git://git.exim.org
/
users
/
heiko
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
467c84b
)
Docs: add note on unusablility of must-staple certs by clients. Bug 2350
author
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 15 Jul 2019 09:53:35 +0000
(10:53 +0100)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 15 Jul 2019 09:53:35 +0000
(10:53 +0100)
doc/doc-docbook/spec.xfpt
patch
|
blob
|
history
diff --git
a/doc/doc-docbook/spec.xfpt
b/doc/doc-docbook/spec.xfpt
index 5463cc1a52b8529389630f138da74b1bfc7bdde8..37ada7514fb783d15f9c219176f624210b20adfe 100644
(file)
--- a/
doc/doc-docbook/spec.xfpt
+++ b/
doc/doc-docbook/spec.xfpt
@@
-28478,6
+28478,13
@@
transport provide the client with a certificate, which is passed to the server
if it requests it. If the server is Exim, it will request a certificate only if
&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
if it requests it. If the server is Exim, it will request a certificate only if
&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client.
+.new
+Do not use a certificate which has the OCSP-must-staple extension,
+for client use (they are usable for server use).
+As TLS has no means for the client to staple before TLS 1.3 it will result
+in failed connections.
+.wen
+
If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
specifies a collection of expected server certificates.
These may be
If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it
specifies a collection of expected server certificates.
These may be