[exim-cvs] Testsuite: separate cases for TLS resumption with…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Testsuite: separate cases for TLS resumption with/out OCSP
Gitweb: https://git.exim.org/exim.git/commitdiff/3f0f8e6c10e1beb36d335c02692466c8911e4942
Commit:     3f0f8e6c10e1beb36d335c02692466c8911e4942
Parent:     b690a53ed619f5adfa532bf8cc9ab13c1c806b3c
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Aug 2 23:56:58 2020 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Aug 2 23:56:58 2020 +0100


    Testsuite: separate cases for TLS resumption with/out OCSP
---
 test/confs/5890                                    |   3 -
 test/confs/5891                                    |   4 +-
 test/confs/{5891 => 5892}                          |   5 +-
 test/confs/{5891 => 5893}                          |   2 +-
 test/log/5890                                      |  36 +----
 test/log/5891                                      | 175 ++++++++++-----------
 test/log/{5891 => 5892}                            |  32 ----
 test/log/{5891 => 5893}                            |   0
 .../5891 => 5891-Resume-GnuTLS-OCSP/5890}          |  11 +-
 .../REQUIRES                                       |   3 +-
 .../5891 => 5892-Resume-OpenSSL/5892}              |   0
 .../REQUIRES                                       |   0
 .../5891 => 5893-Resume-OpenSSL-OCSP/5893}         |   2 +-
 .../REQUIRES                                       |   1 +
 test/stderr/5892                                   |   6 +
 test/stderr/5893                                   |   6 +
 test/stdout/5892                                   |   6 +
 test/stdout/5893                                   |   6 +
 18 files changed, 129 insertions(+), 169 deletions(-)


diff --git a/test/confs/5890 b/test/confs/5890
index 5b154e5..0c812fd 100644
--- a/test/confs/5890
+++ b/test/confs/5890
@@ -23,7 +23,6 @@ CDIR=DIR/aux-fixed/exim-ca/example.com

tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key
-tls_ocsp_file = CDIR/server1.example.com/server1.example.com.ocsp.good.resp

 tls_require_ciphers = OPTION
 tls_resumption_hosts = 127.0.0.1
@@ -40,7 +39,6 @@ check_helo:
       logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
       logwrite =    peer cert verified\t${tls_in_certificate_verified}
       logwrite =    peer dn\t${tls_in_peerdn}
-      logwrite =    ocsp\t${tls_in_ocsp}
       logwrite =    cipher\t${tls_in_cipher}
       logwrite =    bits\t${tls_in_bits}
   accept
@@ -57,7 +55,6 @@ log_resumption:
       logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
       logwrite =    peer cert verified\t${tls_out_certificate_verified}
       logwrite =    peer dn\t${tls_out_peerdn}
-      logwrite =    ocsp\t${tls_out_ocsp}
       logwrite =    cipher\t${tls_out_cipher}
       logwrite =    bits\t${tls_out_bits}


diff --git a/test/confs/5891 b/test/confs/5891
index e0f8243..89ee8fd 100644
--- a/test/confs/5891
+++ b/test/confs/5891
@@ -1,7 +1,7 @@
# Exim test configuration 5891

SERVER =
-OPTION =
+OPTION = NORMAL

.include DIR/aux-var/tls_conf_prefix

@@ -15,7 +15,6 @@ acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
log_selector = +received_recipients +tls_resumption +tls_peerdn

-openssl_options = +no_sslv2 +no_sslv3 +single_dh_use OPTION
tls_advertise_hosts = *

# Set certificate only if server
@@ -26,6 +25,7 @@ tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key
tls_ocsp_file = CDIR/server1.example.com/server1.example.com.ocsp.good.resp

+tls_require_ciphers = OPTION
tls_resumption_hosts = 127.0.0.1


diff --git a/test/confs/5891 b/test/confs/5892
similarity index 93%
copy from test/confs/5891
copy to test/confs/5892
index e0f8243..4e6883f 100644
--- a/test/confs/5891
+++ b/test/confs/5892
@@ -1,4 +1,4 @@
-# Exim test configuration 5891
+# Exim test configuration 5892

