[exim-cvs] OpenSSL: Fix client-side tls_verify_cert

Autor: Exim Git Commits Mailing List
Datum:
To: exim-cvs
Betreff: [exim-cvs] OpenSSL: Fix client-side tls_verify_cert_hostnames behaviour

Gitweb: https://git.exim.org/exim.git/commitdiff/4cfb21b860882e76c3d3147b01708b347d0f9a0d

Commit:     4cfb21b860882e76c3d3147b01708b347d0f9a0d
Parent:     fdf263214d6536aba14944283ffc131597870a46
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Sep 26 15:35:58 2020 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Sep 26 15:52:44 2020 +0100

    OpenSSL: Fix client-side tls_verify_cert_hostnames behaviour
---
 doc/doc-txt/ChangeLog |  4 ++++
 src/src/tls-openssl.c | 15 ++++++++++-----
 test/confs/2113       |  7 +++----
 test/confs/2117       |  9 +++------
 test/confs/2125       |  9 +++------
 test/confs/2126       |  5 ++---
 test/confs/2127       |  6 +++---
 test/confs/2130       | 11 +++++------
 test/confs/2131       | 23 ++++++++---------------
 test/confs/2138       | 17 +++++++----------
 test/confs/2149       |  6 +++---
 test/confs/3461       |  9 +++------
 test/confs/3462       |  9 +++------
 test/confs/3465       |  9 ++++-----
 test/confs/4221       |  6 +++---
 test/confs/5410       |  5 +++--
 test/log/2100         |  7 +++++--
 test/log/2113         | 10 +++++-----
 test/log/2117         |  4 ++--
 test/log/2125         |  2 +-
 test/log/2126         |  2 +-
 test/log/2127         |  2 +-
 test/log/2130         |  2 +-
 test/log/2131         |  4 ++--
 test/log/2138         |  4 ++--
 test/log/2149         |  2 +-
 test/log/3461         |  6 +++---
 test/log/3462         |  2 +-
 test/log/3465         |  2 +-
 test/log/4221         |  2 +-
 test/log/4223         |  2 +-
 test/log/4224         |  4 ++--
 test/log/4225         |  2 +-
 test/log/4226         |  4 ++--
 test/stderr/2113      | 10 +++++-----
 test/stderr/5410      |  8 ++++----
 36 files changed, 109 insertions(+), 122 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 34ce96d..86584d3 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -121,6 +121,10 @@ PP/01 Fix default prime selection to be consistent.
       execution flows will use the same DH primes (currently
       exim.dev.20160529.3).

+JH/25 OpenSSL: Fix beck-compatibiility behaviour surrounding tls_certificates
+      option in smtp transport, to match the documentation.  Previously
+      verification was not being done in some cases where it should have been.
+

 Exim version 4.94
 -----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 5bc9f8f..6ce20f1 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2894,12 +2894,17 @@ tls_client_basic_ctx_init(SSL_CTX * ctx,
     uschar ** errstr)
 {
 int rc;
-/* stick to the old behaviour for compatibility if tls_verify_certificates is
-   set but both tls_verify_hosts and tls_try_verify_hosts is not set. Check only
-   the specified host patterns if one of them is defined */

-if (  (  !ob->tls_verify_hosts
-      && (!ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts)
+/* Back-compatible old behaviour if tls_verify_certificates is set but both
+tls_verify_hosts and tls_try_verify_hosts are not set. Check only the specified
+host patterns if one of them is set with content. */
+
+if (  (  (  !ob->tls_verify_hosts || !ob->tls_verify_hosts
+     || Ustrcmp(ob->tls_try_verify_hosts, ":") == 0
+     )
+      && (  !ob->tls_try_verify_hosts || !*ob->tls_try_verify_hosts
+     || Ustrcmp(ob->tls_try_verify_hosts, ":") == 0
+         )
       )
    || verify_check_given_host(CUSS &ob->tls_verify_hosts, host) == OK
    )
diff --git a/test/confs/2113 b/test/confs/2113
index e5fc539..fc2c722 100644
--- a/test/confs/2113
+++ b/test/confs/2113
@@ -20,10 +20,7 @@ smtp_accept_max_nonmail = 0

tls_advertise_hosts = *

-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

 # ----- Routers -----
@@ -70,5 +67,7 @@ send_to_server:
   hosts_try_fastopen =    :
   hosts_noproxy_tls = PEX
   tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :

