Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation
author: Jeremy Harris <jgh146exb@wizmail.org> 2017-12-02 20:10:18 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2017-12-02 20:16:23 +0000
commit: be9f79c9eb112904d53840958f9f97019136a640 (patch)
tree: 22acd52111eb4c0d5f0a616a94cfcafda96a73c4
parent: b488395f4d99d44a950073a64b35ec8729102782 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e3ac7f3b9..285849122 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17138,6 +17138,8 @@ separator in the usual way to avoid confusion under IPv6.
 
 &*Note*&: Under current versions of OpenSSL, when a list of more than one
 file is used, the &$tls_in_ourcert$& veriable is unreliable.
+
+&*Note*&: OCSP stapling is not usable when a list of more than one file is used.
 .wen
 
 If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then
@@ -17279,6 +17281,11 @@ Certificate Authority.
 
 Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later).
 
+.new
+&*Note*&: There is currently no support for multiple OCSP proofs to match the
+multiple certificates facility.
+.wen
+
 
 .option tls_on_connect_ports main "string list" unset
 .cindex SSMTP
author	Jeremy Harris <jgh146exb@wizmail.org>	2017-12-02 20:10:18 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2017-12-02 20:16:23 +0000
commit	be9f79c9eb112904d53840958f9f97019136a640 (patch)
tree	22acd52111eb4c0d5f0a616a94cfcafda96a73c4
parent	b488395f4d99d44a950073a64b35ec8729102782 (diff)