SERVER =
OPTION =
@@ -24,7 +24,6 @@ CDIR=DIR/aux-fixed/exim-ca/example.com

tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key
-tls_ocsp_file = CDIR/server1.example.com/server1.example.com.ocsp.good.resp

tls_resumption_hosts = 127.0.0.1

@@ -40,7 +39,6 @@ check_helo:
       logwrite =    peer cert subject\t${certextract {subject}{$tls_in_peercert}}
       logwrite =    peer cert verified\t${tls_in_certificate_verified}
       logwrite =    peer dn\t${tls_in_peerdn}
-      logwrite =    ocsp\t${tls_in_ocsp}
       logwrite =    cipher\t${tls_in_cipher}
       logwrite =    bits\t${tls_in_bits}
   accept
@@ -57,7 +55,6 @@ log_resumption:
       logwrite =    peer cert subject\t${certextract {subject}{$tls_out_peercert}}
       logwrite =    peer cert verified\t${tls_out_certificate_verified}
       logwrite =    peer dn\t${tls_out_peerdn}
-      logwrite =    ocsp\t${tls_out_ocsp}
       logwrite =    cipher\t${tls_out_cipher}
       logwrite =    bits\t${tls_out_bits}


diff --git a/test/confs/5891 b/test/confs/5893
similarity index 98%
copy from test/confs/5891
copy to test/confs/5893
index e0f8243..74b61b7 100644
--- a/test/confs/5891
+++ b/test/confs/5893
@@ -1,4 +1,4 @@
-# Exim test configuration 5891
+# Exim test configuration 5893

