@ +.include bbb diff --git a/test/confs/0577./bbb b/test/confs/0577./bbb new file mode 100644 index 000000000..e69de29bb diff --git a/test/confs/0578 b/test/confs/0578 new file mode 120000 index 000000000..84e7471cf --- /dev/null +++ b/test/confs/0578 @@ -0,0 +1 @@ +0376 \ No newline at end of file diff --git a/test/confs/0579 b/test/confs/0579 new file mode 100644 index 000000000..5e61752ab --- /dev/null +++ b/test/confs/0579 @@ -0,0 +1,31 @@ +# Exim test configuration 0579 + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +domainlist local_domains = test.ex +log_selector = +received_recipients + +acl_smtp_rcpt = accept logwrite=cmd '$smtp_command' + +# ------ ACLs ------ + +begin acl + +# ------ Routers ------ + +begin routers + +r1: + driver = redirect + data = :blackhole: + + +# ------ Transports ------ + +begin transports + +# End diff --git a/test/confs/0901 b/test/confs/0901 deleted file mode 120000 index 1bb987150..000000000 --- a/test/confs/0901 +++ /dev/null @@ -1 +0,0 @@ -0900 \ No newline at end of file diff --git a/test/confs/0901 b/test/confs/0901 new file mode 100644 index 000000000..c2eb5cca6 --- /dev/null +++ b/test/confs/0901 @@ -0,0 +1,121 @@ +# Exim test configuration 0901 +SERVER= +SRV= +LIST= +ALLOW= + +exim_path = EXIM_PATH +keep_environment = +host_lookup_order = bydns +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME +chunking_advertise_hosts = * +tls_advertise_hosts = ${if eq {SRV}{tls} {*}} + +pipelining_advertise_hosts = : + +# ----- Main settings ----- + +primary_hostname = testhost.test.ex +domainlist local_domains = @ : test.ex + +acl_smtp_rcpt = check_recipient +acl_smtp_data_prdr = check_prdr +acl_smtp_data = check_data +trusted_users = CALLER +queue_only +smtp_receive_timeout = 2s +log_selector = +received_recipients + +.ifdef _OPT_MAIN_TLS_CERTIFICATE +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} +.endif + +ALLOW + +# ----- ACL ----- + +begin acl + +check_recipient: + accept hosts = : + accept domains = +local_domains + deny message = relay not permitted + +check_prdr: + accept local_parts = good + deny + +check_data: + warn message = X-acl-message-linecount: $message_linecount + accept + +# ----- Routers ----- + +begin routers + +to_server: + driver = accept + condition = ${if !eq {SERVER}{server}} + transport = remote_smtp${if eq {OPT}{dkim} {_dkim}} + errors_to = "" + +fail_remote_domains: + driver = redirect + domains = ! +local_domains + data = :fail: unrouteable mail domain "$domain" + +localuser: + driver = accept + check_local_user + transport = local_delivery + headers_add = X-local-user: uid=$local_user_uid gid=$local_user_gid + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + delivery_date_add + envelope_to_add + file = DIR/test-mail/$local_part + headers_add = "X-body-linecount: $body_linecount\n\ + X-message-linecount: $message_linecount\n\ + X-received-count: $received_count" + return_path_add + +remote_smtp: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + allow_localhost + command_timeout = 2s + final_timeout = 2s + +remote_smtp_dkim: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + allow_localhost + command_timeout = 2s + final_timeout = 2s + +.ifdef OPT + dkim_domain = test.ex + dkim_selector = sel + dkim_private_key = DIR/aux-fixed/dkim/dkim.private +.ifndef HEADERS_MAXSIZE + dkim_sign_headers = LIST +.endif +.endif + +# ----- Retry ----- + +begin retry +* * F,30m,5m; +# End diff --git a/test/confs/0902 b/test/confs/0902 deleted file mode 120000 index 1bb987150..000000000 --- a/test/confs/0902 +++ /dev/null @@ -1 +0,0 @@ -0900 \ No newline at end of file diff --git a/test/confs/0903 b/test/confs/0903 deleted file mode 100644 index 017424e24..000000000 --- a/test/confs/0903 +++ /dev/null @@ -1 +0,0 @@ -.include confs/0903./aaa diff --git a/test/confs/0903./aaa b/test/confs/0903./aaa deleted file mode 100644 index 746f316bf..000000000 --- a/test/confs/0903./aaa +++ /dev/null @@ -1 +0,0 @@ -.include bbb diff --git a/test/confs/0903./bbb b/test/confs/0903./bbb deleted file mode 100644 index e69de29bb..000000000 diff --git a/test/confs/0904 b/test/confs/0904 new file mode 120000 index 000000000..1bb987150 --- /dev/null +++ b/test/confs/0904 @@ -0,0 +1 @@ +0900 \ No newline at end of file diff --git a/test/confs/0905 b/test/confs/0905 new file mode 120000 index 000000000..1bb987150 --- /dev/null +++ b/test/confs/0905 @@ -0,0 +1 @@ +0900 \ No newline at end of file diff --git a/test/confs/2002 b/test/confs/2002 index 535be91eb..ccbe6f192 100644 --- a/test/confs/2002 +++ b/test/confs/2002 @@ -49,16 +49,18 @@ check_recipient: logwrite = SN <${certextract {subject} {$tls_in_peercert}}> logwrite = IN <${certextract {issuer} {$tls_in_peercert}}> logwrite = IN/O <${certextract {issuer,O} {$tls_in_peercert}}> - logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}> + logwrite = NB/r <${certextract {notbefore,raw} {$tls_in_peercert}}> + logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}> logwrite = NB/i <${certextract {notbefore,int}{$tls_in_peercert}}> - logwrite = NA <${certextract {notafter} {$tls_in_peercert}}> + logwrite = NA/i <${certextract {notafter,int} {$tls_in_peercert}}> + logwrite = NA <${certextract {notafter} {$tls_in_peercert}}> logwrite = SA <${certextract {sig_algorithm}{$tls_in_peercert}}> logwrite = SG <${certextract {signature} {$tls_in_peercert}}> logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}} # logwrite = ${certextract {ocsp_uri} {$tls_in_peercert} {OCU <$value>}{(no OCU)}} logwrite = ${certextract {crl_uri} {$tls_in_peercert} {CRU <$value>}{(no CRU)}} logwrite = md5 fingerprint ${md5:$tls_in_peercert} - logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} + logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} logwrite = sha256 fingerprint ${sha256:$tls_in_peercert} logwrite = der_b64 ${base64:$tls_in_peercert} diff --git a/test/confs/2013 b/test/confs/2013 index ebd253691..45d683cb4 100644 --- a/test/confs/2013 +++ b/test/confs/2013 @@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex acl_smtp_rcpt = accept -log_selector = +tls_peerdn+smtp_connection+incoming_port +log_selector = +tls_peerdn+smtp_connection+incoming_port+received_recipients queue_only queue_run_in_order @@ -55,6 +55,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_noproxy_tls = : port = PORT_D # End diff --git a/test/confs/2102 b/test/confs/2102 index 4223430a3..8b2083959 100644 --- a/test/confs/2102 +++ b/test/confs/2102 @@ -55,7 +55,8 @@ check_recipient: logwrite = NB/r <${certextract {notbefore,raw} {$tls_in_peercert}}> logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}> logwrite = NB/i <${certextract {notbefore,int}{$tls_in_peercert}}> - logwrite = NA <${certextract {notafter} {$tls_in_peercert}}> + logwrite = NA/i <${certextract {notafter,int} {$tls_in_peercert}}> + logwrite = NA <${certextract {notafter} {$tls_in_peercert}}> logwrite = SA <${certextract {sig_algorithm}{$tls_in_peercert}}> logwrite = SG <${certextract {signature} {$tls_in_peercert}}> logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}} diff --git a/test/confs/2113 b/test/confs/2113 index f2c49c9b8..bb64867a9 100644 --- a/test/confs/2113 +++ b/test/confs/2113 @@ -10,7 +10,7 @@ primary_hostname = myhost.test.ex acl_smtp_rcpt = accept -log_selector = +tls_peerdn+smtp_connection+incoming_port +log_selector = +tls_peerdn+smtp_connection+incoming_port+received_recipients queue_only queue_run_in_order @@ -55,6 +55,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_noproxy_tls = : port = PORT_D tls_try_verify_hosts = : diff --git a/test/confs/2200 b/test/confs/2200 index 904ccfb18..73f6f48e7 100644 --- a/test/confs/2200 +++ b/test/confs/2200 @@ -7,12 +7,18 @@ primary_hostname = myhost.test.ex # ----- Main settings ----- -acl_not_smtp = check_rcpt +acl_smtp_rcpt = check_rcpt +acl_not_smtp = check_not_smtp queue_only begin acl check_rcpt: + accept + local_parts = defer_strict + set acl_m1 = ${lookup dnsdb{defer_strict,a=$domain}} + +check_not_smtp: warn set acl_m1 = ${map {<,$recipients} \ {${lookup dnsdb{a=${domain:$item}}{$value}fail}}} diff --git a/test/confs/4011 b/test/confs/4011 new file mode 100644 index 000000000..7be64dc6d --- /dev/null +++ b/test/confs/4011 @@ -0,0 +1,29 @@ +# Exim test configuration 4011 +# Content-scan: f-prot6d interface + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +av_scanner = f-prot6d : localhost4 PORT_S + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_data = c_data + +begin acl + +c_data: + accept !malware = * OPT + deny logwrite = $callout_address malware_name $malware_name + +# ----- Routers ----- + +begin routers + +r: + driver = redirect + data = :blackhole: + +# End diff --git a/test/confs/4030 b/test/confs/4030 new file mode 100644 index 000000000..e64859769 --- /dev/null +++ b/test/confs/4030 @@ -0,0 +1,36 @@ +# Exim test configuration 4030 +# Proxy Protocol + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex +hosts_proxy = HOSTIPV4 +queue_only + +# ----- Main settings ----- + +log_selector = +proxy +incoming_port + +acl_smtp_rcpt = r_acl + + +begin acl + +r_acl: + accept + logwrite = proxy session: $proxy_session + logwrite = local [$received_ip_address]:$received_port + logwrite = proxy internal [$proxy_local_address]:$proxy_local_port + logwrite = proxy external [$proxy_external_address]:$proxy_external_port + logwrite = remote [$sender_host_address]:$sender_host_port + + +# ----- Routers ----- + +begin routers + +dump: + driver = redirect + data = :blackhole: + +# End diff --git a/test/confs/4503 b/test/confs/4503 deleted file mode 100644 index 47f4b74c9..000000000 --- a/test/confs/4503 +++ /dev/null @@ -1,46 +0,0 @@ -# Exim test configuration 4503 - -SERVER= -OPT= - -.include DIR/aux-var/std_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept -acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames - - -# ----- Routers - -begin routers - -server_dump: - driver = redirect - condition = ${if eq {SERVER}{server}{yes}{no}} - data = :blackhole: - -client: - driver = accept - transport = send_to_server - -# ----- Transports - -begin transports - -send_to_server: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - - dkim_domain = test.ex - dkim_selector = sel - dkim_private_key = DIR/aux-fixed/dkim/dkim.private -.ifndef HEADERS_MAXSIZE - dkim_sign_headers = OPT -.endif - -# End diff --git a/test/confs/4506 b/test/confs/4506 new file mode 120000 index 000000000..c4f73bacd --- /dev/null +++ b/test/confs/4506 @@ -0,0 +1 @@ +4500 \ No newline at end of file diff --git a/test/confs/4507 b/test/confs/4507 new file mode 120000 index 000000000..c4f73bacd --- /dev/null +++ b/test/confs/4507 @@ -0,0 +1 @@ +4500 \ No newline at end of file diff --git a/test/confs/4509 b/test/confs/4509 deleted file mode 120000 index 1bb987150..000000000 --- a/test/confs/4509 +++ /dev/null @@ -1 +0,0 @@ -0900 \ No newline at end of file diff --git a/test/confs/4510 b/test/confs/4510 deleted file mode 100644 index 42c58aac5..000000000 --- a/test/confs/4510 +++ /dev/null @@ -1,57 +0,0 @@ -# Exim test configuration 4510 - -SERVER= -OPT= - -.include DIR/aux-var/std_conf_prefix - -primary_hostname = myhost.test.ex - -# ----- Main settings ----- - -acl_smtp_rcpt = accept -acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames -acl_smtp_data_prdr = accept local_parts = okuser - -prdr_enable - -# ----- Routers - -begin routers - -client: - driver = accept - condition = ${if eq {SERVER}{server}{no}{yes}} - transport = send_to_server - -server_dump: - driver = redirect - senders = ! : - data = :blackhole: - -server_store: - driver = accept - transport = store - -# ----- Transports - -begin transports - -store: - driver = appendfile - file = DIR/test-mail/store - return_path_add - user = CALLER - -send_to_server: - driver = smtp - allow_localhost - hosts = HOSTIPV4 - port = PORT_D - - dkim_domain = ${if def:sender_address_local_part {test.ex}} - dkim_selector = sel - dkim_private_key = DIR/aux-fixed/dkim/dkim.private - dkim_sign_headers = From - -# End diff --git a/test/confs/4520 b/test/confs/4520 new file mode 100644 index 000000000..70454c33c --- /dev/null +++ b/test/confs/4520 @@ -0,0 +1,50 @@ +# Exim test configuration 4520 + +SERVER= +OPT= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames + + +# ----- Routers + +begin routers + +server_dump: + driver = redirect + condition = ${if eq {SERVER}{server}{yes}{no}} + data = :blackhole: + +client: + driver = accept + transport = send_to_server + +# ----- Transports + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + + dkim_domain = test.ex +.ifdef SELECTOR + dkim_selector = SELECTOR +.else + dkim_selector = sel +.endif + dkim_private_key = DIR/aux-fixed/dkim/dkim.private +.ifndef HEADERS_MAXSIZE + dkim_sign_headers = OPT +.endif + +# End diff --git a/test/confs/4521 b/test/confs/4521 new file mode 120000 index 000000000..1bb987150 --- /dev/null +++ b/test/confs/4521 @@ -0,0 +1 @@ +0900 \ No newline at end of file diff --git a/test/confs/4522 b/test/confs/4522 new file mode 120000 index 000000000..1bb987150 --- /dev/null +++ b/test/confs/4522 @@ -0,0 +1 @@ +0900 \ No newline at end of file diff --git a/test/confs/4550 b/test/confs/4550 new file mode 100644 index 000000000..3693d89a6 --- /dev/null +++ b/test/confs/4550 @@ -0,0 +1,57 @@ +# Exim test configuration 4550 + +SERVER= +OPT= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames +acl_smtp_data_prdr = accept local_parts = okuser + +prdr_enable + +# ----- Routers + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + transport = send_to_server + +server_dump: + driver = redirect + senders = ! : + data = :blackhole: + +server_store: + driver = accept + transport = store + +# ----- Transports + +begin transports + +store: + driver = appendfile + file = DIR/test-mail/store + return_path_add + user = CALLER + +send_to_server: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + + dkim_domain = ${if def:sender_address_local_part {test.ex}} + dkim_selector = sel + dkim_private_key = DIR/aux-fixed/dkim/dkim.private + dkim_sign_headers = From + +# End diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index 16468bf79..349fbd4d3 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -448,7 +448,7 @@ DNSSEC _1225._tcp.dane256ee TLSA 3 1 1 2bb55f418bb03411a5007cecbfcd3ec1c9440431 ; DNSSEC mxdane256ta MX 1 dane256ta DNSSEC dane256ta A HOSTIPV4 -DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 87712b46e3c444c9a58edaa9dbe34c26b81cefb658a002b267ee3223fd9219cd +DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741 ; A multiple-return MX where all TLSA lookups defer diff --git a/test/lib/Exim/Utils.pm b/test/lib/Exim/Utils.pm new file mode 100644 index 000000000..b744b0b43 --- /dev/null +++ b/test/lib/Exim/Utils.pm @@ -0,0 +1,16 @@ +package Exim::Utils; +use v5.10.1; +use strict; +use warnings; +use parent 'Exporter'; +our @EXPORT_OK = qw(uniq numerically); + + +sub uniq { + my %uniq = map { $_, undef } @_; + return keys %uniq; +} + +sub numerically { $::a <=> $::b } + +1; diff --git a/test/log/0211 b/test/log/0211 index cbf33c612..74acec3a3 100644 --- a/test/log/0211 +++ b/test/log/0211 @@ -14,7 +14,7 @@ 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Test: reject connect 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@domain1 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after initial connection: 550 Go away +1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@domain1 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after initial connection: 550 Go away (A) 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER F=<> R=all T=local_delivery 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed @@ -22,8 +22,8 @@ 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Test: reject helo 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 ** userx@domain1 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away -1999-03-02 09:44:33 10HmaZ-0005vi-00 ** usery@domain2 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away +1999-03-02 09:44:33 10HmaZ-0005vi-00 ** userx@domain1 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away (C) +1999-03-02 09:44:33 10HmaZ-0005vi-00 ** usery@domain2 F= R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away (C) 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER F=<> R=all T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/0227 b/test/log/0227 index ca551b3c7..f1e64701c 100644 --- a/test/log/0227 +++ b/test/log/0227 @@ -1,21 +1,21 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown user +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown user 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 Error for <> +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Error for <> 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550-Recipient not liked on two lines\n550 Here's the second 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line 1999-03-02 09:44:33 10HmaY-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : relay not permitted -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Don't like postmaster 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : Remote host closed connection in response to initial connection 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/log/0282 b/test/log/0282 index 0f71226c4..1ec1eacc2 100644 --- a/test/log/0282 +++ b/test/log/0282 @@ -6,6 +6,6 @@ 1999-03-02 09:44:33 End queue run: pid=pppp ******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:1225 [127.0.0.1]:1226 [ip4.ip4.ip4.ip4]:1227 +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:{1225,1226} [ip4.ip4.ip4.ip4]:1227 1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1]:1111 I=[127.0.0.1]:1225 P=esmtp S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1]:1112 I=[127.0.0.1]:1226 P=esmtp S=sss diff --git a/test/log/0365 b/test/log/0365 index 569e49dfd..14e9903e6 100644 --- a/test/log/0365 +++ b/test/log/0365 @@ -1,18 +1,18 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER sender verify defer for : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F= rejected after DATA 1999-03-02 09:44:33 10HmbA-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT : failure message 1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : defer message 1999-03-02 09:44:33 10HmbB-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER sender verify defer for : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmbD-0005vi-00 U=CALLER F= rejected after DATA 1999-03-02 09:44:33 10HmbE-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT : failure message 1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : defer message diff --git a/test/log/0372 b/test/log/0372 index 3830932ef..741559dff 100644 --- a/test/log/0372 +++ b/test/log/0372 @@ -6,3 +6,7 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=host2.name [4.3.2.1] U=CALLER P=smtp S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 Error in system filter: failed to expand " acl_c0="$acl_c0"\n acl_c1="$acl_c1"\n acl_c2="$acl_c2"\n acl_c3="$acl_c3"\n acl_c4="$acl_c4"\n acl_c5="$acl_c5"\n acl_c6="$acl_c6"\n acl_c7="$acl_c7"\n acl_c8="$acl_c8"\n acl_c9="$acl_c9"\n acl_m0="$acl_m0"\n acl_m1="$acl_m1"\n acl_m2="$acl_m2"\n acl_m3="$acl_m3"\n acl_m4="$acl_m4"\n acl_m5="$acl_m5"\n acl_m6="$acl_m6"\n acl_m7="$acl_m7"\n acl_m8="$acl_m8"\n acl_m9="$acl_m9"\n acl_m_foo="$acl_m_foo"\n acl_m_bar="$acl_m_bar"\n acl_c_foo="$acl_c_foo"\n acl_c_bar="$acl_c_bar"\n" in logwrite command: unknown variable name "acl_c1" (strict_acl_vars is set) + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (test) [127.0.0.1] P=smtp S=sss diff --git a/test/log/0376 b/test/log/0376 index c84cd2300..0e2f661ac 100644 --- a/test/log/0376 +++ b/test/log/0376 @@ -1,18 +1,22 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 REJECTED +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 REJECTED 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 REJECT MAIL FROM +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT MAIL FROM 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NOT OK +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NOT OK 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.8] U=root P=smtp S=sss diff --git a/test/log/0398 b/test/log/0398 index c197da0d1..d4dcf2d63 100644 --- a/test/log/0398 +++ b/test/log/0398 @@ -1,10 +1,10 @@ -1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown +1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown 1999-03-02 09:44:33 U=CALLER Warning: some other warning 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local-smtp S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => x R=r1 T=t1 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown +1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown 1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed 1999-03-02 09:44:33 U=CALLER Warning: some other warning diff --git a/test/log/0413 b/test/log/0413 index 1e587828d..8f04162d2 100644 --- a/test/log/0413 +++ b/test/log/0413 @@ -1,6 +1,6 @@ -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout diff --git a/test/log/0462 b/test/log/0462 index ec4952f98..d0a04dacb 100644 --- a/test/log/0462 +++ b/test/log/0462 @@ -1,5 +1,5 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed diff --git a/test/log/0473 b/test/log/0473 index c6e216931..acca9c9ed 100644 --- a/test/log/0473 +++ b/test/log/0473 @@ -1,10 +1,10 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT r3@other.ex: response to "MAIL FROM:" from 127.0.0.1 [127.0.0.1] was: 550 NOTOK -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r4@other.ex: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 U=CALLER F= rejected RCPT r3@other.ex: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:" was: 550 NOTOK +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r4@other.