diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-02-14 18:48:47 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-02-14 19:48:14 +0000 |
commit | f69979cfecf29a4910b5750cad41d21a5418c6c7 (patch) | |
tree | 7698c5e78d80ec6d5a1497b67176095560e67304 /doc | |
parent | 6a91042821c706b631961bf510c6b209b9a650fb (diff) |
OpenSSL: Capture peercert/dn in mainline not verify-callback. Bug 1571
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 8 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d1e6571d9..a112ec7e9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12451,6 +12451,8 @@ inbound connection when the message was received. It is only useful as the argument of a &%certextract%& expansion item, &%md5%&, &%sha1%& or &%sha256%& operator, or a &%def%& condition. +If certificate verification fails it may refer to a failing chain element +which is not the leaf. .vitem &$tls_out_ourcert$& .vindex "&$tls_out_ourcert$&" @@ -12465,6 +12467,8 @@ This variable refers to the certificate presented by the peer of an outbound connection. It is only useful as the argument of a &%certextract%& expansion item, &%md5%&, &%sha1%& or &%sha256%& operator, or a &%def%& condition. +If certificate verification fails it may refer to a failing chain element +which is not the leaf. .vitem &$tls_in_certificate_verified$& .vindex "&$tls_in_certificate_verified$&" @@ -12528,6 +12532,8 @@ When a message is received from a remote host over an encrypted SMTP connection, and Exim is configured to request a certificate from the client, the value of the Distinguished Name of the certificate is made available in the &$tls_in_peerdn$& during subsequent processing. +If certificate verification fails it may refer to a failing chain element +which is not the leaf. The deprecated &$tls_peerdn$& variable refers to the inbound side except when used in the context of an outbound SMTP delivery, when it refers to @@ -12539,6 +12545,8 @@ When a message is being delivered to a remote host over an encrypted SMTP connection, and Exim is configured to request a certificate from the server, the value of the Distinguished Name of the certificate is made available in the &$tls_out_peerdn$& during subsequent processing. +If certificate verification fails it may refer to a failing chain element +which is not the leaf. .vitem &$tls_in_sni$& .vindex "&$tls_in_sni$&" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c2959d32c..0548674f2 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -70,6 +70,9 @@ JH/18 Bug 1581: Router and transport options headers_add/remove can JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry option values. +JH/20 BUG 1571: Ensure that $tls_in_peerdn is set, when verification fails + under OpenSSL. + Exim version 4.85 |