New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X="
element.
- Variables $tls_{in,out}_resumption have bit 0-4 indicating respectively
+ Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively
support built, client requested ticket, client offered session,
server issued ticket, resume used. A suitable decode list is provided
in the builtin macro _RESUME_DECODE for ${listextract {}{}}.
Issues:
In a resumed session:
- $tls_{in,out}_{certificate_verified,{peer,our}cert} will be unset
- verify = certificate will be false
- $tls_{in,out}_cipher will have values different to the original
- $tls_{in,out}_bits (is unspecified)
- $tls_{in,out}_ocsp will be "not requested"
- $tls_{in,out}_peerdn will be unset
+ $tls_{in,out}_certificate_verified will be set, and verify = certificate
+ will be true, when verify failed but tls_try_verify_hosts allowed the
+ connection (under OpenSSL)
+ $tls_{in,out}_cipher will have values different to the original (under GnuTLS)
+ $tls_{in,out}_ocsp will be "not requested" or "no response"
--------------------------------------------------------------
git://git.exim.org / exim.git / blobdiff