If built with EXPERIMENTAL_CERTNAMES defined, code is
included to do so for server certificates, and a new smtp transport option
-"tls_verify_cert_hostname" supported which takes a list of
-names for which the checks must be made. The host must
-also be in "tls_verify_hosts".
+"tls_verify_cert_hostnames" supported which takes a list of
+names for which the additional checks must be made.
+The option currently defaults to empty, but this may change in
+the future. "*" is probably a suitable value.
+Whether certificate verification is done at all, and the result of
+it failing, is stll under the control of "tls_verify_hosts" nad
+"tls_try_verify_hosts".
Both Subject and Subject-Alternate-Name certificate fields
are supported, as are wildcard certificates (limited to
git://git.exim.org / exim.git / blobdiff