[exim-cvs] Testsuite: use higher-spec certs, for more-recen…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Asunto: [exim-cvs] Testsuite: use higher-spec certs, for more-recent GnuTLS versions which deprecate weaker ones
Gitweb: https://git.exim.org/exim.git/commitdiff/8af4fd7e0f697d9585f013b9664f88d32131b5df
Commit:     8af4fd7e0f697d9585f013b9664f88d32131b5df
Parent:     ef77ddc9239a2a96442b7708c825235823d6c9ce
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri May 28 17:33:13 2021 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Jun 3 23:44:12 2021 +0100


    Testsuite: use higher-spec certs, for more-recent GnuTLS versions which deprecate weaker ones


    Needed for GnuTLS 3.6.15 (on Fedora 33)
---
 test/confs/1110                              |  4 ++--
 test/confs/1151                              |  8 +++++---
 test/confs/2000                              |  7 ++++---
 test/confs/2001                              |  5 -----
 test/confs/2012                              | 19 -------------------
 test/confs/2033                              | 19 +------------------
 test/confs/3700                              | 15 +++++++++------
 test/confs/3720                              | 13 ++++++++-----
 test/log/2012                                |  8 ++++----
 test/log/2033                                |  4 ++--
 test/log/3700                                |  4 ++--
 test/log/3720                                |  6 +++---
 test/log/3721                                |  6 +++---
 test/mail/1110.userx                         |  2 +-
 test/mail/3700.smtps                         |  2 +-
 test/mail/3700.x                             |  2 +-
 test/scripts/1100-Basic-TLS/1110             |  2 +-
 test/scripts/3720-external-auth-GnuTLS/3720  |  4 ++--
 test/scripts/3721-external-auth-OpenSSL/3721 |  4 ++--
 test/stdout/1110                             |  4 ++--
 test/stdout/3720                             |  6 +++---
 test/stdout/3721                             |  6 +++---
 22 files changed, 59 insertions(+), 91 deletions(-)


diff --git a/test/confs/1110 b/test/confs/1110
index b22360f..30d1c3a 100644
--- a/test/confs/1110
+++ b/test/confs/1110
@@ -1,4 +1,4 @@
-# Exim test configuration 2019
+# Exim test configuration 1110

.include DIR/aux-var/tls_conf_prefix

@@ -17,7 +17,7 @@ tls_certificate = DIR/aux-fixed/cert1
tls_privatekey = DIR/aux-fixed/cert1

tls_verify_hosts = HOSTIPV4
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem


# ------ ACL ------
diff --git a/test/confs/1151 b/test/confs/1151
index 4729c92..b041a9c 100644
--- a/test/confs/1151
+++ b/test/confs/1151
@@ -11,8 +11,8 @@ tls_advertise_hosts = *
tls_certificate = DIR/tmp/certs/servercert
tls_privatekey = DIR/tmp/certs/serverkey
tls_try_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
-#tls_verify_certificates = system,cache
+
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem

 queue_only
 log_selector = +millisec
@@ -37,7 +37,9 @@ smtp:
   allow_localhost
   port =        PORT_D
   hosts_try_fastopen =    :
-  tls_certificate =    DIR/aux-fixed/cert2
+  tls_certificate =    DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =    DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
   tls_verify_certificates =    DIR/aux-fixed/cert1
   tls_verify_cert_hostnames =    :


diff --git a/test/confs/2000 b/test/confs/2000
index 11104b0..c81c80d 100644
--- a/test/confs/2000
+++ b/test/confs/2000
@@ -25,7 +25,7 @@ tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}

tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem


 # ----- Routers -----
@@ -49,8 +49,9 @@ send_to_server:
   hosts = 127.0.0.1
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = DIR/aux-fixed/cert2
-  tls_privatekey = DIR/aux-fixed/cert2
+  tls_certificate =    DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =    DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
   tls_verify_certificates = DIR/aux-fixed/cert2
   tls_try_verify_hosts =


diff --git a/test/confs/2001 b/test/confs/2001
index d6525ca..f8358cb 100644
--- a/test/confs/2001
+++ b/test/confs/2001
@@ -23,9 +23,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}

-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
-

 # so we can decode in wireshark
 tls_require_ciphers = NORMAL:-KX-ALL:+RSA
@@ -52,8 +49,6 @@ send_to_server:
   hosts_try_fastopen =    :
   OPTION
   port = PORT_D
-  tls_certificate = DIR/aux-fixed/cert2
-  tls_privatekey = DIR/aux-fixed/cert2
   tls_verify_certificates = DIR/aux-fixed/cert2
   tls_try_verify_hosts =


diff --git a/test/confs/2012 b/test/confs/2012
index c0ed029..8de185b 100644
--- a/test/confs/2012
+++ b/test/confs/2012
@@ -33,9 +33,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{CERT1}fail}
tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail}