# End
diff --git a/test/confs/2117 b/test/confs/2117
index f05eedb..16429f1 100644
--- a/test/confs/2117
+++ b/test/confs/2117
@@ -16,11 +16,7 @@ queue_only
queue_run_in_order

tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

# ----- Routers -----
@@ -55,7 +51,8 @@ send_to_server:
hosts = 127.0.0.1
port = PORT_D
hosts_try_fastopen = :
- tls_try_verify_hosts = :
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = :
hosts_nopass_tls = *

diff --git a/test/confs/2125 b/test/confs/2125
index 3591c86..91b5283 100644
--- a/test/confs/2125
+++ b/test/confs/2125
@@ -19,11 +19,7 @@ tls_advertise_hosts = *

 tls_require_ciphers = ${if eq{$sender_host_address}{HOSTIPV4}\
                       {AES256}{AES128}}
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

.ifdef _OPT_OPENSSL_NO_TLSV1_3_X
openssl_options = +no_tlsv1_3
@@ -52,7 +48,8 @@ send_to_server:
hosts_require_tls = HOSTIPV4
tls_require_ciphers = AES128-SHA
hosts_try_fastopen = :
- tls_try_verify_hosts = :
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = :

# ----- Retry -----
diff --git a/test/confs/2126 b/test/confs/2126
index cb44813..d98681b 100644
--- a/test/confs/2126
+++ b/test/confs/2126
@@ -13,8 +13,6 @@ log_selector = +tls_peerdn

tls_advertise_hosts = HOSTIPV4
tls_certificate = DIR/aux-fixed/cert1
-tls_privatekey = DIR/aux-fixed/cert1
-

# ----- ACLs -----

@@ -53,7 +51,8 @@ t1:
   port = PORT_D
   hosts_try_fastopen =    :
   allow_localhost
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

t2:
driver = appendfile
diff --git a/test/confs/2127 b/test/confs/2127
index 148eb7e..05dd10f 100644
--- a/test/confs/2127
+++ b/test/confs/2127
@@ -14,8 +14,7 @@ queue_only
queue_run_in_order

 tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
 tls_try_verify_hosts = 127.0.0.1
 tls_verify_hosts = HOSTIPV4
 tls_verify_certificates = DIR/aux-fixed/cert1
@@ -56,6 +55,7 @@ send_to_server:
   hosts = ${if eq{$local_part}{userx}{127.0.0.1}{HOSTIPV4}}
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

# End
diff --git a/test/confs/2130 b/test/confs/2130
index 4afded1..0559bba 100644
--- a/test/confs/2130
+++ b/test/confs/2130
@@ -16,10 +16,7 @@ log_selector = +tls_peerdn +tls_sni
remote_max_parallel = 1

tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

 # ------ ACL ------
@@ -55,7 +52,8 @@ send_to_server1:
   port = PORT_D
   hosts_try_fastopen =    :
   tls_sni = fred
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :

 send_to_server2:
   driver = smtp
@@ -63,7 +61,8 @@ send_to_server2:
   hosts = HOSTIPV4
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :

# ----- Retry -----
diff --git a/test/confs/2131 b/test/confs/2131
index 243fc09..e4d4ae5 100644
--- a/test/confs/2131
+++ b/test/confs/2131
@@ -17,22 +17,13 @@ remote_max_parallel = 1

tls_advertise_hosts = *

-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server} \
-    {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+tls_certificate = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
         {exim-ca/example.com/server1.example.com/server1.example.com.pem} \
-        {cert1} \
-            }\
-    }fail}
+        {cert1} }