 SERVER =
 OPTION =
diff --git a/test/log/5890 b/test/log/5890
index 5ffb9cc..6d6a6a8 100644
--- a/test/log/5890
+++ b/test/log/5890
@@ -4,7 +4,6 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
@@ -15,7 +14,6 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
@@ -23,7 +21,6 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
@@ -36,7 +33,6 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
@@ -47,7 +43,6 @@
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00"
@@ -58,7 +53,6 @@
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-0005vi-00"
@@ -69,7 +63,6 @@
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-0005vi-00"
@@ -80,7 +73,6 @@
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-0005vi-00"
@@ -91,7 +83,6 @@
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
@@ -102,7 +93,6 @@
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbO-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
@@ -113,7 +103,6 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
@@ -121,7 +110,6 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
@@ -134,18 +122,16 @@
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbT-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
-1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbV-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbW-0005vi-00"
@@ -156,7 +142,6 @@
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-0005vi-00"
@@ -167,7 +152,6 @@
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn    CN=server1.example.com
-1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"
@@ -180,7 +164,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@??? for getticket@???
@@ -191,7 +174,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@??? for resume@??? xyz@???
@@ -203,7 +185,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@??? for abcd@???
@@ -214,7 +195,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@??? for renewal@???
@@ -225,7 +205,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@??? for postrenewal@???
@@ -236,7 +215,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@??? for timeout@???
@@ -247,7 +225,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@??? for notreq@???
@@ -258,7 +235,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@??? for noverify_getticket@???
@@ -269,7 +245,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@??? for noverify_resume@???
@@ -281,7 +256,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@??? for getticket@???
@@ -292,7 +266,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@??? for resume@??? xyz@???
@@ -304,7 +277,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@??? for abcd@???
@@ -315,18 +287,16 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@??? for renewal@???
 1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <renewal@???> R=server
 1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption    session resumed
 1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@??? for postrenewal@???
@@ -337,7 +307,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbX-0005vi-00@??? for timeout@???
@@ -348,7 +317,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@??? for notreq@???
diff --git a/test/log/5891 b/test/log/5891
index 6b04057..5ffb9cc 100644
--- a/test/log/5891
+++ b/test/log/5891
@@ -3,175 +3,174 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for resume@??? abcd@??? xyz@???
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmaZ-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
 1999-03-02 09:44:33 10HmbC-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbC-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
 1999-03-02 09:44:33 10HmbE-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbE-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00"
 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client requested new ticket, server provided
+1999-03-02 09:44:33 10HmbG-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
 1999-03-02 09:44:33 10HmbG-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbH-0005vi-00"
 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
-1999-03-02 09:44:33 10HmbI-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbI-0005vi-00 tls_out_resumption no client request
 1999-03-02 09:44:33 10HmbI-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbJ-0005vi-00"
 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for noverify_getticket@???
-1999-03-02 09:44:33 10HmbK-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="127.0.0.1"
 1999-03-02 09:44:33 10HmbK-0005vi-00 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbK-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified    0
-1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="CN=server1.example.com" C="250 OK id=10HmbL-0005vi-00"
 1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for noverify_resume@???
 1999-03-02 09:44:33 10HmbM-0005vi-00 tls_out_resumption session resumed
 1999-03-02 09:44:33 10HmbM-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified    0
-1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no DN="CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for getticket@???
 1999-03-02 09:44:33 10HmbO-0005vi-00 tls_out_resumption client requested new ticket, server provided
 1999-03-02 09:44:33 10HmbO-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbO-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbQ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for resume@??? abcd@??? xyz@???
-1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
 1999-03-02 09:44:33 10HmbQ-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
-1999-03-02 09:44:33 10HmbQ-0005vi-00 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
-1999-03-02 09:44:33 10HmbQ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbS-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 -> xyz@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbS-0005vi-00"
 1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for renewal@???
 1999-03-02 09:44:33 10HmbT-0005vi-00 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbT-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbT-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
 1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbV-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for postrenewal@???
-1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed
+1999-03-02 09:44:33 10HmbV-0005vi-00 tls_out_resumption session resumed, also new ticket
 1999-03-02 09:44:33 10HmbV-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp    4
-1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbV-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbW-0005vi-00"
+1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbW-0005vi-00"
 1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for timeout@???
-1999-03-02 09:44:33 10HmbX-0005vi-00 tls_out_resumption session resumed, also new ticket
+1999-03-02 09:44:33 10HmbX-0005vi-00 tls_out_resumption client offered session, server only provided new ticket
 1999-03-02 09:44:33 10HmbX-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbX-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbY-0005vi-00"
+1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbY-0005vi-00"
 1999-03-02 09:44:33 10HmbX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmbZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for notreq@???
-1999-03-02 09:44:33 10HmbZ-0005vi-00 tls_out_resumption not requested or offered
+1999-03-02 09:44:33 10HmbZ-0005vi-00 tls_out_resumption no client request
 1999-03-02 09:44:33 10HmbZ-0005vi-00 our cert subject    
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified    1
-1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn    /CN=server1.example.com
+1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbZ-0005vi-00 bits    256
-1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"
+1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"
 1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed


