OpenSSL fix empty tls_verify_certificates.

New behaviour matches GnuTLS handling, and is documented. Previously, a tls_verify_certificates expansion forced failure was the only portable way to avoid setting this option. Now, an empty string is equivalent.
author: Phil Pennock <pdp@exim.org> 2013-03-13 19:48:22 -0400
committer: Phil Pennock <pdp@exim.org> 2013-03-13 19:48:22 -0400
commit: 26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (patch)
tree: f78b036ef814bd5c8af8eb0de269776030168ca5 /doc/doc-docbook/spec.xfpt
parent: 61147df48889217a1c1023d8c6e2431c24967686 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9c03523bb..92d0a2287 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -16066,6 +16066,9 @@ use OpenSSL with a directory.
 
 See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
 
+A forced expansion failure or setting to an empty string is equivalent to
+being unset.
+
 
 .option tls_verify_hosts main "host list&!!" unset
 .cindex "TLS" "client certificate verification"
author	Phil Pennock <pdp@exim.org>	2013-03-13 19:48:22 -0400
committer	Phil Pennock <pdp@exim.org>	2013-03-13 19:48:22 -0400
commit	26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (patch)
tree	f78b036ef814bd5c8af8eb0de269776030168ca5 /doc/doc-docbook/spec.xfpt
parent	61147df48889217a1c1023d8c6e2431c24967686 (diff)