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Previous (cached) callout verification failure -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 U=CALLER sender verify fail for 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after initial connection diff --git a/test/log/0502 b/test/log/0502 index 93673ff90..5b9d8cb71 100644 --- a/test/log/0502 +++ b/test/log/0502 @@ -8,7 +8,7 @@ 1999-03-02 09:44:33 Messages accepted: 1999-03-02 09:44:33 Recipients: 1999-03-02 09:44:33 Accepted: -1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly) +1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT toplevel ACL may not fail ('deny' verb used incorrectly) 1999-03-02 09:44:33 Messages received: 1 1999-03-02 09:44:33 Messages accepted: 1999-03-02 09:44:33 Recipients: diff --git a/test/log/0538 b/test/log/0538 index 8b63bdb9b..827372c14 100644 --- a/test/log/0538 +++ b/test/log/0538 @@ -1,4 +1,4 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 I'm misconfigured +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 I'm misconfigured 1999-03-02 09:44:33 U=CALLER rejected MAIL : Sender verify failed 1999-03-02 09:44:33 U=CALLER sender verify fail for 1999-03-02 09:44:33 U=CALLER rejected MAIL : Sender verify failed diff --git a/test/log/0578 b/test/log/0578 new file mode 100644 index 000000000..7c38e638c --- /dev/null +++ b/test/log/0578 @@ -0,0 +1,22 @@ +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 REJECTED rcpt +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT mail from +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NOT OK rcpt postmaster +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK accepting that random recipient +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.8] U=root P=smtp S=sss diff --git a/test/log/0579 b/test/log/0579 new file mode 100644 index 000000000..20d1a6fc1 --- /dev/null +++ b/test/log/0579 @@ -0,0 +1,7 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 cmd 'RCPT TO:<"name with spaces"@test.ex>' +1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=(test) [127.0.0.1] P=esmtp S=sss for "name with spaces"@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => :blackhole: <"name with spaces"@test.ex> R=r1 +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0900 b/test/log/0900 index 8ce3bcb0f..cf02d983a 100644 --- a/test/log/0900 +++ b/test/log/0900 @@ -9,3 +9,4 @@ 1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data 1999-03-02 09:44:33 10HmbB-0005vi-00 <= someone@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex 1999-03-02 09:44:33 H=(tester) [127.0.0.1] F= rejected RCPT : relay not permitted +1999-03-02 09:44:33 rejected from H=(tester) [127.0.0.1]: Non-CRLF-terminated header, under CHUNKING: message abandoned diff --git a/test/log/0901 b/test/log/0901 index 92e4ae01a..cd8c52e75 100644 --- a/test/log/0901 +++ b/test/log/0901 @@ -1,38 +1,15 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for a@test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for b@test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 == b@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after end of data (ddd bytes written) -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for c@test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK" -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for d@test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops -1999-03-02 09:44:33 10HmbA-0005vi-00 d@test.ex: error ignored -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for e@test.ex -1999-03-02 09:44:33 10HmbB-0005vi-00 == e@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 400 not right now -1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for p@test.ex -1999-03-02 09:44:33 10HmbC-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for q@test.ex -1999-03-02 09:44:33 10HmbD-0005vi-00 == q@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after pipelined end of data (ddd bytes written) -1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for r@test.ex -1999-03-02 09:44:33 10HmbE-0005vi-00 => r@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmbE-0005vi-00 Completed -1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s@test.ex -1999-03-02 09:44:33 10HmbF-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 550 unacceptable mail-from -1999-03-02 09:44:33 10HmbF-0005vi-00 s@test.ex: error ignored -1999-03-02 09:44:33 10HmbF-0005vi-00 Completed -1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s1@test.ex -1999-03-02 09:44:33 10HmbG-0005vi-00 == s1@test.ex R=to_server T=remote_smtp defer (-45) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 450 greylisted mail-from -1999-03-02 09:44:33 10HmbH-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for t@test.ex -1999-03-02 09:44:33 10HmbH-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient -1999-03-02 09:44:33 10HmbH-0005vi-00 t@test.ex: error ignored -1999-03-02 09:44:33 10HmbH-0005vi-00 Completed -1999-03-02 09:44:33 10HmbI-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for u@test.ex -1999-03-02 09:44:33 10HmbI-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 500 oops bdat -1999-03-02 09:44:33 10HmbI-0005vi-00 u@test.ex: error ignored -1999-03-02 09:44:33 10HmbI-0005vi-00 Completed -1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for v@test.ex -1999-03-02 09:44:33 10HmbJ-0005vi-00 == v@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 400 not right now bdat + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= someone1@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= someone2@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= someone3@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= someone2A@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 <= someone3A@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 SMTP data timeout (message abandoned) on connection from (tester) [127.0.0.1] F= +1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data +1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data +1999-03-02 09:44:33 10HmbD-0005vi-00 <= someone8@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex +1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n" +1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com") +1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data (header) diff --git a/test/log/0902 b/test/log/0902 deleted file mode 100644 index 53c5697ef..000000000 --- a/test/log/0902 +++ /dev/null @@ -1,34 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for a@test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for d@test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after sending data block: 500 oops bdat-nonlast -1999-03-02 09:44:33 10HmaY-0005vi-00 d@test.ex: error ignored -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for s@test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 550 unacceptable mail-from -1999-03-02 09:44:33 10HmbA-0005vi-00 s@test.ex: error ignored -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t@test.ex -1999-03-02 09:44:33 10HmbB-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient -1999-03-02 09:44:33 10HmbB-0005vi-00 t@test.ex: error ignored -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t1@test.ex t2@test.ex -1999-03-02 09:44:33 10HmbC-0005vi-00 ** t1@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient -1999-03-02 09:44:33 10HmbC-0005vi-00 => t2@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmbC-0005vi-00 t1@test.ex: error ignored -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed -1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex -1999-03-02 09:44:33 10HmbD-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 500 oops nonlast bdat -1999-03-02 09:44:33 10HmbD-0005vi-00 u@test.ex: error ignored -1999-03-02 09:44:33 10HmbD-0005vi-00 Completed -1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for v@test.ex -1999-03-02 09:44:33 10HmbE-0005vi-00 ** v@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops bdat -1999-03-02 09:44:33 10HmbE-0005vi-00 v@test.ex: error ignored -1999-03-02 09:44:33 10HmbE-0005vi-00 Completed -1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex -1999-03-02 09:44:33 10HmbF-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" -1999-03-02 09:44:33 10HmbF-0005vi-00 Completed diff --git a/test/log/0904 b/test/log/0904 new file mode 100644 index 000000000..92e4ae01a --- /dev/null +++ b/test/log/0904 @@ -0,0 +1,38 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for b@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 == b@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after end of data (ddd bytes written) +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for c@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for d@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops +1999-03-02 09:44:33 10HmbA-0005vi-00 d@test.ex: error ignored +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for e@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 == e@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 400 not right now +1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for p@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for q@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 == q@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after pipelined end of data (ddd bytes written) +1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for r@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => r@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 550 unacceptable mail-from +1999-03-02 09:44:33 10HmbF-0005vi-00 s@test.ex: error ignored +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed +1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s1@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 == s1@test.ex R=to_server T=remote_smtp defer (-45) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 450 greylisted mail-from +1999-03-02 09:44:33 10HmbH-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for t@test.ex +1999-03-02 09:44:33 10HmbH-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient +1999-03-02 09:44:33 10HmbH-0005vi-00 t@test.ex: error ignored +1999-03-02 09:44:33 10HmbH-0005vi-00 Completed +1999-03-02 09:44:33 10HmbI-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for u@test.ex +1999-03-02 09:44:33 10HmbI-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 500 oops bdat +1999-03-02 09:44:33 10HmbI-0005vi-00 u@test.ex: error ignored +1999-03-02 09:44:33 10HmbI-0005vi-00 Completed +1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for v@test.ex +1999-03-02 09:44:33 10HmbJ-0005vi-00 == v@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 400 not right now bdat diff --git a/test/log/0905 b/test/log/0905 new file mode 100644 index 000000000..9277e7336 --- /dev/null +++ b/test/log/0905 @@ -0,0 +1,36 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for d@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after sending data block: 500 oops bdat-nonlast +1999-03-02 09:44:33 10HmaY-0005vi-00 d@test.ex: error ignored +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for s@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 550 unacceptable mail-from +1999-03-02 09:44:33 10HmbA-0005vi-00 s@test.ex: error ignored +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient +1999-03-02 09:44:33 10HmbB-0005vi-00 t@test.ex: error ignored +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t1@test.ex t2@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 ** t1@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:: 550 no such recipient +1999-03-02 09:44:33 10HmbC-0005vi-00 => t2@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmbC-0005vi-00 t1@test.ex: error ignored +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 500 oops nonlast bdat +1999-03-02 09:44:33 10HmbD-0005vi-00 u@test.ex: error ignored +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for v@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 ** v@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops bdat +1999-03-02 09:44:33 10HmbE-0005vi-00 v@test.ex: error ignored +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 == u@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 400 oops nonlast bdat +1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat" +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed diff --git a/test/log/1007 b/test/log/1007 index bc6a29644..54ccb2d7f 100644 --- a/test/log/1007 +++ b/test/log/1007 @@ -4,7 +4,7 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4) [127.0.0.1]:1228 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4) [127.0.0.1]:1228 -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1225 [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1226 +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:{1225,1226} 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1227 (IPv6 and IPv4) [127.0.0.1]:1228 -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:1227 [127.0.0.1]:1225 +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:{1227,1225} 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv4) diff --git a/test/log/2000 b/test/log/2000 index 68c88a330..04c72f5eb 100644 --- a/test/log/2000 +++ b/test/log/2000 @@ -1,7 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2001 b/test/log/2001 index 13cf3702a..e5615e223 100644 --- a/test/log/2001 +++ b/test/log/2001 @@ -1,11 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid 1999-03-02 09:44:33 End queue run: pid=pppp -qf ******** SERVER ******** diff --git a/test/log/2002 b/test/log/2002 index 112ec8faa..742897936 100644 --- a/test/log/2002 +++ b/test/log/2002 @@ -23,15 +23,17 @@ 1999-03-02 09:44:33 SN 1999-03-02 09:44:33 IN 1999-03-02 09:44:33 IN/O -1999-03-02 09:44:33 NB -1999-03-02 09:44:33 NB/i <1351773246> -1999-03-02 09:44:33 NA +1999-03-02 09:44:33 NB/r +1999-03-02 09:44:33 NB +1999-03-02 09:44:33 NB/i <1351773242> +1999-03-02 09:44:33 NA/i <2143283642> +1999-03-02 09:44:33 NA 1999-03-02 09:44:33 SA -1999-03-02 09:44:33 SG <71 b2 af 7b 95 28 55 f3 39 e3 8d 32 43 e9 2f 68 28 ef 03 76 3c 3a 6a 7a d7 6e 47 4e 69 25 67 fb 7a eb bc bb 69 9c 3f e8 b7 78 d0 a9 78 0c 7a 46 8d 01 de cc c6 fd 13 be 8d 99 ba 12 ee eb df e9 65 98 4c e9 ff 2e fe 71 5e 11 fe 48 81 66 91 a7 f5 70 8a 9c 63 36 b7 ac 69 95 06 5e 54 9b 53 ff a9 d9 07 34 67 f5 f0 05 f7 16 eb 28 89 8e 98 27 58 5f 61 c3 3f 72 f5 dc 2f b7 67 48 87 18 c6 72> +1999-03-02 09:44:33 SG <3a e2 4b 89 c0 a9 e8 f8 d2 bb ea 7d f8 57 7a aa 26 42 b3 94 04 04 24 f7 0d 6d 33 de 82 90 75 76 ba 3a a4 7d e0 e5 6d 3a 3c e6 74 3f b4 ad cf d1 b9 bd 6a 06 44 ea a9 a3 14 5e 34 d7 54 2e ed 5a b3 fb ca df 5a b6 22 d8 b0 f0 38 68 48 a8 cd 34 6b b2 e9 7f 96 cd ec 48 fa 5d 0e 2f 66 f0 c3 bf f9 f4 65 10 80 b9 f4 fa db be a4 26 c3 3d 25 3a 7f b7 e9 ad cd d6 06 55 f1 98 3e ea b5 cf 76 a1> 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 CRU -1999-03-02 09:44:33 md5 fingerprint 6EF976EBB1B8D9F761FC9B90C0A932F2 -1999-03-02 09:44:33 sha1 fingerprint 937464090D55415838493903E638821D15251017 -1999-03-02 09:44:33 sha256 fingerprint 5D5FAB3264B5DC5101A548BF1F80FED4AF1FEB8108E08EE4BE012CCC0BD39395 -1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sxlbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64fgzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7Mxv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg== +1999-03-02 09:44:33 md5 fingerprint 61F3EF662C9186FC1CA4F6FF1C22F0C9 +1999-03-02 09:44:33 sha1 fingerprint 3E38B35220A0E1803974EA8DD9D22CDAF653CCBF +1999-03-02 09:44:33 sha256 fingerprint 33177BB2668D3D95E81B241F3C71AF36DF691818CB47B882B59F349D7416B025 +1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9gbFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchmTbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJwKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoGROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQgLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ== 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server2.example.com" S=sss diff --git a/test/log/2012 b/test/log/2012 index efb293303..4d6699ab0 100644 --- a/test/log/2012 +++ b/test/log/2012 @@ -5,18 +5,15 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (certificate verification failed): certificate invalid 1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaX-0005vi-00 userx@test.ex: error ignored 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid 1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client_y T=send_to_server_retry H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client_z T=send_to_server_crypt H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmbA-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbF-0005vi-00" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 10HmbB-0005vi-00 no IP address found for host server1.example.net diff --git a/test/log/2013 b/test/log/2013 index 21fad4866..79bc3f612 100644 --- a/test/log/2013 +++ b/test/log/2013 @@ -1,21 +1,27 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userx@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for usery@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userz@test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 SMTP connection from [127.0.0.1]:1111 (TCP/IP connection count = 1) -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for userx@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex 1999-03-02 09:44:33 SMTP connection from localhost (myhost.test.ex) [127.0.0.1]:1111 closed by QUIT 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx R=server T=local_delivery -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => usery R=server T=local_delivery +1999-03-02 09:44:33 10HmbA-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 => userz R=server T=local_delivery +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 => usery R=server T=local_delivery +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2016 b/test/log/2016 index d784bfcea..039002bb0 100644 --- a/test/log/2016 +++ b/test/log/2016 @@ -1,3 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (gnutls_handshake): timed out -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (gnutls_handshake): timed out diff --git a/test/log/2027 b/test/log/2027 index 18b020a62..1c5a6a147 100644 --- a/test/log/2027 +++ b/test/log/2027 @@ -3,8 +3,7 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (gnutls_handshake): A TLS fatal alert has been received. -1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (gnutls_handshake): A TLS fatal alert has been received.: delivering unencrypted to H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf @@ -12,8 +11,8 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate. 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate. 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/2033 b/test/log/2033 index 44cec64b1..d6686d572 100644 --- a/test/log/2033 +++ b/test/log/2033 @@ -2,8 +2,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed) -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): delivering unencrypted to H=the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 => userr@test.ex R=client_r T=send_to_server_req_failname H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 => users@test.ex R=client_s T=send_to_server_req_passname H=server1.example.com [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00" diff --git a/test/log/2051 b/test/log/2051 index baa775c0d..e59a2819b 100644 --- a/test/log/2051 +++ b/test/log/2051 @@ -1,3 +1,2 @@ -1999-03-02 09:44:33 H=127.0.0.1 [127.0.0.1] TLS error on connection (gnutls_handshake): timed out -1999-03-02 09:44:33 TLS session failure: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 TLS session: (gnutls_handshake): timed out: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 <= s1@test.ex U=CALLER P=local-esmtp S=sss diff --git a/test/log/2052 b/test/log/2052 index 68c88a330..04c72f5eb 100644 --- a/test/log/2052 +++ b/test/log/2052 @@ -1,7 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2101 b/test/log/2101 index c3d184a48..84d665197 100644 --- a/test/log/2101 +++ b/test/log/2101 @@ -1,18 +1,14 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 End queue run: pid=pppp -qf ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/2102 b/test/log/2102 index 4257a3b61..3d6de84d0 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -16,7 +16,6 @@ 1999-03-02 09:44:33 Peer did not present a cert 1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 CV=no S=sss 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 Our cert SN: 1999-03-02 09:44:33 Peer cert: 1999-03-02 09:44:33 ver 2 @@ -24,17 +23,18 @@ 1999-03-02 09:44:33 SN 1999-03-02 09:44:33 IN 1999-03-02 09:44:33 IN/O -1999-03-02 09:44:33 NB/r -1999-03-02 09:44:33 NB -1999-03-02 09:44:33 NB/i <1351773246> -1999-03-02 09:44:33 NA +1999-03-02 09:44:33 NB/r +1999-03-02 09:44:33 NB +1999-03-02 09:44:33 NB/i <1351773242> +1999-03-02 09:44:33 NA/i <2143283642> +1999-03-02 09:44:33 NA 1999-03-02 09:44:33 SA -1999-03-02 09:44:33 SG < 71:b2:af:7b:95:28:55:f3:39:e3:8d:32:43:e9:2f:68:28:ef:\n 03:76:3c:3a:6a:7a:d7:6e:47:4e:69:25:67:fb:7a:eb:bc:bb:\n 69:9c:3f:e8:b7:78:d0:a9:78:0c:7a:46:8d:01:de:cc:c6:fd:\n 13:be:8d:99:ba:12:ee:eb:df:e9:65:98:4c:e9:ff:2e:fe:71:\n 5e:11:fe:48:81:66:91:a7:f5:70:8a:9c:63:36:b7:ac:69:95:\n 06:5e:54:9b:53:ff:a9:d9:07:34:67:f5:f0:05:f7:16:eb:28:\n 89:8e:98:27:58:5f:61:c3:3f:72:f5:dc:2f:b7:67:48:87:18:\n c6:72\n> +1999-03-02 09:44:33 SG < 3a:e2:4b:89:c0:a9:e8:f8:d2:bb:ea:7d:f8:57:7a:aa:26:42:\n b3:94:04:04:24:f7:0d:6d:33:de:82:90:75:76:ba:3a:a4:7d:\n e0:e5:6d:3a:3c:e6:74:3f:b4:ad:cf:d1:b9:bd:6a:06:44:ea:\n a9:a3:14:5e:34:d7:54:2e:ed:5a:b3:fb:ca:df:5a:b6:22:d8:\n b0:f0:38:68:48:a8:cd:34:6b:b2:e9:7f:96:cd:ec:48:fa:5d:\n 0e:2f:66:f0:c3:bf:f9:f4:65:10:80:b9:f4:fa:db:be:a4:26:\n c3:3d:25:3a:7f:b7:e9:ad:cd:d6:06:55:f1:98:3e:ea:b5:cf:\n 76:a1\n> 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 OCU 1999-03-02 09:44:33 CRU -1999-03-02 09:44:33 md5 fingerprint 6EF976EBB1B8D9F761FC9B90C0A932F2 -1999-03-02 09:44:33 sha1 fingerprint 937464090D55415838493903E638821D15251017 -1999-03-02 09:44:33 sha256 fingerprint 5D5FAB3264B5DC5101A548BF1F80FED4AF1FEB8108E08EE4BE012CCC0BD39395 -1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sxlbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64fgzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7Mxv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg== +1999-03-02 09:44:33 md5 fingerprint 61F3EF662C9186FC1CA4F6FF1C22F0C9 +1999-03-02 09:44:33 sha1 fingerprint 3E38B35220A0E1803974EA8DD9D22CDAF653CCBF +1999-03-02 09:44:33 sha256 fingerprint 33177BB2668D3D95E81B241F3C71AF36DF691818CB47B882B59F349D7416B025 +1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9gbFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchmTbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJwKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoGROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQgLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ== 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server2.example.com" S=sss diff --git a/test/log/2111 b/test/log/2111 index e16581c56..c378f8035 100644 --- a/test/log/2111 +++ b/test/log/2111 @@ -1,6 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1" 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" @@ -10,5 +9,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2112 b/test/log/2112 index f46b5ca92..2e8211991 100644 --- a/test/log/2112 +++ b/test/log/2112 @@ -12,13 +12,11 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for users@test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com -1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaX-0005vi-00 userx@test.ex: error ignored 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com -1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client_y T=send_to_server_retry H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com @@ -26,8 +24,7 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client_z T=send_to_server_crypt H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com -1999-03-02 09:44:33 10HmbA-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbA-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbF-0005vi-00" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 10HmbB-0005vi-00 no IP address found for host server1.example.net @@ -41,13 +38,10 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex for userq@test.ex 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbB-0005vi-00@myhost.test.ex for userr@test.ex 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@myhost.test.ex