From 3faae4c075bd1054f3e199051f146d886c8abf0f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 13 May 2014 15:38:14 +0100 Subject: [PATCH] Add doc notes on verifying self-signing hosts --- doc/doc-docbook/spec.xfpt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e512f2b4a..03ec8980c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23266,6 +23266,11 @@ in clear. This option gives a list of hosts for which, on encrypted connections, certificate verification will be tried but need not succeed. The &%tls_verify_certificates%& option must also be set. +Note that unless the host is in this list +TLS connections will be denied to hosts using self-signed certificates +when &%tls_verify_certificates%& is set. +The &$tls_out_certificate_verified$& variable is set when +certificate verification succeeds. .option tls_verify_certificates smtp string&!! unset -- 2.30.2