The field name is expanded and used to retrive the relevant field from
the certificate. Supported fields are:
.display
-version
-serial_number
-subject
-issuer
-notbefore
-notafter
-signature_algorithm
-signature
-subject_altname
-ocsp_uri
-crl_uri
+&`version `&
+&`serial_number `&
+&`subject `&
+&`issuer `&
+&`notbefore `&
+&`notafter `&
+&`sig_algorithm `&
+&`signature `&
+&`subj_altname `& tagged list
+&`ocsp_uri `& list
+&`crl_uri `& list
.endd
If the field is found,
<&'string2'&> is expanded, and replaces the whole item;
key is not found. If {<&'string2'&>} is also omitted, the value that was
extracted is used.
-Field values are presented in human-readable form.
+Some field names take optional modifiers, appended and separated by commas.
+
+The field selectors marked as "list" above return a list,
+newline-separated by default,
+(embedded separator characters in elements are doubled).
+The separator may be changed by a modifier of
+a right angle-bracket followed immediately by the new separator.
+
+The field selectors marked as "tagged" above
+prefix each list element with a type string and an equals sign.
+Elements of only one type may be selected by a modifier
+which is one of "dns", "uri" or "mail";
+if so the elenment tags are omitted.
+
+Field values are generally presented in human-readable form.
.wen
.vitem "&*${dlfunc{*&<&'file'&>&*}{*&<&'function'&>&*}{*&<&'arg'&>&*}&&&
.vitem &*${md5:*&<&'string'&>&*}*&
.cindex "MD5 hash"
.cindex "expansion" "MD5 hash"
+.cindex "certificate fingerprint"
.cindex "&%md5%& expansion item"
The &%md5%& operator computes the MD5 hash value of the string, and returns it
as a 32-digit hexadecimal number, in which any letters are in lower case.
.vitem &*${sha1:*&<&'string'&>&*}*&
.cindex "SHA-1 hash"
.cindex "expansion" "SHA-1 hashing"
+.cindex "certificate fingerprint"
.cindex "&%sha2%& expansion item"
The &%sha1%& operator computes the SHA-1 hash value of the string, and returns
it as a 40-digit hexadecimal number, in which any letters are in upper case.
+.vitem &*${sha256:*&<&'certificate'&>&*}*&
+.cindex "SHA-256 hash"
+.cindex "certificate fingerprint"
+.cindex "expansion" "SHA-256 hashing"
+.cindex "&%sha256%& expansion item"
+The &%sha256%& operator computes the SHA-256 hash fingerprint of the
+certificate,
+and returns
+it as a 64-digit hexadecimal number, in which any letters are in upper case.
+Only arguments which are a single variable of certificate type are supported.
+
+
.vitem &*${stat:*&<&'string'&>&*}*&
.cindex "expansion" "statting a file"
.cindex "file" "extracting characteristics"
This variable refers to the certificate presented to the peer of an
inbound connection when the message was received.
It is only useful as the argument of a
-&%certextract%& expansion item or the name for a &%def%& expansion condition.
+&%certextract%& expansion item, &%md5%& or &%sha1%& operator,
+or a &%def%& condition.
.wen
.new
This variable refers to the certificate presented by the peer of an
inbound connection when the message was received.
It is only useful as the argument of a
-&%certextract%& expansion item or the name for a &%def%& expansion condition.
+&%certextract%& expansion item, &%md5%& or &%sha1%& operator,
+or a &%def%& condition.
.wen
.new
.vindex "&$tls_out_ourcert$&"
This variable refers to the certificate presented to the peer of an
outbound connection. It is only useful as the argument of a
-&%certextract%& expansion item or the name for a &%def%& expansion condition.
+&%certextract%& expansion item, &%md5%& or &%sha1%& operator,
+or a &%def%& condition.
.wen
.new
.vindex "&$tls_out_peercert$&"
This variable refers to the certificate presented by the peer of an
outbound connection. It is only useful as the argument of a
-&%certextract%& expansion item or the name for a &%def%& expansion condition.
+&%certextract%& expansion item, &%md5%& or &%sha1%& operator,
+or a &%def%& condition.
.wen
.vitem &$tls_in_certificate_verified$&
git://git.exim.org / exim.git / blobdiff