certextract tidying

[users/heiko/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e512f2b4acc8e8bdbe244290949921e08ebae848..17c69a7a56e51b4fe6691a5547c3a4157ce96776 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -8897,8 +8897,8 @@ the certificate.  Supported fields are:
 .display
 &`version        `&
 &`serial_number  `&
-&`subject        `&
-&`issuer         `&
+&`subject        `& RFC4514 DN
+&`issuer         `& RFC4514 DN
 &`notbefore      `&
 &`notafter       `&
 &`sig_algorithm  `&
@@ -8931,6 +8931,12 @@ Elements of only one type may be selected by a modifier
 which is one of "dns", "uri" or "mail";
 if so the elenment tags are omitted.
 
+The field selectors marked as "RFC4514" above
+output a Distinguished Name string which is
+not quite
+parseable by Exim as a comma-separated tagged list
+(the exceptions being elements containin commas).
+
 Field values are generally presented in human-readable form.
 .wen
 
@@ -23266,6 +23272,11 @@ in clear.
 This option gives a list of hosts for which, on encrypted connections,
 certificate verification will be tried but need not succeed.
 The &%tls_verify_certificates%& option must also be set.
+Note that unless the host is in this list
+TLS connections will be denied to hosts using self-signed certificates
+when &%tls_verify_certificates%& is set.
+The &$tls_out_certificate_verified$& variable is set when
+certificate verification succeeds.
 
 
 .option tls_verify_certificates smtp string&!! unset