-tls_privatekey = ${if eq {SERVER}{server} \
-    {DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
+tls_privatekey = DIR/aux-fixed/${if eq {$tls_in_sni}{bill} \
         {exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key} \
-        {cert1} \
-            }\
-    }fail}
-
+        {cert1} }

# ------ ACL ------

@@ -68,7 +59,8 @@ send_to_server1:
   hosts_try_fastopen =    :
   tls_sni = fred
   hosts_require_tls = *
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :

 send_to_server2:
   driver = smtp
@@ -78,7 +70,8 @@ send_to_server2:
   hosts_try_fastopen =    :
   tls_sni = bill
   hosts_require_tls = *
-  tls_try_verify_hosts = :
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
+  tls_verify_cert_hostnames = :

# ----- Retry -----
diff --git a/test/confs/2138 b/test/confs/2138
index aedeacf..c255373 100644
--- a/test/confs/2138
+++ b/test/confs/2138
@@ -19,11 +19,7 @@ remote_max_parallel = 1
smtp_accept_max_nonmail = 0

tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

# ----- Routers -----
@@ -55,12 +51,13 @@ local_delivery:
user = CALLER

 send_to_server:
-  driver =    smtp
+  driver =        smtp
   allow_localhost
-  port =    PORT_D
+  port =        PORT_D
   hosts_try_fastopen =    :
-  hosts_noproxy_tls = :
-  tls_try_verify_hosts = :
-  max_rcpt =    1
+  hosts_noproxy_tls =    :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :
+  max_rcpt =        1

# End
diff --git a/test/confs/2149 b/test/confs/2149
index 41e7148..9fa4fbf 100644
--- a/test/confs/2149
+++ b/test/confs/2149
@@ -14,8 +14,7 @@ queue_only
queue_run_in_order

tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
tls_dhparam = ${if eq {SERVER}{server}{DIR/aux-fixed/dh1}fail}

@@ -51,6 +50,7 @@ send_to_server:
   hosts = 127.0.0.1
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

# End
diff --git a/test/confs/3461 b/test/confs/3461
index f865057..159a553 100644
--- a/test/confs/3461
+++ b/test/confs/3461
@@ -19,11 +19,7 @@ queue_run_in_order
smtp_accept_max_nonmail = 0

tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate =DIR/aux-fixed/cert1

 # ----- Authenticators -----
@@ -73,6 +69,7 @@ send_to_server:
   hosts_try_fastopen =    :
   hosts_try_auth = *
   hosts_noproxy_tls = PEX
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

# End
diff --git a/test/confs/3462 b/test/confs/3462
index 6c3aaee..75385a0 100644
--- a/test/confs/3462
+++ b/test/confs/3462
@@ -16,11 +16,7 @@ queue_only
queue_run_in_order

tls_advertise_hosts = *
-
-# Set certificate only if server
-
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

 # ----- Authenticators -----
@@ -70,7 +66,8 @@ send_to_server:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_try_auth = *
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

# ----- Retry -----
diff --git a/test/confs/3465 b/test/confs/3465
index 0d97a3a..2ff6a51 100644
--- a/test/confs/3465
+++ b/test/confs/3465
@@ -18,8 +18,6 @@ queue_only = true

tls_advertise_hosts = *
tls_certificate = DIR/aux-fixed/cert1
-tls_privatekey = DIR/aux-fixed/cert1
-

# ----- Authenticators -----

@@ -61,11 +59,12 @@ t1:
   driver = smtp
   hosts = 127.0.0.1
   port = PORT_D
+  allow_localhost
   hosts_try_fastopen =    :
-  hosts_avoid_tls = HOSTS_AVOID_TLS
-  tls_try_verify_hosts = :
+  hosts_avoid_tls    = HOSTS_AVOID_TLS
+  tls_verify_certificates =     DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :
   hosts_require_auth = *
-  allow_localhost

