TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug...

[users/heiko/exim.git] / test / scripts / 2100-OpenSSL / 2112

diff --git a/test/scripts/2100-OpenSSL/2112 b/test/scripts/2100-OpenSSL/2112
index 1a39b4ecf4a9335960f841b214678d6b28512c32..e2cc9e0730e4f993f409f83d43abd00f6b130d2e 100644 (file)
--- a/test/scripts/2100-OpenSSL/2112
+++ b/test/scripts/2100-OpenSSL/2112
@@ -1,9 +1,52 @@
 # TLS client: verify certificate from server - fails
-exim -DSERVER=server -d+all -bd -oX PORT_D
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt requirement'
 ****
 exim userx@test.ex
 Testing
 ****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 so fail the crypt, then retry on 127.1; ok'
+****
+exim usery@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert but continue unverified though crypted'
+****
+exim userz@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert at HOSTIPV4 and fallback to unencrypted'
+****
+exim userq@test.ex
+****
+#
+#
+exim -z 'this will fail to verify the cert name and fallback to unencrypted'
+****
+exim userr@test.ex
+****
+#
+#
+exim -z 'this will pass the cert verify including name check'
+****
+exim user_s@test.ex
+****
+#
+#
+exim usert@test.ex
+****
+#
+exim useru@test.ex
+****
+#
+#
 exim -qf
 ****
 killdaemon