diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-04 08:27:09 -0700 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-04 08:27:09 -0700 |
commit | 3f0945ffae8acee547d11ae53d38fbdf9a2cc81f (patch) | |
tree | 2e726521f7a030478238a0dab3841fdaafde1e26 /doc/doc-txt | |
parent | 7be682ca5ebd9571a01b762195b11c34cd231830 (diff) |
More tls_sni support: outbound, logging.
tls_sni as SMTP transport option.
Use correct storage pool for copying tls_sni, so survives for life of process.
Add +tls_sni log-selector, for inbound tls_sni.
Update exipick to handle -tls_sni in spool files.
Also reset tls_bits at start of outbound connection (was missing).
Diffstat (limited to 'doc/doc-txt')
-rw-r--r-- | doc/doc-txt/ChangeLog | 2 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 7 | ||||
-rw-r--r-- | doc/doc-txt/OptionLists.txt | 1 |
3 files changed, 10 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4ad79c28e..55cde6dcf 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -75,6 +75,8 @@ PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate lets Exim select keys and certificates based upon TLS SNI from client. + Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly + before an outbound SMTP session. New log_selector, +tls_sni. Exim version 4.77 diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index b788b45dc..2872d241f 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -47,6 +47,13 @@ Version 4.78 sends the TLS Server Name Indication extension, to permit choosing a different certificate; tls_privatekey will also be re-expanded. You must still set these options to expand to valid files when $tls_sni is not set. + + The SMTP Transport has gained the option tls_sni, which will set a hostname + for outbound TLS sessions, and set $tls_sni too. + + A new log_selector, +tls_sni, has been added, to log received SNI values + for Exim as a server. + Currently OpenSSL only. diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index b10f3f1aa..52a24b198 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -554,6 +554,7 @@ tls_privatekey string* unset main tls_remember_emstp boolean false main 4.21 tls_require_ciphers string* unset smtp 4.00 replaces tls_verify_ciphers string* unset main 4.33 +tls_sni string* unset main 4.78 tls_tempfail_tryclear boolean true smtp 4.05 tls_try_verify_hosts host list unset main 4.00 tls_verify_certificates string* unset main 3.20 |