Docs: fix description of SNI-under-DANE. Bug 2265

2 files changed, 4 insertions, 1 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7f96768f7..f7cc50534 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -29861,8 +29861,10 @@ nothing more to it.  Choosing a sensible value not derived insecurely is the
 only point of caution.  The &$tls_out_sni$& variable will be set to this string
 for the lifetime of the client connection (including during authentication).
 
+.new
 If DANE validated the connection attempt then the value of the &%tls_sni%& option
-is forced to the domain part of the recipient address.
+is forced to the name of the destination host, after any MX- or CNAME-folowing.
+.wen
 
 Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string
 received from a client.
diff --git a/test/scripts/5800-DANE/5801 b/test/scripts/5800-DANE/5801
index c486dfa3f..75da101cd 100644
--- a/test/scripts/5800-DANE/5801
+++ b/test/scripts/5800-DANE/5801
@@ -20,6 +20,7 @@ exim -q
 ****
 #
 # Two DANE messages from queue, two-pass queue-run
+# These go to the same host (A-record name), so can share a connection
 exim -odq t20@mxdane512ee.test.ex
 ****
 exim -odq t21@mxdane512ee1.test.ex