for users@test.ex diff --git a/test/log/2113 b/test/log/2113 index 797989bee..08b08cc84 100644 --- a/test/log/2113 +++ b/test/log/2113 @@ -1,21 +1,27 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userx@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for usery@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userz@test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 SMTP connection from [127.0.0.1]:1111 (TCP/IP connection count = 1) -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for userx@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex 1999-03-02 09:44:33 SMTP connection from localhost (myhost.test.ex) [127.0.0.1]:1111 closed by QUIT 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx R=server T=local_delivery -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 => userx R=server T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 => userz R=server T=local_delivery +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 => usery R=server T=local_delivery +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2114 b/test/log/2114 index 3d4219774..b1afe484f 100644 --- a/test/log/2114 +++ b/test/log/2114 @@ -2,17 +2,14 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no F= rejected RCPT : certificate not verified: peerdn= 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F= rejected RCPT : certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=certificate revoked cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=CRL signature failure cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F= rejected RCPT : certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock diff --git a/test/log/2115 b/test/log/2115 index bb8794be6..ffcb0893b 100644 --- a/test/log/2115 +++ b/test/log/2115 @@ -3,5 +3,4 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 SMTP connection from [127.0.0.1] (TCP/IP connection count = 1) 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [127.0.0.1] (SSL_accept): timed out -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 SMTP command timeout on connection from (rhu.barb) [127.0.0.1] diff --git a/test/log/2116 b/test/log/2116 index b7968201c..32596c206 100644 --- a/test/log/2116 +++ b/test/log/2116 @@ -1,3 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): timed out -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): timed out diff --git a/test/log/2124 b/test/log/2124 index ba22aac7f..cafa67b4d 100644 --- a/test/log/2124 +++ b/test/log/2124 @@ -3,6 +3,5 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_CTX_use_certificate_chain_file file=/non/exist): error:02001002:system library:fopen:No such file or directory diff --git a/test/log/2125 b/test/log/2125 index 2045a10dc..ca583c89d 100644 --- a/test/log/2125 +++ b/test/log/2125 @@ -1,6 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES128-SHA:128 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf @@ -8,5 +7,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES128-SHA:128 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex diff --git a/test/log/2127 b/test/log/2127 index 37a45168f..7bc71bbde 100644 --- a/test/log/2127 +++ b/test/log/2127 @@ -3,8 +3,7 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf @@ -13,7 +12,6 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx R=server T=local_delivery diff --git a/test/log/2132 b/test/log/2132 index d968a907a..0ef458308 100644 --- a/test/log/2132 +++ b/test/log/2132 @@ -16,7 +16,6 @@ 1999-03-02 09:44:33 Peer did not present a cert 1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 CV=no S=sss 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 Our cert SN: 1999-03-02 09:44:33 SN 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" S=sss diff --git a/test/log/2133 b/test/log/2133 index 03fc16ce9..d0f0a306f 100644 --- a/test/log/2133 +++ b/test/log/2133 @@ -4,13 +4,11 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com -1999-03-02 09:44:33 10HmaX-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="the.local.host.name" -1999-03-02 09:44:33 10HmaY-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaY-0005vi-00 => userr@test.ex R=client_r T=send_to_server_req_failname H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 => users@test.ex R=client_s T=send_to_server_req_passname H=server1.example.com [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00" @@ -23,10 +21,8 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbA-0005vi-00@myhost.test.ex diff --git a/test/log/2151 b/test/log/2151 index c2cc11363..a649f43e0 100644 --- a/test/log/2151 +++ b/test/log/2151 @@ -1,3 +1,2 @@ -1999-03-02 09:44:33 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): timed out -1999-03-02 09:44:33 TLS session failure: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 TLS session: (SSL_connect): timed out: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 <= s1@test.ex U=CALLER P=local-esmtp S=sss diff --git a/test/log/2200 b/test/log/2200 index f59faf8b9..84f94626a 100644 --- a/test/log/2200 +++ b/test/log/2200 @@ -1 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{defer_strict,a=$domain}}": lookup of "defer_strict,a=test.again.dns" gave DEFER: diff --git a/test/log/4011 b/test/log/4011 new file mode 100644 index 000000000..48f0f886c --- /dev/null +++ b/test/log/4011 @@ -0,0 +1,11 @@ +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=r +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 [127.0.0.1]:1111 malware_name EICAR_Test_File +1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F= rejected after DATA +1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out) +1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F= temporarily rejected after DATA +1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out) +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=r +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/4030 b/test/log/4030 new file mode 100644 index 000000000..95fc21966 --- /dev/null +++ b/test/log/4030 @@ -0,0 +1,23 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 proxy session: no +1999-03-02 09:44:33 local [127.0.0.1]:1111 +1999-03-02 09:44:33 proxy internal []:0 +1999-03-02 09:44:33 proxy external []:0 +1999-03-02 09:44:33 remote [127.0.0.1]:1112 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= a@test.ex H=(clientname) [127.0.0.1]:1112 P=smtp S=sss +1999-03-02 09:44:33 no host name found for IP address 127.0.0.2 +1999-03-02 09:44:33 proxy session: yes +1999-03-02 09:44:33 local [ip4.ip4.ip4.ip4]:1111 +1999-03-02 09:44:33 proxy internal [ip4.ip4.ip4.ip4]:1113 +1999-03-02 09:44:33 proxy external [127.42.42.42]:1114 +1999-03-02 09:44:33 remote [127.0.0.2]:1115 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= c@test.ex H=(clientname) [127.0.0.2]:1115 P=smtp PRX=ip4.ip4.ip4.ip4 S=sss +1999-03-02 09:44:33 no host name found for IP address 192.168.0.15 +1999-03-02 09:44:33 proxy session: yes +1999-03-02 09:44:33 local [ip4.ip4.ip4.ip4]:1111 +1999-03-02 09:44:33 proxy internal [ip4.ip4.ip4.ip4]:1116 +1999-03-02 09:44:33 proxy external [192.168.0.5]:1117 +1999-03-02 09:44:33 remote [192.168.0.15]:1118 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= e@test.ex H=(clientname) [192.168.0.15]:1118 P=smtp PRX=ip4.ip4.ip4.ip4 S=sss diff --git a/test/log/4204 b/test/log/4204 index 0dd1f89a6..bfd09c9e0 100644 --- a/test/log/4204 +++ b/test/log/4204 @@ -4,8 +4,8 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/4206 b/test/log/4206 index cab609f55..7fd5f73c7 100644 --- a/test/log/4206 +++ b/test/log/4206 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F= R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/log/4214 b/test/log/4214 index 97a89fd80..df902db45 100644 --- a/test/log/4214 +++ b/test/log/4214 @@ -4,8 +4,8 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/4216 b/test/log/4216 index 75941e1d3..511a74365 100644 --- a/test/log/4216 +++ b/test/log/4216 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F= R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/log/4224 b/test/log/4224 index d58181e24..d53c397a9 100644 --- a/test/log/4224 +++ b/test/log/4224 @@ -4,8 +4,8 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/4226 b/test/log/4226 index d2e4a1c8d..71deed543 100644 --- a/test/log/4226 +++ b/test/log/4226 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F= R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/log/4503 b/test/log/4503 deleted file mode 100644 index 53781b966..000000000 --- a/test/log/4503 +++ /dev/null @@ -1,27 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00" -1999-03-02 09:44:33 10HmbB-0005vi-00 Completed - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server_dump -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server_dump -1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/log/4506 b/test/log/4506 new file mode 100644 index 000000000..fb0f22567 --- /dev/null +++ b/test/log/4506 @@ -0,0 +1,15 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024 +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: validation error: RSA_LONG_LINE +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net diff --git a/test/log/4509 b/test/log/4509 deleted file mode 100644 index 052569fa9..000000000 --- a/test/log/4509 +++ /dev/null @@ -1,13 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for a@test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 661 byte chunk, total 661\\n250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for b@test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 8520 byte chunk, total 8848\\n250 OK id=10HmbA-0005vi-00" -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 -1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex diff --git a/test/log/4510 b/test/log/4510 deleted file mode 100644 index 0d826ab32..000000000 --- a/test/log/4510 +++ /dev/null @@ -1,20 +0,0 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R= refusal -1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R= acceptance" -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00" -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmaX-0005vi-00 Completed - -******** SERVER ******** -1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] -1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From -1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= refusal -1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= acceptance -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump -1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=server_store T=store -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/4520 b/test/log/4520 new file mode 100644 index 000000000..e9736fd6f --- /dev/null +++ b/test/log/4520 @@ -0,0 +1,35 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record] +1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed diff --git a/test/log/4521 b/test/log/4521 new file mode 100644 index 000000000..052569fa9 --- /dev/null +++ b/test/log/4521 @@ -0,0 +1,13 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 661 byte chunk, total 661\\n250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 8520 byte chunk, total 8848\\n250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex diff --git a/test/log/4522 b/test/log/4522 new file mode 100644 index 000000000..c0b414b02 --- /dev/null +++ b/test/log/4522 @@ -0,0 +1,7 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex diff --git a/test/log/4550 b/test/log/4550 new file mode 100644 index 000000000..0d826ab32 --- /dev/null +++ b/test/log/4550 @@ -0,0 +1,20 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R= refusal +1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R= acceptance" +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= refusal +1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= acceptance +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server_dump +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=server_store T=store +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/5401 b/test/log/5401 index dc4027b47..553b7ab75 100644 --- a/test/log/5401 +++ b/test/log/5401 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 No mate -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Not that one +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 No mate +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Not that one 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/5405 b/test/log/5405 index ae3ad767d..901add1c3 100644 --- a/test/log/5405 +++ b/test/log/5405 @@ -20,4 +20,4 @@ 1999-03-02 09:44:33 10HmbD-0005vi-00 >> userh@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss for userh@domain.com 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 not right now +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 not right now diff --git a/test/log/5601 b/test/log/5601 index f2a03375b..2ddf7e2cd 100644 --- a/test/log/5601 +++ b/test/log/5601 @@ -9,16 +9,13 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content -1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 Server certificate revoked; reason: superseded -1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 Server OSCP dates invalid -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 @@ -37,10 +34,7 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/5611 b/test/log/5611 index f2a03375b..2ddf7e2cd 100644 --- a/test/log/5611 +++ b/test/log/5611 @@ -9,16 +9,13 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content -1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 Server certificate revoked; reason: superseded -1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 Server OSCP dates invalid -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> -1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 @@ -37,10 +34,7 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/5651 b/test/log/5651 index f1a1b9cf2..74d5a3343 100644 --- a/test/log/5651 +++ b/test/log/5651 @@ -8,14 +8,11 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) -1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked -1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) -1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/5710 b/test/log/5710 index a894e5d6b..af98f686f 100644 --- a/test/log/5710 +++ b/test/log/5710 @@ -2,7 +2,6 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: @@ -11,13 +10,13 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SN; 1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN 1999-03-02 09:44:33 10HmaX-0005vi-00 IN -1999-03-02 09:44:33 10HmaX-0005vi-00 NB -1999-03-02 09:44:33 10HmaX-0005vi-00 NA +1999-03-02 09:44:33 10HmaX-0005vi-00 NB +1999-03-02 09:44:33 10HmaX-0005vi-00 NA 1999-03-02 09:44:33 10HmaX-0005vi-00 SA -1999-03-02 09:44:33 10HmaX-0005vi-00 SG <21 91 c3 1f 28 45 dd 2c ac d6 38 44 e7 b0 bb de 5a dc 45 1c 46 f1 76 a8 0d bf aa 4f f4 03 5e 1e fb b7 10 16 4d 4e 51 f1 8f b9 e4 38 10 69 02 c1 6b 27 2d 7c 15 f0 b7 0b 4c 51 ab 21 43 36 3e 4e 3a 68 7d 61 15 37 c3 2a b8 3e 34 85 4e 1c 54 55 95 7a 0b 80 70 38 77 d0 bd 4e c4 ca ab af 14 ea a3 24 43 13 eb 27 97 82 11 a2 15 29 3c 15 f2 f8 e9 8d d7 ad 20 b5 77 d7 01 8f 84 95 c1 e8 25 db> -1999-03-02 09:44:33 10HmaX-0005vi-00 SAN +1999-03-02 09:44:33 10HmaX-0005vi-00 SG <67 ef 2d 43 8e 43 50 f5 3f 41 ee 42 cf f4 b4 31 3d d8 88 b5 f7 24 1f 26 83 32 6a 6c ff 8a 36 b7 be cb 28 48 68 9c a9 3c 6e 2f 2d a5 f4 fc d2 09 9b 1d 04 00 26 7d a5 f9 39 13 06 dd 9d 69 78 f8 7b f5 3c 82 9d 8f b9 4f 1a b6 f0 0b 7f 20 82 6e 80 4e 38 09 d1 43 23 22 dd 37 5d 80 6d 5a aa 23 33 e4 79 c9 0d 8d cc b8 ed 5f 6b 01 56 2c 49 89 9b ca 5e d5 b3 b0 93 7e d5 5e f0 98 7d 5f 07 4b> +1999-03-02 09:44:33 10HmaX-0005vi-00 SAN 1999-03-02 09:44:33 10HmaX-0005vi-00 CRU -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -33,11 +32,11 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 SN; 1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN 1999-03-02 09:44:33 10HmaY-0005vi-00 IN -1999-03-02 09:44:33 10HmaY-0005vi-00 NB -1999-03-02 09:44:33 10HmaY-0005vi-00 NA +1999-03-02 09:44:33 10HmaY-0005vi-00 NB +1999-03-02 09:44:33 10HmaY-0005vi-00 NA 1999-03-02 09:44:33 10HmaY-0005vi-00 SA -1999-03-02 09:44:33 10HmaY-0005vi-00 SG <21 91 c3 1f 28 45 dd 2c ac d6 38 44 e7 b0 bb de 5a dc 45 1c 46 f1 76 a8 0d bf aa 4f f4 03 5e 1e fb b7 10 16 4d 4e 51 f1 8f b9 e4 38 10 69 02 c1 6b 27 2d 7c 15 f0 b7 0b 4c 51 ab 21 43 36 3e 4e 3a 68 7d 61 15 37 c3 2a b8 3e 34 85 4e 1c 54 55 95 7a 0b 80 70 38 77 d0 bd 4e c4 ca ab af 14 ea a3 24 43 13 eb 27 97 82 11 a2 15 29 3c 15 f2 f8 e9 8d d7 ad 20 b5 77 d7 01 8f 84 95 c1 e8 25 db> -1999-03-02 09:44:33 10HmaY-0005vi-00 SAN +1999-03-02 09:44:33 10HmaY-0005vi-00 SG <67 ef 2d 43 8e 43 50 f5 3f 41 ee 42 cf f4 b4 31 3d d8 88 b5 f7 24 1f 26 83 32 6a 6c ff 8a 36 b7 be cb 28 48 68 9c a9 3c 6e 2f 2d a5 f4 fc d2 09 9b 1d 04 00 26 7d a5 f9 39 13 06 dd 9d 69 78 f8 7b f5 3c 82 9d 8f b9 4f 1a b6 f0 0b 7f 20 82 6e 80 4e 38 09 d1 43 23 22 dd 37 5d 80 6d 5a aa 23 33 e4 79 c9 0d 8d cc b8 ed 5f 6b 01 56 2c 49 89 9b ca 5e d5 b3 b0 93 7e d5 5e f0 98 7d 5f 07 4b> +1999-03-02 09:44:33 10HmaY-0005vi-00 SAN 1999-03-02 09:44:33 10HmaY-0005vi-00 CRU 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/5720 b/test/log/5720 index c71096f8b..55602874e 100644 --- a/test/log/5720 +++ b/test/log/5720 @@ -2,7 +2,6 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA -1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert: @@ -11,14 +10,14 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SN; 1999-03-02 09:44:33 10HmaX-0005vi-00 SNO 1999-03-02 09:44:33 10HmaX-0005vi-00 IN -1999-03-02 09:44:33 10HmaX-0005vi-00 NB -1999-03-02 09:44:33 10HmaX-0005vi-00 NA +1999-03-02 09:44:33 10HmaX-0005vi-00 NB +1999-03-02 09:44:33 10HmaX-0005vi-00 NA 1999-03-02 09:44:33 10HmaX-0005vi-00 SA -1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 39:c1:60:c7:5b:b4:1a:52:48:74:d3:bc:24:d1:5c:f9:70:cb:\n 99:cf:4f:18:9c:b3:f1:cb:bf:90:f1:20:6d:c1:2a:bf:7b:bd:\n 88:0e:34:af:b0:1c:de:39:c1:ef:2a:c6:7a:12:a4:3d:15:a2:\n e7:09:c5:e7:f4:ac:de:2e:5f:fc:86:e9:5a:18:8c:54:4b:ff:\n 25:bc:f2:75:f3:17:2e:f9:da:72:bc:dd:8a:c6:19:d5:14:5a:\n 17:98:e0:ea:c0:10:63:26:7b:25:1e:f4:0c:3b:18:67:33:26:\n 2e:6e:31:35:e1:3c:07:6b:d4:59:fa:26:3f:9e:67:2d:54:bf:\n fc:ae\n> +1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 1a:d3:99:1f:3e:82:d1:02:2d:4e:f3:b1:ba:ec:44:a2:1e:13:\n d6:12:5f:1b:2a:ce:fd:c3:3e:95:23:f5:53:7b:97:4e:44:45:\n ed:dd:6f:bf:d3:35:e3:c1:2c:7d:0a:c2:98:d6:96:3b:8f:0d:\n 48:4a:58:2e:63:42:f9:1f:80:11:2b:d0:22:80:2d:01:96:53:\n 4b:10:24:33:61:47:74:83:b0:f5:06:53:40:45:51:04:fb:83:\n 50:7d:e0:39:a9:ef:68:af:1c:b8:cc:ae:dc:67:2e:b3:93:df:\n 65:21:89:a1:06:dd:7e:75:02:9a:2a:45:1c:97:71:22:59:05:\n c6:0d\n> 1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN) 1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU) 1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) -1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) +1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -36,11 +35,11 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 SN; 1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <> 1999-03-02 09:44:33 10HmaY-0005vi-00 IN -1999-03-02 09:44:33 10HmaY-0005vi-00 NB -1999-03-02 09:44:33 10HmaY-0005vi-00 NA +1999-03-02 09:44:33 10HmaY-0005vi-00 NB +1999-03-02 09:44:33 10HmaY-0005vi-00 NA 1999-03-02 09:44:33 10HmaY-0005vi-00 SA -1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 21:91:c3:1f:28:45:dd:2c:ac:d6:38:44:e7:b0:bb:de:5a:dc:\n 45:1c:46:f1:76:a8:0d:bf:aa:4f:f4:03:5e:1e:fb:b7:10:16:\n 4d:4e:51:f1:8f:b9:e4:38:10:69:02:c1:6b:27:2d:7c:15:f0:\n b7:0b:4c:51:ab:21:43:36:3e:4e:3a:68:7d:61:15:37:c3:2a:\n b8:3e:34:85:4e:1c:54:55:95:7a:0b:80:70:38:77:d0:bd:4e:\n c4:ca:ab:af:14:ea:a3:24:43:13:eb:27:97:82:11:a2:15:29:\n 3c:15:f2:f8:e9:8d:d7:ad:20:b5:77:d7:01:8f:84:95:c1:e8:\n 25:db\n> -1999-03-02 09:44:33 10HmaY-0005vi-00 SAN +1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 67:ef:2d:43:8e:43:50:f5:3f:41:ee:42:cf:f4:b4:31:3d:d8:\n 88:b5:f7:24:1f:26:83:32:6a:6c:ff:8a:36:b7:be:cb:28:48:\n 68:9c:a9:3c:6e:2f:2d:a5:f4:fc:d2:09:9b:1d:04:00:26:7d:\n a5:f9:39:13:06:dd:9d:69:78:f8:7b:f5:3c:82:9d:8f:b9:4f:\n 1a:b6:f0:0b:7f:20:82:6e:80:4e:38:09:d1:43:23:22:dd:37:\n 5d:80:6d:5a:aa:23:33:e4:79:c9:0d:8d:cc:b8:ed:5f:6b:01:\n 56:2c:49:89:9b:ca:5e:d5:b3:b0:93:7e:d5:5e:f0:98:7d:5f:\n 07:4b\n> +1999-03-02 09:44:33 10HmaY-0005vi-00 SAN 1999-03-02 09:44:33 10HmaY-0005vi-00 OCU 1999-03-02 09:44:33 10HmaY-0005vi-00 CRU 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed @@ -49,7 +48,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 [127.0.0.1] depth=2 CN=clica CA,O=example.com 1999-03-02 09:44:33 [127.0.0.1] depth=1 CN=clica Signing Cert,O=example.com diff --git a/test/log/5730 b/test/log/5730 index 0b0735448..f73bd20eb 100644 --- a/test/log/5730 +++ b/test/log/5730 @@ -15,17 +15,14 @@ 1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified) 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) 1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked 1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed) 1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed) ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 diff --git a/test/log/5740 b/test/log/5740 index 5aee9f128..3fc357b76 100644 --- a/test/log/5740 +++ b/test/log/5740 @@ -16,19 +16,16 @@ 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content -1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 1 (notresp) -1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbG-0005vi-00 Server certificate revoked; reason: superseded -1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbH-0005vi-00 Server OSCP dates invalid -1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <> 1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed) -1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session +1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <> ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 @@ -51,10 +48,7 @@ 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> -1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/mail/0211.CALLER b/test/mail/0211.CALLER index bf77afff3..12511cd73 100644 --- a/test/mail/0211.CALLER +++ b/test/mail/0211.CALLER @@ -24,7 +24,7 @@ recipients. This is a permanent error. The following address(es) failed: userx@domain1 host localhost4.test.ex [127.0.0.1] SMTP error from remote mail server after initial connection: - 550 Go away + 550 Go away (A) --NNNNNNNNNN-eximdsn-MMMMMMMMMM Content-type: message/delivery-status @@ -35,7 +35,7 @@ Action: failed Final-Recipient: rfc822;userx@domain1 Status: 5.0.0 Remote-MTA: dns; localhost4.test.ex -Diagnostic-Code: smtp; 550 Go away +Diagnostic-Code: smtp; 550 Go away (A) --NNNNNNNNNN-eximdsn-MMMMMMMMMM Content-type: message/rfc822 @@ -80,11 +80,11 @@ recipients. This is a permanent error. The following address(es) failed: usery@domain2 host localhost4.test.ex [127.0.0.1] SMTP error from remote mail server after HELO the.local.host.name: - 550 Go away + 550 Go away (C) userx@domain1 host localhost4.test.ex [127.0.0.1] SMTP error from remote mail server after HELO the.local.host.name: - 550 Go away + 550 Go away (C) --NNNNNNNNNN-eximdsn-MMMMMMMMMM Content-type: message/delivery-status @@ -95,13 +95,13 @@ Action: failed Final-Recipient: rfc822;userx@domain1 Status: 5.0.0 Remote-MTA: dns; localhost4.test.ex -Diagnostic-Code: smtp; 550 Go away +Diagnostic-Code: smtp; 550 Go away (C) Action: failed Final-Recipient: rfc822;usery@domain2 Status: 5.0.0 Remote-MTA: dns; localhost4.test.ex -Diagnostic-Code: smtp; 550 Go away +Diagnostic-Code: smtp; 550 Go away (C) --NNNNNNNNNN-eximdsn-MMMMMMMMMM Content-type: message/rfc822 diff --git a/test/mail/0531.CALLER b/test/mail/0531.CALLER index 4d714c756..b31f69571 100644 --- a/test/mail/0531.CALLER +++ b/test/mail/0531.CALLER @@ -46,7 +46,7 @@ Message-Id: From: CALLER_NAME Date: Tue, 2 Mar 1999 09:44:33 +0000 -This is a test message. +1:This is a test message. --NNNNNNNNNN-eximdsn-MMMMMMMMMM-- @@ -99,7 +99,7 @@ Message-Id: From: CALLER_NAME Date: Tue, 2 Mar 1999 09:44:33 +0000 -This is a test message. +2: This is a test message. --NNNNNNNNNN-eximdsn-MMMMMMMMMM-- @@ -153,7 +153,7 @@ Message-Id: From: CALLER_NAME Date: Tue, 2 Mar 1999 09:44:33 +0000 -This is a test message. +3: This is a test message. --NNNNNNNNNN-eximdsn-MMMMMMMMMM-- diff --git a/test/mail/2013.userx b/test/mail/2013.userx index a0615146b..0d421f497 100644 --- a/test/mail/2013.userx +++ b/test/mail/2013.userx @@ -3,7 +3,7 @@ Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256) (Exim x.yz) (envelope-from ) - id 10HmaZ-0005vi-00 + id 10HmbA-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from CALLER by myhost.test.ex with local (Exim x.yz) (envelope-from ) diff --git a/test/mail/2013.usery b/test/mail/2013.usery index a93a63d14..70e5f37fb 100644 --- a/test/mail/2013.usery +++ b/test/mail/2013.usery @@ -3,7 +3,7 @@ Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256) (Exim x.yz) (envelope-from ) - id 10HmbA-0005vi-00 + id 10HmbC-0005vi-00 for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from CALLER by myhost.test.ex with local (Exim x.yz) (envelope-from ) diff --git a/test/mail/2013.userz b/test/mail/2013.userz new file mode 100644 index 000000000..f7b8e9c1d --- /dev/null +++ b/test/mail/2013.userz @@ -0,0 +1,18 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) + by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256) + (Exim x.yz) + (envelope-from ) + id 10HmbB-0005vi-00 + for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 +TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn= + +Test message 3 + diff --git a/test/mail/2113.userx b/test/mail/2113.userx index 70f5e9e24..247218ae0 100644 --- a/test/mail/2113.userx +++ b/test/mail/2113.userx @@ -3,7 +3,7 @@ Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256) (Exim x.yz) (envelope-from ) - id 10HmaZ-0005vi-00 + id 10HmbA-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from CALLER by myhost.test.ex with local (Exim x.yz) (envelope-from ) @@ -16,21 +16,3 @@ TLS: cipher=TLSv1:AES256-SHA:256 peerdn= Test message 1 -From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 -Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256) - (Exim x.yz) - (envelope-from ) - id 10HmbA-0005vi-00 - for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -Received: from CALLER by myhost.test.ex with local (Exim x.yz) - (envelope-from ) - id 10HmaY-0005vi-00 - for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -Message-Id: -From: CALLER_NAME -Date: Tue, 2 Mar 1999 09:44:33 +0000 -TLS: cipher=TLSv1:AES256-SHA:256 peerdn= - -Test message 2 - diff --git a/test/mail/2113.usery b/test/mail/2113.usery new file mode 100644 index 000000000..78402a324 --- /dev/null +++ b/test/mail/2113.usery @@ -0,0 +1,18 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) + by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256) + (Exim x.yz) + (envelope-from ) + id 10HmbC-0005vi-00 + for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 +TLS: cipher=TLSv1:AES256-SHA:256 peerdn= + +Test message 2 + diff --git a/test/mail/2113.userz b/test/mail/2113.userz new file mode 100644 index 000000000..0d8210281 --- /dev/null +++ b/test/mail/2113.userz @@ -0,0 +1,18 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) + by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256) + (Exim x.yz) + (envelope-from ) + id 10HmbB-0005vi-00 + for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 +TLS: cipher=TLSv1:AES256-SHA:256 peerdn= + +Test message 3 + diff --git a/test/mail/4510.store b/test/mail/4510.store deleted file mode 100644 index d75e40906..000000000 --- a/test/mail/4510.store +++ /dev/null @@ -1,58 +0,0 @@ -From MAILER-DAEMON Tue Mar 02 09:44:33 1999 -Return-path: <> -Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtp (Exim x.yz) - id 10HmaZ-0005vi-00 - for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz) - id 10HmaY-0005vi-00 - for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -X-Failed-Recipients: baduser@test.ex -Auto-Submitted: auto-replied -From: Mail Delivery System -To: CALLER@myhost.test.ex -Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM -MIME-Version: 1.0 -Subject: Mail delivery failed: returning message to sender -Message-Id: -Date: Tue, 2 Mar 1999 09:44:33 +0000 - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: text/plain; charset=us-ascii - -This message was created automatically by mail delivery software. - -A message that you sent could not be delivered to one or more of its -recipients. This is a permanent error. The following address(es) failed: - - baduser@test.ex - host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4] - PRDR error after DATA: 550 PRDR R= refusal - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: message/delivery-status - -Reporting-MTA: dns; myhost.test.ex - -Action: failed -Final-Recipient: rfc822;baduser@test.ex -Status: 5.0.0 -Diagnostic-Code: smtp; 550 PRDR R= refusal - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM -Content-type: message/rfc822 - -Return-path: -Received: from CALLER by myhost.test.ex with local (Exim x.yz) - (envelope-from ) - id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 -From: nobody@example.com -From: second@example.com -Message-Id: -Sender: CALLER_NAME -Date: Tue, 2 Mar 1999 09:44:33 +0000 - -content - ---NNNNNNNNNN-eximdsn-MMMMMMMMMM-- - diff --git a/test/mail/4550.store b/test/mail/4550.store new file mode 100644 index 000000000..d117b34c6 --- /dev/null +++ b/test/mail/4550.store @@ -0,0 +1,59 @@ +From MAILER-DAEMON Tue Mar 02 09:44:33 1999 +Return-path: <> +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + id 10HmaZ-0005vi-00 + for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz) + id 10HmaY-0005vi-00 + for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +X-Failed-Recipients: baduser@test.ex +Auto-Submitted: auto-replied +From: Mail Delivery System +To: CALLER@myhost.test.ex +Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM +MIME-Version: 1.0 +Subject: Mail delivery failed: returning message to sender +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: text/plain; charset=us-ascii + +This message was created automatically by mail delivery software. + +A message that you sent could not be delivered to one or more of its +recipients. This is a permanent error. The following address(es) failed: + + baduser@test.ex + host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4] + PRDR error after DATA: 550 PRDR R= refusal + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/delivery-status + +Reporting-MTA: dns; myhost.test.ex + +Action: failed +Final-Recipient: rfc822;baduser@test.ex +Status: 5.0.0 +Remote-MTA: dns; ip4.ip4.ip4.ip4 +Diagnostic-Code: smtp; 550 PRDR R= refusal + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/rfc822 + +Return-path: +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +From: second@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM-- + diff --git a/test/paniclog/0502 b/test/paniclog/0502 index 71afc025b..4458e72af 100644 --- a/test/paniclog/0502 +++ b/test/paniclog/0502 @@ -1 +1 @@ -1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly) +1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT toplevel ACL may not fail ('deny' verb used incorrectly) diff --git a/test/paniclog/4011 b/test/paniclog/4011 new file mode 100644 index 000000000..73c3c0111 --- /dev/null +++ b/test/paniclog/4011 @@ -0,0 +1,2 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out) +1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out) diff --git a/test/patchexim b/test/patchexim index 9659ba133..cb9f98825 100755 --- a/test/patchexim +++ b/test/patchexim @@ -19,7 +19,17 @@ open(OUT, '>eximdir/exim') || die "** Failed to open eximdir/exim: $!\n"; while() { s/>>>running<<>>/; - s/(\d+\.\d+(?:[_.]\d+)?([_-]RC\d+|[_-]dev)?(?:[0-9a-fA-F-]*)(?:-XX)?\0<>)/"x.yz\0" . ("*" x (length($1) - 5))/e; + s{ + (\d+\.\d+ # major.minor + (?:[_.]\d+)? # optional patchlevel + (?:[_-]RC\d+|[_-]?dev(?:start)?)? # optional RC or dev(start) + (?:(?:[_-]\d+)? # git tag distance + [-_][[:xdigit:]]+)? # git id + (?:[-_]XX)?\0 # git dirty bit + <> # marker + ) + } + {"x.yz\0" . ("*" x (length($1) - 5))}xe; print OUT; } diff --git a/test/rejectlog/0227 b/test/rejectlog/0227 index 8b2a2a148..8f5c0ad15 100644 --- a/test/rejectlog/0227 +++ b/test/rejectlog/0227 @@ -1,13 +1,13 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown user +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown user 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 Error for <> +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Error for <> 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550-Recipient not liked on two lines\n550 Here's the second 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line Envelope-from: @@ -28,10 +28,10 @@ P Received: from [V4NET.0.0.4] (ident=root) for z@remote.domain; Tue, 2 Mar 1999 09:44:33 +0000 F From: abcd@x.y.z 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : relay not permitted -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Don't like postmaster 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : Remote host closed connection in response to initial connection 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/rejectlog/0365 b/test/rejectlog/0365 index 5dbe6259a..f6953da47 100644 --- a/test/rejectlog/0365 +++ b/test/rejectlog/0365 @@ -16,7 +16,7 @@ P Received: from CALLER by the.local.host.name with local-smtp (Exim x.yz) F From: bad@domain I Message-Id: Date: Tue, 2 Mar 1999 09:44:33 +0000 -1999-03-02 09:44:33 U=CALLER sender verify defer for : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F= rejected after DATA Envelope-from: @@ -37,15 +37,15 @@ P Received: from CALLER by the.local.host.name with local-smtp (Exim x.yz) F From: I Message-Id: Date: Tue, 2 Mar 1999 09:44:33 +0000 -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT : failure message 1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : defer message 1999-03-02 09:44:33 10HmbB-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER sender verify defer for : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 10HmbD-0005vi-00 U=CALLER F= rejected after DATA 1999-03-02 09:44:33 10HmbE-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error 1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT : failure message 1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : defer message diff --git a/test/rejectlog/0376 b/test/rejectlog/0376 index 8cac4a1de..47ad1638d 100644 --- a/test/rejectlog/0376 +++ b/test/rejectlog/0376 @@ -1,16 +1,20 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 REJECTED +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 REJECTED 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 REJECT MAIL FROM +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT MAIL FROM 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NOT OK +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NOT OK 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/rejectlog/0398 b/test/rejectlog/0398 index 24d045854..8db437966 100644 --- a/test/rejectlog/0398 +++ b/test/rejectlog/0398 @@ -1,2 +1,2 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Unknown 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed diff --git a/test/rejectlog/0413 b/test/rejectlog/0413 index 1e587828d..8f04162d2 100644 --- a/test/rejectlog/0413 +++ b/test/rejectlog/0413 @@ -1,6 +1,6 @@ -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout -1999-03-02 09:44:33 U=CALLER sender verify defer for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 Temporary error 1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL : Could not complete sender verify callout diff --git a/test/rejectlog/0462 b/test/rejectlog/0462 index ec4952f98..d0a04dacb 100644 --- a/test/rejectlog/0462 +++ b/test/rejectlog/0462 @@ -1,5 +1,5 @@ -1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed diff --git a/test/rejectlog/0473 b/test/rejectlog/0473 index c6e216931..acca9c9ed 100644 --- a/test/rejectlog/0473 +++ b/test/rejectlog/0473 @@ -1,10 +1,10 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT r3@other.ex: response to "MAIL FROM:" from 127.0.0.1 [127.0.0.1] was: 550 NOTOK -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r4@other.ex: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 U=CALLER F= rejected RCPT r3@other.ex: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:" was: 550 NOTOK +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r4@other.