diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-02 20:10:18 +0000 |
---|---|---|
committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2017-12-03 19:50:30 +0100 |
commit | 9a5562015d6bac81e5f25351e2e6728b83f287f7 (patch) | |
tree | 4e89984d82e1c9dab236a97c1454c9604db93e6f /doc | |
parent | e066e10220ab267cb88339789a67e28ec65b0e5b (diff) |
Docs: add notes on lack of multiple-OCSP-proof support
This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e3ac7f3b9..285849122 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17138,6 +17138,8 @@ separator in the usual way to avoid confusion under IPv6. &*Note*&: Under current versions of OpenSSL, when a list of more than one file is used, the &$tls_in_ourcert$& veriable is unreliable. + +&*Note*&: OCSP stapling is not usable when a list of more than one file is used. .wen If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then @@ -17279,6 +17281,11 @@ Certificate Authority. Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). +.new +&*Note*&: There is currently no support for multiple OCSP proofs to match the +multiple certificates facility. +.wen + .option tls_on_connect_ports main "string list" unset .cindex SSMTP |