.display
&`version `&
&`serial_number `&
-&`subject `&
-&`issuer `&
+&`subject `& RFC4514 DN
+&`issuer `& RFC4514 DN
&`notbefore `&
&`notafter `&
&`sig_algorithm `&
which is one of "dns", "uri" or "mail";
if so the elenment tags are omitted.
+The field selectors marked as "RFC4514" above
+output a Distinguished Name string which is
+not quite
+parseable by Exim as a comma-separated tagged list
+(the exceptions being elements containin commas).
+
Field values are generally presented in human-readable form.
.wen
This option gives a list of hosts for which, on encrypted connections,
certificate verification will be tried but need not succeed.
The &%tls_verify_certificates%& option must also be set.
+Note that unless the host is in this list
+TLS connections will be denied to hosts using self-signed certificates
+when &%tls_verify_certificates%& is set.
+The &$tls_out_certificate_verified$& variable is set when
+certificate verification succeeds.
.option tls_verify_certificates smtp string&!! unset