# These can be made visible by adding "-d-all+deliver+transport+tls" to the script 1st queuerun
headers_add = X-tls-cipher: <$tls_cipher>
diff --git a/test/confs/4221 b/test/confs/4221
index 61205cd..07feb48 100644
--- a/test/confs/4221
+++ b/test/confs/4221
@@ -21,9 +21,8 @@ queue_only
queue_run_in_order
.endif

-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1

smtputf8_advertise_hosts = OPTION

@@ -117,7 +116,8 @@ rmt_smtp:
   driver =    smtp
   hosts_try_fastopen =    :
   hosts_require_tls =    *
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :
   utf8_downconvert =    0

# End
diff --git a/test/confs/5410 b/test/confs/5410
index e002343..c56b462 100644
--- a/test/confs/5410
+++ b/test/confs/5410
@@ -8,7 +8,7 @@ primary_hostname = myhost.test.ex

log_selector = +smtp_confirmation
tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1

domainlist local_domains = test.ex : *.test.ex

@@ -50,7 +50,8 @@ smtp:
   hosts_try_fastopen =    :
   hosts_avoid_tls =        ${if eq {$address_data}{usery}{*}{:}}
   hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}}
-  tls_try_verify_hosts = :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :

# End
diff --git a/test/log/2100 b/test/log/2100
index fa4ce7b..89feb8e 100644
--- a/test/log/2100
+++ b/test/log/2100
@@ -1,9 +1,12 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf

******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@???
+1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@???
diff --git a/test/log/2113 b/test/log/2113
index 4710827..aaa72e8 100644
--- a/test/log/2113
+++ b/test/log/2113
@@ -2,7 +2,7 @@
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for usery@???
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for userz@???
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
@@ -13,7 +13,7 @@
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for userb@???
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for userc@???
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmbD-0005vi-00 => usera@??? R=cl_override T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => usera@??? R=cl_override T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbG-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 => userc@??? R=cl_override T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbH-0005vi-00"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
@@ -24,11 +24,11 @@
1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for usery@???
1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for userz@???
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmbJ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbM-0005vi-00"
+1999-03-02 09:44:33 10HmbJ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbM-0005vi-00"
1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbL-0005vi-00 => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbL-0005vi-00 => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbK-0005vi-00 => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf

diff --git a/test/log/2117 b/test/log/2117
index 58467d6..2ecbfec 100644
--- a/test/log/2117
+++ b/test/log/2117
@@ -1,9 +1,9 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf

diff --git a/test/log/2125 b/test/log/2125
index 38b1182..97ae60d 100644
--- a/test/log/2125
+++ b/test/log/2125
@@ -1,6 +1,6 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:AES128-SHA:128 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:AES128-SHA:128 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf

diff --git a/test/log/2126 b/test/log/2126
index 59458ef..64f7e54 100644
--- a/test/log/2126
+++ b/test/log/2126
@@ -1,7 +1,7 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<usery@???>: 451 Temporary local problem - please try later
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@??? R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@??? R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
diff --git a/test/log/2127 b/test/log/2127
index c8965f2..372c931 100644
--- a/test/log/2127
+++ b/test/log/2127
@@ -1,7 +1,7 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@??? R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
diff --git a/test/log/2130 b/test/log/2130
index fc45c0a..09c83a9 100644
--- a/test/log/2130
+++ b/test/log/2130
@@ -1,5 +1,5 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
diff --git a/test/log/2131 b/test/log/2131
index 38aa871..d607e75 100644
--- a/test/log/2131
+++ b/test/log/2131
@@ -1,8 +1,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for CALLER@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@??? R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for abcd@???
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => abcd@??? R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed

