Add doc notes on verifying self-signing hosts

author Jeremy Harris <jgh146exb@wizmail.org>

Tue, 13 May 2014 14:38:14 +0000 (15:38 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Tue, 13 May 2014 15:56:57 +0000 (16:56 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Tue, 13 May 2014 14:38:14 +0000 (15:38 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Tue, 13 May 2014 15:56:57 +0000 (16:56 +0100)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index e512f2b4acc8e8bdbe244290949921e08ebae848..03ec8980c59e5e31ee99813f78a42e4a4f6b807d 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23266,6 +23266,11 @@ in clear.
  This option gives a list of hosts for which, on encrypted connections,
  certificate verification will be tried but need not succeed.
  The &%tls_verify_certificates%& option must also be set.
+Note that unless the host is in this list
+TLS connections will be denied to hosts using self-signed certificates
+when &%tls_verify_certificates%& is set.
+The &$tls_out_certificate_verified$& variable is set when
+certificate verification succeeds.
  
  
  .option tls_verify_certificates smtp string&!! unset
author	Jeremy Harris <jgh146exb@wizmail.org>
	Tue, 13 May 2014 14:38:14 +0000 (15:38 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Tue, 13 May 2014 15:56:57 +0000 (16:56 +0100)