Compiler quietening

[users/heiko/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8b1a17b26f91fc2339bde898e3c56b403180817c..fe77cb8d237e4976631f14f807c33bc39e944b12 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -11932,10 +11932,7 @@ on which interface and/or port is being used for the incoming connection. The
 values of &$received_ip_address$& and &$received_port$& are saved with any
 messages that are received, thus making these variables available at delivery
 time.
 values of &$received_ip_address$& and &$received_port$& are saved with any
 messages that are received, thus making these variables available at delivery
 time.

-
-&*Note:*& There are no equivalent variables for outgoing connections, because
-the values are unknown (unless they are explicitly set by options of the
-&(smtp)& transport).
+For outbound connections see &$sending_ip_address$&.

 
 .vitem &$received_port$&
 .vindex "&$received_port$&"
 
 .vitem &$received_port$&
 .vindex "&$received_port$&"


@@ -16505,12 +16502,17 @@ directory containing certificate files.
 For earlier versions of GnuTLS
 the option must be set to the name of a single file.
 
 For earlier versions of GnuTLS
 the option must be set to the name of a single file.
 

+With OpenSSL the certificates specified
+explicitly
+either by file or directory
+are added to those given by the system default location.
+

 These certificates should be for the certificate authorities trusted, rather
 than the public cert of individual clients.  With both OpenSSL and GnuTLS, if
 the value is a file then the certificates are sent by Exim as a server to
 connecting clients, defining the list of accepted certificate authorities.
 Thus the values defined should be considered public data.  To avoid this,
 These certificates should be for the certificate authorities trusted, rather
 than the public cert of individual clients.  With both OpenSSL and GnuTLS, if
 the value is a file then the certificates are sent by Exim as a server to
 connecting clients, defining the list of accepted certificate authorities.
 Thus the values defined should be considered public data.  To avoid this,

-use OpenSSL with a directory.
+use the explicit directory version.

 
 See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
 
 
 See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
 


@@ -23431,7 +23433,7 @@ unknown state), opens a new one to the same host, and then tries the delivery
 in clear.
 
 
 in clear.
 
 

-.option tls_try_verify_hosts smtp "host list&!! unset
+.option tls_try_verify_hosts smtp "host list&!!" unset

 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
 This option gives a list of hosts for which, on encrypted connections,
 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
 This option gives a list of hosts for which, on encrypted connections,


@@ -23439,7 +23441,7 @@ certificate verification will be tried but need not succeed.
 The &%tls_verify_certificates%& option must also be set.
 Note that unless the host is in this list
 TLS connections will be denied to hosts using self-signed certificates
 The &%tls_verify_certificates%& option must also be set.
 Note that unless the host is in this list
 TLS connections will be denied to hosts using self-signed certificates

-when &%tls_verify_certificates%& is set.
+when &%tls_verify_certificates%& is matched.

 The &$tls_out_certificate_verified$& variable is set when
 certificate verification succeeds.
 
 The &$tls_out_certificate_verified$& variable is set when
 certificate verification succeeds.
 


@@ -23458,6 +23460,12 @@ you can set
 files.
 For earlier versions of GnuTLS the option must be set to the name of a
 single file.
 files.
 For earlier versions of GnuTLS the option must be set to the name of a
 single file.

+
+With OpenSSL the certificates specified
+explicitly
+either by file or directory
+are added to those given by the system default location.
+

 The values of &$host$& and
 &$host_address$& are set to the name and address of the server during the
 expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.
 The values of &$host$& and
 &$host_address$& are set to the name and address of the server during the
 expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.


@@ -23467,7 +23475,7 @@ if neither tls_verify_hosts nor tls_try_verify_hosts are set
 and certificate verification fails the TLS connection is closed.
 
 
 and certificate verification fails the TLS connection is closed.
 
 

-.option tls_verify_hosts smtp "host list&!! unset
+.option tls_verify_hosts smtp "host list&!!" unset

 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
 This option gives a list of hosts for which. on encrypted connections,
 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
 This option gives a list of hosts for which. on encrypted connections,


@@ -26565,7 +26573,7 @@ during TLS session handshake, to permit alternative values to be chosen:
 &%tls_verify_certificates%&
 .next
 .vindex "&%tls_ocsp_file%&"
 &%tls_verify_certificates%&
 .next
 .vindex "&%tls_ocsp_file%&"

-&%tls_verify_certificates%&
+&%tls_ocsp_file%&

 .endlist
 
 Great care should be taken to deal with matters of case, various injection
 .endlist
 
 Great care should be taken to deal with matters of case, various injection