X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/2c09c380e6ba3b1d694359e6ae2437d1a7a8ac81..ecf1e77accda6355ebb745a0a03e97ba7eb298b2:/doc/doc-docbook/spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 4f5c119f6..77784969a 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -10171,9 +10171,9 @@ You can use &`fail`& instead of {<&'string3'&>} as in a string extract.
 
 
 .new
-.vitem &*${listquote{*&<&'separator'&>&*}{*&<&'string'&>&*}}*"
-.citem quoting "for list"
-.citem list quoting
+.vitem &*${listquote{*&<&'separator'&>&*}{*&<&'string'&>&*}}*&
+.cindex quoting "for list"
+.cindex list quoting
 This item doubles any occurrence of the separator character
 in the given string.
 An empty string is replaced with a single space.
@@ -29218,8 +29218,14 @@ certificate verification to the listed servers.  Verification either must
 or need not succeed respectively.
 
 The &%tls_verify_cert_hostnames%& option lists hosts for which additional
-checks are made: that the host name (the one in the DNS A record)
-is valid for the certificate.
+name checks are made on the server certificate.
+.new
+The match against this list is, as per other Exim usage, the
+IP for the host.  That is most closely associated with the
+name on the DNS A (or AAAA) record for the host.
+However, the name that needs to be in the certificate
+is the one at the head of any CNAME chain leading to the A record.
+.wen
 The option defaults to always checking.
 
 The &(smtp)& transport has two OCSP-related options: