of times it has been compiled. This serves to distinguish different
compilations of the same version of the program.
+.vitem &$config_dir$&
+.vindex "&$config_dir$&"
+The directory name of the main configuration file. That is, the content of
+&$config_file$& with the last component stripped. The value does not
+contain the trailing slash. If &$config_file$& does not contain a slash,
+&$config_dir$& is ".".
+
+.vitem &$config_file$&
+.vindex "&$config_file$&"
+The name of the main configuration file Exim is using.
+
.vitem &$demime_errorlevel$&
.vindex "&$demime_errorlevel$&"
This variable is available when Exim is compiled with
.vindex "&$exim_uid$&"
This variable contains the numerical value of the Exim user id.
+.vitem &$exim_version$&
+.vindex "&$exim_uid$&"
+This variable contains the version string of the Exim build.
+The first character is a major version number, currently 4.
+Then after a dot, the next group of digits is a minor version number.
+There may be other characters following the minor version.
+
.vitem &$found_extension$&
.vindex "&$found_extension$&"
This variable is available when Exim is compiled with the
See &%tls_verify_hosts%& below.
-.option tls_verify_certificates main string&!! unset
+.option tls_verify_certificates main string&!! system
.cindex "TLS" "client certificate verification"
.cindex "certificate" "verification of client"
The value of this option is expanded, and must then be either the
The "system" value for the option will use a
system default location compiled into the SSL library.
-This is not available for GnuTLS versions preceding 3.0.20 and an explicit location
+This is not available for GnuTLS versions preceding 3.0.20,
+and will be taken as empty; an explicit location
must be specified.
The use of a directory for the option value is not avilable for GnuTLS versions
in clear.
-.option tls_try_verify_hosts smtp "host list&!!" unset
+.option tls_try_verify_hosts smtp "host list&!!" *
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
This option gives a list of hosts for which, on encrypted connections,
There is no equivalent checking on client certificates.
-.option tls_verify_certificates smtp string&!! unset
+.option tls_verify_certificates smtp string&!! system
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
.vindex "&$host$&"
for use when setting up an encrypted connection.
The "system" value for the option will use a location compiled into the SSL library.
-This is not available for GnuTLS versions preceding 3.0.20 and an explicit location
+This is not available for GnuTLS versions preceding 3.0.20; a value of "system"
+is taken as empty and an explicit location
must be specified.
The use of a directory for the option value is not avilable for GnuTLS versions
For back-compatability,
if neither tls_verify_hosts nor tls_try_verify_hosts are set
+(a single-colon empty list counts as being set)
and certificate verification fails the TLS connection is closed.
&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
-specified a collection of expected server certificates.
+specifies a collection of expected server certificates.
These may be the system default set (depeding on library version),
a file or,
depnding on liibrary version, a directory,
&` smtp_protocol_error `& SMTP protocol errors
&` smtp_syntax_error `& SMTP syntax errors
&` subject `& contents of &'Subject:'& on <= lines
-&` tls_certificate_verified `& certificate verification status
+&`*tls_certificate_verified `& certificate verification status
&`*tls_cipher `& TLS cipher suite on <= and => lines
&` tls_peerdn `& TLS peer DN on <= and => lines
&` tls_sni `& TLS SNI on <= lines
git://git.exim.org / users / heiko / exim.git / blobdiff