summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2017-12-02 20:10:18 +0000
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2017-12-03 19:50:30 +0100
commit9a5562015d6bac81e5f25351e2e6728b83f287f7 (patch)
tree4e89984d82e1c9dab236a97c1454c9604db93e6f /doc
parente066e10220ab267cb88339789a67e28ec65b0e5b (diff)
Docs: add notes on lack of multiple-OCSP-proof support
This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt7
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e3ac7f3b9..285849122 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17138,6 +17138,8 @@ separator in the usual way to avoid confusion under IPv6.
&*Note*&: Under current versions of OpenSSL, when a list of more than one
file is used, the &$tls_in_ourcert$& veriable is unreliable.
+
+&*Note*&: OCSP stapling is not usable when a list of more than one file is used.
.wen
If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then
@@ -17279,6 +17281,11 @@ Certificate Authority.
Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later).
+.new
+&*Note*&: There is currently no support for multiple OCSP proofs to match the
+multiple certificates facility.
+.wen
+
.option tls_on_connect_ports main "string list" unset
.cindex SSMTP