It is only useful as the argument of a
&%certextract%& expansion item, &%md5%&, &%sha1%& or &%sha256%& operator,
or a &%def%& condition.
+If certificate verification fails it may refer to a failing chain element
+which is not the leaf.
.vitem &$tls_out_ourcert$&
.vindex "&$tls_out_ourcert$&"
outbound connection. It is only useful as the argument of a
&%certextract%& expansion item, &%md5%&, &%sha1%& or &%sha256%& operator,
or a &%def%& condition.
+If certificate verification fails it may refer to a failing chain element
+which is not the leaf.
.vitem &$tls_in_certificate_verified$&
.vindex "&$tls_in_certificate_verified$&"
connection, and Exim is configured to request a certificate from the client,
the value of the Distinguished Name of the certificate is made available in the
&$tls_in_peerdn$& during subsequent processing.
+If certificate verification fails it may refer to a failing chain element
+which is not the leaf.
The deprecated &$tls_peerdn$& variable refers to the inbound side
except when used in the context of an outbound SMTP delivery, when it refers to
connection, and Exim is configured to request a certificate from the server,
the value of the Distinguished Name of the certificate is made available in the
&$tls_out_peerdn$& during subsequent processing.
+If certificate verification fails it may refer to a failing chain element
+which is not the leaf.
.vitem &$tls_in_sni$&
.vindex "&$tls_in_sni$&"
are options.
The supported option are:
.code
-variant=rspamd Use Rspamd rather than SpamAssassin protocol
+pri=<priority> Selection priority
+weight=<value> Selection bias
time=<start>-<end> Use only between these times of day
+retry=<timespec> Retry on connect fail
tmo=<timespec> Connection time limit
-weight=<value> Selection bias
-backup Use only if all non-backup servers fail
-retry=<timespec> Retry on connect fail
+variant=rspamd Use Rspamd rather than SpamAssassin protocol
.endd
+The &`pri`& option specifies a priority for the server within the list,
+higher values being tried first.
+The deafult priority is 1.
+
+The &`weight`& option specifies a selection bias.
+Within a priority set
+servers are queried in a random fashion, weighted by this value.
+The default value for selection bias is 1.
+
Time specifications for the &`time`& option are <hour>.<minute>.<second>
in the local time zone; each element being one or more digits.
Either the seconds or both minutes and seconds, plus the leading &`.`&
characters, may be omitted and will be taken as zero.
-Timeout specifications for the &`tmo`& and &`retry`& options
+Timeout specifications for the &`retry`& and &`tmo`& options
are the usual Exim time interval standard, eg. &`20s`& or &`1m`&.
The &`tmo`& option specifies an overall timeout for communication.
The &`retry`& option specifies a time after which a single retry for
a failed connect is made.
The default is to not retry.
-
-Servers are queried in a random fashion, weighted by the selection bias.
-The default value for selection bias is 1.
.wen
The &%spamd_address%& variable is expanded before use if it starts with