-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail}
-

# ----- Routers -----

@@ -108,8 +105,6 @@ send_to_server_failcert:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA2
   tls_try_verify_hosts =
@@ -123,8 +118,6 @@ send_to_server_retry:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = \
     ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
@@ -139,8 +132,6 @@ send_to_server_crypt:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA2
   tls_try_verify_hosts = *
@@ -153,8 +144,6 @@ send_to_server_req_fail:
   hosts = HOSTIPV4
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA2
   tls_verify_hosts = *
@@ -167,8 +156,6 @@ send_to_server_req_fail:
    hosts =        serverbadname.example.com
    port =        PORT_D
    hosts_try_fastopen =    :
-   tls_certificate =    CERT2
-   tls_privatekey =    CERT2


    tls_verify_certificates =    CA1
    tls_verify_cert_hostnames =    HOSTIPV4
@@ -181,8 +168,6 @@ send_to_server_req_fail:
    hosts =        server1.example.com
    port =        PORT_D
    hosts_try_fastopen =    :
-   tls_certificate =    CERT2
-   tls_privatekey =    CERT2


    tls_verify_certificates =    CA1
    tls_verify_cert_hostnames =    HOSTIPV4
@@ -195,8 +180,6 @@ send_to_server_req_fail:
    hosts =        serverchain1.example.com
    port =        PORT_D
    hosts_try_fastopen =    :
-   tls_certificate =    CERT2
-   tls_privatekey =    CERT2


    tls_verify_certificates =    CA1
    tls_verify_cert_hostnames =    HOSTIPV4
@@ -209,8 +192,6 @@ send_to_server_req_fail:
    hosts =        alternatename.server1.example.com
    port =        PORT_D
    hosts_try_fastopen =    :
-   tls_certificate =    CERT2
-   tls_privatekey =    CERT2


    tls_verify_certificates =    CA1
    tls_verify_cert_hostnames =    HOSTIPV4
diff --git a/test/confs/2033 b/test/confs/2033
index 8fa51d0..44ebbc5 100644
--- a/test/confs/2033
+++ b/test/confs/2033
@@ -1,4 +1,4 @@
-# Exim test configuration 1162
+# Exim test configuration 2033
 # TLS client: verify certificate from server - name-fails


SERVER=
@@ -35,9 +35,6 @@ tls_advertise_hosts = *
tls_certificate = ${if eq {SERVER}{server}{CERT1}fail}
tls_privatekey = ${if eq {SERVER}{server}{KEY1}fail}

-tls_verify_hosts = *
-tls_verify_certificates = ${if eq {SERVER}{server}{CERT2}fail}
-

# ----- Routers -----

@@ -103,8 +100,6 @@ send_to_server_failcert:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


tls_verify_certificates = CA2

@@ -116,8 +111,6 @@ send_to_server_retry:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = \
     ${if eq{$host_address}{127.0.0.1}{CA1}{CA2}}
@@ -130,8 +123,6 @@ send_to_server_crypt:
   port = PORT_D
   hosts_try_fastopen =    :
   hosts_require_tls = HOSTIPV4
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA2
   tls_try_verify_hosts = *
@@ -144,8 +135,6 @@ send_to_server_req_fail:
   hosts = HOSTNAME
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA2
   tls_verify_hosts = *
@@ -158,8 +147,6 @@ send_to_server_req_failname:
   hosts = HOSTNAME
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA1
   tls_verify_cert_hostnames = *
@@ -173,8 +160,6 @@ send_to_server_req_passname:
   hosts = server1.example.com
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


   tls_verify_certificates = CA1
   tls_verify_cert_hostnames = *
@@ -188,8 +173,6 @@ send_to_server_req_failcarryon:
   hosts = HOSTNAME
   port = PORT_D
   hosts_try_fastopen =    :
-  tls_certificate = CERT2
-  tls_privatekey = CERT2


tls_verify_certificates = CA1
tls_verify_cert_hostnames = *
diff --git a/test/confs/3700 b/test/confs/3700
index 599f3e5..598bc7f 100644
--- a/test/confs/3700
+++ b/test/confs/3700
@@ -20,10 +20,11 @@ trusted_users = CALLER

tls_on_connect_ports = PORT_S
tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key

tls_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem


 # ----- ACL -----
@@ -78,8 +79,9 @@ t1:
   port = PORT_D
   hosts_try_fastopen =    :
   allow_localhost
-  tls_certificate =         DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
   tls_verify_cert_hostnames = :


 t2:
@@ -89,8 +91,9 @@ t2:
   hosts_try_fastopen =    :
   protocol = smtps
   allow_localhost
-  tls_certificate =         DIR/aux-fixed/cert2
-  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_certificate =         DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =          DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+  tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
   tls_verify_cert_hostnames = :


file:
diff --git a/test/confs/3720 b/test/confs/3720
index 74faec2..e82c57f 100644
--- a/test/confs/3720
+++ b/test/confs/3720
@@ -19,10 +19,11 @@ queue_run_in_order
trusted_users = CALLER

tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key

tls_verify_hosts = *
-tls_verify_certificates = DIR/aux-fixed/cert2
+tls_verify_certificates = DIR/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem


 # ----- ACL -----
@@ -54,7 +55,7 @@ ext_ccert_cn:
   server_set_id =    $auth1
   server_debug_print =    +++TLS \$auth1="$auth1"


-  client_send =        "Phil Pennock"
+  client_send =        "server2.example.org"



 # ----- Routers -----
@@ -81,8 +82,10 @@ t1:
   port = PORT_D
   hosts_try_fastopen =    :
   allow_localhost
-  tls_certificate =        DIR/aux-fixed/cert2
-  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_certificate =        DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+  tls_privatekey =        DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
+
+  tls_verify_certificates =    DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
   tls_verify_cert_hostnames =    :
   hosts_try_auth =        *


diff --git a/test/log/2012 b/test/log/2012
index 294ad4d..696c07a 100644
--- a/test/log/2012
+++ b/test/log/2012
@@ -34,13 +34,13 @@
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaY-0005vi-00@???
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@???
-1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@???
+1999-03-02 09:44:33 10HmbJ-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbC-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@???
-1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbE-0005vi-00@???
+1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbE-0005vi-00@???
diff --git a/test/log/2033 b/test/log/2033
index 8757949..2bbcd00 100644
--- a/test/log/2033
+++ b/test/log/2033
@@ -21,5 +21,5 @@
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@???
1999-03-02 09:44:33 TLS error on connection from the.local.host.name [ip4.ip4.ip4.ip4] (recv): A TLS fatal alert has been received: Certificate is bad
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@???
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss id=E10HmbA-0005vi-00@???
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbA-0005vi-00@???
diff --git a/test/log/3700 b/test/log/3700
index 2ef1502..bb5d88f 100644
--- a/test/log/3700
+++ b/test/log/3700
@@ -10,9 +10,9 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D and for SMTPS on port PORT_S
1999-03-02 09:44:33 Auth ACL called, after smtp cmd "STARTTLS"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@??? for smtps@y
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:server2.example.org S=sss id=E10HmaY-0005vi-00@??? for smtps@y
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 => x <x@y> R=server_r T=file
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
diff --git a/test/log/3720 b/test/log/3720
index bc759fd..7757bf0 100644
--- a/test/log/3720
+++ b/test/log/3720
@@ -6,6 +6,6 @@

******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:Phil Pennock S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
diff --git a/test/log/3721 b/test/log/3721
index bc759fd..7757bf0 100644
--- a/test/log/3721
+++ b/test/log/3721
@@ -6,6 +6,6 @@

 ******** SERVER ********
 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL UGhpbCBQZW5ub2Nr"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:Phil Pennock S=sss id=E10HmaX-0005vi-00@??? for x@y
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw=="
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=ext_ccert_cn:server2.example.org S=sss id=E10HmaX-0005vi-00@??? for x@y
diff --git a/test/mail/1110.userx b/test/mail/1110.userx
index ad6260f..cfc5029 100644
--- a/test/mail/1110.userx
+++ b/test/mail/1110.userx
@@ -18,7 +18,7 @@ Received: from [ip4.ip4.ip4.ip4]
     id 10HmaY-0005vi-00
     for userx@???;
     Tue, 2 Mar 1999 09:44:33 +0000
-TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn/cn 'CN=Phil Pennock'
+TLS: cipher=TLS1.x:ke-RSA-AES256-SHAnnn:xxx peerdn/cn 'CN=server2.example.org'


This is a test encrypted message from a verified host.

diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps
index f844cf2..99fcfc4 100644
--- a/test/mail/3700.smtps
+++ b/test/mail/3700.smtps
@@ -1,7 +1,7 @@
 From ok@??? Tue Mar 02 09:44:33 1999
 Authentication-Results: myhost.test.ex;
     iprev=pass (localhost) smtp.remote-ip=127.0.0.1;
-    auth=pass (tls) x509.auth="Phil Pennock"
+    auth=pass (tls) x509.auth=server2.example.org
 Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
     by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
diff --git a/test/mail/3700.x b/test/mail/3700.x
index 8e82508..89ef396 100644
--- a/test/mail/3700.x
+++ b/test/mail/3700.x
@@ -1,7 +1,7 @@
 From ok@??? Tue Mar 02 09:44:33 1999
 Authentication-Results: myhost.test.ex;
     iprev=pass (localhost) smtp.remote-ip=127.0.0.1;
-    auth=pass (tls) x509.auth="Phil Pennock"
+    auth=pass (tls) x509.auth=server2.example.org
 Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
     by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx)
     (Exim x.yz)
diff --git a/test/scripts/1100-Basic-TLS/1110 b/test/scripts/1100-Basic-TLS/1110
index 865b220..effc750 100644
--- a/test/scripts/1100-Basic-TLS/1110
+++ b/test/scripts/1100-Basic-TLS/1110
@@ -22,7 +22,7 @@ This is a test encrypted message.
 quit
 ??? 221
 ****
-client-anytls -tls-on-connect HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+client-anytls -tls-on-connect HOSTIPV4 PORT_D aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
 ??? 220
 mail from:<userx@???>
 ??? 250
diff --git a/test/scripts/3720-external-auth-GnuTLS/3720 b/test/scripts/3720-external-auth-GnuTLS/3720
index 49d9520..1b932e6 100644
--- a/test/scripts/3720-external-auth-GnuTLS/3720
+++ b/test/scripts/3720-external-auth-GnuTLS/3720
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
 ****
 #
 #
-client-gnutls 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/cert2 DIR/aux-fixed/cert2
+client-gnutls 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
 ??? 220
 EHLO tester
 ??? 250-
@@ -23,7 +23,7 @@ EHLO tester
 ??? 250-
 ??? 250-AUTH EXTERNAL
 ??? 250 HELP
-AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
 ??? 235
 quit
 ??? 221
diff --git a/test/scripts/3721-external-auth-OpenSSL/3721 b/test/scripts/3721-external-auth-OpenSSL/3721
index 310b8d2..35cc11b 100644
--- a/test/scripts/3721-external-auth-OpenSSL/3721
+++ b/test/scripts/3721-external-auth-OpenSSL/3721
@@ -5,7 +5,7 @@ exim -DSERVER=server -bd -oX PORT_D
 ****
 #
 #
-client-ssl 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/cert2 DIR/aux-fixed/cert2
+client-ssl 127.0.0.1 PORT_D 127.0.0.1 DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem DIR/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
 ??? 220
 EHLO tester
 ??? 250-
@@ -23,7 +23,7 @@ EHLO tester
 ??? 250-
 ??? 250-AUTH EXTERNAL
 ??? 250 HELP
-AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
 ??? 235
 quit
 ??? 221
diff --git a/test/stdout/1110 b/test/stdout/1110
index b885461..27f78bd 100644
--- a/test/stdout/1110
+++ b/test/stdout/1110
@@ -32,8 +32,8 @@ Succeeded in starting TLS
 <<< 221 myhost.test.ex closing connection
 End of script
 Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
-Certificate file = aux-fixed/cert2
-Key file = aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
 Attempting to start TLS
 Succeeded in starting TLS
 ??? 220
diff --git a/test/stdout/3720 b/test/stdout/3720
index 049c87d..0351cdf 100644
--- a/test/stdout/3720
+++ b/test/stdout/3720
@@ -1,6 +1,6 @@
 Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = TESTSUITE/aux-fixed/cert2
-Key file = TESTSUITE/aux-fixed/cert2
+Certificate file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
 ??? 220
 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

>>> EHLO tester

@@ -34,7 +34,7 @@ Succeeded in starting TLS
<<< 250-AUTH EXTERNAL
??? 250 HELP
<<< 250 HELP
->>> AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+>>> AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
<<< 235 Authentication succeeded
>>> quit

diff --git a/test/stdout/3721 b/test/stdout/3721
index 049c87d..854382e 100644
--- a/test/stdout/3721
+++ b/test/stdout/3721
@@ -1,6 +1,6 @@
Connecting to 127.0.0.1 port 1225 ... connected
-Certificate file = TESTSUITE/aux-fixed/cert2
-Key file = TESTSUITE/aux-fixed/cert2
+Certificate file = TESTSUITE/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem
+Key file = TESTSUITE/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> EHLO tester

@@ -34,7 +34,7 @@ Succeeded in starting TLS
<<< 250-AUTH EXTERNAL
??? 250 HELP
<<< 250 HELP
->>> AUTH EXTERNAL UGhpbCBQZW5ub2Nr
+>>> AUTH EXTERNAL c2VydmVyMi5leGFtcGxlLm9yZw==
??? 235
<<< 235 Authentication succeeded
>>> quit