2 files changed, 10 insertions, 3 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index b389a7deb..997a459c8 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -59,6 +59,9 @@ JH/08 Rename the TPDA expermimental facility to Event Actions.  The #ifdef
       raised for inbound connections, if the main configuration event_action
       option is defined.
 
+TL/06 In test suite, disable OCSP for old versions of openssl which contained
+      early OCSP support, but no stapling (appears to be less than 1.0.0).
+
 JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
       server certificate names available under the smtp transport option
       "tls_verify_cert_hostname" now do not permit multi-component wildcard
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 8192f3d76..266e19891 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1154,9 +1154,13 @@ support to date has not made these checks.
 
 If built with EXPERIMENTAL_CERTNAMES defined, code is
 included to do so for server certificates, and a new smtp transport option
-"tls_verify_cert_hostname" supported which takes a list of
-names for which the checks must be made.  The host must
-also be in "tls_verify_hosts".
+"tls_verify_cert_hostnames" supported which takes a list of
+names for which the additional checks must be made.
+The option currently defaults to empty, but this may change in
+the future.  "*" is probably a suitable value.
+Whether certificate verification is done at all, and the result of
+it failing, is stll under the control of "tls_verify_hosts" nad
+"tls_try_verify_hosts".
 
 Both Subject and Subject-Alternate-Name certificate fields
 are supported, as are wildcard certificates (limited to