diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-11-01 19:46:28 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-11-08 16:19:46 +0000 |
| commit | 23f3dc67a13f71bb8fdf2930052d3fdce85e9774 (patch) | |
| tree | 780d7e88f9c996c1889d25a7d228d3864d620a33 /doc | |
| parent | d658adda50d19b00d2242c0f9162ab510ecda799 (diff) | |
TLS: Default tls_advertise_hosts to "*". Bug 1709
Make the option available in non-TLS builds, and clear in testsuite
confs as needed to keep TLS and non-TLS testcase outputs the same.
An error is logged at startup if tls_advertise_hosts is nonempty
but tls_certificate is not set.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 9 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 9 |
2 files changed, 17 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index af57d9b85..101df6b90 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -16558,7 +16558,9 @@ runs. This is appropriate behaviour for obtaining wall-clock time on some, but unfortunately not all, operating systems. -.option tls_advertise_hosts main "host list&!!" unset +.new +.option tls_advertise_hosts main "host list&!!" * +.wen .cindex "TLS" "advertising" .cindex "encryption" "on SMTP connection" .cindex "SMTP" "encrypted connection" @@ -16566,6 +16568,11 @@ When Exim is built with support for TLS encrypted connections, the availability of the STARTTLS command to set up an encrypted session is advertised in response to EHLO only to those client hosts that match this option. See chapter &<<CHAPTLS>>& for details of Exim's support for TLS. +.new +Note that the default value requires that a certificate be supplied +using the &%tls_certificate%& option. If no certificate is available then +the &%tls_advertise_hosts%& option should be set empty. +.wen .option tls_certificate main string&!! unset diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 0468bf287..1096e89c8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -78,6 +78,15 @@ JH/16 Bug 1714: Permit an empty string as expansion result for transport JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts. +JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now + defaults to "*" (all hosts). The variable is now available when not built + with TLS, default unset, mainly to enable keeping the testuite sane. + If a server certificate is not supplied (via tls_certificate) an error is + logged, and clients will find TLS connections fail on startup. Presumably + they will retry in-clear. + Packagers of Exim are strongly encouraged to create a server certificate + at installation time. + Exim version 4.86 ----------------- |