blob: 290db16f805000e3f379fd6ef0d0142c393fece3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
# TLS server: general ops and certificate extractions
#
# NOTE: OpenSSL libraries return faulty my-cert information prior to OpenSSL 1.1.1
# when more than one cert is loaded, which the conf for this testcase does.
# As a result the expansion done and logged is misleading.
# While the golden log output is set to the misleading result, the testcase
# would unfortunately fail on the fixed OpenSSL versions. This has been bodged
# by the addition of log/2102.openssl_1_1_1 and some detection coding in
# runtest to force a "flavour". This is fragile and bound to break in the future.
#
# Make RSA authentication the only acceptable
exim -DSERVER=server -DORDER=RSA -bd -oX PORT_D
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
mail from:<a@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
mail from:<"name with spaces"@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
.
??? 250
quit
??? 221
****
# nonloop addr conn rejected lacking cert
client-ssl HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220 TLS go ahead
+++ 1
help
??? 554
****
client-ssl HOSTIPV4 PORT_D DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
mail from:<b@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message from a verified host.
.
??? 250
quit
??? 221
****
killdaemon
#
# make ECDSA authentication preferred
# DEFAULT:+RSA should work but does not seem to
# also, will fail under TLS1.3 because there is no choice of auth
# - so we disable that in the conf
exim -DSERVER=server -DORDER=ECDSA:RSA:!COMPLEMENTOFDEFAULT -bd -oX PORT_D
****
client-ssl 127.0.0.1 PORT_D
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
starttls
??? 220
ehlo rhu.barb
??? 250-
??? 250-
??? 250-
??? 250-
??? 250
mail from:<c@test.ex>
??? 250
rcpt to:<CALLER@test.ex>
??? 250
DATA
??? 3
This is a test encrypted message.
It should be sent under the EC server cert and with an ECDSA cipher.
.
??? 250
quit
??? 221
****
killdaemon
exim -qf
****
exim -bh 10.0.0.1
starttls
quit
****
|
