### No certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu1.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu1.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
gnutls_record_recv: A TLS fatal alert has been received.
Failed to start TLS
>>> nop
????554
End of script
### No certificate, certificate optional at TLS time, required by ACL
Connecting to 127.0.0.1 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu2.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu2.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo rhu2tls.barb
??? 250
<<< 250 myhost.test.ex Hello rhu2tls.barb [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu3.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu3.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo test
??? 250
<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate optional at TLS time, checked by ACL
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu4.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu4.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo test
??? 250
<<< 250 myhost.test.ex Hello test [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Bad certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu5.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu5.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
gnutls_record_recv: A TLS fatal alert has been received.
Failed to start TLS
>>> nop
????554
End of script
### Bad certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem
Key file = aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu6.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu6.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo test
??? 250
<<< 250 myhost.test.ex Hello test [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Otherwise good but revoked certificate, certificate required
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu7.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu7.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> STARTTLS
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
>>> NOP
??? 554 Security failure
<<< 554 Security failure
>>> QUIT
>>> 220
End of script
### Revoked certificate, certificate optional at TLS time, reject at ACL time
Connecting to 127.0.0.1 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu8.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu8.barb [127.0.0.1]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo test
??? 250
<<< 250 myhost.test.ex Hello test [127.0.0.1]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 550
<<< 550 certificate not verified: peerdn=CN=revoked1.example.com
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script
### Good certificate, certificate required - but nonmatching CRL also present
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
Certificate file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem
Key file = aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ehlo rhu9.barb
??? 250-
<<< 250-myhost.test.ex Hello rhu9.barb [ip4.ip4.ip4.ip4]
??? 250-
<<< 250-SIZE 52428800
??? 250-
<<< 250-LIMITS MAILMAX=1000 RCPTMAX=50000
??? 250-
<<< 250-8BITMIME
??? 250-
<<< 250-PIPELINING
??? 250-
<<< 250-STARTTLS
??? 250
<<< 250 HELP
>>> starttls
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
Succeeded in starting TLS
>>> helo test
??? 250
<<< 250 myhost.test.ex Hello test [ip4.ip4.ip4.ip4]
>>> mail from:<userx@test.ex>
??? 250
<<< 250 OK
>>> rcpt to:<userx@test.ex>
??? 250
<<< 250 Accepted
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
End of script

******** SERVER ********
### No certificate, certificate required
### No certificate, certificate optional at TLS time, required by ACL
### Good certificate, certificate required
### Good certificate, certificate optional at TLS time, checked by ACL
### Bad certificate, certificate required
### Bad certificate, certificate optional at TLS time, reject at ACL time
### Otherwise good but revoked certificate, certificate required
### Revoked certificate, certificate optional at TLS time, reject at ACL time
### Good certificate, certificate required - but nonmatching CRL also present
