diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-22 19:16:19 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-01-12 18:58:33 +0000 |
| commit | 01a4a5c5cbaa40ca618d3e233991ce183b551477 (patch) | |
| tree | bbef9f6e942157f611d0db4d70dbbeabca9e0337 /test/confs/2112 | |
| parent | ad07e9add2a9959a2cc07c996452fcfc10ccab9f (diff) | |
| download | exim4-01a4a5c5cbaa40ca618d3e233991ce183b551477.tar.gz | |
Move certificate name checking to mainline, default enabled
This is an exim client checking a server certificate.
Diffstat (limited to 'test/confs/2112')
| -rw-r--r-- | test/confs/2112 | 56 |
1 files changed, 30 insertions, 26 deletions
diff --git a/test/confs/2112 b/test/confs/2112 index 4751e6015..2c81e0cf3 100644 --- a/test/confs/2112 +++ b/test/confs/2112 @@ -104,6 +104,7 @@ send_to_server_failcert: tls_privatekey = CERT2 tls_verify_certificates = CA2 + tls_verify_cert_hostnames = # this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok send_to_server_retry: @@ -117,6 +118,7 @@ send_to_server_retry: tls_verify_certificates = \ ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}} + tls_verify_cert_hostnames = # this will fail to verify the cert but continue unverified though crypted send_to_server_crypt: @@ -130,6 +132,7 @@ send_to_server_crypt: tls_verify_certificates = CA2 tls_try_verify_hosts = * + tls_verify_cert_hostnames = # this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted send_to_server_req_fail: @@ -142,31 +145,32 @@ send_to_server_req_fail: tls_verify_certificates = CA2 tls_verify_hosts = * - -# # this will fail to verify the cert name and fallback to unencrypted -# send_to_server_req_failname: -# driver = smtp -# allow_localhost -# hosts = HOSTIPV4 -# port = PORT_D -# tls_certificate = CERT2 -# tls_privatekey = CERT2 -# -# tls_verify_certificates = CA1 -# tls_verify_cert_hostnames = server1.example.net : server1.example.org -# tls_verify_hosts = * -# -# # this will pass the cert verify including name check -# send_to_server_req_passname: -# driver = smtp -# allow_localhost -# hosts = HOSTIPV4 -# port = PORT_D -# tls_certificate = CERT2 -# tls_privatekey = CERT2 -# -# tls_verify_certificates = CA1 -# tls_verify_cert_hostnames = noway.example.com : server1.example.com -# tls_verify_hosts = * + tls_verify_cert_hostnames = + + # this will fail to verify the cert name and fallback to unencrypted + send_to_server_req_failname: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = server1.example.net : server1.example.org + tls_verify_hosts = * + + # this will pass the cert verify including name check + send_to_server_req_passname: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_certificate = CERT2 + tls_privatekey = CERT2 + + tls_verify_certificates = CA1 + tls_verify_cert_hostnames = noway.example.com : server1.example.com + tls_verify_hosts = * # End |