******** SERVER ********
diff --git a/test/log/2138 b/test/log/2138
index c361baf..decd0de 100644
--- a/test/log/2138
+++ b/test/log/2138
@@ -2,8 +2,8 @@
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for usery0@??? usery1@???
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for userz0@??? userz1@???
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx0@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx0@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz0@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz1@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbD-0005vi-00"
diff --git a/test/log/2149 b/test/log/2149
index cf7db46..234fbcc 100644
--- a/test/log/2149
+++ b/test/log/2149
@@ -1,6 +1,6 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf

diff --git a/test/log/3461 b/test/log/3461
index f0a02ad..1184a96 100644
--- a/test/log/3461
+++ b/test/log/3461
@@ -1,15 +1,15 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf

diff --git a/test/log/3462 b/test/log/3462
index b3f8aad..35fb66c 100644
--- a/test/log/3462
+++ b/test/log/3462
@@ -1,7 +1,7 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
diff --git a/test/log/3465 b/test/log/3465
index 6ec76b0..0caf7ea 100644
--- a/test/log/3465
+++ b/test/log/3465
@@ -1,6 +1,6 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@??? R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no A=plain C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@??? R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes A=plain C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
diff --git a/test/log/4221 b/test/log/4221
index 851fc3a..80da6a5 100644
--- a/test/log/4221
+++ b/test/log/4221
@@ -1,5 +1,5 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= 他们为什么不说中文@hebrew.למההםפשוטלאמדבריםעברית.com U=CALLER P=utf8local-esmtp S=sss for usery@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@??? F=<他们为什么不说中文@hebrew.למההםפשוטלאמדבריםעברית.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@??? F=<他们为什么不说中文@hebrew.למההםפשוטלאמדבריםעברית.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
diff --git a/test/log/4223 b/test/log/4223
index e3c1d77..1e5f379 100644
--- a/test/log/4223
+++ b/test/log/4223
@@ -1,6 +1,6 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= यहलोगहिन्दीक्योंनहींबोलसकतेहैं@japanese.なぜみんな日本語を話してくれないのか.local U=CALLER P=utf8local-esmtp S=sss for userz@???
1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1]: utf8 support required but not offered for forwarding
-1999-03-02 09:44:33 10HmaX-0005vi-00 ** userz@??? F=<यहलोगहिन्दीक्योंनहींबोलसकतेहैं@japanese.なぜみんな日本語を話してくれないのか.local> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no: utf8 support required but not offered for forwarding
+1999-03-02 09:44:33 10HmaX-0005vi-00 ** userz@??? F=<यहलोगहिन्दीक्योंनहींबोलसकतेहैं@japanese.なぜみんな日本語を話してくれないのか.local> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes: utf8 support required but not offered for forwarding
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss for यहलोगहिन्दीक्योंनहींबोलसकतेहैं@japanese.なぜみんな日本語を話してくれないのか.local
1999-03-02 09:44:33 10HmaY-0005vi-00 no immediate delivery: queued by ACL
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
diff --git a/test/log/4224 b/test/log/4224
index 712faab..3f91cfb 100644
--- a/test/log/4224
+++ b/test/log/4224
@@ -1,8 +1,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userQ@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userq@??? <userQ@???> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userq@??? <userQ@???> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@???
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@??? <userR@???> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@??? <userR@???> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 U=CALLER F=<CALLER@???énopuedensimplementehablarenEspañol.local> rejected RCPT <userS@???>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<CALLER@???ạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@???>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
diff --git a/test/log/4225 b/test/log/4225
index baefd36..b032608 100644
--- a/test/log/4225
+++ b/test/log/4225
@@ -1,5 +1,5 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= userU@??? U=CALLER P=utf8local-esmtp S=sss for user.γλυκύρριζα@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => user.γλυκύρριζα@test.ex F=<userU@???> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => user.γλυκύρριζα@test.ex F=<userU@???> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