 ******** SERVER ********
@@ -188,14 +187,14 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <getticket@???> R=server
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption    session resumed
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@??? for resume@??? xyz@???
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@??? for resume@??? xyz@???
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <xyz@???> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <resume@???> R=server
 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
@@ -210,29 +209,29 @@
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@??? for abcd@???
 1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <abcd@???> R=server
 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 tls_in_resumption    session resumed
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@??? for renewal@???
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@??? for renewal@???
 1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: <renewal@???> R=server
 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 tls_in_resumption    session resumed
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@??? for postrenewal@???
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@??? for postrenewal@???
 1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <postrenewal@???> R=server
 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    client requested new ticket, server provided
+1999-03-02 09:44:33 tls_in_resumption    client offered session, server only provided new ticket
 1999-03-02 09:44:33 our cert subject    CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
@@ -243,7 +242,7 @@
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@??? for timeout@???
 1999-03-02 09:44:33 10HmbH-0005vi-00 => :blackhole: <timeout@???> R=server
 1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    no client request
+1999-03-02 09:44:33 tls_in_resumption    client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject    CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
@@ -266,14 +265,14 @@
 1999-03-02 09:44:33 10HmbL-0005vi-00 => :blackhole: <noverify_getticket@???> R=server
 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption    session resumed
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke--AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@??? for noverify_resume@???
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke--AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@??? for noverify_resume@???
 1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <noverify_resume@???> R=server
 1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
@@ -282,21 +281,21 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
+1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@??? for getticket@???
 1999-03-02 09:44:33 10HmbP-0005vi-00 => :blackhole: <getticket@???> R=server
 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@??? for resume@??? xyz@???
+1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@??? for resume@??? xyz@???
 1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <xyz@???> R=server
 1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <resume@???> R=server
 1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
@@ -305,43 +304,43 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
+1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@??? for abcd@???
 1999-03-02 09:44:33 10HmbS-0005vi-00 => :blackhole: <abcd@???> R=server
 1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@??? for renewal@???
+1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@??? for renewal@???
 1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <renewal@???> R=server
 1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed
-1999-03-02 09:44:33 our cert subject    CN=server1.example.com
+1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
+1999-03-02 09:44:33 our cert subject    
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
-1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
+1999-03-02 09:44:33 ocsp    1
+1999-03-02 09:44:33 cipher    TLS1.x:ke-PSK-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@??? for postrenewal@???
+1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-PSK-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@??? for postrenewal@???
 1999-03-02 09:44:33 10HmbW-0005vi-00 => :blackhole: <postrenewal@???> R=server
 1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
-1999-03-02 09:44:33 tls_in_resumption    session resumed, also new ticket
+1999-03-02 09:44:33 tls_in_resumption    client requested new ticket, server provided
 1999-03-02 09:44:33 our cert subject    CN=server1.example.com
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
+1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
-1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbX-0005vi-00@??? for timeout@???
+1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbX-0005vi-00@??? for timeout@???
 1999-03-02 09:44:33 10HmbY-0005vi-00 => :blackhole: <timeout@???> R=server
 1999-03-02 09:44:33 10HmbY-0005vi-00 Completed
 1999-03-02 09:44:33 tls_in_resumption    client requested new ticket, server provided
@@ -349,7 +348,7 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
+1999-03-02 09:44:33 ocsp    1
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@??? for notreq@???
diff --git a/test/log/5891 b/test/log/5892
similarity index 95%
copy from test/log/5891
copy to test/log/5892
index 6b04057..61450a7 100644
--- a/test/log/5891
+++ b/test/log/5892
@@ -4,7 +4,6 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaX-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmaX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaX-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
