Docs: Mention issues with TLS client cert and Exim <= 4.85

* cb1d783072c488a4a558607b2ee122efba95aa4b * 8c40856083f3a2e89350ab3aacfb95256fbadd9d > Author: Jeremy Harris <jgh146exb@wizmail.org> > Date: Sun Nov 23 16:10:30 2014 +0000 > > Support use of system default CA bundle
author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2020-10-10 18:56:50 +0200
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2020-10-11 11:10:55 +0200
commit: 0694f91e89112483d7ffb8312471b132c2acce77 (patch)
tree: 81f9d8fc725b5c721b4bac862f25946a61b54a00 /doc/doc-docbook
parent: 7e8793815bb43f97a022c6b71850206dbbd5d378 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 74c9b083c..c865e111b 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -18489,7 +18489,9 @@ than the public cert of individual clients.  With both OpenSSL and GnuTLS, if
 the value is a file then the certificates are sent by Exim as a server to
 connecting clients, defining the list of accepted certificate authorities.
 Thus the values defined should be considered public data.  To avoid this,
-use the explicit directory version.
+use the explicit directory version. (If your peer is Exim up to 4.85,
+using GnuTLS, you may need to send the CAs (thus using the file
+variant). Otherwise the peer doesn't send its certificate.)
 
 See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2020-10-10 18:56:50 +0200
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2020-10-11 11:10:55 +0200
commit	0694f91e89112483d7ffb8312471b132c2acce77 (patch)
tree	81f9d8fc725b5c721b4bac862f25946a61b54a00 /doc/doc-docbook
parent	7e8793815bb43f97a022c6b71850206dbbd5d378 (diff)