summaryrefslogtreecommitdiff
path: root/doc/doc-docbook
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2014-11-23 16:58:06 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-01-12 18:58:34 +0000
commit0e0f3f562bf23cf035baf85cdd071d392751b676 (patch)
tree896c19fd04308b6365111c7f233e04f984007f96 /doc/doc-docbook
parentcb1d783072c488a4a558607b2ee122efba95aa4b (diff)
Make "system" location for certificate CA bundle the default
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r--doc/doc-docbook/spec.xfpt12
1 files changed, 7 insertions, 5 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index dc7e4f75c..7dfc4d623 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -16478,7 +16478,7 @@ preference order of the available ciphers. Details are given in sections
See &%tls_verify_hosts%& below.
-.option tls_verify_certificates main string&!! unset
+.option tls_verify_certificates main string&!! system
.cindex "TLS" "client certificate verification"
.cindex "certificate" "verification of client"
The value of this option is expanded, and must then be either the
@@ -16489,7 +16489,8 @@ match &%tls_verify_hosts%& or &%tls_try_verify_hosts%&.
The "system" value for the option will use a
system default location compiled into the SSL library.
-This is not available for GnuTLS versions preceding 3.0.20 and an explicit location
+This is not available for GnuTLS versions preceding 3.0.20,
+and will be taken as empty; an explicit location
must be specified.
The use of a directory for the option value is not avilable for GnuTLS versions
@@ -23458,7 +23459,7 @@ limited to being the initial component of a 3-or-more component FQDN.
There is no equivalent checking on client certificates.
-.option tls_verify_certificates smtp string&!! unset
+.option tls_verify_certificates smtp string&!! system
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
.vindex "&$host$&"
@@ -23470,7 +23471,8 @@ a file or directory containing permitted certificates for servers,
for use when setting up an encrypted connection.
The "system" value for the option will use a location compiled into the SSL library.
-This is not available for GnuTLS versions preceding 3.0.20 and an explicit location
+This is not available for GnuTLS versions preceding 3.0.20; a value of "system"
+is taken as empty and an explicit location
must be specified.
The use of a directory for the option value is not avilable for GnuTLS versions
@@ -26479,7 +26481,7 @@ if it requests it. If the server is Exim, it will request a certificate only if
&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
-specified a collection of expected server certificates.
+specifies a collection of expected server certificates.
These may be the system default set (depeding on library version),
a file or,
depnding on liibrary version, a directory,