@@ -15,7 +14,6 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 tls_out_resumption not requested or offered
@@ -23,7 +21,6 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmaZ-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmaZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmaZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmaZ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
@@ -36,7 +33,6 @@
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbC-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbC-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbC-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbC-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbC-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
@@ -47,7 +43,6 @@
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbE-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbE-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbE-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbE-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbE-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbF-0005vi-00"
@@ -58,7 +53,6 @@
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbG-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbG-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbG-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbG-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbG-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbH-0005vi-00"
@@ -69,7 +63,6 @@
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbI-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbI-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbI-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbI-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbI-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbJ-0005vi-00"
@@ -81,7 +74,6 @@
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbK-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbK-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbK-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbK-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbK-0005vi-00 => noverify_getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbL-0005vi-00"
@@ -92,7 +84,6 @@
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer cert verified    0
 1999-03-02 09:44:33 10HmbM-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbM-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbM-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbM-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbM-0005vi-00 => noverify_resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbN-0005vi-00"
@@ -103,7 +94,6 @@
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbO-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbO-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbO-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbO-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbO-0005vi-00 => getticket@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbP-0005vi-00"
@@ -114,7 +104,6 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 tls_out_resumption not requested or offered
@@ -122,7 +111,6 @@
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbQ-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbQ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbQ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbQ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbQ-0005vi-00 => resume@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbR-0005vi-00"
@@ -135,7 +123,6 @@
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbT-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbT-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbT-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbT-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbT-0005vi-00 => renewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbU-0005vi-00"
@@ -146,7 +133,6 @@
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbV-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbV-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbV-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbV-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbV-0005vi-00 => postrenewal@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbW-0005vi-00"
@@ -157,7 +143,6 @@
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbX-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbX-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbX-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbX-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbX-0005vi-00 => timeout@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbY-0005vi-00"
@@ -168,7 +153,6 @@
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert subject    CN=server1.example.com
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer cert verified    1
 1999-03-02 09:44:33 10HmbZ-0005vi-00 peer dn    /CN=server1.example.com
-1999-03-02 09:44:33 10HmbZ-0005vi-00 ocsp    4
 1999-03-02 09:44:33 10HmbZ-0005vi-00 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 10HmbZ-0005vi-00 bits    256
 1999-03-02 09:44:33 10HmbZ-0005vi-00 => notreq@??? R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmcA-0005vi-00"
@@ -181,7 +165,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@??? for getticket@???
@@ -192,7 +175,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmaZ-0005vi-00@??? for resume@??? xyz@???
@@ -204,7 +186,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@??? for abcd@???
