diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 3 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7dfc4d623..b2b703b45 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23433,7 +23433,7 @@ unknown state), opens a new one to the same host, and then tries the delivery in clear. -.option tls_try_verify_hosts smtp "host list&!!" unset +.option tls_try_verify_hosts smtp "host list&!!" * .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" This option gives a list of hosts for which, on encrypted connections, @@ -23489,6 +23489,7 @@ expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS. For back-compatability, if neither tls_verify_hosts nor tls_try_verify_hosts are set +(a single-colon empty list counts as being set) and certificate verification fails the TLS connection is closed. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 76d18a87c..ab5507808 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -21,6 +21,9 @@ JH/05 The value of the tls_verify_certificates smtp transport and main options default to the word "system" to access the system default CA bundle. For GnuTLS, only version 3.0.20 or later. +JH/06 Verification of the server certificate for a TLS connection is now tried + (but not required) by default. + Exim version 4.85 ----------------- |