Gitweb:
https://git.exim.org/exim.git/commitdiff/8af4fd7e0f697d9585f013b9664f88d32131b5df
Commit: 8af4fd7e0f697d9585f013b9664f88d32131b5df
Parent: ef77ddc9239a2a96442b7708c825235823d6c9ce
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri May 28 17:33:13 2021 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Jun 3 23:44:12 2021 +0100
Testsuite: use higher-spec certs, for more-recent GnuTLS versions which deprecate weaker ones
Needed for GnuTLS 3.6.15 (on Fedora 33)
---
test/confs/1110 | 4 ++--
test/confs/1151 | 8 +++++---
test/confs/2000 | 7 ++++---
test/confs/2001 | 5 -----
test/confs/2012 | 19 -------------------
test/confs/2033 | 19 +------------------
test/confs/3700 | 15 +++++++++------
test/confs/3720 | 13 ++++++++-----
test/log/2012 | 8 ++++----
test/log/2033 | 4 ++--
test/log/3700 | 4 ++--
test/log/3720 | 6 +++---
test/log/3721 | 6 +++---
test/mail/1110.userx | 2 +-
test/mail/3700.smtps | 2 +-
test/mail/3700.x | 2 +-
test/scripts/1100-Basic-TLS/1110 | 2 +-
test/scripts/3720-external-auth-GnuTLS/3720 | 4 ++--
test/scripts/3721-external-auth-OpenSSL/3721 | 4 ++--
test/stdout/1110 | 4 ++--
test/stdout/3720 | 6 +++---
test/stdout/3721 | 6 +++---
22 files changed, 59 insertions(+), 91 deletions(-)
diff --git a/test/confs/1110 b/test/confs/1110
index b22360f..30d1c3a 100644
--- a/test/confs/1110
+++ b/test/confs/1110
@@ -1,4 +1,4 @@
-# Exim test configuration 2019
+# Exim test configuration 1110
.include DIR/aux-var/tls_conf_prefix
@@ -17,7 +17,7 @@ tls_certificate = DIR/aux-fixed/cert1
tls_privatekey = DIR/aux-fixed/cert1
tls_verify_hosts = HOSTIPV4
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
# ------ ACL ------
diff --git a/test/confs/1151 b/test/confs/1151
index 4729c92..b041a9c 100644
--- a/test/confs/1151
+++ b/test/confs/1151
@@ -11,8 +11,8 @@ tls_advertise_hosts = *
tls_certificate = DIR/tmp/certs/servercert
tls_privatekey = DIR/tmp/certs/serverkey
tls_try_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
-#tls_verify_certificates = system,cache
+
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
queue_only
log_selector = +millisec
@@ -37,7 +37,9 @@ smtp:
allow_localhost
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = DIR/aux-fixed/cert2
+ tls_certificate = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+ tls_privatekey = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
tls_verify_certificates = DIR/aux-fixed/cert1
tls_verify_cert_hostnames = :
diff --git a/test/confs/2000 b/test/confs/2000
index 11104b0..c81c80d 100644
--- a/test/confs/2000
+++ b/test/confs/2000
@@ -25,7 +25,7 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
# ----- Routers -----
@@ -49,8 +49,9 @@ send_to_server:
hosts = 127.0.0.1
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = DIR/aux-fixed/cert2
- tls_privatekey = DIR/aux-fixed/cert2
+ tls_certificate = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+ tls_privatekey = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
tls_verify_certificates = DIR/aux-fixed/cert2
tls_try_verify_hosts =
diff --git a/test/confs/2001 b/test/confs/2001
index d6525ca..f8358cb 100644
--- a/test/confs/2001
+++ b/test/confs/2001
@@ -23,9 +23,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
-
# so we can decode in wireshark
tls_require_ciphers = NORMAL:-KX-ALL:+RSA
@@ -52,8 +49,6 @@ send_to_server:
hosts_try_fastopen = :
OPTION
port = PORT_D
- tls_certificate = DIR/aux-fixed/cert2
- tls_privatekey = DIR/aux-fixed/cert2
tls_verify_certificates = DIR/aux-fixed/cert2
tls_try_verify_hosts =
diff --git a/test/confs/2012 b/test/confs/2012
index c0ed029..8de185b 100644
--- a/test/confs/2012
+++ b/test/confs/2012
@@ -33,9 +33,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{CERT1}fail}
tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail}
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail}
-
# ----- Routers -----
@@ -108,8 +105,6 @@ send_to_server_failcert:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
tls_try_verify_hosts =
@@ -123,8 +118,6 @@ send_to_server_retry:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = \
${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
@@ -139,8 +132,6 @@ send_to_server_crypt:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
tls_try_verify_hosts = *
@@ -153,8 +144,6 @@ send_to_server_req_fail:
hosts = HOSTIPV4
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
tls_verify_hosts = *
@@ -167,8 +156,6 @@ send_to_server_req_fail:
hosts = serverbadname.example.com
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = HOSTIPV4
@@ -181,8 +168,6 @@ send_to_server_req_fail:
hosts = server1.example.com
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = HOSTIPV4
@@ -195,8 +180,6 @@ send_to_server_req_fail:
hosts = serverchain1.example.com
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = HOSTIPV4
@@ -209,8 +192,6 @@ send_to_server_req_fail:
hosts = alternatename.server1.example.com
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = HOSTIPV4
diff --git a/test/confs/2033 b/test/confs/2033
index 8fa51d0..44ebbc5 100644
--- a/test/confs/2033
+++ b/test/confs/2033
@@ -1,4 +1,4 @@
-# Exim test configuration 1162
+# Exim test configuration 2033
# TLS client: verify certificate from server - name-fails
SERVER=
@@ -35,9 +35,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{CERT1}fail}
tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail}
-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail}
