X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/2c09c380e6ba3b1d694359e6ae2437d1a7a8ac81..3fe5ec41e81831028c992f77a15292872fbbac75:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4f5c119f6..77784969a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -10171,9 +10171,9 @@ You can use &`fail`& instead of {<&'string3'&>} as in a string extract. .new -.vitem &*${listquote{*&<&'separator'&>&*}{*&<&'string'&>&*}}*" -.citem quoting "for list" -.citem list quoting +.vitem &*${listquote{*&<&'separator'&>&*}{*&<&'string'&>&*}}*& +.cindex quoting "for list" +.cindex list quoting This item doubles any occurrence of the separator character in the given string. An empty string is replaced with a single space. @@ -29218,8 +29218,14 @@ certificate verification to the listed servers. Verification either must or need not succeed respectively. The &%tls_verify_cert_hostnames%& option lists hosts for which additional -checks are made: that the host name (the one in the DNS A record) -is valid for the certificate. +name checks are made on the server certificate. +.new +The match against this list is, as per other Exim usage, the +IP for the host. That is most closely associated with the +name on the DNS A (or AAAA) record for the host. +However, the name that needs to be in the certificate +is the one at the head of any CNAME chain leading to the A record. +.wen The option defaults to always checking. The &(smtp)& transport has two OCSP-related options: