From 7be682ca5ebd9571a01b762195b11c34cd231830 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Fri, 4 May 2012 04:39:01 -0700 Subject: TLS SNI support for OpenSSL ($tls_sni) --- doc/doc-docbook/spec.xfpt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'doc/doc-docbook') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 016f3f075..32e24ca80 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11888,6 +11888,24 @@ the value of the Distinguished Name of the certificate is made available in the value is retained during message delivery, except during outbound SMTP deliveries. +.new +.vitem &$tls_sni$& +.vindex "&$tls_sni$&" +.cindex "TLS" "Server Name Indication" +When a TLS session is being established, if the client sends the Server +Name Indication extension, the value will be placed in this variable. +If the variable appears in &%tls_certificate%& then this option and +&%tls_privatekey%& will be re-expanded early in the TLS session, to permit +a different certificate to be presented (and optionally a different key to be +used) to the client, based upon the value of the SNI extension. + +The value will be retained for the lifetime of the message, and not changed +during outbound SMTP. + +This is currently only available when using OpenSSL, built with support for +SNI. +.wen + .vitem &$tod_bsdinbox$& .vindex "&$tod_bsdinbox$&" The time of day and the date, in the format required for BSD-style mailbox -- cgit v1.2.3