diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-11-23 17:01:14 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-01-12 18:58:34 +0000 |
| commit | 610ff4388b33ddc2753c17eefb8b03e2fdd7e124 (patch) | |
| tree | 7c93cbe25d6091208059e9d3999f1299c6ccfeb6 /doc | |
| parent | 0e0f3f562bf23cf035baf85cdd071d392751b676 (diff) | |
Make smtp transport try server cert verify by default
This is an exim client checking a server certificate.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 3 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7dfc4d623..b2b703b45 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23433,7 +23433,7 @@ unknown state), opens a new one to the same host, and then tries the delivery in clear. -.option tls_try_verify_hosts smtp "host list&!!" unset +.option tls_try_verify_hosts smtp "host list&!!" * .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" This option gives a list of hosts for which, on encrypted connections, @@ -23489,6 +23489,7 @@ expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS. For back-compatability, if neither tls_verify_hosts nor tls_try_verify_hosts are set +(a single-colon empty list counts as being set) and certificate verification fails the TLS connection is closed. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 76d18a87c..ab5507808 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -21,6 +21,9 @@ JH/05 The value of the tls_verify_certificates smtp transport and main options default to the word "system" to access the system default CA bundle. For GnuTLS, only version 3.0.20 or later. +JH/06 Verification of the server certificate for a TLS connection is now tried + (but not required) by default. + Exim version 4.85 ----------------- |