If built with EXPERIMENTAL_CERTNAMES defined, code is
included to do so for server certificates, and a new smtp transport option
If built with EXPERIMENTAL_CERTNAMES defined, code is
included to do so for server certificates, and a new smtp transport option
-"tls_verify_cert_hostnames" supported which takes a list of
-names for which the additional checks must be made.
+"tls_verify_cert_hostnames" supported which takes a hostlist
+which must match the target host for the additional checks must be made.
The option currently defaults to empty, but this may change in
the future. "*" is probably a suitable value.
Whether certificate verification is done at all, and the result of
it failing, is stll under the control of "tls_verify_hosts" nad
"tls_try_verify_hosts".
The option currently defaults to empty, but this may change in
the future. "*" is probably a suitable value.
Whether certificate verification is done at all, and the result of
it failing, is stll under the control of "tls_verify_hosts" nad
"tls_try_verify_hosts".
Both Subject and Subject-Alternate-Name certificate fields
are supported, as are wildcard certificates (limited to
a single wildcard being the initial component of a 3-or-more
Both Subject and Subject-Alternate-Name certificate fields
are supported, as are wildcard certificates (limited to
a single wildcard being the initial component of a 3-or-more
The equivalent check on the server for client certificates is not
implemented. At least one major email provider is using a client
certificate which fails this check. They do not retry either without
The equivalent check on the server for client certificates is not
implemented. At least one major email provider is using a client
certificate which fails this check. They do not retry either without