diff options
author | Nigel Metheringham <nigel@exim.org> | 2009-10-26 13:14:23 +0000 |
---|---|---|
committer | Nigel Metheringham <nigel@exim.org> | 2009-10-26 13:14:23 +0000 |
commit | 07af267efb085ad25e9ec81eb4c6b11364acdcd1 (patch) | |
tree | 650333bce4c50081b12225822681113cb5e40870 /doc | |
parent | 400eda432747c1844509404aa905a76ea78fc8ed (diff) |
TLS documentation bugfixes Fixes: #888
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 17 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 4 |
2 files changed, 13 insertions, 8 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f90427020..62a07ad75 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,4 +1,4 @@ -. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.62 2009/10/26 13:10:23 nm4 Exp $ +. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.63 2009/10/26 13:14:23 nm4 Exp $ . . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is @@ -24454,13 +24454,10 @@ unencrypted. The &%tls_certificate%& and &%tls_privatekey%& options of the &(smtp)& transport provide the client with a certificate, which is passed to the server if it requests it. If the server is Exim, it will request a certificate only if -&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. &*Note*&: -These options must be set in the &(smtp)& transport for Exim to use TLS when it -is operating as a client. Exim does not assume that a server certificate (set -by the global options of the same name) should also be used when operating as a -client. +&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. -If &%tls_verify_certificates%& is set, it must name a file or, +If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it +must name a file or, for OpenSSL only (not GnuTLS), a directory, that contains a collection of expected server certificates. The client verifies the server's certificate against this collection, taking into account any revoked certificates that are @@ -24472,6 +24469,12 @@ list of permitted cipher suites. If either of these checks fails, delivery to the current host is abandoned, and the &(smtp)& transport tries to deliver to alternative hosts, if any. + &*Note*&: +These options must be set in the &(smtp)& transport for Exim to use TLS when it +is operating as a client. Exim does not assume that a server certificate (set +by the global options of the same name) should also be used when operating as a +client. + .vindex "&$host$&" .vindex "&$host_address$&" All the TLS options in the &(smtp)& transport are expanded before use, with diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 95b20a230..38260c0a6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.580 2009/10/26 13:10:23 nm4 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.581 2009/10/26 13:14:23 nm4 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -134,6 +134,8 @@ NM/28 Bugzilla 807: Improvements to LMTP delivery logging NM/29 Bugzilla 862, 866, 875: Documentation bugfixes +NM/30 Bugzilla 888: TLS documentation bugfixes + Exim version 4.69 ----------------- |