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Previous (cached) callout verification failure -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 NO +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NO 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 U=CALLER sender verify fail for 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after initial connection diff --git a/test/rejectlog/0538 b/test/rejectlog/0538 index 8b63bdb9b..827372c14 100644 --- a/test/rejectlog/0538 +++ b/test/rejectlog/0538 @@ -1,4 +1,4 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 I'm misconfigured +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 I'm misconfigured 1999-03-02 09:44:33 U=CALLER rejected MAIL : Sender verify failed 1999-03-02 09:44:33 U=CALLER sender verify fail for 1999-03-02 09:44:33 U=CALLER rejected MAIL : Sender verify failed diff --git a/test/rejectlog/0578 b/test/rejectlog/0578 new file mode 100644 index 000000000..db94a4d6e --- /dev/null +++ b/test/rejectlog/0578 @@ -0,0 +1,20 @@ +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 REJECTED rcpt +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (recipient): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT mail from +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : (mail): Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 NOT OK rcpt postmaster +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for +1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK accepting that random recipient +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:" was: 250 OK +1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F= temporarily rejected RCPT : Could not complete sender verify callout +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for : Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO: +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/rejectlog/0900 b/test/rejectlog/0900 index 4c194b510..e5eb296d5 100644 --- a/test/rejectlog/0900 +++ b/test/rejectlog/0900 @@ -1,3 +1,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 H=(tester) [127.0.0.1] F= rejected RCPT : relay not permitted +1999-03-02 09:44:33 rejected from H=(tester) [127.0.0.1]: Non-CRLF-terminated header, under CHUNKING: message abandoned +Envelope-from: +Envelope-to: + To: Susan@random.com diff --git a/test/rejectlog/0901 b/test/rejectlog/0901 new file mode 100644 index 000000000..a7f8f0692 --- /dev/null +++ b/test/rejectlog/0901 @@ -0,0 +1,8 @@ + +******** SERVER ******** +1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n" +Envelope-from: +Envelope-to: +1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com") +Envelope-from: +Envelope-to: diff --git a/test/rejectlog/2200 b/test/rejectlog/2200 new file mode 100644 index 000000000..10311926d --- /dev/null +++ b/test/rejectlog/2200 @@ -0,0 +1 @@ +1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT : failed to expand ACL string "${lookup dnsdb{defer_strict,a=$domain}}": lookup of "defer_strict,a=test.again.dns" gave DEFER: diff --git a/test/rejectlog/4011 b/test/rejectlog/4011 new file mode 100644 index 000000000..adeded6fb --- /dev/null +++ b/test/rejectlog/4011 @@ -0,0 +1,24 @@ +1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F= rejected after DATA +Envelope-from: +Envelope-to: +P Received: from CALLER (helo=test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 + Date: Tue, 2 Mar 1999 09:44:33 +0000 + Subject: message should be rejected +I Message-Id: +F From: CALLER_NAME +1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F= temporarily rejected after DATA +Envelope-from: +Envelope-to: +P Received: from CALLER (helo=test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 + Date: Tue, 2 Mar 1999 09:44:33 +0000 + Subject: message should be deferred due to timeout +I Message-Id: +F From: CALLER_NAME diff --git a/test/rejectlog/4204 b/test/rejectlog/4204 index 555b43e40..b9df3d146 100644 --- a/test/rejectlog/4204 +++ b/test/rejectlog/4204 @@ -1,5 +1,5 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] F=<> rejected RCPT : relay not permitted diff --git a/test/rejectlog/4206 b/test/rejectlog/4206 index e2430e4b8..b1ff2c6d9 100644 --- a/test/rejectlog/4206 +++ b/test/rejectlog/4206 @@ -1,6 +1,6 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/rejectlog/4214 b/test/rejectlog/4214 index bf6cb2398..b7613eb45 100644 --- a/test/rejectlog/4214 +++ b/test/rejectlog/4214 @@ -1,5 +1,5 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no F=<> rejected RCPT : relay not permitted diff --git a/test/rejectlog/4216 b/test/rejectlog/4216 index e8d8f00f5..b100cfaca 100644 --- a/test/rejectlog/4216 +++ b/test/rejectlog/4216 @@ -1,6 +1,6 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/rejectlog/4224 b/test/rejectlog/4224 index e36be9236..05de432a4 100644 --- a/test/rejectlog/4224 +++ b/test/rejectlog/4224 @@ -1,5 +1,5 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 ******** SERVER ******** 1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no F=<> rejected RCPT : relay not permitted diff --git a/test/rejectlog/4226 b/test/rejectlog/4226 index dd75f12fb..6030c623d 100644 --- a/test/rejectlog/4226 +++ b/test/rejectlog/4226 @@ -1,6 +1,6 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8 +1999-03-02 09:44:33 U=CALLER sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8 1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed ******** SERVER ******** diff --git a/test/rejectlog/5401 b/test/rejectlog/5401 index abcc5c6a6..efe5d0519 100644 --- a/test/rejectlog/5401 +++ b/test/rejectlog/5401 @@ -1,2 +1,2 @@ -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 No mate -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Not that one +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 No mate +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Not that one diff --git a/test/rejectlog/5405 b/test/rejectlog/5405 index 7df2e1018..a822a1000 100644 --- a/test/rejectlog/5405 +++ b/test/rejectlog/5405 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT -1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 450 not right now +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 450 not right now diff --git a/test/runtest b/test/runtest index 3016e5df6..ec385f294 100755 --- a/test/runtest +++ b/test/runtest @@ -16,9 +16,9 @@ ############################################################################### #use strict; -use 5.010; -use feature 'state'; # included in 5.010 +use v5.10.1; use warnings; +use if $^V >= v5.19.11, experimental => 'smartmatch'; use Errno; use FileHandle; @@ -26,12 +26,19 @@ use Socket; use Time::Local; use Cwd; use File::Basename; +use Pod::Usage; +use Getopt::Long; use FindBin qw'$RealBin'; use lib "$RealBin/lib"; use Exim::Runtest; +use Exim::Utils qw(uniq numerically); -use if $ENV{DEBUG} && $ENV{DEBUG} =~ /\bruntest\b/ => ('Smart::Comments' => '####'); +use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Smart::Comments' => '####'; +use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Data::Dumper'; + +use constant TEST_TOP => 8999; +use constant TEST_SPECIAL_TOP => 9999; # Start by initializing some global variables @@ -61,17 +68,14 @@ my $more = 'less -XF'; my $optargs = ''; my $save_output = 0; my $server_opts = ''; +my $slow = 0; my $valgrind = 0; my $have_ipv4 = 1; my $have_ipv6 = 1; my $have_largefiles = 0; -my $test_start = 1; -my $test_end = $test_top = 8999; -my $test_special_top = 9999; my @test_list = (); -my @test_dirs = (); # Networks to use for DNS tests. We need to choose some networks that will @@ -800,7 +804,10 @@ RESET_AFTER_EXTRA_LINE_READ: # numbers, or handle specific bad conditions in different ways, leading to # different wording in the error messages, so we cannot compare them. - s/(TLS error on connection (?:from .* )?\(SSL_\w+\): error:)(.*)/$1 <>/; +#XXX This loses any trailing "deliving unencypted to" which is unfortunate +# but I can't work out how to deal with that. + s/(TLS session: \(SSL_\w+\): error:)(.*)(?!: delivering)/$1 <>/; + s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <>/; next if /SSL verify error: depth=0 error=certificate not trusted/; # ======== Maildir things ======== @@ -968,7 +975,7 @@ RESET_AFTER_EXTRA_LINE_READ: } next if /^tls_validate_require_cipher child \d+ ended: status=0x0/; - # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: + # We invoke Exim with -D, so we hit this new message as of Exim 4.73: next if /^macros_trusted overridden to true by whitelisting/; # We have to omit the localhost ::1 address so that all is well in @@ -1081,6 +1088,10 @@ RESET_AFTER_EXTRA_LINE_READ: # Not all platforms build with DKIM enabled next if /^PDKIM >> Body data for hash, canonicalized/; + # Parts of DKIM-specific debug output depend on the time/date + next if /^date:\w+,\{SP\}/; + next if /^PDKIM \[[^[]+\] (Header hash|b) computed:/; + # Not all platforms support TCP Fast Open, and the compile omits the check if (s/\S+ in hosts_try_fastopen\? no \(option unset\)\n$//) { @@ -1145,13 +1156,6 @@ RESET_AFTER_EXTRA_LINE_READ: next if / Berkeley DB error: /; } - elsif ($is_mail) - { - # Experimental_DSN info in bounces - next if /^Remote-MTA: /; - next if /^X-Exim-Diagnostic: /; - } - # ======== All files other than stderr ======== print MUNGED; @@ -1277,8 +1281,8 @@ if (! -e $sf_current) log_failure($log_failed_filename, $testno, $rf); log_test($log_summary_filename, $testno, 'F') if ($force_continue); } - return 1 if /^c$/i; - last if (/^s$/); + return 1 if /^c$/i && $rf !~ /paniclog/ && $rsf !~ /paniclog/; + last if (/^[sc]$/); } foreach $f ($rf, $rsf) @@ -1518,7 +1522,7 @@ $munges = )($|[ ]=)/x' }, 'sys_bindir' => - { 'mainlog' => 's%/(usr/)?bin/%SYSBINDIR/%' }, + { 'mainlog' => 's%/(usr/(local/)?)?bin/%SYSBINDIR/%' }, 'sync_check_data' => { 'mainlog' => 's/^(.* SMTP protocol synchronization error .* next input=.{8}).*$/$1/', @@ -1792,7 +1796,7 @@ system("$cmd"); # The