diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-11-22 22:32:59 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-11-23 00:06:42 +0000 |
| commit | 415c5379af11bf8777af1a082a336ad7c5369525 (patch) | |
| tree | 6e83a790e09a20e172276887d9060cba05d2dc8f /test/scripts | |
| parent | 6242a0bdfb6bacb2fc52e335ca550b62f2f39020 (diff) | |
| download | exim4-415c5379af11bf8777af1a082a336ad7c5369525.tar.gz | |
OpenSSL: OCSP under DANE
Diffstat (limited to 'test/scripts')
| -rw-r--r-- | test/scripts/5846-DANE-OpenSSL-OCSP/5847 | 78 | ||||
| -rw-r--r-- | test/scripts/5846-DANE-OpenSSL-OCSP/REQUIRES | 4 |
2 files changed, 82 insertions, 0 deletions
diff --git a/test/scripts/5846-DANE-OpenSSL-OCSP/5847 b/test/scripts/5846-DANE-OpenSSL-OCSP/5847 new file mode 100644 index 000000000..0916bd97a --- /dev/null +++ b/test/scripts/5846-DANE-OpenSSL-OCSP/5847 @@ -0,0 +1,78 @@ +# OCSP stapling under DANE, client +# +# +# ============================================ +# Group 1: TLSA (2 1 1) (DANE-TA SPKI SHA2-256) +# +# Client works when we request but don't require OCSP stapling and none comes +exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta -DRETURN="" +**** +exim -odf norequire@mxdane256tak.test.ex +**** +killdaemon +# +# +# +# +# Client works when we don't request OCSP stapling +exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim -odf norequest@mxdane256tak.test.ex +**** +# +# +# +# +# Client accepts good stapled info +exim -odf goodstaple@mxdane256tak.test.ex +**** +killdaemon +# +# +# +# Client fails on lack of required stapled info +exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta -DRETURN="" +**** +exim -odf nostaple_required@mxdane256tak.test.ex +**** +killdaemon +sudo rm -f spool/db/retry* spool/input/* +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim -odf revoked@mxdane256tak.test.ex +**** +killdaemon +sudo rm -f spool/db/retry* spool/input/* +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim -odf expired@mxdane256tak.test.ex +**** +killdaemon +sudo rm -f spool/db/retry* spool/input/* +# +# +# ============================================ +# Group 2: TLSA (2 1 1) (DANE-TA SPKI SHA2-256) but with LE-mode OCSP +# +exim -bd -oX PORT_D -DSERVER=server -DDETAILS=ta \ + -DRETURN=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.signernocert.good.resp +**** +# +# Client accepts good stapled info +exim -odf goodstaple_le@mxdane256tak.test.ex +**** +killdaemon +# +no_msglog_check diff --git a/test/scripts/5846-DANE-OpenSSL-OCSP/REQUIRES b/test/scripts/5846-DANE-OpenSSL-OCSP/REQUIRES new file mode 100644 index 000000000..fa226f8e2 --- /dev/null +++ b/test/scripts/5846-DANE-OpenSSL-OCSP/REQUIRES @@ -0,0 +1,4 @@ +support DANE +support OpenSSL +support OCSP +running IPv4 |