Docs: fix description of SNI-under-DANE. Bug 2265

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7f96768f7cde6d92b137daf4ce00268ce6483add..f7cc50534b2cbbec6c086f6f5ad1c7c311ef0551 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -29861,8 +29861,10 @@ nothing more to it.  Choosing a sensible value not derived insecurely is the
 only point of caution.  The &$tls_out_sni$& variable will be set to this string
 for the lifetime of the client connection (including during authentication).
 
+.new
 If DANE validated the connection attempt then the value of the &%tls_sni%& option
-is forced to the domain part of the recipient address.
+is forced to the name of the destination host, after any MX- or CNAME-folowing.
+.wen
 
 Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string
 received from a client.

diff --git a/test/scripts/5800-DANE/5801 b/test/scripts/5800-DANE/5801
index c486dfa3f760958ebf1f3e00ac9f18d42eed2993..75da101cdcfea8b839cdece20a5d4c123f9f7d92 100644 (file)
--- a/test/scripts/5800-DANE/5801
+++ b/test/scripts/5800-DANE/5801
@@ -20,6 +20,7 @@ exim -q
 ****
 #
 # Two DANE messages from queue, two-pass queue-run
+# These go to the same host (A-record name), so can share a connection
 exim -odq t20@mxdane512ee.test.ex
 ****
 exim -odq t21@mxdane512ee1.test.ex