From 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 11 Jun 2020 20:21:38 +0100
Subject: TLS: use RFC 6125 rules for certifucate name checks when CNAMES are
 present. Bug 2594

---
 doc/doc-txt/ChangeLog | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'doc/doc-txt')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6c8349df4..425264191 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -30,6 +30,11 @@ JH/05 Bug 2593: Fix "vacation" in Exim filter.  Previously, when a "once"
       path, an error occurred on trying to open it.  Use the transport's working
       directory.
 
+JH/06 Bug 2594: Change the name used for certificate name checks in the smtp
+      transport.  Previously it was the name on the DNS A-record; use instead
+      the head of the CNAME chain leading there (if there is one).  This seems
+      to align better with RFC 6125.
+
 
 Exim version 4.94
 -----------------
@@ -335,7 +340,7 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
 
 JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
       A single TCP connection by a client will now hold a TLS connection open
-      for multiple message deliveries, by default.  Previoud the default was to
+      for multiple message deliveries, by default.  Previously the default was to
       not do so.
 
 JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
-- 
cgit v1.2.3