summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-03-19 20:14:24 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2014-03-19 20:14:24 +0000
commitdc4dc04e65b8011b9242c47099ab1f87f5143b3e (patch)
tree12bd33742828588cd96a6d474b71e78e66a7ea9c
parent52f93eed9f96e1630b181857289d5f2423f55cd7 (diff)
Docs for transport tls_verify_hosts &c.
-rw-r--r--doc/doc-docbook/spec.xfpt6
-rw-r--r--doc/doc-txt/ChangeLog1
-rw-r--r--doc/doc-txt/NewStuff8
3 files changed, 7 insertions, 8 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0f66180a2..8ddc3df51 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23030,7 +23030,7 @@ in clear.
.option tls_try_verify_hosts smtp "host list&!! unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which, on encrypted connections,
+This option gives a list of hosts for which, on encrypted connections,
certificate verification will be tried but need not succeed.
The &%tls_verify_certificates%& option must also be set.
@@ -23049,7 +23049,7 @@ single file if you are using GnuTLS. The values of &$host$& and
&$host_address$& are set to the name and address of the server during the
expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.
-For back-compatability, or when GnuTLS is used,
+For back-compatability,
if neither tls_verify_hosts nor tls_try_verify_hosts are set
and certificate verification fails the TLS connection is closed.
@@ -23057,7 +23057,7 @@ and certificate verification fails the TLS connection is closed.
.option tls_verify_hosts smtp "host list&!! unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which. on encrypted connections,
+This option gives a list of hosts for which. on encrypted connections,
certificate verification must succeed.
The &%tls_verify_certificates%& option must also be set.
If both this option and &%tls_try_verify_hosts%& are unset
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 25e153e36..974b9579c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -57,7 +57,6 @@ JH/06 Log outbound-TLS and port details, subject to log selectors, for a
JH/07 Add malware type "sock" for talking to simple daemon.
JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
- OpenSSL only.
JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
routers/transports under cutthrough routing.
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 95b4119d1..c168cf2a7 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -27,10 +27,10 @@ Version 4.83
and a second regex to extract malware_name. The mail spoofile name can
be included in the command line.
- 5. When built with OpenSSL the smtp transport now supports options
- "tls_verify_hosts" and "tls_try_verify_hosts". If either is set the
- certificate verification is split from the encryption operation. The
- default remains that a failed verification cancels the encryption.
+ 5. The smtp transport now supports options "tls_verify_hosts" and
+ "tls_try_verify_hosts". If either is set the certificate verification
+ is split from the encryption operation. The default remains that a failed
+ verification cancels the encryption.
Version 4.82