diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-23 16:58:06 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-01-12 18:58:34 +0000 |
commit | 0e0f3f562bf23cf035baf85cdd071d392751b676 (patch) | |
tree | 896c19fd04308b6365111c7f233e04f984007f96 /doc | |
parent | cb1d783072c488a4a558607b2ee122efba95aa4b (diff) |
Make "system" location for certificate CA bundle the default
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 12 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 2 |
2 files changed, 8 insertions, 6 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index dc7e4f75c..7dfc4d623 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -16478,7 +16478,7 @@ preference order of the available ciphers. Details are given in sections See &%tls_verify_hosts%& below. -.option tls_verify_certificates main string&!! unset +.option tls_verify_certificates main string&!! system .cindex "TLS" "client certificate verification" .cindex "certificate" "verification of client" The value of this option is expanded, and must then be either the @@ -16489,7 +16489,8 @@ match &%tls_verify_hosts%& or &%tls_try_verify_hosts%&. The "system" value for the option will use a system default location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20, +and will be taken as empty; an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -23458,7 +23459,7 @@ limited to being the initial component of a 3-or-more component FQDN. There is no equivalent checking on client certificates. -.option tls_verify_certificates smtp string&!! unset +.option tls_verify_certificates smtp string&!! system .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" .vindex "&$host$&" @@ -23470,7 +23471,8 @@ a file or directory containing permitted certificates for servers, for use when setting up an encrypted connection. The "system" value for the option will use a location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20; a value of "system" +is taken as empty and an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -26479,7 +26481,7 @@ if it requests it. If the server is Exim, it will request a certificate only if &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it -specified a collection of expected server certificates. +specifies a collection of expected server certificates. These may be the system default set (depeding on library version), a file or, depnding on liibrary version, a directory, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f2954b945..76d18a87c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -18,7 +18,7 @@ JH/04 Certificate name checking on server certificates, when exim is a client, EXPERIMENTAL_CERTNAMES is withdrawn. JH/05 The value of the tls_verify_certificates smtp transport and main options - can now be the word "system" to access the system default CA bundle. + default to the word "system" to access the system default CA bundle. For GnuTLS, only version 3.0.20 or later. |