Docs: Mention issues with TLS client cert and Exim <= 4.85

author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Sat, 10 Oct 2020 16:56:50 +0000 (18:56 +0200)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Sun, 11 Oct 2020 09:10:55 +0000 (11:10 +0200)
author Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Sat, 10 Oct 2020 16:56:50 +0000 (18:56 +0200)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Sun, 11 Oct 2020 09:10:55 +0000 (11:10 +0200)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index 74c9b083c4a28685c7cb57114f4b2013958eff83..c865e111bb125bde2427c2013964efa5a4a35e30 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -18489,7 +18489,9 @@ than the public cert of individual clients.  With both OpenSSL and GnuTLS, if
  the value is a file then the certificates are sent by Exim as a server to
  connecting clients, defining the list of accepted certificate authorities.
  Thus the values defined should be considered public data.  To avoid this,
-use the explicit directory version.
+use the explicit directory version. (If your peer is Exim up to 4.85,
+using GnuTLS, you may need to send the CAs (thus using the file
+variant). Otherwise the peer doesn't send its certificate.)
  
  See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Sat, 10 Oct 2020 16:56:50 +0000 (18:56 +0200)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Sun, 11 Oct 2020 09:10:55 +0000 (11:10 +0200)