From 610ff4388b33ddc2753c17eefb8b03e2fdd7e124 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 23 Nov 2014 17:01:14 +0000
Subject: Make smtp transport try server cert verify by default This is an exim
 client checking a server certificate.

---
 doc/doc-docbook/spec.xfpt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'doc/doc-docbook')

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7dfc4d623..b2b703b45 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23433,7 +23433,7 @@ unknown state), opens a new one to the same host, and then tries the delivery
 in clear.
 
 
-.option tls_try_verify_hosts smtp "host list&!!" unset
+.option tls_try_verify_hosts smtp "host list&!!" *
 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
 This option gives a list of hosts for which, on encrypted connections,
@@ -23489,6 +23489,7 @@ expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.
 
 For back-compatability,
 if neither tls_verify_hosts nor tls_try_verify_hosts are set
+(a single-colon empty list counts as being set)
 and certificate verification fails the TLS connection is closed.
 
 
-- 
cgit v1.2.3