Add event for inbound cert visibility

[users/heiko/exim.git] / doc / doc-txt / experimental-spec.txt

diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 2d34de0f76d2e9a7c5c3f29e30ee90c2e8143070..faa64df68685d133acf8e2ea4999c8d7bda10dcd 100644 (file)
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -791,7 +791,7 @@ expansion is done.  The current list of events is:
  msg:fail:internal     after  main       per recipient
  tcp:connect           before transport  per connection
  tcp:close             after  transport  per connection
- tls:cert              before transport  per certificate in verification chain
+ tls:cert              before both       per certificate in verification chain
  smtp:connect          after  transport  per connection
 
 The expansion is called for all event types, and should use the $event_name
@@ -816,7 +816,7 @@ The following variables are likely to be useful depending on the event type:
        tls_out_peercert
        lookup_dnssec_authenticated, tls_out_dane
        sending_ip_address, sending_port
-       message_exim_id
+       message_exim_id, verify_mode
 
 
 An example might look like:
@@ -852,6 +852,10 @@ following will be forced:
 No other use is made of the result string.
 
 
+Known issues:
+- the tls:cert event is only called for the cert chain elements
+  received over the wire, with GnuTLS.  OpenSSL gives the entire
+  chain including thse loaded locally.
 
 
 Redis Lookup