@@ -215,7 +196,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbC-0005vi-00@??? for renewal@???
@@ -226,7 +206,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbE-0005vi-00@??? for postrenewal@???
@@ -237,7 +216,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbG-0005vi-00@??? for timeout@???
@@ -248,7 +226,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbI-0005vi-00@??? for notreq@???
@@ -259,7 +236,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbK-0005vi-00@??? for noverify_getticket@???
@@ -270,7 +246,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbM-0005vi-00@??? for noverify_resume@???
@@ -282,7 +257,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbO-0005vi-00@??? for getticket@???
@@ -293,7 +267,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbR-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbQ-0005vi-00@??? for resume@??? xyz@???
@@ -305,7 +278,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbQ-0005vi-00@??? for abcd@???
@@ -316,7 +288,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbU-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbT-0005vi-00@??? for renewal@???
@@ -327,7 +298,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbV-0005vi-00@??? for postrenewal@???
@@ -338,7 +308,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    0
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmbY-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx* CV=no S=sss id=E10HmbX-0005vi-00@??? for timeout@???
@@ -349,7 +318,6 @@
 1999-03-02 09:44:33 peer cert subject    
 1999-03-02 09:44:33 peer cert verified    0
 1999-03-02 09:44:33 peer dn    
-1999-03-02 09:44:33 ocsp    4
 1999-03-02 09:44:33 cipher    TLS1.x:ke-RSA-AES256-SHAnnn:xxx
 1999-03-02 09:44:33 bits    256
 1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@??? H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@??? for notreq@???
diff --git a/test/log/5891 b/test/log/5893
similarity index 100%
copy from test/log/5891
copy to test/log/5893
diff --git a/test/scripts/5891-Resume-OpenSSL/5891 b/test/scripts/5891-Resume-GnuTLS-OCSP/5890
similarity index 82%
copy from test/scripts/5891-Resume-OpenSSL/5891
copy to test/scripts/5891-Resume-GnuTLS-OCSP/5890
index 6c04424..449b0eb 100644
--- a/test/scripts/5891-Resume-OpenSSL/5891
+++ b/test/scripts/5891-Resume-GnuTLS-OCSP/5890
@@ -1,7 +1,12 @@
-# TLS session resumption
+# TLS session resumption with OCSP
+gnutls
+#
+# For keying info:
+# (requires SSLKEYLOGFILE added to /etc/sudoers)
+# SSLKEYLOGFILE=/home/jgh/git/exim/test/foo sudo exim -DSERVER=server -bd -oX PORT_D
 #
 ### TLS1.2
-exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL:!VERS-TLS1.3 -bd -oX PORT_D
 ****
 exim -DVALUE=resume -odf getticket@???
 Test message. Contains FF: ?
@@ -37,7 +42,7 @@ sudo rm -f DIR/spool/db/tls
 #
 #
 ### TLS1.3
-exim -DSERVER=server -bd -oX PORT_D
+exim -DSERVER=server -DOPTION=NORMAL -bd -oX PORT_D
 ****
 exim -DVALUE=resume -odf getticket@???
 Test message. Contains FF: ?
diff --git a/test/scripts/5891-Resume-OpenSSL/REQUIRES b/test/scripts/5891-Resume-GnuTLS-OCSP/REQUIRES
similarity index 53%
copy from test/scripts/5891-Resume-OpenSSL/REQUIRES
copy to test/scripts/5891-Resume-GnuTLS-OCSP/REQUIRES
index 8e3a29f..ea7e895 100644
--- a/test/scripts/5891-Resume-OpenSSL/REQUIRES
+++ b/test/scripts/5891-Resume-GnuTLS-OCSP/REQUIRES
@@ -1,3 +1,4 @@
-support OpenSSL
+support GnuTLS
 running IPv4
 support TLS_resume
+support OCSP
diff --git a/test/scripts/5891-Resume-OpenSSL/5891 b/test/scripts/5892-Resume-OpenSSL/5892
similarity index 100%
copy from test/scripts/5891-Resume-OpenSSL/5891
copy to test/scripts/5892-Resume-OpenSSL/5892
diff --git a/test/scripts/5891-Resume-OpenSSL/REQUIRES b/test/scripts/5892-Resume-OpenSSL/REQUIRES
similarity index 100%
copy from test/scripts/5891-Resume-OpenSSL/REQUIRES
copy to test/scripts/5892-Resume-OpenSSL/REQUIRES
diff --git a/test/scripts/5891-Resume-OpenSSL/5891 b/test/scripts/5893-Resume-OpenSSL-OCSP/5893
similarity index 97%
rename from test/scripts/5891-Resume-OpenSSL/5891
rename to test/scripts/5893-Resume-OpenSSL-OCSP/5893
index 6c04424..18bce1f 100644
--- a/test/scripts/5891-Resume-OpenSSL/5891
+++ b/test/scripts/5893-Resume-OpenSSL-OCSP/5893
@@ -1,4 +1,4 @@
-# TLS session resumption
+# TLS session resumption with OCSP
 #
 ### TLS1.2
 exim -DSERVER=server -DOPTION=+no_tlsv1_3 -bd -oX PORT_D
diff --git a/test/scripts/5891-Resume-OpenSSL/REQUIRES b/test/scripts/5893-Resume-OpenSSL-OCSP/REQUIRES
similarity index 78%
rename from test/scripts/5891-Resume-OpenSSL/REQUIRES
rename to test/scripts/5893-Resume-OpenSSL-OCSP/REQUIRES
index 8e3a29f..136ac8c 100644
--- a/test/scripts/5891-Resume-OpenSSL/REQUIRES
+++ b/test/scripts/5893-Resume-OpenSSL-OCSP/REQUIRES
@@ -1,3 +1,4 @@
 support OpenSSL
 running IPv4
 support TLS_resume
+support OCSP
diff --git a/test/stderr/5892 b/test/stderr/5892
new file mode 100644
index 0000000..6b5c434
--- /dev/null
+++ b/test/stderr/5892
@@ -0,0 +1,6 @@
+### TLS1.2
+### TLS1.3
+
+******** SERVER ********
+### TLS1.2
+### TLS1.3
diff --git a/test/stderr/5893 b/test/stderr/5893
new file mode 100644
index 0000000..6b5c434
--- /dev/null
+++ b/test/stderr/5893
@@ -0,0 +1,6 @@
+### TLS1.2
+### TLS1.3
+
+******** SERVER ********
+### TLS1.2
+### TLS1.3
diff --git a/test/stdout/5892 b/test/stdout/5892
new file mode 100644
index 0000000..6b5c434
--- /dev/null
+++ b/test/stdout/5892
@@ -0,0 +1,6 @@
+### TLS1.2
+### TLS1.3
+
+******** SERVER ********
+### TLS1.2
+### TLS1.3
diff --git a/test/stdout/5893 b/test/stdout/5893
new file mode 100644
index 0000000..6b5c434
--- /dev/null
+++ b/test/stdout/5893
@@ -0,0 +1,6 @@
+### TLS1.2
+### TLS1.3
+
+******** SERVER ********
+### TLS1.2
+### TLS1.3