X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/8c40856083f3a2e89350ab3aacfb95256fbadd9d..0700a3d658c48c2d8155fcdc643ab0cf18289194:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 89fb5841e..36634a602 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11259,6 +11259,17 @@ The building process for Exim keeps a count of the number of times it has been compiled. This serves to distinguish different compilations of the same version of the program. +.vitem &$config_dir$& +.vindex "&$config_dir$&" +The directory name of the main configuration file. That is, the content of +&$config_file$& with the last component stripped. The value does not +contain the trailing slash. If &$config_file$& does not contain a slash, +&$config_dir$& is ".". + +.vitem &$config_file$& +.vindex "&$config_file$&" +The name of the main configuration file Exim is using. + .vitem &$demime_errorlevel$& .vindex "&$demime_errorlevel$&" This variable is available when Exim is compiled with @@ -11366,6 +11377,13 @@ This variable contains the path to the Exim binary. .vindex "&$exim_uid$&" This variable contains the numerical value of the Exim user id. +.vitem &$exim_version$& +.vindex "&$exim_uid$&" +This variable contains the version string of the Exim build. +The first character is a major version number, currently 4. +Then after a dot, the next group of digits is a minor version number. +There may be other characters following the minor version. + .vitem &$found_extension$& .vindex "&$found_extension$&" This variable is available when Exim is compiled with the @@ -16494,7 +16512,7 @@ preference order of the available ciphers. Details are given in sections See &%tls_verify_hosts%& below. -.option tls_verify_certificates main string&!! unset +.option tls_verify_certificates main string&!! system .cindex "TLS" "client certificate verification" .cindex "certificate" "verification of client" The value of this option is expanded, and must then be either the @@ -16505,7 +16523,8 @@ match &%tls_verify_hosts%& or &%tls_try_verify_hosts%&. The "system" value for the option will use a system default location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20, +and will be taken as empty; an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -23445,7 +23464,7 @@ unknown state), opens a new one to the same host, and then tries the delivery in clear. -.option tls_try_verify_hosts smtp "host list&!!" unset +.option tls_try_verify_hosts smtp "host list&!!" * .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" This option gives a list of hosts for which, on encrypted connections, @@ -23471,7 +23490,7 @@ limited to being the initial component of a 3-or-more component FQDN. There is no equivalent checking on client certificates. -.option tls_verify_certificates smtp string&!! unset +.option tls_verify_certificates smtp string&!! system .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" .vindex "&$host$&" @@ -23483,7 +23502,8 @@ a file or directory containing permitted certificates for servers, for use when setting up an encrypted connection. The "system" value for the option will use a location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20; a value of "system" +is taken as empty and an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -23500,6 +23520,7 @@ expansion of this option. See chapter &<>& for details of TLS. For back-compatability, if neither tls_verify_hosts nor tls_try_verify_hosts are set +(a single-colon empty list counts as being set) and certificate verification fails the TLS connection is closed. @@ -26492,7 +26513,7 @@ if it requests it. If the server is Exim, it will request a certificate only if &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it -specified a collection of expected server certificates. +specifies a collection of expected server certificates. These may be the system default set (depeding on library version), a file or, depnding on liibrary version, a directory, @@ -34810,7 +34831,7 @@ selection marked by asterisks: &` smtp_protocol_error `& SMTP protocol errors &` smtp_syntax_error `& SMTP syntax errors &` subject `& contents of &'Subject:'& on <= lines -&` tls_certificate_verified `& certificate verification status +&`*tls_certificate_verified `& certificate verification status &`*tls_cipher `& TLS cipher suite on <= and => lines &` tls_peerdn `& TLS peer DN on <= and => lines &` tls_sni `& TLS SNI on <= lines