summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorNigel Metheringham <nigel@exim.org>2009-10-26 13:14:23 +0000
committerNigel Metheringham <nigel@exim.org>2009-10-26 13:14:23 +0000
commit07af267efb085ad25e9ec81eb4c6b11364acdcd1 (patch)
tree650333bce4c50081b12225822681113cb5e40870 /doc
parent400eda432747c1844509404aa905a76ea78fc8ed (diff)
TLS documentation bugfixes Fixes: #888
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt17
-rw-r--r--doc/doc-txt/ChangeLog4
2 files changed, 13 insertions, 8 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index f90427020..62a07ad75 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.62 2009/10/26 13:10:23 nm4 Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.63 2009/10/26 13:14:23 nm4 Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -24454,13 +24454,10 @@ unencrypted.
The &%tls_certificate%& and &%tls_privatekey%& options of the &(smtp)&
transport provide the client with a certificate, which is passed to the server
if it requests it. If the server is Exim, it will request a certificate only if
-&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. &*Note*&:
-These options must be set in the &(smtp)& transport for Exim to use TLS when it
-is operating as a client. Exim does not assume that a server certificate (set
-by the global options of the same name) should also be used when operating as a
-client.
+&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
-If &%tls_verify_certificates%& is set, it must name a file or,
+If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
+must name a file or,
for OpenSSL only (not GnuTLS), a directory, that contains a collection of
expected server certificates. The client verifies the server's certificate
against this collection, taking into account any revoked certificates that are
@@ -24472,6 +24469,12 @@ list of permitted cipher suites. If either of these checks fails, delivery to
the current host is abandoned, and the &(smtp)& transport tries to deliver to
alternative hosts, if any.
+ &*Note*&:
+These options must be set in the &(smtp)& transport for Exim to use TLS when it
+is operating as a client. Exim does not assume that a server certificate (set
+by the global options of the same name) should also be used when operating as a
+client.
+
.vindex "&$host$&"
.vindex "&$host_address$&"
All the TLS options in the &(smtp)& transport are expanded before use, with
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 95b20a230..38260c0a6 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.580 2009/10/26 13:10:23 nm4 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.581 2009/10/26 13:14:23 nm4 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -134,6 +134,8 @@ NM/28 Bugzilla 807: Improvements to LMTP delivery logging
NM/29 Bugzilla 862, 866, 875: Documentation bugfixes
+NM/30 Bugzilla 888: TLS documentation bugfixes
+
Exim version 4.69
-----------------