******** SERVER ********
diff --git a/test/log/4226 b/test/log/4226
index 5c03370..b5948a9 100644
--- a/test/log/4226
+++ b/test/log/4226
@@ -1,8 +1,8 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= userV.වැල්_මී@test.ex U=CALLER P=utf8local-esmtp S=sss for user.அதிமதுரம்@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => user.அதிமதுரம்@test.ex F=<userV.වැල්_මී@test.ex> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => user.அதிமதுரம்@test.ex F=<userV.වැල්_මී@test.ex> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@??? U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F=<userW@???> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F=<userW@???> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@???>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@???> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
diff --git a/test/stderr/2113 b/test/stderr/2113
index 9541b65..dd24fbc 100644
--- a/test/stderr/2113
+++ b/test/stderr/2113
@@ -36,7 +36,7 @@ cmd buf flush ddd bytes
SMTP<< 354 Enter message, ending with "." on a line by itself
SMTP<< 250 OK id=10HmbA-0005vi-00
LOG: MAIN
- => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+ => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp (qrun-delivery) terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -122,7 +122,7 @@ cmd buf flush ddd bytes
SMTP<< 354 Enter message, ending with "." on a line by itself
SMTP<< 250 OK id=10HmbG-0005vi-00
LOG: MAIN
- => usera@??? R=cl_override T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbG-0005vi-00"
+ => usera@??? R=cl_override T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbG-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp (qrun-delivery) terminating with rc=0 >>>>>>>>>>>>>>>>

@@ -217,7 +217,7 @@ cmd buf flush ddd bytes
          250 HELP
   SMTP(close)>>
 LOG: MAIN
-  => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbM-0005vi-00"
+  => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbM-0005vi-00"
 LOG: MAIN
   Completed

>>>>>>>>>>>>>>>> Exim pid=pppp (qrun-delivery) terminating with rc=0 >>>>>>>>>>>>>>>>

@@ -254,7 +254,7 @@ cmd buf flush ddd bytes
          250 HELP
   SMTP(close)>>
 LOG: MAIN
-  => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
+  => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbN-0005vi-00"
 LOG: MAIN
   Completed

>>>>>>>>>>>>>>>> Exim pid=pppp (continued-transport) terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -285,7 +285,7 @@ cmd buf flush ddd bytes
cmd buf flush ddd bytes
SMTP(close)>>
LOG: MAIN
- => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
+ => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbO-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp (continued-transport) terminating with rc=0 >>>>>>>>>>>>>>>>
diff --git a/test/stderr/5410 b/test/stderr/5410
index db1df1c..0387662 100644
--- a/test/stderr/5410
+++ b/test/stderr/5410
@@ -110,7 +110,7 @@ cmd buf flush ddd bytes
cmd buf flush ddd bytes
SMTP<< 220 TLS go ahead
127.0.0.1 in tls_verify_hosts? no (option unset)
-127.0.0.1 in tls_try_verify_hosts? no (end of list)
+127.0.0.1 in tls_try_verify_hosts? yes (matched "*")
SMTP>> EHLO myhost.test.ex
cmd buf flush ddd bytes
SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
@@ -131,7 +131,7 @@ sync_responses expect rcpt
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 56)
+processing "accept" (TESTSUITE/test-config 57)
accept: condition test succeeded in inline ACL
end of inline ACL: ACCEPT
SMTP>> DATA
@@ -373,7 +373,7 @@ sync_responses expect rcpt
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 56)
+processing "accept" (TESTSUITE/test-config 57)
accept: condition test succeeded in inline ACL
end of inline ACL: ACCEPT
SMTP>> DATA
@@ -615,7 +615,7 @@ sync_responses expect rcpt
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
-processing "accept" (TESTSUITE/test-config 56)
+processing "accept" (TESTSUITE/test-config 57)
accept: condition test succeeded in inline ACL
end of inline ACL: ACCEPT
SMTP>> DATA

Diese Nachricht ist Teil des folgenden Threads:
	Der komplette Thread sortiert nach Datum

[exim-cvs] OpenSSL: Fix client-side tls_verify_cert_hostname…