TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug 2594

author: Jeremy Harris <jgh146exb@wizmail.org> 2020-06-11 20:21:38 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2020-06-11 20:30:18 +0100
commit: 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6 (patch)
tree: f8a8a5143786cc65ce5e9d15f0b6f0c2147b5dc4 /doc/doc-txt
parent: 32bcb602b77fbf4a7a746f448663688694677adc (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6c8349df4..425264191 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -30,6 +30,11 @@ JH/05 Bug 2593: Fix "vacation" in Exim filter.  Previously, when a "once"
       path, an error occurred on trying to open it.  Use the transport's working
       directory.
 
+JH/06 Bug 2594: Change the name used for certificate name checks in the smtp
+      transport.  Previously it was the name on the DNS A-record; use instead
+      the head of the CNAME chain leading there (if there is one).  This seems
+      to align better with RFC 6125.
+
 
 Exim version 4.94
 -----------------
@@ -335,7 +340,7 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
 
 JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
       A single TCP connection by a client will now hold a TLS connection open
-      for multiple message deliveries, by default.  Previoud the default was to
+      for multiple message deliveries, by default.  Previously the default was to
       not do so.
 
 JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
author	Jeremy Harris <jgh146exb@wizmail.org>	2020-06-11 20:21:38 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2020-06-11 20:30:18 +0100
commit	0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6 (patch)
tree	f8a8a5143786cc65ce5e9d15f0b6f0c2147b5dc4 /doc/doc-txt
parent	32bcb602b77fbf4a7a746f448663688694677adc (diff)