-
# ----- Routers -----
@@ -103,8 +100,6 @@ send_to_server_failcert:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
@@ -116,8 +111,6 @@ send_to_server_retry:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = \
${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
@@ -130,8 +123,6 @@ send_to_server_crypt:
port = PORT_D
hosts_try_fastopen = :
hosts_require_tls = HOSTIPV4
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
tls_try_verify_hosts = *
@@ -144,8 +135,6 @@ send_to_server_req_fail:
hosts = HOSTNAME
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA2
tls_verify_hosts = *
@@ -158,8 +147,6 @@ send_to_server_req_failname:
hosts = HOSTNAME
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = *
@@ -173,8 +160,6 @@ send_to_server_req_passname:
hosts = server1.example.com
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = *
@@ -188,8 +173,6 @@ send_to_server_req_failcarryon:
hosts = HOSTNAME
port = PORT_D
hosts_try_fastopen = :
- tls_certificate = CERT2
- tls_privatekey = CERT2
tls_verify_certificates = CA1
tls_verify_cert_hostnames = *
diff --git a/test/confs/3700 b/test/confs/3700
index 599f3e5..598bc7f 100644
--- a/test/confs/3700
+++ b/test/confs/3700
@@ -20,10 +20,11 @@ trusted_users = CALLER
tls_on_connect_ports = PORT_S
tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
tls_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
# ----- ACL -----
@@ -78,8 +79,9 @@ t1:
port = PORT_D
hosts_try_fastopen = :
allow_localhost
- tls_certificate = DIR/aux-fixed/cert2
- tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_certificate = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+ tls_privatekey = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_cert_hostnames = :
t2:
@@ -89,8 +91,9 @@ t2:
hosts_try_fastopen = :
protocol = smtps
allow_localhost
- tls_certificate = DIR/aux-fixed/cert2
- tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_certificate = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+ tls_privatekey = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_cert_hostnames = :
file:
diff --git a/test/confs/3720 b/test/confs/3720
index 74faec2..e82c57f 100644
--- a/test/confs/3720
+++ b/test/confs/3720
@@ -19,10 +19,11 @@ queue_run_in_order
trusted_users = CALLER
tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
tls_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem
# ----- ACL -----
@@ -54,7 +55,7 @@ ext_ccert_cn:
server_set_id = $auth1
server_debug_print = +++TLS \$auth1="$auth1"
- client_send = "Phil Pennock"
+ client_send = "server2.example.org"
# ----- Routers -----
@@ -81,8 +82,10 @@ t1:
port = PORT_D
hosts_try_fastopen = :
allow_localhost
- tls_certificate = DIR/aux-fixed/cert2
- tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_certificate = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+ tls_privatekey = DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
tls_verify_cert_hostnames = :
hosts_try_auth = *
diff --git a/test/log/2012 b/test/log/2012
index 294ad4d..696c07a 100644
--- a/test/log/2012
+++ b/test/log/2012
@@ -34,13 +34,13 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaY-0005vi-00@???
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@???
-1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@???
+1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbC-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@???
-1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbE-0005vi-00@???
+1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbE-0005vi-00@???
diff --git a/test/log/2033 b/test/log/2033
index 8757949..2bbcd00 100644
--- a/test/log/2033
+++ b/test/log/2033
@@ -21,5 +21,5 @@
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@???
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbA-0005vi-00@???
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@???
diff --git a/test/log/3700 b/test/log/3700
index 2ef1502..bb5d88f 100644
--- a/test/log/3700
+++ b/test/log/3700
@@ -10,9 +10,9 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_S
1999-03-02 09:44:33 Auth ACL called, after smtp cmd "STARTTLS"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@??? for smtps@y
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:server2.example.org S=sss id=E10HmaY-0005vi-00@??? for smtps@y
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 => x <x@y> R=server_r T=file
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
diff --git a/test/log/3720 b/test/log/3720
index bc759fd..7757bf0 100644
--- a/test/log/3720
+++ b/test/log/3720
@@ -6,6 +6,6 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:Phil Pennock S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
diff --git a/test/log/3721 b/test/log/3721
index bc759fd..7757bf0 100644
--- a/test/log/3721
+++ b/test/log/3721
@@ -6,6 +6,6 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:Phil Pennock S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
diff --git a/test/mail/1110.userx b/test/mail/1110.userx
index ad6260f..cfc5029 100644
--- a/test/mail/1110.userx
+++ b/test/mail/1110.userx
@@ -18,7 +18,7 @@ Received: from [ip4.ip4.ip4.ip4]
id 10HmaY-0005vi-00
for userx@???;
Tue, 2 Mar 1999 09:44:33 +0000
-TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn/cn 'CN=Phil Pennock'
+TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn/cn 'CN=server2.example.org'
This is a test encrypted message from a verified host.
diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps
index f844cf2..99fcfc4 100644
--- a/test/mail/3700.smtps
+++ b/test/mail/3700.smtps
@@ -1,7 +1,7 @@
From ok@??? Tue Mar 02 09:44:33 1999
Authentication-Results: myhost.test.ex;
iprev=pass (localhost) smtp.remote-ip=127.0.0.1;
- auth=pass (tls) x509.auth="Phil Pennock"
+ auth=pass (tls) x509.auth=server2.example.org
Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
(Exim x.yz)
diff --git a/test/mail/3700.x b/test/mail/3700.x
index 8e82508..89ef396 100644
--- a/test/mail/3700.x
+++ b/test/mail/3700.x
@@ -1,7 +1,7 @@
From ok@??? Tue Mar 02 09:44:33 1999
Authentication-Results: myhost.test.ex;
iprev=pass (localhost) smtp.remote-ip=127.0.0.1;
- auth=pass (tls) x509.auth="Phil Pennock"
+ auth=pass (tls) x509.auth=server2.example.org
Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
(Exim x.yz)
diff --git a/test/scripts/1100-Basic-TLS/1110 b/test/scripts/1100-Basic-TLS/1110
index 865b220..effc750 100644
--- a/test/scripts/1100-Basic-TLS/1110
+++ b/test/scripts/1100-Basic-TLS/1110
@@ -22,7 +22,7 @@ This is a test encrypted message.
quit
??? 221
****
-client-anytls -tls-on-connect HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+client-anytls -tls-on-connect HOSTIPV4 PORT_D aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
mail from:<userx@???>
??? 250
diff --git a/test/scripts/3720-external-auth-GnuTLS/3720 b/test/scripts/3720-external-auth-GnuTLS/3720
index 49d9520..1b932e6 100644
--- a/test/scripts/3720-external-auth-GnuTLS/3720
+++ b/test/scripts/3720-external-auth-GnuTLS/3720
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
****
#
#
-client-gnutls 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/cert2 DIR/aux-fixed/cert2
+client-gnutls 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
EHLO tester
??? 250-
@@ -23,7 +23,7 @@ EHLO tester
??? 250-
??? 250-AUTH EXTERNAL
??? 250 HELP
-AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
quit
??? 221
diff --git a/test/scripts/3721-external-auth-OpenSSL/3721 b/test/scripts/3721-external-auth-OpenSSL/3721
index 310b8d2..35cc11b 100644
--- a/test/scripts/3721-external-auth-OpenSSL/3721
+++ b/test/scripts/3721-external-auth-OpenSSL/3721
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
****
#
#
-client-ssl 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/cert2 DIR/aux-fixed/cert2
+client-ssl 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
EHLO tester
??? 250-
@@ -23,7 +23,7 @@ EHLO tester
??? 250-
??? 250-AUTH EXTERNAL
??? 250 HELP
-AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
quit
??? 221
diff --git a/test/stdout/1110 b/test/stdout/1110
index b885461..27f78bd 100644
--- a/test/stdout/1110
+++ b/test/stdout/1110
@@ -32,8 +32,8 @@ Succeeded in starting TLS
<<< 221 myhost.test.ex closing connection
End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
Attempting to start TLS
Succeeded in starting TLS
??? 220
diff --git a/test/stdout/3720 b/test/stdout/3720
index 049c87d..0351cdf 100644
--- a/test/stdout/3720
+++ b/test/stdout/3720
@@ -1,6 +1,6 @@
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = TESTSUITE/aux-fixed/cert2
-Key file = TESTSUITE/aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> EHLO tester
@@ -34,7 +34,7 @@ Succeeded in starting TLS
<<< 250-AUTH EXTERNAL
??? 250 HELP
<<< 250 HELP
->>> AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+>>> AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
<<< 235 Authentication succeeded
>>> quit
diff --git a/test/stdout/3721 b/test/stdout/3721
index 049c87d..854382e 100644
--- a/test/stdout/3721
+++ b/test/stdout/3721
@@ -1,6 +1,6 @@
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = TESTSUITE/aux-fixed/cert2
-Key file = TESTSUITE/aux-fixed/cert2
+Certificate file = TESTSUITE/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = TESTSUITE/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> EHLO tester
@@ -34,7 +34,7 @@ Succeeded in starting TLS
<<< 250-AUTH EXTERNAL
??? 250 HELP
<<< 250 HELP
->>> AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+>>> AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
<<< 235 Authentication succeeded
>>> quit